Timeline

Nov 16, 2016:

10:47 PM Changeset in webkit [208840] by Yusuke Suzuki

• 11 edits
  8 adds in trunk

[WebCore] Clean up script loading code in XML
​https://bugs.webkit.org/show_bug.cgi?id=161651

Reviewed by Ryosuke Niwa.

Source/WebCore:

This patch cleans up XML document script handling by using PendingScript.
Previously, we directly used CachedScript. But it is not good since we
have PendingScript wrapper.

We also disable ES6 modules for non HTML document. While ES6 modules tag
requires "defer" semantics, "defer" semantics is not implemented in non
HTML documents. And ES6 module tag is only specified in whatwg HTML spec.

• dom/LoadableClassicScript.cpp:

(WebCore::LoadableClassicScript::execute):

• dom/ScriptElement.cpp:

(WebCore::ScriptElement::determineScriptType):
(WebCore::ScriptElement::prepareScript):
(WebCore::ScriptElement::executeClassicScript):
(WebCore::ScriptElement::executePendingScript):
(WebCore::ScriptElement::executeScript): Deleted.
(WebCore::ScriptElement::executeScriptForScriptRunner): Deleted.

• dom/ScriptElement.h:
• dom/ScriptRunner.cpp:

(WebCore::ScriptRunner::timerFired):

• html/parser/HTMLDocumentParser.cpp:
• html/parser/HTMLScriptRunner.cpp:

(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
(WebCore::HTMLScriptRunner::runScript):

• xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::notifyFinished):

• xml/parser/XMLDocumentParser.h:
• xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::XMLDocumentParser::XMLDocumentParser):
(WebCore::XMLDocumentParser::~XMLDocumentParser):
(WebCore::XMLDocumentParser::endElementNs):

LayoutTests:

Add tests that ensure modules are not executed in XHTML documents.

• js/dom/modules/module-inline-dynamic-in-xhtml-expected.txt: Added.
• js/dom/modules/module-inline-dynamic-in-xhtml.xhtml: Added.
• js/dom/modules/module-inline-simple-in-xhtml-expected.txt: Added.
• js/dom/modules/module-inline-simple-in-xhtml.xhtml: Added.
• js/dom/modules/module-src-dynamic-in-xhtml-expected.txt: Added.
• js/dom/modules/module-src-dynamic-in-xhtml.xhtml: Added.
• js/dom/modules/module-src-simple-in-xhtml-expected.txt: Added.
• js/dom/modules/module-src-simple-in-xhtml.xhtml: Added.

10:24 PM Changeset in webkit [208839] by Chris Dumez

• 23 edits in trunk/Source/WebCore

Add Node::isDescendantOf() overload that takes in a reference
​https://bugs.webkit.org/show_bug.cgi?id=164854

Reviewed by Ryosuke Niwa.

Add Node::isDescendantOf() overload that takes in a reference as a lot
of call sites have a reference or a pointer they know is not null.

No new tests, no Web-exposed behavior change.

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::press):

• dom/Document.cpp:

(WebCore::isNodeInSubtree):
(WebCore::Document::removeFullScreenElementOfSubtree):
(WebCore::Document::setAnimatingFullScreen):

• dom/Node.cpp:

(WebCore::Node::isDescendantOf):
(WebCore::Node::isDescendantOrShadowDescendantOf):
(WebCore::Node::contains):

• dom/Node.h:

(WebCore::Node::isDescendantOf):

• dom/NodeIterator.cpp:

(WebCore::NodeIterator::updateForNodeRemoval):

• dom/SelectorQuery.cpp:

(WebCore::SelectorDataList::executeFastPathForIdSelector):
(WebCore::filterRootById):

• dom/TypedElementDescendantIterator.h:

(WebCore::TypedElementDescendantIteratorAdapter<ElementType>::beginAt):
(WebCore::TypedElementDescendantIteratorAdapter<ElementType>::from):
(WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::beginAt):
(WebCore::TypedElementDescendantConstIteratorAdapter<ElementType>::from):

• editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
(WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):

• editing/BreakBlockquoteCommand.cpp:

(WebCore::BreakBlockquoteCommand::doApply):

• editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::cloneParagraphUnderNewElement):

• editing/DeleteSelectionCommand.cpp:

(WebCore::DeleteSelectionCommand::handleGeneralDelete):
(WebCore::DeleteSelectionCommand::removePreviouslySelectedEmptyTableRows):
(WebCore::DeleteSelectionCommand::doApply):

• editing/EditingStyle.cpp:

(WebCore::EditingStyle::textDirectionForSelection):

• editing/FormatBlockCommand.cpp:

(WebCore::FormatBlockCommand::formatRange):

• editing/TextIterator.cpp:

(WebCore::TextIterator::advance):

• editing/VisiblePosition.cpp:

(WebCore::VisiblePosition::honorEditingBoundaryAtOrBefore):
(WebCore::VisiblePosition::honorEditingBoundaryAtOrAfter):

• editing/htmlediting.cpp:

(WebCore::firstEditablePositionAfterPositionInRoot):
(WebCore::lastEditablePositionBeforePositionInRoot):
(WebCore::selectionForParagraphIteration):

• editing/markup.cpp:

(WebCore::StyledMarkupAccumulator::traverseNodesForSerialization):

• html/CachedHTMLCollection.h:

(WebCore::traversalType>::namedItem):

• html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::formElementIndex):

• html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawFocusIfNeededInternal):

• page/EventHandler.cpp:

(WebCore::EventHandler::selectClosestContextualWordOrLinkFromMouseEvent):

• svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::getElementById):

9:46 PM Changeset in webkit [208838] by rniwa@webkit.org

• 5 edits in trunk/Source/WebCore

Fix build on macOS Sierra when WEB_PLAYBACK_CONTROLS_MANAGER is enabled
​https://bugs.webkit.org/show_bug.cgi?id=164845

Reviewed by Dan Bernstein.

Revert r208833 and fix the build by declaring AVFunctionBarMediaSelectionOption and AVThumbnail in AVKitSPI.h

• platform/mac/WebPlaybackControlsManager.h:
• platform/mac/WebPlaybackControlsManager.mm:

(-[WebPlaybackControlsManager generateFunctionBarAudioAmplitudeSamples:completionHandler:]):

• platform/mac/WebPlaybackSessionInterfaceMac.mm:

(WebCore::WebPlaybackSessionInterfaceMac::seekableRangesChanged):
(WebCore::WebPlaybackSessionInterfaceMac::audioMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::legibleMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::setPlayBackControlsManager):

• platform/spi/cocoa/AVKitSPI.h:

8:32 PM Changeset in webkit [208837] by rniwa@webkit.org

• 5 edits in trunk

REGRESSION(r208082): 1% Speedometer regression on iOS
​https://bugs.webkit.org/show_bug.cgi?id=164852

Reviewed by Chris Dumez.

Source/WebCore:

Temporarily disable CEReactions entirely to recover the regression in Speedometer since
reverting r208082 wouldn't remove CEReactions from other DOM APIs and if r208082 was a regression,
then they're likely causing a regression on Speedometer as well.

• dom/CustomElementReactionQueue.cpp:

(WebCore::CustomElementReactionStack::ElementQueue::add): Removed the release assert added in r208785
since reactions can be inserted into the backup queue while the queue is running.
(WebCore::CustomElementReactionStack::ElementQueue::invokeAll): Ditto.

• dom/CustomElementReactionQueue.h:

(WebCore::CustomElementReactionStack::CustomElementReactionStack): Removed all the code so that this
constructor would be optimized away by clang.
(WebCore::CustomElementReactionStack::~CustomElementReactionStack): Ditto.

LayoutTests:

Add failing test expectations for various custom elements now that CEReactions is not working.

• TestExpectations:

7:30 PM Changeset in webkit [208836] by matthew_hanson@apple.com

• 2 edits in tags/Safari-603.1.13/Source/WebKit2

Merge r208835. rdar://problem/29277451

6:23 PM Changeset in webkit [208835] by Brent Fulgham

• 2 edits in trunk/Source/WebKit2

Unreviewed build fix after r208589

The generated com.apple.WebKit.plugin-common.sb file was not getting copied into
the Resources folder, so was not deployed with WebKit. We need to treat it like
com.apple.WebProcess.sb and the other generated files.

• WebKit2.xcodeproj/project.pbxproj: Tell Xcode to include the generated file in

the framework Resources.

5:34 PM Changeset in webkit [208834] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

ExceptionFuzz needs to placate exception check verification before overwriting a thrown exception.
​https://bugs.webkit.org/show_bug.cgi?id=164843

Reviewed by Keith Miller.

The ThrowScope will check for unchecked simulated exceptions before throwing a
new exception. This ensures that we don't quietly overwrite a pending exception
(which should never happen, with the only exception being to rethrow the same
exception). However, ExceptionFuzz works by intentionally throwing its own
exception even when one may already exist thereby potentially overwriting an
existing exception. This is ok for ExceptionFuzz testing, but we need to placate
the exception check verifier before ExceptionFuzz throws its own exception.

• runtime/ExceptionFuzz.cpp:

(JSC::doExceptionFuzzing):

5:26 PM Changeset in webkit [208833] by rniwa@webkit.org

• 4 edits in trunk/Source/WebCore

Fix build on macOS Sierra when WEB_PLAYBACK_CONTROLS_MANAGER is enabled
​https://bugs.webkit.org/show_bug.cgi?id=164845

Reviewed by Wenson Hsieh.

Fix builds after r208802 by wrapping code inside USE(APPLE_INTERNAL_SDK).

• platform/mac/WebPlaybackControlsManager.h:
• platform/mac/WebPlaybackControlsManager.mm:
• platform/mac/WebPlaybackSessionInterfaceMac.mm:

(WebCore::WebPlaybackSessionInterfaceMac::seekableRangesChanged):
(WebCore::WebPlaybackSessionInterfaceMac::audioMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::legibleMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::setPlayBackControlsManager):

5:15 PM Changeset in webkit [208832] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Background tabs are often updating non-stop because they think they are visible
​https://bugs.webkit.org/show_bug.cgi?id=164841
<rdar://problem/29298658>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-16
Reviewed by Matt Baker.

• UserInterface/Views/NetworkGridContentView.js:

(WebInspector.NetworkGridContentView.prototype._networkTimelineRecordAdded):

• UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._update):
Don't constantly update when this tab is not in the foreground.

5:14 PM Changeset in webkit [208831] by ap@apple.com

• 4 edits in trunk

REGRESSION (r208455): LayoutTests swipe/pushState-cached-back-swipe.html and swipe/main-frame-pinning-requirement.html are failing
​https://bugs.webkit.org/show_bug.cgi?id=164572

Reviewed by Tim Horton.

Tools:

• WebKitTestRunner/mac/TestControllerMac.mm: (WTR::TestController::platformResetStateToConsistentValues):

Use the correct constant.

LayoutTests:

• platform/mac-wk2/TestExpectations: Remove flakiness expectations.

5:02 PM Changeset in webkit [208830] by ggaren@apple.com

• 5 edits in trunk/Source/JavaScriptCore

UnlinkedCodeBlock should not have a starting line number
​https://bugs.webkit.org/show_bug.cgi?id=164838

Reviewed by Mark Lam.

Here's how the starting line number in UnlinkedCodeBlock used to work:

(1) Assign the source code starting line number to the parser starting
line number.

(2) Assign (1) to the AST.

(3) Subtract (1) from (2) and assign to UnlinkedCodeBlock.

Then, when linking:

(4) Add (3) to (1).

This was an awesome no-op.

Generally, unlinked code is code that is not tied to any particular
web page or resource. So, it's inappropriate to think of it having a
starting line number.

• bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::recordParse):
(JSC::UnlinkedCodeBlock::hasCapturedVariables):
(JSC::UnlinkedCodeBlock::firstLine): Deleted.

• runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock):

• runtime/CodeCache.h:

(JSC::generateUnlinkedCodeBlock):

4:59 PM Changeset in webkit [208829] by Chris Dumez

• 3 edits in trunk/Source/WebCore

ScriptExecutionContext::processMessagePortMessagesSoon() should only post task when necessary
​https://bugs.webkit.org/show_bug.cgi?id=164812
<rdar://problem/29148465>

Reviewed by Geoffrey Garen.

ScriptExecutionContext::processMessagePortMessagesSoon() should only post task when necessary,
meaning when there is not already one pending.

• dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::processMessagePortMessagesSoon):
(WebCore::ScriptExecutionContext::dispatchMessagePortEvents):

• dom/ScriptExecutionContext.h:

4:39 PM Changeset in webkit [208828] by Chris Dumez

• 43 edits in trunk/Source/WebCore

Use more references in TreeScope / TreeScopeAdopter
​https://bugs.webkit.org/show_bug.cgi?id=164836

Reviewed by Ryosuke Niwa.

Use more references in TreeScope / TreeScopeAdopter and avoid some
unnecessary null checks.

No new tests, no Web-exposed behavior change.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::takeAllChildrenFrom):
(WebCore::ContainerNode::insertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::removeBetween):
(WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck):
(WebCore::ContainerNode::parserAppendChild):

• dom/ContainerNodeAlgorithms.cpp:

(WebCore::addChildNodesToDeletionQueue):

• dom/Document.cpp:

(WebCore::Document::adoptNode):
(WebCore::Document::moveNodeIteratorsToNewDocument):

• dom/Document.h:
• dom/Element.cpp:

(WebCore::Element::didMoveToNewDocument):
(WebCore::Element::addShadowRoot):
(WebCore::Element::removeShadowRoot):
(WebCore::Element::setAttributeNode):
(WebCore::Element::setAttributeNodeNS):
(WebCore::Element::ensureAttr):

• dom/Element.h:
• dom/Node.cpp:

(WebCore::Node::didMoveToNewDocument):

• dom/Node.h:
• dom/NodeRareData.h:

(WebCore::NodeListsNodeData::adoptDocument):

• dom/TreeScope.cpp:

(WebCore::TreeScope::TreeScope):
(WebCore::TreeScope::setParentTreeScope):
(WebCore::TreeScope::adoptIfNeeded):

• dom/TreeScope.h:

(WebCore::TreeScope::documentScope):
(WebCore::TreeScope::setDocumentScope):

• dom/TreeScopeAdopter.cpp:

(WebCore::TreeScopeAdopter::moveTreeToNewScope):
(WebCore::TreeScopeAdopter::moveShadowTreeToNewDocument):
(WebCore::TreeScopeAdopter::ensureDidMoveToNewDocumentWasCalled):
(WebCore::TreeScopeAdopter::updateTreeScope):
(WebCore::TreeScopeAdopter::moveNodeToNewDocument):

• dom/TreeScopeAdopter.h:

(WebCore::TreeScopeAdopter::ensureDidMoveToNewDocumentWasCalled):
(WebCore::TreeScopeAdopter::TreeScopeAdopter):

• html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::didMoveToNewDocument):

• html/FormAssociatedElement.h:
• html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::didMoveToNewDocument):

• html/HTMLFieldSetElement.h:
• html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::didMoveToNewDocument):

• html/HTMLFormControlElement.h:
• html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::didMoveToNewDocument):

• html/HTMLFormElement.h:
• html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::didMoveToNewDocument):

• html/HTMLImageElement.h:
• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::didMoveToNewDocument):

• html/HTMLInputElement.h:
• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::didMoveToNewDocument):

• html/HTMLMediaElement.h:
• html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::didMoveToNewDocument):

• html/HTMLObjectElement.h:
• html/HTMLPictureElement.cpp:

(WebCore::HTMLPictureElement::didMoveToNewDocument):

• html/HTMLPictureElement.h:
• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didMoveToNewDocument):

• html/HTMLPlugInImageElement.h:
• html/HTMLTemplateElement.cpp:

(WebCore::HTMLTemplateElement::didMoveToNewDocument):

• html/HTMLTemplateElement.h:
• html/HTMLVideoElement.cpp:

(WebCore::HTMLVideoElement::didMoveToNewDocument):

• html/HTMLVideoElement.h:
• html/ImageDocument.cpp:

(WebCore::ImageDocumentElement::didMoveToNewDocument):

• svg/SVGImageElement.cpp:

(WebCore::SVGImageElement::didMoveToNewDocument):

• svg/SVGImageElement.h:
• svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::didMoveToNewDocument):

• svg/SVGSVGElement.h:

4:37 PM Changeset in webkit [208827] by Jon Davis

• 2 edits in trunk/Source/WebCore

Added Web App Manifest to the Feature Status page.
​https://bugs.webkit.org/show_bug.cgi?id=162675

Reviewed by Timothy Hatcher.

• features.json:

4:35 PM Changeset in webkit [208826] by Chris Dumez

• 5 edits in trunk/Source/WebCore

Use more references for Document::removeFocusedNodeOfSubtree()
​https://bugs.webkit.org/show_bug.cgi?id=164839

Reviewed by Andreas Kling.

Use more references for Document::removeFocusedNodeOfSubtree().

No new tests, no Web-exposed behavior change.

• dom/Document.cpp:

(WebCore::isNodeInSubtree):
(WebCore::Document::removeFocusedNodeOfSubtree):
(WebCore::Document::nodeChildrenWillBeRemoved):
(WebCore::Document::nodeWillBeRemoved):
(WebCore::Document::removeFocusNavigationNodeOfSubtree):
(WebCore::Document::removeFullScreenElementOfSubtree):

• dom/Document.h:
• dom/Element.cpp:

(WebCore::Element::removeShadowRoot):

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear):

4:35 PM Changeset in webkit [208825] by Brent Fulgham

• 3 edits
  4 adds in trunk

Clear track client when removing a track
​https://bugs.webkit.org/show_bug.cgi?id=164842
<rdar://problem/29213621>

Reviewed by Eric Carlson.

Source/WebCore:

Call 'clearClient' when removing a track from an HTMLMediaElement.

Test: media/track/audio-track-add-remove.html

media/track/video-track-add-remove.html

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::removeAudioTrack): Call 'clearClient'
(WebCore::HTMLMediaElement::removeVideoTrack): Ditto.

LayoutTests:

• media/track/audio-track-add-remove-expected.txt: Added.
• media/track/audio-track-add-remove.html: Added.
• media/track/video-track-add-remove-expected.txt: Added.
• media/track/video-track-add-remove.html: Added.

4:24 PM Changeset in webkit [208824] by Yusuke Suzuki

• 43 edits in trunk

[ES6][WebCore] Change ES6_MODULES compile time flag to runtime flag
​https://bugs.webkit.org/show_bug.cgi?id=164827

Reviewed by Ryosuke Niwa.

.:

• Source/cmake/OptionsWin.cmake:
• Source/cmake/WebKitFeatures.cmake:
• Source/cmake/tools/vsprops/FeatureDefines.props:
• Source/cmake/tools/vsprops/FeatureDefinesCairo.props:

Source/JavaScriptCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Use Settings.in. And intentionally do not use RuntimeEnabledFeatures.
According to the pointer lock's issue[1], we should use Settings.

[1]: ​https://bugs.webkit.org/show_bug.cgi?id=163801

• Configurations/FeatureDefines.xcconfig:
• dom/ScriptElement.cpp:

(WebCore::ScriptElement::determineScriptType):

• html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):

• page/Settings.in:

A bit unfortunate thing is that the setter is named setEs6ModulesEnabled
if we use es6ModulesEnabled here.

Source/WebKit/mac:

• Configurations/FeatureDefines.xcconfig:
• WebView/WebPreferenceKeysPrivate.h:
• WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences es6ModulesEnabled]):
(-[WebPreferences setES6ModulesEnabled:]):

• WebView/WebPreferencesPrivate.h:
• WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit/win:

• Interfaces/IWebPreferencesPrivate.idl:
• WebPreferenceKeysPrivate.h:
• WebPreferences.cpp:

(WebPreferences::setES6ModulesEnabled):
(WebPreferences::es6ModulesEnabled):

• WebPreferences.h:
• WebView.cpp:

(WebView::notifyPreferencesChanged):

Source/WebKit2:

• Configurations/FeatureDefines.xcconfig:
• Shared/WebPreferencesDefinitions.h:

Annotated ES6 Modules option with DEFAULT_EXPERIMENTAL_FEATURES_ENABLED.

• UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetES6ModulesEnabled):
(WKPreferencesGetES6ModulesEnabled):

• UIProcess/API/C/WKPreferencesRefPrivate.h:
• WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

Source/WTF:

• wtf/FeatureDefines.h:

Tools:

Enabled ES6 Modules in test runners.

• DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

• DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):

• Scripts/webkitperl/FeatureList.pm:
• TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::beginTesting):

• WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::setES6ModulesEnabled):

• WebKitTestRunner/InjectedBundle/TestRunner.h:

LayoutTests:

• TestExpectations:

4:22 PM Changeset in webkit [208823] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Unreviewed, remove outdated comment about using PassRefPtr.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::parserAppendChild):

3:57 PM Changeset in webkit [208822] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed, roll out r208811. It's not sound.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
(JSC::FTL::DFG::LowerDFGToB3::setButterfly):
(JSC::FTL::DFG::LowerDFGToB3::splatWordsIfMutatorIsFenced): Deleted.

3:34 PM Changeset in webkit [208821] by keith_miller@apple.com

• 9 edits
  1 add in trunk/Source/JavaScriptCore

Wasm function parser should use template functions for each binary and unary opcode
​https://bugs.webkit.org/show_bug.cgi?id=164835

Reviewed by Mark Lam.

This patch changes the wasm function parser to call into a template specialization
for each binary/unary opcode. This change makes it easier to have custom implementations
of various opcodes. It is also, in theory a speedup since it does not require switching
on the opcode twice.

• CMakeLists.txt:
• DerivedSources.make:
• wasm/WasmB3IRGenerator.cpp:

(): Deleted.

• wasm/WasmFunctionParser.h:

(JSC::Wasm::FunctionParser<Context>::binaryCase):
(JSC::Wasm::FunctionParser<Context>::unaryCase):
(JSC::Wasm::FunctionParser<Context>::parseExpression):

• wasm/WasmValidate.cpp:
• wasm/generateWasm.py:

(isBinary):
(isSimple):

• wasm/generateWasmB3IRGeneratorInlinesHeader.py: Added.

(generateSimpleCode):

• wasm/generateWasmOpsHeader.py:

(opcodeMacroizer):

• wasm/generateWasmValidateInlinesHeader.py:

3:32 PM Changeset in webkit [208820] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Marking inspector/worker/debugger-pause.html as flaky.
​https://bugs.webkit.org/show_bug.cgi?id=164833

Unreviewed test gardening.

• platform/mac/TestExpectations:

3:18 PM Changeset in webkit [208819] by mark.lam@apple.com

• 6 edits in trunk/Source/JavaScriptCore

ExceptionFuzz functions should use its client's ThrowScope.
​https://bugs.webkit.org/show_bug.cgi?id=164834

Reviewed by Geoffrey Garen.

This is because ExceptionFuzz's purpose is to throw exceptions from its client at
exception check sites. Using the client's ThrowScope solves 2 problems:

1. If ExceptionFuzz instantiates its own ThrowScope, the simulated throw will be mis-attributed to ExceptionFuzz when it should be attributed to its client.

2. One way exception scope verification works is by having ThrowScopes assert that there are no unchecked simulated exceptions when the ThrowScope is instantiated. However, ExceptionFuzz necessarily works by inserting doExceptionFuzzingIfEnabled() in between a ThrowScope that simulated a throw and an exception check. If we declare a ThrowScope in ExceptionFuzz's code, we will be instantiating the ThrowScope between the point where a simulated throw occurs and where the needed exception check can occur. Hence, having ExceptionFuzz instantiate its own ThrowScope will fail exception scope verification every time.

Changing ExceptionFuzz to use its client's ThrowScope resolves both problems.

Also fixed the THROW() macro in CommonSlowPaths.cpp to use the ThrowScope that
already exists in every slow path function instead of creating a new one.

• jit/JITOperations.cpp:
• llint/LLIntSlowPaths.cpp:
• runtime/CommonSlowPaths.cpp:
• runtime/ExceptionFuzz.cpp:

(JSC::doExceptionFuzzing):

• runtime/ExceptionFuzz.h:

(JSC::doExceptionFuzzingIfEnabled):

3:17 PM Changeset in webkit [208818] by Simon Fraser

• 2 edits in trunk/Tools

Hard to write reliable UIScriptController scrollingTreeAsText tests
​https://bugs.webkit.org/show_bug.cgi?id=164764

Reviewed by Wenson Hsieh.

Fix one cause of flakiness by resetting the WKWebView's UIScrollView scale
and scroll position between tests.

• WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::platformResetStateToConsistentValues):

3:06 PM Changeset in webkit [208817] by rniwa@webkit.org

• 9 edits
  2 adds in trunk

slotchange event should bubble and dispatched once
​https://bugs.webkit.org/show_bug.cgi?id=164770

Reviewed by Antti Koivisto.

LayoutTests/imported/w3c:

Rebaselined the test. Some test cases fail as they do on Chrome because it's testing an outdated version of the spec.
Will fix the test upstream later.

• web-platform-tests/shadow-dom/slotchange-event-expected.txt:

Source/WebCore:

Updated our implementation of slotchange event to match the latest specification after:
​https://github.com/w3c/webcomponents/issues/571
​https://dom.spec.whatwg.org/#signal-a-slot-change
The new behavior matches that of Google Chrome Canary.

In the latest specification, we no longer dispatch a separate event on ancestor slots.
Instead, we fire a single slotchange event to which a new node is assigned or from which
an existing assigned node is removed. This patch mostly removes the code that existed to
locate ancestor slot elements, and makes the event bubble up by changing a single line in
HTMLSlotElement::dispatchSlotChangeEvent.

Test: fast/shadow-dom/slotchange-event-bubbling.html

• dom/ShadowRoot.h:
• dom/SlotAssignment.cpp:

(WebCore::recursivelyFireSlotChangeEvent): Deleted.
(WebCore::SlotAssignment::didChangeSlot): Removed ChangeType from the arguments since we
no longer notify the ancestor slot elements.
(WebCore::SlotAssignment::hostChildElementDidChange):

• dom/SlotAssignment.h:

(WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost):
(WebCore::ShadowRoot::didChangeDefaultSlot):
(WebCore::ShadowRoot::hostChildElementDidChangeSlotAttribute):
(WebCore::ShadowRoot::innerSlotDidChange): Deleted.

• html/HTMLDetailsElement.cpp:

(WebCore::DetailsSlotAssignment::hostChildElementDidChange):

• html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::dispatchSlotChangeEvent): Make slotchange event bubble.

LayoutTests:

• fast/shadow-dom/slotchange-event-bubbling-expected.txt: Added.
• fast/shadow-dom/slotchange-event-bubbling.html: Added.

3:05 PM Changeset in webkit [208816] by Simon Fraser

• 6 edits
  2 copies
  6 moves
  1 add in trunk

UIScriptController: script with no async tasks fails if an earlier script registered a callback
​https://bugs.webkit.org/show_bug.cgi?id=164762

Reviewed by Wenson Hsieh.

Tools:

Make TestRunner::callUIScriptCallback() async in DumpRenderTree to match WebKitTestRunner behavior.
This fixes ui-side-script-with-callback.html in WK1, which failed because the second runUIScript()
would occur inside the completion callback from the first. This no longer happens.

• DumpRenderTree/TestRunner.cpp:

(TestRunner::callUIScriptCallback):

• TestRunnerShared/UIScriptContext/UIScriptContext.cpp:

(UIScriptContext::tryToCompleteUIScriptForCurrentParentCallback):

LayoutTests:

Move the tests that use runUIScript into their own directory for easier TestExpectations management,
and fix TestExpectations to match.

• TestExpectations:
• fast/harness/uiscriptcontroller/concurrent-ui-side-scripts-expected.txt: Renamed from LayoutTests/fast/harness/concurrent-ui-side-scripts-expected.txt.
• fast/harness/uiscriptcontroller/concurrent-ui-side-scripts.html: Renamed from LayoutTests/fast/harness/concurrent-ui-side-scripts.html.
• fast/harness/uiscriptcontroller/ui-side-script-unregister-callback-expected.txt: Copied from LayoutTests/fast/harness/ui-side-script-unregister-callback-expected.txt.
• fast/harness/uiscriptcontroller/ui-side-script-unregister-callback.html: Copied from LayoutTests/fast/harness/ui-side-script-unregister-callback.html.
• fast/harness/uiscriptcontroller/ui-side-script-with-callback-expected.txt: Renamed from LayoutTests/fast/harness/ui-side-script-unregister-callback-expected.txt.
• fast/harness/uiscriptcontroller/ui-side-script-with-callback.html: Renamed from LayoutTests/fast/harness/ui-side-script-unregister-callback.html.
• fast/harness/uiscriptcontroller/ui-side-scripts-expected.txt: Renamed from LayoutTests/fast/harness/ui-side-scripts-expected.txt.
• fast/harness/uiscriptcontroller/ui-side-scripts.html: Renamed from LayoutTests/fast/harness/ui-side-scripts.html.
• platform/mac/TestExpectations:

2:53 PM Changeset in webkit [208815] by commit-queue@webkit.org

• 6 edits in trunk

REGRESSION (r207162): [debug] loader/stateobjects LayoutTests timing out
​https://bugs.webkit.org/show_bug.cgi?id=163307

Patch by Alex Christensen <​achristensen@webkit.org> on 2016-11-16
Reviewed by Alexey Proskuryakov.

Source/WebCore:

• platform/URLParser.cpp:

Removed some unnecessary and redundant assertions in iterators, which are inside inner loops.
(WebCore::URLParser::parsedDataView):
(WebCore::URLParser::parse):
Add a parsedDataView that just returns a UChar instead of a StringView for 1-length views.
This speeds up debug builds considerably, which spent most of the time parsing the path
making and destroying these 1-length StringViews. It can't hurt release builds.

• platform/URLParser.h:

LayoutTests:

• platform/ios-simulator/TestExpectations:
• platform/mac/TestExpectations:

2:35 PM Changeset in webkit [208814] by achristensen@apple.com

• 2 edits in trunk/LayoutTests

Unreviewed gardening.
​https://bugs.webkit.org/show_bug.cgi?id=163127

• platform/ios-simulator/TestExpectations:

Unskip passing tests.

2:30 PM Changeset in webkit [208813] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Micro-optimize ContainerNode::removeBetween()
​https://bugs.webkit.org/show_bug.cgi?id=164832

Reviewed by Sam Weinig.

Micro-optimize ContainerNode::removeBetween() by updating pointers only
when strictly needed and reducing branching.

No new tests, no Web-exposed behavior change.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::removeBetween):

2:28 PM Changeset in webkit [208812] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Micro-optimize AtomicHTMLToken::initializeAttributes()
​https://bugs.webkit.org/show_bug.cgi?id=164826

Reviewed by Sam Weinig.

Micro-optimize AtomicHTMLToken::initializeAttributes():

• Use uncheckedAppend() instead of append() since we reserve capacity before the loop.
• Use a more efficient findAttribute() that only checks the local names since this function only adds attributes that have to namespace or prefix.

No new tests, no Web-exposed behavior change.

• html/parser/AtomicHTMLToken.h:

(WebCore::hasAttribute):
(WebCore::AtomicHTMLToken::initializeAttributes):

2:24 PM Changeset in webkit [208811] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Slight Octane regression from concurrent GC's eager object zero-fill
​https://bugs.webkit.org/show_bug.cgi?id=164823

Reviewed by Geoffrey Garen.

During concurrent GC, we need to eagerly zero-fill objects we allocate prior to
executing the end-of-allocation fence. This causes some regressions. This is an attempt
to fix those regressions by making them conditional on whether the mutator is fenced.

This is a slight speed-up on raytrace and boyer, and hopefully it will fix the
regression.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::splatWordsIfMutatorIsFenced):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
(JSC::FTL::DFG::LowerDFGToB3::setButterfly):

2:12 PM Changeset in webkit [208810] by Joseph Pecoraro

• 3 edits in trunk/LayoutTests

Fix typo in LayoutTest.

Unreviewed follow-up comment.

• inspector/page/setEmulatedMedia-expected.txt:
• inspector/page/setEmulatedMedia.html:

1:10 PM Changeset in webkit [208809] by Beth Dakin

• 2 edits in trunk/Source/WebCore

Another build fix.

• platform/mac/WebPlaybackSessionInterfaceMac.mm:

1:05 PM Changeset in webkit [208808] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Fix exception scope checking in JSGlobalObject.cpp.
​https://bugs.webkit.org/show_bug.cgi?id=164831

Reviewed by Saam Barati.

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

• Use a CatchScope here because we don't ever expect JSGlobalObject initialization to fail with errors.

(JSC::JSGlobalObject::put):

• Fix exception check requirements.

1:02 PM Changeset in webkit [208807] by Yusuke Suzuki

• 2 edits in trunk/LayoutTests

js/dom/domjit-function-get-element-by-id-licm.html and js/dom/domjit-function-get-element-by-id-changed.html are flaky timeouts
​https://bugs.webkit.org/show_bug.cgi?id=164797

Reviewed by Saam Barati.

The performance of the both tests rely on PureGetById.
However, PureGetById is rolled out temporary[1], these tests become timed out.
This patch makes the both tests [ PASS TIMEOUT ] until PureGetById patch[1] is
relanded or impure object optimization patch[2] is landed.

[1]: ​https://bugs.webkit.org/show_bug.cgi?id=163305
[2]: ​https://bugs.webkit.org/show_bug.cgi?id=164175

• TestExpectations:

1:00 PM Changeset in webkit [208806] by clopez@igalia.com

• 2 edits in trunk/Source/WTF

[JSC] Build broken for 32-bit x86 after r208306 with GCC 4.9
​https://bugs.webkit.org/show_bug.cgi?id=164588

Reviewed by Mark Lam.

Provide assembly for executing the cpuid instruction when compiling
in PIC mode with the GCC 4.9 EBX on 32-bit x86.

Note that the values returned by cpuid here are not used. The purpose
of calling this instruction is to force the CPU to complete and sync
any buffered modifications on registers, memory or flags before
fetching and executing the next instruction.

• wtf/Atomics.h:

(WTF::x86_cpuid):

12:58 PM Changeset in webkit [208805] by Beth Dakin

• 2 edits in trunk/Source/WebCore

Attempted build fix.

• platform/mac/WebPlaybackSessionInterfaceMac.mm:

(WebCore::WebPlaybackSessionInterfaceMac::durationChanged):
(WebCore::WebPlaybackSessionInterfaceMac::currentTimeChanged):
(WebCore::WebPlaybackSessionInterfaceMac::rateChanged):
(WebCore::WebPlaybackSessionInterfaceMac::beginScrubbing):
(WebCore::WebPlaybackSessionInterfaceMac::seekableRangesChanged):
(WebCore::WebPlaybackSessionInterfaceMac::audioMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::legibleMediaSelectionOptionsChanged):
(WebCore::WebPlaybackSessionInterfaceMac::ensureControlsManager):

12:43 PM Changeset in webkit [208804] by beidson@apple.com

• 7 edits in trunk/Source/WebCore

Re-indent some old headers.

Rubberstamped by Alex Christensen

No new tests (No behavior change).

(Also #pragma once a few of them)

• loader/DocumentLoader.h:
• loader/FrameLoaderClient.h:
• page/Frame.h:
• page/FrameTree.h:
• page/PageGroup.h:
• platform/Cursor.h:

12:26 PM Changeset in webkit [208803] by Darin Adler

• 2 edits in trunk/Source/WebCore

REGRESSION (r208672): Crash in com.apple.WebCore: WebCore::DatabaseContext::stopDatabases + 34
​https://bugs.webkit.org/show_bug.cgi?id=164820

Reviewed by Sam Weinig.

Crash seen in existing regression tests; reliably reproducible in some test configurations.

• Modules/webdatabase/DatabaseContext.cpp:

(WebCore::DatabaseContext::contextDestroyed): Call through to base class before calling
stopDatabases, since that might cause this object to be deallocated.
(WebCore::DatabaseContext::stopDatabases): Be sure not to clear the possibly-last reference
to this database context until after all code that accesses data members, since it might
cause this object to be deallocated.

12:23 PM Changeset in webkit [208802] by Beth Dakin

• 5 edits in trunk/Source/WebCore

Implement WebPlaybackControlsManager
​https://bugs.webkit.org/show_bug.cgi?id=164789
-and corresponding-
rdar://problem/29275082

Reviewed by Dan Bernstein.

• platform/mac/WebPlaybackControlsManager.h:
• platform/mac/WebPlaybackControlsManager.mm:

(-[WebPlaybackControlsManager dealloc]):
(-[WebPlaybackControlsManager cancelThumbnailAndAudioAmplitudeSampleGeneration]):
(-[WebPlaybackControlsManager generateFunctionBarThumbnailsForTimes:size:completionHandler:]):
(-[WebPlaybackControlsManager generateFunctionBarAudioAmplitudeSamples:completionHandler:]):
(-[WebPlaybackControlsManager canBeginFunctionBarScrubbing]):
(-[WebPlaybackControlsManager beginFunctionBarScrubbing]):
(-[WebPlaybackControlsManager endFunctionBarScrubbing]):
(-[WebPlaybackControlsManager audioFunctionBarMediaSelectionOptions]):
(-[WebPlaybackControlsManager setAudioFunctionBarMediaSelectionOptions:]):
(-[WebPlaybackControlsManager currentAudioFunctionBarMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentAudioFunctionBarMediaSelectionOption:]):
(-[WebPlaybackControlsManager legibleFunctionBarMediaSelectionOptions]):
(-[WebPlaybackControlsManager setLegibleFunctionBarMediaSelectionOptions:]):
(-[WebPlaybackControlsManager currentLegibleFunctionBarMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentLegibleFunctionBarMediaSelectionOption:]):
(mediaSelectionOptions):
(-[WebPlaybackControlsManager setAudioMediaSelectionOptions:withSelectedIndex:]):
(-[WebPlaybackControlsManager setLegibleMediaSelectionOptions:withSelectedIndex:]):
(-[WebPlaybackControlsManager webPlaybackSessionInterfaceMac]):
(-[WebPlaybackControlsManager setWebPlaybackSessionInterfaceMac:]):
(-[WebPlaybackControlsManager togglePlayback]):
(-[WebPlaybackControlsManager setPlaying:]):
(-[WebPlaybackControlsManager isPlaying]):

• platform/mac/WebPlaybackSessionInterfaceMac.h:
• platform/mac/WebPlaybackSessionInterfaceMac.mm:

(WebCore::WebPlaybackSessionInterfaceMac::durationChanged):
(WebCore::WebPlaybackSessionInterfaceMac::currentTimeChanged):
(WebCore::WebPlaybackSessionInterfaceMac::rateChanged):
(WebCore::WebPlaybackSessionInterfaceMac::playBackControlsManager):

12:18 PM Changeset in webkit [208801] by jiewen_tan@apple.com

• 3 edits
  20 adds in trunk

Add more tests for SubtleCrypto::importKey and SubtleCrypto::exportKey
​https://bugs.webkit.org/show_bug.cgi?id=164815
<rdar://problem/29281660>

Reviewed by Brent Fulgham.

Source/WebCore:

Tests: crypto/subtle/aes-import-jwk-key-export-jwk-key.html

crypto/subtle/aes-import-jwk-key-export-raw-key.html
crypto/subtle/aes-import-raw-key-export-jwk-key.html
crypto/subtle/aes-import-raw-key-export-raw-key.html
crypto/subtle/hmac-import-jwk-key-export-jwk-key.html
crypto/subtle/hmac-import-jwk-key-export-raw-key.html
crypto/subtle/hmac-import-raw-key-export-jwk-key.html
crypto/subtle/hmac-import-raw-key-export-raw-key.html
crypto/subtle/rsa-import-jwk-key-export-jwk-key-private.html
crypto/subtle/rsa-import-jwk-key-export-jwk-key-public.html

• crypto/mac/CryptoKeyRSAMac.cpp:

(WebCore::CryptoKeyRSA::create):
Add a comment.

LayoutTests:

• crypto/subtle/aes-import-jwk-key-export-jwk-key.html: Added.
• crypto/subtle/aes-import-jwk-key-export-raw-key.html: Added.
• crypto/subtle/aes-import-raw-key-export-jwk-key.html: Added.
• crypto/subtle/aes-import-raw-key-export-raw-key.html: Added.
• crypto/subtle/hmac-import-jwk-key-export-jwk-key.html: Added.
• crypto/subtle/hmac-import-jwk-key-export-raw-key.html: Added.
• crypto/subtle/hmac-import-raw-key-export-jwk-key.html: Added.
• crypto/subtle/hmac-import-raw-key-export-raw-key.html: Added.
• crypto/subtle/rsa-import-jwk-key-export-jwk-key-private.html: Added.
• crypto/subtle/rsa-import-jwk-key-export-jwk-key-public.html: Added.

12:09 PM Changeset in webkit [208800] by mitz@apple.com

• 8 copies
  1 add in releases/Apple/Safari Technology Preview 18

Added a tag for Safari Technology Preview release 18.

11:13 AM Changeset in webkit [208799] by Simon Fraser

• 4 edits in trunk/Source/WebKit2

Add logging support to VisibleContentRectUpdateInfo
​https://bugs.webkit.org/show_bug.cgi?id=164825

Reviewed by Zalan Bujtas.

Add TextStream output to VisibleContentRectUpdateInfo. Just piping it into a logging
stream does single-line output, so also make a convenience dump() function that will
product multiline output. Result look like:

(VisibleContentRectUpdateInfo

(lastLayerTreeTransactionID 54)
(exposedContentRect (523.44,1258.63) width=676.20 height=901.60)
(unobscuredContentRect (523.44,1293.41) width=676.20 height=866.82)
(unobscuredRectInScrollViewCoordinates (0,39.50) width=768 height=984.50)
(customFixedPositionRect (219.64,935) width=980 height=1225)
(obscuredInset width=0 height=39.50)
(scale 1.14)
(inStableState 0)
(timestamp 736446.61)
(verticalVelocity -11.36))

• Shared/VisibleContentRectUpdateInfo.cpp:

(WebKit::VisibleContentRectUpdateInfo::dump):
(WebKit::operator<<):

• Shared/VisibleContentRectUpdateInfo.h:
• UIProcess/ios/WKContentView.mm:

(-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:obscuredInset:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:enclosedInScrollableAncestorView:]):

11:03 AM Changeset in webkit [208798] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Updating TestExpectations for two http/tests/security/module-crossorigin tests.
​https://bugs.webkit.org/show_bug.cgi?id=164539

Unreviewed test gardening.

• TestExpectations:

10:08 AM Changeset in webkit [208797] by Antti Koivisto

• 4 edits in trunk/Source/WebCore

Remove getMutableCachedPseudoStyle
​https://bugs.webkit.org/show_bug.cgi?id=164819

Reviewed by Zalan Bujtas.

It is only used by styleForFirstLetter.

• rendering/RenderBlock.cpp:

(WebCore::styleForFirstLetter):

Clone the original style before mutations.

(WebCore::RenderBlock::updateFirstLetterStyle):
(WebCore::RenderBlock::createFirstLetterRenderer):

Since we have a clone already just move it in place.

• rendering/RenderElement.cpp:

(WebCore::RenderElement::getMutableCachedPseudoStyle): Deleted.

• rendering/RenderElement.h:

10:07 AM Changeset in webkit [208796] by dbates@webkit.org

• 4 edits
  1 add in trunk/LayoutTests

Make test sandbox-should-not-persist-on-navigation.html more representative of real-world scenario
​https://bugs.webkit.org/show_bug.cgi?id=164752

Reviewed by Brent Fulgham.

Modify the test http-0.9/sandbox-should-not-persist-on-navigation.html so that it loads
a document on a default port using HTTP 0.9 to trigger the HTTP 0.9 sandbox as this
is more representative of a real-world scenario where we want a sandbox to be applied
and is the scenario that is currently covered by our HTTP 0.9 sandbox machinery.

Currently this test makes use of the pre r208549 behavior where the HTTP 0.9 sandbox
was applied to a document if one of its subresources loaded on a non-default port
using HTTP 0.9 in addition to the behavior where the sandbox is applied to a document
that loads on a default port using HTTP 0.9. Following r208549 we no longer apply the
sandbox to the document for the former case as this did not improve security much, if
any. The latter case is more representative of a real-world scenario where we want to
apply the sandbox policy and reflects our behavior following r208549.

• http/tests/security/http-0.9/resources/nph-sandbox-should-not-persist-on-navigation.pl: Added.
• http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt:
• http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html:
• platform/wk2/TestExpectations: Skip the HTTP-0.9 tests in WebKit2 as it uses internals.registerDefaultPortForProtocol().

10:00 AM Changeset in webkit [208795] by Ryan Haddad

• 3 edits
  2 deletes in trunk

Unreviewed, rolling out r208770.

The test added with this change is timing out on mac-wk1.

Reverted changeset:

"UIScriptController: script with no async tasks fails if an
earlier script registered a callback"
​https://bugs.webkit.org/show_bug.cgi?id=164762
​http://trac.webkit.org/changeset/208770

9:29 AM Changeset in webkit [208794] by matthew_hanson@apple.com

• 5 edits in trunk/Source

Versioning.

9:18 AM Changeset in webkit [208793] by matthew_hanson@apple.com

• 1 copy in tags/Safari-603.1.13

New tag.

8:19 AM Changeset in webkit [208792] by Simon Fraser

• 2 edits in trunk/LayoutTests

Fix typo in bug url.

• platform/mac/TestExpectations:

8:18 AM Changeset in webkit [208791] by keith_miller@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed, ARM build fix.

• b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):
(JSC::B3::Air::LowerToAir::lowerX86Div):
(JSC::B3::Air::LowerToAir::lowerX86UDiv):

6:00 AM Changeset in webkit [208790] by commit-queue@webkit.org

• 7 edits in trunk

[Readable Streams API] Implement ReadableByteStreamController close()
​https://bugs.webkit.org/show_bug.cgi?id=164413

Patch by Romain Bellessort <​romain.bellessort@crf.canon.fr> on 2016-11-16
Reviewed by Darin Adler.

Source/WebCore:

Implemented close() method of ReadableByteStreamController.

Updated test expectations for close() tests and added tests
to ensure errors are thrown in various cases defined by spec.

• Modules/streams/ReadableByteStreamController.js:

(close): Added.

• Modules/streams/ReadableByteStreamInternals.js:

(readableByteStreamControllerClose): Added.

• bindings/js/WebCoreBuiltinNames.h: Added bytesFilled.

LayoutTests:

Updated test expectations for close() tests and added tests
to ensure errors are thrown in various cases defined by spec.

• streams/readable-byte-stream-controller.js: Updated.

4:00 AM Changeset in webkit [208789] by Philippe Normand

• 2 edits in trunk/Source/WebCore

[GStreamer][GL] build broken when using gst-plugins-bad from git
​https://bugs.webkit.org/show_bug.cgi?id=164776

Reviewed by Xabier Rodriguez-Calvar.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::requestGLContext): The
GStreamer GL context GType was renamed, add an ifdef taking this
into account.

3:39 AM Changeset in webkit [208788] by Yusuke Suzuki

• 31 edits
  5 copies
  136 adds in trunk

[ES6] Integrate ES6 Modules into WebCore
​https://bugs.webkit.org/show_bug.cgi?id=148897

Reviewed by Ryosuke Niwa.

Source/WebCore:

This patch introduces ES6 Modules into WebCore. We integrate JSC's JSModuleLoader into WebCore.
JSC constructs the module loader pipeline by the chains of the promises. To handle this,
the following components are added.

1. CachedModuleScript

CachedModuleScript wraps the promise based JSModuleLoader pipeline and offers
similar APIs to CachedScript. ScriptElement and PendingScript interact with
CachedModuleScript when the script tag is the module tag instead of CachedScript.
ScriptElement and PendingScript will receive the notification from
CachedModuleScript by implementing CachedModuleScriptClient.

2. ScriptModuleLoader

This is the module loader instantiated per document. It manages fetching and
offers the callbacks for the JSC's JSModuleLoader implementation. ScriptModuleLoader
will fetch the resource by creating CachedModuleScriptLoader per resource. ScriptModuleLoader
will receive the notification by implementing CachedModuleScriptLoaderClient. When the
resource is fetched, the module loader will drive the promise resolve/reject chain.

3. CachedModuleScriptLoader

This fetches the resource by using CachedScript. Using CachedScript means that it
automatically reports the resource to the inspector. CachedModuleScriptLoader notify to
ScriptModuleLoader when the resource is fetched.

One tricky point is that the fetch requests issued from one module-graph should share the same
nonce, crossorigin attributes etc.

Here, we wrote the module graph like A -> B (A depends on B).

<script tag> -> A -> B -> C -> D

When fetching A, B, C, and D modules, we need to set the same nonce, crossorigin etc. configuration
derived from the original script tag. So per module-graph information should be shared throughout
the module loader pipeline. To do so, JSC's module loader implementation can take the value called
initiator. Since the loader will propagate & share this initiator throughout the pipeline,
we can transfer and share some metadata. Currently, we pass the JSWrapper of the script tag as the
initiator. Each fetch request is created by using this initiator script element.

More integration into the inspector should be done in the subsequent patch.

• CMakeLists.txt:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/CachedModuleScript.cpp: Added.

CachedModuleScript offers similar interface to CachedScript to make ScriptElement things easier. It encapsulates the
detail of the JSC JSModuleLoader that this module loader is driven by the chain of the promises. CachedModuleScript's
callbacks are called from the promise's handlers configured in ScriptController::loadModuleScript.
(WebCore::CachedModuleScript::create):
(WebCore::CachedModuleScript::CachedModuleScript):
(WebCore::CachedModuleScript::load):
(WebCore::CachedModuleScript::notifyLoadCompleted):
(WebCore::CachedModuleScript::notifyLoadFailed):
(WebCore::CachedModuleScript::notifyLoadWasCanceled):
(WebCore::CachedModuleScript::notifyClientFinished):
(WebCore::CachedModuleScript::addClient):
(WebCore::CachedModuleScript::removeClient):

• bindings/js/CachedModuleScript.h: Added.

(WebCore::CachedModuleScript::moduleKey):
(WebCore::CachedModuleScript::error):
(WebCore::CachedModuleScript::wasCanceled):
(WebCore::CachedModuleScript::isLoaded):
(WebCore::CachedModuleScript::nonce):
(WebCore::CachedModuleScript::crossOriginMode):
Save nonce and crossorigin attributes when we start ScriptElement::prepareScript.

• bindings/js/CachedModuleScriptClient.h: Copied from Source/WebCore/dom/LoadableScript.h.

(WebCore::CachedModuleScriptClient::~CachedModuleScriptClient):

• bindings/js/CachedModuleScriptLoader.cpp: Added.

CachedModuleScriptLoader is responsible to fetching the resource for the module script. It uses propagated initiator
to create the request. This initiator is the JS wrapper of the script element issuing this fetching request. The name
initiator is derived from the request.setInitiator(). Once the resource is fetched, the fetcher will notify to the
client. Currently, ScriptModuleLoader implements this client interface.
(WebCore::CachedModuleScriptLoader::create):
(WebCore::CachedModuleScriptLoader::CachedModuleScriptLoader):
(WebCore::CachedModuleScriptLoader::~CachedModuleScriptLoader):
(WebCore::CachedModuleScriptLoader::load):
Create the request. We call ScriptElement::requestCachedScript to initiate a new fetching request. At that time,
nonce and crossorigin (and charset) attributes of this element are applied to the new request.
(WebCore::CachedModuleScriptLoader::notifyFinished):

• bindings/js/CachedModuleScriptLoader.h: Copied from Source/WebCore/bindings/js/ScriptModuleLoader.h.
• bindings/js/CachedModuleScriptLoaderClient.h: Copied from Source/WebCore/dom/LoadableScript.h.

(WebCore::CachedModuleScriptLoaderClient::~CachedModuleScriptLoaderClient):

• bindings/js/CachedScriptSourceProvider.h:

(WebCore::CachedScriptSourceProvider::create):
(WebCore::CachedScriptSourceProvider::CachedScriptSourceProvider):
(WebCore::makeSource):

• bindings/js/JSBindingsAllInOne.cpp:
• bindings/js/JSDOMBinding.cpp:

(WebCore::retrieveErrorMessage):
(WebCore::reportException):

• bindings/js/JSDOMBinding.h:
• bindings/js/JSMainThreadExecState.h:

(WebCore::JSMainThreadExecState::loadModule):
(WebCore::JSMainThreadExecState::linkAndEvaluateModule):

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::evaluateInWorld):
(WebCore::ScriptController::loadModuleScriptInWorld):
(WebCore::ScriptController::loadModuleScript):
This just performs loading and not executing the module graph. Once the module graph is loaded, it is notified to
the given CachedModuleScript.
(WebCore::ScriptController::linkAndEvaluateModuleScriptInWorld):
(WebCore::ScriptController::linkAndEvaluateModuleScript):
This executes the linking and evaluation of the already instantiated module graph. After loading the module graph,
we call this function for the module to evaluate it. This is called from ScriptElement::executeModuleScript.
(WebCore::ScriptController::evaluateModule):
Every time we evaluate the module, the ScriptModuleLoader::evaluate hook is called. So the loader calls this function
to actually evaluate the module.
(WebCore::jsValueToModuleKey):
(WebCore::ScriptController::setupModuleScriptHandlers):
The JSC's module loader is driven by the chain of the promise. So here, we convert this to CachedModuleScript /
CachedModuleScriptClient style and encapsulate the details. This encapsulation makes CachedModuleScript similar
to CachedScript and it makes things simple in the rest of WebCore. If the propagated error is already reported
to the inspector, we receive moduleLoaderAlreadyReportedErrorSymbol as the error value. So at that case, we
don't report it twice. If the rejection is caused due to the canceled fetching, moduleLoaderFetchingIsCanceledSymbol
appears as the error value. In that case, we will call CachedModuleScript::notifyLoadWasCanceled.
(WebCore::ScriptController::executeScript):

• bindings/js/ScriptController.h:

(WebCore::ScriptController::moduleLoaderAlreadyReportedErrorSymbol):
(WebCore::ScriptController::moduleLoaderFetchingIsCanceledSymbol):

• bindings/js/ScriptModuleLoader.cpp:

We use DeferredWrapper to resolve promises used for the module pipeline. Thus, once the active DOM objects are
suspended, the module loader propagation stops.
(WebCore::ScriptModuleLoader::~ScriptModuleLoader):
Clear the clients of the fetchers issued from this loader.
(WebCore::isRootModule):
(WebCore::ScriptModuleLoader::resolve):
Resolve the module specifier (that is written in import from "XXX") to the unique module key. We use URL
string as module key. The edge case is that the module is inlined one. In that case, we don't have any URL
for that. Instead of URL, we use symbol at that time.
(WebCore::ScriptModuleLoader::fetch):
Start fetching for the requested module. It returns the promise that is resolved when the fetching is done.
The loader creates the fetcher, and the fetcher start loading the resource. Once the fetcher loads the resource,
it notify to the loader through CachedModuleScriptLoaderClient interface. Since we pass the original script
element as the initiator here, the fetcher can use this initiator to create the request. While the result of
CachedResource has 3 variations (loaded, canceled, error occurred), Promise only tells us whether it is resolved
or rejected. When CachedModuleScript gets the result from the promise chain, it needs to know which the result is.
To transfer the canceled information, we reject the promise with the special symbol moduleLoaderAlreadyReportedErrorSymbol.
This offers the way to distinguish the canceled error from the other errors.
(WebCore::ScriptModuleLoader::evaluate):
This is the hook function that is called when JSC's JSModuleLoader attempts to execute each module.
(WebCore::ScriptModuleLoader::notifyFinished):
This function is called when the fetcher completes. We will resolve the promise with the result of the fetching.
The module loader pipeline is constructed as a chain of promises.
Rejecting a promise when some error occurs is important because the execution flow of
the promise chain is driven by "rejected" or "fulfilled" events.
If the promise is not rejected while error occurs, reject handler won't be executed
and all the subsequent promise chain will wait the result forever.
As a result, even if the error is already reported to the inspector elsewhere,
it should be propagated in the pipeline. For example, the error of loading
CachedResource is already reported to the inspector by the loader. But we still need
to reject the promise to propagate this error to the script element.
At that time, we don't want to report the same error twice. When we propagate the error
that is already reported to the inspector, we throw moduleLoaderAlreadyReportedErrorSymbol
symbol instead. By comparing the thrown error with this symbol, we can distinguish errors raised
when checking syntax of a module script from errors reported already.
In the reject handler of the promise, we only report a error that is not this symbol.
And mime type checking is done here since the module script always require this check.

• bindings/js/ScriptModuleLoader.h:

(WebCore::ScriptModuleLoader::document): Deleted.

• bindings/js/ScriptSourceCode.h:

(WebCore::ScriptSourceCode::ScriptSourceCode):

• dom/CurrentScriptIncrementer.h:

(WebCore::CurrentScriptIncrementer::CurrentScriptIncrementer):

• dom/LoadableClassicScript.cpp:

(WebCore::LoadableClassicScript::error):
(WebCore::LoadableClassicScript::execute):
(WebCore::LoadableClassicScript::wasErrored): Deleted.

• dom/LoadableClassicScript.h:
• dom/LoadableModuleScript.cpp: Copied from Source/WebCore/dom/LoadableScript.h.

This is the derived class from LoadableScript. It is used for the script module graphs.
(WebCore::LoadableModuleScript::create):
(WebCore::LoadableModuleScript::LoadableModuleScript):
(WebCore::LoadableModuleScript::~LoadableModuleScript):
(WebCore::LoadableModuleScript::isLoaded):
(WebCore::LoadableModuleScript::error):
(WebCore::LoadableModuleScript::wasCanceled):
(WebCore::LoadableModuleScript::notifyFinished):
(WebCore::LoadableModuleScript::execute):

• dom/LoadableModuleScript.h: Copied from Source/WebCore/dom/LoadableScript.h.

(isType):

• dom/LoadableScript.h:

(WebCore::LoadableScript::isModuleScript):
(WebCore::LoadableScript::isModuleGraph): Deleted.

• dom/PendingScript.cpp:

(WebCore::PendingScript::error):
(WebCore::PendingScript::wasErrored): Deleted.

• dom/PendingScript.h:
• dom/ScriptElement.cpp:

(WebCore::ScriptElement::ScriptElement):
(WebCore::ScriptElement::determineScriptType):
(WebCore::ScriptElement::prepareScript):
prepareScript is aligned to whatwg spec: the last sequence to setup flags has one-on-one correspondence to
the spec now. And prepareScript recognizes the type="module" case and call the requestModuleScript to setup
the CachedModuleScript.
(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestModuleScript):
We use the nonce and crossorigin attributes at the time of preparing the script tag. To do so, we store the
above values in CachedModuleScript.
Since inlined module scripts does not have "src" attribute, it is also affected by Content Security Policy's
inline script rules.
(WebCore::ScriptElement::requestScriptWithCacheForModuleScript):
The module loader will construct the fetching request by calling this function. This should be here since we
would like to set this Element to the initiator of the request. And nonce and crossorigin attributes of this
script tag will be used.
(WebCore::ScriptElement::requestScriptWithCache):
(WebCore::ScriptElement::executeScript):
(WebCore::ScriptElement::executeModuleScript):
The entry point to execute the module graph. Since the module graph is beyond the multiple CachedScript code,
we have the different entry point from ScriptElement::executeScript.
(WebCore::ScriptElement::executeScriptAndDispatchEvent):
(WebCore::ScriptElement::executeScriptForScriptRunner):

• dom/ScriptElement.h:

(WebCore::ScriptElement::scriptType):

• html/parser/CSSPreloadScanner.cpp:

(WebCore::CSSPreloadScanner::emitRule):

• html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
According to the spec, the module tag ignores the "charset" attribute as the same to the worker's
importScript. But WebKit supports the "charset" for importScript intentionally. So to be consistent,
even for the module tags, we handle the "charset" attribute. We explicitly note about it in the preloader.
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):

• html/parser/HTMLResourcePreloader.cpp:

(WebCore::PreloadRequest::resourceRequest):

• html/parser/HTMLResourcePreloader.h:

(WebCore::PreloadRequest::PreloadRequest):

• html/parser/HTMLScriptRunner.h:
• loader/cache/CachedResourceRequest.cpp:

(WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):

• xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::notifyFinished):

LayoutTests:

• TestExpectations:
• http/tests/misc/module-absolute-url-expected.txt: Added.
• http/tests/misc/module-absolute-url.html: Added.
• http/tests/misc/module-script-async-expected.txt: Added.
• http/tests/misc/module-script-async.html: Added.
• http/tests/misc/resources/module-absolute-url.js: Added.
• http/tests/misc/resources/module-absolute-url2.js: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-allowed-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-allowed.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-and-scripthash-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-and-scripthash.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-basic-blocked-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-basic-blocked.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-blocked-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-blocked.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-ignore-unsafeinline-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-ignore-unsafeinline.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-in-enforced-policy-and-not-in-report-only-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-in-enforced-policy-and-not-in-report-only.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-invalidnonce-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-invalidnonce.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-multiple-policies-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-multiple-policies.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-same-origin-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-same-origin.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect.html: Added.
• http/tests/security/contentSecurityPolicy/1.1/resources/module-scriptnonce-in-enforced-policy-and-not-in-report-only.php: Added.
• http/tests/security/contentSecurityPolicy/1.1/resources/module-scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.php: Added.
• http/tests/security/contentSecurityPolicy/module-eval-blocked-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/module-eval-blocked-in-external-script-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/module-eval-blocked-in-external-script.html: Added.
• http/tests/security/contentSecurityPolicy/module-eval-blocked.html: Added.
• http/tests/security/contentSecurityPolicy/resources/echo-module-script-src.pl: Added.
• http/tests/security/contentSecurityPolicy/resources/multiple-iframe-module-test.js: Added.

(testPreescapedPolicy):
(testExperimentalPolicy):
(test):
(iframe.onload):
(testImpl):
(finishTesting):

• http/tests/security/module-correct-mime-types-expected.txt: Added.
• http/tests/security/module-correct-mime-types.html: Added.
• http/tests/security/module-crossorigin-error-event-information-expected.txt: Added.
• http/tests/security/module-crossorigin-error-event-information.html: Added.
• http/tests/security/module-crossorigin-loads-correctly-credentials-expected.txt: Added.
• http/tests/security/module-crossorigin-loads-correctly-credentials.html: Added.
• http/tests/security/module-crossorigin-loads-omit-expected.txt: Added.
• http/tests/security/module-crossorigin-loads-omit.html: Added.
• http/tests/security/module-crossorigin-loads-same-origin-expected.txt: Added.
• http/tests/security/module-crossorigin-loads-same-origin.html: Added.
• http/tests/security/module-crossorigin-onerror-information-expected.txt: Added.
• http/tests/security/module-crossorigin-onerror-information.html: Added.
• http/tests/security/module-incorrect-mime-types-expected.txt: Added.
• http/tests/security/module-incorrect-mime-types.html: Added.
• http/tests/security/module-no-mime-type-expected.txt: Added.
• http/tests/security/module-no-mime-type.html: Added.
• http/tests/security/resources/cors-script.php:
• http/tests/security/resources/module-local-script.js: Added.
• js/dom/modules/module-and-dom-content-loaded-expected.txt: Added.
• js/dom/modules/module-and-dom-content-loaded.html: Added.
• js/dom/modules/module-and-window-load-expected.txt: Added.
• js/dom/modules/module-and-window-load.html: Added.
• js/dom/modules/module-async-and-window-load-expected.txt: Added.
• js/dom/modules/module-async-and-window-load.html: Added.
• js/dom/modules/module-document-write-expected.txt: Added.
• js/dom/modules/module-document-write-src-expected.txt: Added.
• js/dom/modules/module-document-write-src.html: Added.
• js/dom/modules/module-document-write.html: Added.
• js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-expected.txt: Added.
• js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html: Added.
• js/dom/modules/module-execution-error-should-be-propagated-to-onerror-expected.txt: Added.
• js/dom/modules/module-execution-error-should-be-propagated-to-onerror.html: Added.
• js/dom/modules/module-execution-order-inline-expected.txt: Added.
• js/dom/modules/module-execution-order-inline.html: Added.
• js/dom/modules/module-execution-order-mixed-expected.txt: Added.
• js/dom/modules/module-execution-order-mixed-with-classic-scripts-expected.txt: Added.
• js/dom/modules/module-execution-order-mixed-with-classic-scripts.html: Added.
• js/dom/modules/module-execution-order-mixed.html: Added.
• js/dom/modules/module-incorrect-relative-specifier-expected.txt: Added.
• js/dom/modules/module-incorrect-relative-specifier.html: Added.
• js/dom/modules/module-incorrect-tag-expected.txt: Added.
• js/dom/modules/module-incorrect-tag.html: Added.
• js/dom/modules/module-inline-current-script-expected.txt: Added.
• js/dom/modules/module-inline-current-script.html: Added.
• js/dom/modules/module-inline-dynamic-expected.txt: Added.
• js/dom/modules/module-inline-dynamic.html: Added.
• js/dom/modules/module-inline-simple-expected.txt: Added.
• js/dom/modules/module-inline-simple.html: Added.
• js/dom/modules/module-load-event-expected.txt: Added.
• js/dom/modules/module-load-event-with-src-expected.txt: Added.
• js/dom/modules/module-load-event-with-src.html: Added.
• js/dom/modules/module-load-event.html: Added.
• js/dom/modules/module-load-same-module-from-different-entry-point-dynamic-expected.txt: Added.
• js/dom/modules/module-load-same-module-from-different-entry-point-dynamic.html: Added.
• js/dom/modules/module-load-same-module-from-different-entry-point-expected.txt: Added.
• js/dom/modules/module-load-same-module-from-different-entry-point.html: Added.
• js/dom/modules/module-not-found-error-event-expected.txt: Added.
• js/dom/modules/module-not-found-error-event-with-src-and-import-expected.txt: Added.
• js/dom/modules/module-not-found-error-event-with-src-and-import.html: Added.
• js/dom/modules/module-not-found-error-event-with-src-expected.txt: Added.
• js/dom/modules/module-not-found-error-event-with-src.html: Added.
• js/dom/modules/module-not-found-error-event.html: Added.
• js/dom/modules/module-src-current-script-expected.txt: Added.
• js/dom/modules/module-src-current-script.html: Added.
• js/dom/modules/module-src-dynamic-expected.txt: Added.
• js/dom/modules/module-src-dynamic.html: Added.
• js/dom/modules/module-src-simple-expected.txt: Added.
• js/dom/modules/module-src-simple.html: Added.
• js/dom/modules/module-type-case-insensitive-expected.txt: Added.
• js/dom/modules/module-type-case-insensitive.html: Added.
• js/dom/modules/module-will-fire-beforeload-expected.txt: Added.
• js/dom/modules/module-will-fire-beforeload.html: Added.
• js/dom/modules/script-tests/module-document-write-src.js: Added.
• js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js: Added.
• js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-2.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-cappuccino.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-cocoa.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-matcha.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-2.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cappuccino.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cocoa.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-matcha.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts.js: Added.
• js/dom/modules/script-tests/module-execution-order-mixed.js: Added.
• js/dom/modules/script-tests/module-inline-dynamic.js: Added.

(export.default.Cocoa.prototype.taste):
(export.default.Cocoa):

• js/dom/modules/script-tests/module-inline-simple.js: Added.

(export.default.Cocoa.prototype.taste):
(export.default.Cocoa):

• js/dom/modules/script-tests/module-load-event-with-src.js: Added.
• js/dom/modules/script-tests/module-load-same-module-from-different-entry-point.js: Added.
• js/dom/modules/script-tests/module-not-found-error-event-with-src-and-import.js: Added.
• js/dom/modules/script-tests/module-src-current-script.js: Added.
• js/dom/modules/script-tests/module-src-dynamic-cocoa.js: Added.

(Cocoa.prototype.taste):
(Cocoa):

• js/dom/modules/script-tests/module-src-dynamic.js: Added.
• js/dom/modules/script-tests/module-src-simple-cocoa.js: Added.

(Cocoa.prototype.taste):
(Cocoa):

• js/dom/modules/script-tests/module-src-simple.js: Added.
• js/dom/modules/script-tests/module-will-fire-beforeload.js: Added.

1:08 AM Changeset in webkit [208787] by pvollan@apple.com

• 2 edits in trunk/Tools

[Win] WebCore test is failing.
​https://bugs.webkit.org/show_bug.cgi?id=164772

Reviewed by Brent Fulgham.

The value of CGRectInfinite is not the same on Windows as on Mac.

• TestWebKitAPI/Tests/WebCore/FloatRect.cpp:

(TestWebKitAPI::TEST):

Nov 15, 2016:

10:51 PM Changeset in webkit [208786] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Warning added in r208542
​https://bugs.webkit.org/show_bug.cgi?id=164636

Patch by Alejandro G. Castro <​alex@igalia.com> on 2016-11-15
Reviewed by Eric Carlson.

Deleted the copy constructor, we now explicitly copy the object in
the clone method.

• platform/mediastream/MediaStreamTrackPrivate.cpp: Delete the

copy constructor.
(WebCore::MediaStreamTrackPrivate::clone): Copy the relevant
information for the clone operation in the API.

• platform/mediastream/MediaStreamTrackPrivate.h: Delete the copy

constructor.

10:18 PM Changeset in webkit [208785] by rniwa@webkit.org

• 3 edits in trunk/Source/WebCore

Add more assertions to ElementQueue diagnose a bug
​https://bugs.webkit.org/show_bug.cgi?id=164814

Reviewed by Yusuke Suzuki.

Add more assertions to check the sanity of the element queue.
Also made them all release assertions so that we can catch them better.

• dom/CustomElementReactionQueue.cpp:

(WebCore::CustomElementReactionStack::ElementQueue::add):
(WebCore::CustomElementReactionStack::ElementQueue::invokeAll):

10:11 PM Changeset in webkit [208784] by Simon Fraser

• 2 edits in trunk/Source/WebKit2

[iOS WK2] Scroll view scrolling and zooming animations can keep running across page loads
​https://bugs.webkit.org/show_bug.cgi?id=164810

Reviewed by Tim Horton.

Scrolling and zooming animations can leak across page loads, which makes tests flakey,
and is unexpected by users.

Tested by scrollingcoordinator/ios/sync-layer-positions-after-scroll.html followed by
scrollingcoordinator/ios/ui-scrolling-tree.html

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLoadForMainFrame]):

10:03 PM Changeset in webkit [208783] by commit-queue@webkit.org

• 5 edits in trunk/Source/WebInspectorUI

Web Inspector: SourceCodeTextEditor should display execution lines for background threads
​https://bugs.webkit.org/show_bug.cgi?id=164679
<rdar://problem/29233026>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

There may be multiple threads paused in the same content view. With
this change we should a thread indicator for each primary line a
thread is paused on. It uses the same inline line indicator that
inline errors/warnings (issues) use.

When there is a single thread (just the Page) we don't show thread
indicators. But as soon as there are multiple threads we start
managing and showing them. The line indicator contains the name of
the thread on the side.

Note that SourceCodeTextEditor maintains the thread indicators, but
it still always handles the ActiveCallFrame as it used to, pushing
values down into TextEditor. The ActiveCallFrame styles override
the thread line indicators (albeit with the same styles). The reason
these are still separate is that TextEditor has some special styles
regarding its gutter for the active execution line. Eventually we
may want to find a way to push this up into SourceCodeTextEditor.

• Localizations/en.lproj/localizedStrings.js:

New string "%d Threads" when multiple threads are on the same line.

• UserInterface/Views/ScopeChainDetailsSidebarPanel.js:

(WebInspector.ScopeChainDetailsSidebarPanel):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._activeCallFrameDidChange):
Update Watch Expressions when the active call frame changes.

• UserInterface/Views/SourceCodeTextEditor.css:

(.source-code.text-editor > .CodeMirror .line-indicator-widget):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .arrow):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline > .arrow):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .icon):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .text):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline > .text):
Share line indicator widget styles between issue widgets and thread widgets.

(.source-code.text-editor > .CodeMirror .thread-indicator):
(.source-code.text-editor > .CodeMirror .thread-widget):
(.source-code.text-editor > .CodeMirror .thread-widget.inline):
(.source-code.text-editor > .CodeMirror .thread-widget.inline > .arrow):
Colors for the thread-widget line-indicators.

• UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor):
(WebInspector.SourceCodeTextEditor.prototype.close):
New event listeners handling for Target added / removed events.

(WebInspector.SourceCodeTextEditor.prototype._targetAdded):
(WebInspector.SourceCodeTextEditor.prototype._targetRemoved):
Update thread indicators as needed.

(WebInspector.SourceCodeTextEditor.prototype._looselyMatchesSourceCodeLocation):
More generic match based just on the URLs. Even if the exact script comes
from a different target, if they share the same URL that is fine.

(WebInspector.SourceCodeTextEditor.prototype._callFramesDidChange):
(WebInspector.SourceCodeTextEditor.prototype._addThreadIndicatorForTarget):
(WebInspector.SourceCodeTextEditor.prototype._removeThreadIndicatorForTarget):
(WebInspector.SourceCodeTextEditor.prototype._threadIndicatorWidgetForLine):
(WebInspector.SourceCodeTextEditor.prototype._updateThreadIndicatorWidget):
(WebInspector.SourceCodeTextEditor.prototype._handleThreadIndicatorWidgetClick):
Manage thread line indicator widgets. There are 3 maps we maintain.

1. line -> [threads]

List of threads paused on a line, needed for the UI text.

2. line -> widget

Gets the widget on a line so we can modify and eventually remove it.

3. target -> line

If a target is removed, we need to know what line it had an indicator on.

(WebInspector.SourceCodeTextEditor.prototype._isWidgetToggleable):
Generalize for all of our different line indicator widgets.

(WebInspector.SourceCodeTextEditor.prototype._contentDidPopulate):
(WebInspector.SourceCodeTextEditor.prototype.textEditorUpdatedFormatting):
(WebInspector.SourceCodeTextEditor.prototype._reinsertAllThreadIndicators):
When first populated, or reformatted, clear and reinsert all widgets.

(WebInspector.SourceCodeTextEditor.prototype._reinsertAllIssues):
(WebInspector.SourceCodeTextEditor.prototype._logCleared):
(WebInspector.SourceCodeTextEditor.prototype._clearIssueWidgets): Renamed.
Rename _clearWidgets to _clearIssueWidgets.

9:05 PM Changeset in webkit [208782] by mark.lam@apple.com

• 3 edits
  1 add in trunk

Make JSC test functions more robust.
​https://bugs.webkit.org/show_bug.cgi?id=164807

Reviewed by Keith Miller.

JSTests:

• stress/jsc-test-functions-should-be-more-robust.js: Added.

Source/JavaScriptCore:

• jsc.cpp:

(functionGetHiddenValue):
(functionSetHiddenValue):

8:47 PM Changeset in webkit [208781] by keith_miller@apple.com

• 25 edits in trunk

B3 should support UDiv/UMod
​https://bugs.webkit.org/show_bug.cgi?id=164811

Reviewed by Filip Pizlo.

JSTests:

Link new instructions to wasm.

• wasm/wasm.json:

Source/JavaScriptCore:

This patch adds support for UDiv and UMod in B3. Many of the magic number
cases have been ommited for now since they are unlikely to happen in wasm
code. Most wasm code we will see is generated via llvm, which has more
robust versions of what we would do anyway. Additionally, this patch
links the new opcodes up to the wasm parser.

• assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::uDiv32):
(JSC::MacroAssemblerARM64::uDiv64):

• assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::x86UDiv32):

• assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::x86UDiv64):

• assembler/X86Assembler.h:

(JSC::X86Assembler::divq_r):

• b3/B3Common.h:

(JSC::B3::chillUDiv):
(JSC::B3::chillUMod):

• b3/B3Const32Value.cpp:

(JSC::B3::Const32Value::uDivConstant):
(JSC::B3::Const32Value::uModConstant):

• b3/B3Const32Value.h:
• b3/B3Const64Value.cpp:

(JSC::B3::Const64Value::uDivConstant):
(JSC::B3::Const64Value::uModConstant):

• b3/B3Const64Value.h:
• b3/B3LowerMacros.cpp:
• b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):
(JSC::B3::Air::LowerToAir::lowerX86UDiv):

• b3/B3Opcode.cpp:

(WTF::printInternal):

• b3/B3Opcode.h:
• b3/B3ReduceStrength.cpp:
• b3/B3Validate.cpp:
• b3/B3Value.cpp:

(JSC::B3::Value::uDivConstant):
(JSC::B3::Value::uModConstant):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

• b3/B3Value.h:
• b3/B3ValueKey.cpp:

(JSC::B3::ValueKey::materialize):

• b3/air/AirInstInlines.h:

(JSC::B3::Air::isX86UDiv32Valid):
(JSC::B3::Air::isX86UDiv64Valid):

• b3/air/AirOpcode.opcodes:
• b3/testb3.cpp:

(JSC::B3::testUDivArgsInt32):
(JSC::B3::testUDivArgsInt64):
(JSC::B3::testUModArgsInt32):
(JSC::B3::testUModArgsInt64):
(JSC::B3::run):

• wasm/wasm.json:

8:07 PM Changeset in webkit [208780] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Simplify Element::stripScriptingAttributes()
​https://bugs.webkit.org/show_bug.cgi?id=164785

Reviewed by Ryosuke Niwa.

Simplify Element::stripScriptingAttributes() by leveraging
Vector::removeAllMatching().

No new tests, no Web-exposed behavior change.

• dom/Element.cpp:

(WebCore::Element::stripScriptingAttributes):

7:10 PM Changeset in webkit [208779] by commit-queue@webkit.org

• 19 edits
  2 copies
  2 adds in trunk

Source/JavaScriptCore:
Web Inspector: Preview other CSS @media in browser window (print)
​https://bugs.webkit.org/show_bug.cgi?id=13530
<rdar://problem/5712928>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

• inspector/protocol/Page.json:

Update to preferred JSON style.

Source/WebInspectorUI:
Web Inspector: Remove unused and untested Page.setTouchEmulationEnabled command
​https://bugs.webkit.org/show_bug.cgi?id=164793

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

• Localizations/en.lproj/localizedStrings.js:

Tooltips for new button.

• UserInterface/Base/Main.js:

(WebInspector.loaded):
New global setting.

• UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView):
(WebInspector.DOMTreeContentView.prototype.get navigationItems):
(WebInspector.DOMTreeContentView.prototype._showPrintStylesSettingChanged):
(WebInspector.DOMTreeContentView.prototype._togglePrintStylesSetting):
New navigation bar button to toggle print styles.

• UserInterface/Controllers/CSSStyleManager.js:

(WebInspector.CSSStyleManager.prototype.mediaTypeChanged):
After toggling styles we will need to refresh styles, so provide
a meaningful way to trigger refreshing styles from the frontend.

• UserInterface/Images/Printer.svg: Added.
• UserInterface/Images/gtk/Printer.svg: Added.

New Printer icon for enabling / disabling print styles.

• UserInterface/Images/gtk/Crosshair.svg:
• UserInterface/Images/gtk/LayerBorders.svg:
• UserInterface/Images/gtk/NavigationItemCurleyBraces.svg:
• UserInterface/Images/gtk/NavigationItemTypes.svg:
• UserInterface/Images/gtk/PaintFlashing.svg:
• UserInterface/Images/gtk/ShadowDOM.svg:
• UserInterface/Images/gtk/ToggleLeftSidebar.svg:
• UserInterface/Images/gtk/ToggleRightSidebar.svg:
• UserInterface/Images/gtk/UpDownArrows.svg:

Fix a number of existing GTK images to have activated styles.

LayoutTests:
Web Inspector: Preview other CSS @media in browser window (print)
​https://bugs.webkit.org/show_bug.cgi?id=13530
<rdar://problem/5712928>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

• inspector/page/media-query-list-listener-exception-expected.txt: Copied from LayoutTests/inspector/page/setEmulatedMedia-expected.txt.
• inspector/page/media-query-list-listener-exception.html: Copied from LayoutTests/inspector/page/setEmulatedMedia.html.

Rename this test which is about swallowing exceptions and happened to use inspector code.

• inspector/page/setEmulatedMedia-expected.txt:
• inspector/page/setEmulatedMedia.html:

Test for Page.setEmulatedMedia command.

6:55 PM Changeset in webkit [208778] by jonlee@apple.com

• 13 edits in trunk

Report active video and audio capture devices separately
​https://bugs.webkit.org/show_bug.cgi?id=164769

Reviewed by Eric Carlson.

Source/WebCore:

For UI purposes, separate the notion of any active capture device to
an active audio and video capture device.

• page/MediaProducer.h: Replace HasActiveMediaCaptureDevice with

HasActiveAudioCaptureDevice and HasActiveVideoCaptureDevice.

• Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::mediaState): Update the logic for mediaState().
Since it is possible to arbitrarily add tracks from various sources,
check specifically for a local AV source (meaning a capture device) that
is producing data.

• platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::hasLocalVideoSource): Iterate over the tracks
and look for video sources that are not remote.
(WebCore::MediaStreamPrivate::hasLocalAudioSource): Ditto for audio.

• platform/mediastream/MediaStreamPrivate.h:
• testing/Internals.cpp:

(WebCore::Internals::pageMediaState): Update internals reporting.

Source/WebKit2:

Replace kWKMediaHasActiveCaptureDevice with kWKMediaHasActiveAudioCaptureDevice and
kWKMediaHasActiveVideoCaptureDevice

• UIProcess/API/C/WKPage.cpp:

(WKPageGetMediaState):

• UIProcess/API/C/WKPagePrivate.h:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::isPlayingMediaDidChange): Update the mask to include the two
bits.

LayoutTests:

• fast/mediastream/MediaStream-page-muted-expected.txt: Update test.
• fast/mediastream/MediaStream-page-muted.html:

5:35 PM Changeset in webkit [208777] by fpizlo@apple.com

• 7 edits in trunk/Source/JavaScriptCore

Unreviewed, revert renaming useConcurrentJIT to useConcurrentJS.

• dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

• heap/Heap.cpp:

(JSC::Heap::addToRememberedSet):

• jit/JITWorklist.cpp:

(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):

• runtime/Options.cpp:

(JSC::recomputeDependentOptions):

• runtime/Options.h:
• runtime/WriteBarrierInlines.h:

(JSC::WriteBarrierBase<T>::set):
(JSC::WriteBarrierBase<Unknown>::set):

5:16 PM Changeset in webkit [208776] by Chris Dumez

• 9 edits in trunk/Source/WebCore

Avoid copying vector of attributes as much as possible in the HTML parser
​https://bugs.webkit.org/show_bug.cgi?id=164778

Reviewed by Ryosuke Niwa.

Avoid copying vector of attributes as much as possible in the HTML parser by moving
AtomicHTMLToken around and making it obvious it is safe to move its attributes
vector as well.

No new tests, no Web-exposed behavior change.

• html/parser/AtomicHTMLToken.h:

(WebCore::AtomicHTMLToken::AtomicHTMLToken):
(WebCore::findAttribute):

• html/parser/HTMLConstructionSite.cpp:

(WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML):
(WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement):
(WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagInBody):
(WebCore::HTMLConstructionSite::insertHTMLBodyStartTagInBody):
(WebCore::HTMLConstructionSite::insertDoctype):
(WebCore::HTMLConstructionSite::insertComment):
(WebCore::HTMLConstructionSite::insertCommentOnDocument):
(WebCore::HTMLConstructionSite::insertCommentOnHTMLHtmlElement):
(WebCore::HTMLConstructionSite::insertHTMLHeadElement):
(WebCore::HTMLConstructionSite::insertHTMLBodyElement):
(WebCore::HTMLConstructionSite::insertHTMLFormElement):
(WebCore::HTMLConstructionSite::insertHTMLElement):
(WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface):
(WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement):
(WebCore::HTMLConstructionSite::insertFormattingElement):
(WebCore::HTMLConstructionSite::insertScriptElement):
(WebCore::HTMLConstructionSite::insertForeignElement):
(WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
(WebCore::HTMLConstructionSite::createElementFromSavedToken):

• html/parser/HTMLConstructionSite.h:
• html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::constructTreeFromHTMLToken):

• html/parser/HTMLStackItem.h:

(WebCore::HTMLStackItem::HTMLStackItem):
(WebCore::HTMLStackItem::create):

• html/parser/HTMLTreeBuilder.cpp:

(WebCore::CustomElementConstructionData::CustomElementConstructionData):
(WebCore::HTMLTreeBuilder::constructTree):
(WebCore::HTMLTreeBuilder::processToken):
(WebCore::HTMLTreeBuilder::processDoctypeToken):
(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::processFakeEndTag):
(WebCore::HTMLTreeBuilder::processFakePEndTagIfPInButtonScope):
(WebCore::HTMLTreeBuilder::processCloseWhenNestedTag):
(WebCore::HTMLTreeBuilder::processStartTagForInBody):
(WebCore::HTMLTreeBuilder::insertGenericHTMLElement):
(WebCore::HTMLTreeBuilder::processTemplateStartTag):
(WebCore::HTMLTreeBuilder::processTemplateEndTag):
(WebCore::HTMLTreeBuilder::processEndOfFileForInTemplateContents):
(WebCore::HTMLTreeBuilder::processStartTagForInTable):
(WebCore::HTMLTreeBuilder::processStartTag):
(WebCore::HTMLTreeBuilder::processHtmlStartTagForInBody):
(WebCore::HTMLTreeBuilder::processBodyEndTagForInBody):
(WebCore::HTMLTreeBuilder::processAnyOtherEndTagForInBody):
(WebCore::HTMLTreeBuilder::callTheAdoptionAgency):
(WebCore::HTMLTreeBuilder::processEndTagForInTableBody):
(WebCore::HTMLTreeBuilder::processEndTagForInRow):
(WebCore::HTMLTreeBuilder::processEndTagForInCell):
(WebCore::HTMLTreeBuilder::processEndTagForInBody):
(WebCore::HTMLTreeBuilder::processEndTagForInTable):
(WebCore::HTMLTreeBuilder::processEndTag):
(WebCore::HTMLTreeBuilder::processComment):
(WebCore::HTMLTreeBuilder::processCharacter):
(WebCore::HTMLTreeBuilder::processEndOfFile):
(WebCore::HTMLTreeBuilder::defaultForBeforeHTML):
(WebCore::HTMLTreeBuilder::defaultForBeforeHead):
(WebCore::HTMLTreeBuilder::defaultForInHead):
(WebCore::HTMLTreeBuilder::defaultForInHeadNoscript):
(WebCore::HTMLTreeBuilder::defaultForAfterHead):
(WebCore::HTMLTreeBuilder::processStartTagForInHead):
(WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag):
(WebCore::HTMLTreeBuilder::processGenericRawTextStartTag):
(WebCore::HTMLTreeBuilder::processScriptStartTag):
(WebCore::HTMLTreeBuilder::shouldProcessTokenInForeignContent):
(WebCore::hasAttribute):
(WebCore::HTMLTreeBuilder::processTokenInForeignContent):
(WebCore::HTMLTreeBuilder::parseError):

• html/parser/HTMLTreeBuilder.h:
• html/parser/TextDocumentParser.cpp:

(WebCore::TextDocumentParser::insertFakePreElement):

5:06 PM Changeset in webkit [208775] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Marking js/regress-141098.html as flaky on ios-simulator.
​https://bugs.webkit.org/show_bug.cgi?id=163046

Unreviewed test gardening.

• platform/ios-simulator/TestExpectations:

5:03 PM Changeset in webkit [208774] by Nikita Vasilyev

• 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r208248): Web Inspector: Pressing Left Arrow breaks autocomplete
​https://bugs.webkit.org/show_bug.cgi?id=164391
<rdar://problem/29102408>

Reviewed by Matt Baker.

Unroll r208248.

• UserInterface/Controllers/CodeMirrorCompletionController.js:

(WebInspector.CodeMirrorCompletionController):
(WebInspector.CodeMirrorCompletionController.prototype.updateCompletions):
(WebInspector.CodeMirrorCompletionController.prototype.isCompletionChange):
(WebInspector.CodeMirrorCompletionController.prototype.hideCompletions):
(WebInspector.CodeMirrorCompletionController.prototype.close):
(WebInspector.CodeMirrorCompletionController.prototype.completionSuggestionsSelectedCompletion):
(WebInspector.CodeMirrorCompletionController.prototype._createCompletionHintMarker):
(WebInspector.CodeMirrorCompletionController.prototype._applyCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._applyCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._commitCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._commitCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._removeLastChangeFromHistory):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint.clearMarker):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._completeAtCurrentPosition):
(WebInspector.CodeMirrorCompletionController.prototype._generateJavaScriptCompletions):

5:01 PM Changeset in webkit [208773] by ap@apple.com

• 2 edits in trunk/Tools

Update Youenn's e-mail addresses.

• Scripts/webkitpy/common/config/contributors.json:

4:44 PM Changeset in webkit [208772] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Fix iOS API test assertion after r208534
​https://bugs.webkit.org/show_bug.cgi?id=164751

Patch by Alex Christensen <​achristensen@webkit.org> on 2016-11-15
Reviewed by Geoffrey Garen.

This removes a firing assertion in the WebKit1.AudioSessionCategoryIOS API test on the iOS simulator.

• platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::setLowMemoryHandler):
This assertion is no longer valid because we are using m_installed to determine if m_lowMemoryHandler xor m_releaseMemoryBlock is set,
and we should be setting both right now on iOS and they are both useful in freeing memory. These should be united.

4:25 PM Changeset in webkit [208771] by beidson@apple.com

• 7 edits in trunk

IndexedDB 2.0: Key collation during SQLite lookups is insanely slow.
​https://bugs.webkit.org/show_bug.cgi?id=164754

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by *all* existing tests, and unskips a previously-too-slow test)

The new serialization format is straight forward enough to get back with minimal documentation
in a comment with the code itself being the rest of the documentation.

It handles all current IDB key types and leaves room for future key types.

• Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::setBinaryValue):

• Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::binary):

• Modules/indexeddb/server/IDBSerialization.cpp:

(WebCore::serializedTypeForKeyType):
(WebCore::writeLittleEndian):
(WebCore::readLittleEndian):
(WebCore::writeDouble):
(WebCore::readDouble):
(WebCore::encodeKey):
(WebCore::serializeIDBKeyData):
(WebCore::decodeKey):
(WebCore::deserializeIDBKeyData):

• Modules/indexeddb/server/IDBSerialization.h:

• Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey): Verify that Type == Invalid

keys don't get into the database. This was happening before and the previous serialization
supported it, but there's clearly no point in supporting it with the new serialization.

LayoutTests:

• TestExpectations: Unskip a test that passes even in debug builds, and re-classify a test that used to be too-slow everywhere to be too-slow only in debug builds.

4:23 PM Changeset in webkit [208770] by Simon Fraser

• 3 edits
  2 adds in trunk

UIScriptController: script with no async tasks fails if an earlier script registered a callback
​https://bugs.webkit.org/show_bug.cgi?id=164762

Reviewed by Wenson Hsieh.
Tools:

UIScriptContext::runUIScript() considers a script to be "immediate" if that script doesn't
queue any async tasks. However, if an earlier UI script registered a callback, UIScriptContext::runUIScript()
would consider that an outstanding task.

Fix by unregistering any callbacks associated with the current UI script when uiScriptComplete() is called.

• TestRunnerShared/UIScriptContext/UIScriptContext.cpp:

(UIScriptContext::tryToCompleteUIScriptForCurrentParentCallback):

LayoutTests:

• fast/harness/ui-side-script-with-callback-expected.txt: Added.
• fast/harness/ui-side-script-with-callback.html: Added.

4:23 PM Changeset in webkit [208769] by Simon Fraser

• 5 edits
  2 adds in trunk

UIScriptController: setting a callback to undefined should unregister it
​https://bugs.webkit.org/show_bug.cgi?id=164796

Reviewed by Dean Jackson.
Tools:

"Immediate" UI scripts (those that don't schedule any async tasks) should return
immediately, without the need to call uiScriptComplete(). However, this is broken if
an earlier UI script registered a callback (since no-one clears that callback after the
first script completes).

Make possible the workaround of setting the callback to undefined, which previously did
not clear the callback registration.

• TestRunnerShared/UIScriptContext/UIScriptContext.cpp:

(UIScriptContext::registerCallback):

• TestRunnerShared/UIScriptContext/UIScriptContext.h:
• WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::platformClearAllCallbacks):

LayoutTests:

• fast/harness/ui-side-script-unregister-callback-expected.txt: Added.
• fast/harness/ui-side-script-unregister-callback.html: Added.

4:23 PM Changeset in webkit [208768] by ggaren@apple.com

• 5 edits in trunk/Source/JavaScriptCore

Debugging and other tools should not disable the code cache
​https://bugs.webkit.org/show_bug.cgi?id=164802

Reviewed by Mark Lam.

• bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::fromGlobalCode): Updated for interface
change.

• parser/SourceCodeKey.h:

(JSC::SourceCodeFlags::SourceCodeFlags):
(JSC::SourceCodeFlags::bits):
(JSC::SourceCodeKey::SourceCodeKey): Treat debugging and other tools
as part of our key so that we can cache code while using tools. Be sure
to include these bits in our hash function so you don't get storms of
collisions as you open and close the Web Inspector.

• runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): Treat tools as
a part of our key instead of as a reason to disable caching.

• runtime/CodeCache.h:

4:19 PM Changeset in webkit [208767] by mark.lam@apple.com

• 10 edits in trunk/Source/JavaScriptCore

Remove JSString::SafeView and replace its uses with StringViewWithUnderlyingString.
​https://bugs.webkit.org/show_bug.cgi?id=164777

Reviewed by Geoffrey Garen.

JSString::SafeView no longer achieves its intended goal to make it easier to
handle strings safely. Its clients still need to do explicit exception checks in
order to be correct. We'll remove it and replace its uses with
StringViewWithUnderlyingString instead which serves to gets the a StringView
(which is what we really wanted from SafeView) and keeps the backing String alive
while the view is in use.

Also added some missing exception checks.

• jsc.cpp:

(printInternal):
(functionDebug):

• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncJoin):

• runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

• runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorFuncCompare):

• runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewProtoFuncJoin):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::toStringView):
(JSC::globalFuncParseFloat):

• runtime/JSONObject.cpp:

(JSC::JSONProtoFuncParse):

• runtime/JSString.h:

(JSC::JSString::SafeView::is8Bit): Deleted.
(JSC::JSString::SafeView::length): Deleted.
(JSC::JSString::SafeView::SafeView): Deleted.
(JSC::JSString::SafeView::get): Deleted.
(JSC::JSString::view): Deleted.

• runtime/StringPrototype.cpp:

(JSC::stringProtoFuncRepeatCharacter):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncNormalize):

4:09 PM Changeset in webkit [208766] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Marking http/tests/cache/disk-cache/disk-cache-remove-several-pending-writes.html as flaky.
​https://bugs.webkit.org/show_bug.cgi?id=161650

Unreviewed test gardening.

• platform/mac/TestExpectations:

4:06 PM Changeset in webkit [208765] by Brent Fulgham

• 2 edits in trunk/Source/WebCore

Ensure sufficient buffer for worst-case URL encoding
​https://bugs.webkit.org/show_bug.cgi?id=164794
<rdar://problem/5905510>

Reviewed by David Kilzer.

Slightly increase the default allocation size for URL parsing to account for
the worst-case parsing case. Under these assumptions, we might need three times
the byte length of the URL, plus nine bytes for fix-up characters.

In short, increase the default buffer size by 9 bytes.

No new tests. No change in behavior.

• platform/URL.cpp:

(WebCore::URL::parse): Slightly increase the default buffer size.

3:48 PM Changeset in webkit [208764] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Skip fast/forms/search-cancel-button-change-input.html on ios-simulator since the test relies upon mouse events.

Unreviewed test gardening.

• platform/ios-simulator/TestExpectations:

3:42 PM Changeset in webkit [208763] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove bogus assertion.

• heap/Heap.cpp:

(JSC::Heap::markToFixpoint):

3:32 PM Changeset in webkit [208762] by fpizlo@apple.com

• 4 edits in trunk

[mac-wk1 debug] ASSERTION FAILED: thisObject->m_propertyTableUnsafe
​https://bugs.webkit.org/show_bug.cgi?id=162986

Reviewed by Saam Barati.

Source/JavaScriptCore:

This assertion is wrong for concurrent GC anyway, so this removes it.

• runtime/Structure.cpp:

(JSC::Structure::visitChildren):

LayoutTests:

This test should not crash anymore.

• platform/mac-wk1/TestExpectations:

3:21 PM Changeset in webkit [208761] by fpizlo@apple.com

• 73 edits
  1 move in trunk/Source

Rename CONCURRENT_JIT/ConcurrentJIT to CONCURRENT_JS/ConcurrentJS
​https://bugs.webkit.org/show_bug.cgi?id=164791

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Just renaming.

• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/ArrayProfile.cpp:

(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
(JSC::ArrayProfile::briefDescriptionWithoutUpdating):

• bytecode/ArrayProfile.h:

(JSC::ArrayProfile::observedArrayModes):
(JSC::ArrayProfile::mayInterceptIndexedAccesses):
(JSC::ArrayProfile::mayStoreToHole):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::usesOriginalArrayStructures):

• bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):
(JSC::CallLinkStatus::computeFor):
(JSC::CallLinkStatus::computeExitSiteData):
(JSC::CallLinkStatus::computeFromCallLinkInfo):
(JSC::CallLinkStatus::computeDFGStatuses):

• bytecode/CallLinkStatus.h:
• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::getStubInfoMap):
(JSC::CodeBlock::getCallLinkInfoMap):
(JSC::CodeBlock::getByValInfoMap):
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::addByValInfo):
(JSC::CodeBlock::addCallLinkInfo):
(JSC::CodeBlock::resetJITData):
(JSC::CodeBlock::shrinkToFit):
(JSC::CodeBlock::getArrayProfile):
(JSC::CodeBlock::addArrayProfile):
(JSC::CodeBlock::getOrAddArrayProfile):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::nameForRegister):
(JSC::CodeBlock::livenessAnalysisSlow):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
(JSC::CodeBlock::addFrequentExitSite):
(JSC::CodeBlock::hasExitSite):
(JSC::CodeBlock::livenessAnalysis):

• bytecode/DFGExitProfile.cpp:

(JSC::DFG::ExitProfile::add):
(JSC::DFG::ExitProfile::hasExitSite):
(JSC::DFG::QueryableExitProfile::initialize):

• bytecode/DFGExitProfile.h:

(JSC::DFG::ExitProfile::hasExitSite):

• bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::hasExitSite):
(JSC::GetByIdStatus::computeFor):
(JSC::GetByIdStatus::computeForStubInfo):
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

• bytecode/GetByIdStatus.h:
• bytecode/LazyOperandValueProfile.cpp:

(JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
(JSC::CompressedLazyOperandValueProfileHolder::add):
(JSC::LazyOperandValueProfileParser::initialize):
(JSC::LazyOperandValueProfileParser::prediction):

• bytecode/LazyOperandValueProfile.h:
• bytecode/MethodOfGettingAValueProfile.cpp:

(JSC::MethodOfGettingAValueProfile::emitReportValue):

• bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::hasExitSite):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::computeForStubInfo):

• bytecode/PutByIdStatus.h:
• bytecode/StructureStubClearingWatchpoint.cpp:

(JSC::StructureStubClearingWatchpoint::fireInternal):

• bytecode/ValueProfile.h:

(JSC::ValueProfileBase::briefDescription):
(JSC::ValueProfileBase::computeUpdatedPrediction):

• dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::fromObserved):

• dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::withSpeculationFromProfile):
(JSC::DFG::ArrayMode::withProfile):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

• dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):

• dfg/DFGGraph.cpp:

(JSC::DFG::Graph::tryGetConstantClosureVar):

• dfg/DFGObjectAllocationSinkingPhase.cpp:
• dfg/DFGPredictionInjectionPhase.cpp:

(JSC::DFG::PredictionInjectionPhase::run):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

• ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

• heap/Heap.cpp:

(JSC::Heap::addToRememberedSet):

• jit/JIT.cpp:

(JSC::JIT::compileWithoutLinking):

• jit/JITInlines.h:

(JSC::JIT::chooseArrayMode):

• jit/JITOperations.cpp:

(JSC::tryGetByValOptimize):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompileGetByValWithCachedId):
(JSC::JIT::privateCompilePutByValWithCachedId):

• jit/JITWorklist.cpp:

(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):

• jit/Repatch.cpp:

(JSC::repatchGetByID):
(JSC::repatchPutByID):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):

• profiler/ProfilerBytecodeSequence.cpp:

(JSC::Profiler::BytecodeSequence::BytecodeSequence):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

• runtime/ConcurrentJITLock.h: Removed.
• runtime/ConcurrentJSLock.h: Copied from Source/JavaScriptCore/runtime/ConcurrentJITLock.h.

(JSC::ConcurrentJSLockerBase::ConcurrentJSLockerBase):
(JSC::ConcurrentJSLockerBase::~ConcurrentJSLockerBase):
(JSC::GCSafeConcurrentJSLocker::GCSafeConcurrentJSLocker):
(JSC::GCSafeConcurrentJSLocker::~GCSafeConcurrentJSLocker):
(JSC::ConcurrentJSLocker::ConcurrentJSLocker):
(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase): Deleted.
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase): Deleted.
(JSC::ConcurrentJITLockerBase::unlockEarly): Deleted.
(JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker): Deleted.
(JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker): Deleted.
(JSC::ConcurrentJITLocker::ConcurrentJITLocker): Deleted.

• runtime/InferredType.cpp:

(JSC::InferredType::canWatch):
(JSC::InferredType::addWatchpoint):
(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):

• runtime/InferredType.h:
• runtime/InferredTypeTable.cpp:

(JSC::InferredTypeTable::visitChildren):
(JSC::InferredTypeTable::get):
(JSC::InferredTypeTable::willStoreValue):
(JSC::InferredTypeTable::makeTop):

• runtime/InferredTypeTable.h:
• runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::heapSnapshot):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addStaticGlobals):

• runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):

• runtime/JSObject.cpp:

(JSC::JSObject::deleteProperty):
(JSC::JSObject::shiftButterflyAfterFlattening):

• runtime/JSObject.h:
• runtime/JSObjectInlines.h:

(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):

• runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::collectClosureVariablesUnderTDZ):

• runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::findVariableIndex):
(JSC::JSSegmentedVariableObject::addVariables):
(JSC::JSSegmentedVariableObject::heapSnapshot):

• runtime/JSSegmentedVariableObject.h:
• runtime/JSSymbolTableObject.cpp:

(JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):

• runtime/JSSymbolTableObject.h:

(JSC::symbolTableGet):
(JSC::symbolTablePut):

• runtime/Options.cpp:

(JSC::recomputeDependentOptions):

• runtime/Options.h:
• runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

• runtime/RegExp.cpp:

(JSC::RegExp::compile):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):

• runtime/RegExp.h:
• runtime/Structure.cpp:

(JSC::Structure::materializePropertyTable):
(JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
(JSC::Structure::addNewPropertyTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::ensurePropertyReplacementWatchpointSet):
(JSC::Structure::add):
(JSC::Structure::remove):
(JSC::Structure::visitChildren):

• runtime/Structure.h:
• runtime/StructureInlines.h:

(JSC::Structure::propertyReplacementWatchpointSet):
(JSC::Structure::add):
(JSC::Structure::remove):

• runtime/SymbolTable.cpp:

(JSC::SymbolTable::visitChildren):
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::entryFor):
(JSC::SymbolTable::prepareForTypeProfiling):
(JSC::SymbolTable::uniqueIDForVariable):
(JSC::SymbolTable::uniqueIDForOffset):
(JSC::SymbolTable::globalTypeSetForOffset):
(JSC::SymbolTable::globalTypeSetForVariable):

• runtime/SymbolTable.h:
• runtime/TypeSet.cpp:

(JSC::TypeSet::addTypeInformation):
(JSC::TypeSet::invalidateCache):

• runtime/TypeSet.h:

(JSC::TypeSet::structureSet):

• runtime/VM.h:
• runtime/WriteBarrierInlines.h:

(JSC::WriteBarrierBase<T>::set):
(JSC::WriteBarrierBase<Unknown>::set):

• yarr/YarrInterpreter.cpp:

(JSC::Yarr::ByteCompiler::compile):
(JSC::Yarr::byteCompile):

• yarr/YarrInterpreter.h:

(JSC::Yarr::BytecodePattern::BytecodePattern):

Source/WTF:

Both the concurrent GC and the concurrent JIT rely on concurrency support in fundamental
JSC runtime components like JSValue. So, the thing that guards it should be a "feature"
called CONCURRENT_JS not CONCURRENT_JIT.

• wtf/Platform.h:

3:12 PM Changeset in webkit [208760] by commit-queue@webkit.org

• 16 edits in trunk/Source

Web Inspector: Remove unused and untested Page.setTouchEmulationEnabled command
​https://bugs.webkit.org/show_bug.cgi?id=164793

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Matt Baker.

Source/JavaScriptCore:

• inspector/protocol/Page.json:

Source/WebCore:

• inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorPageAgent::updateTouchEventEmulationInPage): Deleted.
(WebCore::InspectorPageAgent::setTouchEmulationEnabled): Deleted.

• inspector/InspectorPageAgent.h:

Source/WebInspectorUI:

• UserInterface/Protocol/Legacy/10.0/InspectorBackendCommands.js:
• UserInterface/Protocol/Legacy/7.0/InspectorBackendCommands.js:
• UserInterface/Protocol/Legacy/8.0/InspectorBackendCommands.js:
• UserInterface/Protocol/Legacy/9.0/InspectorBackendCommands.js:
• UserInterface/Protocol/Legacy/9.3/InspectorBackendCommands.js:
• Versions/Inspector-iOS-10.0.json:
• Versions/Inspector-iOS-7.0.json:
• Versions/Inspector-iOS-8.0.json:
• Versions/Inspector-iOS-9.0.json:
• Versions/Inspector-iOS-9.3.json:

2:50 PM Changeset in webkit [208759] by jiewen_tan@apple.com

• 6 edits in trunk/LayoutTests

js-test-pre.js::shouldReject doesn't need _rejectCallback and _resolveCallback
​https://bugs.webkit.org/show_bug.cgi?id=164758

Reviewed by Youenn Fablet.

Since the function returns a promise, it doesn't need _rejectCallback and _resolveCallback.

• crypto/subtle/generate-key-malformed-parameters.html:
• crypto/subtle/rsa-generate-key-malformed-parameters.html:
• crypto/workers/subtle/resources/rsa-generate-key.js:
• crypto/workers/subtle/rsa-generate-key-expected.txt:
• resources/js-test-pre.js:

2:48 PM Changeset in webkit [208758] by Yusuke Suzuki

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for Windows debug build after r208738
​https://bugs.webkit.org/show_bug.cgi?id=164727

This static member variable can be touched outside of the JSC project
since inlined MacroAssembler member functions read / write it.
So it should be exported.

• assembler/MacroAssemblerX86Common.h:

2:25 PM Changeset in webkit [208757] by jiewen_tan@apple.com

• 2 edits in trunk/Source/WebCore

Unreviewed, quick fix for r208751

• bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::jsSubtleCryptoFunctionExportKeyPromise):

2:16 PM Changeset in webkit [208756] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Unreviewed, fix build after r208710.

Inline functions should not be marked as WEBCORE_EXPORT.

• dom/QualifiedName.h:

2:12 PM Changeset in webkit [208755] by commit-queue@webkit.org

• 4 edits in trunk

Web Inspector: inspector/worker/debugger-pause.html fails on WebKit1
​https://bugs.webkit.org/show_bug.cgi?id=164787

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

• inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::cancelPauseOnNextStatement):
Clear this DebuggerAgent state when we resume.

LayoutTests:

• inspector/worker/debugger-pause.html:

Make this test work for WebKit1 where the VM is shared between the
page and inspector page. We need to be able to stop the Inspector's
evaluation, so that we can evaluate and pause on the page, and then
come back to the inspector afterwards.

2:02 PM Changeset in webkit [208754] by fpizlo@apple.com

• 5 edits in trunk/Source/JavaScriptCore

It should be possible to disable concurrent GC timeslicing
​https://bugs.webkit.org/show_bug.cgi?id=164788

Reviewed by Saam Barati.

Collector timeslicing means that the collector will try to pause once every 2ms. This is
great because it throttles the mutator and prevents it from outpacing the collector. But
it reduces some of the efficacy of the collectContinuously=true configuration: while
it's great that collecting continuously means that the collector will also pause more
frequently and so it will test the pausing code, it also means that the collector will
spend less time running concurrently. The primary purpose of collectContinuously is to
maximize the amount of time that the collector is running concurrently to the mutator to
maximize the likelihood that a race will cause a detectable error.

This adds an option to disable collector timeslicing (useCollectorTimeslicing=false).
The idea is that we will usually use this in conjunction with collectContinuously=true
to find race conditions during marking, but we can also use the two options
independently to focus our testing on other things.

• heap/Heap.cpp:

(JSC::Heap::markToFixpoint):

• heap/SlotVisitor.cpp:

(JSC::SlotVisitor::drainInParallel): We should have added this helper ages ago.

• heap/SlotVisitor.h:
• runtime/Options.h:

2:00 PM Changeset in webkit [208753] by Brent Fulgham

• 2 edits in trunk/Source/WebCore

strncpy may leave unterminated string in WebCore::URL::init
​https://bugs.webkit.org/show_bug.cgi?id=74473
<rdar://problem/10576626>

Reviewed by David Kilzer.

Reviving an old patch by David Kilzer! This should have been integrated years ago.

No new tests. No change in behavior.

• platform/URL.cpp:

(WebCore::URL::init): Make sure we always enter 'parse' with a
null-terminated string.

1:51 PM Changeset in webkit [208752] by sbarati@apple.com

• 2 edits in trunk/JSTests

Debug JSC test timeout: stress/has-own-property-name-cache-symbols-and-strings.js.ftl-no-cjit-small-pool
​https://bugs.webkit.org/show_bug.cgi?id=163012

Unreviewed. This patch makes a test run for less time because it's timing out on the bots.

• stress/has-own-property-name-cache-symbols-and-strings.js:

1:48 PM Changeset in webkit [208751] by jiewen_tan@apple.com

• 2 edits in trunk/Source/WebCore

Followup patch for r208737

Reviewed by Yusuke Suzuki.

• bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::jsSubtleCryptoFunctionExportKeyPromise):

1:15 PM Changeset in webkit [208750] by fpizlo@apple.com

• 6 edits in trunk/Source

The concurrent GC should have a timeslicing controller
​https://bugs.webkit.org/show_bug.cgi?id=164783

Reviewed by Geoffrey Garen.
Source/JavaScriptCore:

This adds a simple control system for deciding when the collector should let the mutator run
and when it should stop the mutator. We definitely have to stop the mutator during certain
collector phases, but during marking - which takes the most time - we can go either way.
Normally we want to let the mutator run, but if the heap size starts to grow then we have to
stop the mutator just to make sure it doesn't get too far ahead of the collector. That could
lead to memory exhaustion, so it's better to just stop in that case.

The controller tries to never stop the mutator for longer than short timeslices. It slices on
a 2ms period (configurable via Options). The amount of that period that the collector spends
with the mutator stopped is determined by the fraction of the collector's concurrent headroom
that has been allocated over. The headroom is currently configured at 50% of what was
allocated before the collector started.

This moves a bunch of parameters into Options so that it's easier to play with different
configurations.

I tried these different values for the period:

1ms: 30% worse than 2ms on splay-latency.
2ms: best score on splay-latency: the tick time above the 99.5% percentile is <2ms.
3ms: 40% worse than 2ms on splay-latency.
4ms: 40% worse than 2ms on splay-latency.

I also tried 100% headroom as an alternate to 50% and found it to be a worse.

This patch is a 2x improvement on splay-latency with the default parameters and concurrent GC
enabled. Prior to this change, the GC didn't have a good bound on its pause times, which
would cause these problems. Concurrent GC is now 5.6x better on splay-latency than no
concurrent GC.

• heap/Heap.cpp:

(JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope):
(JSC::Heap::markToFixpoint):
(JSC::Heap::collectInThread):

• runtime/Options.h:

Source/WTF:

• wtf/LockAlgorithm.h: Added some comments.
• wtf/Seconds.h: Added support for modulo. It's necessary for timeslicing.

(WTF::Seconds::operator%):
(WTF::Seconds::operator%=):

1:11 PM Changeset in webkit [208749] by Yusuke Suzuki

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for CLoop after r208738
​https://bugs.webkit.org/show_bug.cgi?id=164727

• jsc.cpp:

(WTF::DOMJITFunctionObject::unsafeFunction):
(WTF::DOMJITFunctionObject::finishCreation):

1:06 PM Changeset in webkit [208748] by Simon Fraser

• 25 edits
  7 adds in trunk

[iOS WK2] Implement support for visual viewports
​https://bugs.webkit.org/show_bug.cgi?id=164765

Reviewed by Tim Horton.

Adopt the visual viewport scrolling model in iOS WK2.
Source/WebCore:

This is more complex than the Mac implementation for two primary reasons. First,
WKWebView needs to to able to control the rectangle used for fixed position layout
to get the correct behavior when zooming all the way out, and because iOS displays
pages scaled down, exposing document overflow such that the layout viewport rectangle
has to get larger than the initial containing block size (which does not happen on Mac).

This is achieved by pushing a "layoutViewportOverrideRect" down onto FrameView, in
a similar way to the customFixedPositionRect that's used now. We share that name
for now in code that is agnostic to its use (e.g. VisibleContentRectUpdateInfo).

I tried so hard to write tests, but ran into various problems (webkit.org/b/164762,
webkit.org/b/164764). Will add tests via webkit.org/b/164764.

• page/FrameView.cpp:

(WebCore::FrameView::fixedScrollableAreaBoundsInflatedForScrolling): layoutViewportOrigin()
was removed.
(WebCore::FrameView::setBaseLayoutViewportOrigin): Rename with "base" to make it clearer that
it can be overridden.
(WebCore::FrameView::setLayoutViewportOverrideRect):
(WebCore::FrameView::baseLayoutViewportSize): Renamed.
(WebCore::FrameView::updateLayoutViewport): Logging.
(WebCore::FrameView::layoutViewportRect):
(WebCore::FrameView::scrollPositionForFixedPosition):
(WebCore::FrameView::unscaledMaximumScrollPosition): During page transitions on iOS, it
was possible for unscaledDocumentRect to be empty, but visibleSize() to be non-empty, leading
to odd negative max scroll offsets, so clamp to 0,0.
(WebCore::FrameView::setLayoutViewportOrigin): Deleted.

• page/FrameView.h:
• page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::reconcileScrollingState): scrollPositionForFixedPosition() already does the
visualViewportEnabled() check.

• page/scrolling/mac/ScrollingTreeFixedNode.mm:

(WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):

• platform/graphics/FloatSize.cpp:

(WebCore::FloatSize::constrainedBetween): Added for consistency with the other geometry types.

• platform/graphics/FloatSize.h:
• platform/graphics/LayoutSize.cpp:

(WebCore::LayoutSize::constrainedBetween): Ditto.

• platform/graphics/LayoutSize.h:
• rendering/RenderView.cpp:

(WebCore::RenderView::clientLogicalWidthForFixedPosition): If we have an override layout viewport, its size might be different
from the RenderView's size (the initial containing block), so we need to use the layoutViewportRect here.
(WebCore::RenderView::clientLogicalHeightForFixedPosition):

Source/WebKit2:

Pass the parameters used for computing the layout viewport up to WK2 via RemoteLayerTreeTransaction.
These are stored on WebPageProxy. When they change, _didCommitLayerTree triggers a -_updateVisibleContentRects.

WebPageProxy::computeCustomFixedPositionRect() is the function that computes the "override" layout viewport.
It starts with the baseLayoutViewportSize from the web process (which is based on the initial containing block
size), then ensures that it's no smaller than the unobscured content rect, since it makes no sense for the
layout viewport to be smaller than the visual viewport. The static FrameView::computeLayoutViewportOrigin()
is then use to "push" the layout viewport around as the visual viewport changes.

• Shared/VisibleContentRectUpdateInfo.h:
• Shared/WebCoreArgumentCoders.cpp: Encode LayoutSize and LayoutPoint.

(IPC::ArgumentCoder<LayoutSize>::encode):
(IPC::ArgumentCoder<LayoutSize>::decode):
(IPC::ArgumentCoder<LayoutPoint>::encode):
(IPC::ArgumentCoder<LayoutPoint>::decode):

• Shared/WebCoreArgumentCoders.h:
• Shared/mac/RemoteLayerTreeTransaction.h:

(WebKit::RemoteLayerTreeTransaction::baseLayoutViewportSize):
(WebKit::RemoteLayerTreeTransaction::setBaseLayoutViewportSize):
(WebKit::RemoteLayerTreeTransaction::minStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::setMinStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::maxStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::setMaxStableLayoutViewportOrigin):

• Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::encode):
(WebKit::RemoteLayerTreeTransaction::decode):
(WebKit::RemoteLayerTreeTransaction::description):

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLayerTree:]):

• UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:

(WebKit::RemoteScrollingCoordinatorProxy::visualViewportEnabled): Accessor.

• UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::customFixedPositionRect):

• UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::customFixedPositionRect):

• UIProcess/ios/WKContentView.mm:

(-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:obscuredInset:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:enclosedInScrollableAncestorView:]):
(-[WKContentView _didCommitLayerTree:]):

• UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::computeCustomFixedPositionRect): When visual viewports are enabled, compute
the layout viewport rect, taking the baseLayoutViewportSize and the current unobscured rect into account.
(WebKit::WebPageProxy::updateLayoutViewportParameters):

• UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

• WebProcess/WebPage/WebPage.cpp: Encode in the transaction the layout viewport parameters (with minor refactor).

(WebKit::WebPage::willCommitLayerTree):

• WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::updateVisibleContentRects): This is where the web process receives the new override layout viewport
from the web process (with some logging).

LayoutTests:

These tests don't correctly test iOS WK2's async scrolling behavior (webkit.org/b/164779)
so rebaseline.

• platform/ios-simulator-wk2/fast/visual-viewport/nonzoomed-rects-expected.txt: Added.
• platform/ios-simulator-wk2/fast/visual-viewport/rtl-nonzoomed-rects-expected.txt: Added.
• platform/ios-simulator-wk2/fast/visual-viewport/rtl-zoomed-rects-expected.txt: Added.
• platform/ios-simulator-wk2/fast/visual-viewport/zoomed-fixed-expected.txt: Added.
• platform/ios-simulator-wk2/fast/visual-viewport/zoomed-fixed-scroll-down-then-up-expected.txt: Added.
• platform/ios-simulator-wk2/fast/visual-viewport/zoomed-rects-expected.txt: Added.

12:55 PM Changeset in webkit [208747] by mmaxfield@apple.com

• 13 edits in trunk/Source/WebCore

[WebGL] Remove unused Chromium-specific OpenGL extensions
​https://bugs.webkit.org/show_bug.cgi?id=164782

Reviewed by Dean Jackson.

No new tests because there is no behavior change.

• html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::copyBufferSubData):
(WebCore::WebGL2RenderingContext::clear):
(WebCore::WebGL2RenderingContext::getExtension):

• html/canvas/WebGLCompressedTextureS3TC.cpp:

(WebCore::WebGLCompressedTextureS3TC::supported):

• html/canvas/WebGLDepthTexture.cpp:

(WebCore::WebGLDepthTexture::supported):

• html/canvas/WebGLDrawBuffers.cpp:

(WebCore::WebGLDrawBuffers::satisfiesWebGLRequirements):

• html/canvas/WebGLFramebuffer.cpp:

(WebCore::WebGLFramebuffer::onAccess):

• html/canvas/WebGLFramebuffer.h:
• html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::getExtension):
(WebCore::WebGLRenderingContext::clear):

• html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::setupFlags):
(WebCore::WebGLRenderingContextBase::bufferData):
(WebCore::WebGLRenderingContextBase::bufferSubData):
(WebCore::WebGLRenderingContextBase::copyTexSubImage2D):
(WebCore::WebGLRenderingContextBase::validateDrawArrays):
(WebCore::WebGLRenderingContextBase::validateDrawElements):
(WebCore::WebGLRenderingContextBase::readPixels):
(WebCore::WebGLRenderingContextBase::texImage2DBase):
(WebCore::WebGLRenderingContextBase::copyTexImage2D):

• html/canvas/WebGLRenderingContextBase.h:

(WebCore::WebGLRenderingContextBase::isGLES2NPOTStrict):
(WebCore::WebGLRenderingContextBase::isErrorGeneratedOnOutOfBoundsAccesses): Deleted.
(WebCore::WebGLRenderingContextBase::isResourceSafe): Deleted.

• platform/graphics/GraphicsContext3D.cpp:

(WebCore::GraphicsContext3D::texImage2DResourceSafe):

• platform/graphics/GraphicsContext3D.h:
• platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::isResourceSafe): Deleted.

12:35 PM Changeset in webkit [208746] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: URL Breakpoints that resolve in multiple workers should only appear in the UI once
​https://bugs.webkit.org/show_bug.cgi?id=164334
<rdar://problem/29073523>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Matt Baker.

• UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype._addBreakpoint):
Don't add a duplicate BreakpointTreeElements for the same Breakpoint.

12:14 PM Changeset in webkit [208745] by Brent Fulgham

• 6 edits
  2 adds in trunk

Correct handling of changing input type
​https://bugs.webkit.org/show_bug.cgi?id=164759
<rdar://problem/29211174>

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/forms/search-cancel-button-change-input.html

It is possible for JavaScript to change the type property of an input field. WebKit
needs to gracefully handle this case.

Add a type traits specialization so we can properly downcast InputType elements.
Use this to only call search functions on actual search input types.

• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::onSearch): Only perform search functions if the
input type is actually a search field.

• html/InputType.h: Add type traits specialization for 'downcast' template.
• html/SearchInputType.h: Ditto.

LayoutTests:

• fast/forms/search-cancel-button-change-input-expected.txt: Added.
• fast/forms/search-cancel-button-change-input.html: Added.

12:12 PM Changeset in webkit [208744] by Alan Bujtas

• 4 edits in trunk/Source/WebCore

CounterNode::insertAfter and ::removeChild should take references.
​https://bugs.webkit.org/show_bug.cgi?id=164780

Reviewed by Simon Fraser.

No change in functionality.

• rendering/CounterNode.cpp:

(WebCore::CounterNode::insertAfter):
(WebCore::CounterNode::removeChild):

• rendering/CounterNode.h:
• rendering/RenderCounter.cpp:

(WebCore::makeCounterNode):
(WebCore::destroyCounterNodeWithoutMapRemoval):
(WebCore::updateCounters):

11:53 AM Changeset in webkit [208743] by Antti Koivisto

• 11 edits
  2 adds in trunk

slot doesn't work as a flex container
​https://bugs.webkit.org/show_bug.cgi?id=160740
<rdar://problem/28605080>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/css-scoping-slot-flex.html

The style adjustment for flex children needs to be based on their parent box style rather
than the composed tree parent. This can be different when display:contents is involved.

• css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::documentElementUserAgentStyle):

• css/StyleMedia.cpp:

(WebCore::StyleMedia::matchMedium):

• css/StyleResolver.cpp:

(WebCore::StyleResolver::StyleResolver):
(WebCore::StyleResolver::styleForElement):

Optionally provide parent box style so we can do adjustments based on it when computing style for rendering.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::equivalentBlockDisplay):

Avoid boolean parameters.

(WebCore::StyleResolver::adjustRenderStyle):

Do the display:contents adjustment first and treat 'content' like 'none' later'. We never want to override
'contents' with adjustments.
Use parent box style for flex/grid adjustments instead of the DOM parent style.

• css/StyleResolver.h:
• rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::computeStyleInRegion):

• style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):

Call with parent box style.

(WebCore::Style::TreeResolver::parentBoxStyle):

Find the parent box style if any.

• style/StyleTreeResolver.h:
• svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

LayoutTests:

• fast/shadow-dom/css-scoping-slot-flex-expected.html: Added.
• fast/shadow-dom/css-scoping-slot-flex.html: Added.
• fast/shadow-dom/slot-crash-expected.txt:

11:45 AM Changeset in webkit [208742] by commit-queue@webkit.org

• 25 edits in trunk/Source/WebCore

Misc Inspector backend cleanup
​https://bugs.webkit.org/show_bug.cgi?id=164768

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Brian Burg.

• inspector/DOMPatchSupport.cpp:
• inspector/InspectorApplicationCacheAgent.cpp:
• inspector/InspectorApplicationCacheAgent.h:
• inspector/InspectorCSSAgent.cpp:
• inspector/InspectorCSSAgent.h:
• inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

• inspector/InspectorDOMAgent.h:
• inspector/InspectorDOMDebuggerAgent.h:
• inspector/InspectorDOMStorageAgent.cpp:
• inspector/InspectorDOMStorageAgent.h:
• inspector/InspectorDatabaseAgent.cpp:
• inspector/InspectorDatabaseAgent.h:
• inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::frontendLoaded):

• inspector/InspectorIndexedDBAgent.cpp:

(WebCore::ClearObjectStoreListener::create): Deleted.
(WebCore::ClearObjectStoreListener::~ClearObjectStoreListener): Deleted.
(WebCore::ClearObjectStoreListener::ClearObjectStoreListener): Deleted.
(WebCore::ClearObjectStore::create): Deleted.
(WebCore::ClearObjectStore::ClearObjectStore): Deleted.

• inspector/InspectorLayerTreeAgent.cpp:
• inspector/InspectorLayerTreeAgent.h:
• inspector/InspectorNetworkAgent.h:
• inspector/InspectorPageAgent.cpp:
• inspector/InspectorPageAgent.h:
• inspector/InspectorReplayAgent.cpp:
• inspector/InspectorReplayAgent.h:
• inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::stopFromConsole):

• inspector/InspectorTimelineAgent.h:
• inspector/PageRuntimeAgent.h:

11:44 AM Changeset in webkit [208741] by mark.lam@apple.com

• 3 edits
  1 add in trunk

The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
​https://bugs.webkit.org/show_bug.cgi?id=164781
<rdar://problem/28418590>

Reviewed by Geoffrey Garen and Michael Saboff.

JSTests:

• stress/jsc-setImpureGetterDelegate-on-bad-type.js: Added.

Source/JavaScriptCore:

• jsc.cpp:

(functionSetImpureGetterDelegate):

11:42 AM Changeset in webkit [208740] by mmaxfield@apple.com

• 87 edits in trunk/Source/WebCore

[WebGL] Migrate construction functions from pointers to references
​https://bugs.webkit.org/show_bug.cgi?id=164749

Reviewed by Zalan Bujtas.

Mechanical find/replace.

No new tests because there is no behavior change.

• html/canvas/ANGLEInstancedArrays.cpp:

(WebCore::ANGLEInstancedArrays::ANGLEInstancedArrays):
(WebCore::ANGLEInstancedArrays::supported):
(WebCore::ANGLEInstancedArrays::drawArraysInstancedANGLE):
(WebCore::ANGLEInstancedArrays::drawElementsInstancedANGLE):
(WebCore::ANGLEInstancedArrays::vertexAttribDivisorANGLE):

• html/canvas/ANGLEInstancedArrays.h:
• html/canvas/EXTBlendMinMax.cpp:

(WebCore::EXTBlendMinMax::EXTBlendMinMax):

• html/canvas/EXTBlendMinMax.h:
• html/canvas/EXTFragDepth.cpp:

(WebCore::EXTFragDepth::EXTFragDepth):

• html/canvas/EXTFragDepth.h:
• html/canvas/EXTShaderTextureLOD.cpp:

(WebCore::EXTShaderTextureLOD::EXTShaderTextureLOD):

• html/canvas/EXTShaderTextureLOD.h:
• html/canvas/EXTTextureFilterAnisotropic.cpp:

(WebCore::EXTTextureFilterAnisotropic::EXTTextureFilterAnisotropic):

• html/canvas/EXTTextureFilterAnisotropic.h:
• html/canvas/EXTsRGB.cpp:

(WebCore::EXTsRGB::EXTsRGB):

• html/canvas/EXTsRGB.h:
• html/canvas/OESElementIndexUint.cpp:

(WebCore::OESElementIndexUint::OESElementIndexUint):

• html/canvas/OESElementIndexUint.h:
• html/canvas/OESStandardDerivatives.cpp:

(WebCore::OESStandardDerivatives::OESStandardDerivatives):

• html/canvas/OESStandardDerivatives.h:
• html/canvas/OESTextureFloat.cpp:

(WebCore::OESTextureFloat::OESTextureFloat):

• html/canvas/OESTextureFloat.h:
• html/canvas/OESTextureFloatLinear.cpp:

(WebCore::OESTextureFloatLinear::OESTextureFloatLinear):

• html/canvas/OESTextureFloatLinear.h:
• html/canvas/OESTextureHalfFloat.cpp:

(WebCore::OESTextureHalfFloat::OESTextureHalfFloat):

• html/canvas/OESTextureHalfFloat.h:
• html/canvas/OESTextureHalfFloatLinear.cpp:

(WebCore::OESTextureHalfFloatLinear::OESTextureHalfFloatLinear):

• html/canvas/OESTextureHalfFloatLinear.h:
• html/canvas/OESVertexArrayObject.cpp:

(WebCore::OESVertexArrayObject::OESVertexArrayObject):
(WebCore::OESVertexArrayObject::createVertexArrayOES):
(WebCore::OESVertexArrayObject::deleteVertexArrayOES):
(WebCore::OESVertexArrayObject::isVertexArrayOES):
(WebCore::OESVertexArrayObject::bindVertexArrayOES):

• html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::initializeVertexArrayObjects):
(WebCore::WebGL2RenderingContext::initializeShaderExtensions):
(WebCore::WebGL2RenderingContext::drawBuffers):
(WebCore::WebGL2RenderingContext::createVertexArray):
(WebCore::WebGL2RenderingContext::isVertexArray):
(WebCore::WebGL2RenderingContext::bindVertexArray):
(WebCore::WebGL2RenderingContext::getExtension):
(WebCore::WebGL2RenderingContext::getSupportedExtensions):

• html/canvas/WebGLBuffer.cpp:

(WebCore::WebGLBuffer::create):
(WebCore::WebGLBuffer::WebGLBuffer):

• html/canvas/WebGLBuffer.h:
• html/canvas/WebGLCompressedTextureATC.cpp:

(WebCore::WebGLCompressedTextureATC::WebGLCompressedTextureATC):
(WebCore::WebGLCompressedTextureATC::supported):

• html/canvas/WebGLCompressedTextureATC.h:
• html/canvas/WebGLCompressedTexturePVRTC.cpp:

(WebCore::WebGLCompressedTexturePVRTC::WebGLCompressedTexturePVRTC):
(WebCore::WebGLCompressedTexturePVRTC::supported):

• html/canvas/WebGLCompressedTexturePVRTC.h:
• html/canvas/WebGLCompressedTextureS3TC.cpp:

(WebCore::WebGLCompressedTextureS3TC::WebGLCompressedTextureS3TC):
(WebCore::WebGLCompressedTextureS3TC::supported):

• html/canvas/WebGLCompressedTextureS3TC.h:
• html/canvas/WebGLContextObject.cpp:

(WebCore::WebGLContextObject::WebGLContextObject):

• html/canvas/WebGLContextObject.h:
• html/canvas/WebGLDebugRendererInfo.cpp:

(WebCore::WebGLDebugRendererInfo::WebGLDebugRendererInfo):

• html/canvas/WebGLDebugRendererInfo.h:
• html/canvas/WebGLDebugShaders.cpp:

(WebCore::WebGLDebugShaders::WebGLDebugShaders):
(WebCore::WebGLDebugShaders::getTranslatedShaderSource):

• html/canvas/WebGLDebugShaders.h:
• html/canvas/WebGLDepthTexture.cpp:

(WebCore::WebGLDepthTexture::WebGLDepthTexture):
(WebCore::WebGLDepthTexture::supported):

• html/canvas/WebGLDepthTexture.h:
• html/canvas/WebGLDrawBuffers.cpp:

(WebCore::WebGLDrawBuffers::WebGLDrawBuffers):
(WebCore::WebGLDrawBuffers::supported):
(WebCore::WebGLDrawBuffers::drawBuffersWEBGL):
(WebCore::WebGLDrawBuffers::satisfiesWebGLRequirements):

• html/canvas/WebGLDrawBuffers.h:
• html/canvas/WebGLExtension.cpp:

(WebCore::WebGLExtension::WebGLExtension):

• html/canvas/WebGLExtension.h:

(WebCore::WebGLExtension::ref):
(WebCore::WebGLExtension::deref):
(WebCore::WebGLExtension::context):

• html/canvas/WebGLFramebuffer.cpp:

(WebCore::WebGLFramebuffer::create):
(WebCore::WebGLFramebuffer::WebGLFramebuffer):
(WebCore::WebGLFramebuffer::drawBuffersIfNecessary):

• html/canvas/WebGLFramebuffer.h:
• html/canvas/WebGLLoseContext.cpp:

(WebCore::WebGLLoseContext::WebGLLoseContext):
(WebCore::WebGLLoseContext::loseContext):
(WebCore::WebGLLoseContext::restoreContext):

• html/canvas/WebGLLoseContext.h:
• html/canvas/WebGLObject.cpp:

(WebCore::WebGLObject::WebGLObject):

• html/canvas/WebGLObject.h:
• html/canvas/WebGLProgram.cpp:

(WebCore::WebGLProgram::create):
(WebCore::WebGLProgram::WebGLProgram):

• html/canvas/WebGLProgram.h:
• html/canvas/WebGLQuery.cpp:

(WebCore::WebGLQuery::create):
(WebCore::WebGLQuery::WebGLQuery):

• html/canvas/WebGLQuery.h:
• html/canvas/WebGLRenderbuffer.cpp:

(WebCore::WebGLRenderbuffer::create):
(WebCore::WebGLRenderbuffer::WebGLRenderbuffer):

• html/canvas/WebGLRenderbuffer.h:
• html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::initializeVertexArrayObjects):
(WebCore::WebGLRenderingContext::getExtension):
(WebCore::WebGLRenderingContext::getSupportedExtensions):

• html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::create):
(WebCore::WebGLRenderingContextBase::setupFlags):
(WebCore::WebGLRenderingContextBase::checkObjectToBeBound):
(WebCore::WebGLRenderingContextBase::createBuffer):
(WebCore::WebGLRenderingContextBase::createFramebuffer):
(WebCore::WebGLRenderingContextBase::createTexture):
(WebCore::WebGLRenderingContextBase::createProgram):
(WebCore::WebGLRenderingContextBase::createRenderbuffer):
(WebCore::WebGLRenderingContextBase::createShader):
(WebCore::WebGLRenderingContextBase::deleteObject):
(WebCore::WebGLRenderingContextBase::validateWebGLObject):
(WebCore::WebGLRenderingContextBase::framebufferRenderbuffer):
(WebCore::WebGLRenderingContextBase::framebufferTexture2D):
(WebCore::WebGLRenderingContextBase::getUniform):
(WebCore::WebGLRenderingContextBase::readPixels):
(WebCore::WebGLRenderingContextBase::loseContextImpl):
(WebCore::WebGLRenderingContextBase::maybeRestoreContext):
(WebCore::WebGLRenderingContextBase::supportsDrawBuffers):

• html/canvas/WebGLSampler.cpp:

(WebCore::WebGLSampler::create):
(WebCore::WebGLSampler::WebGLSampler):

• html/canvas/WebGLSampler.h:
• html/canvas/WebGLShader.cpp:

(WebCore::WebGLShader::create):
(WebCore::WebGLShader::WebGLShader):

• html/canvas/WebGLShader.h:
• html/canvas/WebGLSharedObject.cpp:

(WebCore::WebGLSharedObject::WebGLSharedObject):

• html/canvas/WebGLSharedObject.h:
• html/canvas/WebGLSync.cpp:

(WebCore::WebGLSync::create):
(WebCore::WebGLSync::WebGLSync):

• html/canvas/WebGLSync.h:
• html/canvas/WebGLTexture.cpp:

(WebCore::WebGLTexture::create):
(WebCore::WebGLTexture::WebGLTexture):

• html/canvas/WebGLTexture.h:
• html/canvas/WebGLTransformFeedback.cpp:

(WebCore::WebGLTransformFeedback::create):
(WebCore::WebGLTransformFeedback::WebGLTransformFeedback):

• html/canvas/WebGLTransformFeedback.h:
• html/canvas/WebGLVertexArrayObject.cpp:

(WebCore::WebGLVertexArrayObject::create):
(WebCore::WebGLVertexArrayObject::WebGLVertexArrayObject):

• html/canvas/WebGLVertexArrayObject.h:
• html/canvas/WebGLVertexArrayObjectBase.cpp:

(WebCore::WebGLVertexArrayObjectBase::WebGLVertexArrayObjectBase):

• html/canvas/WebGLVertexArrayObjectBase.h:
• html/canvas/WebGLVertexArrayObjectOES.cpp:

(WebCore::WebGLVertexArrayObjectOES::create):
(WebCore::WebGLVertexArrayObjectOES::WebGLVertexArrayObjectOES):
(WebCore::WebGLVertexArrayObjectOES::deleteObjectImpl):

• html/canvas/WebGLVertexArrayObjectOES.h:
• platform/graphics/GraphicsContext3D.h:
• platform/graphics/gpu/Texture.cpp:

(WebCore::convertFormat):

• platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:

(WebCore::GraphicsContext3D::readPixelsAndConvertToBGRAIfNecessary):
(WebCore::GraphicsContext3D::reshapeFBOs):
(WebCore::GraphicsContext3D::getIntegerv):
(WebCore::GraphicsContext3D::getExtensions):

• platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::validateDepthStencil):
(WebCore::GraphicsContext3D::drawArraysInstanced):
(WebCore::GraphicsContext3D::drawElementsInstanced):
(WebCore::GraphicsContext3D::vertexAttribDivisor):

11:31 AM Changeset in webkit [208739] by jdiggs@igalia.com

• 5 edits
  2 adds in trunk

AX: Need to update implicit/default values for aria-valuemin, aria-valuenow, and aria-valuemax
​https://bugs.webkit.org/show_bug.cgi?id=164773

Reviewed by Chris Fleizach.

Source/WebCore:

Return the values stated in the ARIA 1.1 spec, namely:

• aria-valuemin is 0 for roles other than spinbutton
• aria-valuemax is 100 for roles other than spinbutton
• aria-valuenow is half way between aria-valuemax and aria-valuemin for roles other than spinbutton, and 0 for spinbutton

For spinbutton, the spec states that "there is no minimum/maximum value."
But at least in the case of ATK/AT-SPI2, the accessible value interface
is expected to provide a number. Therefore, expose the values we use to
constrain input type="number": -std::numeric_limits<float>::max() and
std::numeric_limits<float>::max().

Test: accessibility/spinbutton-implicit-values.html

• accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::valueForRange):
(WebCore::AccessibilityNodeObject::maxValueForRange):
(WebCore::AccessibilityNodeObject::minValueForRange):

LayoutTests:

• accessibility/progressbar-expected.txt: Updated to reflect new behavior.
• accessibility/progressbar.html: Updated to reflect new behavior.
• accessibility/spinbutton-implicit-values-expected.txt: Added.
• accessibility/spinbutton-implicit-values.html: Added.

11:21 AM Changeset in webkit [208738] by Yusuke Suzuki

• 4 edits
  1 add in trunk

[DOMJIT] Allow using macro assembler scratches in FTL CheckDOM
​https://bugs.webkit.org/show_bug.cgi?id=164727

Reviewed by Filip Pizlo.

JSTests:

• stress/check-dom-with-signature.js: Added.

(shouldBe):
(calling):
(i.array.forEach):

Source/JavaScriptCore:

While CallDOMGetter can use macro assembler scratch registers, we previiously
assumed that CheckDOM code generator does not use macro assembler scratch registers.
It is currently true in x86 environment. But it is not true in the other environments.

We should not limit DOMJIT::Patchpoint's functionality in such a way. We should allow
arbitrary macro assembler operations inside the DOMJIT::Patchpoint. This patch allows
CheckDOM to use macro assembler scratch registers.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckDOM):

• jsc.cpp:

(WTF::DOMJITFunctionObject::DOMJITFunctionObject):
(WTF::DOMJITFunctionObject::createStructure):
(WTF::DOMJITFunctionObject::create):
(WTF::DOMJITFunctionObject::unsafeFunction):
(WTF::DOMJITFunctionObject::safeFunction):
(WTF::DOMJITFunctionObject::checkDOMJITNode):
(WTF::DOMJITFunctionObject::finishCreation):
(GlobalObject::finishCreation):
(functionCreateDOMJITFunctionObject):

11:08 AM Changeset in webkit [208737] by jiewen_tan@apple.com

• 26 edits
  2 moves
  73 adds in trunk

Update SubtleCrypto::exportKey to match the latest spec
​https://bugs.webkit.org/show_bug.cgi?id=164722
<rdar://problem/29251740>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

• WebCryptoAPI/idlharness-expected.txt:

Source/WebCore:

This patch does following few things:

1. It updates the SubtleCrypto::exportKey method to match the latest spec: ​https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-exportKey. It also refers to the latest Editor's Draft to a certain degree: ​https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-exportKey.
2. It implements exportKey operations of the following algorithms: AES-CBC, AES-KW, HMAC, RSAES-PKCS1-V1_5, RSASSA-PKCS1-V1_5, and RSA-OAEP.
3. It also fixes the following bugs: ​https://bugs.webkit.org/show_bug.cgi?id=156114, <rdar://problem/21773066>.

Note: We currently only support Raw and Jwk key format.

Tests: crypto/subtle/aes-cbc-generate-export-key-jwk-length-128.html

crypto/subtle/aes-cbc-generate-export-key-jwk-length-192.html
crypto/subtle/aes-cbc-generate-export-key-jwk-length-256.html
crypto/subtle/aes-cbc-generate-export-key-raw.html
crypto/subtle/aes-export-key-malformed-parameters.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-128.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-192.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-256.html
crypto/subtle/aes-kw-generate-export-raw-key.html
crypto/subtle/export-key-malformed-parameters.html
crypto/subtle/hmac-export-key-malformed-parameters.html
crypto/subtle/hmac-generate-export-key-jwk-sha1.html
crypto/subtle/hmac-generate-export-key-jwk-sha224.html
crypto/subtle/hmac-generate-export-key-jwk-sha256.html
crypto/subtle/hmac-generate-export-key-jwk-sha384.html
crypto/subtle/hmac-generate-export-key-jwk-sha512.html
crypto/subtle/hmac-generate-export-raw-key.html
crypto/subtle/hmac-import-key-malformed-parameters.html
crypto/subtle/rsa-export-key-malformed-parameters.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512.html
crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512.html
crypto/workers/subtle/aes-generate-export-key-jwk.html
crypto/workers/subtle/aes-generate-export-key-raw.html
crypto/workers/subtle/hmac-generate-export-key-jwk.html
crypto/workers/subtle/hmac-generate-export-key-raw.html
crypto/workers/subtle/rsa-generate-export-key-jwk.html

• bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::toJSValueFromJsonWebKey):
(WebCore::jsSubtleCryptoFunctionExportKeyPromise):
(WebCore::JSSubtleCrypto::exportKey):

• crypto/CryptoAlgorithm.cpp:

(WebCore::CryptoAlgorithm::exportKey):

• crypto/CryptoAlgorithm.h:
• crypto/SubtleCrypto.idl:
• crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:

(WebCore::CryptoAlgorithmAES_CBC::importKey):
(WebCore::CryptoAlgorithmAES_CBC::exportKey):

• crypto/algorithms/CryptoAlgorithmAES_CBC.h:
• crypto/algorithms/CryptoAlgorithmAES_KW.cpp:

(WebCore::CryptoAlgorithmAES_KW::importKey):
(WebCore::CryptoAlgorithmAES_KW::exportKey):

• crypto/algorithms/CryptoAlgorithmAES_KW.h:
• crypto/algorithms/CryptoAlgorithmHMAC.cpp:

(WebCore::CryptoAlgorithmHMAC::importKey):
(WebCore::CryptoAlgorithmHMAC::exportKey):

• crypto/algorithms/CryptoAlgorithmHMAC.h:
• crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:

(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey):
(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::exportKey):

• crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:

(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::exportKey):

• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
• crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:

(WebCore::CryptoAlgorithmRSA_OAEP::importKey):
(WebCore::CryptoAlgorithmRSA_OAEP::exportKey):

• crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
• crypto/keys/CryptoKeyAES.cpp:

(WebCore::CryptoKeyAES::exportJwk):

• crypto/keys/CryptoKeyAES.h:
• crypto/keys/CryptoKeyHMAC.cpp:

(WebCore::CryptoKeyHMAC::exportJwk):

• crypto/keys/CryptoKeyHMAC.h:
• crypto/keys/CryptoKeyRSA.cpp:

(WebCore::CryptoKeyRSA::exportJwk):

• crypto/keys/CryptoKeyRSA.h:

LayoutTests:

Besides adding test cases for SubtleCrypto::exportKey, this patch also corrects a typo:
hmac-import-malformed-parameters* => hmac-import-key-malformed-parameters*.

• crypto/subtle/aes-cbc-generate-export-key-jwk-length-128-expected.txt: Added.
• crypto/subtle/aes-cbc-generate-export-key-jwk-length-128.html: Added.
• crypto/subtle/aes-cbc-generate-export-key-jwk-length-192-expected.txt: Added.
• crypto/subtle/aes-cbc-generate-export-key-jwk-length-192.html: Added.
• crypto/subtle/aes-cbc-generate-export-key-jwk-length-256-expected.txt: Added.
• crypto/subtle/aes-cbc-generate-export-key-jwk-length-256.html: Added.
• crypto/subtle/aes-cbc-generate-export-key-raw-expected.txt: Added.
• crypto/subtle/aes-cbc-generate-export-key-raw.html: Added.
• crypto/subtle/aes-export-key-malformed-parameters-expected.txt: Added.
• crypto/subtle/aes-export-key-malformed-parameters.html: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-128-expected.txt: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-128.html: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-192-expected.txt: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-192.html: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-256-expected.txt: Added.
• crypto/subtle/aes-kw-generate-export-key-jwk-length-256.html: Added.
• crypto/subtle/aes-kw-generate-export-raw-key-expected.txt: Added.
• crypto/subtle/aes-kw-generate-export-raw-key.html: Added.
• crypto/subtle/export-key-malformed-parameters-expected.txt: Added.
• crypto/subtle/export-key-malformed-parameters.html: Added.
• crypto/subtle/hmac-export-key-malformed-parameters-expected.txt: Added.
• crypto/subtle/hmac-export-key-malformed-parameters.html: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha1-expected.txt: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha1.html: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha224-expected.txt: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha224.html: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha256-expected.txt: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha256.html: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha384-expected.txt: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha384.html: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha512-expected.txt: Added.
• crypto/subtle/hmac-generate-export-key-jwk-sha512.html: Added.
• crypto/subtle/hmac-generate-export-raw-key-expected.txt: Added.
• crypto/subtle/hmac-generate-export-raw-key.html: Added.
• crypto/subtle/hmac-import-key-malformed-parameters-expected.txt: Renamed from LayoutTests/crypto/subtle/hmac-import-malformed-parameters-expected.txt.
• crypto/subtle/hmac-import-key-malformed-parameters.html: Renamed from LayoutTests/crypto/subtle/hmac-import-malformed-parameters.html.
• crypto/subtle/rsa-export-key-malformed-parameters-expected.txt: Added.
• crypto/subtle/rsa-export-key-malformed-parameters.html: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1-expected.txt: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1.html: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224-expected.txt: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224.html: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256-expected.txt: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256.html: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384-expected.txt: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384.html: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512-expected.txt: Added.
• crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512.html: Added.
• crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk-expected.txt: Added.
• crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk.html: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1-expected.txt: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1.html: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224-expected.txt: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224.html: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256-expected.txt: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256.html: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384-expected.txt: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384.html: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512-expected.txt: Added.
• crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512.html: Added.
• crypto/workers/subtle/aes-generate-export-key-jwk-expected.txt: Added.
• crypto/workers/subtle/aes-generate-export-key-jwk.html: Added.
• crypto/workers/subtle/aes-generate-export-key-raw-expected.txt: Added.
• crypto/workers/subtle/aes-generate-export-key-raw.html: Added.
• crypto/workers/subtle/hmac-generate-export-key-jwk-expected.txt: Added.
• crypto/workers/subtle/hmac-generate-export-key-jwk.html: Added.
• crypto/workers/subtle/hmac-generate-export-key-raw-expected.txt: Added.
• crypto/workers/subtle/hmac-generate-export-key-raw.html: Added.
• crypto/workers/subtle/resources/aes-generate-export-key-jwk.js: Added.
• crypto/workers/subtle/resources/aes-generate-export-key-raw.js: Added.
• crypto/workers/subtle/resources/hmac-generate-export-key-jwk.js: Added.
• crypto/workers/subtle/resources/hmac-generate-export-key-raw.js: Added.
• crypto/workers/subtle/resources/rsa-generate-export-key-jwk.js: Added.
• crypto/workers/subtle/rsa-generate-export-key-jwk-expected.txt: Added.
• crypto/workers/subtle/rsa-generate-export-key-jwk.html: Added.

11:04 AM Changeset in webkit [208736] by ggaren@apple.com

• 5 edits in trunk/Source/JavaScriptCore

CodeCache should stop pretending to cache builtins
​https://bugs.webkit.org/show_bug.cgi?id=164750

Reviewed by Saam Barati.

We were passing JSParserBuiltinMode to all CodeCache functions, but the
passed-in value was always NotBuiltin.

Let's stop passing it.

• parser/SourceCodeKey.h:

(JSC::SourceCodeFlags::SourceCodeFlags):
(JSC::SourceCodeKey::SourceCodeKey):

• runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock):
(JSC::CodeCache::getUnlinkedProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock):
(JSC::CodeCache::getUnlinkedModuleProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):

• runtime/CodeCache.h:

(JSC::generateUnlinkedCodeBlock):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createLocalEvalCodeBlock):
(JSC::JSGlobalObject::createGlobalEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):

10:19 AM Changeset in webkit [208735] by jonlee@apple.com

• 10 edits in trunk

Remove HasMediaCaptureDevice
​https://bugs.webkit.org/show_bug.cgi?id=164767
<rdar://problem/29263696>

Reviewed by Eric Carlson.

Source/WebCore:

• Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::mediaState): Remove HasMediaCaptureDevice in state.

• page/MediaProducer.h:
• testing/Internals.cpp:

(WebCore::Internals::pageMediaState): Remove it in the media string.

Source/WebKit2:

• UIProcess/API/C/WKPage.cpp: Remove kWKMediaHasCaptureDevice.

(WKPageGetMediaState):

• UIProcess/API/C/WKPagePrivate.h:

LayoutTests:

• fast/mediastream/MediaStream-page-muted-expected.txt: Remove check for HasMediaCaptureDevice.
• fast/mediastream/MediaStream-page-muted.html:

9:32 AM Changeset in webkit [208734] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

REGRESSION (r208711-r208722): ASSERTION FAILED: hasInlineStorage()
​https://bugs.webkit.org/show_bug.cgi?id=164775

Reviewed by Mark Lam and Keith Miller.

We were calling inlineStorage() which asserts that inline storage is not empty. But we
were calling it in a context where it could be empty and that's fine. So, we now call
inlineStorageUnsafe().

• runtime/JSObject.h:

(JSC::JSFinalObject::JSFinalObject):

8:57 AM Changeset in webkit [208733] by hyatt@apple.com

• 9 edits in trunk

[CSS Parser] Fix font-synthesis and text-decoration-skip parsing
​https://bugs.webkit.org/show_bug.cgi?id=164736

Reviewed by Dean Jackson.

Source/WebCore:

Fix the properties to not allow duplicate values, to reject when
garbage values are included, to require that none be a singleton,
and to preserve the declaration order of the properties.

• css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertTextDecorationSkip):

• css/parser/CSSParser.cpp:

(WebCore::CSSParser::parseFontSynthesis):
(WebCore::CSSParser::parseTextDecorationSkip):

• css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontSynthesis):
(WebCore::consumeTextDecorationSkip):
(WebCore::CSSPropertyParser::parseSingleValue):

LayoutTests:

• fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-roundtrip-expected.txt:
• fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-roundtrip.html:
• fast/css3-text/font-synthesis-parse-expected.txt:
• fast/css3-text/font-synthesis-parse.html:

8:40 AM Changeset in webkit [208732] by dbates@webkit.org

• 32 edits
  1 move
  3 adds
  1 delete in trunk

Disallow loads using HTTP 0.9 at the ResourceHandle/NetworkDataTask level
​https://bugs.webkit.org/show_bug.cgi?id=164662
<rdar://problem/29268514>

Source/WebCore:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Currently we disallow non-default HTTP 0.9 loads at the ResourceLoader level and disallow
subresource loads using HTTP 0.9 on a default port when the embedding page loads using a
different HTTP version. However loads can still be initiated from other loaders (e.g. FrameLoader)
with regards to the first issue. The latter issue does not afford much protection and
increases code complexity. Instead we should simplify our policy and move our code to the
lowest networking abstraction level, ResourceHandle/NetworkDataTask, so that we disallow
all non-default port loads using HTTP 0.9 regardless of the loader used.

Tests: http/tests/security/http-0.9/image-default-port-allowed.html

http/tests/security/http-0.9/xhr-blocked.html

• loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::responseReceived): Remove logic to cancel an HTTP 0.9 load from here.
We will cancel the HTTP 0.9 load at the ResourceHandle/NetworkDataTask level.

• loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveResponse): Ditto.

• platform/URL.h: Export stringCenterEllipsizedToLength() so that we can use it in WebKit2.
• platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::notifyResponseOnSuccess): Modified to call ResourceHandle::didReceiveResponse().
(WebCore::BlobResourceHandle::notifyResponseOnError): Ditto.

• platform/network/ResourceHandle.cpp:

(WebCore::ResourceHandle::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Perform any
additional platform-specific logic after notifying the resource handle client of the received
response. Only the libsoup backend overwrites this member function to do something meaningful.

• platform/network/ResourceHandle.h:
• platform/network/ResourceResponseBase.h:
• platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:

(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse): Modified to
call ResourceHandle::didReceiveResponse().

• platform/network/mac/WebCoreResourceHandleAsDelegate.mm:

(-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]): Ditto.

• platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:

(-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]): Ditto.

• platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::nextMultipartResponsePartCallback): Ditto.
(WebCore::sendRequestCallback): Ditto.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Turns around and
calls continueAfterDidReceiveResponse().

Source/WebKit2:

Reviewed by Alex Christensen and Brady Eidson.

Make changes to NetworkDataTask similar to the changes made to ResourceHandle so as to
disallow non-default port HTTP 0.9 loads when using the ENABLE(NETWORK_SESSION) networking
code path in WebKit2.

• NetworkProcess/NetworkDataTask.cpp:

(WebKit::NetworkDataTask::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.

• NetworkProcess/NetworkDataTask.h:
• NetworkProcess/NetworkDataTaskBlob.cpp:

(WebKit::NetworkDataTaskBlob::resume): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskBlob::getSizeForNext): Ditto.
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse): Renamed from didReceiveResponse().

• NetworkProcess/NetworkDataTaskBlob.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::didReceiveResponse): Deleted.

• NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::didSendRequest): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskSoup::dispatchDidReceiveResponse): Renamed from didReceiveResponse(). Also
remove the local variable response and inline its value into the call to ResourceHandle::didReceiveResponse()
as this variable is used exactly once in this function and its name does not describe its purpose any more
than its value.
(WebKit::NetworkDataTaskSoup::didRequestNextPart): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.

• NetworkProcess/soup/NetworkDataTaskSoup.h:

LayoutTests:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Add a test to ensure that we block a synchronous XHR load using HTTP 0.9.
Renamed test image-default-port-blocked.html to image-default-port-allowed.html
as we now allow a subresource load using HTTP 0.9 on a default port regardless
of the HTTP version the embedding page used.

Update test expectations as DRT/WTR do not emit a localized description for the
error associated with a load failure. Note that a message is emitted to
Web Inspector console.

• http/tests/security/http-0.9/iframe-blocked-expected.txt:
• http/tests/security/http-0.9/iframe-blocked.html: Dump frame load callbacks

to see that load was cancelled as there is no other unique visible indication
of success.

• http/tests/security/http-0.9/image-blocked-expected.txt: Update expected result.
• http/tests/security/http-0.9/image-default-port-allowed-expected.txt: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked-expected.txt.
• http/tests/security/http-0.9/image-default-port-allowed.html: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked.html.
• http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Update expected result.
• http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html: Ditto.
• http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt: Ditto.
• http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Ditto.
• http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Ditto.
• http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Ditto.
• http/tests/security/http-0.9/xhr-blocked-expected.txt: Added.
• http/tests/security/http-0.9/xhr-blocked.html: Added.
• platform/wk2/TestExpectations: Skip the HTTP-0.9 tests in WebKit2 that use internals.registerDefaultPortForProtocol().

The function internals.registerDefaultPortForProtocol only updates the default-port-to-protocol map in the WebContent
process. However network loads in WebKit2 occur in the NetworkProcess. Further investigation is needed to determine
the best way to support testing with default ports. Ideally, we would run an HTTP server on port 80 for testing and
remove the need for internals.registerDefaultPortForProtocol().

8:02 AM Changeset in webkit [208731] by Alan Bujtas

• 6 edits
  2 adds in trunk

[MultiCol] Render tree should be all clean by the end of FrameView::layout().
​https://bugs.webkit.org/show_bug.cgi?id=162833

Reviewed by Simon Fraser.

Source/WebCore:

This is a temporary workaround until after we addressed render tree mutation during layout (webkit.org/b/163849).

Test: fast/inline/out-of-flow-quotation-text-with-multicolumn.html

• page/FrameView.cpp:

(WebCore::FrameView::layout):

• rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::RenderMultiColumnFlowThread::populate):
(WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):

• rendering/RenderQuote.cpp:

(WebCore::RenderQuote::attachQuote): Populating/evacuating the flow should not trigger quotation text changes.
(WebCore::RenderQuote::detachQuote):

• rendering/RenderView.h:

(WebCore::RenderTreeInternalMutationScope::RenderTreeInternalMutationScope):
(WebCore::RenderTreeInternalMutationScope::~RenderTreeInternalMutationScope):

LayoutTests:

This patch actually fixes the renderering of the closing quotation mark. Currently, it is
not rendered at all.

• fast/inline/out-of-flow-quotation-text-with-multicolumn-expected.html: Added.
• fast/inline/out-of-flow-quotation-text-with-multicolumn.html: Added.

4:27 AM Changeset in webkit [208730] by eric.carlson@apple.com

• 4 edits in trunk/Source

REGRESSION (r208606?): LayoutTest fast/mediastream/enumerating-crash.html is a flaky crash
​https://bugs.webkit.org/show_bug.cgi?id=164715

Reviewed by Jon Lee.

No new tests, fixes a crash in an existing test.

• Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::document): Return nullptr when the script execution context has

been cleared.

• Modules/mediastream/UserMediaRequest.h:

(WebCore::UserMediaRequest::document): Deleted.

4:13 AM Changeset in webkit [208729] by commit-queue@webkit.org

• 7 edits in trunk

WebRTC: update MediaStream-MediaElement-srcObject.html test and unskip it
​https://bugs.webkit.org/show_bug.cgi?id=159343

Patch by Alejandro G. Castro <​alex@igalia.com> on 2016-11-15
Reviewed by Philippe Normand.

Source/WebCore:

Test updated.

We can not initialize the srcObject attribute when creating the mediaplayer
or we would be removing the srcObject we are going to use.

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::createMediaPlayer):

LayoutTests:

Update the test to use the getUserMedia API and unskip it.

• fast/mediastream/MediaStream-MediaElement-srcObject-expected.txt:

Update the result of using the getUserMedia API.

• fast/mediastream/MediaStream-MediaElement-srcObject.html: Use

the getUserMedia API from the helper.

• platform/gtk/TestExpectations: Unskip the test.
• platform/mac/TestExpectations: Unskip the test.