Timeline



May 28, 2017:

10:30 PM Changeset in webkit [217531] by mitz@apple.com
  • 39 edits in trunk/Source

[Xcode] ALWAYS_SEARCH_USER_PATHS is set to YES
https://bugs.webkit.org/show_bug.cgi?id=172691

Reviewed by Tim Horton.

  • Configurations/Base.xcconfig: Set ALWAYS_SEARCH_USER_PATHS to NO.

Source/JavaScriptCore:

Source/WebCore:

  • WebCore.xcodeproj/project.pbxproj: Added DateTimeChooser.h, DateTimeChooserClient.h, PerformanceMark.h, PerformanceMeasure.h, SVGUnknownElement.h, and MathMLUnknownElement.h to the WebCore target.

Source/WebKit2:

  • UIProcess/API/C/WKAPICast.h: Moved GTK-only definitions that used WebGrammarDetail.h to WKAPICastGtk.h. This had the effect of no longer including APIArray.h from this header.
  • UIProcess/API/C/gtk/WKAPICastGtk.h: Moved GTK-only definitions to here.

(WebKit::toAPI):

  • UIProcess/WebGrammarDetail.h: Replaced include of APIArray.h with a forward declaration.
  • Shared/API/c/WKRenderLayer.cpp:
  • Shared/API/c/WKRenderObject.cpp:
  • UIProcess/API/C/WKApplicationCacheManager.cpp:
  • UIProcess/API/C/WKContext.cpp:
  • UIProcess/API/C/WKContextConfigurationRef.cpp:
  • UIProcess/API/C/WKCookieManager.cpp:
  • UIProcess/API/C/WKKeyValueStorageManager.cpp:
  • UIProcess/API/C/WKNotificationManager.cpp:
  • UIProcess/API/C/WKOpenPanelResultListener.cpp:
  • UIProcess/API/C/WKPageGroup.cpp:
  • UIProcess/API/C/WKResourceCacheManager.cpp:
  • UIProcess/API/C/WKUserContentControllerRef.cpp:
  • UIProcess/API/gtk/WebKitBackForwardList.cpp:
  • UIProcess/WebContextMenuListenerProxy.cpp:

Added #include "APIArray.h" to these files now that WKAPICast.h does not include it.

10:09 PM Changeset in webkit [217530] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Provide better type information of toLength and tighten bytecode
https://bugs.webkit.org/show_bug.cgi?id=172690

Reviewed by Sam Weinig.

In this patch, we carefully leverage operator + in order to

  1. tighten bytecode

operator+ emits to_number bytecode. What this bytecode does is the same
to @Number() call. It is more efficient, and it is smaller bytecode
than @Number() call (load global variable @Number, set up arguments, and
call it).

  1. offer better type prediction data

Now, we have code like

length > 0 ? (length < @MAX_SAFE_INTEGER ? length : @MAX_SAFE_INTEGER) : 0

This is not good because DFG prediction propagation phase predicts as Double
since @MAX_SAFE_INTEGER is double. But actually it rarely becomes Double.
Usually, the result becomes Int32. This patch leverages to_number in a bit
interesting way: to_number has value profiling to offer better type prediction.
This value profiling can offer a chance to change the prediction to Int32 efficiently.
It is a bit tricky. But it is worth doing to speed up our builtin functions,
which should leverage all the JSC's tricky things to be optimized.

Related microbenchmarks show performance improvement.

baseline patched

array-prototype-forEach 50.2348+-2.2331 49.7568+-2.3507
array-prototype-map 51.0574+-1.8166 47.9531+-2.1653 might be 1.0647x faster
array-prototype-some 52.3926+-1.8882 48.3632+-2.0852 definitely 1.0833x faster
array-prototype-every 52.7394+-2.0712 50.2896+-2.1480 might be 1.0487x faster
array-prototype-reduce 54.9994+-2.3638 51.8716+-2.6253 might be 1.0603x faster
array-prototype-reduceRight 209.7594+-9.2594 51.5867+-2.5745 definitely 4.0662x faster

  • builtins/GlobalOperations.js:

(globalPrivate.toInteger):
(globalPrivate.toLength):

6:30 PM Changeset in webkit [217529] by commit-queue@webkit.org
  • 7 edits
    2 adds in trunk

[WebIDL] @@iterator should only be accessed once when disambiguating a union type
https://bugs.webkit.org/show_bug.cgi?id=172684

Patch by Sam Weinig <sam@webkit.org> on 2017-05-28
Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

  • runtime/IteratorOperations.cpp:

(JSC::iteratorMethod):
(JSC::iteratorForIterable):

  • runtime/IteratorOperations.h:

(JSC::forEachInIterable):
Add additional iterator helpers to allow union + sequence conversion code
to check for iterability by getting the iterator method, and iterate using
that method later on.

Source/WebCore:

WebIDL specifies that when determining if the value you are converting to a union
is a sequence, you must get the @@iterator property and, should it exist, use it
to iterate the sequence. While we correctly accessing the property to make the
determination, we were not passing it into the sequence conversion code, and thus
the sequence conversion code re-accessed it, which is observable and wrong.

This patch pipes the @@iterator method through the sequence conversion code to avoid
this.

Test: js/dom/sequence-in-union-iterator-access.html

  • bindings/js/JSDOMConvertSequences.h:

(WebCore::Detail::GenericSequenceConverter::convert):
(WebCore::Detail::NumericSequenceConverter::convertArray):
(WebCore::Detail::NumericSequenceConverter::convert):
(WebCore::Detail::SequenceConverter::convertArray):
(WebCore::Detail::SequenceConverter::convert):
(WebCore::Detail::SequenceConverter<IDLLong>::convert):
(WebCore::Detail::SequenceConverter<IDLFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLDouble>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedDouble>::convert):
(WebCore::Converter<IDLSequence<T>>::convert):
(WebCore::Converter<IDLFrozenArray<T>>::convert):
Add variants of convert that take a JSObject* (sequence) / JSValue (iterator method)
rather than just the JSValue (sequence). To avoid too much duplication, split some
parts of SequenceConverter and NumericSequenceConverter up so they could be reused.

  • bindings/js/JSDOMConvertUnion.h:
  • Fix incorrect step 3 (WebIDL got updated at some point and we didn't notice) to remove records.
  • Update sequence and FrozenArray checking/conversion to get the iterator method and pass it along, using the new ConditionalSequenceConverter helper which forwards to the new sequence converters that accept the iterator method.

LayoutTests:

  • js/dom/sequence-in-union-iterator-access-expected.txt: Added.
  • js/dom/sequence-in-union-iterator-access.html: Added.

Add test case showing that @@iterator is only accessed once when converting a sequence
as part of a union.

7:11 AM Changeset in webkit [217528] by Yusuke Suzuki
  • 2 edits in trunk/Source/WTF

[JSC][Linux][FreeBSD] Use faster Interpreter::getOpcodeID()
https://bugs.webkit.org/show_bug.cgi?id=172686

Reviewed by Mark Lam.

As of r217526, JSC gets faster Interpreter::getOpcodeID() by
embedding OpcodeID value just before the LLInt machine code
handler pointer. By doing so, we can retrieve OpcodeID from
the LLInt machine code handler by dereferencing the code
pointer. *((int*)ptr - 1).

This patch allows Linux and FreeBSD environments to use this
optimization.

  • wtf/Platform.h:
4:33 AM Changeset in webkit [217527] by Yusuke Suzuki
  • 5 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for Windows
https://bugs.webkit.org/show_bug.cgi?id=172413

Optimized jsDynamicCast for JSMap and JSSet will be handled in [1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=172685

  • runtime/JSMap.h:

(JSC::isJSMap):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.

  • runtime/JSSet.h:

(JSC::isJSSet):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/SetConstructor.cpp:

(JSC::constructSet):

1:12 AM Changeset in webkit [217526] by mark.lam@apple.com
  • 9 edits in trunk/Source

Implement a faster Interpreter::getOpcodeID().
https://bugs.webkit.org/show_bug.cgi?id=172669

Reviewed by Saam Barati.

Source/JavaScriptCore:

We can implement Interpreter::getOpcodeID() without a hash table lookup by always
embedding the OpcodeID in the 32-bit word just before the start of the LLInt
handler code that executes each opcode. getOpcodeID() can therefore just read
the 32-bits before the opcode address to get its OpcodeID.

This is currently only enabled for CPU(X86), CPU(X86_64), CPU(ARM64),
CPU(ARM_THUMB2), and only for OS(DARWIN). It'll probably just work for linux as
well, but I'll let the Linux folks turn that on after they have verified that it
works on linux too.

I'll also take this opportunity to clean up how we initialize the opcodeIDTable:

  1. we only need to initialize it once per process, not once per VM / interpreter instance.
  2. we can initialize it in the Interpreter constructor instead of requiring a separate call to an initialize() function.

On debug builds, the Interpreter constructor will also verify that getOpcodeID()
is working correctly for each opcode when USE(LLINT_EMBEDDED_OPCODE_ID).

  • bytecode/BytecodeList.json:
  • generate-bytecode-files:
  • interpreter/Interpreter.cpp:

(JSC::Interpreter::Interpreter):
(JSC::Interpreter::opcodeIDTable):
(JSC::Interpreter::initialize): Deleted.

  • interpreter/Interpreter.h:

(JSC::Interpreter::getOpcode):
(JSC::Interpreter::getOpcodeID):

  • llint/LowLevelInterpreter.cpp:
  • runtime/VM.cpp:

(JSC::VM::VM):

Source/WTF:

Added the USE(LLINT_EMBEDDED_OPCODE_ID) configuration.

  • wtf/Platform.h:

May 27, 2017:

4:21 PM Changeset in webkit [217525] by Yusuke Suzuki
  • 18 edits
    1 move
    10 adds
    1 delete in trunk

[JSC] Map and Set constructors should have fast path for cloning
https://bugs.webkit.org/show_bug.cgi?id=172413

Reviewed by Saam Barati.

JSTests:

  • stress/map-clone-instance-iterator-change.js: Added.

(shouldBe):
(map.Symbol.iterator):

  • stress/map-clone-iterator-change.js: Added.

(shouldBe):
(Map.prototype.Symbol.iterator):

  • stress/map-clone-next-change.js: Added.

(shouldBe):
(map.Symbol.iterator.proto.next):

  • stress/map-clone.js: Added.

(shouldBe):
(Map.prototype):

  • stress/map-inherit-set.js: Added.

(shouldBe):
(DerivedMap):
(set for):

  • stress/set-clone-instance-iterator-change.js: Added.

(shouldBe):
(set Symbol.iterator):

  • stress/set-clone-iterator-change.js: Added.

(shouldBe):
(set Set.prototype.Symbol.iterator):

  • stress/set-clone-next-change.js: Added.

(shouldBe):
(set Symbol.iterator.proto.next):

  • stress/set-clone.js: Added.

(shouldBe):
(set Set.prototype.add):

  • stress/set-inherit-add.js: Added.

(shouldBe):
(DerivedSet.set add):

Source/JavaScriptCore:

In this patch, we add a fast path for cloning in Set and Map constructors.

In ARES-6 Air, we have code like new Set(set) to clone the given set.
At that time, our generic path just iterates the given set object and add
it to the newly created one. It is quite slow because we need to follow
the iterator protocol inside C++ and we need to call set.add() repeatedly
while the given set guarantees the elements are unique.

This patch implements clone() function to JSMap and JSSet. Cloning JSMap
and JSSet are done really fast without invoking any observable JS functions.
To check whether we can use this clone() function in Set and Map constructors,
we set several watchpoints.

In the case of Set,

  1. Set.prototype[Symbol.iterator] is not changed.
  2. SetIterator.prototype.next is not changed.
  3. Set.prototype.add is not changed.
  4. The given Set does not have [Symbol.iterator] function in its instance.
  5. The given Set's Prototype is Set.prototype.
  6. Newly created set's Prototype is Set.prototype.

If the above requirements are met, cloning the given Set is not observable to users.
Thus we can take a fast path.

Currently, we do not integrate this optimization into DFG and FTL.
And we do not optimize other iterables. For example, we can optimize Set
constructor taking Int32 Array. And we should optimize generic iterator cases too.
They are planned as part of a separate bug[1].

This change improves ARES-6 Air by 5.3% in steady state.

Baseline:

Running... Air ( 1 to go)
firstIteration: 76.41 +- 15.60 ms
averageWorstCase: 40.63 +- 7.54 ms
steadyState: 9.13 +- 0.51 ms

Patched:

Running... Air ( 1 to go)
firstIteration: 75.00 +- 22.54 ms
averageWorstCase: 39.18 +- 8.45 ms
steadyState: 8.67 +- 0.28 ms

[1]: https://bugs.webkit.org/show_bug.cgi?id=172419

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • runtime/ArrayIteratorAdaptiveWatchpoint.cpp: Removed.
  • runtime/HashMapImpl.h:

(JSC::HashMapBucket::extractValue):
(JSC::HashMapImpl::finishCreation):
(JSC::HashMapImpl::add):
(JSC::HashMapImpl::setUpHeadAndTail):
(JSC::HashMapImpl::addNormalizedNonExistingForCloning):
(JSC::HashMapImpl::addNormalizedInternal):

  • runtime/InternalFunction.cpp:

(JSC::InternalFunction::createSubclassStructureSlow):
(JSC::InternalFunction::createSubclassStructure): Deleted.

  • runtime/InternalFunction.h:

(JSC::InternalFunction::createSubclassStructure):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::mapIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::setIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::mapSetWatchpoint):
(JSC::JSGlobalObject::setAddWatchpoint):
(JSC::JSGlobalObject::mapPrototype):
(JSC::JSGlobalObject::jsSetPrototype):
(JSC::JSGlobalObject::setStructure):

  • runtime/JSGlobalObjectInlines.h:

(JSC::JSGlobalObject::isMapPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isMapPrototypeSetFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeAddFastAndNonObservable):

  • runtime/JSMap.cpp:

(JSC::JSMap::clone):
(JSC::JSMap::canCloneFastAndNonObservable):

  • runtime/JSMap.h:

(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSMap::createStructure): Deleted.
(JSC::JSMap::create): Deleted.
(JSC::JSMap::set): Deleted.
(JSC::JSMap::JSMap): Deleted.

  • runtime/JSSet.cpp:

(JSC::JSSet::clone):
(JSC::JSSet::canCloneFastAndNonObservable):

  • runtime/JSSet.h:

(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSSet::createStructure): Deleted.
(JSC::JSSet::create): Deleted.
(JSC::JSSet::JSSet): Deleted.

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/ObjectPropertyChangeAdaptiveWatchpoint.h: Renamed from Source/JavaScriptCore/runtime/ArrayIteratorAdaptiveWatchpoint.h.

(JSC::ObjectPropertyChangeAdaptiveWatchpoint::ObjectPropertyChangeAdaptiveWatchpoint):

  • runtime/SetConstructor.cpp:

(JSC::constructSet):

Tools:

  • TestWebKitAPI/Tests/WTF/MathExtras.cpp:

(TestWebKitAPI::TEST):

1:15 PM Changeset in webkit [217524] by Chris Dumez
  • 11 edits
    2 adds in trunk

imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172472
<rdar://problem/32334831>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

  • web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute-expected.txt:

Rebaseline test now that more checks are passing. We were previously wrongly resetting the input form owner
to null when removing the form from the document and the input had a form attribute set and was a descendant
of the form.

Source/WebCore:

Fix assertion hit when running imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html.

When the form was removed from the document, A descendant would try to find a new form owner in the document. If the descendant had
a form content attribute and there was another form in the document with this ID, then we would erroneously associate the descendant with
that other form, even though that descendant is being disconnected. This is because when the form with the given id is removed, we
notify the IdTargetObservers of the change. In this case, the form control is an IdTargetObserver and gets notified after
removedFrom() has been called on the form but *before* removedFrom() has been called on its descendant form control. As a result, the
form control still thinks it is in the tree (i.e. isConnected() wrongly returns true) and we make the wrong decision and try to
associate it with another form in the document.

To address the problem, we leverage the fact that when a form element is being removed, it already notifies its associated form
controls that it is being removed. When it does, we make sure to clear the control's id observer if the form is its ancestor.
The ID observer is no longer needed beyond this point since the control is now disconnected from the document, and the ID observer
callback would erroneously associate it with another form element in the document of the same ID because isConnected() still returns
true at that point.
As a result, the control's form owner is kept unchanged, which is the right thing to do here, since it is its ancestor, even
though both are detached.

Test: fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html

  • dom/ContainerNode.h:

(WebCore::Node::rootNode):
Inline rootNode to avoid an extra function call in the fast path case. For the slow path, we now
call traverseToRootNode() to avoid duolicating logic.

  • dom/Node.cpp:

(WebCore::Node::traverseToRootNode):
Add a traverseToRootNode() method which gets the root node by traversing the ancestors. This logic was duplicated in 3 places:

  • Slow path in Node::rootNode()
  • computeRootNode() in FormAssociatedElement.cpp
  • findRoot() in HTMLFormElement.cpp

They are now consolidated in a single place to avoid duplication.

  • dom/Node.h:
  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::removedFrom):
Just simplify the logic a bit:

  • Clear the id observer (i.e. m_formAttributeTargetObserver) no matter what. Since the element is no longer part of the document, it is no longer needed. We would previously have checks that would basically avoid resetting m_formAttributeTargetObserver to null if it is already null. Settign m_formAttributeTargetObserver to null is cheap so there is no reason for those checks. Those checks were also confusing because they made it look like we would sometimes keep on id observer after being removed from the document.
  • Use new traverseToRootNode() utility function (no behavior change)
  • Drop unnecessary |element| local variable

(WebCore::FormAssociatedElement::formOwnerRemovedFromTree):

  • Rename to formOwnerRemovedFromTree() to make it clear that it is the element's form owner that is removed, and not just any form.
  • As we traverse the tree up to find the root, also check if we find the form owner. If we do, clear the id observer since we are effectively detached from the document and return early since there is no need to reset our form owner in this case.
  • html/FormAssociatedElement.h:
  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::removedFrom):

  • Use new traverseToRootNode() utility function (no behavior change)

LayoutTests:

Unskip test that is no longer crashing in Debug builds.

  • fast/dom/HTMLFormElement/form-removal-duplicate-id-crash-expected.txt: Added.
  • fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html: Added.

Add reduced test case reproducing the crash.

12:03 PM Changeset in webkit [217523] by Yusuke Suzuki
  • 26 edits
    13 moves
    1 delete in trunk/Source

[DOMJIT] Move DOMJIT patchpoint infrastructure out of domjit
https://bugs.webkit.org/show_bug.cgi?id=172260

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

DOMJIT::Patchpoint is now used for generalized CheckSubClass. And it becomes mature enough
to be used as a general-purpose injectable compiler over all the JIT tiers.

We extract DOMJIT::Patchpoint to jit/ and rename it JSC::Snippet.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/AccessCaseSnippetParams.cpp: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.cpp.

(JSC::SlowPathCallGeneratorWithArguments::generateImpl):
(JSC::AccessCaseSnippetParams::emitSlowPathCalls):

  • bytecode/AccessCaseSnippetParams.h: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.h.

(JSC::AccessCaseSnippetParams::AccessCaseSnippetParams):

  • bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::emitDOMJITGetter):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::blessCallDOMGetter):
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.h:
  • dfg/DFGNode.h:
  • dfg/DFGSnippetParams.cpp: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.cpp.
  • dfg/DFGSnippetParams.h: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.h.

(JSC::DFG::SnippetParams::SnippetParams):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::allocateTemporaryRegistersForSnippet):
(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::allocateTemporaryRegistersForPatchpoint): Deleted.

  • domjit/DOMJITCallDOMGetterSnippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITCallDOMGetterPatchpoint.h.

(JSC::DOMJIT::CallDOMGetterSnippet::create):

  • domjit/DOMJITGetterSetter.h:
  • domjit/DOMJITSignature.h:
  • domjit/DOMJITValue.h: Removed.
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):

  • ftl/FTLSnippetParams.cpp: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.cpp.
  • ftl/FTLSnippetParams.h: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.h.

(JSC::FTL::SnippetParams::SnippetParams):

  • jit/Snippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpoint.h.

(JSC::Snippet::create):
(JSC::Snippet::setGenerator):
(JSC::Snippet::generator):

  • jit/SnippetParams.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpointParams.h.

(JSC::SnippetParams::~SnippetParams):
(JSC::SnippetParams::Value::Value):
(JSC::SnippetParams::Value::isGPR):
(JSC::SnippetParams::Value::isFPR):
(JSC::SnippetParams::Value::isJSValueRegs):
(JSC::SnippetParams::Value::gpr):
(JSC::SnippetParams::Value::fpr):
(JSC::SnippetParams::Value::jsValueRegs):
(JSC::SnippetParams::Value::reg):
(JSC::SnippetParams::Value::value):
(JSC::SnippetParams::SnippetParams):

  • jit/SnippetReg.h: Renamed from Source/JavaScriptCore/domjit/DOMJITReg.h.

(JSC::SnippetReg::SnippetReg):

  • jit/SnippetSlowPathCalls.h: Renamed from Source/JavaScriptCore/domjit/DOMJITSlowPathCalls.h.
  • jsc.cpp:

(WTF::DOMJITNode::checkSubClassSnippet):
(WTF::DOMJITFunctionObject::checkSubClassSnippet):
(WTF::DOMJITNode::checkSubClassPatchpoint): Deleted.
(WTF::DOMJITFunctionObject::checkSubClassPatchpoint): Deleted.

  • runtime/ClassInfo.h:

Source/WebCore:

  • ForwardingHeaders/jit/Snippet.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpoint.h.
  • ForwardingHeaders/jit/SnippetParams.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpointParams.h.
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestDOMJIT.h:
  • domjit/DOMJITCheckDOM.h:

(WebCore::DOMJIT::checkDOM):

  • domjit/DOMJITHelpers.h:

(WebCore::DOMJIT::toWrapper):

  • domjit/JSDocumentDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSDocument):
(WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
(WebCore::DocumentBodyDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSDocument): Deleted.

  • domjit/JSDocumentFragmentDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSDocumentFragment):
(WebCore::checkSubClassPatchpointForJSDocumentFragment): Deleted.

  • domjit/JSElementDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSElement):
(WebCore::checkSubClassPatchpointForJSElement): Deleted.

  • domjit/JSEventDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSEvent):
(WebCore::checkSubClassPatchpointForJSEvent): Deleted.

  • domjit/JSNodeDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSNode):
(WebCore::createCallDOMGetterForOffsetAccess):
(WebCore::NodeFirstChildDOMJIT::callDOMGetter):
(WebCore::NodeLastChildDOMJIT::callDOMGetter):
(WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
(WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
(WebCore::NodeParentNodeDOMJIT::callDOMGetter):
(WebCore::NodeNodeTypeDOMJIT::callDOMGetter):
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSNode): Deleted.

10:13 AM Changeset in webkit [217522] by Simon Fraser
  • 22 edits
    1 copy
    4 adds in trunk

getComputedStyle returns percentage values for left / right / top / bottom
https://bugs.webkit.org/show_bug.cgi?id=29084

Reviewed by Zalan Bujtas.
LayoutTests/imported/w3c:

New baselines (still failing).

  • web-platform-tests/css-timing-1/frames-timing-functions-output-expected.txt:
  • web-platform-tests/html/semantics/interactive-elements/the-dialog-element/centering-expected.txt:

Source/WebCore:

Fix getComputedStyle() to return pixel values for left / right / top / bottom, per spec.

This is mostly a merge of https://codereview.chromium.org/13871003/.

Behavior now matches Chrome and Firefox.

Test: fast/css/getComputedStyle/getComputedStyle-offsets.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::getOffsetComputedLength):
(WebCore::getOffsetUsedStyleRelative):
(WebCore::getOffsetUsedStyleAbsolute):
(WebCore::positionOffsetValue):
(WebCore::positionOffsetValueIsRendererDependent):
(WebCore::isNonReplacedInline):
(WebCore::isLayoutDependent):
(WebCore::ComputedStyleExtractor::propertyValue):

LayoutTests:

Some new baselines, a new test, and an improved test.

  • animations/trigger-container-scroll-boundaries-expected.txt:
  • animations/trigger-container-scroll-boundaries.html:
  • animations/trigger-container-scroll-empty-expected.txt:
  • animations/trigger-container-scroll-empty.html:
  • animations/trigger-container-scroll-simple-expected.txt:
  • animations/trigger-container-scroll-simple.html:
  • fast/css/getComputedStyle/computed-style-expected.txt:
  • fast/css/getComputedStyle/computed-style-negative-top-expected.txt:
  • fast/css/getComputedStyle/computed-style-negative-top.html: Convert to a real JS test, add more cases.
  • fast/css/getComputedStyle/getComputedStyle-offsets-expected.txt: Added.
  • fast/css/getComputedStyle/getComputedStyle-offsets.html: Added.
  • fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size-expected.txt:
  • fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size.html: It doesn't make any sense to test right/bottom.
  • fast/css/hover-affects-child-expected.txt:
  • fast/css/hover-affects-child.html:
  • platform/mac-elcapitan/fast/css/getComputedStyle/computed-style-expected.txt:
  • transitions/transition-to-from-auto-expected.txt:
  • transitions/transition-to-from-auto.html:
9:23 AM Changeset in webkit [217521] by Alan Bujtas
  • 4 edits in trunk

enclosingIntRect returns a rect with -1 width/height when the input FloatRect overflows integer.
https://bugs.webkit.org/show_bug.cgi?id=172676

Reviewed by Simon Fraser.

Source/WebCore:

Clamp integer values soon after the enclosing rectangle is resolved.

  • platform/graphics/FloatRect.cpp:

(WebCore::enclosingIntRect):

Tools:

  • TestWebKitAPI/Tests/WebCore/FloatRect.cpp:

(TestWebKitAPI::TEST):

May 26, 2017:

10:25 PM Changeset in webkit [217520] by commit-queue@webkit.org
  • 11 edits in trunk/Source

Simply some NSNumber usage
https://bugs.webkit.org/show_bug.cgi?id=172677

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-26
Reviewed by Sam Weinig.

Source/WebCore:

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _addAccessibilityObject:toTextMarkerArray:]):
(AXAttributeStringSetFont):
(AXAttributeStringSetStyle):

  • accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::postTextStateChangePlatformNotification):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(AXAttributeStringSetStyle):
(AXAttributeStringSetSpelling):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):

  • platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::levelIndicatorFor):

Source/WebKit2:

  • PluginProcess/mac/PluginControllerProxyMac.mm:

(WebKit::PluginControllerProxy::platformGeometryDidChange):

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::registerUserDefaultsIfNeeded):

  • WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:

(-[WKAccessibilityWebPageObject accessibilityAttributeValue:]):

8:27 PM Changeset in webkit [217519] by commit-queue@webkit.org
  • 7 edits in trunk

WebRTC stats should be in milliseconds
https://bugs.webkit.org/show_bug.cgi?id=172644

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

Source/WebCore:

Covered by updated tests.

  • Modules/mediastream/RTCStatsReport.h:
  • Modules/mediastream/RTCStatsReport.idl:
  • Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::fillRTCStats):

LayoutTests:

7:54 PM Changeset in webkit [217518] by weinig@apple.com
  • 25 edits
    2 adds in trunk

[WebIDL] Overloaded functions should throw this object check exception before argument check exception
https://bugs.webkit.org/show_bug.cgi?id=172480

Reviewed by Chris Dumez.

Source/WebCore:

  • Codifies naming for both parts of the operation/attribute function implementation:
    • The 'trampoline' which is the actual host function and simply calls IDLOperation, IDLOperationReturningPromise or IDLAttribute.
    • The 'body' which is where argument checking and calling into the implementation takes place.
  • Made it so all operations, including static ones, use the trampoline / body model, simplifying code generation. The one exception is for overloaded operations, which now have a trampoline and body for the dispatcher, and only bodies for all the overloads. This is what fixes the bug, since now that the dispatcher has a trampoline, it can do the correct this object checking via IDLOperation / IDLOperationReturningPromise.
  • Split out code generation for trampoline and body into separate subroutines and simplified their implementations.
  • Changed GenerateOverloadDispatcher to only generate the body of the function, leaving it up to the caller to generate the signature, braces and conditionals if needed.
  • Made more subroutines take an output array and indent, in support of future endeavors that will need that support.
  • Remove unnecessary #includes of <runtime/Error.h>, which gets included already by virtue of JSDOMExceptionHandling.h

Test: js/dom/overloaded-operation-exception-order.html

  • bindings/js/JSDOMOperation.h:
  • bindings/js/JSDOMOperationReturningPromise.h:

Add no-op static versions of the bouncer functions.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateOverloadDispatcher):
(GenerateOperationTrampolineDefinition):
(GenerateOperationBodyDefinition):
(GenerateOperationDefinition):
(GenerateSerializerDefinition):
(GenerateLegacyCallerDefinitions):
(GenerateLegacyCallerDefinition):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
(GenerateImplementationCustomFunctionCall):
(GenerateConstructorDefinitions):
(GenerateConstructorDefinition):

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

LayoutTests:

Add test case that shows that using the wrong this object on an overloaded function,
even if you are passing the wrong number of arguments, results in an invalid this
object exception.

  • js/dom/overloaded-operation-exception-order-expected.txt: Added.
  • js/dom/overloaded-operation-exception-order.html: Added.
7:33 PM Changeset in webkit [217517] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REEGRESSION(r217459): testapi fails in JSExportTest's wrapperForNSObjectisObject().
https://bugs.webkit.org/show_bug.cgi?id=172654

Reviewed by Mark Lam.

The test's intent is to assert that an exception has not been
thrown (as indicated by the message string), but the test was
erroneously checking for ! the right condition. This is now fixed.

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

6:32 PM Changeset in webkit [217516] by Alan Bujtas
  • 2 edits in trunk/Tools

TestWebKitAPI: EnclosingIntRect and RoundedIntRect should use EXPECT_EQ.
https://bugs.webkit.org/show_bug.cgi?id=172674

Reviewed by Simon Fraser.

  • TestWebKitAPI/Tests/WebCore/FloatRect.cpp:

(TestWebKitAPI::TEST):

5:38 PM Changeset in webkit [217515] by Brent Fulgham
  • 14 edits in trunk/Source

[WK2] Address thread safety issues with ResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=172519
<rdar://problem/31707642>

Reviewed by Chris Dumez.

Source/WebCore:

  • loader/ResourceLoadObserver.cpp:

(WebCore::ResourceLoadObserver::setStatisticsQueue): Added.
(WebCore::ResourceLoadObserver::clearInMemoryStore): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::clearInMemoryAndPersistentStore): Ditto.
(WebCore::ResourceLoadObserver::logFrameNavigation): Ditto.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
(WebCore::ResourceLoadObserver::logWebSocketLoading): Ditto.
(WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution): Ditto.
(WebCore::ResourceLoadObserver::logUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::clearUserInteraction): Protect HashTable while reading.
(WebCore::ResourceLoadObserver::hasHadUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::setPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::isPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::clearPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::setGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::isGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::setSubframeUnderTopFrameOrigin): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::setSubresourceUnderTopFrameOrigin): Ditto.
(WebCore::ResourceLoadObserver::setSubresourceUniqueRedirectTo): Ditto.
(WebCore::ResourceLoadObserver::fireDataModificationHandler): ASSERT this is only called from the main thread, since this is
only meant to be used as part of the testing harness.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.

  • loader/ResourceLoadObserver.h:
  • loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::isPrevalentResource): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::ensureResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): ASSERT this isn't being done on the main thread, and
protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemory): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsForOrigin): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::takeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::mergeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::setNotificationCallback): Use WTF::Function.
(WebCore::ResourceLoadStatisticsStore::setShouldPartitionCookiesCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setWritePersistentStoreCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): ASSERT this is not called on the main thread,
but dispatch the registered handler on the main thread.
(WebCore::ResourceLoadStatisticsStore::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadStatisticsStore::processStatistics): ASSERT this isn't being done on the main thread, and
protect the HashTable while using it. Also switch to WTF::Function.
(WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction): Make const correct.
(WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords): Ditto.
(WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore): Ditto.
(WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords): Make const correct. ASSERT this is not being called
on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved): ASSERT this is not being called on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsLock): Added.

  • loader/ResourceLoadStatisticsStore.h:

Source/WebKit/mac:

Create a new WorkQueue for the ResourceLoadStatistics store to use for processing data.

  • WebView/WebView.mm:

(WebKitInitializeApplicationStatisticsStoragePathIfNecessary): Pass WorkQueue to the observer.

Source/WebKit2:

Address some thread safety issues with the ResourceLoadStatistics architecture.

  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::removeDataRecords): Assert that this is never called on the main thread. Also
ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::processStatisticsAndDataRecords): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Assert we do not hit this method
on the main thread.
(WebKit::WebResourceLoadStatisticsStore::registerSharedResourceLoadObserver): Assert that this is being called on the
main thread. Also ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::grandfatherExistingWebsiteData): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Lock data before operating on it.
(WebKit::WebResourceLoadStatisticsStore::writeStoreToDisk): Assert we do not hit this method on the main thread.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.

  • UIProcess/WebResourceLoadStatisticsStore.h:
  • WebProcess/WebProcess.cpp: Add a queue for the local WebProcess ResourceLoadStatisticsStore to use while processing data.

(WebKit::m_statisticsQueue): Added.

  • WebProcess/WebProcess.h:

Source/WTF:

Add a new specialization for HashSet.

  • wtf/CrossThreadCopier.h:
5:22 PM Changeset in webkit [217514] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip fast/events/before-unload-returnValue.html on iOS.
https://bugs.webkit.org/show_bug.cgi?id=172672

Unreviewed test gardening.

  • platform/ios/TestExpectations:
5:22 PM Changeset in webkit [217513] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark workers/wasm-long-compile-many.html as flaky on mac-wk1.
https://bugs.webkit.org/show_bug.cgi?id=172331

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
5:05 PM Changeset in webkit [217512] by Ryan Haddad
  • 2 edits in branches/safari-603-branch/LayoutTests

Merge r217217.

4:00 PM Changeset in webkit [217511] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

[Cocoa] Simplify some WebViewImpl pasteboard code
https://bugs.webkit.org/show_bug.cgi?id=172668

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-26
Reviewed by Tim Horton.

  • Shared/mac/PasteboardTypes.mm:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::setFileAndURLTypes):
(WebKit::WebViewImpl::setPromisedDataForAttachment):

3:57 PM Changeset in webkit [217510] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.21.10

Tag Safari-604.1.21.10.

3:56 PM Changeset in webkit [217509] by commit-queue@webkit.org
  • 17 edits in trunk/Source

JSContext Inspector: Improve the reliability of automatically pausing in auto-attach
https://bugs.webkit.org/show_bug.cgi?id=172664
<rdar://problem/32362933>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-26
Reviewed by Matt Baker.

Source/JavaScriptCore:

Automatically pause on connection was triggering a pause before the
frontend may have initialized. Often during frontend initialization
the frontend may perform an action that clears the pause state requested
by the developer. This change defers the pause until after the frontend
has initialized, right before returning to the application's code.

  • inspector/remote/RemoteControllableTarget.h:
  • inspector/remote/RemoteInspectionTarget.h:
  • inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:

(Inspector::RemoteConnectionToTarget::setup):

  • inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:

(Inspector::RemoteConnectionToTarget::setup):

  • runtime/JSGlobalObjectDebuggable.cpp:

(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::pause): Deleted.

  • runtime/JSGlobalObjectDebuggable.h:

Pass an immediatelyPause boolean on to the controller. Remove
the current path that invokes a pause before initialization.

  • inspector/JSGlobalObjectInspectorController.h:
  • inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::connectFrontend):
(Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
Manage should immediately pause state.

(Inspector::JSGlobalObjectInspectorController::frontendInitialized):
(Inspector::JSGlobalObjectInspectorController::pause): Deleted.
When initialized, trigger a pause if requested.

Source/WebCore:

  • inspector/InspectorController.h:
  • page/PageDebuggable.cpp:

(WebCore::PageDebuggable::connect):

  • page/PageDebuggable.h:

Pass an immediatelyPause boolean on to the controller.

  • inspector/InspectorController.cpp:

(WebCore::InspectorController::connectFrontend):
(WebCore::InspectorController::disconnectFrontend):
(WebCore::InspectorController::disconnectAllFrontends):
Manage should immediately pause state.

(WebCore::InspectorController::frontendInitialized):
When initialized, trigger a pause if requested.

Source/WebKit2:

  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::connect):

  • UIProcess/Automation/WebAutomationSession.h:

Special connection options are ignored in automation sessions.

2:41 PM Changeset in webkit [217508] by commit-queue@webkit.org
  • 3 edits
    1 add in trunk/Source/WebCore

[CMake] Consolidate CMake code related to FreeType
https://bugs.webkit.org/show_bug.cgi?id=172656

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Michael Catanzaro.

No new tests. No change in behavior.

  • PlatformGTK.cmake:
  • PlatformWPE.cmake:
  • platform/FreeType.cmake: Added.
2:33 PM Changeset in webkit [217507] by commit-queue@webkit.org
  • 34 edits in trunk/Source/WebCore

[WebIDL] Another bindings cleanup pass, this time focusing on attributes
https://bugs.webkit.org/show_bug.cgi?id=172619

Patch by Sam Weinig <sam@webkit.org> on 2017-05-26
Reviewed by Chris Dumez.

  • Moved attribute getter / setter generation into their own subroutines.
  • As was done for operations, moved trampoline functions for attributes below their implementation functions to avoid unseemly forward declaration.
  • Changed to place the getter and setter for an attribute next to each other, rather than having all the getters and then all the setters.
  • Moved JSFoo::getConstructor and JSFoo::getNamedConstructor up to be with other member functions.
  • Fix an issue where we were generating a setJSFooConstructor function and not installing it anywhere. Now we always generate either both the getter and setter or neither for the constructor property. Also moved their definition to just above all the attributes, rather than the odd placements of between the getters and setters which is where they had been.
  • Made InstanceNeedsVisitChildren a complete answer, rather than relying on some loop of the attributes to update needsVisitChildren bit.
  • Move use of passing conditionals when adding headers.
  • bindings/scripts/CodeGeneratorJS.pm:

(InstanceNeedsVisitChildren):
(GenerateHeader):
(GenerateImplementation):
(GenerateAttributeGetterDefinition):
(GenerateAttributeSetterDefinition):
(NeedsConstructorProperty):

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

2:28 PM Changeset in webkit [217506] by commit-queue@webkit.org
  • 4 edits in trunk

[CMake] Wrap CODE_GENERATOR_PREPROCESSOR_EXECUTABLE on Windows hosts
https://bugs.webkit.org/show_bug.cgi?id=172553

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Brent Fulgham.

.:

  • Source/cmake/OptionsCommon.cmake:

Source/WebCore:

No new tests. No change in behavior.

  • bindings/scripts/preprocessor.pm:

(applyPreprocessor): Use shellwords() instead of splitting
preprocessor command by space. Combine it back in open3() call on
Windows to work around Cygwin-specific issue.

2:14 PM Changeset in webkit [217505] by Devin Rousso
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Reloading the page after switching from the Resource tab switches back
https://bugs.webkit.org/show_bug.cgi?id=172622

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype._treeSelectionDidChange):

  • UserInterface/Views/ResourceSidebarPanel.js:

(WebInspector.ResourceSidebarPanel.prototype._treeSelectionDidChange):

  • UserInterface/Views/SearchSidebarPanel.js:

(WebInspector.SearchSidebarPanel.prototype._treeSelectionDidChange):
Don't show the newly selected tree element's represented object if the sidebar is not visible.

1:59 PM Changeset in webkit [217504] by Devin Rousso
  • 2 edits in trunk/Websites/bugs.webkit.org

Provide bug information when https://webkit.org/b/# URLs are added in comments
https://bugs.webkit.org/show_bug.cgi?id=169707

Reviewed by David Kilzer.

  • Bugzilla/Template.pm:

(quoteUrls):

1:47 PM Changeset in webkit [217503] by Devin Rousso
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: New Tab contents have extra vertical spacing when wrapped
https://bugs.webkit.org/show_bug.cgi?id=172530

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/NewTabContentView.css:

(.new-tab.tab.content-view):

1:40 PM Changeset in webkit [217502] by Ryan Haddad
  • 2 edits in branches/safari-603-branch/LayoutTests

Unreviewed, land TestExpectations for rdar://problem/30555012.

  • platform/ios-simulator/TestExpectations:
1:22 PM Changeset in webkit [217501] by Wenson Hsieh
  • 2 edits in trunk/Source/WebCore

Unreviewed, fix the build using the latest SDK

Add deprecation guards around newly introduced (and deprecated) SPI.

  • platform/ios/WebItemProviderPasteboard.mm:

(-[WebItemProviderPasteboard setItemsUsingRegistrationInfoLists:]):

12:45 PM Changeset in webkit [217500] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Temporarily commenting out a JSExportTest test until webkit.org/b/172654 is fixed.
https://bugs.webkit.org/show_bug.cgi?id=172655

Reviewed by Saam Barati.

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

12:27 PM Changeset in webkit [217499] by Ryan Haddad
  • 10 edits
    3 adds in trunk

Unreviewed, rolling out r217458.

This change caused 55 JSC test failures.

Reverted changeset:

"Date should use historical data if it's available."
https://bugs.webkit.org/show_bug.cgi?id=172592
http://trac.webkit.org/changeset/217458

11:45 AM Changeset in webkit [217498] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(216914): testCFStrings encounters an invalid ExecState callee pointer.
https://bugs.webkit.org/show_bug.cgi?id=172651

Reviewed by Saam Barati.

This is because the assertion utility functions used in testCFStrings() expects
to get the JSGlobalContextRef from the global context variable. However,
testCFStrings() creates its own JSGlobalContextRef but does not set the global
context variable to it.

The fix is to make testCFStrings() initialize the global context variable properly.

  • API/tests/testapi.c:

(testCFStrings):

11:20 AM Changeset in webkit [217497] by Wenson Hsieh
  • 2 edits in trunk/Tools

Add test resources back into TestWebKitAPI Copy Resources phase

Rubber-stamped by Beth Dakin.

Add two files back into the Copy Resources phase after they were unintentionally
removed in r217447 and r217496.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
10:18 AM Changeset in webkit [217496] by Beth Dakin
  • 5 edits
    1 add in trunk

Media documents inside iframes should not get controls in the TouchBar unless the
video is playing
https://bugs.webkit.org/show_bug.cgi?id=172620
-and corresponding-
rdar://problem/32165477

Reviewed by Jon Lee.

Source/WebCore:

Media documents get to return early with true, but that should only apply to
mainframe media documents.

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::canShowControlsManager):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WebKit2Cocoa/offscreen-iframe-of-media-document.html: Added.
10:12 AM Changeset in webkit [217495] by Yusuke Suzuki
  • 7 edits
    1 add in trunk

Give ModuleProgram the same treatment that we did for ProgramCode in bug#167725
https://bugs.webkit.org/show_bug.cgi?id=167805

Reviewed by Saam Barati.

JSTests:

  • modules/module-jit-reachability.js: Added.

Source/JavaScriptCore:

Since ModuleProgramExecutable is executed only once, we can skip compiling
code unreachable from the current program count. This can skip massive
initialization code.

We already do this for global code in bug#167725. This patch extends it to
module code.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::executeModuleProgram):

  • interpreter/Interpreter.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::evaluate):

  • runtime/JSModuleRecord.h:

(JSC::JSModuleRecord::moduleProgramExecutable): Deleted.

10:08 AM Changeset in webkit [217494] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Minor clean-up related to DocumentThreadableLoader redirections
https://bugs.webkit.org/show_bug.cgi?id=172647

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Chris Dumez.

No change of behavior.

Decrementing m_options redirect count directly instead of using an
additional counter.

To compare whether two URLs are same-origin, use scheme+host+port check
as per the spec.
This is fine as only the initial origin may have specific rules and we
are using the scheme+host+port checks when already being gone to
another origin.

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

  • loader/DocumentThreadableLoader.h:
  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):

10:03 AM Changeset in webkit [217493] by matthew_hanson@apple.com
  • 5 edits in branches/safari-604.1.21-branch/Source/WebKit2

Cherry-pick r217475. rdar://problem/32414363

10:03 AM Changeset in webkit [217492] by matthew_hanson@apple.com
  • 61 edits
    1 add in branches/safari-604.1.21-branch

Cherry-pick r217296. rdar://problem/32414363

9:13 AM Changeset in webkit [217491] by Ryan Haddad
  • 4 edits in trunk/LayoutTests

Rebaseline js/dom/global-constructors-attributes.html.

Unreviewed test gardening.

  • platform/mac-elcapitan/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
9:03 AM Changeset in webkit [217490] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Skip two LayoutTests that are failing due missing results.

Unreviewed test gardening.

7:36 AM Changeset in webkit [217489] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix memory leaks in MediaSampleAVFObjC::create
https://bugs.webkit.org/show_bug.cgi?id=172600

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

No change of behavior.

  • platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:

(WebCore::MediaSampleAVFObjC::createImageSample):

6:28 AM Changeset in webkit [217488] by commit-queue@webkit.org
  • 8 edits
    2 copies
    2 adds in trunk/Source/WebKit2

Unreviewed, rolling out r217479.
https://bugs.webkit.org/show_bug.cgi?id=172642

Exposes an underlying bug in WPEBackend-mesa that we have to
resolve separately (Requested by zdobersek on #webkit).

Reverted changeset:

"[WPE] Use AcceleratedDrawingArea instead of its fork"
https://bugs.webkit.org/show_bug.cgi?id=172496
http://trac.webkit.org/changeset/217479

5:02 AM Changeset in webkit [217487] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Mark animations/animation-delay-changed.htm as flaky

Unreviewed gardening. It's flaky on all platforms so why bother.

  • platform/wpe/TestExpectations:
3:18 AM Changeset in webkit [217486] by Manuel Rego Casasnovas
  • 7 edits
    34 adds in trunk

[css-grid] Add support for orthogonal positioned grid items
https://bugs.webkit.org/show_bug.cgi?id=172591

Reviewed by Sergio Villar Senin.

LayoutTests/imported/w3c:

Imported new tests for this feature from WPT repository.

  • resources/import-expectations.json:
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/w3c-import.log:

Source/WebCore:

This patch adds support for positioned grid items with orthogonal flows.
Basically it just needs to check if the item is orthogonal to use
the column or row offset as logical left or top depending on the case.

Tests: imported/w3c/web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-*.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::layoutPositionedObject):

LayoutTests:

Two of the new imported tests are failing due to an issue with margins
and orthogonal items, which is unrelated to this patch (see bug #172590).

3:16 AM Changeset in webkit [217485] by Adrian Perez de Castro
  • 2 edits in trunk

[CMake] Pass -fdiagnostics-color=always to GCC when building with Ninja
https://bugs.webkit.org/show_bug.cgi?id=172638

Reviewed by Yusuke Suzuki.

The oldest version of GCC supported for building WebKit is 4.9, which already accepts
-fdiagnostics-color=, therefore it is not needed to check the compiler version.

  • Source/cmake/OptionsCommon.cmake:
2:50 AM Changeset in webkit [217484] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

Unreviewed Mac cmake buildfix after r217137, just for fun.
https://bugs.webkit.org/show_bug.cgi?id=172362

  • PlatformMac.cmake:
2:33 AM Changeset in webkit [217483] by Carlos Garcia Campos
  • 7 edits
    11 adds in releases/WebKitGTK/webkit-2.16

Merge r214378 - Handle recursive calls to ProcessingInstruction::checkStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=169982
<rdar://problem/31083051>

Reviewed by Antti Koivisto.

Source/WebCore:

See if we triggered a recursive load of the stylesheet during the 'beforeload'
event handler. If so, reset to a valid state before completing the load.

We should also check after 'beforeload' that we were not disconnected from (or
moved to a new) document.

I also looked for other cases of this pattern and fixed them, too.

Tests: fast/dom/beforeload/image-removed-during-before-load.html
fast/dom/beforeload/recursive-css-pi-before-load.html
fast/dom/beforeload/recursive-link-before-load.html
fast/dom/beforeload/recursive-xsl-pi-before-load.html

  • dom/ProcessingInstruction.cpp:

(WebCore::ProcessingInstruction::clearExistingCachedSheet): Added.
(WebCore::ProcessingInstruction::checkStyleSheet): Prevent recursive calls into
this function during 'beforeload' handling. Also, safely handle the case where
the element was disconnected in the 'beforeload' handler (similar to what
we do in HTMLLinkElement).
(WebCore::ProcessingInstruction::setCSSStyleSheet): Drive-by Fix: Protect the
current document to match what we do in setXSLStyleSheet.

  • dom/ProcessingInstruction.h:
  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process): Prevent recursive calls into
this function during 'beforeload' handling.

  • html/HTMLLinkElement.h:
  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): safely handle the case where
the element was disconnected in the 'beforeload' handler (similar to what
we do in HTMLLinkElement).

  • style/StyleScope.cpp:

(WebCore::Style::Scope::hasPendingSheet): Added.

  • style/StyleScope.h:

LayoutTests:

  • fast/dom/beforeload/image-removed-during-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/image-removed-during-before-load-expected.txt.
  • fast/dom/beforeload/image-removed-during-before-load.html: Copied from LayoutTests/fast/dom/beforeload/image-removed-during-before-load.html.
  • fast/dom/beforeload/recursive-css-pi-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-css-pi-before-load-expected.txt.
  • fast/dom/beforeload/recursive-css-pi-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-css-pi-before-load.html.
  • fast/dom/beforeload/recursive-link-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-link-before-load-expected.txt.
  • fast/dom/beforeload/recursive-link-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-link-before-load.html.
  • fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt.
  • fast/dom/beforeload/recursive-xsl-pi-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-xsl-pi-before-load.html.
  • fast/dom/beforeload/resources/content.xhtml: Copied from LayoutTests/fast/dom/beforeload/resources/content.xhtml.
  • fast/dom/beforeload/resources/pass.css: Copied from LayoutTests/fast/dom/beforeload/resources/pass.css.
  • fast/dom/beforeload/resources/test.xsl: Copied from LayoutTests/fast/dom/beforeload/resources/test.xsl.
1:17 AM Changeset in webkit [217482] by commit-queue@webkit.org
  • 2 edits
    4 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new GTK+ icons for Web Sockets
https://bugs.webkit.org/show_bug.cgi?id=172296

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-26
Reviewed by Carlos Garcia Campos.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/WebSocket.png: Added.
  • UserInterface/Images/gtk/WebSocket@2x.png: Added.
  • UserInterface/Images/gtk/WebSocketLarge.png: Added.
  • UserInterface/Images/gtk/WebSocketLarge@2x.png: Added.
  • UserInterface/Views/ResourceIcons.css:

(.resource-icon.resource-type-websocket .icon):
(.large .resource-icon.resource-type-websocket .icon):
(body:matches(.mac-platform, .windows-platform) .resource-icon.resource-type-websocket .icon): Deleted.
(body:matches(.mac-platform, .windows-platform) .large .resource-icon.resource-type-websocket .icon): Deleted.

1:16 AM Changeset in webkit [217481] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Show patches applied in each A/B testing build requests
https://bugs.webkit.org/show_bug.cgi?id=172636

Reviewed by Antti Koivisto.

List patches applied along side revisions inn the list of revisions for an A/B tesing build requests if there
are any patches applied.

  • public/v3/components/test-group-revision-table.js:

(TestGroupRevisionTable.prototype._renderTable): Indicate which request is to build a patch and which one is
to run tests.
(TestGroupRevisionTable.prototype._buildCommitCell): Include the patch file's information when there is one.
We need to use the requested commit set instead of the one reported by testers or builders since they don't
include patch or root information.
(TestGroupRevisionTable.prototype._buildCustomRootsCell):
(TestGroupRevisionTable.prototype._buildFileInfo): Extracted from _buildCustomRootsCell.

1:15 AM Changeset in webkit [217480] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

The queue page is broke when there is a custom analysis task
https://bugs.webkit.org/show_bug.cgi?id=172631

Reviewed by Antti Koivisto.

Fix the bug that we were always assuming each build request to have a test associated.

  • public/v3/models/test-group.js:

(TestGroup.createAndRefetchTestGroups): Fixed the bug that we were referring to a non-existent variable task.

  • public/v3/pages/build-request-queue-page.js:

(BuildRequestQueuePage.prototype._constructBuildRequestTable): Fixed the bug. Collect every request in the group
and then find the first test request's test name. Make it clear that we're waiting for a build as needed.

1:07 AM Changeset in webkit [217479] by Carlos Garcia Campos
  • 8 edits
    4 deletes in trunk/Source/WebKit2

[WPE] Use AcceleratedDrawingArea instead of its fork
https://bugs.webkit.org/show_bug.cgi?id=172496

Reviewed by Žan Doberšek.

WPE uses its own drawing area implementation, which is actually a fork of AcceleratedDrawingArea, but simplified
for the case of compositing being always forced. AcceleratedDrawingArea already handles the case of compositing
being forced, so now that WPE is upstream we could simply use AcceleratedDrawingArea instead.

  • PlatformWPE.cmake:
  • Shared/DrawingAreaInfo.h: Remove DrawingAreaTypeWPE type.
  • UIProcess/API/wpe/DrawingAreaProxyWPE.cpp: Removed.
  • UIProcess/API/wpe/DrawingAreaProxyWPE.h: Removed.
  • UIProcess/API/wpe/PageClientImpl.cpp:

(WebKit::PageClientImpl::createDrawingAreaProxy): Create an AcceleratedDrawingAreaProxy.

  • WebProcess/WebPage/AcceleratedDrawingArea.cpp:

(WebKit::AcceleratedDrawingArea::mainFrameContentSizeChanged): Moved from DrawingAreaImpl since it actually
belongs here.

  • WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::create): Create an AcceleratedDrawingArea for WPE port.

  • WebProcess/WebPage/DrawingAreaImpl.cpp: Remove mainFrameContentSizeChanged() that doesn't belong here.
  • WebProcess/WebPage/DrawingAreaImpl.h:
  • WebProcess/WebPage/wpe/DrawingAreaWPE.cpp: Removed.
  • WebProcess/WebPage/wpe/DrawingAreaWPE.h: Removed.
12:00 AM Changeset in webkit [217478] by gskachkov@gmail.com
  • 4 edits in trunk

Prevent async methods named 'function'
https://bugs.webkit.org/show_bug.cgi?id=172598

Reviewed by Mark Lam.

JSTests:

  • stress/async-await-syntax.js:

(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntax):
(testTopLevelAsyncAwaitSyntaxSloppyMode):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode.testSyntax):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode):
(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntaxError):

Source/JavaScriptCore:

Prevent async method named 'function' in class.
Link to change in ecma262 specification
https://github.com/tc39/ecma262/pull/884

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseClass):

May 25, 2017:

11:46 PM Changeset in webkit [217477] by commit-queue@webkit.org
  • 4 edits in trunk

Don't reset m_hasDisplayContents on ElementRareData::resetComputedStyle.
https://bugs.webkit.org/show_bug.cgi?id=172503

Patch by Emilio Cobos Álvarez <ecobos@igalia.com> on 2017-05-25
Reviewed by Antti Koivisto.

Source/WebCore:

We use that bit of information to determine whether we need to tear
down the renderers of a display: contents subtree, so better for it to
not change until the render tree is updated.

In practice, we may want to remove that bit and use ElementRareData's
RenderStyle instead (keeping it around as appropriate), to ensure they
don't go out of sync, but that's out of scope of this patch for now.

Tests: imported/w3c/web-platform-tests/css/css-display-3

  • dom/ElementRareData.h:

(WebCore::ElementRareData::resetComputedStyle):

LayoutTests:

10:39 PM Changeset in webkit [217476] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

Fix MediaDeviceInfo's extended attributes so they make sense
https://bugs.webkit.org/show_bug.cgi?id=172629

Patch by Sam Weinig <sam@webkit.org> on 2017-05-25
Reviewed by Daniel Bates.

Source/WebCore:

MediaDeviceInfo.idl had both a Constructor and NoInterfaceObject, which
doesn't really make sense. Either way, the spec says it should have
neither, so remove both. And, while were there, add missing serializer.

Test: fast/mediastream/media-device-info.html

  • Modules/mediastream/MediaDeviceInfo.idl:

LayoutTests:

  • fast/mediastream/media-device-info-expected.txt: Added.
  • fast/mediastream/media-device-info.html: Added.

Test that MediaDeviceInfo has the expected properties and that
the serializer works.

9:41 PM Changeset in webkit [217475] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebKit2

[iOS] Disbale async image decoding when synchronously painting a newly parented WebView
https://bugs.webkit.org/show_bug.cgi?id=172626

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

Large images have to be synchronously decoded when bringing a WebView to
the foreground because the whole page will be painted when we unblock the
UI process.

  • Shared/mac/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::drawInContext): Get nextFlushIsForImmediatePaint
from RemoteLayerTreeContext and pass the correct GraphicsLayerPaintFlags
to drawLayerContents().

  • WebProcess/WebPage/mac/RemoteLayerTreeContext.h:

(WebKit::RemoteLayerTreeContext::setNextFlushIsForImmediatePaint):
(WebKit::RemoteLayerTreeContext::nextFlushIsForImmediatePaint):

  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::flushLayers): Pass
m_nextFlushIsForImmediatePaint to RemoteLayerTreeContext and then reset it.
(WebKit::RemoteLayerTreeDrawingArea::activityStateDidChange):
Set m_nextFlushIsForImmediatePaint to true to say that in the next flush,
large images have to be synchronously decoded.

9:24 PM Changeset in webkit [217474] by commit-queue@webkit.org
  • 7 edits in trunk

_WKUserStyleSheet and WKUserScript leak string data
https://bugs.webkit.org/show_bug.cgi?id=172583
<rdar://problem/32395209>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-25
Reviewed by Sam Weinig.

Source/WebKit2:

  • UIProcess/API/Cocoa/WKUserScript.mm:

(-[WKUserScript dealloc]):

  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet dealloc]):
Follow the pattern of destructing the internal API object.

  • UIProcess/API/Cocoa/WKUserScriptInternal.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheetInternal.h:

Remove unnecessary includes.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

We should not have been adopting an autoreleased object.

9:19 PM Changeset in webkit [217473] by Chris Dumez
  • 4 edits
    2 adds in trunk

imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_owner_and_table_2.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172628
<rdar://problem/32418707>

Reviewed by Sam Weinig.

Source/WebCore:

In the event where a form is removed synchronously by a script during parsing,
FormAssociatedElement::m_formSetByParser may end up referring to a form that
is no longer in the document. As a result, we should make sure m_formSetByParser
is still connected in FormAssociatedElement::insertedInto() before we call
FormAssociatedElement::setForm(m_formSetByParser).

Test: fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto):

LayoutTests:

Add reduced test case.

Unskip test that is no longer crashing in debug builds.

  • fast/dom/HTMLFormElement/form-removed-during-parsing-crash-expected.txt: Added.
  • fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html: Added.
8:53 PM Changeset in webkit [217472] by Alan Bujtas
  • 3 edits
    7 adds in trunk

Frame's composited content is visible when the frame has visibility: hidden.
https://bugs.webkit.org/show_bug.cgi?id=125565
<rdar://problem/32196849>

Reviewed by Simon Fraser.

Source/WebCore:

Do not construct composited layers for hidden RenderWidgets (frameset, iframe, object).
Note that we still construct layers for the associated renderers as usual.

Tests: compositing/visibility/frameset-visibility-hidden.html

compositing/visibility/iframe-visibility-hidden.html
compositing/visibility/object-visibility-hidden.html

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForPlugin):
(WebCore::RenderLayerCompositor::requiresCompositingForFrame):

LayoutTests:

  • compositing/resources/visibility.html: Added.
  • compositing/visibility/frameset-visibility-hidden-expected.html: Added.
  • compositing/visibility/frameset-visibility-hidden.html: Added.
  • compositing/visibility/iframe-visibility-hidden-expected.html: Added.
  • compositing/visibility/iframe-visibility-hidden.html: Added.
  • compositing/visibility/object-visibility-hidden-expected.html: Added.
  • compositing/visibility/object-visibility-hidden.html: Added.
7:58 PM Changeset in webkit [217471] by jmarcell@apple.com
  • 7 edits in tags/Safari-604.1.23.0.1/Source

Versioning.

7:56 PM Changeset in webkit [217470] by Brent Fulgham
  • 2 edits in trunk/LayoutTests

Gracefully handle missing localStorage support in results.html
https://bugs.webkit.org/show_bug.cgi?id=172625
<rdar://problem/32118243>

Reviewed by Alexey Proskuryakov.

Handle the case where localStorage generates a SecurityError DOMException, treating this
as a non-fatal error.

  • fast/harness/results.html:

(OptionWriter.save): Treat "SecurityError" as an expected condition.
(OptionWriter.apply): Ditto.

7:54 PM Changeset in webkit [217469] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.23.0.1

New tag.

7:40 PM Changeset in webkit [217468] by Yusuke Suzuki
  • 2 edits in trunk/Source/WebCore

Unreviewed, build fix in GTK and WPE ports
https://bugs.webkit.org/show_bug.cgi?id=172580

Missing RenderSVGResourceMode declaration in SVGInlineTextBox.h.

  • rendering/svg/SVGInlineTextBox.h:
7:14 PM Changeset in webkit [217467] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for GCC

std::tuple does not have implicit constructor.
Thus, we cannot use implicit construction with initializer brace.
We should specify the name like GetInst { }.

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):

7:10 PM Changeset in webkit [217466] by ap@apple.com
  • 23 edits
    2 copies
    8 deletes in trunk/LayoutTests

Merge split script tests, part 2
https://bugs.webkit.org/show_bug.cgi?id=172423

Reviewed by Tim Horton.

Fix the few remaining special cases of split tests.

  • editing/pasteboard/drop-text-events-sideeffect-crash.html:
  • editing/pasteboard/script-tests/drop-text-events-sideeffect.js: Removed.

This JS file used to be shared between this test and editing/pasteboard/drop-text-events-sideeffect.html.
Now it's inlined in both.

  • fast/canvas/canvas-ellipse-connecting-line-expected.html:
  • fast/canvas/script-tests/js-ellipse-implementation.js: Removed.

This was really a resource, not a scrip test, and it was only only used in one test.

  • fast/dom/HTMLElement/class-list-quirks.html:
  • fast/dom/HTMLElement/script-tests/class-list.js: Removed.

Another JS that used to be shared (with fast/dom/HTMLElement/class-list.html).

  • fast/dom/Window/resources/postmessage-test.js: Copied from LayoutTests/fast/dom/Window/script-tests/postmessage-test.js.
  • fast/dom/Window/script-tests/postmessage-test.js: Removed.

Moved a shared resource to its proper location.

  • fast/dom/Window/script-tests/postmessage-clone-deep-array.js: Removed.
  • fast/dom/Window/script-tests/postmessage-clone-really-deep-array.js: Removed.
  • fast/dom/Window/script-tests/postmessage-clone.js: Removed.
  • fast/dom/Window/window-postmessage-clone-deep-array.html:
  • fast/dom/Window/window-postmessage-clone-really-deep-array.html:
  • fast/dom/Window/window-postmessage-clone.html:

Straightforward js-tests with file names that didn't match.

  • fast/table/resources/min-width-helpers.js: Copied from LayoutTests/fast/table/script-tests/min-width-helpers.js.
  • fast/table/script-tests/min-width-helpers.js: Removed.

Moved a shared resource to its proper location.

  • fast/table/min-width-css-block-table.html:
  • fast/table/min-width-css-inline-table.html:
  • fast/table/min-width-html-block-table.html:
  • fast/table/min-width-html-inline-table.html:
  • fast/table/script-tests/min-width-css-block-table.js: Removed.
  • fast/table/script-tests/min-width-css-inline-table.js: Removed.
  • fast/table/script-tests/min-width-html-block-table.js: Removed.
  • fast/table/script-tests/min-width-html-inline-table.js: Removed.

Straightforward JS tests, weren't moved previously because my script was confused by min-width-helpers.js.

  • printing/break-after-avoid-expected.txt:
  • printing/break-after-avoid-page-expected.txt:
  • printing/break-after-avoid-page.html:
  • printing/break-after-avoid.html:
  • printing/script-tests/break-after-avoid-page.js: Removed.
  • printing/script-tests/break-after-avoid.js: Removed.
  • printing/script-tests/page-break-after-avoid.js: Removed.
  • printing/script-tests/page-break-always-for-overflow.js: Removed.

These had a number of copy/paste mistakes, so the tests werent's actually testing what they said they did.

  • svg/dom/SVGAnimatedEnumeration-SVGMaskElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGMaskElement.html:
  • svg/dom/SVGAnimatedEnumeration-SVGPatternElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGPatternElement.html:
  • svg/dom/script-tests/SVGAnimatedEnumeration-SVGMaskElement.js: Removed.
  • svg/dom/script-tests/SVGAnimatedEnumeration-SVGPatternElement.js: Removed.

These tests were mixed up - pattern was being tested instead of mask, and vice versa.

  • svg/dom/script-tests/SVGColor.js: Removed.
  • svg/dom/script-tests/SVGPaint.js: Removed.

Removed unused files.

  • svg/dynamic-updates/SVGFEFloodElement-inherit-flood-color.html:
  • svg/dynamic-updates/SVGFEGaussianBlurElement-dom-stdDeviation-call.html:
  • svg/dynamic-updates/SVGFESpecularLightingElement-dom-suraceScale-attr.html:
  • svg/dynamic-updates/SVGFESpecularLightingElement-svgdom-suraceScale-prop.html:
  • svg/dynamic-updates/script-tests/SVGFEFloodElement-inherit-flood-color-css-prop.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFEGaussianBlurElement-svgdom-stdDeviation-call.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-dom-surfaceScale-attr.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-svgdom-surfaceScale-prop.js: Removed.

Straightforward js-tests with mismatching names.

7:04 PM Changeset in webkit [217465] by jmarcell@apple.com
  • 5 edits in branches/safari-603-branch/Source

Versioning.

6:56 PM Changeset in webkit [217464] by jmarcell@apple.com
  • 1 copy in tags/Safari-603.3.3

Tag Safari-603.3.3.

6:31 PM Changeset in webkit [217463] by Simon Fraser
  • 20 edits in trunk/Source/WebCore

Use a typedef for SVG resource mode flags union
https://bugs.webkit.org/show_bug.cgi?id=172580

Reviewed by Sam Weinig.

Use an OptionSet<> for RenderSVGResourceModes flags, and use it in render
SVG resource classes.

  • rendering/svg/RenderSVGResource.cpp:

(WebCore::requestPaintingResource):
(WebCore::RenderSVGResource::fillPaintingResource):
(WebCore::RenderSVGResource::strokePaintingResource):

  • rendering/svg/RenderSVGResource.h:

(WebCore::RenderSVGResource::postApplyResource):

  • rendering/svg/RenderSVGResourceClipper.cpp:

(WebCore::RenderSVGResourceClipper::applyResource):

  • rendering/svg/RenderSVGResourceClipper.h:
  • rendering/svg/RenderSVGResourceFilter.cpp:

(WebCore::RenderSVGResourceFilter::applyResource):
(WebCore::RenderSVGResourceFilter::postApplyResource):

  • rendering/svg/RenderSVGResourceFilter.h:
  • rendering/svg/RenderSVGResourceGradient.cpp:

(WebCore::RenderSVGResourceGradient::applyResource):

  • rendering/svg/RenderSVGResourceGradient.h:
  • rendering/svg/RenderSVGResourceMarker.h:
  • rendering/svg/RenderSVGResourceMasker.cpp:

(WebCore::RenderSVGResourceMasker::applyResource):

  • rendering/svg/RenderSVGResourceMasker.h:
  • rendering/svg/RenderSVGResourcePattern.cpp:

(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):
(WebCore::RenderSVGResourcePattern::postApplyResource):

  • rendering/svg/RenderSVGResourcePattern.h:
  • rendering/svg/RenderSVGResourceSolidColor.cpp:

(WebCore::RenderSVGResourceSolidColor::applyResource):
(WebCore::RenderSVGResourceSolidColor::postApplyResource):

  • rendering/svg/RenderSVGResourceSolidColor.h:
  • rendering/svg/RenderSVGShape.cpp:

(WebCore::RenderSVGShape::fillShape):
(WebCore::RenderSVGShape::strokeShape):

  • rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::SVGInlineTextBox):
(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paint):
(WebCore::SVGInlineTextBox::acquirePaintingResource):
(WebCore::SVGInlineTextBox::releasePaintingResource):
(WebCore::SVGInlineTextBox::paintDecoration):
(WebCore::SVGInlineTextBox::paintDecorationWithStyle):

  • rendering/svg/SVGInlineTextBox.h:
  • rendering/svg/SVGRenderingContext.cpp:

(WebCore::SVGRenderingContext::~SVGRenderingContext):
(WebCore::SVGRenderingContext::prepareToRenderSVGContent):
(WebCore::SVGRenderingContext::renderSubtreeToImageBuffer): Avoid needless IntPoint -> LayoutPoint
conversion.

5:43 PM Changeset in webkit [217462] by jmarcell@apple.com
  • 13 edits
    1 add in branches/safari-603-branch

Cherry-pick r217438. rdar://problem/32385704

Patch by Saam Barati <sbarati@apple.com> on 2017-05-25

JSTests:

  • stress/for-in-invalidation-for-any-write.js: Added.

(assert):
(test):
(test.i):

Source/JavaScriptCore:

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):
(JSC::StructureForInContext::finalize):
(JSC::IndexedForInContext::finalize):

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):
(JSC::IndexedForInContext::addGetInst):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_nop):

  • llint/LowLevelInterpreter.asm:
5:42 PM Changeset in webkit [217461] by mmaxfield@apple.com
  • 7 edits
    2 adds in trunk

[WK1] iframes in layer-backed NSViews are not cleared between successive draws
https://bugs.webkit.org/show_bug.cgi?id=172554
<rdar://problem/31247133>

Reviewed by Simon Fraser.

Source/WebKit/mac:

Update an overridden internal AppKit function to the new signature.

  • WebView/WebHTMLView.mm:

(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inContext:topView:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:topView:]): Deleted.
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]): Deleted.

Tools:

Previously, there was no way to make DumpRenderTree's views layer-backed. Unfortunately,
simply setting [WebView setWantsLayer:] is insufficient; turning it on and then off again
leaves some state around inside the NSWindow which isn't easily cleaned up. Instead,
we should just tear down and rebuild the window whenever we need a layer-backed WebView.
We can also use the "webkit-test-runner" header comment to trigger this new layer-backed
codepath.

  • DumpRenderTree/TestOptions.h:
  • DumpRenderTree/TestOptions.mm:

(TestOptions::TestOptions):
(TestOptions::webViewIsCompatibleWithOptions):

  • DumpRenderTree/mac/DumpRenderTree.mm:

(shouldIgnoreWebCoreNodeLeaks):
(allowedFontFamilySet):
(-[DRTMockScroller rectForPart:]):
(-[DRTMockScroller drawKnob]):
(-[DRTMockScroller drawRect:]):
(createWebViewAndOffscreenWindow):
(initializeGlobalsFromCommandLineOptions):
(prepareConsistentTestingEnvironment):
(dumpRenderTree):
(dumpAudio):
(dumpHistoryItem):
(dumpBackForwardListForWebView):
(resetWebViewToConsistentStateBeforeTesting):
(WebThreadLockAfterDelegateCallbacksHaveCompleted):
(runTest):

LayoutTests:

Cause two successive paints, and compare it against 0 paints.

  • fast/frames/iframe-translucent-background-expected.html: Added.
  • fast/frames/iframe-translucent-background.html: Added.
5:29 PM Changeset in webkit [217460] by Devin Rousso
  • 11 edits in trunk/Source/WebInspectorUI

Web Inspector: Don't create DetailsSidebarPanel classes until they are needed by a Tab
https://bugs.webkit.org/show_bug.cgi?id=172393

Reviewed by Joseph Pecoraro.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
Remove global instantiation of all DetailsSidebarPanel objects.

(WebInspector.instanceForClass):
Utility function for creating and accessing an instance of a given class.

  • UserInterface/Views/ContentBrowserTabContentView.js:

(WebInspector.ContentBrowserTabContentView):

  • UserInterface/Views/DebuggerTabContentView.js:

(WebInspector.DebuggerTabContentView):
(WebInspector.DebuggerTabContentView.prototype.showDetailsSidebarPanels):

  • UserInterface/Views/ElementsTabContentView.js:

(WebInspector.ElementsTabContentView):

  • UserInterface/Views/NetworkTabContentView.js:

(WebInspector.NetworkTabContentView):

  • UserInterface/Views/ResourcesTabContentView.js:

(WebInspector.ResourcesTabContentView):

  • UserInterface/Views/SearchTabContentView.js:

(WebInspector.SearchTabContentView):

  • UserInterface/Views/StorageTabContentView.js:

(WebInspector.StorageTabContentView):

  • UserInterface/Views/TabContentView.js:

(WebInspector.TabContentView):
(WebInspector.TabContentView.prototype.get detailsSidebarPanels):

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView):
Now accepts an array of DetailsSidebarPanel classes that are all instantiated when they are
about to be added to the DetailsSidebar.

5:18 PM Changeset in webkit [217459] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Cleanup tests after r217240
https://bugs.webkit.org/show_bug.cgi?id=172466

Reviewed by Mark Lam.

I forgot to make my test an actual test. Also, remove second call runJSExportTests()

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

  • API/tests/testapi.mm:

(testObjectiveCAPIMain):

5:06 PM Changeset in webkit [217458] by keith_miller@apple.com
  • 10 edits
    3 deletes in trunk

Date should use historical data if it's available.
https://bugs.webkit.org/show_bug.cgi?id=172592

Reviewed by Mark Lam.

JSTests:

Remove parts of the date tests that rely on the absence of
historical data in Date.

  • mozilla/ecma/Date/15.9.5.31-1.js:

(getTestCases):

  • mozilla/ecma/Date/15.9.5.35-1.js:

(getTestCases):

Source/WTF:

The spec previously disallowed using historical data for Dates.
This is no longer the case. Additionally, not using historical
data, when available, seems unfortunate for users. This patch
removes the code dropping historical data.

  • wtf/DateMath.cpp:

(WTF::calculateLocalTimeOffset):
(WTF::msToMilliseconds): Deleted.

LayoutTests:

Fix tests to work with historically accurate dates.

  • js/dom/date-big-setdate-expected.txt: Removed.
  • js/dom/date-big-setdate.html: Removed.
  • js/dom/script-tests/date-big-setdate.js: Removed.
  • storage/indexeddb/modern/date-basic-expected.txt:
  • storage/indexeddb/modern/date-basic-private-expected.txt:
  • storage/indexeddb/modern/get-keyrange-expected.txt:
  • storage/indexeddb/modern/get-keyrange-private-expected.txt:
5:03 PM Changeset in webkit [217457] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

The default setting of Option::criticalGCMemoryThreshold is too high for iOS
https://bugs.webkit.org/show_bug.cgi?id=172617

Reviewed by Mark Lam.

Reducing criticalGCMemoryThreshold to 0.80 eliminated jetsam on iOS devices
when tested running JetStream.

  • runtime/Options.h:
4:11 PM Changeset in webkit [217456] by msaboff@apple.com
  • 7 edits in trunk/Source/bmalloc

bmalloc: scavenger runs too much on JetStream
https://bugs.webkit.org/show_bug.cgi?id=172373

Reviewed by Geoffrey Garen.

Instruments says that JetStream on macOS spends about 3% of its time in
madvise.

In <https://bugs.webkit.org/show_bug.cgi?id=160098>, Ben saw some
evidence that madvise was the reason that switching to bmalloc for
DFG::Node allocations was a slowdown the first time around.

In <https://bugs.webkit.org/show_bug.cgi?id=172124>, Michael saw that
scavening policy can affect JetStream.

Intuitively, it seems wrong for the heap to idle shrink during hardcore
benchmarking.

The strategy here is to back off in response to any heap growth event,
and to wait 2s instead of 0.5s for heap growth to take place -- but we
scavenge immediately in response to critical memory pressure, to avoid
jetsam.

One hole in this strategy is that a workload with a perfectly
unfragmented heap that allocates and deallocates ~16kB every 2s will
never shrink its heap. This doesn't seem to be a problem in practice.

This looks like a 2% - 4% speedup on JetStream on Mac Pro and MacBook Air.

  • bmalloc/AsyncTask.h:

(bmalloc::AsyncTask::willRun):
(bmalloc::AsyncTask::willRunSoon):
(bmalloc::Function>::AsyncTask):
(bmalloc::Function>::run):
(bmalloc::Function>::runSoon):
(bmalloc::Function>::threadRunLoop):
(bmalloc::Function>::runSlowCase): Deleted. Added a "run soon" state
so that execution delay is modeled directly instead of implicitly
through sleep events. This enables the Heap to issue a "run now" event
at any moment in response ot memory pressure.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap): Don't call into our own API -- that's a layering
violation.

(bmalloc::Heap::updateMemoryInUseParameters): No need for
m_scavengeSleepDuration anymore.

(bmalloc::Heap::concurrentScavenge): Added a back-off policy when the
heap is growing.
(bmalloc::Heap::scavenge):

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Don't try to give up in the middle
of a scavenge event. Our new backoff policy supplants that design. Also,
it's easier to profile and understand scavenging behavior if it always
runs to completion once started.

(bmalloc::Heap::scheduleScavenger):
(bmalloc::Heap::scheduleScavengerIfUnderMemoryPressure): Added a
synchronous amortized check for memory pressure. This check has the
benefit that it runs immediately during high rates of heap activity,
so we can detect memory pressure right away and wake the scavenger
instead of waiting for the scavenger to wake up.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::deallocateSmallLine):
(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::tryAllocateLarge):
(bmalloc::Heap::shrinkLarge):
(bmalloc::Heap::deallocateLarge):

  • bmalloc/Heap.h:

(bmalloc::Heap::isUnderMemoryPressure):

  • bmalloc/Sizes.h:
  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::deallocateSmallPage):

  • bmalloc/bmalloc.h:

(bmalloc::api::scavenge): Updated for API changes above.

3:33 PM Changeset in webkit [217455] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

ASSERT(m_websiteDataStore->websiteDataStore().sessionID() == m_sessionID) in PageConfiguration::sessionID()
https://bugs.webkit.org/show_bug.cgi?id=172615
<rdar://problem/32277488>

Reviewed by Brady Eidson.

Fix assertion added in r215923 to take into account the fact that the PageConfiguration's sessionID
is SessionID::legacyPrivateSessionID() when private browsing is enabled, instead of being the
WebsiteDataStore's sessionID.

See code in WebProcessPool::createWebPage():
"""
pageConfiguration->setSessionID(pageConfiguration->preferences()->privateBrowsingEnabled() ? SessionID::legacyPrivateSessionID() : m_websiteDataStore->websiteDataStore().sessionID());
"""

  • UIProcess/API/APIPageConfiguration.cpp:

(API::PageConfiguration::sessionID):

3:29 PM Changeset in webkit [217454] by jmarcell@apple.com
  • 3 edits
    3 adds in branches/safari-603-branch

Cherry-pick r217439. rdar://problem/32089229

3:20 PM Changeset in webkit [217453] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Regression(r215686): Videos sometimes do not load in iBooks
https://bugs.webkit.org/show_bug.cgi?id=172604
<rdar://problem/32003717>

Reviewed by Geoffrey Garen.

Before r215686, the loop would have a check at the beginning to check if the
dataRequest's currentOffset was greater than the buffer length and would
cause the function to return early.

This check was dropped in r215686, which caused us in some cases to call
finishLoading / stopLoading() after the loop, even though we did not have
enough data in the buffer to satisfy the data request.

To address the issue, we now return early after the loop if remainingLength
is greater than 0, meaning that we could not satisfy the request. This makes
sure we do not call finishLoading / stopLoading() prematurely.

Note that before r215686, the condition of the while loop was
"while (remainingLength)" so the only way to get out of the loop was to:

  1. Get remainingLength to 0, in which case we would fall through and potentially call finishLoading / stopLoading() after the loop.
  2. Fail the "(data->size() <= [dataRequest currentOffset] - responseOffset)" check at the beginning of the loop, meaning that we ran out of data in the buffer. This would cause us to return from the function, not fall through, so we would not call finishLoading / stopLoading().

No new tests, I do not know how to write a test for this.

  • platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:

(WebCore::WebCoreAVFResourceLoader::fulfillRequestWithResource):

3:12 PM Changeset in webkit [217452] by Devin Rousso
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Changing the width of a Sidebar when it's collapsed shouldn't trigger a layout
https://bugs.webkit.org/show_bug.cgi?id=172606

Reviewed by Matt Baker.

  • UserInterface/Views/Sidebar.js:

(WebInspector.Sidebar.prototype._recalculateWidth):

2:35 PM Changeset in webkit [217451] by weinig@apple.com
  • 8 edits in trunk

[WebIDL] Use the term 'operation' more consistently
https://bugs.webkit.org/show_bug.cgi?id=172601

Reviewed by Chris Dumez.

We were using the term 'operation', a WebIDL term for function-like
constructs, inconsistently in the code generator. Now, when we use
'operation' when referring to the IDL concept (usually the object the
parser produces) and 'function' when referring to code being generated.

Source/WebCore:

  • bindings/scripts/CodeGenerator.pm:
  • bindings/scripts/IDLParser.pm:
  • bindings/scripts/generate-bindings.pl:

Tools:

  • DumpRenderTree/Bindings/CodeGeneratorDumpRenderTree.pm:
  • WebKitTestRunner/InjectedBundle/Bindings/CodeGeneratorTestRunner.pm:
2:31 PM Changeset in webkit [217450] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[WK2][iOS] Add a mach-lookup exception for 'com.apple.lsd.mapdb' to Network sandbox
https://bugs.webkit.org/show_bug.cgi?id=172465
<rdar://problem/32332836>

Reviewed by Alex Christensen.

Expand sandbox to allow lookup of the mapdb that contains UTI information used
by the Network process.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
2:26 PM Changeset in webkit [217449] by jer.noble@apple.com
  • 2 edits in trunk/Tools

Unreviewed build fix after r217447; only run test where JSC's ObjC API is available.

  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm:
2:10 PM Changeset in webkit [217448] by rniwa@webkit.org
  • 4 edits in trunk/Websites/perf.webkit.org

Syncing script shouldn't schedule a build request when there is a build from another test group in progress
https://bugs.webkit.org/show_bug.cgi?id=172577
<rdar://problem/32395049>

Reviewed by Chris Dumez.

When a buildbot master gets restarted while there is an in-progress build and a pending build, the master will
re-schedule the currently running build, and this can result in multiple build requests from different test
groups being scheduled simultaneously.

sync-buildbot.js was supposed to recover from this state by only processing build requests from one test group
at a time and eventually come back to a state where only a single test group is running per buildbot slave.

We had a test for this particular case but it wasn't testing what it claimed to test. Rewriten the test case
and fixed the bug by explicitly checking this condition and treating it as if there is a pending build already
scheduled in the builder in this case.

  • public/api/test-groups.php:

(main): Fixed a regression from r217397. Return the platform ID of the first request when none of the requets
have been processed yet or all of them had failed.

  • server-tests/tools-buildbot-triggerable-tests.js: Rewritten a test case intended to cover this bug.

(.assertRequestAndResolve): Added.

  • tools/js/buildbot-syncer.js:

(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Fixed the bug. Avoid scheduling a new request on
this syncer if there is a build in progress for a test group different from that of the new request. Reuse the
code we had to deal with a pending build for this purpose.

2:05 PM Changeset in webkit [217447] by jer.noble@apple.com
  • 11 edits
    2 adds in trunk

System sleeps while playing to wireless target, ending stream.
https://bugs.webkit.org/show_bug.cgi?id=172541

Reviewed by Eric Carlson.

Source/WebCore:

API test: Tests/mac/MediaPlaybackSleepAssertion.mm

Keep the system from sleeping (but allow the display to sleep) while playing media to a wireless target.

Give the SleepDisabler a Type, either System or Display, which indicates what kind of sleep to disable.
Update HTMLMediaElement::shouldDisableSleep() to differentiate between a video which is playing locally,
one that is playing but not visible, and one that is playing remotely.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
(WebCore::HTMLMediaElement::updateSleepDisabling):
(WebCore::HTMLMediaElement::shouldDisableSleep):

  • html/HTMLMediaElement.h:
  • platform/SleepDisabler.cpp:

(WebCore::SleepDisabler::create):
(WebCore::SleepDisabler::SleepDisabler):

  • platform/SleepDisabler.h:

(WebCore::SleepDisabler::type):

  • platform/cocoa/SleepDisablerCocoa.cpp:

(WebCore::SleepDisabler::create):
(WebCore::SleepDisablerCocoa::SleepDisablerCocoa):
(WebCore::SleepDisablerCocoa::~SleepDisablerCocoa):

  • platform/cocoa/SleepDisablerCocoa.h:
  • platform/mac/WebVideoFullscreenController.mm:

(-[WebVideoFullscreenController updatePowerAssertions]):

  • platform/spi/cocoa/IOPMLibSPI.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.html: Added.
  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm: Added.

(-[MediaPlaybackSleepAssertionLoadDelegate webView:didCreateJavaScriptContext:forFrame:]):
(-[MediaPlaybackSleepAssertionPolicyDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:]):
(TestWebKitAPI::simulateKeyDown):
(TestWebKitAPI::hasAssertionType):
(TestWebKitAPI::TEST):

1:58 PM Changeset in webkit [217446] by Matt Lewis
  • 2 edits in trunk/Tools

Unreviewed, rolling out r217423 and r217424.
https://bugs.webkit.org/show_bug.cgi?id=172607

These caused an api failure on all testers. (Requested by
mlewis13 on #webkit).

Reverted changesets:

"REGRESSION (r216977): 4 leaks introduced in new
WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test"
https://bugs.webkit.org/show_bug.cgi?id=172558
http://trac.webkit.org/changeset/217423

"REGRESSION (r217423): Fix last-second typo in 'auto'"
http://trac.webkit.org/changeset/217424

Patch by Commit Queue <commit-queue@webkit.org> on 2017-05-25

1:53 PM Changeset in webkit [217445] by Chris Dumez
  • 4 edits
    2 adds in trunk

DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader
https://bugs.webkit.org/show_bug.cgi?id=172578
<rdar://problem/30754582>

Reviewed by Youenn Fablet.

Source/WebCore:

DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader. The rest of the methods do not.
It is unsafe for it to rely on the resource's loader because it gets cleared when the load completes. A CachedRawresource
may be reused from the memory cache once its load has completed.

This would cause crashes in CachedRawResource::didAddClient() when replaying the redirects because it would call
DocumentThreadableLoader::redirectReceived() and potentially not have a loader anymore. To hit this exact code path,
you would need to make repeated XHR to a cacheable simple cross-origin resource that has cacheable redirect.

Test: http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

  • loader/DocumentThreadableLoader.h:

LayoutTests:

Add layout test coverage.

  • http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash-expected.txt: Added.
  • http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html: Added.
1:22 PM Changeset in webkit [217444] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

com.apple.coremedia.videoencoder XPC service should be allowed by WebProcess sandbox
https://bugs.webkit.org/show_bug.cgi?id=172599

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-25
Reviewed by Alex Christensen.

  • WebProcess/com.apple.WebProcess.sb.in:
1:07 PM Changeset in webkit [217443] by matthew_hanson@apple.com
  • 7 edits in trunk/Source

Versioning.

12:34 PM Changeset in webkit [217442] by Simon Fraser
  • 2 edits in trunk/Source/WebKit2

[iOS WK2] Avoid setting contentsScale and rasterizationScale on CATransformLayers
https://bugs.webkit.org/show_bug.cgi?id=172569

Reviewed by Dean Jackson.

Setting contentsScale and rasterizationScale on CATransformLayers is a waste of CPU time,
and triggers unwanted logging, so don't do it.

  • WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::PlatformCALayerRemote):

12:22 PM Changeset in webkit [217441] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore
ASSERTION FAILED: !needsStyleRecalc()
!document().childNeedsStyleRecalc()

https://bugs.webkit.org/show_bug.cgi?id=172576
<rdar://problem/32181979>

Reviewed by Brent Fulgham.

Ensure that we clean the subframe's document before start searching for a focusable element.

Covered by existing test.

  • page/FocusController.cpp:

(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):

12:13 PM Changeset in webkit [217440] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-604.1.23

Tag Safari-604.1.23.

11:50 AM Changeset in webkit [217439] by jiewen_tan@apple.com
  • 3 edits
    3 adds in trunk

Crash on WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance + 1195
https://bugs.webkit.org/show_bug.cgi?id=172555
<rdar://problem/32004724>

Reviewed by Ryosuke Niwa.

Source/WebCore:

setSelectionWithoutUpdatingAppearance could dispatch a synchronous focusin event,
which could invoke an event handler that deteles the frame. Therefore, add a
protector before the call.

Test: editing/selection/select-iframe-focusin-document-crash.html

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::setSelection):

LayoutTests:

  • editing/selection/resources/select-iframe-focusin-document-crash-frame.html: Added.
  • editing/selection/select-iframe-focusin-document-crash-expected.txt: Added.
  • editing/selection/select-iframe-focusin-document-crash.html: Added.
11:47 AM Changeset in webkit [217438] by sbarati@apple.com
  • 13 edits
    1 add in trunk

Our for-in optimization in the bytecode generator does its static analysis incorrectly
https://bugs.webkit.org/show_bug.cgi?id=172532
<rdar://problem/32369452>

Reviewed by Mark Lam.

JSTests:

  • stress/for-in-invalidation-for-any-write.js: Added.

(assert):
(test):
(test.i):

Source/JavaScriptCore:

Our static analysis for when a for-in induction variable
is written to tried to its analysis as we generate
bytecode. This has issues, since it does not account for
the dynamic execution path of the program. Let's consider
a program where our old analysis worked:

`
for (let p in o) {

o[p]; We can transform this into a fast get_direct_pname
p = 20;
o[p];
We cannot transform this since p has been changed.

}
`

However, our static analysis did not account for loops, which exist
in JavaScript. e.g, it would incorrectly compile this program as:
`
for (let p in o) {

for (let i = 0; i < 20; ++i) {

o[p]; It transforms this to use get_direct_pname even though p will be over-written if we get here from the inner loop back edge!
p = 20;
o[p];
We correctly do not transform this.

}

}
`

Because of this flaw, I've made the optimization more conservative.
We now optimistically emit code for the optimized access. However,
if a for-in context is *ever* invalidated, before we pop it off
the stack, we rewrite the program's optimized accesses to no longer
be optimized. To do this, each context keeps track of its optimized
accesses.

This patch also adds a new bytecode, op_nop, which is just a no-op.
It was helpful to add this because reverting get_direct_pname to get_by_val
will leave us with an extra instruction word because get_direct_pname is
has a length of 7 where get_by_val has a length of 6. This leaves us with
an extra slot that we fill with an op_nop.

  • bytecode/BytecodeDumper.cpp:

(JSC::BytecodeDumper<Block>::dumpBytecode):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):
(JSC::StructureForInContext::pop):
(JSC::IndexedForInContext::pop):

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):
(JSC::IndexedForInContext::addGetInst):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_nop):

  • llint/LowLevelInterpreter.asm:
11:22 AM Changeset in webkit [217437] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebCore

Ensure ImageFrameCache does not access its BitmapImage after it is deleted
https://bugs.webkit.org/show_bug.cgi?id=172563

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

A crash may happen if the BitmapImage is deleted while the decoding thread
is still active. Once the current frame finishes decoding, the decoding
thread will make a callOnMainThread() which will access the deleted BitmapImage.

We need to ensure if BitmapImage is deleted, the raw pointer which references
it in ImageFrameCache is cleared. If this is done, nothing else is needed.
All all the accesses to container BitmapImage in ImageFrameCache are guarded
by checking m_image is not null.

  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::~BitmapImage): Make sure the decoding thread will
not have access to the deleted BitmapImage when it finishes decoding and
make its callOnMainThread().
(WebCore::BitmapImage::destroyDecodedData): Use the function new name.
(WebCore::BitmapImage::internalStartAnimation): Ditto.

  • platform/graphics/ImageFrameCache.cpp:

(WebCore::ImageFrameCache::startAsyncDecodingQueue): Protect the sourceURL
for the decoding thread. ImageFrameCache::sourceURL() checks for the value
of m_image which now may change from the main thread.

  • platform/graphics/ImageFrameCache.h:

(WebCore::ImageFrameCache::clearImage): Add a new function to clear the
raw pointer m_image when its is deleted.

  • platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::resetData): Rename clear() to resetData() for better
code readability. This function deletes the ImageDecoder and creates a new
one if data is not null. The purpose is to delete the decoder raster data.
(WebCore::ImageSource::clear): Deleted.

  • platform/graphics/ImageSource.h:

(WebCore::ImageSource::clearImage): Wrapper for the ImageFrameCache function.

10:49 AM Changeset in webkit [217436] by commit-queue@webkit.org
  • 9 edits in trunk/Source/WebCore

Add some release logging for media elements
https://bugs.webkit.org/show_bug.cgi?id=172581

Patch by youenn fablet <youenn@apple.com> on 2017-05-25
Reviewed by Eric Carlson.

No change of behavior.

Adding logging for getUserMedia, video autoplay and incoming/outgoing webrtc video tracks.

  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::allow):
(WebCore::UserMediaRequest::deny):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::canTransitionFromAutoplayToPlay):

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::playbackPermitted):

  • platform/Logging.h:
  • platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:

(WebCore::RealtimeIncomingVideoSource::OnFrame):

  • platform/mediastream/mac/RealtimeIncomingVideoSource.h:
  • platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:

(WebCore::RealtimeOutgoingVideoSource::sendOneBlackFrame):
(WebCore::RealtimeOutgoingVideoSource::videoSampleAvailable):

  • platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
10:40 AM Changeset in webkit [217435] by jfernandez@igalia.com
  • 4 edits in trunk/LayoutTests

[css-align] Fixed errors in the CSS parsing tests of the "place-XXX" shorthands
https://bugs.webkit.org/show_bug.cgi?id=172593

Reviewed by Manuel Rego Casasnovas.

  • css3/parse-place-content.html:
  • css3/parse-place-items.html:
  • css3/parse-place-self.html:
10:40 AM Changeset in webkit [217434] by commit-queue@webkit.org
  • 2 edits in trunk

[CMake][Win] Use WTF_CPU not MSCV_CXX_ARCHITECTURE_ID when determining lib directories
https://bugs.webkit.org/show_bug.cgi?id=172570

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-25
Reviewed by Per Arne Vollan.

  • Source/cmake/OptionsWin.cmake:
10:39 AM Changeset in webkit [217433] by weinig@apple.com
  • 45 edits
    4 adds
    1 delete in trunk/Source/WebCore

[WebIDL] Do a pass of cleanup in the bindings generator
https://bugs.webkit.org/show_bug.cgi?id=172566

Reviewed by Chris Dumez.

  • Split JSDOMBindingCaller.h into four new files to allow for less header inclusion (one includes a bunch of promise stuff that usually isn't needed):
    • JSDOMCastedThisErrorBehavior (with shared casting enum)
    • JSDOMAttribute (for attribute getting / setting)
    • JSDOMOperation (for normal operations)
    • JSDOMOperationReturningPromise (for operations returning promises, obviously).

In addition to separating the files, rename to be more consistent with modern
bindings conventions (new classes are IDLAttribute, IDLOperation, and
IDLOperationReturningPromise) and simplify function names

  • 'callOperation' becomes 'call'
  • 'attribute' becomes 'get'
  • 'setAttribute' becomes 'set'
  • Remove extra generated trampoline function for operations returning promises by making JSDOMOperationReturningPromise handle all the promise related overhead.
  • Make [Custom] operations returning promises go through the normal IDLOperationReturningPromise code path (simplifying JSReadableStreamSource and JSSubtleCrypto). Added [ReturnsOwnPromise] extended attribute to allow some functions that want to retain specialized behavior to do so
  • Swap order of trampoline and implementation of operation, to avoid the need for a forward declaration and make reading more straightforward.
  • WebCore.xcodeproj/project.pbxproj:

Add / remove files.

  • bindings/js/JSDOMBindingCaller.h: Removed.
  • bindings/js/JSDOMCastedThisErrorBehavior.h: Added.

Shared header for enum needed by JSDOMAttribute, JSDOMOperation and JSDOMOperationReturningPromise.

  • bindings/js/JSDOMAttribute.h: Added.
  • bindings/js/JSDOMOperation.h: Added.
  • bindings/js/JSDOMOperationReturningPromise.h: Added.

Split out JSDOMBindingCaller implementations into own classes / files. Simplify
naming.

  • bindings/js/JSDOMPromiseDeferred.h:

(WebCore::callPromiseFunction):
Add a variant of callPromiseFunction that takes a lambda.

  • bindings/js/JSEventTargetCustom.h:

(WebCore::IDLOperation<JSEventTarget>::call):
Update operation specialization to use new class.

  • bindings/js/JSReadableStreamSourceCustom.cpp:
  • bindings/js/JSSubtleCryptoCustom.cpp:

Simplify now that the callPromiseFunction is called for us.

  • crypto/WebKitSubtleCrypto.idl:
  • css/FontFace.idl:
  • dom/CustomElementRegistry.idl:

Add [ReturnsOwnPromise] to retain custom promise behavior.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
Update header generation to account for custom functions that return promises now
having a Ref<DeferredPromise>&& parameter.

(GenerateImplementation):

  • Update for new naming of cast functions.
  • Use AddToImplIncludes (and pass in conditional) rather than using $implIncludes directly, #includes to be grouped correctly.
  • Remove dead $inAppleCopyright code (it was moved to GenerateOperationDefinition earlier).

(GenerateOperationDefinition):

  • Use $codeGenerator->IsPromiseType() rather than directly comparing to "Promise" string.
  • Restructure code to allow trampoline (the code that calls IDLOperation) to come after the main operation implementation (the part that calls into the impl).
  • Support custom functions returning promises (and the [ReturnsOwnPromise] variant).

(GenerateImplementationIterableFunctions):
Update for name change to IDLOperation.

  • bindings/scripts/IDLAttributes.json:

Add [ReturnsOwnPromise].

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

  • bindings/scripts/test/TestObj.idl:

Add additional test cases for operations returning promises.

10:18 AM Changeset in webkit [217432] by Yusuke Suzuki
  • 6 edits in trunk/Source/WTF

[Win] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
https://bugs.webkit.org/show_bug.cgi?id=172586

Reviewed by Brent Fulgham.

In ThreadHolder for Windows, we need to construct HashMap<ThreadIdentifier, ThreadHolder*>.
The problem is that ThreadHolder::platformInitialize touches Thread::id() even before Thread
is not established. In that case, id() returns incorrect value.

But, calling ThreadHolder::initialize() after waiting for completion of Thread::establish() is
not a good idea. Since we already have NewThreadContext->creationMutex, we can wait for completion
of Thread::establish() easily. However, if we do so, Thread::create() returns RefPtr<Thread> that
may not call ThreadHolder::initialize() in its thread yet. In that case, ThreadHolder::get() fails.
Thus, Windows WTF::waitForThreadCompletion implementation becomes broken. We can add a new mutex
to wait for completion of ThreadHolder::initialize in the creator of the thread (like a ping-pong!).
But it overly complicates the implementation.

The following is overly complicated initialization phase.

Creator -> AC mutex(1) -------> establishment -> RL mutex(1) ----------------------> AC mutex(2) ->

Thread -----------------> AC mutex(1) -> ThreadHolder init -> RL mutex(2) ->

So, instead, in this patch, we just use Thread::currentID(). When calling ThreadHolder::initialize(),
we pass ThreadIdentifier by using Thread::currentID(). This implementation works great because,

  1. ThreadHolder::initialize requires ThreadIdentifier only in Windows environment because Pthread ThreadHolder does not create HashMap<>. And this is used for obsolete Threading APIs. Thus this hack will be removed in the near future.
  1. In Windows, Thread::currentID() can return a valid value without using ThreadHolder. And it does not require Thread establishment. So, calling currentID() to initialize ThreadHolder is ok in Windows.
  • wtf/ThreadHolder.cpp:

(WTF::ThreadHolder::initialize): Deleted.

  • wtf/ThreadHolder.h:
  • wtf/ThreadHolderPthreads.cpp:

(WTF::ThreadHolder::initialize):

  • wtf/ThreadHolderWin.cpp:

(WTF::ThreadHolder::initialize):
(WTF::ThreadHolder::platformInitialize): Deleted.

  • wtf/ThreadingWin.cpp:

(WTF::wtfThreadEntryPoint):

10:07 AM Changeset in webkit [217431] by Adrian Perez de Castro
  • 2 edits in trunk/Source/WTF

Clang warns about (intended) returning pointer to stack location in WTF/wtf/ThreadingPthreads.cpp
https://bugs.webkit.org/show_bug.cgi?id=172595

Reviewed by Mark Lam.

  • wtf/ThreadingPthreads.cpp: Use a #pragma to silence Clang warning about returning a

pointer to the stack (which is intended)

10:06 AM Changeset in webkit [217430] by Matt Lewis
  • 2 edits in trunk/Source/WebKit2

Unreviewed, rolling out r217409.

The revision caused api failures

Reverted changeset:

"_WKUserStyleSheet leaks string data"
https://bugs.webkit.org/show_bug.cgi?id=172583
http://trac.webkit.org/changeset/217409

10:03 AM Changeset in webkit [217429] by mark.lam@apple.com
  • 12 edits
    1 add in trunk

ObjectToStringAdaptiveInferredPropertyValueWatchpoint should not reinstall itself nor handleFire if it's dying shortly.
https://bugs.webkit.org/show_bug.cgi?id=172548
<rdar://problem/31458393>

Reviewed by Filip Pizlo.

JSTests:

  • stress/regress-172548.patch: Added.

Source/JavaScriptCore:

Consider the following scenario:

  1. A ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1, watches for structure transitions, e.g. structure S2 transitioning to structure S3. In this case, O1 would be installed in S2's watchpoint set.
  2. When the structure transition happens, structure S2 will fire watchpoint O1.
  3. O1's handler will normally re-install itself in the watchpoint set of the new "transitioned to" structure S3.
  4. "Installation" here requires writing into the StructureRareData SD3 of the new structure S3. If SD3 does not exist yet, the installation process will trigger the allocation of StructureRareData SD3.
  5. It is possible that the Structure S1, and StructureRareData SD1 that owns the ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1 is no longer reachable by the GC, and therefore will be collected soon.
  6. The allocation of SD3 in (4) may trigger the sweeping of the StructureRareData SD1. This, in turn, triggers the deletion of the ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1.

After O1 is deleted in (6) and SD3 is allocated in (4), execution continues in
AdaptiveInferredPropertyValueWatchpointBase::fire() where O1 gets installed in
structure S3's watchpoint set. This is obviously incorrect because O1 is already
deleted. The result is that badness happens later when S3's watchpoint set fires
its watchpoints and accesses the deleted O1.

The fix is to enhance AdaptiveInferredPropertyValueWatchpointBase::fire() to
check if "this" is still valid before proceeding to re-install itself or to
invoke its handleFire() method.

ObjectToStringAdaptiveInferredPropertyValueWatchpoint (which extends
AdaptiveInferredPropertyValueWatchpointBase) will override its isValid() method,
and return false its owner StructureRareData is no longer reachable by the GC.
This ensures that it won't be deleted while it's installed to any watchpoint set.

Additional considerations and notes:

  1. In the above, I talked about the ObjectToStringAdaptiveInferredPropertyValueWatchpoint being installed in watchpoint sets. What actually happens is that ObjectToStringAdaptiveInferredPropertyValueWatchpoint has 2 members (m_structureWatchpoint and m_propertyWatchpoint) which may be installed in watchpoint sets. The ObjectToStringAdaptiveInferredPropertyValueWatchpoint is not itself a Watchpoint object.

But for brevity, in the above, I refer to the ObjectToStringAdaptiveInferredPropertyValueWatchpoint
instead of its Watchpoint members. The description of the issue is still
accurate given the life-cycle of the Watchpoint members are embedded in the
enclosing ObjectToStringAdaptiveInferredPropertyValueWatchpoint object, and
hence, they share the same life-cycle.

  1. The top of AdaptiveInferredPropertyValueWatchpointBase::fire() removes its m_structureWatchpoint and m_propertyWatchpoint if they have been added to any watchpoint sets. This is safe to do even if the owner StructureRareData is no longer reachable by the GC.

This is because the only way we can get to AdaptiveInferredPropertyValueWatchpointBase::fire()
is if its Watchpoint members are still installed in some watchpoint set that
fired. This means that the AdaptiveInferredPropertyValueWatchpointBase
instance has not been deleted yet, because its destructor will automatically
remove the Watchpoint members from any watchpoint sets.

  • bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:

(JSC::AdaptiveInferredPropertyValueWatchpointBase::fire):
(JSC::AdaptiveInferredPropertyValueWatchpointBase::isValid):

  • bytecode/AdaptiveInferredPropertyValueWatchpointBase.h:
  • heap/FreeList.cpp:

(JSC::FreeList::contains):

  • heap/FreeList.h:
  • heap/HeapCell.h:
  • heap/HeapCellInlines.h:

(JSC::HeapCell::isLive):

  • heap/MarkedAllocator.h:

(JSC::MarkedAllocator::isFreeListedCell):

  • heap/MarkedBlock.h:
  • heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::isFreeListedCell):

  • runtime/StructureRareData.cpp:

(JSC::ObjectToStringAdaptiveInferredPropertyValueWatchpoint::isValid):

9:55 AM Changeset in webkit [217428] by Claudio Saavedra
  • 1 edit
    2 adds in trunk/LayoutTests

[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Patch by Joanmarie Diggs <jdiggs@igalia.com> on 2017-05-25
Reviewed by Chris Fleizach.

  • accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
  • platform/gtk/accessibility/roles-exposed-expected.txt: Updated.
9:54 AM Changeset in webkit [217427] by Simon Fraser
  • 10 edits in trunk/Source/WebCore

Some <chrono> and ProgressTracker cleanup
https://bugs.webkit.org/show_bug.cgi?id=172582

Reviewed by Sam Weinig.

Remove some unnecessary <chrono> includes.
Convert some std::chrono to use MonotonicTime/Seconds.
Clean up ProgressTracker.
Some #pragma once.

  • dom/Document.h:
  • loader/ProgressTracker.cpp:

(WebCore::ProgressTracker::ProgressTracker):
(WebCore::ProgressTracker::reset):
(WebCore::ProgressTracker::progressStarted):
(WebCore::ProgressTracker::finalProgressComplete):
(WebCore::ProgressTracker::incrementProgress):

  • loader/ProgressTracker.h:
  • page/Settings.h:
  • platform/SearchPopupMenu.h:
  • platform/Timer.h:
  • platform/graphics/cg/IOSurfacePool.cpp:

(WebCore::IOSurfacePool::markOlderSurfacesPurgeable):

  • platform/graphics/cg/IOSurfacePool.h:

(WebCore::IOSurfacePool::CachedSurfaceDetails::resetLastUseTime):

  • platform/network/PlatformCookieJar.h:
9:43 AM Changeset in webkit [217426] by jdiggs@igalia.com
  • 12 edits in trunk

[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Reviewed by Chris Fleizach.

Source/WebCore:

Add a new FootnoteRole accessibility role to WebCore and map it to
ATK_ROLE_FOOTNOTE for WebKitGtk and NSAccessibilityGroupRole with
a subrole of AXApplicationGroup for the Mac port.

No new tests because we already have coverage for this role.
The existing test expectations were updated to reflect the
new mapping of doc-footnote to ATK_ROLE_FOOTNOTE.

  • accessibility/AccessibilityObject.cpp:

(WebCore::initializeRoleMap):
(WebCore::AccessibilityObject::computedRoleString):

  • accessibility/AccessibilityObject.h:
  • accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(atkRole):

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):

Tools:

Add map ATK_ROLE_FOOTNOTE to "AXFootnote" and bump jhbuild minimum
versions of atk, at-spi2-core, and at-spi2-atk to 2.25.2 (the earliest
releases which support the new platform footnote accessibility role.

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
  • gtk/jhbuild.modules:

LayoutTests:

  • accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
  • platform/gtk/accessibility/roles-exposed-expected.txt: Updated.
9:24 AM Changeset in webkit [217425] by clopez@igalia.com
  • 2 edits in trunk/LayoutTests

[GTK] [WebCrypto] Mark new WebCryptoAPI test failures after last WPT sync

Unreviewed GTK gardening.

  • platform/gtk/TestExpectations:
8:57 AM Changeset in webkit [217424] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

REGRESSION (r217423): Fix last-second typo in 'auto'

  • TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:

(WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test): Fix typo.

8:54 AM Changeset in webkit [217423] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

REGRESSION (r216977): 4 leaks introduced in new WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test
<https://webkit.org/b/172558>

Reviewed by Sam Weinig.

  • TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:

(WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test): Fix the leaks.

8:50 AM Changeset in webkit [217422] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

[macOS WK2 Debug] Layout Test webrtc/video.html is crashing.
https://bugs.webkit.org/show_bug.cgi?id=172560
<rdar://problem/32392611>

Patch by youenn fablet <youenn@apple.com> on 2017-05-25
Reviewed by Eric Carlson.

webrtc/multiple-video.html is no longer crashing.

Allow autoplay only from going to not capture to capture, and not the reverse.
Renamed HTMLMediaElement::mediaStreamCaptureStateChanged to mediaStreamCaptureStarted.

  • dom/Document.cpp:

(WebCore::Document::mediaStreamCaptureStateChanged):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaStreamCaptureStateChanged): Deleted.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::mediaStreamCaptureStarted):

8:43 AM Changeset in webkit [217421] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[GTK] Update baseline

Unreviewed gardening. Update after r217272.

  • platform/gtk/fast/text/font-style-parse-expected.txt:
8:38 AM Changeset in webkit [217420] by matthew_hanson@apple.com
  • 2 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r217392. rdar://problem/32391206

8:22 AM Changeset in webkit [217419] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WTF

REGRESSION (r217416): Using #pragma once in WTFString.h broke the build

  • wtf/text/WTFString.h: Switch back to #ifndef/#define/#endif.
7:56 AM Changeset in webkit [217418] by hyatt@apple.com
  • 17 edits
    3 adds in trunk

Baseline of number inputs not right.
https://bugs.webkit.org/show_bug.cgi?id=172237

Reviewed by Dean Jackson.

Source/WebCore:

Added fast/forms/baseline-of-number-inputs.html

  • css/html.css:

(input::-webkit-inner-spin-button):

  • rendering/RenderSearchField.cpp:

(WebCore::RenderSearchField::computeLogicalHeightLimit): Deleted.
(WebCore::RenderSearchField::centerContainerIfNeeded): Deleted.

  • rendering/RenderSearchField.h:
  • rendering/RenderTextControlSingleLine.cpp:

(WebCore::RenderTextControlSingleLine::centerRenderer):
(WebCore::RenderTextControlSingleLine::layout):
(WebCore::RenderTextControlSingleLine::computeLogicalHeightLimit): Deleted.

  • rendering/RenderTextControlSingleLine.h:

(WebCore::RenderTextControlSingleLine::centerContainerIfNeeded): Deleted.

LayoutTests:

  • fast/forms/baseline-of-number-inputs-expected.html: Added.
  • fast/forms/baseline-of-number-inputs.html: Added.
7:37 AM Changeset in webkit [217417] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

[Win] Update expectations for layout tests.
https://bugs.webkit.org/show_bug.cgi?id=172437

Unreviewed test gardening, update test expectations for failing tests.

  • platform/win/TestExpectations:
6:46 AM Changeset in webkit [217416] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WTF

Make a change to force a build on the Apple bots

  • wtf/text/WTFString.h: Use #pragma once.
6:36 AM Changeset in webkit [217415] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Unreviewed gardening

Update rebaseline after r216817.

  • platform/wpe/fast/transforms/bounding-rect-zoom-expected.txt:
5:26 AM Changeset in webkit [217414] by commit-queue@webkit.org
  • 1 edit
    2 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add ListStylePositionInside.svg and ListStylePositionOutside.svg
https://bugs.webkit.org/show_bug.cgi?id=172574

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-25
Reviewed by Michael Catanzaro.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/ListStylePositionInside.svg: Added.
  • UserInterface/Images/gtk/ListStylePositionOutside.svg: Added.
5:24 AM Changeset in webkit [217413] by commit-queue@webkit.org
  • 1 edit
    2 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new icons AnimationPlayStatePaused.svg and AnimationPlayStateRunning.svg
https://bugs.webkit.org/show_bug.cgi?id=172579

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-25
Reviewed by Michael Catanzaro.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/AnimationPlayStatePaused.svg: Added.
  • UserInterface/Images/gtk/AnimationPlayStateRunning.svg: Added.
4:45 AM Changeset in webkit [217412] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

[Win] Update expectations for layout tests.
https://bugs.webkit.org/show_bug.cgi?id=172437

Unreviewed test gardening, update test expectations for failing tests.

  • platform/win/TestExpectations:
3:06 AM Changeset in webkit [217411] by Manuel Rego Casasnovas
  • 5 edits
    2 adds in trunk

[css-grid] Fix behavior of positioned items without specific dimensions
https://bugs.webkit.org/show_bug.cgi?id=172117

Reviewed by Sergio Villar Senin.

Source/WebCore:

Currently positioned items that doesn't have specific dimensions
are not properly sized. This patch fixes the issues with them.

The patch removes the extraInline|BlockOffsets from RenderBox,
so now RenderGrid is responsible of setting the location of the positioned item.
This will be useful to add alignment support for positioned items later.
It also removes grid specific logic from RenderBox.

RenderBox::computeInlineStaticDistance() was modified too.
The problem here was that the containing block of the positioned gird items
is the grid area (and not the grid container). The method didn't know
anything about grid, so it was using the grid container causing wrong values
when resolving "auto" in both left and right offset properties.

Note that after this patch we match Chrome and Firefox behavior on these cases.

Test: fast/css-grid-layout/positioned-grid-items-sizing.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::willBeDestroyed):
(WebCore::computeInlineStaticDistance):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalHeight):

  • rendering/RenderBox.h:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::layoutPositionedObject):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

  • fast/css-grid-layout/positioned-grid-items-sizing-expected.html: Added.
  • fast/css-grid-layout/positioned-grid-items-sizing.html: Added.
2:57 AM Changeset in webkit [217410] by Claudio Saavedra
  • 2 edits in trunk/Source/WebCore

[WPE] Build fix after r217404

Unreviewed

  • PlatformWPE.cmake: Include missing cairo cmake file.
2:04 AM Changeset in webkit [217409] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

_WKUserStyleSheet leaks string data
https://bugs.webkit.org/show_bug.cgi?id=172583
<rdar://problem/32395209>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-25
Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet dealloc]):

12:40 AM Changeset in webkit [217408] by ddkilzer@apple.com
  • 21 edits
    19 copies
    3 adds in trunk/LayoutTests

REGRESSION(r217390): "Broke internal Production builds that ran run-jsc-stress-tests" (Requested by ddkilzer on #webkit).
<https://bugs.webkit.org/show_bug.cgi?id=172584>

  • fast/regex/:
  • fast/regex/script-tests:
  • Rollback changes in r217390 for Bug 172423 to these directories.

May 24, 2017:

9:18 PM Changeset in webkit [217407] by Chris Dumez
  • 3 edits
    2 adds in trunk

ResourceResponses for data URLs have their Source marked as Unknown
https://bugs.webkit.org/show_bug.cgi?id=172573
<rdar://problem/31786198>

Reviewed by Geoffrey Garen.

Source/WebCore:

ResourceResponses for data URLs have their Source marked as Unknown.

Now set their source to Network to maintain previous behavior when
we used to decode those data URLs on Network process side.

Test: fast/url/data-url-source.html

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::loadDataURL):

LayoutTests:

Add layout test coverage.

  • fast/url/data-url-source-expected.txt: Added.
  • fast/url/data-url-source.html: Added.
8:54 PM Changeset in webkit [217406] by commit-queue@webkit.org
  • 4 edits in trunk

[Win] An assertion fails if the custom cursor image isn't loaded yet
https://bugs.webkit.org/show_bug.cgi?id=172209

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-24
Reviewed by Said Abou-Hallawa.

Source/WebCore:

Test: fast/css/crash-on-custom-cursor-when-loading.html

A custom cursor image can be zero dimension if it is loading or
decoding. Cursor::ensurePlatformCursor of Windows port should
handle such case properly.

  • platform/win/CursorWin.cpp:

(WebCore::Cursor::ensurePlatformCursor): Load a stock cursor if
the custom cursor image has zero dimension. Do not do null-check
of the return value of createSharedCursor() because it never
returns null.

LayoutTests:

Windows port have the same issue Qt port had had several years ago
(Bug 68223). I'd like to reuse the test case. But, current CSS
parser rejects invalid 'cursor' property value which consists of
a single URL but no keywords.

  • fast/css/crash-on-custom-cursor-when-loading.html: Fix invalid

'cursor' property by appending a fallback keyword.

8:39 PM Changeset in webkit [217405] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Increase the headerpad for WebKit XPC Services
https://bugs.webkit.org/show_bug.cgi?id=172571

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-05-24
Reviewed by Dan Bernstein.

  • Configurations/BaseXPCService.xcconfig:

Increase the headerpad to make room for additional dyld commands.

7:16 PM Changeset in webkit [217404] by commit-queue@webkit.org
  • 14 edits
    1 add in trunk

[CMake] Consolidate CMake code related to Cairo
https://bugs.webkit.org/show_bug.cgi?id=172568

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-24
Reviewed by Alex Christensen.

.:

  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/OptionsWPE.cmake:
  • Source/cmake/OptionsWinCairo.cmake:

Source/WebCore:

No new tests. No change in behavior.

  • PlatformGTK.cmake:
  • PlatformWPE.cmake:
  • PlatformWinCairo.cmake:
  • config.h:
  • platform/Cairo.cmake: Added.
  • platform/GStreamer.cmake:
  • platform/ImageDecoders.cmake:

Tools:

  • DumpRenderTree/config.h:
  • TestWebKitAPI/config.h:
5:58 PM Changeset in webkit [217403] by Ryan Haddad
  • 2 edits in branches/safari-604.1.21-branch/Tools

Merge r217165.

5:58 PM Changeset in webkit [217402] by Ryan Haddad
  • 4 edits in branches/safari-604.1.21-branch/Tools

Merge r217147.

5:48 PM Changeset in webkit [217401] by jmarcell@apple.com
  • 7 edits in branches/safari-604.1.21-branch/Source

Versioning.

5:47 PM Changeset in webkit [217400] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.21.9

Tag Safari-604.1.21.9.

5:25 PM Changeset in webkit [217399] by jmarcell@apple.com
  • 5 edits in branches/safari-603-branch/Source

Versioning.

5:23 PM Changeset in webkit [217398] by jmarcell@apple.com
  • 1 copy in tags/Safari-603.3.2

Tag Safari-603.3.2.

4:54 PM Changeset in webkit [217397] by rniwa@webkit.org
  • 6 edits in trunk/Websites/perf.webkit.org

Opening an analysis task from the queue page is broken
https://bugs.webkit.org/show_bug.cgi?id=172559
<rdar://problem/32389708>

Rubber-stamped by Chris Dumez.

Fix the bug that opening the analysis task page from the queue page results in multiple assertion failures
as well as the list of test groups in the analysis task page not getting updated.

  • public/v3/models/build-request.js:

(BuildRequest.prototype.updateSingleton): Because /api/build-requests/ do not include test groups, it's
possible for testGroup to be dynamically updated upon loading an analysis task page. Update _testGroup in
such instances instead of asserting that it doesn't happen.

  • public/v3/models/data-model.js:

(DataModelObject.cachedFetch): Because various code to create model objects from the result of a JSON API
modify the fetched content in irreversible manner, e.g. object.platform = Platform.findById(object.platform)
we must return a fresh new content each time even if the result had been cached.

  • public/v3/models/test-group.js:

(TestGroup.prototype.platform): Return this._platform as that's not available.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage):
(AnalysisTaskPage.prototype._resetVariables): Extracted from the constructor.
(AnalysisTaskPage.prototype.updateFromSerializedState): Reset all instance variables when opening a new
analysis task page. This would avoid showing the stale result even when fetching new test groups had failed.

  • unit-tests/test-groups-tests.js: Added a test case for fetching the same test group twice. This used to hit

a problem in BuildRequest.constructBuildRequestsFromData which overrode platform property of each raw content
with a Platform model object because in the case of a cached fetch, we end up trying to look up the platform
again using the result of stringifying the Platform object instead of the platform ID included in the original
fetched content.
(sampleTestGroup): Added "platform" as included in the JSON API's response now.

4:52 PM Changeset in webkit [217396] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

The commit log viewer can overlap the analysis results viewer
https://bugs.webkit.org/show_bug.cgi?id=172534

Rubber-stamped by Chris Dumez.

Allocate the padding on the right for the commit log viewer, and add a horizontal scrollbar
to the analysis results viewer instead of letting it expand beneath the commit log viewer.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskResultsPane.htmlTemplate):
(AnalysisTaskResultsPane.cssTemplate):

4:24 PM Changeset in webkit [217395] by jmarcell@apple.com
  • 6 edits in branches/safari-604.1.21-branch

Cherry-pick r217382. rdar://problem/32380083

4:21 PM Changeset in webkit [217394] by bshafiei@apple.com
  • 8 edits in branches/safari-604.1.21-branch/Source

Roll out r217382. rdar://problem/32380083

4:14 PM Changeset in webkit [217393] by bshafiei@apple.com
  • 8 edits in branches/safari-604.1.21-branch/Source

Merged r217382. rdar://problem/32380083

4:13 PM Changeset in webkit [217392] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

REGRESSION (r206481): Don't assume frameCount() is larger than or equal to the size of the image frame cache
https://bugs.webkit.org/show_bug.cgi?id=172552

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-24
Reviewed by Geoffrey Garen.

If an image with many cached ImageFrames is cached but its encoded data is
freed, then the same image is reused, the encoded data will be fetched.
But the initial frameCount() might be less than the current size of the
ImageFrames cache.

This was causing an assertion in the debug build and crash in the release
build. Vector::grow() does not handle the case where the new size is smaller
than the current size safely.

  • platform/graphics/ImageFrameCache.cpp:

(WebCore::ImageFrameCache::growFrames):

4:05 PM Changeset in webkit [217391] by commit-queue@webkit.org
  • 5 edits
    2 adds in trunk

navigator.webdriver should return false if the page is not controlled by automation
https://bugs.webkit.org/show_bug.cgi?id=171997

Patch by Sergey Shekyan <shekyan@gmail.com> on 2017-05-24
Reviewed by Chris Dumez.

Per WebDriver Specification at https://www.w3.org/TR/webdriver/#interface

Test: js/dom/navigator-webdriver.html
Rebaseled fast/dom/navigator-detached-no-crash.html

  • Modules/webdriver/NavigatorWebDriver.cpp:

(WebCore::NavigatorWebDriver::NavigatorWebDriver):
(WebCore::NavigatorWebDriver::isControlledByAutomation):
(WebCore::NavigatorWebDriver::from):
(WebCore::NavigatorWebDriver::webdriver):
(WebCore::JSNavigator::webdriver): Deleted.

  • Modules/webdriver/NavigatorWebDriver.h:
  • Modules/webdriver/NavigatorWebDriver.idl:
3:53 PM Changeset in webkit [217390] by ap@apple.com
  • 1155 edits
    710 deletes in trunk/LayoutTests

Merge split script tests
https://bugs.webkit.org/show_bug.cgi?id=172423

Reviewed by Sam Weinig.

In the past, many tests were being split into HTML and JS parts for no good reason.
This makes it hard to see what those tests are doing.

This is first part of the change, only including files where JS and HTML counterparts
have matching names. Custom cases will be completed in a follow-up.

Long change list omitted.

2:59 PM Changeset in webkit [217389] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

[GTK] Provide details on javascript exception
https://bugs.webkit.org/show_bug.cgi?id=161187

Patch by David Keijser <keijser@gmail.com> on 2017-05-24
Reviewed by Carlos Garcia Campos.

  • UIProcess/API/gtk/WebKitWebView.cpp:

(webkitWebViewRunJavaScriptCallback):
(webkit_web_view_run_javascript):
(resourcesStreamReadCallback):

2:35 PM Changeset in webkit [217388] by Ryan Haddad
  • 4 edits in trunk/Source

Unreviewed, suppress deprecation warnings to fix the build.

Source/WebCore:

  • platform/graphics/mac/GraphicsContextMac.mm:

(WebCore::linearRGBColorSpaceRef):

Source/WebKit2:

  • Shared/mac/ColorSpaceData.mm:

(WebKit::ColorSpaceData::decode):

2:35 PM Changeset in webkit [217387] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark http/tests/xmlhttprequest/xmlhttprequest-50ms-download-dispatch.html as failing on iOS.
https://bugs.webkit.org/show_bug.cgi?id=172547

Unreviewed test gardening.

  • platform/ios/TestExpectations:
1:28 PM Changeset in webkit [217386] by commit-queue@webkit.org
  • 5 edits
    1 add in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new GTK+ icons for garbage collect and clean buttons in Console
https://bugs.webkit.org/show_bug.cgi?id=167356

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-24
Reviewed by Michael Catanzaro.

  • UserInterface/Images/gtk/NavigationItemClear.svg: Aligned for 16x16 dimension.
  • UserInterface/Images/gtk/NavigationItemGarbageCollect.svg: Added.
  • UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView): Removed the Clear image dimension's conditional expression.

  • UserInterface/Views/NetworkGridContentView.js:

(WebInspector.NetworkGridContentView): Ditto.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView): Ditto.

12:43 PM Changeset in webkit [217385] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Sycning script build fix after r217378.

  • tools/sync-buildbot.js:

(syncLoop):

12:32 PM Changeset in webkit [217384] by akling@apple.com
  • 2 edits in trunk/Source/WTF

Disable memory kill mechanisms when running with FastMalloc disabled.
https://bugs.webkit.org/show_bug.cgi?id=172550
<rdar://problem/32181908>

Reviewed by Antti Koivisto.

If someone is using WebKit with a non-standard allocator, they are likely trying to debug
or test something, and suddenly getting killed is not gonna help with that.

  • wtf/MemoryPressureHandler.cpp:

(WTF::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor):

12:25 PM Changeset in webkit [217383] by jmarcell@apple.com
  • 3 edits
    2 adds in branches/safari-603-branch

Cherry-pick r217172. rdar://problem/32380123

12:01 PM Changeset in webkit [217382] by Wenson Hsieh
  • 10 edits in trunk

Plumb additional image metadata to item providers when beginning data interaction on an image
https://bugs.webkit.org/show_bug.cgi?id=172536
<rdar://problem/32371300>

Reviewed by Beth Dakin.

Source/WebCore:

Plumb suggestedName (the last path component of the image's source URL) and size (the actual size of the image)
to item providers when beginning data interaction on an image.

Augments existing unit tests to cover these changes -- see DataInteractionTests.

  • editing/ios/EditorIOS.mm:

(WebCore::Editor::writeImageToPasteboard):

  • platform/Pasteboard.h:
  • platform/ios/PlatformPasteboardIOS.mm:

(WebCore::PlatformPasteboard::writeObjectRepresentations):

  • platform/ios/WebItemProviderPasteboard.h:
  • platform/ios/WebItemProviderPasteboard.mm:

(-[WebItemProviderRegistrationInfoList init]):
(-[WebItemProviderPasteboard setItemsUsingRegistrationInfoLists:]):
(temporaryFileURLForDataInteractionContent):

Source/WebKit2:

Boilerplate plumbing to send suggestedName over IPC.

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<PasteboardImage>::encode):
(IPC::ArgumentCoder<PasteboardImage>::decode):

Tools:

Tweak existing image data interaction tests to check for suggested name and estimated size on the generated
source item providers.

  • TestWebKitAPI/Tests/ios/DataInteractionTests.mm:

(checkSuggestedNameAndEstimatedSize):
(TestWebKitAPI::TEST):

11:56 AM Changeset in webkit [217381] by eric.carlson@apple.com
  • 4 edits
    1 add in trunk/Source/WebCore

CoreAudioCaptureSource is ducking system sound
https://bugs.webkit.org/show_bug.cgi?id=172512

Reviewed by Youenn Fablet.

Manual testing.

  • Configurations/WebCore.xcconfig: Adding CoreAudio as framework for iOS.
  • platform/mediastream/mac/CoreAudioCaptureSource.cpp:

(WebCore::CoreAudioSharedUnit::setupAudioUnit):
(WebCore::CoreAudioSharedUnit::defaultOutputDevice):

  • platform/spi/cf/CoreAudioSPI.h: Added.
11:54 AM Changeset in webkit [217380] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Rebaseline test

Unreviewed gardening after a series of changes to dom static properties.

  • platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:
11:53 AM Changeset in webkit [217379] by Devin Rousso
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Don't load the active recording until a Timeline view needs to be shown
https://bugs.webkit.org/show_bug.cgi?id=172467

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView):
(WebInspector.TimelineTabContentView.prototype.restoreFromCookie):
(WebInspector.TimelineTabContentView.prototype._showTimelineViewForType):
Move the call to _recordingLoaded to when a timeline view needs to be shown and only if
_displayedRecording isn't already set. This delays the creation of the content view for
the recording to right before it needs to be displayed.

11:47 AM Changeset in webkit [217378] by rniwa@webkit.org
  • 14 edits
    1 add in trunk/Websites/perf.webkit.org

Add the support for perf try bots to sync-buildbot.js
https://bugs.webkit.org/show_bug.cgi?id=172529

Rubber-stamped by Chris Dumez.

Make sync-buildbot.js schedule an A/B testing job with a patch or roots to buildbot.

Change the buildbot property format in the syncing script's configuration again to use a dictionary
with a single key of "revision", "patch", or "roots" to specify a revision, a patch, or a set of roots,
and simplified the structure of the configuration by always having "types" and "builders", and
make each entry in "configurations" refer to a list of types, platforms, and builders.

Since now there are build requests to build patches and run tests, "configurations" has been renamed to
"testConfigurations" and "buildConfigurations" have been added. Each entry in "buildConfigurations"
specifies a list of platforms and builders. Similarly in repository group configurations, the buildbot
properties for testing is now specified as "testProperties" and ones for building a patch is specified
in newly introduced "buildProperties".

  • public/api/build-requests.php:

(update_builds): When a build request to build a patch fails, mark all subsequent requests as failed
since there is no way to run tests without a successful build.

  • public/api/update-triggerable.php:

(main): Re-generate manifest.json after updating the triggerable. The lack of this re-generation was
the reason we had to manually GET /api/manifest in api-update-triggerable-tests.js.

  • public/v3/models/build-request.js:

(BuildRequest.prototype.hasCompleted): Added.

  • public/v3/models/manifest.js:

(Manifest.reset): Added. Extracted from MockData.resetV3Models in unit-tests/mock-data.js and
syncLoop in tools/sync-buildbot.js
(Manifest.fetch): Reset V3 models before fetching the manifest. This eliminates the need to manually
reset V3 models in syncLoop.

  • public/v3/models/uploaded-file.js:

(UploadedFile.prototype.url): Use RemoteAPI.url to get the full URL instead of just a path.

  • public/v3/remote.js:

(BrowserRemoteAPI.prototype.url): Added. Constructs the full URL.

  • server-tests/api-update-triggerable-tests.js:

(.refetchManifest): Deleted. Now that /api/manifest re-generates manifest.json, we can simply call
Manifest.fetch instead.

  • server-tests/resources/mock-data.js:

(MockData.resetV3Models): Calls Manifest.reset().
(MockData.addMockConfiguration): Extracted from addMockData.
(MockData.addMockData): Updated per the format change.
(MockData.mockTestSyncConfigWithSingleBuilder): Ditto.
(MockData.mockTestSyncConfigWithTwoBuilders): Ditto.
(MockData.runningBuild): Make buildNumber specifiable.
(MockData.finishedBuild): Ditto.

  • server-tests/tools-buildbot-triggerable-tests.js: Updated configurations per the format change.

Now that now acceptsCustomRoots() for "system-and-webkit" must be true since we can't have a
repository group that which accepts a patch and not take roots.

  • server-tests/tools-sync-buildbot-integration-tests.js: Added.

(createTriggerable): Added.
(createTestGroupWihPatch): Added.
(uploadRoot): Added.
(.assertAndResolveRequest): Added.
(.assertTestBuildHasFailed): Added.

  • tools/js/buildbot-syncer.js:

(BuildbotSyncer): Added. _type as an instance variable to identify whether this buildbot builder
is a "builder" which builds a patch, builder, or a "tester" which runs a test. Also renamed
_testConfigurations to _configurations.
(BuildbotSyncer.prototype.addTestConfiguration): Assert that either the type of this syncer hasn't
been set or it's a tester.
(BuildbotSyncer.prototype.testConfigurations): Return [] when it's a builder.
(BuildbotSyncer.prototype.addBuildConfiguration): Added. Adds a platform to a builder.
(BuildbotSyncer.prototype.buildConfigurations): Added. Returns the list of configurations if this
syncer is a builder. Otherwise returns [].
(BuildbotSyncer.prototype.isTester): Added.
(BuildbotSyncer.prototype.matchesConfiguration):
(BuildbotSyncer.prototype._propertiesForBuildRequest): Updated to support the new format.
(BuildbotSyncer._loadConfig): Ditto. Optionally parse buildConfigurations.
(BuildbotSyncer._resolveBuildersWithPlatforms): Added. For each test or build configuration entry,
creates the list of configurations per builder and platform.
(BuildbotSyncer._parseRepositoryGroup): Added the support for parsing the new format with revision,
roots, and patch option types with a lot of validations as we're seeing a bit of combinatorial
explosion in the number of things that can go wrong. Also parse buildProperties optionally.
(BuildbotSyncer._parseRepositoryGroupPropertyTemplate): Added. A helper function to parse a set of
buildbot properties, validates its content, and invokes a callback if it's an dynamically resolved
type such as "revision" and "patch".
(BuildbotSyncer._validateAndMergeConfig): Updated per the format change. No longer allows "types",
"type", "platforms", and "platform" as they're explicity resolved in _resolveBuildersWithPlatforms.

  • tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype.syncOnce):
(BuildbotTriggerable.prototype._validateRequests): Handle the case when a build request is not
associated with any test.
(BuildbotTriggerable.prototype._nextRequestInGroup): Return null when there is a build request to
build a patch which has not been completed (pending, scheduled, running, or failed). Since all
requests to build a patch has a negative order, those requests should all show up at the beginning.
(BuildbotTriggerable.prototype._scheduleRequestIfSlaveIsAvailable): Pick a new buildbot syncer when
scheduling the first request to build a patch or the first request to run a test. The first request
to run a test will always have order of 0, so it's a sufficient condition to find such a request.
On the other hand, the first request to build a patch can have a negative order number so we must
explicitly check if it's the first item in the ordered list of requests in the test group.

  • tools/remote-server-relay.log: Added.
  • tools/sync-buildbot.js:

(syncLoop): Fixed a bug we were not re-fetching the triggerable after updating the triggerable so
that Triggerable and related objects we have in the memory may not reflect what we just synced to
the perf dashboard. Also, we don't reset V3 models manually any more since Manifest.fetch does that.

  • unit-tests/buildbot-syncer-tests.js: Added more test cases and updated existing test cases to test

exception messages explicitly since allowing any exception was resulting in some tests passing a
result of unrelated parsing error being thrown, etc...
(sampleiOSConfig): Updated per the format change.
(sampleiOSConfigWithExpansions): Ditto.
(smallConfiguration): Ditto.

11:40 AM Changeset in webkit [217377] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Rebaseline test

Unreviewed gardening after a series of changes to dom static properties.

  • platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:
11:39 AM Changeset in webkit [217376] by Claudio Saavedra
  • 1 edit
    1 delete in trunk/LayoutTests

[WPE] Rebaseline test

Unreviewed gardening after a series of changes to dom static properties.

  • platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:
11:38 AM Changeset in webkit [217375] by Wenson Hsieh
  • 2 edits in trunk/Source/WebKit2

[WK2] Remove workaround to disable zooming to the focus rect while performing a data interaction
https://bugs.webkit.org/show_bug.cgi?id=172546

Reviewed by Beth Dakin.

Removes a now-unnecessary workaround to prevent scrolling when performing a data interaction operation in
editable content.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _displayFormNodeInputView]):

11:37 AM Changeset in webkit [217374] by jmarcell@apple.com
  • 2 edits in branches/safari-603-branch/JSTests

Cherry-pick r217018. rdar://problem/32380054

11:34 AM Changeset in webkit [217373] by jmarcell@apple.com
  • 3 edits
    1 add in branches/safari-603-branch

Cherry-pick r217016. rdar://problem/32380054

10:36 AM Changeset in webkit [217372] by wilander@apple.com
  • 5 edits in trunk/Source

Resource Load Statistics: Change grandfathering default to one hour
https://bugs.webkit.org/show_bug.cgi?id=172524
<rdar://problem/32360462>

Reviewed by Brent Fulgham.

Source/WebCore:

Covered by existing test.

  • loader/ResourceLoadStatisticsStore.cpp:

Source/WebKit2:

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/WebResourceLoadStatisticsManager.cpp:

(WebKit::WebResourceLoadStatisticsManager::resetToConsistentState):

9:39 AM Changeset in webkit [217371] by jer.noble@apple.com
  • 14 edits
    4 moves in trunk/Source

Rename DisplaySleepDisabler -> SleepDisabler
https://bugs.webkit.org/show_bug.cgi?id=172478

Reviewed by Sam Weinig.

Source/WebCore:

Rename DisplaySleepDisabler to SleepDisabler so that different (i.e., non-Display) sleep types can be
added in a future change.

  • WebCore.xcodeproj/project.pbxproj:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateSleepDisabling):

  • html/HTMLMediaElement.h:
  • platform/SleepDisabler.cpp: Renamed from Source/WebCore/platform/DisplaySleepDisabler.cpp.

(WebCore::SleepDisabler::create):
(WebCore::SleepDisabler::SleepDisabler):
(WebCore::SleepDisabler::~SleepDisabler):

  • platform/SleepDisabler.h: Renamed from Source/WebCore/platform/DisplaySleepDisabler.h.
  • platform/cocoa/SleepDisablerCocoa.cpp: Renamed from Source/WebCore/platform/cocoa/DisplaySleepDisablerCocoa.cpp.

(WebCore::SleepDisabler::create):
(WebCore::SleepDisablerCocoa::SleepDisablerCocoa):
(WebCore::SleepDisablerCocoa::~SleepDisablerCocoa):

  • platform/cocoa/SleepDisablerCocoa.h: Renamed from Source/WebCore/platform/cocoa/DisplaySleepDisablerCocoa.h.
  • platform/mac/WebVideoFullscreenController.h:
  • platform/mac/WebVideoFullscreenController.mm:

(-[WebVideoFullscreenController updatePowerAssertions]):

  • CMakeLists.txt:
  • PlatformMac.cmake:
  • WebCore.order:

Source/WebKit/mac:

  • WebView/WebFullScreenController.h:

Source/WebKit2:

  • UIProcess/mac/WKFullScreenWindowController.h:
  • UIProcess/mac/WKFullScreenWindowController.mm:
9:22 AM Changeset in webkit [217370] by pvollan@apple.com
  • 8 edits in trunk

[Win] Create unique network storage session for each DRT.
https://bugs.webkit.org/show_bug.cgi?id=172540

Reviewed by Brent Fulgham.

During layout testing, each DRT instance should have its own network storage session.

Source/WebCore:

  • platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::switchToNewTestingSession):

Source/WebKit/win:

  • Interfaces/IWebPreferencesPrivate.idl:
  • WebPreferences.cpp:

(WebPreferences::switchNetworkLoaderToNewTestingSession):

  • WebPreferences.h:

Tools:

  • DumpRenderTree/win/DumpRenderTree.cpp:

(prepareConsistentTestingEnvironment):

9:08 AM Changeset in webkit [217369] by weinig@apple.com
  • 8 edits in trunk/Source/WebCore

[WebIDL] Overloaded functions unnecessarily duplicate argument checks
https://bugs.webkit.org/show_bug.cgi?id=172481

Reviewed by Chris Dumez.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GeneratePropertiesHashTable):
Update for rename of GetConditionalForFunctionConsideringOverloads.

(AreTypesDistinguishableForOverloadResolution):
Remove unnecessary subroutine isDictionary that can be replaced by
a direct call to $codeGenerator->IsDictionaryType().

(GetConditionalForFunctionConsideringOverloads):
Renamed from getConditionalForFunctionConsideringOverloads.

(GenerateOverloadDispatcher):
Renamed from GenerateOverloadedFunctionOrConstructor. Moved Constructor/Operation/LegacyCaller
specific code out, and into parameters.

(GenerateImplementation):
Moved operation generation out into its own subroutine.

(GenerateOperationDefinition): Added.
Moved from GenerateImplementation.

(GenerateLegacyCallerDefinitions):
Pass function name and signature to GenerateOverloadDispatcher.

(GenerateArgumentsCountCheck):
Don't generate an argument check if this is an overloaded function. The argument
checks happen in the overload dispatcher.

(NeedsExplicitPropagateExceptionCall):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
Replace IsReturningPromise with more direct check.

(GenerateConstructorDefinitions):
Pass function name and signature to GenerateOverloadDispatcher.

(getConditionalForFunctionConsideringOverloads): Renamed to GetConditionalForFunctionConsideringOverloads.
(GenerateOverloadedFunctionOrConstructor): Renamed to GenerateOverloadDispatcher.
(IsReturningPromise): Deleted.

  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/TestInterface.idl:

Update test results.

8:40 AM Changeset in webkit [217368] by jdiggs@igalia.com
  • 7 edits
    1 copy in trunk/LayoutTests

[ATK] Gardening needed after r217171
https://bugs.webkit.org/show_bug.cgi?id=172539

Unreviewed test gardening after r217171.

Add "PASS successfullyParsed is true" and "TEST COMPLETE" lines for
tests with platform-specific expectations.

  • accessibility/multiselect-list-reports-active-option-expected.txt:
  • accessibility/table-cells-roles-expected.txt:
  • platform/gtk/accessibility/aria-checkbox-sends-notification-expected.txt:
  • platform/gtk/accessibility/aria-switch-sends-notification-expected.txt:
  • platform/gtk/accessibility/deleting-iframe-destroys-axcache-expected.txt:
  • platform/gtk/accessibility/menu-list-sends-change-notification-expected.txt:
  • platform/gtk/accessibility/table-roles-hierarchy-expected.txt:
5:11 AM Changeset in webkit [217367] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.16.3

WebKitGTK+ 2.16.3

5:09 AM Changeset in webkit [217366] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.16

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.16.3 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.16.3.
4:17 AM Changeset in webkit [217365] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r215166 - generate-bindings-all.pl shouldn't use Perl threads
https://bugs.webkit.org/show_bug.cgi?id=170106

Patch by Fujii Hironori <Fujii Hironori> on 2017-04-09
Reviewed by Yusuke Suzuki.

The use of interpreter-based threads in Perl is officially
discouraged and not all Linux distributions and BSD compile Perl
with threads support. Use fork instead of threads to run
generate-bindings.pl in parallel.

  • bindings/scripts/generate-bindings-all.pl:

(spawnGenerateBindingsIfNeeded): Added.
(executeCommand): Removed the workaround for Cygwin Perl threads.
(spawnCommand): Added.
(worker): Deleted.

4:00 AM Changeset in webkit [217364] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214291 - ASSERT_WITH_SECURITY_IMPLICATION hit when removing an <input type="range"> while dragging on iOS
https://bugs.webkit.org/show_bug.cgi?id=165535
<rdar://problem/29559749>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Utimately we should prevent SliderThumbElement::unregisterForTouchEvents() being called while
updating render tree. A quick fix for this is to move dispatchFormControlChangeEvent for input
from stopDragging up to the callers which really needs to dispatch this event, i.e., finishing
dragging the slider. It is clear that not every caller of stopDragging wants to
dispatchFormControlChangeEvent.

Test: fast/forms/range/range-remove-on-drag.html

  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::stopDragging):
(WebCore::SliderThumbElement::defaultEventHandler):
(WebCore::SliderThumbElement::handleTouchEndAndCancel):

LayoutTests:

This test case is only enabled in iOS simulator WK2.

  • TestExpectations:
  • fast/forms/range/range-remove-on-drag-expected.txt: Added.
  • fast/forms/range/range-remove-on-drag.html: Added.
  • platform/ios-simulator-wk2/TestExpectations:
3:47 AM Changeset in webkit [217363] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r217319.
https://bugs.webkit.org/show_bug.cgi?id=172538

This patch broke iOS Simulator Debug build (Requested by fredw
on #webkit).

Reverted changeset:

"CoreAudioCaptureSource is ducking system sound"
https://bugs.webkit.org/show_bug.cgi?id=172512
http://trac.webkit.org/changeset/217319

3:26 AM Changeset in webkit [217362] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214086 - WebGL: Improve index validation when using uint index values
https://bugs.webkit.org/show_bug.cgi?id=169798

Reviewed by Simon Fraser.

Source/WebCore:

Make sure that we test index validation with the correct type.
Also stop using -1 in WebGLBuffer to indicate non-existant values.

Test: fast/canvas/webgl/draw-elements-out-of-bounds-uint-index.html

  • html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Use optional<> and
unsigned values.

  • html/canvas/WebGLBuffer.cpp: Use unsigned for maxIndex (they can't be negative)

and optional<> to indicate unknown value.
(WebCore::WebGLBuffer::getCachedMaxIndex):
(WebCore::WebGLBuffer::setCachedMaxIndex):

  • html/canvas/WebGLBuffer.h:
  • html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::validateIndexArrayConservative): Use optional<> and
unsigned values.

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::validateVertexAttributes): No need to check if
an unsigned value is less than zero.

LayoutTests:

  • fast/canvas/webgl/draw-elements-out-of-bounds-uint-index-expected.txt: Added.
  • fast/canvas/webgl/draw-elements-out-of-bounds-uint-index.html: Added.
3:21 AM Changeset in webkit [217361] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214014 - Iteratively dispatch DOM events after restoring a cached page
https://bugs.webkit.org/show_bug.cgi?id=169703
<rdar://problem/31075903>

Reviewed by Brady Eidson.

Make dispatching of DOM events when restoring a page from the page cache symmetric with
dispatching of events when saving a page to the page cache.

  • history/CachedFrame.cpp:

(WebCore::CachedFrameBase::restore): Move code to dispatch events from here to FrameLoader::didRestoreFromCachedPage().

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad): Ensure that no DOM events are dispatched during
restoration of a cached page. Call didRestoreFromCachedPage() after restoring the page to
dispatch DOM events on the restored frames.
(WebCore::FrameLoader::willRestoreFromCachedPage): Renamed; formerly named prepareForCachedPageRestore().
(WebCore::FrameLoader::didRestoreFromCachedPage): Added.
(WebCore::FrameLoader::prepareForCachedPageRestore): Renamed to willRestoreFromCachedPage().

  • loader/FrameLoader.h:
  • page/FrameTree.cpp:

(WebCore::FrameTree::traverseNextInPostOrderWithWrap): Returns the next Frame* in a post-order
traversal of the frame tree optionally wrapping around to the deepest first child in the tree.
(WebCore::FrameTree::deepFirstChild): Added.

  • page/FrameTree.h:
2:50 AM Changeset in webkit [217360] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit/win

[WinCairo] AcceleratedCompositingContext.h: error C3668: 'AcceleratedCompositingContext::paintContents': method with override specifier 'override' did not override any base class methods
https://bugs.webkit.org/show_bug.cgi?id=172535

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-24
Reviewed by Konstantin Tokarev.

  • WebCoreSupport/AcceleratedCompositingContext.cpp:

(AcceleratedCompositingContext::paintContents): Append the fifth argument.

  • WebCoreSupport/AcceleratedCompositingContext.h: Ditto.
2:40 AM Changeset in webkit [217359] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.16

Merge r217227 - Crash in WebCore::StyleRuleKeyframes::findKeyframeIndex
https://bugs.webkit.org/show_bug.cgi?id=170756
<rdar://problem/31573157>

Reviewed by Andreas Kling.

Source/WebCore:

Using a malformed key with CSSKeyframesRule.findRule crashes because
CSSParser::parseKeyframeKeyList returns null which is then dereferenced.

  • css/CSSKeyframesRule.cpp:

(WebCore::StyleRuleKeyframes::findKeyframeIndex): Null test.

LayoutTests:

Expand the tests to cover the malformed key case.

  • animations/keyframes-rule.html:
  • animations/unprefixed-keyframes-rule.html:
2:37 AM Changeset in webkit [217358] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Tools

Merge r217190 - [GTK] gtkdoc-fixxref needs --module argument to work
https://bugs.webkit.org/show_bug.cgi?id=172415

Patch by Ting-Wei Lan <Ting-Wei Lan> on 2017-05-20
Reviewed by Michael Catanzaro.

  • gtk/gtkdoc.py:

(GTKDoc._run_gtkdoc_fixxref):

2:36 AM Changeset in webkit [217357] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r217172 - Do not fire load event for SVGElements that are detached or in frameless documents
https://bugs.webkit.org/show_bug.cgi?id=172289
<rdar://problem/32275689>

Reviewed by Ryosuke Niwa.

Source/WebCore:

We should not fire load event for SVGElements that are detached or in frameless
documents.

Test: svg/load-event-detached.html

  • svg/SVGElement.cpp:

(WebCore::SVGElement::sendSVGLoadEventIfPossible):

LayoutTests:

Add layout test coverage.

  • svg/load-event-detached-expected.txt: Added.
  • svg/load-event-detached.html: Added.
2:32 AM Changeset in webkit [217356] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r217219 - Add even more input validation in Connection::processMessage()
https://bugs.webkit.org/show_bug.cgi?id=171682

Reviewed by Carlos Garcia Campos.

Verify that the size of the out-of-line message body matches the size of the AttachmentInfo
that is containing it.

  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::processMessage):

2:32 AM Changeset in webkit [217355] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r217206 - Add more input validation in Connection::readBytesFromSocket()
https://bugs.webkit.org/show_bug.cgi?id=171871

Reviewed by Michael Catanzaro.

Check the control message length is in the limits. Credit to Nathan Crandall for reporting this issue and
submitting an equivalent fix.

  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::readBytesFromSocket):

2:31 AM Changeset in webkit [217354] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r217126 - Add more input validation in Connection::processMessage()
https://bugs.webkit.org/show_bug.cgi?id=171682

Reviewed by Michael Catanzaro.

Check limits of attachments and message size. Credit to Nathan Crandall for reporting this issue and submitting
an equivalent fix.

  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::processMessage):

2:27 AM Changeset in webkit [217353] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16

Merge r217164 - Redundant ellipsis box triggers ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent().
https://bugs.webkit.org/show_bug.cgi?id=172309
<rdar://problem/32262357>

Reviewed by Simon Fraser.

Source/WebCore:

This patch stops the redundant ellipsis box trigger ASSERT_WITH_SECURITY_IMPLICATION.

In RootInlineBox::placeEllipsis we construct an ellipsis box and append it to a static HashMap which
keeps track of the ellipsis boxes on each line. However when the line already has an ellipsis, we
re-use the existing one and this newly constructed (but redundant) box gets destroyed as we return from this function.
In InlineBox's d'tor, we let the parent know that now it has a dangling child and we assert on it
later, while accessing the children list. However this redundant ellipsis box was never added to the line,
so the assertion hits incorrectly.

Test: fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html

  • rendering/EllipsisBox.cpp:

(WebCore::EllipsisBox::EllipsisBox):

  • rendering/InlineBox.cpp: This needs 32bits padding.

(WebCore::InlineBox::invalidateParentChildList):

  • rendering/InlineBox.h:
  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::placeEllipsis):

LayoutTests:

  • fast/inline/redundant-ellipsis-triggers-assert-incorrectly-expected.txt: Added.
  • fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html: Added.
2:14 AM Changeset in webkit [217352] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r217079 - Redundant ellipsis box triggers ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent().
https://bugs.webkit.org/show_bug.cgi?id=172309
<rdar://problem/32262357>

Reviewed by Simon Fraser.

Source/WebCore:

This patch stops the redundant ellipsis box trigger ASSERT_WITH_SECURITY_IMPLICATION.

In RootInlineBox::placeEllipsis we construct an ellipsis box and append it to a static HashMap which
keeps track of the ellipsis boxes on each line. However when the line already has an ellipsis, we
re-use the existing one and this newly constructed (but redundant) box gets destroyed as we return from this function.
In InlineBox's d'tor, we let the parent know that now it has a dangling child and we assert on it
later, while accessing the children list. However this redundant ellipsis box was never added to the line,
so the assertion hits incorrectly.

Test: fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html

  • rendering/EllipsisBox.cpp:

(WebCore::EllipsisBox::EllipsisBox):

  • rendering/InlineBox.cpp:

(WebCore::InlineBox::invalidateParentChildList):

  • rendering/InlineBox.h:
  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::placeEllipsis): Use the newly created ellipsis box instead.

LayoutTests:

  • fast/inline/redundant-ellipsis-triggers-assert-incorrectly-expected.txt: Added.
  • fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html: Added.
2:08 AM Changeset in webkit [217351] by Carlos Garcia Campos
  • 8 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r217075 - Transform misplaces element 50% of the time
https://bugs.webkit.org/show_bug.cgi?id=172300
Source/WebCore:

Reviewed by Simon Fraser.

A hardware-accelerated animation of the transform property
requires layout to happen if it contains a translate operation
using percentages, otherwise it may create an incorrect
animation. The "50% of the time" comes in to play because
the layout timer may sometimes fire before the animation
timer. The test case contains a example that is much more
likely to fail without this fix.

Test: animations/needs-layout.html

  • page/animation/CSSAnimationController.cpp:

(WebCore::CSSAnimationControllerPrivate::animationTimerFired): If
we've been told that we need a layout, and we have one pending, then
force it before doing the rest of the animation logic.
(WebCore::CSSAnimationController::updateAnimations): Check if the
CompositeAnimation depends on layout, and tell the private controller
that it should check for the necessity of a layout as the animation
timer fires.

  • page/animation/CompositeAnimation.cpp:

(WebCore::CompositeAnimation::animate): Ask the keyframes if this
animation depends on layout.

  • page/animation/CompositeAnimation.h:

(WebCore::CompositeAnimation::hasAnimationThatDependsOnLayout):

  • page/animation/KeyframeAnimation.cpp:

(WebCore::KeyframeAnimation::KeyframeAnimation):
(WebCore::KeyframeAnimation::computeLayoutDependency): Look at all
the keyframe properties for something that is a translation using
percentages.

  • page/animation/KeyframeAnimation.h:

LayoutTests:

<rdar://problem/29835668>

Reviewed by Simon Fraser.

A test case which has an animation that relies on
translation percentages. If all goes well, the
animating element will be completely obscured.

  • animations/needs-layout-expected.html: Added.
  • animations/needs-layout.html: Added.
2:05 AM Changeset in webkit [217350] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.16

Merge r217069 - Improve error message for Access-Control-Allow-Origin violation due to misconfigured server
https://bugs.webkit.org/show_bug.cgi?id=162819
<rdar://problem/28575938>

Reviewed by Joseph Pecoraro.

LayoutTests/imported/w3c:

Update expected result.

  • web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt:
  • web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt:

Source/WebCore:

Inspired by Blink change:
<https://src.chromium.org/viewvc/blink?view=revision&revision=163406>

At most one Access-Control-Allow-Origin header may be in an HTTP response. Improve the
error message emitted on a CORS failure when Access-Control-Allow-Origin contains more
than one origin, indicated by the presence of a ',', as a way to help web developers/server
administrators differentiate between a misconfigured Access-Control-Allow-Origin header
and a misconfigured server.

  • loader/CrossOriginAccessControl.cpp:

(WebCore::passesAccessControlCheck): Defined a local variable to hold the value of securityOrigin.toString()
and referenced this variable throughout the code to avoid computing the stringified security
origin more than once. Switched to using makeString() to concatenate error message when the
origin of the page does not match the value of the Access-Control-Allow-Origin header.

LayoutTests:

Add more tests when Access-Control-Allow-Origin has more than one value and group
with existing tests. Update expected results.

  • http/tests/xmlhttprequest/origin-exact-matching-expected.txt:
  • http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.html: Also extracted

the origin string for the page into a local variable called pageOrigin, making use of document.origin,
and referenced this variable instead of duplicating its value. Fixed various style nits.

2:03 AM Changeset in webkit [217349] by Carlos Garcia Campos
  • 6 edits
    7 adds in releases/WebKitGTK/webkit-2.16

Merge r217054 - REGRESSION (r209608): Cross-origin plugin document opened in child window blocked by parent
window CSP when object-src 'none' is set
https://bugs.webkit.org/show_bug.cgi?id=172038
<rdar://problem/32258262>

Reviewed by Andy Estes.

Source/WebCore:

Fixes an issue where a cross-origin plugin document opened in a child window would inherit
the Content Security Policy (CSP) of its opener. In particular, a cross-origin plugin
document opened in a child window would be blocked when the CSP of its opener disallows
plugins (e.g. object-source 'none').

Prior to r209608 a document opened in a child window never inherited the CSP from its opener
and a plugin document loaded in a subframe would unconditionally inherit the CSP from its
parent frame. So, a plugin document opened in a child window would be allowed to load
regardless of whether its opener had a CSP that prevented plugins. Following r209608 a
document opened in a child window would inherit its CSP from its opener if and only if it
would inherit the security origin from its opener (e.g. about:blank) or was a plugin
document. The latter condition makes plugin documents opened in a child window unconditionally
inherit the CSP from their opener and is the cause of this bug. It seems reasonable to exempt
cross-origin plugin documents opened in a child window from the CSP inheritance rule because
such documents cannot compromise the origin of their opener. Same-origin plugin documents
opened in a child window will continue to inherit the CSP from their opener because such
documents can compromise the origin of their opener.

Tests: http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window.html

http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window.html
http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html

  • dom/Document.cpp:

(WebCore::Document::shouldInheritContentSecurityPolicyFromOwner): Added.
(WebCore::Document::initContentSecurityPolicy):

  • dom/Document.h:

Tools:

Teach the test Netscape plugin to look for a URL that contains plugin-document-alert-and-notify-done.pl.
When it sees this URL it will show a JavaScript alert and call testRunner.notifyDone().

  • DumpRenderTree/TestNetscapePlugIn/main.cpp:

(NPP_New):

LayoutTests:

Adds tests to ensure that a same-origin- and cross-origin- plugin document opened in a child
window inherit and do not inherit the CSP of its opener, respectively. Also adds a test to
ensure that an about:blank window inherits the CSP plugin policy of its opener.

  • http/tests/plugins/resources/plugin-document-alert-and-notify-done.pl: Added.
  • http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window.html: Added.
  • http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window.html: Added.
  • http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html: Added.
  • platform/ios/TestExpectations: Skip added tests as iOS does not support plugins.
2:00 AM Changeset in webkit [217348] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[mac-wk1] LayoutTest media/modern-media-controls/airplay-button/airplay-button.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=168409

Unreviewed.

Remove temporary logging which prevents performance bots from reporting useful data.

Patch by Antoine Quint <Antoine Quint> on 2017-05-24

  • page/Page.cpp:

(WebCore::Page::suspendScriptedAnimations):

1:40 AM Changeset in webkit [217347] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r216978 - getElementById can return a wrong elemnt when a matching element is removed during beforeload event
https://bugs.webkit.org/show_bug.cgi?id=171374

Patch by Ryosuke Niwa <rniwa@webkit.org> on 2017-05-17
Reviewed by Brent Fulgham.

Source/WebCore:

The bug was caused by HTMLLinkElement firing beforeload event inside insertedInto before the tree state is updated.
Delay the event dispatch to the post insertion callback.

Test: fast/html/link-element-removal-during-beforeload.html

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::insertedInto):
(WebCore::HTMLLinkElement::finishedInsertingSubtree):

  • html/HTMLLinkElement.h:

LayoutTests:

Added a regression test for calling getElementById after removing a matching element
during beforeload event of a link element.

  • fast/html/link-element-removal-during-beforeload-expected.txt: Added.
  • fast/html/link-element-removal-during-beforeload.html: Added.
1:37 AM Changeset in webkit [217346] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r216968 - Remove C-style casts by using xmlDocPtr instead of void*
<https://webkit.org/b/172189>

Reviewed by Alex Christensen.

  • dom/TransformSource.h: Fix whitespace indentation.

(typedef PlatformTransformSource): Use xmlDocPtr not void*.

  • dom/TransformSourceLibxslt.cpp:

(WebCore::TransformSource::~TransformSource): Remove cast.

  • xml/XSLStyleSheetLibxslt.cpp:

(WebCore::XSLStyleSheet::document): Remove cast.

  • xml/XSLTProcessorLibxslt.cpp:

(WebCore::xmlDocPtrFromNode): Remove casts.

  • xml/parser/XMLDocumentParser.h:

(WebCore::xmlDocPtrForString): Update declaration to return
xmlDocPtr not void*.

  • xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::XMLDocumentParser::doEnd): Change type of local
variable from void* to xmlDocPtr.
(WebCore::xmlDocPtrForString): Update to return xmlDocPtr
not void*.

1:35 AM Changeset in webkit [217345] by jfernandez@igalia.com
  • 4 edits in trunk

[css-grid] Ignore collapsed tracks on content-distribution alignment
https://bugs.webkit.org/show_bug.cgi?id=172493

Reviewed by Manuel Rego Casasnovas.

Source/WebCore:

The CSS Box Alignment spec states that we should ignore the collapsed
tracks when computing the Distribution Alignment space to assign to the
different grid tracks.

No new tests, just unskipping the web-platform-tests imported to verify this use case.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::populateGridPositionsForDirection):

LayoutTests:

Unskip the web-platform-tests related to content-alignment and collapsed tracks.

1:21 AM Changeset in webkit [217344] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r216915 - [SOUP] Remove LATEST_RECORD_VERSION from GnuTLS priority string
https://bugs.webkit.org/show_bug.cgi?id=172153

Based on discussion with Nikos in https://bugzilla.gnome.org/show_bug.cgi?id=782218, we
should remove LATEST_RECORD_VERSION from our GnuTLS priority string. This causes GnuTLS to
use the latest TLS record version (the record format is separate from the TLS protocol
version), which we needed a couple years ago (after dropping SSLv3) for maximum
compatibility with broken web servers. But it's not needed anymore, and is causing new
compatibility problems with other broken web servers, so let's get rid of it.

Reviewed by Carlos Garcia Campos.

  • NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

  • WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

1:18 AM Changeset in webkit [217343] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r216889 - Crash in libxml2.2.dylib: xmlDictReference
<https://webkit.org/b/172086>
<rdar://problem/23643436>

Reviewed by Daniel Bates.

Speculative fix and code clean-up based on source code
inspection. The fix for the crash is in two parts that change
XSLStyleSheet::parseString():

  1. Always set m_stylesheetDoc to nullptr after freeing it via XSLStyleSheet::clearXSLStylesheetDocument().
  2. Add nullptr check before using m_stylesheetDoc from parent.

Broadly speaking, the changes are:

  • Extract code to reset m_stylesheetDoc into new private XSLStyleSheet::clearXSLStylesheetDocument() method. There is a special contract between m_stylesheetDoc and m_stylesheetDocTaken that wasn't being followed every time. See comment in XSLStyleSheet::compileStyleSheet().
  • XSLStyleSheet::clearDocuments() now calls new clearXSLStylesheetDocument() method. Previously, it was not checking or resetting m_stylesheetDocTaken, and it might have leaked an xmlDocPtr if m_stylesheetDoc was set and m_stylesheetDocTaken was false.
  • XSLStyleSheet::parseString() now calls new clearXSLStylesheetDocument() method. Previously, it did not clear m_stylesheetDoc after freeing it, and it could return early due to a failure in xmlCreateMemoryParserCtxt().
  • In XSLStyleSheet::parseString() use checked arithmetic when calculating 'size' for xmlCreateMemoryParserCtxt() and xmlCtxtReadMemory(). This code used to do an implicit unsigned -> signed integer conversion that could overflow.
  • Always iterate m_children using an 'auto& import' variable.
  • xml/XSLStyleSheet.h:

(WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add declaration.
(WebCore::XSLStyleSheet::m_disabled): Add default initializer.
(WebCore::XSLStyleSheet::m_stylesheetDoc): Ditto.
(WebCore::XSLStyleSheet::m_stylesheetDocTaken): Ditto.
(WebCore::XSLStyleSheet::m_parentStyleSheet): Ditto.

  • xml/XSLStyleSheetLibxslt.cpp:

(WebCore::XSLStyleSheet::XSLStyleSheet): Get rid of redundant
initializers. Set m_parentStyleSheet if needed.
(WebCore::XSLStyleSheet::~XSLStyleSheet): Call
clearXSLStylesheetDocument() instead of custom code. Switch
m_children fast iteration to use 'auto& import' variable.
(WebCore::XSLStyleSheet::isLoading): Switch m_children fast
iteration to use 'auto& import' variable.
(WebCore::XSLStyleSheet::clearDocuments): Call
clearXSLStylesheetDocument() instead of setting m_stylesheetDoc
to nullptr. This might fix an occasional xmlDocPtr leak.
(WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add. This
method always sets m_stylesheetDoc to nullptr (after freeing it
if necessary) and sets m_stylesheetDocTaken to false.
(WebCore::XSLStyleSheet::parseString): Call
clearXSLStylesheetDocument(). Prior to this, m_stylesheetDoc
might be left pointing to a freed value, and this method could
return early if xmlCreateMemoryParserCtxt() failed. Switch to
using Checked<> to compute required buffer size to parse XSL
stylesheet, and return early on overflow. Clean up existing
return statements to use boolean expressions. Add nullptr check
for m_parentStyleSheet->m_stylesheetDoc before using it.
(WebCore::XSLStyleSheet::loadChildSheet): Get rid of local
variable by calling loadSheet() from last array element.
(WebCore::XSLStyleSheet::compileStyleSheet): Add debug assert
that m_stylesheetDoc is not nullptr.

1:01 AM Changeset in webkit [217342] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r216859 - [CAIRO] Painting an image mask with a matrix above Pixman's limit breaks internal states of Cairo
https://bugs.webkit.org/show_bug.cgi?id=169094

Reviewed by Žan Doberšek.

Source/WebCore:

It is the same problem which addressed in r212431.
In HiDPI situation, it happens easily due to the size of coordinates.
Also, if this bug happens, it will break the rendering continuously
since we are reusing graphics contexts to render webpages in same
webview.

Test: fast/hidpi/hidpi-long-page-with-inset-element.html

  • platform/graphics/cairo/PlatformContextCairo.cpp:

(WebCore::PlatformContextCairo::pushImageMask):
We can avoid the limit of the Pixman by reducing the source surface's
size, and it will create a minimal pattern matrix.

LayoutTests:

  • fast/hidpi/hidpi-long-page-with-inset-element-expected.html: Added.
  • fast/hidpi/hidpi-long-page-with-inset-element.html: Added.
12:59 AM Changeset in webkit [217341] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r216847 - Always reset the assisted node when the main frame commits a new load.
https://bugs.webkit.org/show_bug.cgi?id=172088

Reviewed by Antti Koivisto.

WebPage::m_assistedNode could extend the lifetime of the document it pointed into
if the main frame was navigated while the assisted node was in one of its subframes.
The life-supported document wouldn't be reachable from JavaScript but nevertheless
would consume memory and other resources.

This patch fixes the issue by always clearing WebPage::m_assistedNode when the main
frame commits a new load.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::resetAssistedNodeForFrame):

12:52 AM Changeset in webkit [217340] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r216789 - Check existence of a page before accessing its plugins
https://bugs.webkit.org/show_bug.cgi?id=171712
<rdar://problem/32007806>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: plugins/navigator-plugin-crash.html

  • plugins/DOMPlugin.cpp:

(WebCore::DOMPlugin::item):
(WebCore::DOMPlugin::namedItem):

LayoutTests:

  • plugins/navigator-plugin-crash-expected.txt: Added.
  • plugins/navigator-plugin-crash.html: Added.
12:48 AM Changeset in webkit [217339] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16

Merge r216759 - [GTK] ASSERTION FAILED: !m_flushingLayers
https://bugs.webkit.org/show_bug.cgi?id=172025

Reviewed by Žan Doberšek.

Source/WebCore:

The problem is that syncImageBacking() is calling didChangeLayerState(). All sync methods are called by
flushCompositingStateForThisLayerOnly() while flushing layers, so none of them should call didChange method that
will schedule a new flush while flushing.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::syncImageBacking):

LayoutTests:

  • platform/gtk/TestExpectations:
12:46 AM Changeset in webkit [217338] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r216758 - [GTK] GIF images are not properly loaded the first time
https://bugs.webkit.org/show_bug.cgi?id=170432

Reviewed by Carlos Alberto Lopez Perez.

Source/WebCore:

When the GIF image is loaded for the first time, it's always read from the network, and the decoder is usually
fetched with chunks of data. Then the data is cached in disk by the network process, so that when loaded from
the cache, the whole encoded data is available to fetch the encoder. The problem is that we are failing to
decode the image when giving chunks of data, that's why it only happens the first time loaded. If the first
chunk of data provided is enough to get some metadata, including the size, but not frame contents, the load fails
in CachedImage::addIncrementalDataBuffer() because the EncodedDataStatus reported is SizeAvailable but
Image::isNull() returns true. An Image is considered to be Null when its size is empty, and the size is
calculated always using the first frame in ImageFrameCache. Since we still don't have frames, the image is
always Null in this case. It is not expected that EncodedDataStatus returns SizeAvailable and the image is Null,
that's why it's considered an error and the load finishes with a decode error. However, the non CG ImageDecoder
has a m_size member to handle this particular case, and it's when m_size is set when EncodedDataStatus changes
to SizeAvailable. We should return the ImageEncoder size as the ImageSize when we have a decoder but
not frames yet.

Test: http/tests/images/gif-progressive-load.html

  • platform/graphics/ImageFrameCache.cpp:

(WebCore::ImageFrameCache::size): Return ImageDecoder::size() without caching it, if frame list is empty.

LayoutTests:

  • http/tests/images/gif-progressive-load-expected.html: Added.
  • http/tests/images/gif-progressive-load.html: Added.
12:39 AM Changeset in webkit [217337] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r216670 - [GTK] JavaScript prompt uses title of page to be loaded rather than title of current page
https://bugs.webkit.org/show_bug.cgi?id=152690

Reviewed by Michael Catanzaro.

webkit_web_view_get_uri() returns the page to be loaded, use
internal api for this.

  • UIProcess/API/gtk/WebKitWebView.cpp:

(webkitWebViewCreateJavaScriptDialog):

12:38 AM Changeset in webkit [217336] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.16

Merge r216643 - REGRESSION (r167845): ASSERT(!m_renderView.needsLayout()) in svg/custom/bug79798.html
https://bugs.webkit.org/show_bug.cgi?id=132297

Reviewed by Simon Fraser.

Source/WebCore:

We don't know why m_renderView needs layout in this case, but we know that we don't need to
assert if the client hasn't set the ScrollableInnerFrameTrigger compositing trigger.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame):

LayoutTests:

  • http/tests/navigation/keyboard-events-during-provisional-navigation-expected.txt:
  • http/tests/navigation/keyboard-events-during-provisional-subframe-navigation-expected.txt:
  • http/tests/navigation/resources/keyboard-events-test.js:

(runTest):

  • platform/ios-wk2/TestExpectations:
  • platform/wk2/TestExpectations:
12:34 AM Changeset in webkit [217335] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r216631 - REGRESSION (r207372) Visibility property is not inherited when used in an animation
https://bugs.webkit.org/show_bug.cgi?id=171883
<rdar://problem/32086550>

Reviewed by Simon Fraser.

Source/WebCore:

The problem here is that our animation code is tied to renderers. We don't have renderers during
the initial style resolution so animations are not applied yet. When constructing renderers we set
their style to the initial animated style but this step can't implement inheritance.

Normally this is invisible as the first animation frame will immediately inherit the style correctly.
However in this case the animation is discrete and the first frame is the same as the initial state.
With r207372 we optimize the descendant style change away.

This patch fixes the problem by tracking that the renderer has initial animated style and inheriting
it to descendants during next style resolution even if it doesn't change.

Test: animations/animation-initial-inheritance.html

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::RenderElement):

  • rendering/RenderElement.h:

(WebCore::RenderElement::hasInitialAnimatedStyle):
(WebCore::RenderElement::setHasInitialAnimatedStyle):

  • style/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::createRenderer):

Set a bit on renderer indicating it has initial animated style.

  • style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::createAnimatedElementUpdate):

Return at least 'Inherit' for style change when updating renderer with initial animated style.

LayoutTests:

  • animations/animation-initial-inheritance-expected.html: Added.
  • animations/animation-initial-inheritance.html: Added.
12:23 AM Changeset in webkit [217334] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r216608 - Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer).
https://bugs.webkit.org/show_bug.cgi?id=160337
<rdar://problem/27611733>

Reviewed by Filip Pizlo and Geoffrey Garen.

This is a workaround for <rdar://problem/27607384>. During thread initialization,
for some target platforms, thread state is momentarily set to 0 before being
filled in with the target thread's real register values. As a result, there's
a race condition that may result in us getting a null stackPointer during a GC scan.
This issue may manifest with workqueue threads where the OS may choose to recycle
a thread for an expired task.

The workaround is simply to indicate that there's nothing to copy and return.
This is correct because we will only ever observe a null pointer during thread
initialization. Hence, by definition, there's nothing there that we need to scan
yet, and therefore, nothing that needs to be copied.

  • heap/MachineStackMarker.cpp:

(JSC::MachineThreads::tryCopyOtherThreadStack):

12:23 AM Changeset in webkit [217333] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r216607 - REGRESSION (r206960): Possible null pointer dereference under DOMSelection::getRangeAt()
https://bugs.webkit.org/show_bug.cgi?id=171925
<rdar://problem/29931223>

Reviewed by Wenson Hsieh.

We have evidence that selection().firstRange() can return null in DOMSelection::getRangeAt().
When this happens, we now throw an INDEX_SIZE_ERR instead of dereferencing it.

I believe this can happen if the VisibleSelection is orphaned but not none, because
rangeCount() only checks for isNone() but VisibleSelection::firstRange() can return null
if isNoneOrOrphaned().

No new tests, I do not know how to reproduce.

  • page/DOMSelection.cpp:

(WebCore::DOMSelection::getRangeAt):

12:21 AM Changeset in webkit [217332] by Wenson Hsieh
  • 5 edits
    2 adds in trunk

Respect image UTIs when writing to item providers when beginning data interaction on an image
https://bugs.webkit.org/show_bug.cgi?id=172436
<rdar://problem/31786569>

Reviewed by Beth Dakin.

Source/WebCore:

Previously, when beginning writing images to the WebItemProviderPasteboard, we would create a new UIImage and
use standard UIImage UIItemProviderWriting utilities to register the image to the pasteboard. This is lossy for
gifs, since UIImage doesn't inherently know how to represent gifs. Instead, register the raw image data directly
to the UTI type corresponding to the MIME type of the image, and use UIImage's item provider writing capability
as a fallback when the raw resourceData is unavailable.

Augments existing unit tests, and also adds a new unit test:
DataInteractionTests.ImageDoesNotUseElementSizeAsEstimatedSize

  • platform/ios/PlatformPasteboardIOS.mm:

(WebCore::PlatformPasteboard::writeObjectRepresentations):

Tools:

Tweaks existing unit tests and adds a new test for image data interaction. See WebCore ChangeLog for more
details.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/apple.gif: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/gif-and-file-input.html: Added.

Create a new test page containing a GIF and a file input.

  • TestWebKitAPI/Tests/ios/DataInteractionTests.mm:

(checkTypeIdentifierIsRegisteredAtIndex):
(TestWebKitAPI::TEST):

12:19 AM Changeset in webkit [217331] by Carlos Garcia Campos
  • 8 edits
    2 copies in releases/WebKitGTK/webkit-2.16

Merge r216599 - Keyboard input suppression should extend to subframes
https://bugs.webkit.org/show_bug.cgi?id=171880
<rdar://problem/31201793>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: http/tests/navigation/keyboard-events-during-provisional-subframe-navigation.html

  • dom/EventDispatcher.cpp:

(WebCore::shouldSuppressEventDispatchInDOM): Changed to call shouldSuppressKeyboardInput()
on the main frame's loader.

  • editing/Editor.cpp:

(WebCore::Editor::shouldInsertText): Ditto.

LayoutTests:

  • http/tests/navigation/keyboard-events-during-provisional-navigation-expected.txt:
  • http/tests/navigation/keyboard-events-during-provisional-navigation.html:
  • http/tests/navigation/keyboard-events-during-provisional-subframe-navigation-expected.txt: Copied from LayoutTests/http/tests/navigation/keyboard-events-during-provisional-navigation-expected.txt.
  • http/tests/navigation/keyboard-events-during-provisional-subframe-navigation.html: Copied from LayoutTests/http/tests/navigation/keyboard-events-during-provisional-navigation.html.
  • http/tests/navigation/resources/keyboard-events-after-navigation.html:
  • http/tests/navigation/resources/keyboard-events-test.js:

(runTest):
(waitForProvisionalNavigation.xhr.onreadystatechange):
(waitForProvisionalNavigation):

12:16 AM Changeset in webkit [217330] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.16

Merge r216593 - Null pointer dereference in WTF::RefPtr<WTF::StringImpl>::operator!() under slow_path_get_direct_pname
https://bugs.webkit.org/show_bug.cgi?id=171801

Reviewed by Michael Saboff.

JSTests:

These tests used to crash. The prefix and postfix tests cover different paths, except
postfix-ignored goes down the same path as prefix due to an optimization.

  • stress/for-in-postfix-ignored-index.js: Added.

(foo):

  • stress/for-in-postfix-index.js: Added.

(foo):

  • stress/for-in-prefix-index.js: Added.

(foo):

Source/JavaScriptCore:

This was a goofy oversight. The for-in optimization relies on the bytecode generator
to detect when the loop's index variable gets mutated. We forgot to have the hooks for
detecting this in prefix and postfix operations (++i and i++).

  • bytecompiler/NodesCodegen.cpp:

(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve):

12:12 AM Changeset in webkit [217329] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r216584 - [GTK] HTTP authentication dialog should focus on first input field
https://bugs.webkit.org/show_bug.cgi?id=151349

Reviewed by Michael Catanzaro.

Setting focus on a widget before it's mapped does nothing. Move
the call to the right place.

  • UIProcess/API/gtk/WebKitAuthenticationDialog.cpp:

(webkitAuthenticationDialogInitialize):
(webkitAuthenticationDialogMap):

12:11 AM Changeset in webkit [217328] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebInspectorUI

Merge r216562 - [GTK][Win] Web Inspector: Cann't open "Quick Open" dialog by pressing Ctrl+Shift+O
https://bugs.webkit.org/show_bug.cgi?id=171798

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-09
Reviewed by Michael Catanzaro.

PC can't input the shortcut keys Command+Shift+O and Command+P.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded): Use CommandOrControl instead of Command.

12:08 AM Changeset in webkit [217327] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r216547 - Heap::heap() should behave gracefully for null pointers
https://bugs.webkit.org/show_bug.cgi?id=171888
<rdar://problem/32005315>

Reviewed by Mark Lam.

Some callers of Heap::heap() can pass a null cell and they will behave gracefully if we
return a null Heap. So, let's do that.

This fixes a crash and it does not hurt performance. I'm seeing a possible 0.5% regression
with 74% probability. That's a neutral result by our usual 95% standard.

  • heap/HeapInlines.h:

(JSC::Heap::heap):

Note: See TracTimeline for information about the timeline view.