Timeline



Jan 1, 2009:

11:49 PM Changeset in webkit [39545] by oliver@apple.com
  • 2 edits in trunk/WebCore

<rdar://problem/6450530> WebCore::FontPlatformData should not leak

Reviewed by Dan Bernstein.

Whoops, previous patch should also have fixed the font referencing in
the constructor.

11:46 PM Changeset in webkit [39544] by oliver@apple.com
  • 2 edits in trunk/WebCore

<rdar://problem/6450530> WebCore::FontPlatformData should not leak

Reviewed by Dan Bernstein.

Make sure we only adopt the new font, rather than re-referencing (and so leaking).

10:09 PM Changeset in webkit [39543] by Darin Adler
  • 3 edits in trunk/LayoutTests

2009-01-01 Darin Adler <Darin Adler>

Add one more String.replace test case that I should have included in that last check-in.

  • fast/js/resources/string-replace-3.js: Added test case that covers more of the cases where $0-$99 are used but are actually valid.
  • fast/js/string-replace-3-expected.txt: Added new result.
9:56 PM Changeset in webkit [39542] by Darin Adler
  • 5 edits in trunk

JavaScriptCore:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Oliver Hunt.

String.replace does not support $& replacement metacharacter when search term is not a RegExp
<https://bugs.webkit.org/show_bug.cgi?id=21431>
<rdar://problem/6274993>

Test: fast/js/string-replace-3.html

  • runtime/StringPrototype.cpp: (JSC::substituteBackreferences): Added a null check here so we won't try to handle $$-$9 backreferences when the search term is a string, not a RegExp. Added a check for 0 so we won't try to handle $0 or $00 as a backreference. (JSC::stringProtoFuncReplace): Added a call to substituteBackreferences.

LayoutTests:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Oliver Hunt.

String.replace does not support $& replacement metacharacter when search term is not a RegExp
<https://bugs.webkit.org/show_bug.cgi?id=21431>
<rdar://problem/6274993>

  • fast/js/resources/string-replace-3.js: Added test cases to cover replace with non-regexp and to cover "$0" and "$00".
  • fast/js/string-replace-3-expected.txt: Added new results.
8:47 PM Changeset in webkit [39541] by Darin Adler
  • 3 edits
    1 delete in trunk

WebCore:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

Bug 23071: REGRESSION (r39536): New test failures after committing patch in bug 23051 (ICU search)
https://bugs.webkit.org/show_bug.cgi?id=23071

Also fix some things that Dan suggested during review of the ICU search patch that I forgot
the first time around.

  • editing/TextIterator.cpp: Use ICU search on all platforms that use ICU, now that we've double checked it works everywhere, removing HAVE_ICU_SEARCH entirely. Removed unused m_atBreak data member from the non-ICU code path. (WebCore::TextIterator::TextIterator): Move null check up. (WebCore::TextIterator::handleTextBox): Fix mistake that made the iterator include collapsed whitespace. This was left over from an earlier version of the patch. (WebCore::SimplifiedBackwardsTextIterator::SimplifiedBackwardsTextIterator): Move null check up.

LayoutTests:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

Turn on the regression test for ICU search on Mac OS X Tiger too.
It was already on for Windows (by accident, failing), but now WebCore has been changed
so it should work fine on all platforms using ICU, which includes both of those.

  • platform/mac-tiger/editing/execCommand: Removed.
  • platform/mac-tiger/editing/execCommand/findString-diacriticals-expected.txt: Removed.
7:06 PM Changeset in webkit [39540] by barraclough@apple.com
  • 9 edits in trunk/JavaScriptCore

2009-01-01 Gavin Barraclough <barraclough@apple.com>

Reviewed by Darin Adler.

Allow 32-bit integers to be stored in JSImmediates, on x64-bit.
Presently the top 32-bits of a 64-bit JSImmediate serve as a sign extension of a 31-bit
int stored in the low word (shifted left by one, to make room for a tag). In the new
format, the top 31-bits serve as a sign extension of a 32-bit int, still shifted left by
one.

The new behavior is enabled using a flag in Platform.h, 'WTF_USE_ALTERNATE_JSIMMEDIATE'.
When this is set the constants defining the range of ints allowed to be stored as
JSImmediate values is extended. The code in JSImmediate.h can safely operate on either
format. This patch updates the JIT so that it can also operate with the new format.

~2% progression on x86-64, with & without the JIT, on sunspider & v8 tests.

  • assembler/MacroAssembler.h: (JSC::MacroAssembler::addPtr): (JSC::MacroAssembler::orPtr): (JSC::MacroAssembler::or32): (JSC::MacroAssembler::rshiftPtr): (JSC::MacroAssembler::rshift32): (JSC::MacroAssembler::subPtr): (JSC::MacroAssembler::xorPtr): (JSC::MacroAssembler::xor32): (JSC::MacroAssembler::move): (JSC::MacroAssembler::compareImm64ForBranch): (JSC::MacroAssembler::compareImm64ForBranchEquality): (JSC::MacroAssembler::jePtr): (JSC::MacroAssembler::jgePtr): (JSC::MacroAssembler::jlPtr): (JSC::MacroAssembler::jlePtr): (JSC::MacroAssembler::jnePtr): (JSC::MacroAssembler::jnzSubPtr): (JSC::MacroAssembler::joAddPtr): (JSC::MacroAssembler::jzSubPtr):
  • assembler/X86Assembler.h: (JSC::X86Assembler::addq_rr): (JSC::X86Assembler::orq_ir): (JSC::X86Assembler::subq_ir): (JSC::X86Assembler::xorq_rr): (JSC::X86Assembler::sarq_CLr): (JSC::X86Assembler::sarq_i8r): (JSC::X86Assembler::cmpq_ir):
  • jit/JIT.cpp: (JSC::JIT::compileOpStrictEq): (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): (JSC::JIT::privateCompileCTIMachineTrampolines):
  • jit/JIT.h:
  • jit/JITArithmetic.cpp: (JSC::JIT::compileFastArith_op_lshift): (JSC::JIT::compileFastArithSlow_op_lshift): (JSC::JIT::compileFastArith_op_rshift): (JSC::JIT::compileFastArithSlow_op_rshift): (JSC::JIT::compileFastArith_op_bitand): (JSC::JIT::compileFastArithSlow_op_bitand): (JSC::JIT::compileFastArith_op_mod): (JSC::JIT::compileFastArithSlow_op_mod): (JSC::JIT::compileFastArith_op_add): (JSC::JIT::compileFastArithSlow_op_add): (JSC::JIT::compileFastArith_op_mul): (JSC::JIT::compileFastArithSlow_op_mul): (JSC::JIT::compileFastArith_op_post_inc): (JSC::JIT::compileFastArithSlow_op_post_inc): (JSC::JIT::compileFastArith_op_post_dec): (JSC::JIT::compileFastArithSlow_op_post_dec): (JSC::JIT::compileFastArith_op_pre_inc): (JSC::JIT::compileFastArithSlow_op_pre_inc): (JSC::JIT::compileFastArith_op_pre_dec): (JSC::JIT::compileFastArithSlow_op_pre_dec): (JSC::JIT::compileBinaryArithOp):
  • jit/JITInlineMethods.h: (JSC::JIT::getConstantOperand): (JSC::JIT::getConstantOperandImmediateInt): (JSC::JIT::isOperandConstantImmediateInt): (JSC::JIT::isOperandConstant31BitImmediateInt): (JSC::JIT::emitFastArithDeTagImmediate): (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): (JSC::JIT::emitFastArithReTagImmediate): (JSC::JIT::emitFastArithImmToInt): (JSC::JIT::emitFastArithIntToImmNoCheck):
  • runtime/JSImmediate.h: (JSC::JSImmediate::isPositiveNumber): (JSC::JSImmediate::isNegative): (JSC::JSImmediate::rightShiftImmediateNumbers): (JSC::JSImmediate::canDoFastAdditiveOperations): (JSC::JSImmediate::makeValue): (JSC::JSImmediate::makeInt): (JSC::JSImmediate::makeBool): (JSC::JSImmediate::intValue): (JSC::JSImmediate::rawValue): (JSC::JSImmediate::toBoolean): (JSC::JSImmediate::from):
  • wtf/Platform.h:
6:21 PM Changeset in webkit [39539] by mitz@apple.com
  • 13 edits in trunk/LayoutTests/platform/mac/fast

Set the svn:mime-type property of recently-added PNG files to image/png.

6:07 PM Changeset in webkit [39538] by Simon Fraser
  • 7 edits
    4 adds in trunk

2009-01-01 Simon Fraser <Simon Fraser>

Reviewed by Darin Adler, Oliver Hunt

https://bugs.webkit.org/show_bug.cgi?id=23065

Enable incremental painting of canvas. This turns incremental painting
back on, and fixes issues with stroke width and miters, calling willDraw()
for strokeText and fillText, and taking shadows into account.

Test: fast/canvas/canvas-incremental-repaint.html

5:08 PM Changeset in webkit [39537] by oliver@apple.com
  • 4 edits in trunk/WebCore

2008-12-29 Konstantin Käfer <kkaefer@gmail.com>

Reviewed by Tim Hatcher.

Fix for https://bugs.webkit.org/show_bug.cgi?id=17229
<rdar://problem/5732829> Inspector should show properties of all JS objects in Console

Prints objects not as plain text but makes them expandable so that
they can be inspected.

  • inspector/front-end/Console.js: (): added a parameter "inline" to the WebInspector.Console._format function which indicates

whether the object is printed in the context of another string (with console.log()) or
as sole element.

(.): objects and DOM nodes are now printed in an expandable form when they are printed alone

(i.e. not in the context of a console.log() string) so that they can be inspected.

  • inspector/front-end/PropertiesSection.js: (WebInspector.PropertiesSection.prototype.set title): Allow DOM Nodes as title instead of strings

in that case, the Node is inserted into the title instead of the string value of the passed
object. This is used for displaying linkified titles, for example when inspecting DOM nodes,
the syntax highlighted HTML representation is shown instead of the plain source code.

  • inspector/front-end/inspector.css: correct the offsetParent for the expandable object inspector.
1:19 PM Changeset in webkit [39536] by Darin Adler
  • 3 edits
    7 adds in trunk

WebCore:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

Bug 23051: web page searching should use ICU's search so it can ignore diacritical differences
https://bugs.webkit.org/show_bug.cgi?id=23051
rdar://problem/3574497

Test: editing/execCommand/findString-diacriticals.html

  • editing/TextIterator.cpp: Changed the CircularSearchBuffer class to have a new name, since it doesn't always use a circular buffer any more. Changed the interface so it can work well in the new chunky comparison mode for ICU search, and also added private data members for both the ICU-search and non-ICU-search code paths. (WebCore::TextIterator::TextIterator): Use the versions of the Range functions that don't take an exception code. (WebCore::TextIterator::handleTextBox): Added a special case to handle the position of a collapsed-away space better. This is not needed for search mechanism, but was helpful in an earlier version of this patch, and is still an improvement. (WebCore::SimplifiedBackwardsTextIterator::SimplifiedBackwardsTextIterator): Use the versions of the Range functions that don't take an exception code. (WebCore::CharacterIterator::range): Ditto. (WebCore::characterSubrange): Added. Helper function used in both places below where we want to convert a range and character offsets into a subrange. (WebCore::WordAwareIterator::advance): Use the versions of the Range functions that don't take an exception code. (WebCore::createSearcher): Added. (WebCore::searcher): Added. (WebCore::lockSearcher): Added. (WebCore::unlockSearcher): Added. (WebCore::SearchBuffer::SearchBuffer): Added. (WebCore::SearchBuffer::~SearchBuffer): Added. (WebCore::SearchBuffer::append): Added. (WebCore::SearchBuffer::atBreak): Added. (WebCore::SearchBuffer::reachedBreak): Added. (WebCore::SearchBuffer::search): Added. (WebCore::SearchBuffer::length): Added. (WebCore::TextIterator::subrange): Changed to call the characterSubrange function above. (WebCore::TextIterator::rangeFromLocationAndLength): Use the versions of the Range functions that don't take an exception code. Also tweak some other details of the code. (WebCore::isAllCollapsibleWhitespace): Added. (WebCore::collapsedToBoundary): Added. (WebCore::findPlainText): Rewrote to use new interface and streamline the logic a bit.

Add the relevant files in the icu directory. As icu/README says, the "icu"
directory is really just for Mac OS X, where we have the ICU library but not
the headers installed. It should be moved inside platform/mac at some point
to make this more clear (and the copy in JavaScriptCore should be moved
somewhere similar for the same reason).

  • icu/unicode/ucoleitr.h: Added.
  • icu/unicode/usearch.h: Added.

LayoutTests:

2009-01-01 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

Bug 23051: web page searching should use ICU's search so it can ignore diacritical differences
https://bugs.webkit.org/show_bug.cgi?id=23051
rdar://problem/3574497

Currently this is only activated on the Mac platform, not including Tiger.

  • editing/execCommand/findString-diacriticals-expected.txt: Added. Expect failure.
  • editing/execCommand/findString-diacriticals.html: Added.
  • platform/mac-tiger/editing/execCommand: Added.
  • platform/mac-tiger/editing/execCommand/findString-diacriticals-expected.txt: Added. Expect failure.
  • platform/mac/editing/execCommand/findString-diacriticals-expected.txt: Added. Expect success.
12:34 AM Changeset in webkit [39535] by oliver@apple.com
  • 2 edits in trunk/WebCore

CrashTracer: [REGRESSION] 1090 crashes in Safari at com.apple.JavaScriptCore: KJS::JSGlobalObject::stopTimeoutCheck + 0
<rdar://problem/5821130>

Reviewed by Cameron Zwarich.

This was caused by a plugin instance calling into JS code that removed the plugin
object. This fix is to cache the global object locally in a ProtectedPtr so we don't
need to rely on the continued existence of the plugin instance.

12:22 AM Changeset in webkit [39534] by oliver@apple.com
  • 7 edits in trunk

[jsfunfuzz] Assertion + incorrect behaviour with dynamically created local variable in a catch block
<https://bugs.webkit.org/show_bug.cgi?id=23063>

Reviewed by Cameron Zwarich

Eval inside a catch block attempts to use the catch block's static scope in
an unsafe way by attempting to add new properties to the scope. This patch
fixes this issue simply by preventing the catch block from using a static
scope if it contains an eval.

Dec 31, 2008:

6:33 PM Changeset in webkit [39533] by oliver@apple.com
  • 5 edits in trunk

[jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
<https://bugs.webkit.org/show_bug.cgi?id=23062>

Reviewed by Gavin Barraclough.

This was caused by the expression information for the initial resolve of
eval not being emitted. If this resolve was the first instruction that
could throw an exception the information search would fail leading to an
assertion failure. If it was not the first throwable opcode the wrong
expression information would used.

Fix is simply to emit the expression info.

9:52 AM Changeset in webkit [39532] by zecke@webkit.org
  • 12 edits in trunk/WebKit/gtk

Add section information for View, Frame, Settings, HistoryItem, BackForwardList, WindowFeatures and Inspector

Add section information and informal examples for WebKitWebView,
WebKitWebFrame, WebKitWebSettings, WebKitWebNetworkRequest,
WebKitWebWindowFeatures, WebKitWebHistoryItem,
WebKitWebBackForwardList and WebKitWebInspector.

9:31 AM Changeset in webkit [39531] by zecke@webkit.org
  • 2 edits in trunk/WebKitTools

2008-12-31 Zan Dobersek <zandobersek@gmail.com>

Reviewed by Holger Freyther.

https://bugs.webkit.org/show_bug.cgi?id=22812

Prevent TestNetscapePlugin from installing system-wide.

  • GNUmakefile.am:
9:12 AM Changeset in webkit [39530] by zecke@webkit.org
  • 2 edits in trunk/WebCore

2008-12-31 Laszlo Gombos <Laszlo Gombos>

Reviewed by Holger Freyther.

Fixes: https://bugs.webkit.org/show_bug.cgi?id=22964

MinGW build failure.

  • platform/graphics/qt/SimpleFontDataQt.cpp: (WebCore::SimpleFontData::containsCharacters):
8:52 AM Changeset in webkit [39529] by zecke@webkit.org
  • 2 edits in trunk/WebKitTools

2008-12-31 Zan Dobersek <zandobersek@gmail.com>

Reviewed by Holger Freyther.

https://bugs.webkit.org/show_bug.cgi?id=22842

Move WebKitWebView's size allocation into a proper place.

  • DumpRenderTree/gtk/DumpRenderTree.cpp: (dump): (runTest):
8:37 AM Changeset in webkit [39528] by zecke@webkit.org
  • 2 edits in trunk/WebCore

2008-12-31 Alexander V. Butenko <alex@digiqube.com>

Reviewed by Holger Freyther.

https://bugs.webkit.org/show_bug.cgi?id=22750
[gtk] webkit up to r39121 crash on image urls like
http:///sitename.com

  • platform/network/soup/ResourceHandleSoup.cpp: (WebCore::ResourceHandle::start):
8:17 AM Changeset in webkit [39527] by zecke@webkit.org
  • 2 edits in trunk/WebCore

2008-12-31 Hiroyuki Ikezoe <poincare@ikezoe.net>

Reviewed by Holger Freyther.

https://bugs.webkit.org/show_bug.cgi?id=18310

  • platform/graphics/gtk/SimpleFontDataPango.cpp: (WebCore::SimpleFontData::determinePitch): Do not invoke isFixedPitch() when the font is a custom font.
4:32 AM Changeset in webkit [39526] by oliver@apple.com
  • 2 edits in trunk/WebCore

More work on Bug 3781: Animation via canvas could be faster
<https://bugs.webkit.org/show_bug.cgi?id=3781>

Reviewed by Cameron Zwarich

Make use of the fast path parsing of color strings that Color
uses. This improves performance of '#rgb', '#rrggbb', etc and
named (eg. 'green') colors.

Improves frame rate of test by around 40%

2:17 AM Changeset in webkit [39525] by cwzwarich@webkit.org
  • 3 edits
    2 adds in trunk

2008-12-31 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Oliver Hunt.

Bug 23054: Caching of global lookups occurs even when the global object has become a dictionary
<https://bugs.webkit.org/show_bug.cgi?id=23054>
<rdar://problem/6469905>

JavaScriptCore:

  • interpreter/Interpreter.cpp: (JSC::Interpreter::resolveGlobal): Do not cache lookup if the global object has transitioned to a dictionary. (JSC::Interpreter::cti_op_resolve_global): Do not cache lookup if the global object has transitioned to a dictionary.

LayoutTests:

  • fast/js/pic/delete-global-object-expected.txt: Added.
  • fast/js/pic/delete-global-object.html: Added.

Dec 30, 2008:

10:49 PM Changeset in webkit [39524] by oliver@apple.com
  • 7 edits
    3 adds in trunk

<https://bugs.webkit.org/show_bug.cgi?id=23049> [jsfunfuzz] With blocks do not correctly protect their scope object
<rdar://problem/6469742> Crash in JSC::TypeInfo::hasStandardGetOwnPropertySlot() running jsfunfuzz

Reviewed by Darin Adler

The problem that caused this was that with nodes were not correctly protecting
the final object that was placed in the scope chain. We correct this by forcing
the use of a temporary register (which stops us relying on a local register
protecting the scope) and changing the behaviour of op_push_scope so that it
will store the final scope object.

9:16 PM Changeset in webkit [39523] by Simon Fraser
  • 6 edits in trunk/LayoutTests

2008-12-30 Simon Fraser <Simon Fraser>

Fix spurious test failures by rounding floating point values to
mask math differences between machines.

  • transitions/transform-op-list-match-expected.txt:
  • transitions/transform-op-list-match.html:
  • transitions/transform-op-list-no-match-expected.txt:
  • transitions/transform-op-list-no-match.html:
  • transitions/transition-test-helpers.js: (roundNumber):
4:11 PM Changeset in webkit [39522] by Simon Fraser
  • 5 edits
    4 adds in trunk

2008-12-30 Simon Fraser <Simon Fraser>

Reviewed by Darin Adler

https://bugs.webkit.org/show_bug.cgi?id=23042

Rather than doing a repaint() inside of computeAbsoluteRepaintRect()
when there is a reflection, compute the location of the rect inside
the reflection and take the union of the unreflected and reflected rects.

Test: fast/repaint/reflection-redraw.html

  • rendering/RenderBox.cpp: (WebCore::RenderBox::computeAbsoluteRepaintRect):
  • rendering/RenderObject.cpp: (WebCore::RenderObject::reflectedRect):
  • rendering/RenderObject.h:
4:07 PM Changeset in webkit [39521] by cwzwarich@webkit.org
  • 5 edits
    3 adds in trunk

2008-12-30 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Sam Weinig.

Bug 23037: Parsing and reparsing disagree on automatic semicolon insertion
<https://bugs.webkit.org/show_bug.cgi?id=23037>
<rdar://problem/6467124>

Parsing and reparsing disagree about automatic semicolon insertion, so that a
function like

function() { a = 1, }

is parsed as being syntactically valid but gets a syntax error upon reparsing.
This leads to an assertion failure in Parser::reparse(). It is not that big of
an issue in practice, because in a Release build such a function will return
'undefined' when called.

In this case, we are not following the spec and it should be a syntax error.
However, unless there is a newline separating the ',' and the '}', WebKit would
not treat it as a syntax error in the past either. It would be a bit of work to
make the automatic semicolon insertion match the spec exactly, so this patch
changes it to match our past behaviour.

The problem is that even during reparsing, the Lexer adds a semicolon at the
end of the input, which confuses allowAutomaticSemicolon(), because it is
expecting either a '}', the end of input, or a terminator like a newline.

JavaScriptCore:

  • parser/Lexer.cpp: (JSC::Lexer::Lexer): Initialize m_isReparsing to false. (JSC::Lexer::lex): Do not perform automatic semicolon insertion in the Lexer if we are in the middle of reparsing. (JSC::Lexer::clear): Set m_isReparsing to false.
  • parser/Lexer.h: (JSC::Lexer::setIsReparsing): Added.
  • parser/Parser.cpp: (JSC::Parser::reparse): Call Lexer::setIsReparsing() to notify the Lexer of reparsing.

LayoutTests:

  • fast/js/reparsing-semicolon-insertion-expected.txt: Added.
  • fast/js/reparsing-semicolon-insertion.html: Added.
  • fast/js/resources/reparsing-semicolon-insertion.js: Added.
2:30 PM Changeset in webkit [39520] by mitz@apple.com
  • 3 edits
    2 adds in trunk

WebCore:

Reviewed by Adele Peterson.

  • fix <rdar://problem/6469944> REGRESSION(3.2.1-ToT): Repro crash in WebCore::HTMLInputElement::updatePlaceholderVisibility opening http://billshrink.com

Test: fast/forms/placeholder-non-textfield.html

  • html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::parseMappedAttribute): Only call updatePlaceholderVisibility() when the placeholder attribute changes if the element is a text field.

LayoutTests:

Reviewed by Adele Peterson.

  • test for <rdar://problem/6469944> REGRESSION(3.2.1-ToT): Repro crash in WebCore::HTMLInputElement::updatePlaceholderVisibility opening http://billshrink.com
  • fast/forms/placeholder-non-textfield-expected.txt: Added.
  • fast/forms/placeholder-non-textfield.html: Added.
11:24 AM Changeset in webkit [39519] by pam@chromium.org
  • 2 edits in trunk/WebKitSite

2008-12-30 Brent Fulgham <bfulgham@gmail.com>

Reviewed by Darin Adler.
Landed by Pamela Greene.

Fixes: https://bugs.webkit.org/show_bug.cgi?id=22908.
Update website so that newbies are told they must set the
WebKitOutputDir to get a valid build.

  • building/build.html: Add language (and link) indicating the importance of setting the WebKitOutputDir variable, as well as a link to instructions on how to do so.
4:19 AM Changeset in webkit [39518] by oliver@apple.com
  • 3 edits in trunk/WebCore

First step of Bug 3781: Animation via canvas could be faster

Reviewed by Antti Koivisto.

Amortise the cost of calling repaint by coalescing repaint rects
while the canvas is drawn to. In a later step we'll stop calling
repaint() directly, and instead have all dirty canvases repaint
at the end of JS execution.

3:08 AM Changeset in webkit [39517] by cwzwarich@webkit.org
  • 3 edits in trunk/WebCore

2008-12-30 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Antti Koivisto.

Bug 22931: Using the inspector with purgeable resources leads to assertion failures
<https://bugs.webkit.org/show_bug.cgi?id=22931>

Change InspectorResource::sourceString() so that it doesn't attempt to
unsafely get the data of a purgeable CachedResource.

  • inspector/InspectorController.cpp: (WebCore::InspectorResource::sourceString): Attempt to make a purgeable resource unpurgeable, and if this not possible, return an empty string.
  • loader/CachedResource.h: Make InspectorResource a friend of CachedResource.

Dec 29, 2008:

11:54 PM Changeset in webkit [39516] by oliver@apple.com
  • 2 edits in trunk/JavaScriptCore

Yet another attempt to fix Tiger.

Reviewed by NOBODY(Build fix)

11:46 PM Changeset in webkit [39515] by oliver@apple.com
  • 2 edits in trunk/JavaScriptCore

Tiger build fix (correct this time)

Reviewed by NOBODY(build fix)

11:46 PM Changeset in webkit [39514] by ap@webkit.org
  • 5 edits in trunk/WebCore

Reviewed by Sam Weinig.

https://bugs.webkit.org/show_bug.cgi?id=23023
Remove incomplete support for opportunistic appcache entries

No change in behavior, thus no test.

  • loader/appcache/ApplicationCacheResource.h: (WebCore::ApplicationCacheResource::Type): Removed Opportunistic bit, will re-use when schema version changes.
  • loader/DocumentLoader.cpp: (WebCore::DocumentLoader::scheduleApplicationCacheLoad):
  • loader/appcache/ApplicationCacheGroup.cpp: (WebCore::ApplicationCacheGroup::didFinishLoadingManifest):
  • loader/appcache/ApplicationCacheResource.cpp: (WebCore::ApplicationCacheResource::dumpType):
11:42 PM Changeset in webkit [39513] by cwzwarich@webkit.org
  • 2 edits in trunk/JavaScriptCore

2008-12-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Rubber-stamped by Alexey Proskuryakov.

Revert r39509, because kjsyydebug is used in the generated code if YYDEBUG is 1.

  • parser/Grammar.y:
11:39 PM Changeset in webkit [39512] by oliver@apple.com
  • 2 edits in trunk/JavaScriptCore

Tiger build fix

Reviewed by NOBODY(build fix)

11:33 PM Changeset in webkit [39511] by krit@webkit.org
  • 2 edits in trunk/WebCore

2008-12-29 Dirk Schulze <krit@webkit.org>

Reviewed by Oliver Hunt.

Add arcTo support for Cairo. This is needed by Canvas.
Cairo has no native support for arcTo. We have to make our
own implementation.

[Canvas] Cairo needs arcTo
https://bugs.webkit.org/show_bug.cgi?id=23003

  • platform/graphics/cairo/PathCairo.cpp: (WebCore::Path::addArcTo):
11:21 PM Changeset in webkit [39510] by oliver@apple.com
  • 3 edits in trunk/JavaScriptCore

<rdar://problem/6358108> Insecure randomness in Math.random() leads to user tracking

Reviewed by Mark Rowe

Switch to arc4random on PLATFORM(DARWIN), this is ~1.5x slower than random(), but the
it is still so fast that there is no fathomable way it could be a bottleneck for anything.

randomNumber is called in two places

  • During form submission where it is called once per form
  • Math.random in JSC. For this difference to show up you have to be looping on a cached local copy of random, for a large (>10000) calls.

No change in SunSpider.

10:15 PM Changeset in webkit [39509] by cwzwarich@webkit.org
  • 2 edits in trunk/JavaScriptCore

2008-12-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Rubber-stamped by Sam Weinig.

Remove unused kjsyydebug #define.

  • parser/Grammar.y:
10:15 PM Changeset in webkit [39508] by oliver@apple.com
  • 3 edits
    3 adds in trunk

Bug 23030: Cannot setTransform with a non-invertible ctm

Reviewed by Cameron Zwarich.

Removed a series of unnecessary and incorrect checks for an invertible
transform.

Test: fast/canvas/canvas-set-properties-with-non-invertible-ctm.html

9:37 PM Changeset in webkit [39507] by cwzwarich@webkit.org
  • 2 edits in trunk/JavaScriptCore

2008-12-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Oliver Hunt and Sam Weinig.

Bug 23029: REGRESSION (r39337): jsfunfuzz generates identical test files
<https://bugs.webkit.org/show_bug.cgi?id=23029>
<rdar://problem/6469185>

The unification of random number generation in r39337 resulted in random()
being initialized on Darwin, but rand() actually being used. Fix this by
making randomNumber() use random() instead of rand() on Darwin.

  • wtf/RandomNumber.cpp: (WTF::randomNumber):
9:10 PM Changeset in webkit [39506] by oliver@apple.com
  • 2 edits in trunk/WebCore

2008-12-29 Josh Roesslein <jroesslein@gmail.com>

Reviewed by Oliver Hunt.

Fixes: https://bugs.webkit.org/show_bug.cgi?id=22968

Context menu rendering error when full page zoomed

7:00 PM Changeset in webkit [39505] by weinig@apple.com
  • 2 edits in trunk/JavaScriptCore

2008-12-29 Sam Weinig <sam@webkit.org>

Fix buildbots.

  • runtime/Structure.cpp:
6:05 PM Changeset in webkit [39504] by weinig@apple.com
  • 3 edits in trunk/WebCore

2008-12-29 Sam Weinig <sam@webkit.org>

Reviewed by Mark Rowe.

Add some basic memory statistic logging for Node.

  • dom/Node.cpp: (WebCore::Node::dumpStatistics): (WebCore::Node::Node): (WebCore::Node::~Node): (WebCore::Node::setDocument):
  • dom/Node.h:
6:03 PM Changeset in webkit [39503] by weinig@apple.com
  • 3 edits in trunk/WebCore

2008-12-29 Sam Weinig <sam@webkit.org>

Reviewed by Anders Carlsson.

Remove one use of DeprecatedPtrList.

  • css/CSSRuleList.cpp: (WebCore::CSSRuleList::~CSSRuleList): (WebCore::CSSRuleList::length): (WebCore::CSSRuleList::item): (WebCore::CSSRuleList::deleteRule): (WebCore::CSSRuleList::append): (WebCore::CSSRuleList::insertRule):
  • css/CSSRuleList.h: Change m_lstCSSRules from using DeprecatedPtrList to a Vector. I measured no performance change and was comforted by the fact that we use a Vector for StyleList, which serves the exact same purpose.
4:28 PM Changeset in webkit [39502] by weinig@apple.com
  • 4 edits in trunk/JavaScriptCore

2008-12-29 Sam Weinig <sam@webkit.org>

Reviewed by Oliver Hunt.

Patch for https://bugs.webkit.org/show_bug.cgi?id=23026
Move the deleted offsets vector into the PropertyMap

Saves 3 words per Structure.

  • runtime/PropertyMapHashTable.h:
  • runtime/Structure.cpp: (JSC::Structure::addPropertyTransition): (JSC::Structure::changePrototypeTransition): (JSC::Structure::getterSetterTransition): (JSC::Structure::toDictionaryTransition): (JSC::Structure::fromDictionaryTransition): (JSC::Structure::copyPropertyTable): (JSC::Structure::put): (JSC::Structure::remove): (JSC::Structure::rehashPropertyMapHashTable):
  • runtime/Structure.h: (JSC::Structure::propertyStorageSize):
1:42 PM Changeset in webkit [39501] by adele@apple.com
  • 2 edits in trunk/WebCore

2008-12-29 Adele Peterson <adele@apple.com>

Reviewed by Brady Eidson.

Fix for https://bugs.webkit.org/show_bug.cgi?id=21797
<rdar://problem/6310682> REGRESSION: Crash in CFHTTPCookieStorageCopy beneath WebCore::cookies() when
running fast/dom/document-attribute-js-null.html and http/tests/security/cookies/create-document.html


Return early if the document is trying to get or set a cookie with an empty cookie url.

  • dom/Document.cpp: (WebCore::Document::cookie): (WebCore::Document::setCookie):
12:30 PM Changeset in webkit [39500] by ap@webkit.org
  • 1 edit
    1 add
    1 delete in trunk/LayoutTests

Index: LayoutTests/ChangeLog
===================================================================
--- LayoutTests/ChangeLog (revision 39499)
+++ LayoutTests/ChangeLog (working copy)
@@ -1,3 +1,12 @@
+2008-12-29 Alexey Proskuryakov <ap@webkit.org>
+
+ Reviewed by NOBODY (OOPS!).
+
+ Fix Windows svn update - replace a file with a semicolon in its name with an Apache rewrite.
+
+ * http/tests/appcache/resources/.htaccess: Added.
+ * http/tests/appcache/resources/UNKNOWN_SECTION:: Removed.
+

2008-12-29 Glenn Wilson <gwilson@chromium.org>


Reviewed by Darin Adler.

Index: LayoutTests/http/tests/appcache/resources/.htaccess
===================================================================
--- LayoutTests/http/tests/appcache/resources/.htaccess (revision 0)
+++ LayoutTests/http/tests/appcache/resources/.htaccess (revision 0)
@@ -0,0 +1,2 @@
+RewriteEngine on
+RewriteRule UNKNOWN_SECTION: simple.txt [L,NS]
Index: LayoutTests/http/tests/appcache/resources/UNKNOWN_SECTION:
===================================================================

11:22 AM Changeset in webkit [39499] by pam@chromium.org
  • 1 edit
    2 adds in trunk/LayoutTests

2008-12-29 Glenn Wilson <gwilson@chromium.org>

Reviewed by Darin Adler.
Landed by Pamela Greene.

Added new layout tests verifying that using a locally-scoped
variable in an event handler of a form takes precedence over
names of items in that form.

See: https://bugs.webkit.org/show_bug.cgi?id=22977

  • fast/forms/var-name-conflict-in-form-event-handler-expected.txt: Added.
  • fast/forms/var-name-conflict-in-form-event-handler.html: Added.
3:08 AM Changeset in webkit [39498] by cwzwarich@webkit.org
  • 2 edits in trunk/JavaScriptCore

2008-12-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Oliver Hunt.

Change code using m_body.get() as a boolean to take advantage of the
implicit conversion of RefPtr to boolean.

  • runtime/JSFunction.cpp: (JSC::JSFunction::~JSFunction):

Dec 28, 2008:

5:35 PM Changeset in webkit [39497] by cwzwarich@webkit.org
  • 2 edits in trunk/WebCore

2008-12-28 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Sam Weinig.

Bug 23016: JavaScriptDebugServer::recompileAllJSFunctions() should not execute JS while reparsing all functions
<https://bugs.webkit.org/show_bug.cgi?id=23016>
<rdar://problem/6425077>

JavaScriptDebugServer::recompileAllJSFunctions() calls sourceParsed() while
reparsing all JS functions, which will execute JS in the inspector. Depending
on the order in which functions are recompiled, a function could have a new
body but other functions that have not been recompiled could have an optimized
(in the sense of inline caching) call to it, bypassing the check of whether or
not there is generated bytecode. This leads to a crash caused by accessing
indices off of a null pointer.

To fix the problem, simply delay calling sourceParsed() until after all functions
have been reparsed. The crash isn't 100% reproducible, but on the one test case
I have, this makes it impossible to reproduce after a large number of attempts,
when it used to happen every few attempts.

  • inspector/JavaScriptDebugServer.cpp: (WebCore::JavaScriptDebugServer::recompileAllJSFunctions):
4:25 PM Changeset in webkit [39496] by Nikolas Zimmermann
  • 3 edits in trunk/WebCore

Rubber-stamped by Antti Koivisto.
Oops, remove some last minute ASSERTS that are obviously wrong.

4:16 PM Changeset in webkit [39495] by Nikolas Zimmermann
  • 10 edits
    1 add in trunk/WebCore

Reviewed by Antti Koivisto.

Fixes: https://bugs.webkit.org/show_bug.cgi?id=23015

Don't rely on HTMLFormControlElement in RenderTextControl.

Introduce an abstract FormControlElement class, containing the
valueMatchesRenderer/setValueMatchesRenderer, the only HTMLFormControlElement
specific methods that RenderTextControl relies on.

This makes it possible for WML to reuse RenderTextControl.
RenderTextControlSingleLine still relies on HTMLInputElement,
this will change if WMLInputElement is introduced.

1:33 PM Changeset in webkit [39494] by cwzwarich@webkit.org
  • 3 edits in trunk/WebCore

2008-12-28 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Darin Adler.

Bug 23006: Many Loader::Host member functions are not safe to use reentrantly
<https://bugs.webkit.org/show_bug.cgi?id=23006>
<rdar://problem/6216106>

Many Loader::Host member functions set m_processingResource to true when they
begin processing a resource and set it to false when they are done. Thanks to
JavaScript and the web inspector, almost anything can happen during the
processing of a resource, including these functions being called reentrantly,
which is unsafe due to this way of using m_processingResource.

This can theoretically cause a Loader::Host to be used after it is freed,
because when Loader::servedPendingRequests() is called, it will free Hosts
that have m_processingResource set to false.

To fix this, we replace m_processingResource with m_numResourcesProcessing,
which is incremented and decremented using a helper object, ProcessingResource.

There are no occurrences of crashes caused by this bug that are reproducible
by multiple people, but this fixes the problem of m_processingResource being
set to false while a Host is still alive.

  • loader/loader.cpp: (WebCore::Loader::Host::Host): (WebCore::Loader::Host::didFinishLoading): Change to use ProcessingResource instead of manually setting m_processingResource. (WebCore::Loader::Host::didFail): Ditto. (WebCore::Loader::Host::didReceiveData): Ditto.
  • loader/loader.h: (WebCore::Loader::Host::ProcessingResource::ProcessingResource): Added. (WebCore::Loader::Host::ProcessingResource::~ProcessingResource): Added. (WebCore::Loader::Host::processingResource): Change to use m_numResourcesProcessing instead of just getting m_processingResource.
11:40 AM Changeset in webkit [39493] by ap@webkit.org
  • 3 edits
    2 adds in trunk

Reviewed by Darin Adler.

https://bugs.webkit.org/show_bug.cgi?id=23007
REGRESSION: Timer-related crash when closing Web Inspector

Test: fast/dom/Window/remove-timeout-crash.html

  • bindings/js/DOMTimer.cpp: (WebCore::DOMTimer::fired): Besides deleting the timer, make sure to remove it from a Document map.
9:19 AM Changeset in webkit [39492] by ap@webkit.org
  • 3 edits
    4 adds in trunk

Reviewed by Anders Carlsson.

https://bugs.webkit.org/show_bug.cgi?id=23012
Bring application cache manifest parsing up to date

Test: http/tests/appcache/manifest-parsing.html

  • loader/appcache/ManifestParser.cpp: (WebCore::Mode): Added a constant for unknown sections, which are ignored when parsing. This is necessary for future extensions. (WebCore::parseManifest): Parse unknown sections correctly. Ignore trailing tokens in supported sections.
9:12 AM Changeset in webkit [39491] by ap@webkit.org
  • 9 edits
    2 moves
    7 adds in trunk/LayoutTests

Reviewed by Anders Carlsson.

https://bugs.webkit.org/show_bug.cgi?id=23009
Add a test for application cache offline operation

  • http/tests/resources/network-simulator.php: A proxy script to simulate a network connection that can go offline, using an infinite redirect loop in offline mode to generate an error.
  • http/tests/appcache/offline-access-expected.txt: Added.
  • http/tests/appcache/offline-access.html: Added.
  • http/tests/appcache/resources/offline-access-frame.html: Added.
  • http/tests/appcache/resources/offline-access.js: Added.
  • http/tests/appcache/resources/offline-access.manifest: Added. Test that an application loads successfully from cache.
  • http/tests/resources: Added.
  • http/tests/resources/portabilityLayer.php: Copied from LayoutTests/http/tests/xmlhttprequest/resources/portabilityLayer.php.
  • http/tests/resources/reset-temp-file.php: Copied from LayoutTests/http/tests/xmlhttprequest/resources/reset-temp-file.php.
  • http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache-invalidation-by-header.html:
  • http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache-invalidation-by-method.html:
  • http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache-timeout.html:
  • http/tests/xmlhttprequest/access-control-basic-allow-preflight-cache.html:
  • http/tests/xmlhttprequest/resources/access-control-basic-preflight-cache-invalidation.php:
  • http/tests/xmlhttprequest/resources/access-control-basic-preflight-cache-timeout.php:
  • http/tests/xmlhttprequest/resources/access-control-basic-preflight-cache.php:
  • http/tests/xmlhttprequest/resources/portabilityLayer.php: Removed.
  • http/tests/xmlhttprequest/resources/reset-temp-file.php: Removed.
  • http/tests/appcache/resources/fail-on-update.php: Moved some common scripts from xmlhttprequest/resources/ to resources/
5:54 AM Changeset in webkit [39490] by Nikolas Zimmermann
  • 13 edits
    4 adds in trunk/WebCore

Reviewed by Darin Adler.

Fixes: https://bugs.webkit.org/show_bug.cgi?id=22996

RenderTextControl heavily depends on HTMLInputElement & HTMLTextAreaElement.
It handles multi & single line text control rendering in one class. Split up
in two new classes: RenderTextControlSingleLine & RenderTextControlMultiLine.

This has several benefits - code is more readable now, the memory usage
for RenderTextControlMultiLine is reduced, as all stuff related to search fields
lives in RenderTextControlSingleLine, and it's easier to introduce an
abstraction for input/textarea-like elements for other HTML flavours like WML.

2:05 AM Changeset in webkit [39489] by ap@webkit.org
  • 8 edits in trunk/WebCore

2008-12-28 Dmitry Titov <dimich@chromium.org>

Reviewed by Darin Adler.

https://bugs.webkit.org/show_bug.cgi?id=22755
Prepare to add create/remove timeout methods to JSWorkerContext by moving
timer-specific code from JSDOMWindowBase to DOMTimer.
Moved everything JS-related from DOMTimer to ScheduledAction.
Now ScheduledAction is what it wanted to be all the time: a JS engine-specific
container for timer callback that knows how to invoke it.
DOMTimer is not anymore JS-specific.

This is mostly moving the code around. No intended functional changes.

  • bindings/js/DOMTimer.cpp: (WebCore::DOMTimer::DOMTimer): (WebCore::DOMTimer::~DOMTimer): (WebCore::DOMTimer::install): (WebCore::DOMTimer::removeById): (WebCore::DOMTimer::fired): (WebCore::DOMTimer::stop):
  • bindings/js/DOMTimer.h:
  • bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::installTimeout): (WebCore::JSDOMWindowBase::removeTimeout):
  • bindings/js/JSDOMWindowBase.h:
  • bindings/js/ScheduledAction.cpp: (WebCore::ScheduledAction::execute):
  • bindings/js/ScheduledAction.h:
  • dom/Document.cpp: (WebCore::Document::addTimeout):
12:52 AM Changeset in webkit [39488] by cwzwarich@webkit.org
  • 3 edits
    2 adds in trunk

2008-12-28 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Oliver Hunt.

Bug 22840: REGRESSION (r38349): Gmail doesn't load with profiling enabled
<https://bugs.webkit.org/show_bug.cgi?id=22840>
<rdar://problem/6468077>

JavaScriptCore:

  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitNewArray): Add an assertion that the range of registers passed to op_new_array is sequential. (JSC::BytecodeGenerator::emitCall): Correct the relocation of registers when emitting profiler hooks so that registers aren't leaked. Also, add an assertion that the 'this' register is always ref'd (because it is), remove the needless protection of the 'this' register when relocating, and add an assertion that the range of registers passed to op_call for function call arguments is sequential. (JSC::BytecodeGenerator::emitConstruct): Correct the relocation of registers when emitting profiler hooks so that registers aren't leaked. Also, add an assertion that the range of registers passed to op_construct for function call arguments is sequential.

LayoutTests:

  • fast/profiler/call-register-leak-expected.txt: Added.
  • fast/profiler/call-register-leak.html: Added.
Note: See TracTimeline for information about the timeline view.