Context Navigation

← Previous Period
Next Period →

Timeline

May 18, 2015:

11:49 PM Changeset in webkit [184552] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

[W32] weakCompareAndSwap assembler code is not used when building with MinGW GCC
https://bugs.webkit.org/show_bug.cgi?id=143754

Unreviewed.

Allow MinGW-GCC to use GCC asm code for weakCompareAndSwap.

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-16

wtf/Atomics.h:

(WTF::x86_mfence):
(WTF::weakCompareAndSwap):

11:43 PM Changeset in webkit [184551] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4

[W32] Buildsystem may use wrong Python interpreter
https://bugs.webkit.org/show_bug.cgi?id=143755

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Use confgured Python interpreter

Configure script has tests for Python (AC_PATH_PROG(PYTHON, python)),
use the interpretor they provide (which is overridable by user by
the way of passing PYTHON=... to configure) instead of the first
thing found in PATH.

Otherwise wrong version of Python might be used. Mingw-python,
for example, which has commandline length limit, which results in
errors like:
/usr/bin/env: python: Argument list too long
GNUmakefile:82317: recipe for target
'DerivedSources/WebInspectorUI/GResourceBundle.xml' failed

Source/WebInspectorUI:

GNUmakefile.am:

Tools:

gtk/GNUmakefile.am:

11:40 PM Changeset in webkit [184550] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

WebCore uses M_PI_2 instead of piOverTwoDouble
https://bugs.webkit.org/show_bug.cgi?id=143758

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler.

Because M_PI_2 is not defined everywhere.
Fixes errors like:

CXX Source/WebCore/platform/graphics/freetype/libPlatformGtk_la-FontPlatformDataFreeType.lo

../webkitgtk-2.4.8/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp: In function 'void WebCore::rotateCairoMatrixForVerticalOrientation(cairo_matrix_t*)':
../webkitgtk-2.4.8/Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp:123:34: error: 'M_PI_2' was not declared in this scope

cairo_matrix_rotate(matrix, -M_PI_2);

GNUmakefile:51663: recipe for target 'Source/WebCore/platform/graphics/freetype/libPlatformGtk_la-FontPlatformDataFreeType.lo' failed

platform/graphics/freetype/FontPlatformDataFreeType.cpp:

(WebCore::rotateCairoMatrixForVerticalOrientation):

11:35 PM Changeset in webkit [184549] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[GTK][W32] FileSystemGtk calls GetModuleHandleExA(), but does not include appropriate header
https://bugs.webkit.org/show_bug.cgi?id=143759

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler.

Add missing includes to FileSystemGtk

Needed for GetModuleHandleExA() & Co.

platform/gtk/FileSystemGtk.cpp:

11:30 PM Changeset in webkit [184548] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[W32] Compile-time assertion failure: RenderBlock_should_stay_small
https://bugs.webkit.org/show_bug.cgi?id=143760

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Move enum LineLayoutPath in RenderBlock

This removes the bitfield interruption, allowing more efficient
packing.
Otherwise compile-time assertion fails:
In file included from ../webkitgtk-2.4.8/Source/WTF/wtf/PossiblyNull.h:29:0,

from ../webkitgtk-2.4.8/Source/WTF/wtf/FastMalloc.h:27,
from ../webkitgtk-2.4.8/Source/WebCore/config.h:74,
from ../webkitgtk-2.4.8/Source/WebCore/rendering/RenderBlock.cpp:24:

../webkitgtk-2.4.8/Source/WTF/wtf/Assertions.h:326:35: error: static assertion failed: RenderBlock_should_stay_small

../webkitgtk-2.4.8/Source/WebCore/rendering/RenderBlock.cpp:88:1: note: in expansion of macro 'COMPILE_ASSERT'
COMPILE_ASSERT(sizeof(RenderBlock) == sizeof(SameSizeAsRenderBlock), RenderBlock_should_stay_small);

11:24 PM Changeset in webkit [184547] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source

[W32] GraphicsContextCairoWin.cpp fails to compile: unallowed function template partial specialization
https://bugs.webkit.org/show_bug.cgi?id=143761

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler.

Fix deleteObject prototypte, fix header case

Apparently, <T> is unneeded here:

Source/WebCore:

In file included from ../webkitgtk-2.4.8/Source/WebCore/platform/graphics/win/GraphicsContextCairoWin.cpp:35:0:
../webkitgtk-2.4.8/Source/WTF/wtf/win/GdiObject.h:114:58: error: function template partial specialization 'deleteObject<T>' is not allowed
template<typename T> inline void deleteObject<T>(T object)

As a bonus, change GdiObject.h -> GDIObject.h (this matters when
cross-compiling or when using case-sensitive filesystems on W32).

Source/WTF:

template<typename T> inline void deleteObject<T>(T object)

As a bonus, change GdiObject.h -> GDIObject.h (this matters when
cross-compiling or when using case-sensitive filesystems on W32).

wtf/win/GDIObject.h:

(WTF::deleteObject):

11:19 PM Changeset in webkit [184546] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/ThirdParty/ANGLE

[ANGLE][W32] Buildsystem is hardcoded for UNIX
https://bugs.webkit.org/show_bug.cgi?id=143762

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Don't hardcode ossource_posix.cpp in the makefile

Compile ossource_posix.cpp or ossource_win.cpp depending on the target.

Otherwise you get an error:
../webkitgtk-2.4.8/Source/ThirdParty/ANGLE/src/compiler/ossource_posix.cpp:13:2: error: #error Trying to build a posix specific file in a non-posix build.

GNUmakefile.am:

11:15 PM Changeset in webkit [184545] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[W32][GTK] Conflict between NO_ERROR from W32API and GraphicsContext3D
https://bugs.webkit.org/show_bug.cgi?id=143768

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Work around name conflicts (NO_ERROR)

In file included from /mingw/include/_mingw.h:12:0,

from ../webkitgtk-2.4.8/Source/WTF/wtf/Compiler.h:93,
from ../webkitgtk-2.4.8/Source/WTF/wtf/Platform.h:32,
from ../webkitgtk-2.4.8/Source/JavaScriptCore/config.h:30,
from ../webkitgtk-2.4.8/Source/WebCore/platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:27:

../webkitgtk-2.4.8/Source/WebCore/platform/graphics/opengl/Extensions3DOpenGLCommon.cpp: In member function 'virtual int WebCore::Extensions3DOpenGLCommon::getGraphicsResetStatusARB()':
../webkitgtk-2.4.8/Source/WebCore/platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:144:31: error: expected unqualified-id before numeric constant

return GraphicsContext3D::NO_ERROR;

because NO_ERROR is also a macro defined in Windows headers. Ouch.
Also expand this to the (PLATFORM(GTK) && OS(WINDOWS)) combination,
in addition to the workaround for VERSION already present there.

11:05 PM Changeset in webkit [184544] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[W32] Fails to build - missing references to OpenGL context functions
https://bugs.webkit.org/show_bug.cgi?id=143769

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Also use GL-related files when compiling with MinGW
CXXLD libwebkitgtk-3.0.la
./.libs/../source/webcore/platform/graphics/.libs/libplatform_la-graphicscontext3dprivate.o: In function `GraphicsContext3DPrivate':
/src/mingw/webkitgtk-2.4.8-1\bld/../webkitgtk-2.4.8/Source/WebCore/platform/graphics/GraphicsContext3DPrivate.cpp:59: undefined reference to `ZN7WebCore9GLContext14sharingContextEv'
/src/mingw/webkitgtk-2.4.8-1\bld/../webkitgtk-2.4.8/Source/WebCore/platform/graphics/GraphicsContext3DPrivate.cpp:59: undefined reference to `ZN7WebCore9GLContext22createOffscreenContextEPS0_'
./.libs/../source/webcore/platform/graphics/.libs/libplatform_la-graphicscontext3dprivate.o: In function `platformContext':
/src/mingw/webkitgtk-2.4.8-1\bld/../webkitgtk-2.4.8/Source/WebCore/platform/graphics/GraphicsContext3DPrivate.cpp:84: undefined reference to `ZN7WebCore9GLContext10getCurrentEv'

Becuase GLContext.cpp is not used, which happens because it's
under TARGET_X11_OR_WAYLAND condition in the GNUmakefile.list.am.
Move TARGET_X11_OR_WAYLAND up a bit to free up GLContext.cpp (now
only protected by USE_OPENGL).

GNUmakefile.list.am:

10:55 PM Changeset in webkit [184543] by Gyuyoung Kim

16 edits in trunk/Source/WebCore

Use Ref instead of PassRefPtr in WebCore/bindings
https://bugs.webkit.org/show_bug.cgi?id=144981

Reviewed by Darin Adler.

As a step to purge PassRefPtr, remove PassRefPtr in WebCore/bindings.

No new tests, no behavior changes.

bindings/gobject/GObjectNodeFilterCondition.h:

(WebCore::GObjectNodeFilterCondition::create):

bindings/gobject/GObjectXPathNSResolver.h:

(WebCore::GObjectXPathNSResolver::create):

bindings/js/JSCustomXPathNSResolver.cpp:

(WebCore::JSCustomXPathNSResolver::create):

bindings/js/JSCustomXPathNSResolver.h:
bindings/js/JSDOMGlobalObjectTask.cpp:
bindings/js/JSErrorHandler.h:

(WebCore::JSErrorHandler::create):

bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::createForNode):
(WebCore::JSLazyEventListener::createForDOMWindow):

bindings/js/JSLazyEventListener.h:
bindings/js/JSMutationCallback.h:

(WebCore::JSMutationCallback::create):

bindings/js/JSNodeFilterCondition.h:

(WebCore::JSNodeFilterCondition::create):

bindings/js/SerializedScriptValue.cpp:

(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::numberValue):
(WebCore::SerializedScriptValue::undefinedValue):
(WebCore::SerializedScriptValue::nullValue):

bindings/js/SerializedScriptValue.h:
bindings/objc/ObjCEventListener.h:
bindings/objc/ObjCEventListener.mm:

(WebCore::ObjCEventListener::wrap):

bindings/objc/ObjCNodeFilterCondition.h:

(WebCore::ObjCNodeFilterCondition::create):

9:46 PM Changeset in webkit [184542] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

Better optimize 'if' with ternaries conditional tests.
https://bugs.webkit.org/show_bug.cgi?id=144136

Reviewed by Benjamin Poulain.

This is the last fix I'll do for this for now. BooleanToNumber(Untyped:) where the input
is proved to be either BoolInt32 or Boolean should be optimized to just masking the
lowest bit.

This is another 37% speed-up on JSRegress/slow-ternaries.

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileBooleanToNumber):

8:39 PM Changeset in webkit [184541] by benjamin@webkit.org

2 edits
1 add in trunk/Source/JavaScriptCore

<rdar://problem/21003555> cloberrize() is wrong for ArithRound because it doesn't account for the arith mode
https://bugs.webkit.org/show_bug.cgi?id=145147

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-18
Reviewed by Filip Pizlo.

Really stupid bug: ArithRound nodes with different rounding modes
were not distinguished and CSE would happily unify with a node of
a different rounding mode.

DFG::clobberize() already support additional data but I was not using it.

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

tests/stress/math-round-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

7:30 PM Changeset in webkit [184540] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

Add SpecBoolInt32 type that means "I'm an int and I'm either 0 or 1"
https://bugs.webkit.org/show_bug.cgi?id=145137

Reviewed by Benjamin Poulain.

It's super useful to know if an integer value could be either zero or one. We have an
immediate need for this because of Int32|Boolean uses, where knowing that the Int32 is
either 0 or 1 means that there is no actual polymorphism if you just look at the low bit
(1 behaves like true, 0 behaves like false, and the low bit of 1|true is 1, and the low
bit of 0|false is 0).

We do this by splitting the SpecInt32 type into SpecBoolInt32 and SpecNonBoolInt32. This
change doesn't have any effect on behavior, yet. But it does give us the ability to
predict and prove when values are SpecBoolInt32; it's just we don't leverage this yet.

This is perf-neutral.

bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromValue):

bytecode/SpeculatedType.h:

(JSC::isStringOrStringObjectSpeculation):
(JSC::isBoolInt32Speculation):
(JSC::isInt32Speculation):
(JSC::isInt32OrBooleanSpeculation):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

7:02 PM Changeset in webkit [184539] by Csaba Osztrogonác

2 edits in trunk/Tools

[EFL] Fix unsequenced warning in MiniBrowser's main.c
https://bugs.webkit.org/show_bug.cgi?id=145123

Reviewed by Gyuyoung Kim.

MiniBrowser/efl/main.c:

(on_key_down):

6:49 PM Changeset in webkit [184538] by mmaxfield@apple.com

3 edits in trunk/LayoutTests

Improve coverage of platform/mac/fast/text/font-weights.html
https://bugs.webkit.org/show_bug.cgi?id=145152

Reviewed by Anders Carlsson.

Add coverage of italics.

platform/mac/fast/text/font-weights-expected.txt:
platform/mac/fast/text/font-weights.html:

6:39 PM Changeset in webkit [184537] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

Fix uninitialized warnings in RealtimeMediaSourceCenterOwr.cpp
https://bugs.webkit.org/show_bug.cgi?id=145119

Reviewed by Gyuyoung Kim.

platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:

(WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):
(WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable):

6:35 PM Changeset in webkit [184536] by Michael Catanzaro

21 edits in trunk

[CMake] Ignore warnings in system headers
https://bugs.webkit.org/show_bug.cgi?id=144747

Reviewed by Darin Adler.

Require CMake 2.8.12 when compiling the GTK+ port. This is because we use the
target_include_directories command (added in 2.8.11) in GTK-specific cmake files, and also
use the SYSTEM argument to the command (added in 2.8.12).

CMakeLists.txt:

Source/JavaScriptCore:

Separate include directories into WebKit project includes and system includes. Suppress all
warnings from headers in system include directories using the SYSTEM argument to
the include_directories command.

CMakeLists.txt:
PlatformGTK.cmake:

Source/WebCore:

CMakeLists.txt:
PlatformEfl.cmake:
PlatformGTK.cmake:
PlatformMac.cmake:

Source/WebKit:

CMakeLists.txt:
PlatformMac.cmake:

Source/WebKit2:

CMakeLists.txt:
PlatformEfl.cmake:
PlatformGTK.cmake:

Source/WTF:

wtf/CMakeLists.txt:
wtf/PlatformEfl.cmake:
wtf/PlatformGTK.cmake:

6:11 PM Changeset in webkit [184535] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

Fix return-type warnings in test_ewk2_color_picker.cpp
https://bugs.webkit.org/show_bug.cgi?id=145122

Reviewed by Gyuyoung Kim.

UIProcess/API/efl/tests/test_ewk2_color_picker.cpp:

(EWK2ColorPickerTest::hideColorPicker):
(EWK2ColorPickerTest::hideColorPickerByRemovingElement):

6:06 PM Changeset in webkit [184534] by matthew_hanson@apple.com

5 edits in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184397. rdar://problem/20979071

6:06 PM Changeset in webkit [184533] by matthew_hanson@apple.com

7 edits in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184367. rdar://problem/20979071

6:00 PM Changeset in webkit [184532] by mmaxfield@apple.com

2 edits in trunk/LayoutTests

platform/mac/fast/text/font-weights.html is flakey
https://bugs.webkit.org/show_bug.cgi?id=145149

Reviewed by Alexey Proskuryakov.

platform/mac/TestExpectations:

5:24 PM Changeset in webkit [184531] by rniwa@webkit.org

2 edits in trunk/Websites/perf.webkit.org

REGRESSION: v2 UI reports a higher memory usage
https://bugs.webkit.org/show_bug.cgi?id=145151

Reviewed by Chris Dumez.

The bug was caused by v2 UI using 1000 to divide the number of bytes instead of by 1024 as done in v1.
Fixed the bug by manually implementing the formatter as done in v1.

public/v2/manifest.js:

(App.Manfiest._formatBytes): Added.
(App.Manifest._formatFetchedData): Use _formatByte instead of format('s').

5:09 PM Changeset in webkit [184530] by matthew_hanson@apple.com

7 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184513. rdar://problem/21006738

5:09 PM Changeset in webkit [184529] by matthew_hanson@apple.com

4 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184439. rdar://problem/20975978

5:09 PM Changeset in webkit [184528] by matthew_hanson@apple.com

3 edits
3 adds in branches/safari-601.1.32-branch

Merge r184510. rdar://problem/21004989

5:09 PM Changeset in webkit [184527] by matthew_hanson@apple.com

12 edits
1 move
3 adds
1 delete in branches/safari-601.1.32-branch/Source/JavaScriptCore

Merge r184445. rdar://problem/20979071

5:08 PM Changeset in webkit [184526] by matthew_hanson@apple.com

5 edits in branches/safari-601.1.32-branch/Source/JavaScriptCore

Merge r184397. rdar://problem/20979071

5:08 PM Changeset in webkit [184525] by matthew_hanson@apple.com

15 edits in branches/safari-601.1.32-branch/Source/JavaScriptCore

Merge r184368. rdar://problem/20979071

5:08 PM Changeset in webkit [184524] by matthew_hanson@apple.com

7 edits in branches/safari-601.1.32-branch/Source/JavaScriptCore

Merge r184367. rdar://problem/20979071

5:05 PM Changeset in webkit [184523] by bshafiei@apple.com

5 edits in tags/Safari-601.1.32.2.2/Source

Versioning.

5:03 PM Changeset in webkit [184522] by bshafiei@apple.com

1 copy in tags/Safari-601.1.32.2.2

New tag.

4:56 PM Changeset in webkit [184521] by dbates@webkit.org

2 edits
1 add in trunk/Tools

prepare-ChangeLog reports function above deleted function as deleted; uninitialized value warning
when staged non-empty file for commit
https://bugs.webkit.org/show_bug.cgi?id=145082

Reviewed by Darin Adler.

Fixes two issues when running prepare-ChangeLog:

The function above a deleted function is reported as changed.
With a Git checkout of WebKit, a Perl uninitialized value warning is emitted when a new non-empty file is staged for commit (e.g. extractLineRangeBeforeAndAfterChange.pl, included in this patch).

Simplify code by using unified diff parsing logic for both SVN and Git support. Currently
prepare-ChangeLog has logic to parse normal diff- and unified diff- chunk range lines as
generated by svn diff and git diff, respectively. The logic for parsing these formats
has correctness issues. We should make use of the VCSUtil::parseChunkRange() to parse
chunk range lines of a unified diff as opposed to having specialized logic in prepare-ChangeLog.
VCSUtil::parseChunkRange() has existing test coverage.

Scripts/prepare-ChangeLog:

(generateFunctionLists): Only add a line range to %line_ranges_before_changed, %line_ranges_after_changed
when the beginning line number, ending line number >= 1. Modified for-loop condition to iterate over
all the files represented by %line_ranges_before_changed and %line_ranges_after_changed so that we
examine files that only have deletions. Currently this works as a side effect of the behavior of
extractLineRangeAfterChange(), which always returns a well-formed (though nonsensical) line range for
a change that represents a deletion (e.g. extractLineRangeAfterChange("@@ -166,6 +165,0 @@") => [165, 165]).
(diffCommand): Generate a unified diff instead of a normal diff when using a SVN checkout of WebKit.
(extractLineRangeAfterChange): Remove logic to parse a normal diff chunk range line and write
the logic to parse a unified diff chunk range line in terms of VCSUtil::parseChunkRange().
We return (-1, -1) when the change represents a deletion.
(extractLineRangeBeforeChange): Remove logic to parse a normal diff chunk range line and write
the logic to parse a unified diff chunk range line in terms of VCSUtil::parseChunkRange().
We return (-1, -1) when the change represents an addition.

Scripts/webkitperl/prepare-ChangeLog_unittest/extractLineRangeBeforeAndAfterChange.pl: Added;

unit tests.

4:52 PM Changeset in webkit [184520] by bshafiei@apple.com

5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

4:16 PM Changeset in webkit [184519] by mmaxfield@apple.com

5 edits in trunk/Source

Addressing post-review comments on r184353
https://bugs.webkit.org/show_bug.cgi?id=145146

Reviewed by Benjamin Poulain.

Source/WebCore:

See per-file comments.

No new tests because there is no behavior change.

platform/graphics/mac/FontCacheMac.mm:

(WebCore::fontWithFamilySpecialCase): Use equalIgnoringASCIICase() AtomicString overload.

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Implement Ben's ideas for
cheaply constructing AtomicStrings only when necessary.

Source/WTF:

Create an overload for equalIgnoringASCIICase() for AtomicString and string literals.

wtf/text/AtomicString.h:

(WTF::equalIgnoringASCIICase):

4:01 PM Changeset in webkit [184518] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184417. rdar://problem/20770052

3:53 PM Changeset in webkit [184517] by commit-queue@webkit.org

12 edits in trunk

[ES6] Arrow function syntax. Feature flag for arrow function
https://bugs.webkit.org/show_bug.cgi?id=145108

Patch by Skachkov Alexandr <gskachkov@gmail.com> on 2015-05-18
Reviewed by Ryosuke Niwa.

Added feature flag ENABLE_ES6_ARROWFUNCTION_SYNTAX for arrow function

Source/JavaScriptCore:

Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Configurations/FeatureDefines.xcconfig:

Source/WTF:

wtf/FeatureDefines.h:

3:39 PM Changeset in webkit [184516] by andersca@apple.com

9 edits in trunk/Source/WebKit2

WKWebsiteDataStore should fully support session storage
https://bugs.webkit.org/show_bug.cgi?id=145145
rdar://problem/10690447

Reviewed by Sam Weinig.

Add a session store data type and handle it when clearing and fetching data.

Shared/WebsiteData/WebsiteDataTypes.h:
UIProcess/API/Cocoa/WKWebsiteDataRecord.h:
UIProcess/API/Cocoa/WKWebsiteDataRecord.mm:

(dataTypesToString):

UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:

(WebKit::toWebsiteDataTypes):
(WebKit::toWKWebsiteDataTypes):

UIProcess/API/Cocoa/WKWebsiteDataStore.mm:

(+[WKWebsiteDataStore allWebsiteDataTypes]):

UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::SessionStorageNamespace::origins):
(WebKit::StorageManager::SessionStorageNamespace::clearStorageAreasMatchingOrigin):
(WebKit::StorageManager::SessionStorageNamespace::clearAllStorageAreas):
(WebKit::StorageManager::getSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):

UIProcess/Storage/StorageManager.h:
UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

3:16 PM Changeset in webkit [184515] by commit-queue@webkit.org

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Improve Reliability of Closing and Reopening Elements Tab
https://bugs.webkit.org/show_bug.cgi?id=145139

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-18
Reviewed by Timothy Hatcher.

UserInterface/Views/DOMTreeElement.js:

(WebInspector.DOMTreeElement.prototype.highlightSearchResults):
(WebInspector.DOMTreeElement.prototype.hideSearchHighlights):
(WebInspector.DOMTreeElement.prototype.emphasizeSearchHighlight.animationEnded):
(WebInspector.DOMTreeElement.prototype.emphasizeSearchHighlight):
(WebInspector.DOMTreeElement.prototype._updateChildren):
(WebInspector.DOMTreeElement.prototype.adjustCollapsedRange):
(WebInspector.DOMTreeElement.prototype._startEditingAsHTML.dispose):
(WebInspector.DOMTreeElement.prototype._startEditingAsHTML):
(WebInspector.DOMTreeElement.prototype.updateTitle):
Stop using the delete operator.

UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline.prototype.setVisible):
Trigger an update when the outline is made visible.

UserInterface/Views/FrameDOMTreeContentView.js:

(WebInspector.FrameDOMTreeContentView.prototype._rootDOMNodeAvailable):
Provide a reasonable default selection if there is no body or document element.
For example in an augmented DOM tree.

3:09 PM Changeset in webkit [184514] by beidson@apple.com

2 edits in trunk/Source/WebKit2

Followup to: Networking process on iOS can be suspended and never exit
https://bugs.webkit.org/show_bug.cgi?id=144971.

Unreviewed. Fixing API tests that revealed the unintentional change in behavior.

Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess): The on WebProcessProxy code path that this

was adopted from had an m_connection null check, and that null check needs to remain.

3:01 PM Changeset in webkit [184513] by Brent Fulgham

7 edits in trunk/Source/WebCore

REGRESSION(142590): Scroll-snap points are improperly snapping to earlier index values
https://bugs.webkit.org/show_bug.cgi?id=145140
<rdar://problem/21006738>

Reviewed by Beth Dakin.

The new "nearestActiveSnapPoint" logic is firing while scroll snap animations are running. We need
to add an "isScrollSnapInProgress" predicate, much like the existing "isRubberBandInProgress" to avoid
certain "fix-up" logic that we don't want running while we are in the process of moving to a new position.

platform/ScrollAnimator.h:

(WebCore::ScrollAnimator::ScrollAnimator::isScrollSnapInProgress): Added.

platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::updateScrollSnapState): If we are in the midst of a scroll snap operation,
do not attempt to reset position to the current active snap point.

platform/cocoa/ScrollController.h:
platform/cocoa/ScrollController.mm:

(WebCore::ScrollController::isScrollSnapInProgress): Added.

platform/mac/ScrollAnimatorMac.h:
platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::isScrollSnapInProgress): Added.

2:28 PM Changeset in webkit [184512] by andersca@apple.com

2 edits in trunk/Tools

Add ATS keys to MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=145141

Reviewed by Sam Weinig.

MiniBrowser/mac/Info.plist:

1:45 PM Changeset in webkit [184511] by benjamin@webkit.org

15 edits in trunk/Source/JavaScriptCore

[JSC] When entering a CheckTierUp without OSREntry, force the CheckTierUp for the outer loops with OSR Entry
https://bugs.webkit.org/show_bug.cgi?id=145092

Reviewed by Filip Pizlo.

When we have a hot loop without OSR Entry inside a slower loop that support OSR Entry,
we get the inside loop driving the tierUpCounter and we have very little chance of
doing a CheckTierUp on the outer loop. In turn, this give almost no opportunity to tier
up in the outer loop and OSR Enter there.

This patches changes CheckTierUp to force its outer loops to do a CheckTierUp themselves.

To do that, CheckTierUp sets a flag "nestedTriggerIsSet" to force the outer loop to
enter their CheckTierUp regardless of the tier-up counter.

bytecode/ExecutionCounter.cpp:

(JSC::ExecutionCounter<countingVariant>::setThreshold):
This is somewhat unrelated. This assertion is incorrect because it relies on
m_counter, which changes on an other thread.

I have hit it a couple of times with this patch because we are a bit more aggressive
on CheckTierUp. What happens is:
1) ExecutionCounter<countingVariant>::checkIfThresholdCrossedAndSet() first checks

hasCrossedThreshold(), and it is false.

2) On the main thread, the hot loops keeps running and the counter becomes large

enough to cross the threshold.

3) ExecutionCounter<countingVariant>::checkIfThresholdCrossedAndSet() runs the next

test, setThreshold(), where the assertion is. Since the counter is now large enough,
the assertion fails.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGJITCode.h:

I used a uint8_t instead of a boolean to make the code generation clearer
in DFGSpeculativeJIT64.

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):
This is a bit annoying: we have the NaturalLoops analysis that provides us
everything we need to know about loops, but the TierUpCheck are conservative
and set on LoopHint.

To make the two work together, we first find all the CheckTierUp that cannot
OSR enter and we keep a list of all the natural loops containing them.

Then we do a second pass over the LoopHints, get their NaturalLoop, and check
if it contains a loop that cannot OSR enter.

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::TierUpCheckInjectionPhase::canOSREnterAtLoopHint):

1:41 PM Changeset in webkit [184510] by fpizlo@apple.com

3 edits
3 adds in trunk

Add a Int-or-Boolean speculation to Branch
https://bugs.webkit.org/show_bug.cgi?id=145134

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

After https://bugs.webkit.org/show_bug.cgi?id=126778 we no longer have a reason not to do the
int-or-boolean optimization that we already do everywhere else.

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

LayoutTests:

Added the reduced asm.js test case from https://bugs.webkit.org/show_bug.cgi?id=144136. We don't yet
run it as fast as we should but this is a big step.

js/regress/script-tests/slow-ternaries.js: Added.

(.f):
(asmMod):

js/regress/slow-ternaries-expected.txt: Added.
js/regress/slow-ternaries.html: Added.

1:15 PM Changeset in webkit [184509] by matthew_hanson@apple.com

9 edits in branches/safari-601.1.32.2-branch/Source

Merge custom patch. rdar://problem/20950052

12:53 PM Changeset in webkit [184508] by commit-queue@webkit.org

6 edits in trunk/Source/WebInspectorUI

Web Inspector: Tab Restoration incorrectly makes ContentViews "shown" in background tabs
https://bugs.webkit.org/show_bug.cgi?id=145080

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-18
Reviewed by Timothy Hatcher.

Many tabs have their own content browser / navigation sidebar. During
state restoration, each tab would immediately try to restore an
appropriate ContentView after the load / navigation. However, in doing
so, we weren't respecting whether or not the Tab the ContentBrowser
was in was hidden or not, so ContentViews in background tags were
still being treated as shown/visible.

This patch changes state restoration to only affect the foreground
tab, and be delayed on all background tabs until that tab is shown.
This reduces the amount of work on load and navigation to just a
single tab instead of all tabs. Most importantly, it avoids having
performing work on ContentBrowsers that are non-visible, so state
restoration only happens for visible ContentBrowsers.

For simplicity, in the case of a delayed tab restoration triggered
by the user switching tabs, we don't try twice (like we occasionally
do on load/reload). We could add back some hueristic here if needed.

UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
(WebInspector.activateExtraDomains):
(WebInspector._mainResourceDidChange):
(WebInspector._restoreCookieForOpenTabs):

UserInterface/Views/NavigationSidebarPanel.js:

UserInterface/Views/TabContentView.js:

(WebInspector.TabContentView.prototype.shown):
(WebInspector.TabContentView.prototype.restoreStateFromCookie):
(WebInspector.TabContentView.prototype.saveStateToCookie):
When asked to restore state, save that logic until the next time the tab is shown.

UserInterface/Views/TextEditor.js:

(WebInspector.TextEditor.prototype.get visible):

UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.editingControllerDidStartEditing):
(WebInspector.SourceCodeTextEditor.prototype._setTypeTokenAnnotatorEnabledState): Deleted.
Although this didn't actually catch the issue, it could potentially
catch other issues in the future. We don't want to enable the annotators
in a non-visible text editor, as it could be a performance issue.

12:35 PM Changeset in webkit [184507] by matthew_hanson@apple.com

5 edits in branches/safari-601.1.32-branch

Merge r183912. rdar://problem/20926150

12:24 PM Changeset in webkit [184506] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

[GTK] URTBF after r184503.

PlatformGTK.cmake:

11:44 AM Changeset in webkit [184505] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4

[W32] Wrong configure tests for OpenGL on Windows, wrong ifdefs
https://bugs.webkit.org/show_bug.cgi?id=143763

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Change OpenGL checks to work on W32, add libopengl32

AGain, use OS(WINDOWS) for things that are W32 but not necessarily MSVC.
Don't try to check for dlopen() on W32 (it might be available, but
native code is already here, so use it).

Correctly cast the result of GetProcAddress(), because C++.

Link W32 version to -lOpenGL32 instead of -lGL, otherwise libtool complains:
* Warning: linker path does not have real file for library -lGL.

Source/autotools/FindDependencies.m4:

Source/WebCore:

platform/graphics/OpenGLShims.cpp:

(WebCore::getProcAddress):

11:24 AM Changeset in webkit [184504] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebKit/gtk

[W32][GTK] GI fails due to W32-incompatible arguments to the scanner
https://bugs.webkit.org/show_bug.cgi?id=143764

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Use correct .la files as --library arguments for GI scanner

This way it plays well with W32 gobject-introspection library resolution
code.
Without that one would get things like:
ERROR: can't resolve libraries to shared libraries: webkitgtk-3.0, javascriptcoregtk-3.0

GNUmakefile.am:

10:53 AM Changeset in webkit [184503] by beidson@apple.com

12 edits
1 add in trunk/Source/WebKit2

Networking process on iOS can be suspended and never exit.
<rdar://problem/20368630> and https://bugs.webkit.org/show_bug.cgi?id=144971

Reviewed by Darin Adler.

There's a few issues here.

1 - When the NetworkProcessProxy goes away, it takes its process assertion with it. This causes

the Network process to suspend indefinitely, unable to ever respond to IPC::Connection callbacks.
We already solved this with WebProcess with a watchdog timer keeping both the process assertion
and xpc_connection alive while the process shuts down. This patch expands that to the network
process, and it will be easy to expand that to database and plugin processes doing forward.

2 - All of our child processes either decide to self-terminate or listen for their connection to

close at which point they terminate. This leads to various races. We should
move to a model where the UI process explicitly tells them to shutdown, and this patch starts us
down that path.

CMakeLists.txt:
DerivedSources.make:
WebKit2.xcodeproj/project.pbxproj:

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::didReceiveMessage): Send ChildProcess messages to ChildProcess.

Shared/ChildProcess.cpp:

(WebKit::ChildProcess::shutDown): For now, just terminate the process. In the future have the

process do cleanup work before it is terminated.

Shared/ChildProcess.h:
Shared/ChildProcess.messages.in: Added.

Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess): Set a watchdog and - if possible - explicitly message

the process to ShutDown.

(WebKit::ChildProcessProxy::abortProcessLaunchIfNeeded): Deleted.

Shared/ChildProcessProxy.h:

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::~WebProcessPool): Explicitly tell the network process to shut down.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::removeWebPage): Move abortProcessLaunchIfNeeded() and the watchdog timer

code to ChildProcessProxy::shutDownProcess.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveMessage): Send ChildProcess messages to ChildProcess::didReceiveMessage.

10:51 AM Changeset in webkit [184502] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4

[W32] Configure may misdetect ICU libraries
https://bugs.webkit.org/show_bug.cgi?id=143767

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Carlos Garcia Campos.

Try to use pkg-config to detect ICU libraries.

MinGW packages tend to have .pc files these days. Use them.

ICU naming and structure is complex enough to warrant this, and
asking pkg-config might result in things like
UNICODE_LIBS="-licui18n54 -licuuc54 -licudata54"
instead of the default
UNICODE_LIBS="-licui18n -licuuc"
and pkg-config usually knows best.

Source/autotools/FindDependencies.m4:

10:46 AM Changeset in webkit [184501] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

[JSC] Speed up URL encode/decode by using bitmaps instead of strchr().
<https://webkit.org/b/145115>

Reviewed by Anders Carlsson.

We were calling strchr() for every character when doing URL encoding/decoding and it stood out
like a sore O(n) thumb in Instruments. Optimize this by using a Bitmap<256> instead.

5.5% progression on Kraken/stanford-crypto-sha256-iterative.

runtime/JSGlobalObjectFunctions.cpp:

(JSC::makeCharacterBitmap):
(JSC::encode):
(JSC::decode):
(JSC::globalFuncDecodeURI):
(JSC::globalFuncDecodeURIComponent):
(JSC::globalFuncEncodeURI):
(JSC::globalFuncEncodeURIComponent):
(JSC::globalFuncEscape):

10:01 AM Changeset in webkit [184500] by matthew_hanson@apple.com

12 edits
1 move
3 adds
1 delete in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184445. rdar://problem/20979071

10:01 AM Changeset in webkit [184499] by matthew_hanson@apple.com

15 edits in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184368. rdar://problem/20979071

10:01 AM Changeset in webkit [184498] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/WebKit2

Merge r184422. rdar://problem/20410944

10:01 AM Changeset in webkit [184497] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/WebKit2

Merge r184399. rdar://problem/20939743

10:01 AM Changeset in webkit [184496] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/WebCore

Merge r184360. rdar://problem/20865442

10:01 AM Changeset in webkit [184495] by matthew_hanson@apple.com

10 edits
1 delete in branches/safari-601.1.32.2-branch

Merge r184353. rdar://problem/20809399

10:00 AM Changeset in webkit [184494] by matthew_hanson@apple.com

9 edits in branches/safari-601.1.32.2-branch

Merge r184341. rdar://problem/20809399

10:00 AM Changeset in webkit [184493] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184289. rdar://problem/18717477

10:00 AM Changeset in webkit [184492] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/WTF

Merge r184245. rdar://problem/19611967

10:00 AM Changeset in webkit [184491] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32.2-branch/Source/JavaScriptCore

Merge r184019. rdar://problem/20764509

9:47 AM Changeset in webkit [184490] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[W32] windowsVersion() and osVersionForUAString() are outdated
https://bugs.webkit.org/show_bug.cgi?id=143771

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler

Update windowsVersion() and osVersionForUAString()

Add support for newer Windows versions to windowsVersion(), handle
all defined cases in osVersionForUAString(), avoiding warnings like
../webkitgtk-2.4.8/Source/WebCore/platform/win/SystemInfo.cpp: In function 'WTF::String WebCore::osVersionForUAString()':
../webkitgtk-2.4.8/Source/WebCore/platform/win/SystemInfo.cpp:94:12: warning: enumeration value 'WindowsCE5' not handled in switch [-Wswitch]
repeated for each unhandled value

platform/win/SystemInfo.cpp:

(WebCore::windowsVersion):
(WebCore::osVersionForUAString):

platform/win/SystemInfo.h:

9:17 AM Changeset in webkit [184489] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source

[GTK] Replace M_SQRT2 with sqrtOfTwoDouble
https://bugs.webkit.org/show_bug.cgi?id=143906

Patch by Milan Crha <mcrha@redhat.com> on 2015-04-17
Reviewed by Carlos Garcia Campos.

Source/WebCore:

rendering/mathml/RenderMathMLMenclose.cpp:

(WebCore::RenderMathMLMenclose::computePreferredLogicalWidths):
(WebCore::RenderMathMLMenclose::updateLogicalHeight):

Source/WTF:

wtf/MathExtras.h:

7:24 AM Changeset in webkit [184488] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebInspectorUI

Merge r184364. rdar://problem/20965745

7:24 AM Changeset in webkit [184487] by matthew_hanson@apple.com

20 edits in branches/safari-601.1.32-branch

Merge r184358. rdar://problem/19790341

7:24 AM Changeset in webkit [184486] by matthew_hanson@apple.com

10 edits
1 delete in branches/safari-601.1.32-branch

Merge r184353. rdar://problem/20809399

7:23 AM Changeset in webkit [184485] by matthew_hanson@apple.com

9 edits in branches/safari-601.1.32-branch

Merge r184341. rdar://problem/20809399

7:23 AM Changeset in webkit [184484] by matthew_hanson@apple.com

5 edits
2 adds in branches/safari-601.1.32-branch

Merge r184308. rdar://problem/20895753

7:23 AM Changeset in webkit [184483] by matthew_hanson@apple.com

7 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184304. rdar://problem/19790341

7:23 AM Changeset in webkit [184482] by matthew_hanson@apple.com

3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184296. rdar://problem/20100706

7:23 AM Changeset in webkit [184481] by matthew_hanson@apple.com

11 edits in branches/safari-601.1.32-branch/Source

Merge r184290. rdar://problem/19790341

7:23 AM Changeset in webkit [184480] by matthew_hanson@apple.com

7 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184204. rdar://problem/20909871

7:22 AM Changeset in webkit [184479] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184052. rdar://problem/20890647

7:22 AM Changeset in webkit [184478] by matthew_hanson@apple.com

10 edits
1 add in branches/safari-601.1.32-branch/Source

Merge r184047. rdar://problem/20890647

7:22 AM Changeset in webkit [184477] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184024. rdar://problem/19790341

7:22 AM Changeset in webkit [184476] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184022. rdar://problem/19790341

7:22 AM Changeset in webkit [184475] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184016. rdar://problem/19790341

7:22 AM Changeset in webkit [184474] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184014. rdar://problem/19790341

7:21 AM Changeset in webkit [184473] by matthew_hanson@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184012. rdar://problem/19790341

7:21 AM Changeset in webkit [184472] by matthew_hanson@apple.com

13 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184011. rdar://problem/19790341

7:21 AM Changeset in webkit [184471] by matthew_hanson@apple.com

5 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r183978. rdar://problem/20635659

6:54 AM Changeset in webkit [184470] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

[GTK] Make preprocessor.pm / make_names.pl work under msys/mingw
https://bugs.webkit.org/show_bug.cgi?id=143908

Patch by Milan Crha <mcrha@redhat.com> on 2015-04-17
Reviewed by Carlos Garcia Campos.

bindings/scripts/preprocessor.pm:

(applyPreprocessor):

dom/make_names.pl:

6:46 AM Changeset in webkit [184469] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

Merge r182848 - Harmonize binary semaphore ifdefs

They should be either OS(WINDOWS) (in which case we'd need
BinarySemaphoreWin.cpp, which is not shipped by WebKitGTK)
or PLATFORM(WIN) (in which case Mutex/ThreadCondition-based
implementation is used).

This fixes errors like:

CXX Source/WTF/wtf/threads/libWTF_la-BinarySemaphore.lo

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In constructor 'WTF::BinarySemaphore::BinarySemaphore()':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:34:7: error: class 'WTF::BinarySemaphore' does not have any field named 'm_isSet'

: m_isSet(false)

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In member function 'void WTF::BinarySemaphore::signal()':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:44:24: error: 'm_mutex' was not declared in this scope

MutexLocker locker(m_mutex);

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:46:5: error: 'm_isSet' was not declared in this scope

m_isSet = true;

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:47:5: error: 'm_condition' was not declared in this scope

m_condition.signal();

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In member function 'bool WTF::BinarySemaphore::wait(double)':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:52:24: error: 'm_mutex' was not declared in this scope

MutexLocker locker(m_mutex);

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:55:13: error: 'm_isSet' was not declared in this scope

while (!m_isSet) {

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:56:21: error: 'm_condition' was not declared in this scope

timedOut = !m_condition.timedWait(m_mutex, absoluteTime);

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:62:5: error: 'm_isSet' was not declared in this scope

m_isSet = false;

GNUmakefile:52762: recipe for target 'Source/WTF/wtf/threads/libWTF_la-BinarySemaphore.lo' failed

[W32] Inconsistent ifdefs in BinarySemaphore.h and BinarySemaphore.cpp
https://bugs.webkit.org/show_bug.cgi?id=143756

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler.

wtf/threads/BinarySemaphore.h:

6:38 AM Changeset in webkit [184468] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

[GTK][Stable] Missing implementation of callToJavaScript/callToNativeFunction with msys/mingw32
https://bugs.webkit.org/show_bug.cgi?id=132856

Patch by Milan Crha <mcrha@redhat.com> on 2015-04-17

jit/JITStubsX86.h:

6:11 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

6:09 AM Changeset in webkit [184467] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebKit2

[GTK] fails to build with --disable-accelerated-compositing
https://bugs.webkit.org/show_bug.cgi?id=137640

Patch by Alexander Tsoy <alexander@tsoy.me> on 2015-05-18
Reviewed by Alberto Garcia.

WebProcess/soup/WebProcessSoup.cpp:

(WebKit::WebProcess::platformSetCacheModel):

5:41 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

5:39 AM Changeset in webkit [184466] by Carlos Garcia Campos

16 edits in releases/WebKitGTK/webkit-2.4/Source

[GTK] Add HighDPI support for non-accelerated compositing contents
https://bugs.webkit.org/show_bug.cgi?id=131562

Patch by Owen Taylor <otaylor@redhat.com> on 2014-05-29
Reviewed by Anders Carlsson.

Source/WebCore:

No new tests. This will be tested once we have the proper dependencies in the WebKit testing
JHBuild.

Adapted by Michael Kuhn for 2.4 branch.

platform/cairo/WidgetBackingStore.h:

(WebCore::WidgetBackingStore::WidgetBackingStore): Accept a device scale argument.

platform/cairo/WidgetBackingStoreCairo.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
platform/cairo/WidgetBackingStoreCairo.h: Accept a device scale argument.
platform/graphics/cairo/CairoUtilities.cpp: Add a new helper to set the device scale if Cairo built against is new enough.
platform/graphics/cairo/CairoUtilities.h:
platform/gtk/GtkVersioning.h: Add the HAVE_GTK_SCALE_FACTOR macro.
platform/gtk/WidgetBackingStoreGtkX11.cpp: Use the device scale argument to make the surface the proper size and set the surface device scale.
platform/gtk/WidgetBackingStoreGtkX11.h: Accept a device scale argument.

Source/WebKit2:

Adapted by Michael Kuhn for 2.4 branch.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(deviceScaleFactorChanged): Added this callback to pass scale changes to the page proxy.
(webkitWebViewBaseCreateWebPage): Attach the callback to the notify signal.

UIProcess/WebPageProxy.cpp:
UIProcess/cairo/BackingStoreCairo.cpp:

(WebKit::WebPageProxy::setCustomDeviceScaleFactor): Do not set a custom device scale factor for cairo when it's not supported.
(WebKit::createBackingStoreForGTK): Pass the scale factor to the WebCore backing store.
(WebKit::BackingStore::incorporateUpdate): Ditto.

5:23 AM Changeset in webkit [184465] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

webkit-gtk 2.3.3 fails to build on OS X - Conflicting type "Fixed"
https://bugs.webkit.org/show_bug.cgi?id=126433

Don't include CoreFoundation.h when building the GTK port.

Patch by Philip Chimento <philip.chimento@gmail.com> on 2015-01-06

Source/JavaScriptCore/API/WebKitAvailability.h: Add

!defined(BUILDING_GTK) to defined(APPLE).

5:07 AM Changeset in webkit [184464] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r183729 - [GTK] API tests crashing on debug builds due to extra unref
https://bugs.webkit.org/show_bug.cgi?id=144508

Reviewed by Mario Sanchez Prada.

The problem is that we were assuming that when a new DOMWindow is
created, the DOM object cache was notified about the previous
DOMWindow being destroyed before objects for the new DOMWindow are
added to the cache. However, that's not always the case and we
only create a DOMWindowObserver for the first DOMWindow. We need
to keep a pointer to the DOMWindow being observed to clear() the
cache and create a new DOMWindowObserver when it changes in the
Frame.

Fixes crashes in several unit tests in debug builds.

bindings/gobject/DOMObjectCache.cpp:

5:05 AM Changeset in webkit [184463] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r181787 - [GTK] Crash due to empty drag image during drag-and-drop
https://bugs.webkit.org/show_bug.cgi?id=142671

Reviewed by Philippe Normand.

Return early from ImageBuffer constructor if an empty size is
given. This is a speculative fix for a crash while starting a drag
and drop operation, that I haven't been able to reproduce.

platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::ImageBuffer):

5:02 AM Changeset in webkit [184462] by Carlos Garcia Campos

4 edits
1 add in releases/WebKitGTK/webkit-2.4/Source

Merge r181305 - 8-bit version of weakCompareAndSwap() can cause an infinite loop.
https://webkit.org/b/142513>

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Added a test that exercises the 8-bit CAS from multiple threads. The threads
will contend to set bits in a large array of bytes using the CAS function.

API/tests/CompareAndSwapTest.cpp: Added.

(Bitmap::Bitmap):
(Bitmap::numBits):
(Bitmap::clearAll):
(Bitmap::concurrentTestAndSet):
(setBitThreadFunc):
(testCompareAndSwap):

API/tests/testapi.c:

(main):

JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:

Source/WTF:

Presently, Bitmap::concurrentTestAndSet() uses the 8-bit version of
weakCompareAndSwap() (which compares and swaps an uint8_t value).
Bitmap::concurrentTestAndSet() has a loop that checks if a bit in the
byte of interest has been set. If not, it will call the 8-bit CAS
function to set the bit.

Under the covers, for ARM, the 8-bit CAS function actually works with a
32-bit CAS. The 8-bit CAS will first fetch the 32-bit value in memory
that should contain the 8-bit value, and check if it contains the
expected byte. If the value in memory doesn't have the expected byte,
it will return early to its caller. The expectation is that the caller
will reload the byte from memory and call the 8-bit CAS again.

Unfortunately, this code path that returns early does not have a
compiler fence. Without a compiler fence, the C++ compiler can
optimize away the reloading of the expected byte value, leaving it
unchanged. As a result, we'll have a infinite loop here that checks a
value that will never change, and the loop will not terminate until the
value changes.

The fix is to eliminate the early return check in the 8-bit CAS, and
have it always call down to the 32-bit CAS. The 32-bit CAS has a
compiler fence which will prevent this issue.

wtf/Atomics.h:

(WTF::weakCompareAndSwap):

4:29 AM Changeset in webkit [184461] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r181074 - [SOUP] Check TLS errors as soon as they are set in the SoupMessage
https://bugs.webkit.org/show_bug.cgi?id=142244

Reviewed by Sergio Villar Senin.

Source/WebCore:

Connect to the notify::tls-errors signal of SoupMessage to cancel
the load earlier in case of TLS failure, preventing any private
data from being sent to the server before the TLS errors are checked.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::tlsErrorsChangedCallback):
(WebCore::gotHeadersCallback):
(WebCore::createSoupMessageForHandleAndRequest):

4:27 AM Changeset in webkit [184460] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.4

Merge r180927 - [SOUP] Synchronous XMLHttpRequests can time out when we reach the max connections limit
https://bugs.webkit.org/show_bug.cgi?id=141508

Reviewed by Sergio Villar Senin.

Source/WebCore:

Use SOUP_MESSAGE_IGNORE_CONNECTION_LIMITS flag when loading a
synchronous message instead of increasing the maximum number of
connections allowed if the soup version is recent enough.
The current solution of increasing/decreasing the limits doesn't
always work, because connections are not marked as IDLE in libsoup
until the message is unqueued, but we don't wait for the message
to be unqueued to finish our loads in WebKit, we finish them as
soon as we have finished reading the stream. This causes that
synchronous loads keep blocked in the nested main loop until the
timeout of 10 seconds is fired and the load fails.
Also marked WebCoreSynchronousLoader class as final, the virtual
methods as override and removed the unsused method isSynchronousClient.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::createSoupMessageForHandleAndRequest):
(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader):
(WebCore::WebCoreSynchronousLoader::isSynchronousClient): Deleted.
(WebCore::WebCoreSynchronousLoader::didReceiveResponse):
(WebCore::WebCoreSynchronousLoader::didReceiveData):
(WebCore::WebCoreSynchronousLoader::didReceiveBuffer):
(WebCore::WebCoreSynchronousLoader::didFinishLoading):
(WebCore::WebCoreSynchronousLoader::didFail):
(WebCore::WebCoreSynchronousLoader::didReceiveAuthenticationChallenge):
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage):

4:24 AM Changeset in webkit [184459] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r181744 - [GTK] Scrollbars look bad with GTK+ 3.16
https://bugs.webkit.org/show_bug.cgi?id=140800

Reviewed by Sergio Villar Senin.

Take margin into account when rendering scrollbars. This fixes the
huge scrollbars rendered with GTK+ 3.16. We don't need to check
the GTK+ version because in previous versions the marging were 0,
so the same code just works.

platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::adjustRectAccordingToMargin):
(WebCore::ScrollbarThemeGtk::paintTrackBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):

4:10 AM Changeset in webkit [184458] by Carlos Garcia Campos

6 edits
4 adds
2 deletes in releases/WebKitGTK/webkit-2.4

Merge r176930 - [Soup][Curl] HTTP header values should be treated as latin1, not UTF-8
https://bugs.webkit.org/show_bug.cgi?id=128739

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-12-07
Reviewed by Martin Robinson.
Source/WebCore:

Removed UTF-8 conversion of HTTP header values (SOUP and CURL).
Removed unnecessary UTF-8 conversion of HTTP header names (SOUP).
Changed conversion of HTTP method from UTF-8 to ASCII (SOUP and CURL).
Added explicit UTF-8 conversion of Content-Disposition header to compute download suggested filename.

Test: http/tests/xmlhttprequest/response-special-characters.html

platform/network/curl/CurlDownload.cpp:

(WebCore::CurlDownload::headerCallback): Removed header conversion.

platform/network/curl/ResourceHandleManager.cpp:

(WebCore::headerCallback): Ditto.
(WebCore::ResourceHandleManager::initializeHandle): Changed HTTP method conversion to ASCI.

platform/network/soup/ResourceRequestSoup.cpp:

(WebCore::ResourceRequest::updateFromSoupMessageHeaders): Removed header conversion.
(WebCore::ResourceRequest::updateSoupMessage): Changed HTTP method conversion to ASCII.
(WebCore::ResourceRequest::toSoupMessage): Ditto.
(WebCore::ResourceRequest::updateFromSoupMessage):

platform/network/soup/ResourceResponseSoup.cpp:

(WebCore::ResourceResponse::updateFromSoupMessageHeaders): Rmoved header conversion.
(WebCore::ResourceResponse::platformSuggestedFilename): Added explicit conversion of contentDisposition to UTF-8.

LayoutTests:

Tests that non ascii header & reason phrase values are correctly retrieved by the web application.
headers.php script sends a response that includes non ascii header value.
not-ascii-status.php sends a response that includes non ascii reason phrase.
Removed specific gtk/efl expectations as now aligned with regular expectation.

http/tests/xmlhttprequest/resources/headers.php: Added.
http/tests/xmlhttprequest/resources/not-ascii-status.php: Added.
http/tests/xmlhttprequest/response-special-characters-expected.txt: Added.
http/tests/xmlhttprequest/response-special-characters.html: Added.
platform/efl/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.
platform/gtk/http/tests/security/contentSecurityPolicy/source-list-parsing-nonascii-expected.txt: Removed.

4:06 AM Changeset in webkit [184457] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source

Merge r176803 - Serialization of MapData object provides unsafe access to internal types
https://bugs.webkit.org/show_bug.cgi?id=138653

Patch by Oliver Hunt <oliver@apple.com> on 2014-12-04
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Converting these ASSERTs into RELEASE_ASSERTs, as it is now obvious
that despite trying hard to be safe in all cases it's simply to easy
to use an iterator in an unsafe state.

runtime/MapData.h:

(JSC::MapData::const_iterator::key):
(JSC::MapData::const_iterator::value):

Source/WebCore:

We now keep the value portion of the key/value pair in MapData as a
separate stack. This allows us to maintain the spec semantic of
"atomic" serialisation of the key/value pair without retaining the
use of a potentially invalid iterator.

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::serialize):

3:35 AM Changeset in webkit [184456] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r175363 - ASSERTION NOT REACHED because RenderStyle::setWordSpacing() does not handle a Length value of type 'Calculated'.
https://bugs.webkit.org/show_bug.cgi?id=138054.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2014-10-29
Reviewed by Zalan Bujtas.

Source/WebCore:

A Length of type 'Calculated' can be generated from blending two lengths of
different types. Setting the wordSpacing of the render style should be handled
correctly when the type of the new value is 'Calculated'.

Tests: css3/calculated-word-spacing.html.

Add a case for setting the render style wordSpacing to a <length> of type 'Calculated'.

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::setWordSpacing):

LayoutTests:

Ensure the render style's wordSpacing can be set correctly when the type of
the new value is 'Calculated'. The 'Calculated' Length value can result from
blending two Length values of different types. And these two Length values
are defined in two consecutive css animation key frames.

css3/calculated-word-spacing-expected.txt: Added.
css3/calculated-word-spacing.html: Added.

3:32 AM Changeset in webkit [184455] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r175197 - Clamp wordSpacing percentage value.
https://bugs.webkit.org/show_bug.cgi?id=129350.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2014-10-24
Reviewed by Zalan Bujtas.

Source/WebCore:

When the CSS wordSpacing property is percentage, its value has to be within the
pre-defined min/max values for the CSS length type. This is done the same way
the wordSpacing of type <length> is handled.

Tests: css3/infinite-word-spacing.html.

Move the definitions of minValueForCssLength and maxValueForCssLength from the
.cpp file to the .h file.

css/CSSPrimitiveValue.cpp:
css/CSSPrimitiveValue.h:

Clamp the wordSpacing value to minValueForCssLength and maxValueForCssLength when
its type is percentage.

css/DeprecatedStyleBuilder.cpp:

(WebCore::ApplyPropertyWordSpacing::applyValue):

LayoutTests:

Make sure that setting the CSS style wordSpacing property to very huge percentage
value and blending this value with other values for animating key frames does
not assert or crash. The expectation is to have this huge value to be clamped to
the pre-defined min/max values for the CSS length type. So when blending the clamped
value with other wordSpacing values, the result can't be NaN. This should be very
similar to the case when it is set to a huge <length> value.

css3/infinite-word-spacing-expected.txt: Added.
css3/infinite-word-spacing.html: Added.

3:23 AM Changeset in webkit [184454] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r175177 - Replace INT_MIN/MAX / kFixedPointDenominator with intMin/MaxForLayoutUnit.
https://bugs.webkit.org/show_bug.cgi?id=138047

Reviewed by Andreas Kling.

No change in functionality.

css/CSSPrimitiveValue.cpp:

3:19 AM Changeset in webkit [184453] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r175345 - Remove invalid float from RootInlineBox.
https://bugs.webkit.org/show_bug.cgi?id=137707

Reviewed by Antti Koivisto.

In certain cases, floating boxes get attached to the last (root) inline box.
When this particular floating box gets destroyed, it also needs to be detached
from the last inline box.
Source/WebCore:

Introduce RootInlineBox::removeFloat() (vs. RootInlineBox::appendFloat())
Ensure that it is called when the floating box is being destroyed.

Test: fast/inline/crash-when-inline-box-has-invalid-float.html

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::removeFloatingObject):
(WebCore::RenderBlockFlow::markAllDescendantsWithFloatsForLayout): During style recalc, while
tearing down the render tree, we can get to a state where a block element has both inline and block children.
It happens when the style change on an element makes sibling anonymous block wrappers detached.
In that case the markAllDescendantsWithFloatsForLayout() call does not get propagated down on the
block child elements as we return early at the childrenInline() check.

rendering/RootInlineBox.h:

(WebCore::RootInlineBox::removeFloat):

LayoutTests:

fast/inline/crash-when-inline-box-has-invalid-float-expected.txt: Added.
fast/inline/crash-when-inline-box-has-invalid-float.html: Added.

3:14 AM Changeset in webkit [184452] by Carlos Garcia Campos

3 edits
6 adds in releases/WebKitGTK/webkit-2.4

Merge r175243 - Crash when attempting to perform array iteration on a non-array with numeric keys not initialized.
<https://webkit.org/b/137814>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The arrayIteratorNextThunkGenerator() thunk was not checking for the case where
the butterfly may be NULL. This was the source of the crash, and is now fixed.

In addition, it is also not checking for the case where a property named "length"
may have been set on the iterated object. The thunk only checks the butterfly's
publicLength for its iteration operation. Array objects will work fine with this
because it always updates its butterfly's publicLength when its length changes.
In the case of iterable non-Array objects, the "length" property will require a
look up outside of the scope of this thunk. The fix is simply to limit the fast
case checks in this thunk to Array objects.

jit/ThunkGenerators.cpp:

(JSC::arrayIteratorNextThunkGenerator):

LayoutTests:

js/array-length-shortening-expected.txt: Added.
js/array-length-shortening.html: Added.
js/for-of-crash-expected.txt: Added.
js/for-of-crash.html: Added.
js/script-tests/array-length-shortening.js: Added.

(testLengthShortening):
(denseInt32Elements):
(denseDoubleElements):
(denseObjectElements):
(holeyInt32Elements):
(holeyDoubleElements):
(holeyObjectElements):
(arrayStorageInt32Elements):
(arrayStorageDoubleElements):
(arrayStorageObjectElements):
(sparseInt32Elements):
(sparseDoubleElements):
(sparseObjectElements):

js/script-tests/for-of-crash.js: Added.

(foo):

3:04 AM Changeset in webkit [184451] by Carlos Garcia Campos

13 edits in releases/WebKitGTK/webkit-2.4

Merge r175078 - String(new Date(Mar 30 2014 01:00:00)) is wrong in CET
https://bugs.webkit.org/show_bug.cgi?id=130967

Patch by Byungseon Shin <sun.shin@lge.com> on 2014-10-22
Reviewed by Mark Lam.

Source/JavaScriptCore:

By definition of calculateLocalTimeOffset, input time should be UTC time.
But there are many cases when input time is based on local time.
So, it gives erroneous results while calculating offset of DST boundary time.
By adding a argument to distinguish UTC and local time, we can get the correct offset.

JavaScriptCore.order:
runtime/DateConstructor.cpp:

(JSC::constructDate):
(JSC::callDate):
(JSC::dateUTC):

runtime/DateInstance.cpp:

(JSC::DateInstance::calculateGregorianDateTime):
(JSC::DateInstance::calculateGregorianDateTimeUTC):

runtime/DatePrototype.cpp:

(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):
(JSC::dateProtoFuncSetMilliSeconds):
(JSC::dateProtoFuncSetUTCMilliseconds):
(JSC::dateProtoFuncSetSeconds):
(JSC::dateProtoFuncSetUTCSeconds):
(JSC::dateProtoFuncSetMinutes):
(JSC::dateProtoFuncSetUTCMinutes):
(JSC::dateProtoFuncSetHours):
(JSC::dateProtoFuncSetUTCHours):
(JSC::dateProtoFuncSetDate):
(JSC::dateProtoFuncSetUTCDate):
(JSC::dateProtoFuncSetMonth):
(JSC::dateProtoFuncSetUTCMonth):
(JSC::dateProtoFuncSetFullYear):
(JSC::dateProtoFuncSetUTCFullYear):
(JSC::dateProtoFuncSetYear):

runtime/JSDateMath.cpp:

(JSC::localTimeOffset):
(JSC::gregorianDateTimeToMS):
(JSC::msToGregorianDateTime):
(JSC::parseDateFromNullTerminatedCharacters):

runtime/JSDateMath.h:
runtime/VM.h:

(JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
(JSC::LocalTimeOffsetCache::reset):
Passing TimeType argument to distingush UTC time and local time.

Source/WTF:

wtf/DateMath.cpp:

(WTF::calculateLocalTimeOffset):
(WTF::parseDateFromNullTerminatedCharacters):
Compensate time offset depends on UTC time or local time.

wtf/DateMath.h:

Add argument to differenciate UTC or local time.

LayoutTests:

Set latest DST timezone boundary values on
<http://www.timeanddate.com/time/zone/usa/los-angeles>

js/dom/script-tests/date-DST-time-cusps.js:

2:40 AM Changeset in webkit [184450] by Carlos Garcia Campos

3 edits
9 adds in releases/WebKitGTK/webkit-2.4

Merge r175074 - SVG loaded through html <img> can't request to load any external resources.
https://bugs.webkit.org/show_bug.cgi?id=137762.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2014-10-22
Reviewed by Daniel Bates.

Source/WebCore:

SVG images have unique security rules that prevent them from loading any external
resources. This patch enforces these rules in CachedResourceLoader::canRequest for
all non-data-uri resources.

The fix and the tests are ported but modified a little from the chromium fix:
http://src.chromium.org/viewvc/blink?view=rev&rev=176084

Test: http/tests/security/svg-image-with-cached-remote-image.html

http/tests/security/svg-image-with-css-cross-domain.html

For the SVG image, prevent loading any external sub-resource except for data urls.

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::canRequest):

LayoutTests:

Ensure that SVG images, which are loaded through the <img> tag or through the
CSS background image, cannot load any external sub-resource except for data-
URL resources (though this doesn't work at the time of writing, see bug #137941).
Also ensure the same rule is enforced on cached resources.

The tests are ported but modified a little from the chromium fix:
http://src.chromium.org/viewvc/blink?view=rev&rev=176084

Set the circle background to orange

http/tests/security/resources/image-with-css-cross-domain-circle.css: Added.

(circle):

Set the circle stroke-width = 2 and the circle stroke = red

http/tests/security/resources/image-with-css-cross-domain-circle2.css: Added.

(circle):

This svg references the two css files: one is relative path and the other is absolute path

http/tests/security/resources/image-with-css-cross-domain.svg: Added.

This svg references an external image.

http/tests/security/resources/image-with-remote-image.svg: Added.

A helper css which sets the formatting style for some html tags

http/tests/security/svg-image-with-css-cross-domain.css: Added.

(span):
(span.circle-css-cross-domain):
(embed):
(iframe):

Test the svg which is referenced as a cached image by an <object> tag, does not load
external sub-resource.

http/tests/security/svg-image-with-cached-remote-image-expected.html: Added.
http/tests/security/svg-image-with-cached-remote-image.html: Added.

Test loading sub-resources for an svg which is included in the html by different ways
and which references external css files.
Ensure the image object does not load any external sub-resources.

http/tests/security/svg-image-with-css-cross-domain-expected.html: Added.
http/tests/security/svg-image-with-css-cross-domain.html: Added.

May 17, 2015:

11:31 PM Changeset in webkit [184449] by Carlos Garcia Campos

8 edits
1 copy in trunk/Source/WebKit2

Network Cache: Make Data::adoptMap take the ownership of the file descriptor
https://bugs.webkit.org/show_bug.cgi?id=144950

Reviewed by Antti Koivisto.

It will be required to implement ShareableResource for soup
network backend. Also move the common code of Data to a common
file and add mapToFile(). The mapFile version that receives a file
descriptor has been renamed to adoptAndMapFile().

CMakeLists.txt: Add new file to compilation.
NetworkProcess/cache/NetworkCacheBlobStorage.cpp:

(WebKit::NetworkCache::BlobStorage::add): Use mapToFile().

NetworkProcess/cache/NetworkCacheData.cpp: Added.

(WebKit::NetworkCache::Data::mapToFile): Write the data to the
given file and map it.
(WebKit::NetworkCache::mapFile):
(WebKit::NetworkCache::adoptAndMapFile):
(WebKit::NetworkCache::computeSHA1):
(WebKit::NetworkCache::bytesEqual):

NetworkProcess/cache/NetworkCacheData.h:
NetworkProcess/cache/NetworkCacheDataCocoa.mm:

(WebKit::NetworkCache::Data::adoptMap): Close the file descriptor.

NetworkProcess/cache/NetworkCacheDataSoup.cpp:

(WebKit::NetworkCache::Data::Data): Use a constructor that
receives a file descriptor instead of the one receiving
Backing. If the file descriptor is not -1 then the Data is a map.
(WebKit::NetworkCache::MapWrapper::~MapWrapper): Also close the
file descriptor.
(WebKit::NetworkCache::Data::adoptMap): Pass the file descriptor
to the MapWrapper and create the Data passing the file descriptor.

UIProcess/API/APIUserContentExtensionStore.cpp:

(API::openAndMapContentExtension): Use mapFile that receives a
file path.
(API::compiledToFile): Use adoptAndMapFile() and don't close the
descriptor.

11:26 PM Changeset in webkit [184448] by benjamin@webkit.org

6 edits in trunk/Source

Do not use fastMallocGoodSize anywhere
https://bugs.webkit.org/show_bug.cgi?id=145103

Reviewed by Michael Saboff.

Source/JavaScriptCore:

assembler/AssemblerBuffer.h:

(JSC::AssemblerData::AssemblerData):
(JSC::AssemblerData::grow):

Source/WTF:

It is silly we see fastMallocGoodSize in profiles, it does absolutely nothing.

This patch keeps fastMallocGoodSize() around for older code linking
with newer WebKit, but remove any use of it inside WebKit.

wtf/FastMalloc.cpp:

(WTF::fastMallocGoodSize):

wtf/FastMalloc.h:
wtf/Vector.h:

(WTF::VectorBufferBase::allocateBuffer):
(WTF::VectorBufferBase::tryAllocateBuffer):
(WTF::VectorBufferBase::reallocateBuffer):

11:23 PM Changeset in webkit [184447] by benjamin@webkit.org

4 edits
3 adds in trunk

[JSC] Make StringRecursionChecker faster in the simple cases without any recursion
https://bugs.webkit.org/show_bug.cgi?id=145102

Reviewed by Darin Adler.

Source/JavaScriptCore:

In general, the array targeted by Array.toString() or Array.join() are pretty
simple. In those simple cases, we spend as much time in StringRecursionChecker
as we do on the actual operation.

The reason for this is the HashSet stringRecursionCheckVisitedObjects used
to detect recursion. We are constantly adding and removing objects which
dirty buckets and force constant rehash.

This patch adds a simple shortcut for those simple case: in addition to the HashSet,
we keep a pointer to the root object of the recursion.
In the vast majority of cases, we no longer touch the HashSet at all.

This patch is a 12% progression on the overall score of ArrayWeighted.

runtime/StringRecursionChecker.h:

(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::~StringRecursionChecker):

runtime/VM.h:

LayoutTests:

Improve the coverage a tiny bit.

js/array-string-recursion-expected.txt: Added.
js/array-string-recursion.html: Added.
js/script-tests/array-string-recursion.js: Added.

11:16 PM Changeset in webkit [184446] by Manuel Rego Casasnovas

3 edits
2 adds in trunk

[CSS Grid Layout] Add scrollbar width in intrinsic logical widths computation
https://bugs.webkit.org/show_bug.cgi?id=145021

Source/WebCore:

Like for flexboxes we've to take into account the scrollbar logical
width while computing the intrinsic min and max logical widths.

Reviewed by Sergio Villar Senin.

Test: fast/css-grid-layout/compute-intrinsic-widths-scrollbar.html

rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeIntrinsicLogicalWidths): Add scrollbar
logical width.

LayoutTests:

Reviewed by Sergio Villar Senin.

fast/css-grid-layout/compute-intrinsic-widths-scrollbar-expected.txt: Added.
fast/css-grid-layout/compute-intrinsic-widths-scrollbar.html: Added.

8:39 PM Changeset in webkit [184445] by fpizlo@apple.com

12 edits
4 adds
2 deletes in trunk/Source/JavaScriptCore

Insert store barriers late so that IR transformations don't have to worry about them
https://bugs.webkit.org/show_bug.cgi?id=145015

Reviewed by Geoffrey Garen.

We have had three kinds of bugs with store barriers. For the sake of discussion we say
that a store barrier is needed when we have something like:

base.field = value

We sometimes fail to realize that we could remove a barrier when value is a non-cell. This might happen if we prove value to be a non-cell even though in the FixupPhase it wasn't predicted non-cell.

We sometimes have a barrier in the wrong place after object allocation sinking. We might sink an allocation to just above the store, but that puts it just after the StoreBarrier that FixupPhase inserted.

We don't remove redundant barriers across basic blocks.

This comprehensively fixes these issues by doing store barrier insertion late, and
removing the store barrier elision phase. Store barrier insertion uses an epoch-based
algorithm to determine when stores need barriers. Briefly, a barrier is not needed if
base is in the current GC epoch (i.e. was the last object that we allocated or had a
barrier since last GC) or if base has a newer GC epoch than value (i.e. value would have
always been allocated before base). We do conservative things when merging epoch state
between basic blocks, and we only do such inter-block removal in the FTL. FTL also
queries AI to determine what type we've proved about value, and avoids barriers when
value is not a cell. FixupPhase still inserts type checks on some stores, to maximize
the likelihood that this AI-based removal is effective.

Rolling back in after fixing some debug build test failures.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGBlockMap.h:

(JSC::DFG::BlockMap::at):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):

dfg/DFGEpoch.h:

(JSC::DFG::Epoch::operator<):
(JSC::DFG::Epoch::operator>):
(JSC::DFG::Epoch::operator<=):
(JSC::DFG::Epoch::operator>=):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::speculateForBarrier):
(JSC::DFG::FixupPhase::insertStoreBarrier): Deleted.

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

dfg/DFGStoreBarrierElisionPhase.cpp: Removed.
dfg/DFGStoreBarrierElisionPhase.h: Removed.
dfg/DFGStoreBarrierInsertionPhase.cpp: Added.

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

dfg/DFGStoreBarrierInsertionPhase.h: Added.
ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR): Fix an unrelated debug-only bug.

tests/stress/load-varargs-then-inlined-call-and-exit.js: Test for that debug-only bug.
tests/stress/load-varargs-then-inlined-call-and-exit-strict.js: Strict version of that test.

11:44 AM Changeset in webkit [184444] by youenn.fablet@crf.canon.fr

10 edits in trunk/Source/WebCore

[Streams API] Delegate ReadableStreamReader reference counting to ReadableStream
https://bugs.webkit.org/show_bug.cgi?id=144907

Reviewed by Darin Adler.

Changed the link between readadable stream and reader.
Controller ref()/deref() now increments/decrements its stream ref counter, similarly to ReadableStreamController.
This ensures that even if JS scripts do not keep track of the readable stream,
the readable stream will not be disposed as long as the JS script has access to its reader.

All readers of a given stream are kept by the stream, either in an array (for released readers)
or and in ReadableStream::m_reader for the active reader.
This removes the need for the code synchronizing stream and reader.

As a reader can now already count on its stream, the reader no longer needs to store the error in errored state.
Removal of ReadableJSStream::Reader as closed promise rejection error is directly retrieved from the ReadableStream.
Moved the creation of reader directly in ReadableStream.

Next step should be to remove ReadableStreamReader::m_state and to delegate the handling of ReadableStreamReader closed promise callbacks to ReadableStream.

No change in behavior.

Modules/streams/ReadableStream.cpp:

(WebCore::ReadableStream::changeStateToClosed):
(WebCore::ReadableStream::changeStateToErrored):
(WebCore::ReadableStream::getReader):

Modules/streams/ReadableStream.h:

(WebCore::ReadableStream::reader):

Modules/streams/ReadableStreamReader.cpp:

(WebCore::ReadableStreamReader::clean):
(WebCore::ReadableStreamReader::ref):
(WebCore::ReadableStreamReader::deref):
(WebCore::ReadableStreamReader::closed):
(WebCore::ReadableStreamReader::changeStateToClosed):
(WebCore::ReadableStreamReader::changeStateToErrored):

Modules/streams/ReadableStreamReader.h:

(WebCore::ReadableStreamReader::ReadableStreamReader):

Modules/streams/ReadableStreamReader.idl:
bindings/js/JSReadableStreamCustom.cpp:

(WebCore::JSReadableStream::getReader):

bindings/js/JSReadableStreamReaderCustom.cpp:

(WebCore::JSReadableStreamReader::closed):
(WebCore::constructJSReadableStreamReader):

bindings/js/ReadableJSStream.cpp:

(WebCore::ReadableJSStream::storeError):
(WebCore::ReadableJSStream::ReadableJSStream): Deleted.

bindings/js/ReadableJSStream.h:

10:39 AM Changeset in webkit [184443] by ap@apple.com

2 edits in trunk/Source/WebCore

Crash when uploading huge files to YouTube or Google Drive
https://bugs.webkit.org/show_bug.cgi?id=145083
rdar://problem/15468529

Reviewed by Darin Adler.

This fixes the crash, but uploading will fail.

fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::start): Tell SubresourceLoader to not store a copy of
all received data, FileReaderLoader has its own buffer.
(WebCore::FileReaderLoader::didReceiveResponse): Fixed a bounds check - not every
64-bit value that doesn't fit into 32 bits is negative. With this, FileReader fails
on huge files right away, as intended.
(WebCore::FileReaderLoader::didReceiveData): Fixed multiple bugs in code that's
executed when size is not available upfront. This is the code that used to crash,
but with the above fix, it's not executed by YouTube.
Not only overflow was handled incorrectly, but even simply growing a buffer for
append was buggy.

10:36 AM Changeset in webkit [184442] by ddkilzer@apple.com

2 edits in trunk/Tools

bisect-builds: Add 'retry' option when prompting whether the bug reproduced
<http://webkit.org/b/145100>

Reviewed by Darin Adler.

Scripts/bisect-builds:
Add PROMPT_ANSWER_* constants for yes/no/retry/broken prompt.
Switch to using PROMPT_RESPONSE_* constants when testing the value of $didReproduceBug.
Add do { } while loops to implement 'retry' mode.

Context Navigation

Timeline

May 18, 2015:

May 17, 2015:

Download in other formats: