Timeline

May 14, 2015:

10:09 PM Changeset in webkit [184373] by Alan Bujtas

• 3 edits
  4 adds in trunk

Images on www.fitstylelife.com jiggle on hover.
​https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

• rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

• compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
• compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
• compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
• compositing/parent-clipping-layer-on-subpixel-position.html: Added.

10:07 PM Changeset in webkit [184372] by Chris Dumez

• 6 edits in trunk/Source/WebCore

Have DOMWindow::createWindow() take references to frames
​https://bugs.webkit.org/show_bug.cgi?id=145037

Reviewed by Gyuyoung Kim.

Have DOMWindow::createWindow() take references to frames instead of
pointers as they are expected to be non-null. Also return a RefPtr
instead of a PassRefPtr.

• inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

• loader/FrameLoader.cpp:

(WebCore::createWindow):

• loader/FrameLoader.h:
• page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):

• page/DOMWindow.h:

9:43 PM Changeset in webkit [184371] by Simon Fraser

• 5 edits
  2 adds in trunk

REGRESSION (r183794): Garbage tiles when body background switches to fixed
​https://bugs.webkit.org/show_bug.cgi?id=145032
rdar://problem/20963679

Reviewed by Dean Jackson.

Source/WebCore:

After r183794 (or possibly an earlier commit), we failed to dynamically update
the configuration of layers that handled fixed background attachment on the root.

This would result in unpainted tiles, and non-fixed-background behavior.

Fix by calling RenderLayerCompositor::rootOrBodyStyleChanged() whenever the
style changes on the root or body renderers, and triggering a compositing update
if the fixedness of the background changes. It calls the existing rootBackgroundTransparencyChanged()
if the color changes.

Test: platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html

• rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
(WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged):

• rendering/RenderLayerCompositor.h:

LayoutTests:

Test that toggles the attachment of the body background to fixed, then dumps layers.

• platform/mac-wk2/tiled-drawing/toggle-to-fixed-background-expected.txt: Added.
• platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html: Added.

9:39 PM Changeset in webkit [184370] by beidson@apple.com

• 17 edits in trunk/Source/WebKit2

Rename connectionDidClose and related methods to be more clear.
​https://bugs.webkit.org/show_bug.cgi?id=145030

Reviewed by Darin Adler.

These methods were easy to confuse with "Connection::Client::didClose()", yet they
were about something much more explicit: A child process being shut down by the UI Process.

Let's call them as such.

• Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess):
(WebKit::ChildProcessProxy::clearConnection): Deleted.
(WebKit::ChildProcessProxy::connectionDidClose): Deleted.

• Shared/ChildProcessProxy.h:

• UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::processWillShutDown):

• UIProcess/Databases/DatabaseProcessProxy.h:

• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::processWillShutDown):

• UIProcess/Network/NetworkProcessProxy.h:

• UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::processWillShutDown):

• UIProcess/Plugins/PluginProcessProxy.h:

• UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::webProcessWillShutDown):
(WebKit::WebFrameProxy::disconnect): Deleted.

• UIProcess/WebFrameProxy.h:

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::webProcessWillShutDown):
(WebKit::WebPageProxy::connectionDidClose): Deleted.

• UIProcess/WebPageProxy.h:

• UIProcess/WebProcessLifetimeTracker.cpp:

(WebKit::WebProcessLifetimeTracker::webProcessWillShutDown):
(WebKit::WebProcessLifetimeTracker::connectionDidClose): Deleted.

• UIProcess/WebProcessLifetimeTracker.h:

• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::didClose):
(WebKit::WebProcessProxy::disconnectFramesFromPage):
(WebKit::WebProcessProxy::shouldTerminate):
(WebKit::WebProcessProxy::requestTermination):
(WebKit::WebProcessProxy::connectionDidClose): Deleted.
(WebKit::WebProcessProxy::disconnect): Deleted.

• UIProcess/WebProcessProxy.h:

9:36 PM Changeset in webkit [184369] by mitz@apple.com

• 2 edits in trunk/Source/WTF

Reverted r177753, now that <rdar://problem/19347133> is fixed.

Rubber-stamped by Benjamin Poulain.

• wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

9:14 PM Changeset in webkit [184368] by fpizlo@apple.com

• 15 edits in trunk/Source/JavaScriptCore

Remove StoreBarrierWithNullCheck, nobody ever generates this.

Rubber stamped by Benjamin Poulain and Michael Saboff.

If we did bring something like this back in the future, we would just use UntypedUse instead
of CellUse to indicate that this is what we want.

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGNode.h:

(JSC::DFG::Node::isStoreBarrier):

• dfg/DFGNodeType.h:
• dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

• dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

• dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStoreBarrier):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck): Deleted.

8:51 PM Changeset in webkit [184367] by fpizlo@apple.com

• 7 edits in trunk/Source/JavaScriptCore

PutGlobalVar should reference the global object it's storing into
​https://bugs.webkit.org/show_bug.cgi?id=145036

Reviewed by Michael Saboff.

This makes it easier to reason about store barrier insertion and elimination. This changes
the format of PutGlobalVar so that child1 is the global object and child2 is the value.
Previously it just had child1, and that was the value.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):

8:28 PM Changeset in webkit [184366] by commit-queue@webkit.org

• 8 edits in trunk/Source/WebCore

Unreviewed, rolling out r184359 and r184362.
​https://bugs.webkit.org/show_bug.cgi?id=145035

Introduced a crash in six media element tests (Requested by
rniwa on #webkit).

Reverted changesets:

"[MediaControls] Refactor media controls & bring improvements
made to iOS controls to Mac."
​https://bugs.webkit.org/show_bug.cgi?id=144973
​http://trac.webkit.org/changeset/184359

"Unreviewed build fix after r184359; typo."
​http://trac.webkit.org/changeset/184362

7:03 PM Changeset in webkit [184365] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit2

Some CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
​https://bugs.webkit.org/show_bug.cgi?id=145025.
and
rdar://problem/20646308.

Patch by Zhuo Li <​zachli@apple.com> on 2015-05-14
Reviewed by Alexey Proskuryakov.

• UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate):

5:25 PM Changeset in webkit [184364] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Update the New Tab button disabled state after extra domains are activated
​https://bugs.webkit.org/show_bug.cgi?id=145028

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-14
Reviewed by Timothy Hatcher.

• UserInterface/Base/Main.js:

(WebInspector.activateExtraDomains):

5:08 PM Changeset in webkit [184363] by Michael Catanzaro

• 4 edits in trunk

[CMake] Error out when ruby is too old
​https://bugs.webkit.org/show_bug.cgi?id=145014

Reviewed by Martin Robinson.

.:

Error out immediately after checking for Ruby if the ruby executable is not found, or if it
is too old.

• CMakeLists.txt:

Source/JavaScriptCore:

Don't enforce the check for the Ruby executable here; it's now enforced in the top-level
CMakeLists.txt instead.

• CMakeLists.txt:

4:52 PM Changeset in webkit [184362] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

Unreviewed build fix after r184359; typo.

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

4:40 PM Changeset in webkit [184361] by roger_fong@apple.com

• 3 edits in trunk/Source/WebCore

Adjust button CSS and positioning in preparation.
​https://bugs.webkit.org/show_bug.cgi?id=144973.
<rdar://problem/20306227>

Reviewed by Dean Jackson.

The only visual change here is the swapping of the rewind and play button positions.
Also, position buttons based off of both left and right margins instead of just one of the two.
This allows the controls drop off to work without having to use a spacer element to take the place
of the timeline if the controls are too small.

• Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-time-remaining-display):
(audio:-webkit-full-screen::-webkit-media-controls-toggle-closed-captions-button):
(audio:-webkit-full-screen::-webkit-media-controls-wireless-playback-picker-button):

• Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):

4:35 PM Changeset in webkit [184360] by dino@apple.com

• 2 edits in trunk/Source/WebCore

MediaControls: controls are live even when invisible
​https://bugs.webkit.org/show_bug.cgi?id=145029
<rdar://problem/20865442>

Reviewed by Jer Noble.

When the controls are invisible they should ignore touch/mouse
events.

• Modules/mediacontrols/mediaControlsiOS.css: Add pointer-events: none where appropriate.

(video::-webkit-media-controls-panel-container):
(video::-webkit-media-controls-panel-background):
(video::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel.paused):

4:27 PM Changeset in webkit [184359] by jer.noble@apple.com

• 8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
​https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

• Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

• Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

• Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

• html/HTMLMediaElement.h:
• rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

• rendering/RenderMedia.h:

Drive-by fixes:

• Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

3:46 PM Changeset in webkit [184358] by timothy_horton@apple.com

• 20 edits in trunk

Add a layout mode that scales down the view to try to fit the document
​https://bugs.webkit.org/show_bug.cgi?id=145022
<rdar://problem/19790341>

Reviewed by Dean Jackson.

• Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

• Shared/WebPageCreationParameters.h:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setShouldScaleViewToFitDocument):

• UIProcess/WebPageProxy.h:
• WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setShouldScaleViewToFitDocument):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setShouldScaleViewToFitDocument):

• WebProcess/WebPage/WebPage.h:
• WebProcess/WebPage/WebPage.messages.in:

Plumb shouldScaleViewToFitDocument through to the DrawingArea.

• UIProcess/mac/WKViewLayoutStrategy.mm:

(+[WKViewLayoutStrategy layoutStrategyWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy initWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy updateLayout]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy willChangeLayoutStrategy]):

• UIProcess/API/C/WKLayoutMode.h:
• UIProcess/API/Cocoa/_WKLayoutMode.h:

Add a new layout mode, which just turns on shouldScaleViewToFitDocument,
and otherwise behaves as normal.

• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setShouldScaleViewToFitDocument):
(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
On every flush where either the document size or view size has changed,
or layout is outstanding, do a layout with fixed layout off to determine
whether the document fits inside the view. If it doesn't, scale it down
to fit. This will require an extra layout for every resize while in the
scaled-down state, but there is potential for future optimization.

• MiniBrowser/mac/BrowserWindow.xib:
• MiniBrowser/mac/BrowserWindowController.h:
• MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController toggleShrinkToFit:]):
(-[WK2BrowserWindowController toggleUseMinimumViewSize:]): Deleted.
Switch to _WKLayoutModeDynamicSizeComputedFromMinimumDocumentSize.

3:29 PM Changeset in webkit [184357] by Michael Catanzaro

• 2 edits in trunk/Tools

[CMake] Don't read the LOCATION property of targets
​https://bugs.webkit.org/show_bug.cgi?id=145018

Reviewed by Martin Robinson.

Use the TARGET_FILE_DIR generator expression to determine the location of the test injected
bundle, rather than assuming that the LOCATION property of TestWebKitAPIInjectedBundle will
be the same at configure-time as it is at generate-time.

• TestWebKitAPI/CMakeLists.txt:

2:43 PM Changeset in webkit [184356] by andersca@apple.com

• 5 edits in trunk/Source/WebKit2

Local storage origins should include origins with transient local storage
​https://bugs.webkit.org/show_bug.cgi?id=145017
rdar://problem/10690447

Reviewed by Sam Weinig.

The transient local storage namespaces are used for third party data blocking and will stay
around until the UI process exits so we need to be able to include website data from transient storage
in the website data store APIs.

• UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::TransientLocalStorageNamespace::origins):
(WebKit::StorageManager::getLocalStorageOrigins):

• UIProcess/Storage/StorageManager.h:
• UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):

• UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):

2:39 PM Changeset in webkit [184355] by rniwa@webkit.org

• 4 edits
  2 adds in trunk

Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
​https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

• editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

• editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on ​https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

• editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
• editing/inserting/insert-table-in-paragraph-crash.html: Added.

2:32 PM Changeset in webkit [184354] by basile_clement@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Enforce options coherency
​https://bugs.webkit.org/show_bug.cgi?id=144921

Reviewed by Mark Lam.

JavaScriptCore should be failing early when the options are set in such
a way that we don't have a meaningful way to execute JavaScript, rather
than failing for obscure reasons at some point during execution.

This patch adds a new function that checks whether the options are set
in a coherent way, and makes JSC::Options::initialize() crash when the
environment enforces incoherent options.
Client applications able to add or change additional options are
responsible to check for coherency again before starting to actually
execute JavaScript, if any additional options have been set. This is
implemented for the jsc executable in this patch.

• jsc.cpp:

(CommandLine::parseArguments):

• runtime/Options.cpp:

(JSC::Options::initialize):
(JSC::Options::ensureOptionsAreCoherent): Added.

• runtime/Options.h:

(JSC::Options::ensureOptionsAreCoherent): Added.

2:28 PM Changeset in webkit [184353] by mmaxfield@apple.com

• 13 edits
  1 delete in trunk

[Mac] Expose more font weights for -apple-system
​https://bugs.webkit.org/show_bug.cgi?id=144707

Reviewed by Simon Fraser.

Source/WebCore:

Previously, when we parsed a CSS declaration of the form font: keyword; where keyword
is one of caption, icon, menu, message-box, small-caption, -webkit-mini-control, -webkit-small-control,
or -webkit-control (which html.css does for form controls), we would ask the system what the appropriate
system font is, get that font's family name, and synthesize a font-family CSS property for the element.
Then, later when we actually go to look up the font, we would look up the font by family name using this
information. However, this round-tripping of a font through a family name is actually lossy, and is not
guaranteed to preserve system-font-ness (which we use for various things including metrics calculations).

This patch modifies this logic to specify a token family name instead, which the font lookup code special
cases (and reacts by making the appropriate system-font lookup call). This approach is currently how iOS
handles these system fonts; this patch simply brings this approach to OS X.

There is also an added progression here. We used to simply call [NSFont fontWithName:size:] on the system
font family name (which the parser found for us) which entirely disregards weight. This means that we
used to be getting synthesized bold in form controls which ask for a heavy weight. Migrating to this
system-font aware call means that we get the real bold font instead of synthesized bold.

Once this system-font-ness is guaranteed to be preserved between parsing time and font lookup time, we
can safely migrate to using [NSFont systemFontOfSize:weight] instead of [NSFont systemFontOfSize:] on
platforms which support it.

Tests: fast/text/systemFont.html

fast/css/css2-system-fonts.html
fast/forms/select/optgroup-rendering.html
fast/forms/validation-message-appearance.html

• css/CSSParser.cpp:

(WebCore::CSSParser::parseSystemFont): Add a comment regarding why we are bothering with expanding out
the font property in the first place.

• platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::FontCascade::primaryFontIsSystemFont): Update to use new system font tokens.

• platform/graphics/mac/FontCacheMac.mm:

(WebCore::toNSFontWeight): New static method to map font weights to NSFontWeight constants available on
Yosemite and later.
(WebCore::fontWithFamilySpecialCase): Pull all these special-case font token name handling into a
separate function, which returns an Optional.
(WebCore::fontWithFamily):

• platform/mac/ThemeMac.mm:

(WebCore::ThemeMac::controlFont): Use the font token name instead of the generated system font family
name.

• platform/spi/mac/NSFontSPI.h: Add [NSFont systemFontWithSize:weight:] and the proper NSFontWeight

constants.

• rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Use the font token names instead of the
generated system font family name.
(WebCore::RenderThemeMac::setFontFromControlSize): Ditto.

LayoutTests:

• platform/mac/fast/text/systemFont-expected.txt: Update expectations.
• platform/mac/fast/text/systemFont.html: Update test to include font weights for -apple-system.
• platform/mac/fast/css/css2-system-fonts-expected.txt: Updated to not hardcode the system font family name.
• platform/mac-mavericks/fast/css/css2-system-fonts-expected.txt: Ditto.
• platform/mac/fast/forms/select/optgroup-rendering-expected.txt: Updated to not use synthetic bold.
• platform/mac/fast/forms/validation-message-appearance-expected.txt: Ditto.

2:24 PM Changeset in webkit [184352] by Yusuke Suzuki

• 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
​https://bugs.webkit.org/show_bug.cgi?id=145019

Reviewed by Ryosuke Niwa.

Attempt to fix compile errors in EFL ARM buildbots.
By executing nm, found JSTemplateRegistryKey.cpp.o and TemplateRegistry.cpp.o have
unresolved reference to Structure::get. That is inlined function in StructureInlines.h.

• runtime/JSTemplateRegistryKey.cpp:
• runtime/TemplateRegistry.cpp:

2:19 PM Changeset in webkit [184351] by roger_fong@apple.com

• 4 edits in trunk/Source/WebCore

Add internals setting to disable wireless playback availability for layout tests
​https://bugs.webkit.org/show_bug.cgi?id=145012.
<rdar://problem/20946504>

Reviewed by Eric Carlson.

• testing/InternalSettings.cpp:

(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setWirelessPlaybackDisabled):

• testing/InternalSettings.idl:

1:56 PM Changeset in webkit [184350] by bshafiei@apple.com

• 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

1:38 PM Changeset in webkit [184349] by commit-queue@webkit.org

• 3 edits in trunk/Source/JavaScriptCore

Small refactoring before implementation of the ES6 arrow function.
​https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <​gskachkov@gmail.com> on 2015-05-14
Reviewed by Ryosuke Niwa.

• parser/Parser.h:
• parser/Parser.cpp:

1:27 PM Changeset in webkit [184348] by bshafiei@apple.com

• 1 copy in tags/Safari-601.1.32.2.1

New tag.

12:58 PM Changeset in webkit [184347] by Yusuke Suzuki

• 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): ASSERT failed in debug builds for tagged templates
​https://bugs.webkit.org/show_bug.cgi?id=145013

Reviewed by Filip Pizlo.

Fix the regression introduced by r184337.

1. JSTemporaryRegistryKey::s_info should inherit the Base::s_info, JSDestructibleObject::s_info.

2. The first register argument of BytecodeGenerator::emitNode should be a referenced register if it is a temporary register.

• bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):

• runtime/JSTemplateRegistryKey.cpp:

12:07 PM Changeset in webkit [184346] by akling@apple.com

• 2 edits in trunk/Source/JavaScriptCore

String.prototype.split() should create efficient substrings.
<​https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

• runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

11:17 AM Changeset in webkit [184345] by Beth Dakin

• 5 edits in trunk/Source

Change range of possible forces for mouseforcechanged DOM event
​https://bugs.webkit.org/show_bug.cgi?id=144987
-and corresponding-
rdar://problem/20472802

Reviewed by Tim Horton.

Change to a 0-3 range.
Source/WebCore:

• platform/PlatformMouseEvent.h:
• platform/mac/PlatformEventFactoryMac.mm:

(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

Source/WebKit2:

• Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

11:11 AM Changeset in webkit [184344] by Yusuke Suzuki

• 2 edits in trunk/Source/JavaScriptCore

Change the status of ES6 tagged templates to Done in features.json
​https://bugs.webkit.org/show_bug.cgi?id=145003

Reviewed by Benjamin Poulain.

Now it's implemented in r184337.

• features.json:

10:59 AM Changeset in webkit [184343] by bshafiei@apple.com

• 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

10:55 AM Changeset in webkit [184342] by bshafiei@apple.com

• 1 copy in branches/safari-601.1.32.2-branch

New Branch.

10:55 AM Changeset in webkit [184341] by mmaxfield@apple.com

• 9 edits in trunk

Add String literal overloads to equalIgnoringASCIICase()
​https://bugs.webkit.org/show_bug.cgi?id=145008

Patch by Myles C. Maxfield <​mmaxfield@apple.com> on 2015-05-14
Reviewed by Benjamin Poulain.

Source/WTF:

Create an overload for equalIgnoringASCIICase for string literals.

• wtf/text/StringImpl.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

• wtf/text/StringImpl.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

• wtf/text/StringView.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

• wtf/text/StringView.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

• wtf/text/WTFString.h:

(WTF::equalIgnoringASCIICase): Delegate to StringImpl's implementation.

Tools:

Test changes to WTF.

• TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(WTF.StringImplEqualIgnoringASCIICaseBasic): Test const char*.
(WTF.StringImplEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

• TestWebKitAPI/Tests/WTF/StringView.cpp:

(WTF.StringViewEqualIgnoringASCIICaseBasic): Ditto.
(WTF.StringViewEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

10:36 AM Changeset in webkit [184340] by Yusuke Suzuki

• 6 edits
  1 add in trunk/Source/JavaScriptCore

Introduce SymbolType into SpeculativeTypes
​https://bugs.webkit.org/show_bug.cgi?id=142651

Reviewed by Filip Pizlo.

Introduce SpecSymbol type into speculative types.
Previously symbol type is categorized into SpecCellOther.
But SpecCellOther is not intended to be used for such cells.

This patch just introduces SpecSymbol.
It represents the type of target value is definitely the symbol type.
It is the part of SpecCell.

In this patch, we do not introduce SymbolUse tracking.
It will be added in the separate patch.

• bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromStructure):

• bytecode/SpeculatedType.h:

(JSC::isSymbolSpeculation):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::setType):

• dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

• tests/stress/typeof-symbol.js: Added.

9:37 AM Changeset in webkit [184339] by Manuel Rego Casasnovas

• 7 edits in trunk/Source/WebCore

Fix typo in RenderBox::instrinsicScrollbarLogicalWidth()
​https://bugs.webkit.org/show_bug.cgi?id=144999

Reviewed by Sergio Villar Senin.

Rename RenderBox::instrinsicScrollbarLogicalWidth() to
RenderBox::intrinsicScrollbarLogicalWidth().

No new tests, no behavior changes.

• rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeIntrinsicLogicalWidths):

• rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):

• rendering/RenderBox.cpp:

(WebCore::RenderBox::intrinsicScrollbarLogicalWidth):
(WebCore::RenderBox::instrinsicScrollbarLogicalWidth): Deleted.

• rendering/RenderBox.h:
• rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::computeIntrinsicLogicalWidths):

• rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths):

9:31 AM Changeset in webkit [184338] by fpizlo@apple.com

• 2 edits in trunk/LayoutTests

Unreviewed, skip js/regress-141098.html. The fix will be tracked in ​https://bugs.webkit.org/show_bug.cgi?id=145007

• TestExpectations:

9:07 AM Changeset in webkit [184337] by Yusuke Suzuki

• 24 edits
  11 adds in trunk/Source/JavaScriptCore

[ES6] Implement tagged templates
​https://bugs.webkit.org/show_bug.cgi?id=143183

Reviewed by Oliver Hunt.

This patch implements ES6 tagged templates.
In tagged templates, the function takes the template object.

The template object contains the raw and cooked template strings,
so when parsing the tagged templates, we need to tokenize the raw and cooked strings.
While tagged templates require the both strings, the template literal only requires
the cooked strings. So when tokenizing under the template literal context,
we only builds the cooked strings.

As per ES6 spec, the template objects for the same raw strings are shared in the same realm.
The template objects is cached. And every time we evaluate the same tagged templates,
the same (cached) template objects are used.
Since the spec freezes this template objects completely,
we cannot attach some properties to it.
So we can say that it behaves as if the template objects are the primitive values (like JSString).
Since we cannot attach properties, the only way to test the identity of the template object is comparing. (===)
As the result, when there is no reference to the template object, we can garbage collect it
because the user has no way to test that the newly created template object does not equal
to the already collected template object.

So, to implement tagged templates, we implement the following components.

1. JSTemplateRegistryKey

It holds the template registry key and it does not exposed to users.
TemplateRegistryKey holds the vector of raw and cooked strings with the pre-computed hash value.
When obtaining the template object for the (statically, a.k.a. at the parsing time) given raw string vectors,
we use this JSTemplateRegistryKey as a key to the map and look up the template object from
TemplateRegistry.
JSTemplateRegistryKey is created at the bytecode compiling time and
stored in the CodeBlock as like as JSString content values.

2. TemplateRegistry

This manages the cached template objects.
It holds the weak map (JSTemplateRegistryKey -> the template object).
The template object is weakly referenced.
So if there is no reference to the template object,
the template object is automatically GC-ed.
When looking up the template object, it searches the cached template object.
If it is found, it is returned to the users.
If there is no cached template objects, it creates the new template object and
stores it with the given template registry key.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode): Deleted.

• parser/ASTBuilder.h:

(JSC::ASTBuilder::createTaggedTemplate):
(JSC::ASTBuilder::createTemplateLiteral): Deleted.

• parser/Lexer.cpp:

(JSC::Lexer<T>::setCode):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTrailingTemplateString):
(JSC::Lexer<T>::clear):

• parser/Lexer.h:

(JSC::Lexer<T>::makeEmptyIdentifier):

• parser/NodeConstructors.h:

(JSC::TaggedTemplateNode::TaggedTemplateNode):
(JSC::TemplateLiteralNode::TemplateLiteralNode): Deleted.

• parser/Nodes.h:

(JSC::TemplateLiteralNode::templateStrings):
(JSC::TemplateLiteralNode::templateExpressions):
(JSC::TaggedTemplateNode::templateLiteral):

• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):

• parser/Parser.h:
• parser/ParserArena.h:

(JSC::IdentifierArena::makeEmptyIdentifier):

• parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createTaggedTemplate):
(JSC::SyntaxChecker::createTemplateLiteral): Deleted.

• runtime/CommonIdentifiers.h:
• runtime/JSGlobalObject.cpp:

(JSC::getTemplateObject):
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::templateRegistry):

• runtime/JSTemplateRegistryKey.cpp: Added.

(JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
(JSC::JSTemplateRegistryKey::create):
(JSC::JSTemplateRegistryKey::destroy):

• runtime/JSTemplateRegistryKey.h: Added.
• runtime/ObjectConstructor.cpp:

(JSC::objectConstructorFreeze):

• runtime/ObjectConstructor.h:
• runtime/TemplateRegistry.cpp: Added.

(JSC::TemplateRegistry::TemplateRegistry):
(JSC::TemplateRegistry::getTemplateObject):

• runtime/TemplateRegistry.h: Added.
• runtime/TemplateRegistryKey.h: Added.

(JSC::TemplateRegistryKey::isDeletedValue):
(JSC::TemplateRegistryKey::isEmptyValue):
(JSC::TemplateRegistryKey::hash):
(JSC::TemplateRegistryKey::rawStrings):
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::operator==):
(JSC::TemplateRegistryKey::operator!=):
(JSC::TemplateRegistryKey::Hasher::hash):
(JSC::TemplateRegistryKey::Hasher::equal):
(JSC::TemplateRegistryKey::TemplateRegistryKey):

• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:
• tests/stress/tagged-templates-identity.js: Added.

(shouldBe):

• tests/stress/tagged-templates-raw-strings.js: Added.

(shouldBe):
(tag):
(testEval):

• tests/stress/tagged-templates-syntax.js: Added.

(tag):
(testSyntax):
(testSyntaxError):

• tests/stress/tagged-templates-template-object.js: Added.

(shouldBe):
(tag):

• tests/stress/tagged-templates-this.js: Added.

(shouldBe):
(tag):

• tests/stress/tagged-templates.js: Added.

(shouldBe):
(raw):
(cooked):
(Counter):

8:33 AM Changeset in webkit [184336] by Matt Baker

• 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Current time marker is always at zero in Rendering Frames ruler
​https://bugs.webkit.org/show_bug.cgi?id=144518

Reviewed by Timothy Hatcher.

The current and end time values for the rendering frame timeline overview should always be equal to the frame
number of the last record in the rendering frames timeline.

• UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.updateLayout):

• UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._recordingTimesUpdated):

3:52 AM Changeset in webkit [184335] by zandobersek@gmail.com

• 2 edits in trunk

[GTK] Enable plugin-related CMake options and variables for the X11 target only
​https://bugs.webkit.org/show_bug.cgi?id=144995

Reviewed by Carlos Garcia Campos.

• Source/cmake/OptionsGTK.cmake: Plugins are only supported for

the X11 windowing target at the moment, so the following options
and variables should be enabled or disabled accordingly:

• ENABLE_PLUGIN_PROCESS_GTK2
• ENABLE_NETSCAPE_PLUGIN_API
• ENABLE_PLUGIN_PROCESS

2:33 AM Changeset in webkit [184334] by zandobersek@gmail.com

• 3 edits in trunk/Source/WebKit2

[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
​https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

• UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

• UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

2:32 AM Changeset in webkit [184333] by zandobersek@gmail.com

• 2 edits in trunk/Source/WTF

[GTK] RunLoop constructor should properly retrieve or establish the thread-default GMainContext
​https://bugs.webkit.org/show_bug.cgi?id=144732

Reviewed by Carlos Garcia Campos.

RunLoop constructor in the GTK implementation should use the
existing thread-default context, create a new one if not on
the main thread, or use the global-default one if on the main
thread.

In RunLoop::run(), the GMainContext should then be pushed as
the thread-default before calling g_main_loop_run(), and popped
off when the main loop stops.

• wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::run):

12:59 AM Changeset in webkit [184332] by Gyuyoung Kim

• 2 edits in trunk/LayoutTests

[EFL] Unskip passing AX tests since r184198

Unreviewed EFL gardening.

• platform/efl/TestExpectations: Two AX tests have been passed since r184198.

12:57 AM Changeset in webkit [184331] by youenn.fablet@crf.canon.fr

• 12 edits
  2 adds in trunk

SharedBuffer::createWithContentsOfFile should use map file routines
​https://bugs.webkit.org/show_bug.cgi?id=144192

Reviewed by Darin Adler.

Source/WebCore:

Made use of mmap routines within SharedBuffer::createWithContentsOfFile for EFL, GTK and Mac ports.
If mapping is failing, it falls back to the previous version of SharedBuffer::createWithContentsOfFile renamed as
SharedBuffer::createFromReadingFile (using open/read method).
File content is mapped until SharedBuffer is cleared, destroyed or additional content is appended to the SharedBuffer.

A helper class, MappedFileData, is introduced to handle mapped files through calls to open/mmap/munmap/close.

Patch covered by existing layout tests and added unit tests.

• platform/FileSystem.cpp:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator=):
(WebCore::MappedFileData::~MappedFileData):

• platform/FileSystem.h:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator bool):
(WebCore::MappedFileData::data):
(WebCore::MappedFileData::size):

• platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::createWithContentsOfFile): Making use of MappedFileData before using createFromReadingFile.
(WebCore::SharedBuffer::size): Checking whether data is coming from a MappedFileData.
(WebCore::SharedBuffer::data): Ditto.
(WebCore::SharedBuffer::append): Ditto.
(WebCore::SharedBuffer::clear): Clearing MappedFileData if needed.
(WebCore::SharedBuffer::copy): Transferring mapped data to buffer if needed.
(WebCore::SharedBuffer::getSomeData):
(WebCore::SharedBuffer::maybeTransferMappedFileData):

• platform/SharedBuffer.h:
• platform/gtk/SharedBufferGtk.cpp:

(WebCore::SharedBuffer::createFromReadingFile): renamed from createWithContentsOfFile.

• platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createFromReadingFile): Dito.

• platform/posix/SharedBufferPOSIX.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

• platform/win/SharedBufferWin.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

Tools:

Adding SharedBuffer and FileSystem Unit tests to Mac and GTK, not yet for EFL.

• TestWebKitAPI/PlatformGTK.cmake:
• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebCore/FileSystem.cpp: Added.

(TestWebKitAPI::FileSystemTest::tempFilePath):
(TestWebKitAPI::FileSystemTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

• TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp: Added.

(TestWebKitAPI::SharedBufferTest::tempFilePath):
(TestWebKitAPI::SharedBufferTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

May 13, 2015:

10:59 PM Changeset in webkit [184330] by Carlos Garcia Campos

• 2 edits in trunk/Source/WebKit2

[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
​https://bugs.webkit.org/show_bug.cgi?id=144953

Reviewed by Martin Robinson.

Return early if we fail to get the birthtime xattr.

• NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::fileTimes):

10:10 PM Changeset in webkit [184329] by Simon Fraser

• 5 edits in trunk/Source/WebCore

Get the ScriptController from the correct frame for media elements and plug-ins
​https://bugs.webkit.org/show_bug.cgi?id=144983
rdar://problem/20692642&19943135

Reviewed by Sam Weinig.

HTMLMediaElement, QuickTimePluginReplacement and HTMLPlugInImageElement were
getting the main frame's ScriptController instead of the one for their frame.
This caused media controls JS to be running in the context of the main frame,
which broke media controls which use getCSSCanvasContext() and -webkit-canvas.

Fix by getting the frame via the element's document.

Also undo r180584 which was working around this bug.

• Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.drawTimelineBackground):

• Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
(WebCore::QuickTimePluginReplacement::installReplacement):

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):

• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

9:19 PM Changeset in webkit [184328] by rniwa@webkit.org

• 12 edits
  1 add in trunk/Source/JavaScriptCore

REGRESSION(r180595): same-callee profiling no longer works
​https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Filip Pizlo.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

• bytecode/BytecodeList.json: Increased the number of operands to 5.
• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior and/or we've OSR exited here.
(JSC::JIT::emitSlow_op_create_this):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):

• llint/LowLevelInterpreter32_64.asm:

(_llint_op_create_this): Ditto.

• llint/LowLevelInterpreter64.asm:

(_llint_op_create_this): Ditto.

• runtime/CommonSlowPaths.cpp:

(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().

• runtime/JSCell.h:

(JSC::JSCell::seenMultipleCalleeObjects): Added.

• runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.

• tests/stress/create-this-with-callee-variants.js: Added.

9:07 PM Changeset in webkit [184327] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Fix trivial typos in ApplyBlockElementCommand
​https://bugs.webkit.org/show_bug.cgi?id=144984

Patch by Sungmann Cho <​sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change.

• editing/ApplyBlockElementCommand.cpp:

(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded):
(WebCore::ApplyBlockElementCommand::endOfNextParagrahSplittingTextNodesIfNeeded): Deleted.

• editing/ApplyBlockElementCommand.h:

8:07 PM Changeset in webkit [184326] by dbates@webkit.org

• 13 edits in trunk/Source/WebKit2

Rename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel}PrepareToSuspend()
​https://bugs.webkit.org/show_bug.cgi?id=144619
<rdar://problem/20812779>

Reviewed by Andy Estes.

The names of the functions ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() are misnomers. These
functions are called when the ProcessThrottler wants to prepare the process that it manages for suspension
and changes its mind, respectively. That is, these functions do not actually correspond to the OS decision
to suspend a process or cancel the suspension of a process, respectively. So, rename these functions and
associated {Network, Web}ProcessProxy message names to better describe their purpose.

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::cancelPrepareToSuspend):
(WebKit::NetworkProcess::processWillSuspend): Deleted.
(WebKit::NetworkProcess::cancelProcessWillSuspend): Deleted.

• NetworkProcess/NetworkProcess.h:
• NetworkProcess/NetworkProcess.messages.in:
• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendCancelPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::NetworkProcessProxy::sendCancelProcessWillSuspend): Deleted.

• UIProcess/Network/NetworkProcessProxy.h:
• UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::updateAssertion):

• UIProcess/ProcessThrottlerClient.h:
• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcess::actualPrepareToSuspend): Formerly named prepareToSuspend.
(WebKit::WebProcessProxy::sendPrepareToSuspend):
(WebKit::WebProcessProxy::sendCancelPrepareToSuspend):
(WebKit::WebProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::WebProcessProxy::sendCancelProcessWillSuspend): Deleted.

• UIProcess/WebProcessProxy.h:
• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processWillSuspend): Deleted.
(WebKit::WebProcess::cancelProcessWillSuspend): Deleted.

• WebProcess/WebProcess.h:
• WebProcess/WebProcess.messages.in:

6:34 PM Changeset in webkit [184325] by commit-queue@webkit.org

• 7 edits in trunk/Source

Clean up some possible RefPtr to PassRefPtr churn
​https://bugs.webkit.org/show_bug.cgi?id=144779

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Darin Adler.

• runtime/GenericTypedArrayViewInlines.h:

(JSC::GenericTypedArrayView<Adaptor>::create):
(JSC::GenericTypedArrayView<Adaptor>::createUninitialized):

• runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):

• runtime/Structure.cpp:

(JSC::Structure::toStructureShape):

• runtime/TypedArrayBase.h:

(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):

• tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):
Release the last use of a RefPtr as it is passed on.

6:32 PM Changeset in webkit [184324] by commit-queue@webkit.org

• 37 edits
  3 adds in trunk

ES6: Allow duplicate property names
​https://bugs.webkit.org/show_bug.cgi?id=142895

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Introduce new op_put_getter_by_id and op_put_setter_by_id opcodes
that will define a single getter or setter property on an object.

The existing op_put_getter_setter opcode is still preferred for
putting both a getter and setter at the same time but cannot be used
for putting an individual getter or setter which is needed in
some cases.

Add a new slow path when generating bytecodes for a property list
with computed properties, as computed properties are the only time
the list of properties cannot be determined statically.

• bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

• fast path for all constant properties
• slow but paired getter/setter path if there are no computed properties
• slow path, individual put operation for every property, if there are computed properties

• parser/Nodes.h:

Distinguish a Computed property from a Constant property.

• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
Distingish Computed and Constant properties.

(JSC::Parser<LexerType>::parseObjectLiteral):
When we drop into strict mode it is because we saw a getter
or setter, so be more explicit.

(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Eliminate duplicate property syntax error exception.

• parser/SyntaxChecker.h:

(JSC::SyntaxChecker::getName):

• parser/ASTBuilder.h:

(JSC::ASTBuilder::getName): Deleted.
No longer used.

• runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):
When updating a property. If the Accessor attribute changed
update the Structure.

• runtime/JSObject.cpp:

(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
Called by the opcodes, just perform the same operation that
defineGetter or defineSetter would do.

(JSC::JSObject::putDirectNonIndexAccessor):
This transition is now handled in putDirectInternal.

• runtime/Structure.h:

Add needed export.

• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutGetterById):
(JSC::BytecodeGenerator::emitPutSetterById):

• bytecompiler/BytecodeGenerator.h:
• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:

New bytecodes. Modelled after existing op_put_getter_setter.

LayoutTests:

• js/object-literal-duplicate-properties-expected.txt: Added.
• js/object-literal-duplicate-properties.html: Added.
• js/script-tests/object-literal-duplicate-properties.js: Added.

Include a new test all about testing duplicate property names
and their expected cascading results.

• ietestcenter/Javascript/11.1.5_4-4-b-1-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-b-2-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-c-1-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-c-2-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-d-1-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-d-2-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-d-3-expected.txt:
• ietestcenter/Javascript/11.1.5_4-4-d-4-expected.txt:

ES5 behavior for duplciate properties has changed.

• js/mozilla/strict/11.1.5-expected.txt:
• js/object-literal-syntax-expected.txt:
• js/script-tests/object-literal-syntax.js:

Update other tests and values now that duplicate properties
are allowed, and their cascade order behaves correctly.

6:21 PM Changeset in webkit [184323] by ddkilzer@apple.com

• 2 edits in trunk/Source/WebCore

REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<​http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

• loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:39 PM Changeset in webkit [184322] by bshafiei@apple.com

• 5 edits in branches/safari-600.5.17-branch/Source

Versioning.

5:36 PM Changeset in webkit [184321] by bshafiei@apple.com

• 5 edits in branches/safari-601.1.32-branch/Source

Versioning.

5:11 PM Changeset in webkit [184320] by rniwa@webkit.org

• 2 edits in branches/safari-600.7-branch/LayoutTests

Add a Pass/Failure test expectation on
fast/canvas/webgl/tex-image-and-sub-image-2d-with-potentially-subsampled-image.html.

I don't know why this test expectation was not in the branch given it was added back in r174585.
Perhaps it got lost during some merges.

• platform/mac/TestExpectations:

5:08 PM Changeset in webkit [184319] by bshafiei@apple.com

• 1 copy in tags/Safari-601.1.32.2

New tag.

4:57 PM Changeset in webkit [184318] by fpizlo@apple.com

• 7 edits
  1 add in trunk/Source/JavaScriptCore

Creating a new blank document in icloud pages causes an AI error: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble.
​https://bugs.webkit.org/show_bug.cgi?id=144856

Reviewed by Benjamin Poulain.

First I made fixTypeForRepresentation() print out better diagnostics when it dies.

Then I fixed the bug: Node::convertToIdentityOn(Node*) needs to make sure that when it
converts to a representation-changing node, it needs to use one of the UseKinds that such
a node expects. For example, DoubleRep(UntypedUse:) doesn't make sense; it needs to be
something like DoubleRep(NumberUse:) since it will speculate that the input is a number.

• dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::setBuiltInConstant):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::fixTypeForRepresentation):

• dfg/DFGAbstractValue.h:
• dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

• dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):

• tests/stress/cloned-arguments-get-by-val-double-array.js: Added.

(foo):

4:33 PM Changeset in webkit [184317] by commit-queue@webkit.org

• 3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184313.
​https://bugs.webkit.org/show_bug.cgi?id=144974

Introduced an assertion failure in class-syntax-
declaration.js, class-syntax-expression.js, and object-
literal-syntax.js (Requested by rniwa on #webkit).

Reverted changeset:

"Small refactoring before ES6 Arrow function implementation."
​https://bugs.webkit.org/show_bug.cgi?id=144954
​http://trac.webkit.org/changeset/184313

4:18 PM Changeset in webkit [184316] by oliver@apple.com

• 7 edits in trunk/Source

Source/JavaScriptCore:
Ensure that all the smart pointer types in WTF clear their pointer before deref
​https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

One of the simpler cases of this in JavaScriptCore. There
are other cases where we need to guard the derefs but they
are more complex cases.

• inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::releaseImpl):

• inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::releaseImpl):

Source/WTF:

Ensure that all the smart pointer types in WTF clear their pointer before deref
​https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

In order to prevent use after free bugs caused by destructors
that end up trying to access the smart pointer itself, we should
make sure we always clear the m_ptr field before calling deref.

Essentially the UaF path is:
struct Foo : RefCounted<Foo> {

Wibble* m_wibble;
void doSomething();
~Foo() { m_wibble->doSomethingLikeCleanup(); }

};

struct Wibble {

void doSomethingLikeCleanup()
{

if (m_foo) {

/* if this branch is not here we get a null deref */
m_foo->doSomething();

}

}
void replaceFoo(Foo* foo) { m_foo = foo; }
RefPtr<Foo> m_foo;

};

Wibble* someWibble = /* a Wibble with m_foo->m_refCount == 1 */;

/* and m_foo points to someWibble */;

someWibble->replaceFoo(someOtherFoo);
+ someWibble->m_foo->m_ptr->deref();

+ someWibble->m_foo->m_ptr->~Foo()

+ someWibble->m_foo->m_ptr->m_wibble->doSomethingLikeCleanup()

+ someWibble->m_foo->m_ptr->m_wibble /* someWibble */ ->m_foo->m_ptr /*logically dead*/ ->doSomething()

By clearing m_ptr first we either force a null pointer deref or
we force our code down a path that does not use the dead smart
pointer.

• wtf/PassRefPtr.h: (WTF::PassRefPtr::~PassRefPtr):
• wtf/Ref.h: (WTF::Ref::~Ref): (WTF::Ref::operator=):
• wtf/RefPtr.h: (WTF::RefPtr::~RefPtr):
• wtf/RetainPtr.h: (WTF::RetainPtr::~RetainPtr): (WTF::RetainPtr<T>::clear):

4:09 PM Changeset in webkit [184315] by Antti Koivisto

• 31 edits
  5 adds in trunk

Cached CSS image resources don't show up after reloading <​http://nightly.webkit.org/start/>
​https://bugs.webkit.org/show_bug.cgi?id=144952
Source/WebCore:

rdar://problem/13387307

Reviewed by Oliver Hunt.

This is a symptom of a general problem that we don't revalidate subresources of cached parsed stylesheets.

Fix by tightening the check we perform when choosing to used the cached sheet. If there are expired subresources
we reparse the sheet.

Test: http/tests/cache/stylesheet-sharing.html

• css/CSSCrossfadeValue.cpp:

(WebCore::CSSCrossfadeValue::traverseSubresources):
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): Deleted.

Replace hasFailedOrCanceledSubresources with general purpose subresource traversal functions.

• css/CSSCrossfadeValue.h:
• css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::traverseSubresources):
(WebCore::CSSFilterImageValue::hasFailedOrCanceledSubresources): Deleted.

• css/CSSFilterImageValue.h:
• css/CSSFontFaceSrcValue.cpp:

(WebCore::CSSFontFaceSrcValue::traverseSubresources):
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): Deleted.

• css/CSSFontFaceSrcValue.h:
• css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): Deleted.

• css/CSSImageSetValue.h:
• css/CSSImageValue.cpp:

(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources): Deleted.

• css/CSSImageValue.h:
• css/CSSValue.cpp:

(WebCore::CSSValue::traverseSubresources):
(WebCore::CSSValue::hasFailedOrCanceledSubresources): Deleted.

• css/CSSValue.h:
• css/CSSValueList.cpp:

(WebCore::CSSValueList::traverseSubresources):
(WebCore::CSSValueList::hasFailedOrCanceledSubresources): Deleted.

• css/CSSValueList.h:
• css/StyleProperties.cpp:

(WebCore::StyleProperties::traverseSubresources):
(WebCore::StyleProperties::hasFailedOrCanceledSubresources): Deleted.

• css/StyleProperties.h:
• css/StyleSheetContents.cpp:

(WebCore::traverseSubresourcesInRules):
(WebCore::StyleSheetContents::traverseSubresources):
(WebCore::StyleSheetContents::subresourcesAllowReuse):

Disallow reuse if there are expired subresources.

(WebCore::StyleSheetContents::isLoadingSubresources):

Testing support.

(WebCore::childRulesHaveFailedOrCanceledSubresources): Deleted.
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): Deleted.

• css/StyleSheetContents.h:

(WebCore::StyleSheetContents::loadCompleted):

• html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

• loader/cache/CachedCSSStyleSheet.cpp:

(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):

• loader/cache/CachedCSSStyleSheet.h:
• loader/cache/CachedImage.cpp:

(WebCore::CachedImage::makeRevalidationDecision):
(WebCore::CachedImage::mustRevalidateDueToCacheHeaders): Deleted.

Move the logging code out from this function (it requires frame access this function doesn't otherwise need)
and refactor to return a decision enum.

• loader/cache/CachedImage.h:
• loader/cache/CachedResource.cpp:

(WebCore::CachedResource::makeRevalidationDecision):
(WebCore::logResourceRevalidationReason): Deleted.
(WebCore::CachedResource::mustRevalidateDueToCacheHeaders): Deleted.

• loader/cache/CachedResource.h:

(WebCore::CachedResource::loadFailedOrCanceled):

• loader/cache/CachedResourceLoader.cpp:

(WebCore::logRevalidation):
(WebCore::logResourceRevalidationDecision):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

Move logging here.

• testing/Internals.cpp:

(WebCore::Internals::isSharingStyleSheetContents):
(WebCore::Internals::isStyleSheetLoadingSubresources):

• testing/Internals.h:
• testing/Internals.idl:

LayoutTests:

Reviewed by Oliver Hunt.

• http/tests/cache/resources/non-shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

• http/tests/cache/resources/shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

• http/tests/cache/resources/stylesheet-html.php: Added.
• http/tests/cache/stylesheet-sharing-expected.txt: Added.
• http/tests/cache/stylesheet-sharing.html: Added.

3:27 PM Changeset in webkit [184314] by commit-queue@webkit.org

• 3 edits in trunk/Tools

[Content Extensions] Test interactions between multiple extensions and multiple domains.
​https://bugs.webkit.org/show_bug.cgi?id=144967

Patch by Alex Christensen <​achristensen@webkit.org> on 2015-05-13
Reviewed by Benjamin Poulain.

• DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:

Xcode wanted to fix an alphabetization issue.

• TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::TEST_F):
Test interactions that worked but were not explicitly tested before.

3:23 PM Changeset in webkit [184313] by commit-queue@webkit.org

• 3 edits in trunk/Source/JavaScriptCore

Small refactoring before ES6 Arrow function implementation.
​https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <​gskachkov@gmail.com> on 2015-05-13
Reviewed by Filip Pizlo.

• parser/Parser.h:
• parser/Parser.cpp:

3:16 PM Changeset in webkit [184312] by ryuan.choi@navercorp.com

• 6 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
​https://bugs.webkit.org/show_bug.cgi?id=144935

Reviewed by Darin Adler.

The members of SurfaceUpdateInfo are only used to update tile except scaleFactor.
So, this patch removes scaleFactor from SurfaceUpdateInfo.
In addition, removes unnecessary parameters in createTile()

No new tests because there is no behavior change.

• platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createTile):

• platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
• platform/graphics/texmap/coordinated/CoordinatedTile.cpp:

(WebCore::CoordinatedTile::updateBackBuffer):

• platform/graphics/texmap/coordinated/CoordinatedTile.h:
• platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:

3:14 PM Changeset in webkit [184311] by fpizlo@apple.com

• 8 edits
  3 adds in trunk/Source/JavaScriptCore

The liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility of an object's bytecode liveness being longer than its DFG liveness
​https://bugs.webkit.org/show_bug.cgi?id=144945

Reviewed by Michael Saboff.

We were making the mistake of using DFG liveness for object allocation sinking decisions.
This is wrong. In fact we almost never want to use DFG liveness directly. The only place
where that makes sense is pruning in DFG AI.

So, I created a CombinedLiveness class that combines the DFG liveness with bytecode
liveness.

In the process of doing this, I realized that the DFGForAllKills definition of combined
liveness at block tail was not strictly right; it was using the bytecode liveness at the
block terminal instead of the union of the bytecode live-at-heads of successor blocks. So,
I changed DFGForAllKills to work in terms of CombinedLiveness.

This allows me to unskip the test I added in r184260. I also added a new test that tries to
trigger this bug more directly.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGArgumentsEliminationPhase.cpp:
• dfg/DFGCombinedLiveness.cpp: Added.

(JSC::DFG::liveNodesAtHead):
(JSC::DFG::CombinedLiveness::CombinedLiveness):

• dfg/DFGCombinedLiveness.h: Added.

(JSC::DFG::CombinedLiveness::CombinedLiveness):

• dfg/DFGForAllKills.h:

(JSC::DFG::forAllKillsInBlock):
(JSC::DFG::forAllLiveNodesAtTail): Deleted.

• dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
(JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

• tests/stress/escape-object-in-diamond-then-exit.js: Added.
• tests/stress/sink-object-past-invalid-check-sneaky.js:

3:07 PM Changeset in webkit [184310] by andersca@apple.com

• 8 edits in trunk/Source/WebKit2

Don't create a per-pool data store when using the modern API
​https://bugs.webkit.org/show_bug.cgi?id=144963
rdar://problem/20331756

Reviewed by Tim Horton.

• UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::copy):

• UIProcess/API/APIProcessPoolConfiguration.h:

Keep track of whether the process pool should have a data store.

• UIProcess/API/C/WKContext.cpp:

(WKContextGetWebsiteDataStore):

• UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
Update now that WebProcessPool::dataStore() no longer returns a reference.

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
Only create a data store if the configuration states that we should.

• UIProcess/WebProcessPool.h:

Change dataStore() to return a pointer instead of a reference.

3:06 PM Changeset in webkit [184309] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Modernize ContainerNode::childElementCount
​https://bugs.webkit.org/show_bug.cgi?id=144930

Patch by Sam Weinig <​sam@webkit.org> on 2015-05-13
Reviewed by Darin Adler.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::childElementCount):
Use std::distance to compute the number of child elements.

• dom/ElementChildIterator.h:

Add typedefs to make the child element iterators conform STL standards.

2:58 PM Changeset in webkit [184308] by rniwa@webkit.org

• 5 edits
  2 adds in trunk

REGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying underline
​https://bugs.webkit.org/show_bug.cgi?id=144949
Source/WebCore:

<rdar://problem/20895753>

Reviewed by Darin Adler.

The crash was caused by the variant of applyStyleToSelection that takes EditingStyle passing
a null pointer to shouldApplyStyle when we're only applying text decoration changes so that
m_mutableStyle in the editing style is null. This didn't reproduce in execCommand since we
wouldn't call shouldApplyStyle in that case. It didn't reproduce in my manual testing because
font panel also sets text shadow, which ends up filling up m_mutableStyle.

Fixed the bug by creating a mutable style properties when one is not provided by EditingStyle.
Also fixed the "FIXME" in the function by converting text decoration changes to a corresponding
text decoration value. The values passed to shouldApplyStyle now matches the old behavior prior
to r183770.

Test: editing/style/underline-by-user.html

• editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleWithResolvedTextDecorations): Added.

• editing/EditingStyle.h:
• editing/Editor.cpp:

(WebCore::Editor::applyStyleToSelection): Use styleWithResolvedTextDecorations to avoid the crash.

LayoutTests:

Reviewed by Darin Adler.

Added a test that emulates underlining of text by the user. Unlike document.execCommand,
testRunner.execCommand simulates a user initiated editing command and therefore invokes
shouldApplyStyle.

• editing/style/underline-by-user-expected.txt: Added.
• editing/style/underline-by-user.html: Added.

2:37 PM Changeset in webkit [184307] by bshafiei@apple.com

• 1 copy in tags/Safari-600.5.17.2

New tag.

2:18 PM Changeset in webkit [184306] by eric.carlson@apple.com

• 2 edits in trunk/Source/WebCore

Work around HTMLMediaElement::documentDidResumeFromPageCache being called twice
​https://bugs.webkit.org/show_bug.cgi?id=144969

Reviewed by Alexey Proskuryakov.

• dom/Document.cpp:

(WebCore::Document::addPlaybackTargetPickerClient): Replace ASSERT with early
return to work around ​https://webkit.org/b/144970.

2:05 PM Changeset in webkit [184305] by rniwa@webkit.org

• 3 edits in trunk/Source/JavaScriptCore

I skipped a wrong test in r184270. Fix that.
The failure is tracked by webkit.org/b/144947.

• tests/stress/arith-modulo-node-behaviors.js:
• tests/stress/arith-mul-with-constants.js:

1:51 PM Changeset in webkit [184304] by timothy_horton@apple.com

• 7 edits in trunk/Source/WebCore

Going back after resizing causes scroll knob to appear in the middle of the page
​https://bugs.webkit.org/show_bug.cgi?id=144968
<rdar://problem/18299827>

Reviewed by Beth Dakin.

• history/CachedPage.cpp:

(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

• history/CachedPage.h:

(WebCore::CachedPage::markForContentsSizeChanged):

• history/PageCache.cpp:

(WebCore::PageCache::markPagesForContentsSizeChanged):

• history/PageCache.h:

Add a flag that will cause us to call updateContentsSize() after a page
comes out of the page cache, if necessary.

• page/FrameView.cpp:

(WebCore::FrameView::setContentsSize):

• page/FrameView.h:

Mark all cached pages for this frame as needing updateContentsSize()
when setContentsSize happens. This will ensure that scrollbar layers
are repositioned when coming out of the page cache.

1:42 PM Changeset in webkit [184303] by ap@apple.com

• 2 edits in trunk/Source/WebKit2

[Mac] Sandbox violation reading SubmitDiagInfo.domains
​https://bugs.webkit.org/show_bug.cgi?id=144962
rdar://problem/20719330

Reviewed by Darin Adler.

• WebProcess/com.apple.WebProcess.sb.in:

1:40 PM Changeset in webkit [184302] by bshafiei@apple.com

• 3 edits in branches/safari-600.5.17-branch/Source/JavaScriptCore

Merged r184229. rdar://problem/18736465

1:10 PM Changeset in webkit [184301] by bshafiei@apple.com

• 18 edits in branches/safari-601.1.32-branch

Merged r183976.

1:08 PM Changeset in webkit [184300] by bshafiei@apple.com

• 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183958.

12:59 PM Changeset in webkit [184299] by Beth Dakin

• 2 edits in trunk/Source/WebKit2

Speculative build fix.

• UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:

12:56 PM Changeset in webkit [184298] by Michael Catanzaro

• 2 edits in trunk/Source/WebKit2

[GTK][CMake] Extra include directory when libnotify is present but disabled
​https://bugs.webkit.org/show_bug.cgi?id=144941

Reviewed by Martin Robinson.

Add LIBNOTIFY_INCLUDE_DIRS to WebKit2_INCLUDE_DIRECTORIES only if USE_LIBNOTIFY is true,
rather than checking LIBNOTIFY_FOUND.

• PlatformGTK.cmake:

12:28 PM Changeset in webkit [184297] by Beth Dakin

• 18 edits
  1 add in trunk/Source

Need SPI to set the overlay scroll bar style
​https://bugs.webkit.org/show_bug.cgi?id=144928
-and corresponding-
rdar://problem/20143614

Reviewed by Anders Carlsson.

Source/WebCore:

New ChromeClient function preferredScrollbarOverlayStyle() will fetch the
scrollbar style that was set via the new SPI.

• page/ChromeClient.h:

If the preferredScrollbarOverlayStyle() is anything but None, then use it. None is
used to indicate that the normal heuristic should compute the appropriate color.

• page/FrameView.cpp:

(WebCore::FrameView::recalculateScrollbarOverlayStyle):

• page/FrameView.h:

Source/WebKit2:

Make scrollbarOverlayStyle a part of the creation parameters.

• Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

• Shared/WebPageCreationParameters.h:

New SPI.

• UIProcess/API/Cocoa/WKViewPrivate.h:
• UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h: Added.
• UIProcess/API/mac/WKView.mm:

(-[WKView _setOverlayScrollbarStyle:]):
(-[WKView _overlayScrollbarStyle]):

Store m_scrollbarOverlayStyle on WebPageProxy, and set it to the WebProcess.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setOverlayScrollbarStyle):

• UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::overlayScrollbarStyle):

• WebKit2.xcodeproj/project.pbxproj:

Return WebPage’s scrollbarOverlayStyle().

• WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::preferredScrollbarOverlayStyle):

• WebProcess/WebCoreSupport/WebChromeClient.h:

Cache the scrollbarOverlayStyle() here for the WebProcess.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setScrollbarOverlayStyle):

• WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::scrollbarOverlayStyle):

• WebProcess/WebPage/WebPage.messages.in:

12:26 PM Changeset in webkit [184296] by Brent Fulgham

• 3 edits in trunk/Source/WebCore

Scrollbars in overflow regions are not vanishing after scrolling with scroll snap points
​https://bugs.webkit.org/show_bug.cgi?id=142521
<rdar://problem/20100706>

Reviewed by Darin Adler.

The scrollbars were not being dismissed because they were not being notified that the wheel
gesture was finished. This was happening because the wheel event 'ended' state has zero
deltaX and deltaY. If the region did not allow stretching, it would exit early, never passing
through the 'handleWheelEventPhase' code that would notify the scrollbar controller that
the gesture had ended.

• platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::mouseExitedContentArea): The wrong ScrollAnimator method was being
called when the mouse exited the content area.

• platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::handleWheelEvent): Do not early return when the wheel event has
no change in X or Y coordinate.

12:24 PM Changeset in webkit [184295] by andersca@apple.com

• 5 edits in trunk/Source/WebKit2

Rename some StorageManager functions to indicate that they work on local storage entries
​https://bugs.webkit.org/show_bug.cgi?id=144958
First part of rdar://problem/10690447.

Reviewed by Beth Dakin.

• UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageDetailsByOrigin):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteAllLocalStorageEntries):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrigins): Deleted.
(WebKit::StorageManager::getStorageDetailsByOrigin): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigin): Deleted.
(WebKit::StorageManager::deleteAllEntries): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigins): Deleted.

• UIProcess/Storage/StorageManager.h:
• UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):

• UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

12:20 PM Changeset in webkit [184294] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit2

Crash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening new page
​https://bugs.webkit.org/show_bug.cgi?id=144957

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Simon Fraser.

• UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::attachAvailabilityChanged):

11:56 AM Changeset in webkit [184293] by hyatt@apple.com

• 2 edits in trunk/Source/WebCore

Don't compute selection painting info when we don't have selection.
​https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

• rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

11:51 AM Changeset in webkit [184292] by Joseph Pecoraro

• 2 edits in trunk/Source/JavaScriptCore

Avoid always running some debug code in type profiling
​https://bugs.webkit.org/show_bug.cgi?id=144775

Reviewed by Daniel Bates.

• runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

11:51 AM Changeset in webkit [184291] by Joseph Pecoraro

• 36 edits in trunk/Source

Pass String as reference in more places
​https://bugs.webkit.org/show_bug.cgi?id=144769

Reviewed by Daniel Bates.

Source/JavaScriptCore:

• debugger/Breakpoint.h:

(JSC::Breakpoint::Breakpoint):

• parser/Parser.h:

(JSC::Parser::setErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):

• parser/ParserError.h:

(JSC::ParserError::ParserError):

• runtime/RegExp.cpp:

(JSC::RegExpFunctionalTestCollector::outputOneTest):

• runtime/RegExpObject.cpp:

(JSC::regExpObjectSourceInternal):

• runtime/TypeProfiler.cpp:

(JSC::TypeProfiler::typeInformationForExpressionAtOffset):

• runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

• runtime/TypeProfilerLog.h:
• tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):

• inspector/scripts/codegen/generate_objc_conversion_helpers.py:

(ObjCConversionHelpersGenerator._generate_enum_from_protocol_string):

• inspector/scripts/codegen/objc_generator_templates.py:
• inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
• inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
• inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
• inspector/scripts/tests/expected/enum-values.json-result:
• inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
• inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
• inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
• inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
• inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
• inspector/scripts/tests/expected/type-declaration-array-type.json-result:
• inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
• inspector/scripts/tests/expected/type-declaration-object-type.json-result:
• inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

Rebaseline tests after updating the generator.

Source/WebCore:

• bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::dumpString):
(WebCore::CloneSerializer::dumpStringObject):

• dom/DocumentMarkerController.cpp:

(WebCore::DocumentMarkerController::addMarker):

• dom/DocumentMarkerController.h:
• inspector/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::assertFrameWithDocumentLoader):

• inspector/InspectorApplicationCacheAgent.h:
• inspector/InspectorNodeFinder.cpp:

(WebCore::stripCharacters):
(WebCore::InspectorNodeFinder::InspectorNodeFinder):

• inspector/InspectorNodeFinder.h:

Source/WebKit2:

• WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showMainResourceForFrame):

• WebProcess/WebPage/WebInspectorUI.h:

11:11 AM Changeset in webkit [184290] by timothy_horton@apple.com

• 11 edits in trunk/Source

View scale changes are temporarily lost after restoring a page from the page cache
​https://bugs.webkit.org/show_bug.cgi?id=144934

Reviewed by Brady Eidson.

• history/CachedPage.cpp:

(WebCore::CachedPage::CachedPage):
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

• history/CachedPage.h:

(WebCore::CachedPage::markForDeviceOrPageScaleChanged): Renamed.

• history/PageCache.cpp:

(WebCore::PageCache::markPagesForDeviceOrPageScaleChanged): Renamed.

• history/PageCache.h:

Rename PageCache/CachedPage methods to make it more clear that they
will eventually result in calling deviceOrPageScaleFactorChanged().
Also, use modern initialization for CachedPage members.

• loader/HistoryController.cpp:

(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
(WebCore::HistoryController::restoreScrollPositionAndViewState):
Store the pageScaleFactor on HistoryItem with the view scale factored out,
because the view scale can change while the page is in the page cache, and
WebCore needs a way - without consulting with WebKit2 - to apply the changed
view scale to the cached page scale.

• page/Page.cpp:

(WebCore::Page::setViewScaleFactor):
(WebCore::Page::setDeviceScaleFactor):

• page/Page.h:

(WebCore::Page::viewScaleFactor):
Keep track of the viewScaleFactor, and mark all pages in the page cache
as needing to call deviceOrPageScaleFactorChanged and do a full style recalc
when they come back from the page cache.

For now, we expect all callers of setPageScaleFactor (including WebKit2 and
HistoryController) to multiply the viewScale in manually, to avoid the
significant amount of change in WebCore that would be required to keep them
totally separately.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scalePage):
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
(WebKit::WebPage::viewScaleFactor):
(WebKit::WebPage::scaleView):

• WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewScaleFactor): Deleted.
Get rid of m_viewScaleFactor, instead using Page::viewScaleFactor.

10:58 AM Changeset in webkit [184289] by msaboff@apple.com

• 2 edits in trunk/Source/JavaScriptCore

com.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUnconditionally
​https://bugs.webkit.org/show_bug.cgi?id=144933

Changed the RELEASE_ASSERT_NOT_REACHED into an ASSERT. Added some diagnostic messages to
help determine the cause for any crash.

Reviewed by Geoffrey Garen.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finalizeUnconditionally):

10:39 AM Changeset in webkit [184288] by fpizlo@apple.com

• 7 edits in trunk/Source/JavaScriptCore

REGRESSION(r184260): arguments elimination has stopped working because of Check(UntypedUse:) from SSAConversionPhase
​https://bugs.webkit.org/show_bug.cgi?id=144951

Reviewed by Michael Saboff.

There were two issues here:

• In r184260 we expected a small number of possible use kinds in Check nodes, and UntypedUse was not one of them. That seemed like a sensible assumption because we don't create Check nodes unless it's to have a check. But, SSAConversionPhase was creating a Check that could have UntypedUse. I fixed this. It's cleaner for SSAConversionPhase to follow the same idiom as everyone else and not create tautological checks.

• It's clearly not very robust to assume that Checks will not be used tautologically. So, this changes how we validate Checks in the escape analyses. We now use willHaveCheck, which catches cases that AI would have already marked as unnecessary. It then also uses a new helper called alreadyChecked(), which allows us to just ask if the check is unnecessary for objects. That's a good fall-back in case AI hadn't run yet.

• dfg/DFGArgumentsEliminationPhase.cpp:
• dfg/DFGMayExit.cpp:
• dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

• dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

• dfg/DFGUseKind.h:

(JSC::DFG::alreadyChecked):

• dfg/DFGVarargsForwardingPhase.cpp:

9:48 AM Changeset in webkit [184287] by Yusuke Suzuki

• 8 edits
  2 adds in trunk

[ES6] Implement String.raw
​https://bugs.webkit.org/show_bug.cgi?id=144330

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Implement String.raw. It is intended to be used with tagged-templates syntax.
To implement ToString abstract operation efficiently,
we introduce @toString bytecode intrinsic. It emits op_to_string directly.

• CMakeLists.txt:
• builtins/StringConstructor.js: Added.

(raw):

• bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):

• runtime/CommonIdentifiers.h:
• runtime/StringConstructor.cpp:
• tests/stress/string-raw.js: Added.

(shouldBe):
(.get shouldBe):
(Counter):

LayoutTests:

Add String.raw.

• js/Object-getOwnPropertyNames-expected.txt:
• js/script-tests/Object-getOwnPropertyNames.js:

2:32 AM Changeset in webkit [184286] by bshafiei@apple.com

• 5 edits in branches/safari-601.1.32-branch/Tools

Merged r184018.

2:31 AM Changeset in webkit [184285] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit2

Minor cleanups to PluginProxy.cpp.
​https://bugs.webkit.org/show_bug.cgi?id=144948

Patch by Sungmann Cho <​sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

1. Remove unnecessary #include.
2. Remove unnecessary return statement from PluginProxy::paint().

No new tests, no behavior change.

• WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::paint):

2:23 AM Changeset in webkit [184284] by bshafiei@apple.com

• 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183980. rdar://problem/20769741

2:13 AM Changeset in webkit [184283] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit2

REGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
​https://bugs.webkit.org/show_bug.cgi?id=144906

Patch by Daegyu Lee <​daegyu.lee@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

• UIProcess/CoordinatedGraphics/PageViewportController.cpp:

(WebKit::PageViewportController::updateMinimumScaleToFit): Recover the r176631 condition to
call applyScaleAfterRenderingContents function to apply correct scale.

1:26 AM Changeset in webkit [184282] by bshafiei@apple.com

• 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184028. rdar://problem/20210267

12:21 AM Changeset in webkit [184281] by bshafiei@apple.com

• 2 edits in branches/safari-601.1.32-branch/Tools

Merged r183915.

12:10 AM Changeset in webkit [184280] by bshafiei@apple.com

• 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184241. rdar://problem/20172315

12:09 AM Changeset in webkit [184279] by bshafiei@apple.com

• 8 edits in branches/safari-601.1.32-branch/Source

Merged r184231. rdar://problem/20923031

12:04 AM Changeset in webkit [184278] by bshafiei@apple.com

• 12 edits
  3 copies in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184215. rdar://problem/19708579

12:02 AM Changeset in webkit [184277] by bshafiei@apple.com

• 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184125. rdar://problem/19708579

12:01 AM Changeset in webkit [184276] by bshafiei@apple.com

• 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184061. rdar://problem/20856497