Timeline

Jul 15, 2015:

11:36 PM Changeset in webkit [186890] by timothy_horton@apple.com

• 3 edits in trunk/Source/WebCore

Move indicator rect uniting code to TextIndicatorWindow instead of TextIndicator
​https://bugs.webkit.org/show_bug.cgi?id=146992
<rdar://problem/21643094>

Reviewed by Daniel Bates.

Having to unite all the rects if any overlap is an implementation
detail of the Mac TextIndicatorWindow presentation, not a fundamental
property of TextIndicator.

Other TextIndicator presentations might be able to handle overlapping
rects more effectively, so we shouldn't lose information unless we need to.

This also avoids having a second copy of some constants!

• page/TextIndicator.cpp:

(WebCore::outsetIndicatorRectIncludingShadow): Deleted.
(WebCore::textIndicatorsForTextRectsOverlap): Deleted.
(WebCore::TextIndicator::TextIndicator): Deleted.

• page/mac/TextIndicatorWindow.mm:

(outsetIndicatorRectIncludingShadow):
(textIndicatorsForTextRectsOverlap):
(-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]):

11:04 PM Changeset in webkit [186889] by Carlos Garcia Campos

• 3 edits in trunk/Source/WebKit2

Unreviewed. Follow up to r186887 for GTK+.

Add GTK+ implementation of PageClientImpl::refView/derefView.

• UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::refView):
(WebKit::PageClientImpl::derefView):

• UIProcess/API/gtk/PageClientImpl.h:

10:31 PM Changeset in webkit [186888] by Carlos Garcia Campos

• 7 edits in trunk

[GTK] Input method filter is always enabled when the view is focused
​https://bugs.webkit.org/show_bug.cgi?id=146965

Reviewed by Martin Robinson.

Source/WebKit2:

It should only be enabled when the view is focused and there's an
editable element focused. In r138544, when input methods were
implemented, the message SetInputMethodState was added, but it was
never used. Instead, the notifyFocusIn method of the IM filter
enables the input method unconditionally. We should actually use
the SetInputMethodState message to enable/disable input methods
when editable elements are focused/unfocused.

• UIProcess/gtk/InputMethodFilter.cpp:

(WebKit::InputMethodFilter::setEnabled): Call notifyFocusedIn/Out
when inputs methods are enabled/disabled instead of notifying the
IM context directly.
(WebKit::InputMethodFilter::setCursorRect): Do not update the
cursor position if input methods are didabled.
(WebKit::InputMethodFilter::notifyFocusedIn): Do nothing when
input methods are disabled. Do not enable input methods
uncontionally here.
(WebKit::InputMethodFilter::notifyFocusedOut): Do not disable
input methods uncontionally here.

• WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::setInputMethodState): Call
WebPage::setInputMethodState() for GTK platform.

• WebProcess/WebPage/WebPage.h: Add setInputMethodState() for GTK platform.
• WebProcess/WebPage/gtk/WebPageGtk.cpp:

(WebKit::WebPage::setInputMethodState): Update input method state
and send SetInputMethodState message to the UI process if state changed.

Tools:

Use setEnabled() instead of notifyFocusedIn() to enable input methods.

• TestWebKitAPI/Tests/WebKit2/gtk/InputMethodFilter.cpp:

(TestWebKitAPI::TestInputMethodFilter::TestInputMethodFilter):

9:03 PM Changeset in webkit [186887] by beidson@apple.com

• 9 edits in trunk/Source/WebKit2

REGRESSION(r186088): Crash under WebKit::WebPageProxy::didFailLoadForFrame
<rdar://problem/21692212> and ​https://bugs.webkit.org/show_bug.cgi?id=146988

Reviewed by Sam Weinig.

When a loader delegate callback results in the WKView getting deallocated, then the PageClient
is also destroyed.

WebPageProxy then (often) turns around and uses the PageClient anyways.

Tried to write a TestWebKitAPI test for this, but only didFailLoadForFrame appears to obviously
be vulnerable, and there seems to be no way to reproduce that failure case under TestWebKitAPI.

• UIProcess/PageClient.h: Add ref/derefView.

• UIProcess/API/gtk/PageClientImpl.h: Stub them out.
  • UIProcess/efl/WebViewEfl.h: Stub them out.

• UIProcess/mac/PageClientImpl.h:
• UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::refView): [m_wkView retain]
(WebKit::PageClientImpl::derefView): [m_wkView release]

• UIProcess/ios/PageClientImplIOS.h:
• UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::refView): Retain all 3 views.
(WebKit::PageClientImpl::derefView): Release all 3 views.

• UIProcess/WebPageProxy.cpp:

(WebKit::PageClientProtector::PageClientProtector): Calls refView() on the PageClient.
(WebKit::PageClientProtector::~PageClientProtector): Calls derefView() on the PageClient.
(WebKit::WebPageProxy::didChangeBackForwardList): All methods that make m_loaderClient or

m_pageClient callouts get a protector at their head.

(WebKit::WebPageProxy::willGoToBackForwardListItem):
(WebKit::WebPageProxy::shouldKeepCurrentBackForwardListItemInList):
(WebKit::WebPageProxy::findPlugin):
(WebKit::WebPageProxy::didCreateMainFrame):
(WebKit::WebPageProxy::didCreateSubframe):
(WebKit::WebPageProxy::didStartProgress):
(WebKit::WebPageProxy::didChangeProgress):
(WebKit::WebPageProxy::didFinishProgress):
(WebKit::WebPageProxy::didDestroyNavigation):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrame):
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
(WebKit::WebPageProxy::didChangeProvisionalURLForFrame):
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame):
(WebKit::WebPageProxy::didCommitLoadForFrame):
(WebKit::WebPageProxy::didFinishDocumentLoadForFrame):
(WebKit::WebPageProxy::didFinishLoadForFrame):
(WebKit::WebPageProxy::didFailLoadForFrame):
(WebKit::WebPageProxy::didSameDocumentNavigationForFrame):
(WebKit::WebPageProxy::didReceiveTitleForFrame):
(WebKit::WebPageProxy::didFirstLayoutForFrame):
(WebKit::WebPageProxy::didFirstVisuallyNonEmptyLayoutForFrame):
(WebKit::WebPageProxy::didLayoutForCustomContentProvider):
(WebKit::WebPageProxy::didLayout):
(WebKit::WebPageProxy::didRemoveFrameFromHierarchy):
(WebKit::WebPageProxy::didDisplayInsecureContentForFrame):
(WebKit::WebPageProxy::didRunInsecureContentForFrame):
(WebKit::WebPageProxy::didDetectXSSForFrame):
(WebKit::WebPageProxy::frameDidBecomeFrameSet):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::decidePolicyForResponse):
(WebKit::WebPageProxy::decidePolicyForResponseSync):
(WebKit::WebPageProxy::unableToImplementPolicy):
(WebKit::WebPageProxy::didNavigateWithNavigationData):
(WebKit::WebPageProxy::didPerformClientRedirect):
(WebKit::WebPageProxy::didPerformServerRedirect):
(WebKit::WebPageProxy::didUpdateHistoryTitle):
(WebKit::WebPageProxy::wrapCryptoKey):
(WebKit::WebPageProxy::unwrapCryptoKey):
(WebKit::WebPageProxy::navigationGestureDidBegin):
(WebKit::WebPageProxy::navigationGestureWillEnd):
(WebKit::WebPageProxy::navigationGestureDidEnd):
(WebKit::WebPageProxy::willRecordNavigationSnapshot):

7:42 PM Changeset in webkit [186886] by Michael Catanzaro

• 2 edits in trunk/Tools

[EFL] Bump libseccomp version to 2.2.3
​https://bugs.webkit.org/show_bug.cgi?id=146980

Reviewed by Gyuyoung Kim.

• efl/jhbuild.modules:

7:08 PM Changeset in webkit [186885] by bshafiei@apple.com

• 1 copy in tags/Safari-600.1.4.17.2

New tag.

7:03 PM Changeset in webkit [186884] by ryuan.choi@navercorp.com

• 4 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove setContentsScale from TiledBackingStore
​https://bugs.webkit.org/show_bug.cgi?id=146921

Reviewed by Gyuyoung Kim.

• platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createBackingStore):
(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

• platform/graphics/texmap/coordinated/TiledBackingStore.cpp:

(WebCore::TiledBackingStore::TiledBackingStore):
(WebCore::TiledBackingStore::setContentsScale): Deleted.

• platform/graphics/texmap/coordinated/TiledBackingStore.h:

6:55 PM Changeset in webkit [186883] by matthew_hanson@apple.com

• 5 edits in branches/safari-600.8-branch/Source

Versioning

6:52 PM Changeset in webkit [186882] by matthew_hanson@apple.com

• 1 copy in tags/Safari-600.8.3

New Tag.

6:45 PM Changeset in webkit [186881] by Brent Fulgham

• 34 edits in trunk

[Win] Maintain consistent COM Interfaces
​https://bugs.webkit.org/show_bug.cgi?id=146983
<rdar://problem/21822278>

Reviewed by Dean Jackson.

Source/WebKit/win:

Keep WebKit's COM interface compatible with software
linked against earlier WebKit releases:

1. Update IDL to present the same interface as earlier releases of WebKit.
2. Add new interface objects (i.g., IWebFrame2) extending earlier interfaces when adding new methods.
3. Update our internal software to use the correct interface objects.

• DefaultPolicyDelegate.cpp:

(DefaultPolicyDelegate::decidePolicyForNavigationAction):

• Interfaces/IWebEditingDelegate.idl:
• Interfaces/IWebFrame.idl:
• Interfaces/IWebPreferencesPrivate.idl:
• Interfaces/IWebSecurityOrigin.idl:
• Interfaces/IWebUIDelegatePrivate.idl:
• Interfaces/IWebViewPrivate.idl:
• Interfaces/WebKit.idl:
• WebCoreSupport/WebEditorClient.cpp:

(WebEditorClient::shouldInsertNode):

• WebFrame.cpp:

(WebFrame::updateBackground):
(WebFrame::isMainFrame):

• WebFrame.h:
• WebPreferences.cpp:

(WebPreferences::initializeDefaultSettings):
(WebPreferences::QueryInterface):
(WebPreferences::setMockScrollbarsEnabled):
(WebPreferences::screenFontSubstitutionEnabled):
(WebPreferences::setScreenFontSubstitutionEnabled):
(WebPreferences::hyperlinkAuditingEnabled):
(WebPreferences::unused4):
(WebPreferences::shouldPaintNativeControls):
(WebPreferences::setShouldPaintNativeControls):
(WebPreferences::setDeveloperExtrasEnabled):
(WebPreferences::authorAndUserStylesEnabled):
(WebPreferences::inApplicationChromeMode):

• WebPreferences.h:
• WebSecurityOrigin.cpp:

(WebSecurityOrigin::QueryInterface):
(WebSecurityOrigin::setQuota):
(WebSecurityOrigin::initWithURL):

• WebSecurityOrigin.h:
• WebView.cpp:

(WebView::QueryInterface):
(WebView::notifyPreferencesChanged):
(WebView::selectedRangeForTesting):
(WebView::setLoadResourcesSerially):

• WebView.h:

Tools:

Update DumpRenderTree and WinLauncher to use the properly
versioned COM interface objects.

• DumpRenderTree/win/AccessibilityControllerWin.cpp:

(AccessibilityController::rootElement):

• DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):
(resetWebViewToConsistentStateBeforeTesting):
(runTest):
(createWebViewAndOffscreenWindow):

• DumpRenderTree/win/EditingDelegate.cpp:

(EditingDelegate::QueryInterface):
(EditingDelegate::shouldEndEditingInDOMRange):
(EditingDelegate::shouldInsertNode):

• DumpRenderTree/win/EditingDelegate.h:
• DumpRenderTree/win/EventSender.cpp:

(scalePageByCallback):

• DumpRenderTree/win/FrameLoadDelegate.cpp:

(FrameLoadDelegate::didCommitLoadForFrame):

• DumpRenderTree/win/TestRunnerWin.cpp:

(TestRunner::callShouldCloseOnWebView):
(TestRunner::applicationCacheDiskUsageForOrigin):
(TestRunner::clearApplicationCacheForOrigin):
(TestRunner::setDefersLoading):
(TestRunner::setDomainRelaxationForbiddenForURLScheme):
(TestRunner::setTabKeyCyclesThroughElements):
(TestRunner::setValueForUser):
(TestRunner::dispatchPendingLoadRequests):
(TestRunner::setWindowIsKey):
(TestRunner::execCommand):
(TestRunner::addOriginAccessWhitelistEntry):
(TestRunner::removeOriginAccessWhitelistEntry):
(TestRunner::addUserScript):
(TestRunner::addUserStyleSheet):
(TestRunner::showWebInspector):
(TestRunner::closeWebInspector):
(TestRunner::evaluateInWebInspector):
(TestRunner::setSerializeHTTPLoads):

• DumpRenderTree/win/TextInputControllerWin.cpp:

(TextInputController::setMarkedText):
(TextInputController::hasMarkedText):
(TextInputController::unmarkText):
(TextInputController::markedRange):
(TextInputController::insertText):
(TextInputController::firstRectForCharacterRange):
(TextInputController::selectedRange):

• DumpRenderTree/win/UIDelegate.h:

(UIDelegate::unused2):
(UIDelegate::unused3):
(UIDelegate::webViewScrolled):
(UIDelegate::webViewShouldInterruptJavaScript):
(UIDelegate::webViewReceivedFocus):
(UIDelegate::unused4): Deleted.

• TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp:

(TestWebKitAPI::WebViewDestructionWithHostWindow::SetUp):

• WinLauncher/PageLoadTestClient.cpp:

(PageLoadTestClient::didStartProvisionalLoad):

• WinLauncher/WinLauncher.cpp:

(WinLauncher::init):

• WinLauncher/WinLauncher.h:
• WinLauncher/WinLauncherWebHost.cpp:

(WinLauncherWebHost::didFinishLoadForFrame):
(WinLauncherWebHost::didFirstLayoutInFrame):

• WinLauncher/WinLauncherWebHost.h:

6:25 PM Changeset in webkit [186880] by Brent Fulgham

• 2 edits in trunk/Source/JavaScriptCore

[Win] Fix armv7 build.

• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState): The 64-bit argument
version of poke is not available on armv7 builds.

6:13 PM Changeset in webkit [186879] by dino@apple.com

• 3 edits in trunk/Source/WebCore

Tag WebGL layers with sRGB colorspace
​https://bugs.webkit.org/show_bug.cgi?id=146986
<rdar://problem/21758704>

Fix the build on older El Capitan releases.

• platform/graphics/mac/WebGLLayer.mm:

(-[WebGLLayer initWithGraphicsContext3D:]):

• platform/spi/cocoa/QuartzCoreSPI.h:

6:00 PM Changeset in webkit [186878] by weinig@apple.com

• 6 edits in trunk/Source

Color match plug-ins
<rdar://problem/21758722>
​https://bugs.webkit.org/show_bug.cgi?id=146987

Reviewed by Dean Jackson.

Source/WebCore:

• platform/spi/cocoa/QuartzCoreSPI.h:

Add colorMatchUntaggedContent property.

Source/WebKit2:

• Platform/mac/LayerHostingContext.h:
• Platform/mac/LayerHostingContext.mm:

(WebKit::LayerHostingContext::setColorMatchUntaggedContent):
(WebKit::LayerHostingContext::colorMatchUntaggedContent):
Add setter/getter for color matching untagged content.

• PluginProcess/mac/PluginControllerProxyMac.mm:

(WebKit::PluginControllerProxy::updateLayerHostingContext):
Have plug-ins CAContext's color match untagged colors into sRGB.

5:33 PM Changeset in webkit [186877] by Matt Baker

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Resizing TimelineRuler selection on both sides doesn't work with snapping enabled
​https://bugs.webkit.org/show_bug.cgi?id=146970

Reviewed by Brian Burg.

• UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._handleSelectionHandleMouseMove):
Use snapped current time value when setting selection bounds.

5:31 PM Changeset in webkit [186876] by Brent Fulgham

• 2 edits in trunk/Source/JavaScriptCore

[Win] 64-bit Build Failure
​https://bugs.webkit.org/show_bug.cgi?id=146989

Reviewed by Mark Lam.

• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState): Add missing
declaration for 64-bit type on 4-argument register machines (like
Windows).

5:29 PM Changeset in webkit [186875] by Brent Fulgham

• 2 edits in trunk/Source/WebCore

[Win] Another build fix after r186858.

• html/canvas/DOMPath.h: Don't use WEBCORE_EXPORT on the

overall class and the destructor declaration.

5:06 PM Changeset in webkit [186874] by Lucas Forschler

• 6 edits in branches/safari-601.1-branch

Merged r186826.

4:57 PM Changeset in webkit [186873] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.8-branch/Source/WebKit2

Merge r186838. rdar://problem/21716363

4:57 PM Changeset in webkit [186872] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.8-branch/Source/WebCore

Merge r186863. rdar://problem/21714843

4:31 PM Changeset in webkit [186871] by matthew_hanson@apple.com

• 8 edits in branches/safari-600.8-branch/Source/WebCore

Merge r186533. rdar://problem/21533137

4:13 PM Changeset in webkit [186870] by commit-queue@webkit.org

• 4 edits in trunk/Tools

Many test failures in scm_unittest.py
​https://bugs.webkit.org/show_bug.cgi?id=143967

Patch by Dean Johnson <​dean_johnson@apple.com> on 2015-07-15
Reviewed by Daniel Bates.

• Scripts/webkitpy/common/checkout/scm/detection.py:

(SCMDetector.detect_scm_system): Paths with symlinks are now resolved to
absolute canonical file paths. Two mutually exclusive issues cause this
to be a problem.

1) Python's os.path.relpath() function does not return correct relative
paths between two filepaths that point to the same file, if symlinks are
involved.

On Mac, /tmp points to /private/tmp
ex. os.path.relpath('/tmp', '/private/tmp')

returns '../../tmp'

What we want is actually just '.'
2) Git does not allow file paths to trace outside of
the Git repository. This means that if you have a repository in
/tmp and you refer to that repository when invoking a git command as
../tmp, Git will produce errors about working outside of the repository.

• Scripts/webkitpy/common/checkout/scm/git.py: Over time Git has changed

its default behavior and such, needed to be updated.
(Git.changed_files): '--' was added into the command so that patch_directories
were taken as positional arguments.

• Scripts/webkitpy/common/checkout/scm/scm_unittest.py: Changed tests and setup

in the GitSVNTest class to more closely emulate the version of Git that the tests
assumed a system had. Also fixed a small side-effect from the absolute canonical
path fix in SCMDetector.detect_scm_system
(SVNTestRepository.setup): A relative filepath was previously passed as the
checkout root to SCMDetector.detect_scm_system, but is now cleaned to
an absolute canonical path before being passed in. The failing test
was a "sanity check" that the svn.checkout_root and scm.checkout_root
were the same.
(GitSVNTest._setup_git_checkout):

1) Added "--prefix " option to git clone since Git changed its default
behavior in version 2.0.
2) The branch master was renamed to trunk to more closely emulate what
tests expected when they were written.

(GitSVNTest.test_changed_files_local_plus_working_copy): Two of the three
original tests failed because the tests expected the trunk branch
to produce its parent's commit, whereas Git merely provides the HEAD commit
for a given branch (trunk in this case). Based on other tests written
in the same commit, it appears these tests were failing from the point they
were written.

4:04 PM Changeset in webkit [186869] by matthew_hanson@apple.com

• 4 edits in branches/safari-600.8-branch/Source

Merge r186559. rdar://problem/21716363

4:00 PM Changeset in webkit [186868] by dino@apple.com

• 4 edits
  3 adds in trunk

Tag WebGL layers with sRGB colorspace
​https://bugs.webkit.org/show_bug.cgi?id=146986
<rdar://problem/21758704>

Reviewed by Simon Fraser.

Source/WebCore:

Label a CAOpenGLLayer as using the sRGB colorspace,
like the rest of our page content.

Test: fast/canvas/webgl/match-page-color-space.html

• platform/graphics/mac/WebGLLayer.mm:

(-[WebGLLayer initWithGraphicsContext3D:]): Set the colorspace property on the layer.
(-[WebGLLayer copyCGLPixelFormatForDisplayMask:]):
(-[WebGLLayer drawInCGLContext:pixelFormat:forLayerTime:displayTime:]):
(-[WebGLLayer copyImageSnapshotWithColorSpace:]):

LayoutTests:

Add a test that embeds a WebGL canvas inside a solid div. Since both
have the same color, the canvas should seemlessly disappear into
the surrounding div.

• fast/canvas/webgl/match-page-color-space-expected.html: Added.
• fast/canvas/webgl/match-page-color-space.html: Added.
• platform/mac-mavericks/TestExpectations: Skip this test.
• platform/mac-yosemite/TestExpectations: Added. Skip this test.

3:42 PM Changeset in webkit [186867] by Brent Fulgham

• 3 edits in trunk/Source/WebCore

[Win] Unreviewed build fix after r186858.

Add missing DOMPath and PathUtilities files to project.

• WebCore.vcxproj/WebCore.vcxproj:
• WebCore.vcxproj/WebCore.vcxproj.filters:

3:39 PM Changeset in webkit [186866] by andersca@apple.com

• 4 edits in trunk/Source/WebCore

Headers that look for NSGEOMETRY_TYPES_SAME_AS_CGGEOMETRY_TYPES should import NSGeometry.h
​https://bugs.webkit.org/show_bug.cgi?id=146982

Reviewed by Tim Horton.

• platform/graphics/FloatPoint.h:
• platform/graphics/IntPoint.h:
• platform/graphics/IntSize.h:

3:33 PM Changeset in webkit [186865] by commit-queue@webkit.org

• 5 edits
  2 adds in trunk

Scroll snapping to elements is broken for main frame scrolling
​https://bugs.webkit.org/show_bug.cgi?id=146957

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Brent Fulgham.

Source/WebCore:

Fixes the case of elements with scroll snap coordinates in a scroll snapping mainframe by changing
RenderBox::findEnclosingScrollableContainer to return the body's RenderBox when all enclosing elements
are not overflow scrollable but the mainframe can scroll.

Test: css3/scroll-snap/scroll-snap-coordinate-mainframe.html

• page/FrameView.h: Export isScrollable so that the Internals API can use it.
• rendering/RenderBox.cpp: Include MainFrame.h.

(WebCore::RenderBox::findEnclosingScrollableContainer): Changed to return the body's RenderBox if

none of its parent elements are overflow scrolling.

• testing/Internals.cpp:

(WebCore::Internals::scrollSnapOffsets): Updated to return snap offsets for the body element,

allowing us to call window.internals.scrollSnapOffsets(document.body).

LayoutTests:

Tests that basic scroll snap coordinates in the mainframe works.

• css3/scroll-snap/scroll-snap-coordinate-mainframe-expected.txt: Added.
• css3/scroll-snap/scroll-snap-coordinate-mainframe.html: Added.

3:30 PM Changeset in webkit [186864] by matthew_hanson@apple.com

• 13 edits
  1 add in branches/safari-600.8-branch/Source

Merge r186781. rdar://problem/21708063

3:22 PM Changeset in webkit [186863] by beidson@apple.com

• 2 edits in trunk/Source/WebCore

WebKit document.cookie mis-parsing.
rdar://problem/21715050 and ​https://bugs.webkit.org/show_bug.cgi?id=146976

Reviewed by Sam Weinig.

• platform/network/mac/CookieJarMac.mm:

(WebCore::setCookiesFromDOM): Use new CFNetwork SPI when available.

2:54 PM Changeset in webkit [186862] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

[WinCairo] font fallback not working
​https://bugs.webkit.org/show_bug.cgi?id=146595

Patch by Jinyoung Hur <​hur.ims@navercorp.com> on 2015-07-15
Reviewed by Myles C. Maxfield.

A Win32 API, GetGlyphIndices(), is not used properly, so any glyphs are considered existing in a font and it prevents the font fall back mechanism from working.

I think a specific font should be newly installed on the test machine to test this case but I have no idea how can it be done.

• platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:

(WebCore::GlyphPage::fill):

2:46 PM Changeset in webkit [186861] by Michael Catanzaro

• 4 edits in trunk/Source/WebKit2

[GTK] Rename PACKAGE_LOCALE_DIR to LOCALEDIR
​https://bugs.webkit.org/show_bug.cgi?id=146975

Reviewed by Martin Robinson.

• PlatformGTK.cmake:
• UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_class_init):

• WebProcess/gtk/WebProcessMainGtk.cpp:

2:41 PM Changeset in webkit [186860] by saambarati1@gmail.com

• 81 edits
  14 adds in trunk

[ES6] implement block scoping to enable 'let'
​https://bugs.webkit.org/show_bug.cgi?id=142944

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createExecutableInternal):

• bytecode/BytecodeList.json:

This patch adds a new opcode and removes op_pop_scope:
1) op_get_parent_scope returns the parent scope but doesn't
implicitly write that scope into the scope register. op_pop_scope
is now reduced to op_get_parent_scope followed by op_mov.

• bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::stronglyVisitStrongReferences):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::addStringSwitchJumpTable):
(JSC::CodeBlock::stringSwitchJumpTable):
(JSC::CodeBlock::symbolTable):
(JSC::CodeBlock::evalCodeCache):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::replaceConstant):
op_put_to_scope for LocalClosureVar now takes as an argument
the constant index for the Symbol Table it will be putting into.
This argument is only used to communicate from the BytecodeGenerator
to CodeBlock linking time and it is not present in the linked bytecode.

op_put_to_scope for non LocalClosureVar takes, at the same index, an
argument that represents the local scope depth which it uses for
JSScope::abstractResolve to know how many scopes it needs to skip.
Again, this is not in the linked code.
op_get_from_scope and op_resolve_scope also take as an argument
the local scope depth to use in JSScope::abstractResolve. Again,
this is not used in the linked code.

• bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
(JSC::EvalCodeCache::clear):
(JSC::EvalCodeCache::isCacheable):
When direct eval is called and passed a scope that
corresponds to a lexical scope, we can't safely cache
that code because we won't be able to guarantee
that the cached code is always executed in the same scope.
Consider this example:
function foo() {

let x = 20;
eval("x;");
if (b) {

let x = 30;
if (b) {

let y = 40;
eval("x;")

}

}

}

We can't reuse resolution depth when linking get_from_scope in evals.

• bytecode/UnlinkedCodeBlock.cpp:

(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
(JSC::UnlinkedFunctionExecutable::parameterCount):

• bytecode/UnlinkedCodeBlock.h:

Unlinked functions now know the variables that were under TDZ in their parent
scope.

(JSC::UnlinkedCodeBlock::symbolTable):
(JSC::UnlinkedCodeBlock::setSymbolTable):
(JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
(JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
(JSC::UnlinkedCodeBlock::vm):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):
(JSC::BytecodeGenerator::newRegister):
(JSC::BytecodeGenerator::reclaimFreeRegisters):
(JSC::BytecodeGenerator::newBlockScopeVariable):
(JSC::BytecodeGenerator::newTemporary):
(JSC::BytecodeGenerator::emitProfileType):
(JSC::BytecodeGenerator::emitLoadGlobalObject):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::popLexicalScope):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::variablePerSymbolTable):
(JSC::BytecodeGenerator::variableForLocalEntry):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::initializeVariable):
(JSC::BytecodeGenerator::emitTDZCheck):
(JSC::BytecodeGenerator::needsTDZCheck):
(JSC::BytecodeGenerator::emitTDZCheckIfNecessary):
(JSC::BytecodeGenerator::liftTDZCheckIfPossible):
(JSC::BytecodeGenerator::getVariablesUnderTDZ):
(JSC::BytecodeGenerator::emitNewObject):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitGetParentScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::emitDebugHook):
(JSC::BytecodeGenerator::pushFinallyContext):
(JSC::BytecodeGenerator::pushIteratorCloseContext):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::emitPopScopes):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
(JSC::BytecodeGenerator::currentScopeDepth):
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitPushCatchScope):
(JSC::BytecodeGenerator::beginSwitch):
(JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
(JSC::BytecodeGenerator::emitEnumeration):

• bytecompiler/BytecodeGenerator.h:

(JSC::Variable::Variable):
(JSC::Variable::isResolved):
(JSC::Variable::symbolTableConstantIndex):
(JSC::Variable::ident):
(JSC::BytecodeGenerator::ignoredResult):
(JSC::BytecodeGenerator::tempDestination):
(JSC::BytecodeGenerator::lastOpcodeID):
(JSC::BytecodeGenerator::makeFunction):
(JSC::BytecodeGenerator::symbolTable):
(JSC::BytecodeGenerator::shouldOptimizeLocals): Deleted.
(JSC::BytecodeGenerator::canOptimizeNonLocals): Deleted.
The heart of the changes in this patch are in the bytecode generator.
The bytecode generator now keeps a stack of tuples of
{symbol table, scope register, flag indicating catch or with scope, symbol table index in constant pool}
that models the runtime scope stack. This symbol table stack is used
in resolving local variables.

Also, the bytecode generator handles pushing and popping of lexical scopes.
This is relatively straight forward:
Captured 'let' variables end up in the JSLexicalEnvironment scope and non-captured
variables end up on the stack. Some trickiness is involved in generating
code for 'for' loops that have captured variables (I'm talking about variables in the loop
header, not the loop body). Each iteration of the for loop ends up with
its own JSLexicalEnvironment. Static code must be generated in such a way
to create this runtime behavior. This is done by emitting instructions to
push and pop a lexical scope at the end of each loop and copying values
from the previous loop's scope into the new scope. This code must also
ensure that each loop iteration's scope refers to the same underlying
SymbolTable so that no scope is accidentally mistaken as being a singleton scope.

When the debugger is enabled, all lexically defined variables will end up in the
JSLexicalEnvironment.

• bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::BlockNode::emitBytecode):
(JSC::ExprStatementNode::emitBytecode):
(JSC::DeclarationStatement::emitBytecode):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::EmptyLetExpression::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ForInNode::emitMultiLoopBytecode):
(JSC::ForOfNode::emitBytecode):
(JSC::SwitchNode::emitBytecode):
(JSC::BindingNode::bindValue):
(JSC::VarStatementNode::emitBytecode): Deleted.

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluate):

• debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::getOwnPropertySlot):
(JSC::DebuggerScope::put):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

• dfg/DFGNode.h:

(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::initializationValueForActivation):
(JSC::DFG::Node::containsMovHint):

• dfg/DFGObjectAllocationSinkingPhase.cpp:

CreateActivation nodes now have a second OpInfo that tracks the
initial value that needs to be placed in the activation. This initial value
is also used in allocation sinking to create proper bottom values for all
scope variables.

• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCreateActivation):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

• ftl/FTLIntrinsicRepository.h:
• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):

• ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_pop_scope): Deleted.

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_pop_scope): Deleted.

• jit/JITOperations.cpp:

(JSC::canAccessArgumentIndexQuickly):

• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• parser/ASTBuilder.h:

(JSC::ASTBuilder::createSourceElements):
(JSC::ASTBuilder::funcDeclarations):
(JSC::ASTBuilder::features):
(JSC::ASTBuilder::numConstants):
(JSC::ASTBuilder::createConditionalExpr):
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createClassDeclStatement):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createIfStatement):
(JSC::ASTBuilder::createForLoop):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createForOfLoop):
(JSC::ASTBuilder::isBindingNode):
(JSC::ASTBuilder::createEmptyStatement):
(JSC::ASTBuilder::createDeclarationStatement):
(JSC::ASTBuilder::createVarStatement):
(JSC::ASTBuilder::createLetStatement):
(JSC::ASTBuilder::createEmptyVarExpression):
(JSC::ASTBuilder::createEmptyLetExpression):
(JSC::ASTBuilder::createReturnStatement):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
(JSC::ASTBuilder::appendStatement):
(JSC::ASTBuilder::createCommaExpr):
(JSC::ASTBuilder::appendObjectPatternEntry):
(JSC::ASTBuilder::createBindingLocation):
(JSC::ASTBuilder::setEndOffset):
(JSC::ASTBuilder::Scope::Scope):
(JSC::ASTBuilder::makeAssignNode):
(JSC::ASTBuilder::varDeclarations): Deleted.
(JSC::ASTBuilder::addVar): Deleted.

• parser/Keywords.table:
• parser/NodeConstructors.h:

(JSC::ReadModifyResolveNode::ReadModifyResolveNode):
(JSC::AssignResolveNode::AssignResolveNode):
(JSC::ExprStatementNode::ExprStatementNode):
(JSC::DeclarationStatement::DeclarationStatement):
(JSC::EmptyVarExpression::EmptyVarExpression):
(JSC::EmptyLetExpression::EmptyLetExpression):
(JSC::IfElseNode::IfElseNode):
(JSC::WhileNode::WhileNode):
(JSC::ForNode::ForNode):
(JSC::CaseBlockNode::CaseBlockNode):
(JSC::SwitchNode::SwitchNode):
(JSC::ConstDeclNode::ConstDeclNode):
(JSC::BlockNode::BlockNode):
(JSC::EnumerationNode::EnumerationNode):
(JSC::ForInNode::ForInNode):
(JSC::ForOfNode::ForOfNode):
(JSC::ObjectPatternNode::create):
(JSC::BindingNode::create):
(JSC::BindingNode::BindingNode):
(JSC::VarStatementNode::VarStatementNode): Deleted.

• parser/Nodes.cpp:

(JSC::ScopeNode::ScopeNode):
(JSC::ScopeNode::singleStatement):
(JSC::ProgramNode::ProgramNode):
(JSC::EvalNode::EvalNode):
(JSC::FunctionNode::FunctionNode):
(JSC::FunctionNode::finishParsing):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

• parser/Nodes.h:

(JSC::VariableEnvironmentNode::VariableEnvironmentNode):
(JSC::VariableEnvironmentNode::lexicalVariables):
(JSC::ScopeNode::usesThis):
(JSC::ScopeNode::needsActivationForMoreThanVariables):
(JSC::ScopeNode::needsActivation):
(JSC::ScopeNode::hasCapturedVariables):
(JSC::ScopeNode::captures):
(JSC::ScopeNode::varDeclarations):
(JSC::ScopeNode::functionStack):
(JSC::ScopeNode::neededConstants):
(JSC::ProgramNode::startColumn):
(JSC::ProgramNode::endColumn):
(JSC::EvalNode::startColumn):
(JSC::EvalNode::endColumn):
(JSC::BindingNode::boundProperty):
(JSC::BindingNode::divotStart):
(JSC::BindingNode::divotEnd):
(JSC::ScopeNode::capturedVariableCount): Deleted.
(JSC::ScopeNode::capturedVariables): Deleted.
(JSC::ScopeNode::varStack): Deleted.
There is a new class called 'VariableEnvironmentNode' that has the
necessary fields to model a lexical scope. Multiple AST nodes now
also inherit from VariableEnvironmentNode.

• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::didFinishParsing):
(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseVariableDeclaration):
(JSC::Parser<LexerType>::parseWhileStatement):
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::createBindingPattern):
(JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseConstDeclarationList):
(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseBreakStatement):
(JSC::Parser<LexerType>::parseContinueStatement):
(JSC::Parser<LexerType>::parseSwitchStatement):
(JSC::Parser<LexerType>::parseTryStatement):
(JSC::Parser<LexerType>::parseBlockStatement):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClassDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseVarDeclaration): Deleted.
(JSC::Parser<LexerType>::parseVarDeclarationList): Deleted.

• parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::setIsFunction):
(JSC::Scope::isFunction):
(JSC::Scope::isFunctionBoundary):
(JSC::Scope::setIsLexicalScope):
(JSC::Scope::isLexicalScope):
(JSC::Scope::declaredVariables):
(JSC::Scope::finalizeLexicalEnvironment):
(JSC::Scope::computeLexicallyCapturedVariablesAndPurgeCandidates):
(JSC::Scope::declareCallee):
(JSC::Scope::declareVariable):
(JSC::Scope::declareLexicalVariable):
(JSC::Scope::hasDeclaredVariable):
(JSC::Scope::hasLexicallyDeclaredVariable):
(JSC::Scope::hasDeclaredParameter):
(JSC::Scope::declareWrite):
(JSC::Scope::preventAllVariableDeclarations):
(JSC::Scope::preventVarDeclarations):
(JSC::Scope::allowsVarDeclarations):
(JSC::Scope::allowsLexicalDeclarations):
(JSC::Scope::declareParameter):
(JSC::Scope::declareBoundParameter):
(JSC::Scope::useVariable):
(JSC::Scope::setNeedsFullActivation):
(JSC::Scope::needsFullActivation):
(JSC::Scope::hasDirectSuper):
(JSC::Scope::setNeedsSuperBinding):
(JSC::Scope::collectFreeVariables):
(JSC::Scope::getCapturedVars):
(JSC::Scope::copyCapturedVariablesToVector):
(JSC::Parser::AutoCleanupLexicalScope::AutoCleanupLexicalScope):
(JSC::Parser::AutoCleanupLexicalScope::~AutoCleanupLexicalScope):
(JSC::Parser::AutoCleanupLexicalScope::setIsValid):
(JSC::Parser::AutoCleanupLexicalScope::isValid):
(JSC::Parser::AutoCleanupLexicalScope::setPopped):
(JSC::Parser::AutoCleanupLexicalScope::scope):
(JSC::Parser::currentScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::popScope):
(JSC::Parser::declareVariable):
(JSC::Parser::hasDeclaredVariable):
(JSC::Parser::hasDeclaredParameter):
(JSC::Parser::declareWrite):
(JSC::Parser::findCachedFunctionInfo):
(JSC::Parser::isFunctionBodyNode):
(JSC::Parser::continueIsValid):
(JSC::Parser::pushLabel):
(JSC::Parser::popLabel):
(JSC::Parser::getLabel):
(JSC::Parser::isLETMaskedAsIDENT):
(JSC::Parser<LexerType>::parse):
(JSC::Scope::preventNewDecls): Deleted.
(JSC::Scope::allowsNewDecls): Deleted.
(JSC::Scope::getCapturedVariables): Deleted.
There are basic parser changes that now allow for the 'let'
keyword. The trickiest change is how we will still treat 'let'
as an identifier for sloppy-mode code sometimes. For example,
"var let = ..." is allowed but "let let" or "const let" is not.

The most significant change to the parser made for this patch
is appropriating the Scope struct to also also model a lexical
scope. Changes were made in how we track captured variables to
account for this. In general, I think some of this code could
benefit from a slight refactoring to make things cleaner.

• parser/ParserTokens.h:
• parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createNewExpr):
(JSC::SyntaxChecker::createConditionalExpr):
(JSC::SyntaxChecker::createAssignResolve):
(JSC::SyntaxChecker::createEmptyVarExpression):
(JSC::SyntaxChecker::createEmptyLetExpression):
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createClassDeclStatement):
(JSC::SyntaxChecker::createBlockStatement):
(JSC::SyntaxChecker::createExprStatement):
(JSC::SyntaxChecker::createIfStatement):
(JSC::SyntaxChecker::createForLoop):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createForOfLoop):
(JSC::SyntaxChecker::createEmptyStatement):
(JSC::SyntaxChecker::createVarStatement):
(JSC::SyntaxChecker::createLetStatement):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createTryStatement):
(JSC::SyntaxChecker::createSwitchStatement):
(JSC::SyntaxChecker::createWhileStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createDoWhileStatement):
(JSC::SyntaxChecker::createGetterOrSetterProperty):
(JSC::SyntaxChecker::appendStatement):
(JSC::SyntaxChecker::combineCommaNodes):
(JSC::SyntaxChecker::evalCount):
(JSC::SyntaxChecker::appendBinaryExpressionInfo):
(JSC::SyntaxChecker::operatorStackPop):
(JSC::SyntaxChecker::addVar): Deleted.

• parser/VariableEnvironment.cpp: Added.

(JSC::VariableEnvironment::markVariableAsCapturedIfDefined):
(JSC::VariableEnvironment::markVariableAsCaptured):
(JSC::VariableEnvironment::markAllVariablesAsCaptured):
(JSC::VariableEnvironment::hasCapturedVariables):
(JSC::VariableEnvironment::captures):
(JSC::VariableEnvironment::swap):

• parser/VariableEnvironment.h: Added.

(JSC::VariableEnvironmentEntry::isCaptured):
(JSC::VariableEnvironmentEntry::isConstant):
(JSC::VariableEnvironmentEntry::isVar):
(JSC::VariableEnvironmentEntry::isLet):
(JSC::VariableEnvironmentEntry::setIsCaptured):
(JSC::VariableEnvironmentEntry::setIsConstant):
(JSC::VariableEnvironmentEntry::setIsVar):
(JSC::VariableEnvironmentEntry::setIsLet):
(JSC::VariableEnvironmentEntry::clearIsVar):
(JSC::VariableEnvironment::begin):
(JSC::VariableEnvironment::end):
(JSC::VariableEnvironment::add):
(JSC::VariableEnvironment::size):
(JSC::VariableEnvironment::contains):
(JSC::VariableEnvironment::remove):
VariableEnvironment is a new class that keeps track
of the static environment in the parser and the bytecode generator.
VariableEnvironment behaves like SymbolTable but for the bytecode generator.
It keeps track of variable types, i.e, if a variable is a "var", "let", "const"
and whether or not its captured.

• runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

• runtime/CodeCache.h:

(JSC::CodeCache::clear):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:
• runtime/ExceptionHelpers.cpp:

(JSC::createErrorForInvalidGlobalAssignment):
(JSC::createTDZError):
(JSC::throwOutOfMemoryError):

• runtime/ExceptionHelpers.h:
• runtime/Executable.cpp:

(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::initializeGlobalProperties):

• runtime/Executable.h:
• runtime/JSCJSValue.h:

(JSC::jsUndefined):
(JSC::jsTDZValue):
(JSC::jsBoolean):

• runtime/JSEnvironmentRecord.h:

(JSC::JSEnvironmentRecord::finishCreationUninitialized):
(JSC::JSEnvironmentRecord::finishCreation):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createEvalCodeBlock):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::weakRandomInteger):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

• runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::symbolTableGet):

• runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::create):

• runtime/JSScope.cpp:

(JSC::JSScope::resolve):
(JSC::JSScope::abstractResolve):
(JSC::JSScope::collectVariablesUnderTDZ):
(JSC::JSScope::isLexicalScope):
(JSC::resolveModeName):

• runtime/JSScope.h:
• runtime/PropertySlot.h:

(JSC::PropertySlot::setValue):

• runtime/SymbolTable.cpp:

(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneScopePart):

• runtime/SymbolTable.h:

SymbolTable now uses an extra bit to know if it corresponds
to a "let"-like environment or not.

• runtime/WriteBarrier.h:

(JSC::WriteBarrierBase<Unknown>::get):
(JSC::WriteBarrierBase<Unknown>::clear):
(JSC::WriteBarrierBase<Unknown>::setUndefined):
(JSC::WriteBarrierBase<Unknown>::setStartingValue):
(JSC::WriteBarrierBase<Unknown>::isNumber):
(JSC::WriteBarrierBase<Unknown>::isObject):
(JSC::WriteBarrierBase<Unknown>::isNull):

• tests/stress/activation-sink-default-value-tdz-error.js: Added.

(shouldThrowTDZ):
(bar):
(foo.cap):

• tests/stress/activation-sink-osrexit-default-value-tdz-error.js: Added.

(shouldThrowTDZ):
(bar):

• tests/stress/lexical-let-and-with-statement.js: Added.

(truth):
(assert):
(.):

• tests/stress/lexical-let-exception-handling.js: Added.

(truth):
(assert):
(.):

• tests/stress/lexical-let-global-not-captured-variables.js: Added.

(truth):
(assert):
(foo):
(.let.capY):

• tests/stress/lexical-let-loop-semantics.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

• tests/stress/lexical-let-not-strict-mode.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

• tests/stress/lexical-let-semantics.js: Added.

(truth):
(assert):
(let.globalFunction):
(let.retGlobalNumberCaptured):
(let.setGlobalNumberCaptured):
(.):

• tests/stress/lexical-let-tdz.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

LayoutTests:

• js/dom/reserved-words-as-property-expected.txt:
• js/keywords-and-reserved_words-expected.txt:
• js/let-syntax-expected.txt: Added.
• js/let-syntax.html: Added.
• js/reserved-words-strict-expected.txt:
• js/script-tests/keywords-and-reserved_words.js:
• js/script-tests/let-syntax.js: Added.

(truth):
(assert):
(hasSyntaxError):
(shouldHaveSyntaxError):
(shouldNotHaveSyntaxError):
(shouldHaveSyntaxErrorStrictOnly):

• js/script-tests/reserved-words-strict.js:
• js/script-tests/statement-list-item-syntax-errors.js:

(testSyntax):
(runTests):

• js/statement-list-item-syntax-errors-expected.txt:

2:29 PM Changeset in webkit [186859] by andersca@apple.com

• 8 edits in trunk/Source

Make JavaScriptCore SPI headers used by WebCore SPI headers self-contained
​https://bugs.webkit.org/show_bug.cgi?id=146978

Reviewed by Dan Bernstein.

Source/JavaScriptCore:

• debugger/DebuggerPrimitives.h:
• disassembler/Disassembler.h:
• heap/Weak.h:
• inspector/InspectorValues.h:
• runtime/JSCJSValue.h:

Source/WTF:

• wtf/ExportMacros.h:

2:19 PM Changeset in webkit [186858] by timothy_horton@apple.com

• 12 edits
  7 adds in trunk

Factor rect shrink-wrapping code out of RenderThemeMac for future reuse
​https://bugs.webkit.org/show_bug.cgi?id=146973
<rdar://problem/21643094>

Reviewed by Anders Carlsson.

Test: fast/shrink-wrap/rect-shrink-wrap.html

• WebCore.xcodeproj/project.pbxproj:

Add DOMPath.cpp and PathUtilities.{h, cpp}.

• bindings/js/JSDOMBinding.h:

(WebCore::NativeValueTraits<double>::nativeValue):
Make it possible to use sequence<double> in IDL files.

• bindings/scripts/CodeGeneratorJS.pm:

Export JSDOMPath for use in Internals.

• html/canvas/DOMPath.cpp: Added.

(WebCore::DOMPath::~DOMPath):

• html/canvas/DOMPath.h:

Out-of-line the DOMPath destructor so as not to anger the bindings
integrity checker (otherwise, the address of the DOMPath destructor
is different in WebCoreTestSupport and WebCore, causing us to fail
the vtable equality test).

• platform/graphics/Path.h:

Forward declare FloatRect instead of including it unnecessarily.
Export ensurePlatformPath().

• platform/graphics/PathUtilities.cpp: Added.

(WebCore::addShrinkWrapRightCorner):
(WebCore::addShrinkWrapLeftCorner):
(WebCore::addShrinkWrappedPathForRects):
These parts are extracted from RenderThemeMac, with two changes:

+ support for arbitrarily-aligned rects

(the other version assumed they were horizontally center-aligned)

+ support for overlapping rects

(the other version assumed they touched but did not overlap)

There are still things missing:

+ support for a fallback when the shape is too hard to shrink-wrap

And things broken:

+ if the distance between two edges is smaller than the corner radius,

we'll end up with a sharp edge in the path

Both of these cases are covered in the layout test and can be improved.

(WebCore::rectsIntersectOrTouch):
Rect intersection with <= instead of <.

(WebCore::contiguousRectGroupsFromRects):
Given a set of rects, find all of the contiguous regions. We'll
shrink-wrap each region independently.

(WebCore::PathUtilities::pathWithShrinkWrappedRects):

• platform/graphics/PathUtilities.h: Added.

Add PathUtilities, where the shrink-wrapping code lives.

• rendering/RenderThemeMac.mm:

(WebCore::paintAttachmentTitleBackground):
(WebCore::addAttachmentTitleBackgroundRightCorner): Deleted.
(WebCore::addAttachmentTitleBackgroundLeftCorner): Deleted.
Remove shrink-wrapping implementation and make use of the one in PathUtilities.

• testing/Internals.cpp:

(WebCore::Internals::pathWithShrinkWrappedRects):

• testing/Internals.h:
• testing/Internals.idl:

Expose pathWithShrinkWrappedRects to tests via Internals.
It takes a sequence<double> where every four values are the x, y, w, h
of a rect, and returns a DOMPath which can be used with Canvas.

• fast/shrink-wrap/rect-shrink-wrap-expected.png: Added.
• fast/shrink-wrap/rect-shrink-wrap-expected.txt: Added.
• fast/shrink-wrap/rect-shrink-wrap.html: Added.

Add a test of both working and broken (indicated by comments in the test)
shrink-wrapping cases.

2:07 PM Changeset in webkit [186857] by enrica@apple.com

• 2 edits in trunk/Source/WebCore

[iOS] Should look for RTF and RTFD pasteboard types before plain text.
​https://bugs.webkit.org/show_bug.cgi?id=146971
rdar://problem/21840845

Reviewed by Sam Weinig.

The list of pasteboard types returned by supportedPasteboardTypes
determines the order in which WebKit looks for data in the pasteboard
to create a fragment. The incorrect order could make plain text to
be preferred over rich format.

• platform/ios/PasteboardIOS.mm:

(WebCore::Pasteboard::supportedPasteboardTypes):

2:06 PM Changeset in webkit [186856] by andersca@apple.com

• 2 edits in trunk/Source/WebCore

Private headers that include project headers should also be project headers
​https://bugs.webkit.org/show_bug.cgi?id=146974

Reviewed by Dan Bernstein.

Since these headers can't be included by WebKit anyway they shouldn't be installed.

• WebCore.xcodeproj/project.pbxproj:

2:05 PM Changeset in webkit [186855] by matthew_hanson@apple.com

• 28 edits
  4 adds in branches/safari-600.8-branch

Merge r186763. rdar://problem/21707917

1:49 PM Changeset in webkit [186854] by eric.carlson@apple.com

• 6 edits in trunk/Source/WebCore

[Mac] AirPlay route is not always set automatically
​https://bugs.webkit.org/show_bug.cgi?id=146969

Reviewed by Jer Noble.

• Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::WebMediaSessionManager::configurePlaybackTargetClients): Return early if there are

no clients. Make the first client in the vector automatically play to the target if there
is no other match and there is an active route.

(WebCore::WebMediaSessionManager::watchdogTimerFired): Call picker.invalidatePlaybackTargets,

not stopMonitoringPlaybackTargets.

• platform/graphics/MediaPlaybackTargetPicker.cpp:

(WebCore::MediaPlaybackTargetPicker::invalidatePlaybackTargets): New.

• platform/graphics/MediaPlaybackTargetPicker.h:

• platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
• platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::stopMonitoringPlaybackTargets): Do nothing, AirPlay

automatically stops monitoring when appropriate and release the picker also releases
the output context, which drops the route.

(WebCore::MediaPlaybackTargetPickerMac::invalidatePlaybackTargets): New.

1:36 PM Changeset in webkit [186853] by andersca@apple.com

• 1 edit
  5 deletes in trunk/Source/WebCore

Remove forwarding headers that no longer point to valid headers
​https://bugs.webkit.org/show_bug.cgi?id=146972

Reviewed by Tim Horton.

• ForwardingHeaders/heap/AllocationSpace.h: Removed.
• ForwardingHeaders/runtime/IntegralTypedArrayBase.h: Removed.
• ForwardingHeaders/runtime/PrototypeFunction.h: Removed.
• ForwardingHeaders/runtime/StorageBarrier.h: Removed.
• ForwardingHeaders/runtime/TypedArrayBase.h: Removed.

1:34 PM Changeset in webkit [186852] by Michael Catanzaro

• 3 edits in trunk/Source/WebKit2

[GTK] Rename LIBEXECDIR to PKGLIBEXECDIR
​https://bugs.webkit.org/show_bug.cgi?id=140070

Reviewed by Martin Robinson.

The path that's currently stored in LIBEXECDIR is one level lower than
the real LIBEXECDIR, which we are going to need. Introduce PKGLIBEXECDIR
so that we can use LIBEXECDIR for the real LIBEXECDIR in the future.

• PlatformGTK.cmake:
• Shared/gtk/ProcessExecutablePathGtk.cpp:

(WebKit::findWebKitProcess):

11:32 AM Changeset in webkit [186851] by basile_clement@apple.com

• 2 edits in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Change sizeof(Register) to sizeof(void*)

Rubber-stamped by Michael Saboff.

sizeof(void*) is the actual size of a pointer on the current
architecture, while sizeof(Register) is the size of a 64-bit JS slot.
They are the technically the same since FTL only works on 64-bit
architectures, but we should still use the semantically correct one.

• ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::emit):

11:02 AM Changeset in webkit [186850] by dbates@webkit.org

• 2 edits in trunk/Source/WebKit2

[Mac][WK2] Videos should only have access to cookies when -[NSURLRequest HTTPShouldHandleCookies] is YES
​https://bugs.webkit.org/show_bug.cgi?id=146763
<rdar://problem/21736994>

Reviewed by Darin Adler.

We should only fetch cookies from the Network process when -[NSURLRequest HTTPShouldHandleCookies] is YES.
This makes us more closely match the behavior of the CFNetwork implementation of
-[NSURLSessionLocal {_copyCookiesForRequestUsingAllAppropriateStorageSemantics, _getCookieHeadersForTask:completionHandler}].

• Shared/mac/CookieStorageShim.mm:

(-[WKNSURLSessionLocal _copyCookiesForRequestUsingAllAppropriateStorageSemantics:]):
(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

10:52 AM Changeset in webkit [186849] by enrica@apple.com

• 7 edits in trunk/Source/WebKit2

[iOS] Add support for updateSelectionWithExtentPoint:withBoundary.
​https://bugs.webkit.org/show_bug.cgi?id=146951
rdar://problem/20864286

Reviewed by Tim Horton.

Add implementation for new method used by text selection
engine on iOS. The new function modifies the selection near the given point
and snaps it at the boundary of the specified granularity.

• UIProcess/WebPageProxy.h:
• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView updateSelectionWithExtentPoint:completionHandler:]):
(-[WKContentView updateSelectionWithExtentPoint:withBoundary:completionHandler:]):
(-[WKContentView _characterBeforeCaretSelection]):

• UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::updateSelectionWithExtentPoint):
(WebKit::WebPageProxy::updateSelectionWithExtentPointAndBoundary):
(WebKit::WebPageProxy::requestDictationContext):

• WebProcess/WebPage/WebPage.h:
• WebProcess/WebPage/WebPage.messages.in:
• WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::rangeForGranularityAtPoint):
(WebKit::WebPage::selectTextWithGranularityAtPoint):
(WebKit::WebPage::updateSelectionWithExtentPointAndBoundary):

10:42 AM Changeset in webkit [186848] by basile_clement@apple.com

• 3 edits in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Only non-constructors functions are candidate for tail calls
​https://bugs.webkit.org/show_bug.cgi?id=146967

Reviewed by Saam Barati.

Previously, we were emitting tail calls in any ScopeNode. This is
wrong: we should only be emitting tail calls in FunctionNodes that are
not ES6 constructors.

• bytecompiler/NodesCodegen.cpp:

(JSC::ScopeNode::emitStatementsBytecode):
(JSC::FunctionNode::emitBytecode):

• parser/Nodes.h:

9:04 AM Changeset in webkit [186847] by matthew_hanson@apple.com

• 10 edits
  2 adds in branches/safari-600.8-branch

Merge r186744. rdar://problem/21716371

9:04 AM Changeset in webkit [186846] by matthew_hanson@apple.com

• 14 edits in branches/safari-600.8-branch/Source/WebKit2

Merge r186804. rdar://problem/21716368

9:04 AM Changeset in webkit [186845] by matthew_hanson@apple.com

• 6 edits
  12 adds in branches/safari-600.8-branch

Merge r186793. rdar://problem/21707880

9:04 AM Changeset in webkit [186844] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.8-branch/LayoutTests

Merge r186790. rdar://problem/21708063

9:04 AM Changeset in webkit [186843] by matthew_hanson@apple.com

• 8 edits
  8 adds in branches/safari-600.8-branch

Merge r186749. rdar://problem/21532770

9:04 AM Changeset in webkit [186842] by matthew_hanson@apple.com

• 3 edits
  2 adds in branches/safari-600.8-branch

Merge r186747. rdar://problem/21716398

9:04 AM Changeset in webkit [186841] by matthew_hanson@apple.com

• 4 edits
  2 adds in branches/safari-600.8-branch

Merge r186746. rdar://problem/21716391

9:02 AM Changeset in webkit [186840] by commit-queue@webkit.org

• 4 edits
  4 adds in trunk

Negative scroll snap repeat values cause web process to hang indefinitely
​https://bugs.webkit.org/show_bug.cgi?id=146953
Source/WebCore:

<rdar://problem/21823681>

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Simon Fraser.

Fixed dangerous behavior caused by setting -scroll-snap-points-x or -y to negative or very small
positive values. In the case of negative or 0 repeats, the web process would hang indefinitely. In
the case of very small positive values, a massive amount of memory could potentially be allocated
just to store snap offsets.

Tests: css3/scroll-snap/scroll-snap-negative-repeat.html

css3/scroll-snap/scroll-snap-subpixel-repeat.html

• css/CSSParser.cpp:

(WebCore::CSSParser::parseNonElementSnapPoints): Changed to consider negative snap repeat values as invalid CSS.

• page/scrolling/AxisScrollSnapOffsets.cpp:

(WebCore::updateFromStyle): Changed to threshold non-negative snap repeat values to 1px.

LayoutTests:

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Simon Fraser.

The first test case checks that setting -scroll-snap-points-x or -y to a negative value
will not cause the web process to hang. The second test case (in a similar vein) checks
that tiny subpixel snap repeats generate a reasonable number of snap offsets.

• css3/scroll-snap/scroll-snap-negative-repeat-expected.txt: Added.
• css3/scroll-snap/scroll-snap-negative-repeat.html: Added.
• css3/scroll-snap/scroll-snap-subpixel-repeat-expected.txt: Added.
• css3/scroll-snap/scroll-snap-subpixel-repeat.html: Added.

9:01 AM Changeset in webkit [186839] by Michael Catanzaro

• 2 edits in trunk/Source/WebKit2

[Linux] SeccompBrokerClient should cache arbitrary file descriptors
​https://bugs.webkit.org/show_bug.cgi?id=140068

Reviewed by Žan Doberšek.

If malloc() attempts to open /proc/sys/vm/overcommit_memory in a SIGSYS
signal handler, the SeccompBroker will attempt to recursively broker the
open() syscall. Generalize the existing code that already handles the
similar case where malloc() opens /sys/devices/system/cpu/online to
handle this situation as well.

• Shared/linux/SeccompFilters/SeccompBroker.cpp:

(WebKit::SIGSYSHandler):
(WebKit::SeccompBrokerClient::SeccompBrokerClient):
(WebKit::SeccompBrokerClient::~SeccompBrokerClient):
(WebKit::SeccompBrokerClient::handleIfOpeningCachedFile):
(WebKit::SeccompBrokerClient::cacheFile):
(WebKit::SeccompBrokerClient::handleIfOpeningOnlineCPUCount): Deleted.

7:47 AM Changeset in webkit [186838] by ddkilzer@apple.com

• 2 edits in branches/safari-600.1.4.17-branch/Source/WebKit2

REGRESSION (r186559): Follow-up fix to merge r183861 for <rdar://problem/21716677>

• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::cleanup): Restore call to
deref() so we don't leak the NetworkResourceLoader.

7:22 AM Changeset in webkit [186837] by dino@apple.com

• 3 edits in trunk/Source/WebCore

Placeholder colors should be system grays
​https://bugs.webkit.org/show_bug.cgi?id=146955
<rdar://problem/21774358>

Reviewed by Sam Weinig.

Update the PiP and Airplay placards to use the correct shades
of gray.

• Modules/mediacontrols/mediaControlsApple.css: No need to specify the

font here, nor have rules for Picture in Picture, which isn't available
on OS X.
(audio::-webkit-media-controls-time-remaining-display): We should specify
font style here.
(video:-webkit-full-screen::-webkit-media-controls-panel): Drive-by cleanup.
(audio::-webkit-media-controls-wireless-playback-status): Use a gray background
and system gray for text and artwork.
(audio::-webkit-media-controls-wireless-playback-status.small): Ditto.
(audio::-webkit-media-controls-picture-in-picture-button): Deleted (not on OS X).
(audio::-webkit-media-controls-wireless-playback-text-top): Deleted use of background color.
(audio::-webkit-media-controls-wireless-playback-text-bottom): Ditto..

• Modules/mediacontrols/mediaControlsiOS.css: Use a gray background

and system gray for text and artwork.
(audio::-webkit-media-controls-wireless-playback-status):
(audio::-webkit-media-controls-wireless-playback-text-top):
(audio::-webkit-media-controls-wireless-playback-status.picture-in-picture):

7:15 AM Changeset in webkit [186836] by ddkilzer@apple.com

• 2 edits in trunk/LayoutTests

http/tests/misc/large-js-program.php crashes slowly in Debug builds on Windows

Fix is tracked by <rdar://problem/21816197>.

After r186813, the test was found to also crash in Debug builds
on Windows; it just needed more time to do so:

<​https://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fmisc%2Flarge-js-program.php>

• platform/win/TestExpectations: Mark test as slow and crashing:
• http/tests/misc/large-js-program.php

6:34 AM Changeset in webkit [186835] by ChangSeok Oh

• 3 edits in trunk/Source/WebKit2

[GTK] Accelerated compositing is enabled by MiniBrowser in Wayland
​https://bugs.webkit.org/show_bug.cgi?id=146827

Reviewed by Žan Doberšek.

WebKit2Gtk+ does not currently support accelerated compositing. For the reason,
we forcedly disable it in webkitWebViewBaseCreateWebPage. However, when we launch
MiniBrowser in wayland, the unsupported feature is re-enabled since the existing
setting is overwritten by a newly created one. Here the default value for
accelerated compositing is true. We can fix this by moving the code disabling
accelerated composition to WebPreferences::platformInitializeStore() so that
we make sure the accelerated compositing is always disabled for wayland.

• UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseCreateWebPage): Deleted.

• UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformInitializeStore):

1:33 AM Changeset in webkit [186834] by mitz@apple.com

• 2 edits in trunk/Source/WebKit2

Fixed build fix.

• Platform/spi/ios/SafariServicesSPI.h:

Jul 14, 2015:

11:43 PM Changeset in webkit [186833] by ryuan.choi@navercorp.com

• 2 edits in trunk/Source/WebKit2

[CoordinatedGraphics] Possible wrong rendering with scrolling
​https://bugs.webkit.org/show_bug.cgi?id=146958

Reviewed by Gyuyoung Kim.

While r174261 fixing build break, there is some mistake that flushes contents layer
instead of overlay layer.

• WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:

(WebKit::CoordinatedLayerTreeHost::didFlushRootLayer):

11:29 PM Changeset in webkit [186832] by mitz@apple.com

• 2 edits in trunk/Source/WebKit2

Attempted build fixes.

• Platform/spi/ios/SafariServicesSPI.h:

10:04 PM Changeset in webkit [186831] by Nikita Vasilyev

• 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r186698): Web Inspector: Frame selector is monospace again
​https://bugs.webkit.org/show_bug.cgi?id=146954

Reviewed by Joseph Pecoraro.

• UserInterface/Views/HierarchicalPathComponent.css:

(.hierarchical-path-component):

9:42 PM Changeset in webkit [186830] by mitz@apple.com

• 2 edits in trunk/Source/WebKit2

Attempted build fixes.

• Platform/spi/ios/SafariServicesSPI.h:

9:16 PM Changeset in webkit [186829] by commit-queue@webkit.org

• 9 edits
  4 adds
  6 deletes in trunk/Source/WebCore

[EFL] Scrollbar is not drawn on MiniBrowser.
​https://bugs.webkit.org/show_bug.cgi?id=143566

Patch by Hunseop Jeong <Hunseop Jeong> on 2015-07-14
Reviewed by Gyuyoung Kim.

Implement the ScrollbarThemeEfl to draw the scrollbar on EFL port.

• PlatformEfl.cmake: Removed the ScrollbarEfl.cpp.

• platform/Scrollbar.cpp: Removed the !PLATFORM(EFL) guard to use the createNativeScrollbar().

• platform/efl/DefaultTheme/CMakeLists.txt: Replaced the image files with new ones.

• platform/efl/DefaultTheme/widget/scrollbar/scrollbar.edc:
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_bg_horizontal.png: Added.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_bg_vertical.png: Added.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_h.png: Removed.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_knob_h.png: Removed.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_knob_v.png: Removed.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_thumb_horizontal.png: Added.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_thumb_vertical.png: Added.
• platform/efl/DefaultTheme/widget/scrollbar/scrollbar_v.png: Removed.
• platform/efl/RenderThemeEfl.cpp:

(WebCore::toEdjeGroup):
(WebCore::RenderThemeEfl::paintThemePart): Added the new function to draw the scrollbar

using the RenderThemeEfl.

• platform/efl/RenderThemeEfl.h:
• platform/efl/ScrollbarEfl.cpp: Removed.
• platform/efl/ScrollbarEfl.h: Removed.
• platform/efl/ScrollbarThemeEfl.cpp: Implemented the default functions to draw the scrollbar.

(WebCore::scrollbarMap):
(WebCore::ScrollbarThemeEfl::~ScrollbarThemeEfl):
(WebCore::ScrollbarThemeEfl::scrollbarThickness):
(WebCore::ScrollbarThemeEfl::hasThumb):
(WebCore::ScrollbarThemeEfl::backButtonRect):
(WebCore::ScrollbarThemeEfl::forwardButtonRect):
(WebCore::ScrollbarThemeEfl::trackRect):
(WebCore::ScrollbarThemeEfl::minimumThumbLength):
(WebCore::ScrollbarThemeEfl::paintTrackBackground):
(WebCore::ScrollbarThemeEfl::paintThumb):
(WebCore::ScrollbarThemeEfl::registerScrollbar):
(WebCore::ScrollbarThemeEfl::unregisterScrollbar):
(WebCore::ScrollbarThemeEfl::loadThemeIfNeeded):

• platform/efl/ScrollbarThemeEfl.h:

(WebCore::ScrollbarThemeEfl::usesOverlayScrollbars):

7:12 PM Changeset in webkit [186828] by akling@apple.com

• 2 edits in trunk/Source/WebCore

Don't persist history item tree for subframes across reloads.
<​https://webkit.org/b/146937>
<rdar://problem/19925709>

Reviewed by Brady Eidson.

Throw away the subframe history items when reloading a page. This ensures that we
don't accumulate outdated frame metadata when subframes change name across page loads.
Since the history item tree is encoded in the UA session state and gets serialized to
disk, it's important that we don't let it grow unbounded.

• loader/HistoryController.cpp:

(WebCore::HistoryController::updateForReload):

5:23 PM Changeset in webkit [186827] by mmaxfield@apple.com

• 5 edits
  2 adds in trunk

REGRESSION (r177876): store.apple.com profile and cart icons are missing
​https://bugs.webkit.org/show_bug.cgi?id=146894

Patch by Antti Koivisto <Antti Koivisto> on 2015-07-14
Reviewed by Myles C. Maxfield.

Source/WebCore:

If we had several @font-face rules for the same face covering overlapping ranges we
would only try to get glyphs from the first one. If it didn't have the glyph we wouldn't
try the other ones.

Test: fast/css/font-face-multiple-missing-glyphs.html

• platform/graphics/FontCascadeFonts.cpp:

(WebCore::FontCascadeFonts::glyphDataForVariant):
(WebCore::FontCascadeFonts::glyphDataForNormalVariant):

Get GlyphData with one call.

• platform/graphics/FontRanges.cpp:

(WebCore::FontRanges::~FontRanges):
(WebCore::FontRanges::glyphDataForCharacter):

Check that we actually have a glyph in the font for the character before returning it.

(WebCore::FontRanges::fontForCharacter):
(WebCore::FontRanges::fontForFirstRange):

• platform/graphics/FontRanges.h:

(WebCore::FontRanges::size):
(WebCore::FontRanges::rangeAt):

LayoutTests:

• fast/css/font-face-multiple-missing-glyphs-expected.html: Added.
• fast/css/font-face-multiple-missing-glyphs.html: Added.

4:50 PM Changeset in webkit [186826] by andersca@apple.com

• 6 edits in trunk

Assertions.h should include ExportMacros.h
​https://bugs.webkit.org/show_bug.cgi?id=146948

Reviewed by Tim Horton.

Source/JavaScriptCore:

Remove now unneeded WTF_EXPORT_PRIVATE define.

• API/JSBase.h:

Source/WTF:

• wtf/Assertions.h:

Tools:

Remove now unneeded WTF_EXPORT_PRIVATE define.

• DumpRenderTree/cg/ImageDiffCG.cpp:

4:50 PM Changeset in webkit [186825] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Fix the 32 bit build after r186817
​https://bugs.webkit.org/show_bug.cgi?id=146947

Changed CGRect to NSRect.

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-14
Reviewed by Simon Fraser.

• platform/mac/ThemeMac.mm:

(WebCore::paintButton):

4:38 PM Changeset in webkit [186824] by Matt Baker

• 4 edits in trunk/Source/WebInspectorUI

Web Inspector: TimelineRuler minimum selection time range should be configurable
​https://bugs.webkit.org/show_bug.cgi?id=146944

Reviewed by Joseph Pecoraro.

• UserInterface/Views/RenderingFrameTimelineOverview.js:

Set minimum selection to 1 frame.

• UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview.prototype.set selectionDuration):
Use ruler's minimum duration.

• UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler):
(WebInspector.TimelineRuler.prototype.get minimumSelectionDuration):
(WebInspector.TimelineRuler.prototype.set minimumSelectionDuration):
(WebInspector.TimelineRuler.prototype._handleMouseUp):
(WebInspector.TimelineRuler.prototype._handleSelectionHandleMouseMove):
Added property for setting minimum selection duration. Default minimum duration is 0.01, which is
equal to the old hard-coded minimum selection time range.

4:13 PM Changeset in webkit [186823] by Lucas Forschler

• 2 edits in trunk/Source/WebKit

Teach platformMac.cmake about El Capitan WKSI.
<rdar://problem/21822469>

Reviewed by Alex Christensen.

• PlatformMac.cmake:

3:33 PM Changeset in webkit [186822] by basile_clement@apple.com

• 5 edits in branches/jsc-tailcall/Source/JavaScriptCore

[ES6] Recognize calls in tail position
​https://bugs.webkit.org/show_bug.cgi?id=146481

Reviewed by Saam Barati.

This patch adds the capability for the bytecode generator to recognize
and dispatch tail calls, as per ES6 spec:
​http://www.ecma-international.org/ecma-262/6.0/#sec-isintailposition

This does not change the generated bytecode, but merely provides the
hook for generating tail calls in subsequent patches toward
​https://bugs.webkit.org/show_bug.cgi?id=146477

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitTailCall):
(JSC::BytecodeGenerator::emitTailCallVarargs):

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitNode):

• bytecompiler/NodesCodegen.cpp:

(JSC::ConstantNode::emitBytecode):
(JSC::NumberNode::emitBytecode):
(JSC::RegExpNode::emitBytecode):
(JSC::ThisNode::emitBytecode):
(JSC::SuperNode::emitBytecode):
(JSC::ResolveNode::emitBytecode):
(JSC::TemplateStringNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode):
(JSC::TaggedTemplateNode::emitBytecode):
(JSC::ArrayNode::emitBytecode):
(JSC::ObjectLiteralNode::emitBytecode):
(JSC::PropertyListNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::ArgumentListNode::emitBytecode):
(JSC::NewExprNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::BytecodeIntrinsicNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitBytecode):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::DeleteBracketNode::emitBytecode):
(JSC::DeleteDotNode::emitBytecode):
(JSC::DeleteValueNode::emitBytecode):
(JSC::VoidNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::TypeOfValueNode::emitBytecode):
(JSC::PrefixNode::emitBytecode):
(JSC::UnaryOpNode::emitBytecode):
(JSC::BitwiseNotNode::emitBytecode):
(JSC::BinaryOpNode::emitBytecode):
(JSC::EqualNode::emitBytecode):
(JSC::StrictEqualNode::emitBytecode):
(JSC::ThrowableBinaryOpNode::emitBytecode):
(JSC::InstanceOfNode::emitBytecode):
(JSC::LogicalOpNode::emitBytecode):
(JSC::ConditionalNode::emitBytecode):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::AssignDotNode::emitBytecode):
(JSC::ReadModifyDotNode::emitBytecode):
(JSC::AssignErrorNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
(JSC::ReadModifyBracketNode::emitBytecode):
(JSC::CommaNode::emitBytecode):
(JSC::ConstDeclNode::emitBytecode):
(JSC::ConstStatementNode::emitBytecode):
(JSC::SourceElements::emitBytecode):
(JSC::BlockNode::emitBytecode):
(JSC::EmptyStatementNode::emitBytecode):
(JSC::DebuggerStatementNode::emitBytecode):
(JSC::ExprStatementNode::emitBytecode):
(JSC::VarStatementNode::emitBytecode):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::IfElseNode::emitBytecode):
(JSC::DoWhileNode::emitBytecode):
(JSC::WhileNode::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
(JSC::ForOfNode::emitBytecode):
(JSC::ContinueNode::emitBytecode):
(JSC::BreakNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::CaseClauseNode::emitBytecode):
(JSC::CaseBlockNode::emitBytecodeForBlock):
(JSC::SwitchNode::emitBytecode):
(JSC::LabelNode::emitBytecode):
(JSC::ThrowNode::emitBytecode):
(JSC::TryNode::emitBytecode):
(JSC::ScopeNode::emitStatementsBytecode):
(JSC::ProgramNode::emitBytecode):
(JSC::EvalNode::emitBytecode):
(JSC::FunctionBodyNode::emitBytecode):
(JSC::FunctionNode::emitBytecode):
(JSC::FuncDeclNode::emitBytecode):
(JSC::FuncExprNode::emitBytecode):
(JSC::ClassDeclNode::emitBytecode):
(JSC::ClassExprNode::emitBytecode):
(JSC::DestructuringAssignmentNode::emitBytecode):
(JSC::SpreadExpressionNode::emitBytecode):

• parser/Nodes.h:

3:24 PM Changeset in webkit [186821] by andersca@apple.com

• 7 edits in trunk/Source

Remove wkPopupMenu from WebCoreSystemInterface; it's not called from WebCore
​https://bugs.webkit.org/show_bug.cgi?id=146945

Reviewed by Tim Horton.

Source/WebCore:

• platform/mac/WebCoreSystemInterface.h:

Source/WebKit/mac:

• WebCoreSupport/PopupMenuMac.mm:

(PopupMenuMac::show):

• WebCoreSupport/WebSystemInterface.mm:

(InitWebCoreSystemInterface): Deleted.

Source/WebKit2:

• WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:

(InitWebCoreSystemInterface): Deleted.

3:06 PM Changeset in webkit [186820] by basile_clement@apple.com

• 15 edits
  2 deletes in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Get rid of the arity fixup return thunk
​https://bugs.webkit.org/show_bug.cgi?id=146847

Reviewed by Michael Saboff.

This removes the arity check fail return thunk since it is now the
caller's responsibility to restore the stack pointer.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGJITCompiler.cpp:
• ftl/FTLLink.cpp:
• jit/ArityCheckFailReturnThunks.cpp: Removed.
• jit/ArityCheckFailReturnThunks.h: Removed.
• jit/JIT.cpp:
• jit/ThunkGenerators.cpp:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/CommonSlowPaths.cpp:

(JSC::setupArityCheckData):

• runtime/CommonSlowPaths.h:
• runtime/Options.h:
• runtime/VM.cpp:
• runtime/VM.h:

2:56 PM Changeset in webkit [186819] by mmirman@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Repatch. Makes compileArithSub in the DFG ensure that the constant is an int32.
​https://bugs.webkit.org/show_bug.cgi?id=146910
rdar://problem/21729083

Reviewed by Filip Pizlo.

Also fixes the debug build problem where all edges are assumed to
have UntypedUse before the fixup phase.

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithSub):

• dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validateEdgeWithDoubleResultIfNecessary):

• tests/stress/arith-add-with-constants.js: Added some tests for this case.

(arithAdd42WrittenAsInteger):
(testArithAdd42WrittenAsInteger):
(arithSub42WrittenAsDouble):
(testArithSub42WrittenAsDouble):
(doubleConstant):
(testDoubleConstant): Added test for the case of +0.0 and Math.min(0.0)
(arithAdd42WrittenAsDouble): Deleted.
(testArithAdd42WrittenAsDouble): Deleted.

2:46 PM Changeset in webkit [186818] by basile_clement@apple.com

• 2 edits in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Temporarily disable FTL
​https://bugs.webkit.org/show_bug.cgi?id=146941

Rubber-stamped by Michael Saboff.

• runtime/Options.h:

2:39 PM Changeset in webkit [186817] by commit-queue@webkit.org

• 5 edits in trunk/Source/WebCore

Input buttons rendered at the wrong size when pinching-to-zoom
​https://bugs.webkit.org/show_bug.cgi?id=146916

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-14
Reviewed by Dean Jackson.

Scales buttons and their focus rects up when pinching to zoom by painting to an offscreen ImageBuffer which is
then scaled and painted onto the display.

• platform/Theme.h: Modified signature of Theme::paint.

(WebCore::Theme::paint): Added plumbing necessary to send the device and page scale factors to paintButton.

• platform/mac/ThemeMac.h: Modified signature of paintButton.
• platform/mac/ThemeMac.mm: Added ImageBuffer.h header.

(WebCore::buttonFocusRectOutlineWidth): Represents the width of the focus rect of a button. Used by paintButton

to determine the size of the ImageBuffer required to draw a focus rect.

(WebCore::paintButton): Changed to paint button cells and the focus rect, if applicable, to a temporary ImageBuffer

before painting the ImageBuffer onto the view. Refactored to receive a deviceScaleFactor and page scale factor,
used when painting to the ImageBuffer.

(WebCore::ThemeMac::paint): Added plumbing necessary to send the device and page scale factors to paintButton.

• rendering/RenderTheme.cpp: Modified signature of RenderTheme::paint.

(WebCore::RenderTheme::paint): Added plumbing necessary to send the device and page scale factors to paintButton.

2:19 PM Changeset in webkit [186816] by commit-queue@webkit.org

• 6 edits
  2 deletes in trunk

Unreviewed, rolling out r186809.
​https://bugs.webkit.org/show_bug.cgi?id=146943

Caused about 190 layout test failures. (Requested by mlam_ on
#webkit).

Reverted changeset:

"REGRESSION (r177876): store.apple.com profile and cart icons
are missing"
​https://bugs.webkit.org/show_bug.cgi?id=146894
​http://trac.webkit.org/changeset/186809

2:18 PM Changeset in webkit [186815] by basile_clement@apple.com

• 6 edits in branches/jsc-tailcall/Source/JavaScriptCore

JavaScript functions should restore the stack pointer after a call
​https://bugs.webkit.org/show_bug.cgi?id=146846

Reviewed by Michael Saboff.

This patch makes it so that the DFG and FTL JIT are restoring the stack
pointer after a call and no longer relying on it still being valid.

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

• ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::emit):

• ftl/FTLJSCall.h:

2:06 PM Changeset in webkit [186814] by andersca@apple.com

• 2 edits in trunk/Source/WebKit2

Release assert under StyleResolver::loadPendingImages() caused by MemoryPressureHandler
​https://bugs.webkit.org/show_bug.cgi?id=146940
rdar://problem/21605505

Reviewed by Sam Weinig.

• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::processWillSuspendImminently):

2:05 PM Changeset in webkit [186813] by ddkilzer@apple.com

• 2 edits in trunk/LayoutTests

http/tests/misc/large-js-program.php crashes in Release, times out in Debug, on Windows

Fix is tracked by <rdar://problem/21816197>.

• platform/win/TestExpectations: Mark test as crashing in

Release and timing out on Debug:

• http/tests/misc/large-js-program.php

1:39 PM Changeset in webkit [186812] by weinig@apple.com

• 2 edits in trunk/Source/WebKit2

WebKit needs to serialize numeric values in NSError userInfo
<rdar://problem/21818117>
​https://bugs.webkit.org/show_bug.cgi?id=146936

Reviewed by Anders Carlsson.

• Shared/mac/WebCoreArgumentCodersMac.mm:

(IPC::ArgumentCoder<ResourceError>::encodePlatformData):
Encode userInfo values that are NSNumbers in addition to NSStrings and NSURLs. Decoding
is already handled.

1:18 PM Changeset in webkit [186811] by mmirman@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r186805.

Made raytracer on octane 80% slower

Reverted changeset:

"Makes compileArithSub in the DFG ensure that the constant is
an int32."
​https://bugs.webkit.org/show_bug.cgi?id=146910
​http://trac.webkit.org/changeset/186805

1:06 PM Changeset in webkit [186810] by Michael Catanzaro

• 5 edits
  1 copy
  2 adds in trunk/Source/WebKit2

[Linux] SeccompFilters: whitelist all NPAPI plugin directories
​https://bugs.webkit.org/show_bug.cgi?id=140067

Reviewed by Žan Doberšek.

• PlatformEfl.cmake: Build PluginSearchPath.cpp
• PlatformGTK.cmake: Build PluginSearchPath.cpp
• Shared/Plugins/unix/PluginSearchPath.cpp: Added.

(WebKit::pluginsDirectories): Moved from PluginInfoStoreUnix.cpp.

• Shared/Plugins/unix/PluginSearchPath.h: Added.
• Shared/linux/SeccompFilters/SyscallPolicy.cpp:

(WebKit::SyscallPolicy::addDefaultWebProcessPolicy): Add the entire
plugin search path to the whitelist.

• UIProcess/Plugins/unix/PluginInfoStoreUnix.cpp:

(WebKit::PluginInfoStore::pluginsDirectories): Now gets plugins
directories from PluginSearchPath.cpp

12:50 PM Changeset in webkit [186809] by mmaxfield@apple.com

• 6 edits
  2 adds in trunk

REGRESSION (r177876): store.apple.com profile and cart icons are missing
​https://bugs.webkit.org/show_bug.cgi?id=146894

Patch by Antti Koivisto <Antti Koivisto> on 2015-07-14
Reviewed by Myles C. Maxfield.

Source/WebCore:

If we had several @font-face rules for the same face covering overlapping ranges we
would only try to get glyphs from the first one. If it didn't have the glyph we wouldn't
try the other ones.

Test: fast/css/font-face-multiple-missing-glyphs.html

• platform/graphics/FontCascadeFonts.cpp:

(WebCore::FontCascadeFonts::glyphDataForVariant):
(WebCore::FontCascadeFonts::glyphDataForNormalVariant):

Get GlyphData with one call.

• platform/graphics/FontRanges.cpp:

(WebCore::FontRanges::~FontRanges):
(WebCore::FontRanges::glyphDataForCharacter):

Check that we actually have a glyph in the font for the character before returning it.

(WebCore::FontRanges::fontForCharacter):
(WebCore::FontRanges::fontForFirstRange):

• platform/graphics/FontRanges.h:

(WebCore::FontRanges::size):
(WebCore::FontRanges::rangeAt):

LayoutTests:

• fast/css/font-face-multiple-missing-glyphs-expected.html: Added.
• fast/css/font-face-multiple-missing-glyphs.html: Added.

10:37 AM Changeset in webkit [186808] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebKit2

​https://bugs.webkit.org/show_bug.cgi?id=146917
iOS WebKit doesn't build.
rdar://problem/21801544

Fix the build - don't use deprecated methods.

Patch by Yongjun Zhang <​yongjun_zhang@apple.com> on 2015-07-14
Reviewed by Dan Bernstein.

• UIProcess/ios/WKContentViewInteraction.h:
• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _registerPreviewInWindow:]):
(-[WKContentView _unregisterPreviewInWindow:]):

10:36 AM Changeset in webkit [186807] by commit-queue@webkit.org

• 4 edits
  15 adds in trunk

[Content Extensions] Fix if-domain and unless-domain when loading main documents.
​https://bugs.webkit.org/show_bug.cgi?id=146868

Patch by Alex Christensen <​achristensen@webkit.org> on 2015-07-14
Reviewed by Benjamin Poulain.

Source/WebCore:

Tests: http/tests/contentextensions/block-everything-if-domain.html

http/tests/contentextensions/block-everything-unless-domain-iframe.html
http/tests/contentextensions/block-everything-unless-domain-redirect.php
http/tests/contentextensions/block-everything-unless-domain.html

• contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
If we are loading a new main document, use that main document url as the main document url for domain comparison.

LayoutTests:

• http/tests/contentextensions/block-everything-if-domain-expected.txt: Added.
• http/tests/contentextensions/block-everything-if-domain.html: Added.
• http/tests/contentextensions/block-everything-if-domain.html.json: Added.
• http/tests/contentextensions/block-everything-unless-domain-expected.txt: Added.
• http/tests/contentextensions/block-everything-unless-domain-iframe-expected.txt: Added.
• http/tests/contentextensions/block-everything-unless-domain-iframe.html: Added.
• http/tests/contentextensions/block-everything-unless-domain-iframe.html.json: Added.
• http/tests/contentextensions/block-everything-unless-domain-redirect-expected.txt: Added.
• http/tests/contentextensions/block-everything-unless-domain-redirect.php: Added.
• http/tests/contentextensions/block-everything-unless-domain-redirect.php.json: Added.
• http/tests/contentextensions/block-everything-unless-domain.html: Added.
• http/tests/contentextensions/block-everything-unless-domain.html.json: Added.
• http/tests/contentextensions/main-resource-redirect-blocked-expected.txt:
• http/tests/contentextensions/resources/block-everything-unless-domain-helper.html: Added.
• http/tests/contentextensions/resources/should-load.html: Added.
• http/tests/contentextensions/resources/should-not-load.html: Added.

10:26 AM Changeset in webkit [186806] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit2

​https://bugs.webkit.org/show_bug.cgi?id=146909
Add actions for default link preview that uses SFSafariViewController.

Use the new private properties to prepare actions for the default link preview controller.

Patch by Yongjun Zhang <​yongjun_zhang@apple.com> on 2015-07-14
Reviewed by Dan Bernstein.

• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView previewViewControllerForPosition:inSourceView:]):

10:24 AM Changeset in webkit [186805] by mmirman@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Makes compileArithSub in the DFG ensure that the constant is an int32.
​https://bugs.webkit.org/show_bug.cgi?id=146910
rdar://problem/21729083

Reviewed by Filip Pizlo.

Also fixes the debug build problem where all edges are assumed to
have UntypedUse before the fixup phase.

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithSub):

• dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validateEdgeWithDoubleResultIfNecessary):

• tests/stress/arith-add-with-constants.js: Added some tests for this case.

(arithAdd42WrittenAsInteger):
(testArithAdd42WrittenAsInteger):
(arithSub42WrittenAsDouble):
(testArithSub42WrittenAsDouble):
(doubleConstant):
(testDoubleConstant): Added test for the case of +0.0 and Math.min(0.0)
(arithAdd42WrittenAsDouble): Deleted.
(testArithAdd42WrittenAsDouble): Deleted.

9:16 AM Changeset in webkit [186804] by matthew_hanson@apple.com

• 14 edits in branches/safari-600.1.4.17-branch/Source/WebKit2

Merged r185877.

8:58 AM Changeset in webkit [186803] by weinig@apple.com

• 15 edits
  17 adds in trunk

DOM4: prepend, append, before, after & replace
​https://bugs.webkit.org/show_bug.cgi?id=74648

Reviewed by Darin Adler.

Source/WebCore:

• Adds support for ChildNode.before/after/replaceWith and ParentNode.prepend/append which are new functions in ​https://dom.spec.whatwg.org
• Uses custom bindings rather than implementing support for union types in the code generator as their uses seems isolated to just this spec at the moment. If more uses come along, we should implement proper support for them in the generator and remove the custom bindings added here.

Tests: fast/dom/ChildNode-after.html

fast/dom/ChildNode-before.html
fast/dom/ChildNode-replaceWith.html
fast/dom/ParentNode-append.html
fast/dom/ParentNode-prepend.html

• CMakeLists.txt:
• WebCore.vcxproj/WebCore.vcxproj:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSBindingsAllInOne.cpp:

Add new files.

• bindings/js/JSCharacterDataCustom.cpp: Added.

(WebCore::JSCharacterData::before):
(WebCore::JSCharacterData::after):
(WebCore::JSCharacterData::replaceWith):

• bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::prepend):
(WebCore::JSDocument::append):
(WebCore::JSDocument::createTouchList):

• bindings/js/JSDocumentFragmentCustom.cpp: Added.

(WebCore::JSDocumentFragment::prepend):
(WebCore::JSDocumentFragment::append):

• bindings/js/JSDocumentTypeCustom.cpp: Added.

(WebCore::JSDocumentType::before):
(WebCore::JSDocumentType::after):
(WebCore::JSDocumentType::replaceWith):

• bindings/js/JSElementCustom.cpp:

(WebCore::toJSNewlyCreated):
(WebCore::JSElement::before):
(WebCore::JSElement::after):
(WebCore::JSElement::replaceWith):
(WebCore::JSElement::prepend):
(WebCore::JSElement::append):
Add custom bindings to implement the use of variadic union types.

• bindings/js/JSNodeOrString.cpp: Added.

(WebCore::toNodeOrStringVector):

• bindings/js/JSNodeOrString.h: Added.

Adds a help function for converting an JS argument list into a Vector
of NodeOrString objects.

• dom/ChildNode.idl:

Expose before/after/replaceWith to JavaScript.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::append):
(WebCore::ContainerNode::prepend):

• dom/ContainerNode.h:

Add implementations of append and prepend.

• dom/Node.h:
• dom/Node.cpp:

(WebCore::nodeSetPreTransformedFromNodeOrStringVector):
(WebCore::firstPrecedingSiblingNotInNodeSet):
(WebCore::firstFollowingSiblingNotInNodeSet):
Helper functions for before, after and removeWith.

(WebCore::Node::before):
(WebCore::Node::after):
(WebCore::Node::replaceWith):
Add implementations of before, after and removeWith.

• dom/NodeOrString.cpp: Added.

(WebCore::convertNodesOrStringsIntoNode):

• dom/NodeOrString.h: Added.

(WebCore::NodeOrString::NodeOrString):
(WebCore::NodeOrString::~NodeOrString):
(WebCore::NodeOrString::type):
(WebCore::NodeOrString::node):
(WebCore::NodeOrString::string):
Custom union type representing the (Node or DOMString) IDL type.

• dom/ParentNode.idl:

Expose append/prepend to JavaScript.

LayoutTests:

• fast/dom/ChildNode-after-expected.txt: Added.
• fast/dom/ChildNode-after.html: Added.
• fast/dom/ChildNode-before-expected.txt: Added.
• fast/dom/ChildNode-before.html: Added.
• fast/dom/ChildNode-replaceWith-expected.txt: Added.
• fast/dom/ChildNode-replaceWith.html: Added.
• fast/dom/ParentNode-append-expected.txt: Added.
• fast/dom/ParentNode-append.html: Added.
• fast/dom/ParentNode-prepend-expected.txt: Added.
• fast/dom/ParentNode-prepend.html: Added.

8:35 AM Changeset in webkit [186802] by Michael Catanzaro

• 3 edits in trunk/Source/WebKit2

[Linux] SeccompFilters: whitelist source directory on all ports
​https://bugs.webkit.org/show_bug.cgi?id=140066

Reviewed by Žan Doberšek.

Move this from EFL to port-independent code.

• Shared/linux/SeccompFilters/SyscallPolicy.cpp:

(WebKit::SyscallPolicy::addDefaultWebProcessPolicy):

• WebProcess/efl/SeccompFiltersWebProcessEfl.cpp:

(WebKit::SeccompFiltersWebProcessEfl::platformInitialize):

1:53 AM Changeset in webkit [186801] by zandobersek@gmail.com

• 2 edits in trunk/Source/WebKit2

[GTK] Add a runtime check for X11 display in webkitWebViewBaseExitAcceleratedCompositingMode()
​https://bugs.webkit.org/show_bug.cgi?id=146711

Reviewed by Carlos Garcia Campos.

webkitWebViewBaseExitAcceleratedCompositingMode() is already guarded with
X11 build guards, but it should also do a runtime check that the program
is running under an X11 display before proceeding.

• UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseDidRelaunchWebProcess):

1:46 AM Changeset in webkit [186800] by clopez@igalia.com

• 4 edits in trunk

[GTK] [Wayland] Build by default the X11 and Wayland targets.
​https://bugs.webkit.org/show_bug.cgi?id=146057

Reviewed by Carlos Garcia Campos.

.:

• Source/cmake/OptionsGTK.cmake:

Tools:

• gtk/install-dependencies: