Context Navigation

Two more exports for 32-bit build fix.
The duality of CGFloat means that we use a different
version of getRGBA (and the cast operator)
on 32-bit systems.

WebCore.exp.in:

9:36 PM Changeset in webkit [157490] by commit-queue@webkit.org

4 edits in trunk

[EFL][WK2] Make SeccompFilters build again after r156349 and r156353
https://bugs.webkit.org/show_bug.cgi?id=122872

Patch by Sergio Correia <Sergio Correia> on 2013-10-15
Reviewed by Anders Carlsson.

Source/WebKit2:

Shared/linux/SeccompFilters/SeccompBroker.cpp:

(WebKit::SeccompBrokerClient::dispatch): Fix usage of extinct 'create'
methods of ArgumentEncoder/ArgumentDecoder.
(WebKit::SeccompBroker::runLoop): Ditto.

Tools:

TestWebKitAPI/PlatformEfl.cmake: Mark SeccompFilters API test as

failing.

9:32 PM Changeset in webkit [157489] by fpizlo@apple.com

5 edits in trunk/Source/JavaScriptCore

Get rid of the StructureStubInfo::patch union
https://bugs.webkit.org/show_bug.cgi?id=122877

Reviewed by Sam Weinig.

Just simplifying code by getting rid of data structures that ain't used no more.

Note that I replace the patch union with a patch struct. This means we say things like
stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
encapsulation makes the code more readable: the patch struct contains just those things
that you need to know to perform patching.

bytecode/StructureStubInfo.h:
dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

jit/JIT.cpp:

(JSC::PropertyStubCompilationInfo::copyToStubInfo):

jit/Repatch.cpp:

(JSC::repatchByIdSelfAccess):
(JSC::replaceWithJump):
(JSC::linkRestoreScratch):
(JSC::generateProtoChainAccessStub):
(JSC::tryCacheGetByID):
(JSC::getPolymorphicStructureList):
(JSC::patchJumpToGetByIdStub):
(JSC::tryBuildGetByIDList):
(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStub):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
(JSC::tryRepatchIn):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::resetIn):

9:30 PM Changeset in webkit [157488] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed, EFL gardening.

platform/efl/TestExpectations: svg/filters/filter-hidden-content.svg is passed after r142955.

9:27 PM Changeset in webkit [157487] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

Another shot at a build fix; apparently these
do need exporting for some reason, but are different
on 32-bit.

WebCore.exp.in:

9:21 PM Changeset in webkit [157486] by ap@apple.com

18 edits in trunk/Source/WebCore

GenerateIsReachable=ImplContext is confusing
https://bugs.webkit.org/show_bug.cgi?id=122864

Reviewed by Geoffrey Garen.

Renamed to ImplWebGLRenderingContext.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/IDLAttributes.txt:
html/canvas/EXTDrawBuffers.idl:
html/canvas/EXTTextureFilterAnisotropic.idl:
html/canvas/OESElementIndexUint.idl:
html/canvas/OESStandardDerivatives.idl:
html/canvas/OESTextureFloat.idl:
html/canvas/OESTextureHalfFloat.idl:
html/canvas/OESVertexArrayObject.idl:
html/canvas/WebGLCompressedTextureATC.idl:
html/canvas/WebGLCompressedTexturePVRTC.idl:
html/canvas/WebGLCompressedTextureS3TC.idl:
html/canvas/WebGLDebugRendererInfo.idl:
html/canvas/WebGLDebugShaders.idl:
html/canvas/WebGLDepthTexture.idl:
html/canvas/WebGLLoseContext.idl:

WebCore.xcodeproj/project.pbxproj: While at it, added OESElementIndexUint.idl

to Xcode project.

9:13 PM Changeset in webkit [157485] by jinwoo7.song@samsung.com

6 edits in trunk/LayoutTests

Unreviewed EFL gardening. Rebaselining after r155408.

platform/efl/fast/forms/input-placeholder-visibility-1-expected.txt:
platform/efl/fast/forms/input-placeholder-visibility-3-expected.txt:
platform/efl/fast/forms/textarea-placeholder-pseudo-style-expected.txt:
platform/efl/fast/forms/textarea-placeholder-visibility-1-expected.txt:
platform/efl/fast/forms/textarea-placeholder-visibility-2-expected.txt:

9:08 PM Changeset in webkit [157484] by jinwoo7.song@samsung.com

3 edits in trunk/Source/WebKit2

Removed argument coders for FloatPoint3D in CoodinatedGraphicsArgumentCoders.
https://bugs.webkit.org/show_bug.cgi?id=122875

Reviewed by Gyuyoung Kim.

Argument coders for FloatPoint3D is added in WebCoreArgumentCoders after r157478
and it caused redefinition build error in EFL port.

Shared/CoordinatedGraphics/CoordinatedGraphicsArgumentCoders.cpp:
Shared/CoordinatedGraphics/CoordinatedGraphicsArgumentCoders.h:

9:05 PM Changeset in webkit [157483] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

Unreviewed build fix; I don't know how to export.
This may not help.

WebCore.exp.in:

8:59 PM Changeset in webkit [157482] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

FTL: add support for Int52ToValue and fix putByVal of int52s.
https://bugs.webkit.org/show_bug.cgi?id=122873

Patch by Nadav Rotem <nrotem@apple.com> on 2013-10-15
Reviewed by Filip Pizlo.

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):

8:10 PM Changeset in webkit [157481] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

Get rid of the UNINTERRUPTED_SEQUENCE thing
https://bugs.webkit.org/show_bug.cgi?id=122876

Reviewed by Mark Hahnenberg.

It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.

Moreover, we should resist the temptation to bring anything like this back. We don't
want to have inline caches that only work if the assembler lays out code in a specific
predetermined way.

jit/JIT.h:
jit/JITCall.cpp:

(JSC::JIT::compileOpCall):

jit/JITCall32_64.cpp:

(JSC::JIT::compileOpCall):

7:19 PM Changeset in webkit [157480] by fpizlo@apple.com

12 edits in trunk/Source/JavaScriptCore

Baseline JIT should use the DFG GetById IC
https://bugs.webkit.org/show_bug.cgi?id=122861

Reviewed by Oliver Hunt.

This mostly just kills a ton of code.

Note that this doesn't yet do all of the simplifications that can be done, but it does
kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetStubInternal):

jit/JIT.cpp:

(JSC::PropertyStubCompilationInfo::copyToStubInfo):

jit/JIT.h:

(JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):

jit/JITInlines.h:

(JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
(JSC::JIT::callOperation):

jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emitSlow_op_get_from_scope):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emitSlow_op_get_from_scope):

jit/JITStubs.cpp:
jit/JITStubs.h:
jit/Repatch.cpp:

(JSC::repatchGetByID):
(JSC::buildGetByIDList):

jit/ThunkGenerators.cpp:
jit/ThunkGenerators.h:

5:34 PM Changeset in webkit [157479] by dino@apple.com

12 edits in trunk

Add ENABLE_WEB_ANIMATIONS flag
https://bugs.webkit.org/show_bug.cgi?id=122871

Reviewed by Tim Horton.

Eventually might be http://dev.w3.org/fxtf/web-animations/
but this is just engine-internal work at the moment.

Source/JavaScriptCore:

Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Configurations/FeatureDefines.xcconfig:

Source/WTF:

wtf/FeatureDefines.h:

Tools:

Scripts/webkitperl/FeatureList.pm:

5:20 PM Changeset in webkit [157478] by timothy_horton@apple.com

23 edits
4 adds
2 deletes in trunk/Source

Add a PlatformCALayer subclass that proxies its property changes across the process boundary
https://bugs.webkit.org/show_bug.cgi?id=122773

Reviewed by Anders Carlsson.

PlatformCALayerRemote coordinates with RemoteLayerTreeDrawingArea and friends
to enable cross-process proxying of the hierarchy of compositing layers.

In the Web process, we have GraphicsLayerCARemote, which owns 1+ PlatformCALayerRemote(s).
Unlike PlatformCALayer{Mac, Win}, which own PlatformLayers (CALayer/CACFLayer),
PlatformCALayerRemote stores any changes to its properties in a struct, and keeps track of
which properties have changed since the last commit. Commits are scheduled and performed by
RemoteLayerTreeContext, on RemoteLayerTreeDrawingArea's behalf, and result in
RemoteLayerTreeTransaction encoding said property changes and throwing them across
to the UI process, where RemoteLayerTreeHost applies them to a tree of CALayers kept there.

This code can be enabled by running with the WK_USE_REMOTE_LAYER_TREE_DRAWING_AREA
environment variable set.

No new tests, the new drawing area is not yet testable.

Shared/WebCoreArgumentCoders.cpp:

(CoreIPC::decode):
(CoreIPC::encode):

Shared/WebCoreArgumentCoders.h:

Add argument coders for FloatPoint3D.

Shared/mac/RemoteLayerTreeTransaction.h:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::notePropertiesChanged):
(WebKit::RemoteLayerTreeTransaction::changedLayers):
(WebKit::RemoteLayerTreeTransaction::destroyedLayers):

Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):
(WebKit::RemoteLayerTreeTransaction::decode):
(WebKit::dumpChangedLayers):
Add support for background color and anchor point in the layer transaction.
Make layer position a 3D point because that's what it really is.

(WebKit::RemoteLayerTreeTransaction::layerPropertiesChanged):
The logic in layerPropertiesChanged is moved into PlatformCALayerRemote.

UIProcess/WebPageProxy.h:

Include PlatformLayer.h; it seems annoying to successfully forward-declare
PlatformLayer because of the difference in definition between Objective-C and C++.
Drive-by un-indent some namespace contents and use OBJC_CLASS.

UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.h:
UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::RemoteLayerTreeDrawingAreaProxy):
(WebKit::RemoteLayerTreeDrawingAreaProxy::sizeDidChange):
(WebKit::RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry):
(WebKit::RemoteLayerTreeDrawingAreaProxy::sendUpdateGeometry):
Send geometry updates to the RemoteLayerTreeDrawingArea.

UIProcess/mac/RemoteLayerTreeHost.h:
UIProcess/mac/RemoteLayerTreeHost.mm:

(nullActionsDictionary):
(WebKit::RemoteLayerTreeHost::commit):
Apply layer property changes to the named sublayer.

(WebKit::RemoteLayerTreeHost::getOrCreateLayer):
Create CALayers instead of GraphicsLayers.
Ensure that they won't perform implicit animations.

UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::setAcceleratedCompositingRootLayer):
This should take a PlatformLayer instead of a GraphicsLayer, since we don't have
GraphicsLayers in the UIProcess.

WebKit2.xcodeproj/project.pbxproj:

Add GraphicsLayerCARemote and PlatformCALayerRemote, remove RemoteGraphicsLayer.

WebProcess/WebPage/mac/RemoteGraphicsLayer.h: Removed.
WebProcess/WebPage/mac/RemoteGraphicsLayer.mm: Removed.

WebProcess/WebPage/mac/RemoteLayerTreeContext.h:
WebProcess/WebPage/mac/RemoteLayerTreeContext.mm:

(WebKit::RemoteLayerTreeContext::RemoteLayerTreeContext):
(WebKit::RemoteLayerTreeContext::setRootLayer):
(WebKit::RemoteLayerTreeContext::layerWillBeDestroyed):
(WebKit::RemoteLayerTreeContext::createGraphicsLayer):
(WebKit::RemoteLayerTreeContext::flushLayers):
Build our transaction while flushing; it has no reason to exist outside of that scope.

WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea):
(WebKit::RemoteLayerTreeDrawingArea::graphicsLayerFactory):
(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):
(WebKit::RemoteLayerTreeDrawingArea::scheduleCompositingLayerFlush):
(WebKit::RemoteLayerTreeDrawingArea::updateGeometry):
Fix a capitalization typo.
Update the WebPage's (and thus WebCore's) size when updateGeometry() is called.

WebProcess/WebPage/mac/GraphicsLayerCARemote.cpp: Added.

(WebKit::GraphicsLayerCARemote::~GraphicsLayerCARemote):
(WebKit::GraphicsLayerCARemote::filtersCanBeComposited):
(WebKit::GraphicsLayerCARemote::createPlatformCALayer):
Added. Delegate to PlatformCALayerRemote. Don't allow creation of a
GraphicsLayerCARemote given a PlatformLayer, because with UI process compositing,
there should be no PlatformLayer instances in the Web process.

WebProcess/WebPage/mac/GraphicsLayerCARemote.h: Added.
WebProcess/WebPage/mac/PlatformCALayerRemote.cpp: Added.

(generateLayerID):
Generate a layer ID for identification across processes.

(PlatformCALayerRemote::~PlatformCALayerRemote):
Inform the RemoteLayerTreeContext that we've been destroyed, so it can convey
that information to the UI process and the corresponding CALayer can be destroyed.

(PlatformCALayerRemote::recursiveBuildTransaction):
Recursively accumulate changes in layer state on a RemoteLayerTreeTransaction.

The rest of this file is mostly an empty implementation of PlatformCALayer.
A few properties are implemented so far; see below.

(PlatformCALayerRemote::setSublayers):
(PlatformCALayerRemote::removeAllSublayers):
(PlatformCALayerRemote::appendSublayer):
(PlatformCALayerRemote::insertSublayer):
Update our list of sublayers, and note that our children have changed.
recursiveBuildTransaction() will walk our sublayers and record their IDs in the transaction.

(PlatformCALayerRemote::bounds):
(PlatformCALayerRemote::setBounds):
(PlatformCALayerRemote::position):
(PlatformCALayerRemote::setPosition):
(PlatformCALayerRemote::anchorPoint):
(PlatformCALayerRemote::setAnchorPoint):
(PlatformCALayerRemote::backgroundColor):
(PlatformCALayerRemote::setBackgroundColor):
Trivial implementations of basic layer properties, storing the new state in
our LayerProperties struct and noting that they changed in the current commit.
Properties with getters will return the last value that was set on the LayerProperties,
so we don't clear the whole struct at the end of the transaction, just the mask of changed properties.

WebProcess/WebPage/mac/PlatformCALayerRemote.h: Added.

WebCore.exp.in:

Export lots of GraphicsLayerCA stuff so we can inherit from it in WebKit2.

WebCore.xcodeproj/project.pbxproj:

Make PlatformCAFilters.h a private header.

platform/graphics/GraphicsLayer.h:

(WebCore::GraphicsLayer::initialize):

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayer::create):
(WebCore::GraphicsLayerCA::GraphicsLayerCA):
(WebCore::GraphicsLayerCA::initialize):

platform/graphics/ca/GraphicsLayerCA.h:

Defer creation of the main PlatformCALayer until just after the constructor is finished
so that GraphicsLayerCA subclasses can successfully override createPlatformCALayer.

platform/graphics/ca/PlatformCALayer.h:

(WebCore::PlatformCALayer::platformLayer):
Make platformLayer virtual so that subclasses which don't have PlatformLayers can override.

4:56 PM Changeset in webkit [157477] by roger_fong@apple.com

1 edit
1 add
1 delete in trunk/LayoutTests

[Windows] Unreviewed gardening of some forms tests.

platform/win/fast/forms/search-styled-expected.txt: Added.
platform/win/fast/forms/select-writing-direction-natural-expected.txt: Removed.

3:40 PM Changeset in webkit [157476] by beidson@apple.com

4 edits
2 moves
2 adds in trunk/Source/WebKit2

Move WebProcess/IndexedDB to WebProcess/Databases/IndexedDB

Rubberstamped by Alexey Proskuryakov.

CMakeLists.txt:
GNUmakefile.list.am:
WebKit2.xcodeproj/project.pbxproj:

WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.cpp: Renamed from Source/WebKit2/WebProcess/IndexedDB/WebIDBFactoryBackend.cpp.
WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.h: Renamed from Source/WebKit2/WebProcess/IndexedDB/WebIDBFactoryBackend.h.

3:23 PM Changeset in webkit [157475] by commit-queue@webkit.org

4 edits in trunk/Source/JavaScriptCore

[sh4] Some calls don't match sh4 ABI.
https://bugs.webkit.org/show_bug.cgi?id=122863

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-15
Reviewed by Michael Saboff.

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

jit/JITInlines.h:

(JSC::JIT::callOperation):

3:16 PM Changeset in webkit [157474] by dbates@webkit.org

52 edits
8 adds in trunk/Source

[iOS] Upstream JavaScriptCore support for ARM64
https://bugs.webkit.org/show_bug.cgi?id=122762

Source/JavaScriptCore:

Reviewed by Oliver Hunt and Filip Pizlo.

Configurations/Base.xcconfig:
Configurations/DebugRelease.xcconfig:
Configurations/JavaScriptCore.xcconfig:
Configurations/ToolExecutable.xcconfig:
JavaScriptCore.xcodeproj/project.pbxproj:
assembler/ARM64Assembler.h: Added.
assembler/AbstractMacroAssembler.h:

(JSC::isARM64):
(JSC::AbstractMacroAssembler::Label::Label):
(JSC::AbstractMacroAssembler::Jump::Jump):
(JSC::AbstractMacroAssembler::Jump::link):
(JSC::AbstractMacroAssembler::Jump::linkTo):
(JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
(JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
(JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
(JSC::AbstractMacroAssembler::CachedTempRegister::value):
(JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
(JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
(JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
(JSC::AbstractMacroAssembler::isTempRegisterValid):
(JSC::AbstractMacroAssembler::clearTempRegisterValid):
(JSC::AbstractMacroAssembler::setTempRegisterValid):

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::linkCode):

assembler/LinkBuffer.h:
assembler/MacroAssembler.h:

(JSC::MacroAssembler::isPtrAlignedAddressOffset):
(JSC::MacroAssembler::pushToSave):
(JSC::MacroAssembler::popToRestore):
(JSC::MacroAssembler::patchableBranchTest32):

assembler/MacroAssemblerARM64.h: Added.
assembler/MacroAssemblerARMv7.h:
dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):

disassembler/ARM64/A64DOpcode.cpp: Added.
disassembler/ARM64/A64DOpcode.h: Added.
disassembler/ARM64Disassembler.cpp: Added.
heap/MachineStackMarker.cpp:

(JSC::getPlatformThreadRegisters):
(JSC::otherThreadStackPointer):

heap/Region.h:
jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::debugCall):

jit/CCallHelpers.h:
jit/ExecutableAllocator.h:
jit/FPRInfo.h:

(JSC::FPRInfo::toRegister):
(JSC::FPRInfo::toIndex):
(JSC::FPRInfo::debugName):

jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
(JSC::GPRInfo::toIndex):
(JSC::GPRInfo::debugName):

jit/JITInlines.h:

(JSC::JIT::restoreArgumentReferenceForTrampoline):

jit/JITOperationWrappers.h:
jit/JITOperations.cpp:
jit/JITStubs.cpp:

(JSC::performPlatformSpecificJITAssertions):
(JSC::tryCachePutByID):

jit/JITStubs.h:

(JSC::JITStackFrame::returnAddressSlot):

jit/JITStubsARM64.h: Added.
jit/JSInterfaceJIT.h:
jit/Repatch.cpp:

(JSC::emitRestoreScratch):
(JSC::generateProtoChainAccessStub):
(JSC::tryCacheGetByID):
(JSC::emitPutReplaceStub):
(JSC::tryCachePutByID):
(JSC::tryRepatchIn):

jit/ScratchRegisterAllocator.h:

(JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
(JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):

jit/ThunkGenerators.cpp:

(JSC::nativeForGenerator):
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):

jsc.cpp:

(main):

llint/LLIntOfflineAsmConfig.h:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::handleHostCall):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter64.asm:
offlineasm/arm.rb:
offlineasm/arm64.rb: Added.
offlineasm/backends.rb:
offlineasm/instructions.rb:
offlineasm/risc.rb:
offlineasm/transform.rb:
yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
(JSC::Yarr::YarrGenerator::initCallFrame):
(JSC::Yarr::YarrGenerator::removeCallFrame):
(JSC::Yarr::YarrGenerator::generateEnter):

yarr/YarrJIT.h:

Source/WTF:

Reviewed by Oliver Hunt.

Configurations/Base.xcconfig:
wtf/Atomics.h:

(WTF::weakCompareAndSwap):
(WTF::armV7_dmb):

wtf/FastMalloc.cpp:
wtf/Platform.h:
wtf/dtoa.cpp:
wtf/dtoa/utils.h:
wtf/text/ASCIIFastPath.h:

(WTF::copyLCharsFromUCharSource):

wtf/text/StringImpl.h:

3:05 PM Changeset in webkit [157473] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Fix 3 operand sub operation in C loop LLINT.
https://bugs.webkit.org/show_bug.cgi?id=122866.

Reviewed by Geoffrey Garen.

offlineasm/cloop.rb:

3:01 PM Changeset in webkit [157472] by Lucas Forschler

3 edits in branches/safari-537.73-branch/LayoutTests

Merging gardening patch for layout tests.

2:59 PM Changeset in webkit [157471] by Lucas Forschler

3 edits in branches/safari-537-branch/LayoutTests

Merging gardening patch for layout tests.

2:13 PM Changeset in webkit [157470] by rniwa@webkit.org

3 edits
3 adds in trunk

REGRESSION: Crash in XMLDocumentParser::startElementNs
https://bugs.webkit.org/show_bug.cgi?id=122817

Reviewed by Darin Adler.

Source/WebCore:

Exit early in startElementNs when listeners and handlers of synchronous events such as load event
removes the inserted node inside parserAppendChild.

Test: fast/parser/xhtml-synchronous-detach-crash.html

xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::XMLDocumentParser::startElementNs):

LayoutTests:

Add a regression test from https://chromium.googlesource.com/chromium/blink/+/57afab5d21cccd89f032b9a3e62f3a61c6a0e9c2

fast/parser/resources/remove-parent.xhtml: Added.
fast/parser/xhtml-synchronous-detach-crash-expected.txt: Added.
fast/parser/xhtml-synchronous-detach-crash.html: Added.

2:11 PM Changeset in webkit [157469] by beidson@apple.com

6 edits
24 adds in trunk/Source/WebKit2

Add a skeleton Database process for future usage by Indexed Database.
https://bugs.webkit.org/show_bug.cgi?id=122849

Reviewed by Sam Weinig.

This mostly our typical "Add a new process type" boilerplate.

Configurations/DatabaseProcess.xcconfig: Added.
Configurations/DatabaseService.Development.xcconfig: Added.
Configurations/DatabaseService.xcconfig: Added.
WebKit2.xcodeproj/project.pbxproj:
WebKit2Prefix.h:

DatabaseProcess/DatabaseProcess.cpp: Added.

(WebKit::DatabaseProcess::shared):
(WebKit::DatabaseProcess::DatabaseProcess):
(WebKit::DatabaseProcess::~DatabaseProcess):
(WebKit::DatabaseProcess::initializeConnection):
(WebKit::DatabaseProcess::shouldTerminate):
(WebKit::DatabaseProcess::didReceiveMessage):
(WebKit::DatabaseProcess::didClose):
(WebKit::DatabaseProcess::didReceiveInvalidMessage):
(WebKit::DatabaseProcess::initializeProcess):
(WebKit::DatabaseProcess::initializeProcessName):
(WebKit::DatabaseProcess::initializeSandbox):

DatabaseProcess/DatabaseProcess.h: Added.

DatabaseProcess/EntryPoint/mac/LegacyProcess/DatabaseProcessMain.mm: Added.

(DatabaseProcessMain):

DatabaseProcess/EntryPoint/mac/LegacyProcess/Info.plist: Added.
DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService.Development/Info.plist: Added.
DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService/Info.plist: Added.
DatabaseProcess/EntryPoint/mac/XPCService/DatabaseServiceEntryPoint.mm: Added.

(DatabaseServiceInitializer):

DatabaseProcess/mac/DatabaseProcessMac.mm: Added.

(WebKit::DatabaseProcess::initializeProcess):
(WebKit::DatabaseProcess::initializeProcessName):
(WebKit::DatabaseProcess::initializeSandbox):

UIProcess/Databases/DatabaseProcessProxy.cpp: Added.

(WebKit::DatabaseProcessProxy::create):
(WebKit::DatabaseProcessProxy::DatabaseProcessProxy):
(WebKit::DatabaseProcessProxy::~DatabaseProcessProxy):
(WebKit::DatabaseProcessProxy::getLaunchOptions):
(WebKit::DatabaseProcessProxy::connectionWillOpen):
(WebKit::DatabaseProcessProxy::connectionWillClose):
(WebKit::DatabaseProcessProxy::didReceiveMessage):
(WebKit::DatabaseProcessProxy::didClose):
(WebKit::DatabaseProcessProxy::didReceiveInvalidMessage):
(WebKit::DatabaseProcessProxy::didFinishLaunching):

UIProcess/Databases/DatabaseProcessProxy.h: Added.
UIProcess/Databases/mac/DatabaseProcessProxyMac.mm: Added.

(WebKit::shouldUseXPC):
(WebKit::DatabaseProcessProxy::platformGetLaunchOptions):

UIProcess/Launcher/ProcessLauncher.cpp:

(WebKit::ProcessLauncher::processTypeAsString):
(WebKit::ProcessLauncher::getProcessTypeFromString):

UIProcess/Launcher/ProcessLauncher.h:
UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::serviceName):
(WebKit::createProcess):

2:08 PM Changeset in webkit [157468] by mhahnenberg@apple.com

8 edits
2 adds in trunk/Source/JavaScriptCore

ObjCCallbackFunctionImpl shouldn't store a JSContext
https://bugs.webkit.org/show_bug.cgi?id=122531

Reviewed by Geoffrey Garen.

The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct
in the common case. It's also no longer necessary in that we can look up the current JSContext
by looking using the globalObject of the callee when the function callback is invoked.

Also added a new test that would cause us to crash previously. The test required making
JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
in C API callbacks.

API/JSContextRef.h:
API/JSContextRefPrivate.h:
API/ObjCCallbackFunction.mm:

(JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
(JSC::objCCallbackFunctionCallAsFunction):
(objCCallbackFunctionForInvocation):

API/WebKitAvailability.h:
API/tests/CurrentThisInsideBlockGetterTest.h: Added.
API/tests/CurrentThisInsideBlockGetterTest.mm: Added.

(CallAsConstructor):
(ConstructorFinalize):
(ConstructorClass):
(+[JSValue valueWithConstructorDescriptor:inContext:]):
(-[JSContext valueWithConstructorDescriptor:]):
(currentThisInsideBlockGetterTest):

API/tests/testapi.mm:
JavaScriptCore.xcodeproj/project.pbxproj:
debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.

2:03 PM Changeset in webkit [157467] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Fix build after r157457 for architecture with 4 argument registers.
https://bugs.webkit.org/show_bug.cgi?id=122860

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-15
Reviewed by Michael Saboff.

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupStubArguments134):

1:47 PM Changeset in webkit [157466] by commit-queue@webkit.org

3 edits
1 delete in trunk/Source/WebCore

Web Inspector: Remove old frontend localizedStrings.js
https://bugs.webkit.org/show_bug.cgi?id=122846

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-10-15
Reviewed by Timothy Hatcher.

Configurations/WebCore.xcconfig:
English.lproj/localizedStrings.js: Removed.
WebCore.xcodeproj/project.pbxproj:

Remove the file and references to it. We no longer need to exclude
localizedString.js from some builds.

1:41 PM Changeset in webkit [157465] by commit-queue@webkit.org

4 edits in trunk/Source

Web Inspector: Remove Windows old front-end related code
https://bugs.webkit.org/show_bug.cgi?id=122845

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-10-15
Reviewed by Brent Fulgham.

Source/WebCore:

WebCore.vcxproj/copyWebCoreResourceFiles.cmd:

Source/WebKit/win:

WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorClient::openInspectorFrontend):

1:28 PM Changeset in webkit [157464] by aestes@apple.com

4 edits
1 add in trunk/Source/WebKit

Expose -[WebPluginPackage bundle] as SPI
https://bugs.webkit.org/show_bug.cgi?id=122814

Reviewed by Anders Carlsson.

Source/WebKit:

WebKit.xcodeproj/project.pbxproj: Added WebPluginPackagePrivate.h.

Source/WebKit/mac:

Plugins/WebPluginPackage.mm:

(-[WebPluginPackage bundle]): Defined.

Plugins/WebPluginPackagePrivate.h: Declared bundle as a method in a

category on NSObject.

1:24 PM Changeset in webkit [157463] by Lucas Forschler

2 edits in branches/safari-537.73-branch/LayoutTests

Merge r157460.

1:23 PM Changeset in webkit [157462] by Lucas Forschler

2 edits in branches/safari-537-branch/LayoutTests

Merge r157460.

1:20 PM Changeset in webkit [157461] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

Unreviewed, rolling out r157460.
http://trac.webkit.org/changeset/157460
https://bugs.webkit.org/show_bug.cgi?id=122858

Mis-skip, test isn't actually failing. (Requested by rfong on
#webkit).

platform/wk2/TestExpectations:

1:10 PM Changeset in webkit [157460] by roger_fong@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening. Skip unexpected flakey test: webaudio/oscillator-sawtooth.html.

platform/wk2/TestExpectations:

12:40 PM Changeset in webkit [157459] by Antoine Quint

2 edits in trunk/Source/WebInspectorUI

Web Inspector: can't select text inside a text node
https://bugs.webkit.org/show_bug.cgi?id=122828

Reviewed by Timothy Hatcher.

Cancel the default user interaction when a drag action starts if the
element is being edited.

UserInterface/DOMTreeElement.js:

(WebInspector.DOMTreeElement.prototype.onattach):
(WebInspector.DOMTreeElement.prototype.handleEvent):

11:45 AM Changeset in webkit [157458] by commit-queue@webkit.org

117 edits
4 adds in trunk

Add support for the column-fill property
https://bugs.webkit.org/show_bug.cgi?id=117693

Patch by Morten Stenshorne <mstensho@opera.com> on 2013-10-15
Reviewed by David Hyatt.

Source/WebCore:

This is only supported in the (new) region based multicol implementation.

With column-fill support, a lot of multicol tests needed an update.
The old implementation behaved as if column-fill were 'auto', but the
initial value is 'balance', so now we need to be explicit about that.
For auto-height tests it doesn't really matter - such multicols are always
balanced anyway.

Tests: fast/multicol/newmulticol/fixed-height-fill-auto.html

fast/multicol/newmulticol/fixed-height-fill-balance.html

css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

css/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue):
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue):

css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator ColumnFill):

css/CSSPropertyNames.in:
css/CSSValueKeywords.in:
css/DeprecatedStyleBuilder.cpp:

(WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder):

rendering/RenderMultiColumnBlock.h:
rendering/style/RenderStyle.h:
rendering/style/RenderStyleConstants.h:
rendering/style/StyleMultiColData.cpp:

(WebCore::StyleMultiColData::StyleMultiColData):
(WebCore::StyleMultiColData::operator==):

rendering/style/StyleMultiColData.h:

LayoutTests:

compositing/geometry/composited-in-columns.html:
fast/block/positioning/offsetLeft-offsetTop-multicolumn-expected.html:
fast/block/positioning/offsetLeft-offsetTop-multicolumn.html:
fast/borders/border-antialiasing.html:
fast/dynamic/float-moved-downwards-for-pagination-expected.html:
fast/dynamic/float-moved-downwards-for-pagination.html:
fast/dynamic/layer-no-longer-paginated.html:
fast/events/document-elementFromPoint.html:
fast/line-grid/line-grid-inside-columns.html:
fast/line-grid/line-grid-into-columns.html:
fast/multicol/break-properties.html:
fast/multicol/cell-shrinkback.html:
fast/multicol/client-rects.html:
fast/multicol/column-count-with-rules.html:
fast/multicol/fixed-column-percent-logical-height-orthogonal-writing-mode.html:
fast/multicol/flipped-blocks-hit-test.html:
fast/multicol/float-paginate-complex.html:
fast/multicol/float-paginate-empty-lines.html:
fast/multicol/float-paginate.html:
fast/multicol/float-truncation.html:
fast/multicol/hit-test-above-or-below.html:
fast/multicol/hit-test-end-of-column-with-line-height.html:
fast/multicol/hit-test-end-of-column.html:
fast/multicol/hit-test-float.html:
fast/multicol/image-inside-nested-blocks-with-border.html:
fast/multicol/layers-in-multicol.html:
fast/multicol/layers-split-across-columns.html:
fast/multicol/margin-collapse.html:
fast/multicol/mixed-opacity-fixed-test.html:
fast/multicol/mixed-opacity-test.html:
fast/multicol/mixed-positioning-stacking-order.html:
fast/multicol/nested-columns.html:
fast/multicol/newmulticol/cell-shrinkback-expected.html:
fast/multicol/newmulticol/cell-shrinkback.html:
fast/multicol/newmulticol/column-rules-fixed-height-expected.html:
fast/multicol/newmulticol/fixed-height-fill-auto-expected.html: Added.
fast/multicol/newmulticol/fixed-height-fill-auto.html: Added.
fast/multicol/newmulticol/fixed-height-fill-balance-expected.html: Added.
fast/multicol/newmulticol/fixed-height-fill-balance.html: Added.
fast/multicol/newmulticol/float-avoidance-expected.html:
fast/multicol/newmulticol/float-avoidance.html:
fast/multicol/newmulticol/float-multicol-expected.html:
fast/multicol/newmulticol/float-multicol.html:
fast/multicol/newmulticol/float-paginate-complex-expected.html:
fast/multicol/newmulticol/float-paginate-complex.html:
fast/multicol/newmulticol/float-paginate-empty-lines-expected.html:
fast/multicol/newmulticol/float-paginate-empty-lines.html:
fast/multicol/newmulticol/float-paginate-expected.html:
fast/multicol/newmulticol/float-paginate.html:
fast/multicol/newmulticol/layers-in-multicol-expected.html:
fast/multicol/newmulticol/layers-in-multicol.html:
fast/multicol/newmulticol/layers-split-across-columns-expected.html:
fast/multicol/newmulticol/layers-split-across-columns.html:
fast/multicol/newmulticol/positioned-split-expected.html:
fast/multicol/newmulticol/positioned-split.html:
fast/multicol/newmulticol/positioned-with-constrained-height-expected.html:
fast/multicol/newmulticol/positioned-with-constrained-height.html:
fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html:
fast/multicol/orphans-relayout.html:
fast/multicol/overflow-across-columns-percent-height.html:
fast/multicol/overflow-across-columns.html:
fast/multicol/overflow-content-expected.html:
fast/multicol/overflow-content.html:
fast/multicol/overflow-unsplittable.html:
fast/multicol/pageLogicalOffset-vertical-expected.html:
fast/multicol/pageLogicalOffset-vertical.html:
fast/multicol/paginate-block-replaced.html:
fast/multicol/positioned-outside-of-columns.html:
fast/multicol/positioned-split.html:
fast/multicol/positive-leading.html:
fast/multicol/progression-reverse-overflow-expected.html:
fast/multicol/progression-reverse-overflow.html:
fast/multicol/progression-reverse.html:
fast/multicol/scrolling-overflow.html:
fast/multicol/seamless-flowed-through-columns-expected.html:
fast/multicol/seamless-flowed-through-columns.html:
fast/multicol/table-margin-collapse.html:
fast/multicol/table-row-height-increase-expected.html:
fast/multicol/table-row-height-increase.html:
fast/multicol/table-vertical-align.html:
fast/multicol/transform-inside-opacity.html:
fast/multicol/unsplittable-inline-block.html:
fast/multicol/vertical-lr/break-properties.html:
fast/multicol/vertical-lr/column-count-with-rules.html:
fast/multicol/vertical-lr/float-multicol.html:
fast/multicol/vertical-lr/float-paginate-complex.html:
fast/multicol/vertical-lr/float-paginate.html:
fast/multicol/vertical-lr/float-truncation.html:
fast/multicol/vertical-lr/image-inside-nested-blocks-with-border.html:
fast/multicol/vertical-lr/nested-columns.html:
fast/multicol/vertical-lr/rules-with-border-before.html:
fast/multicol/vertical-lr/unsplittable-inline-block.html:
fast/multicol/vertical-rl/break-properties.html:
fast/multicol/vertical-rl/column-count-with-rules.html:
fast/multicol/vertical-rl/float-avoidance.html:
fast/multicol/vertical-rl/float-multicol.html:
fast/multicol/vertical-rl/float-paginate-complex.html:
fast/multicol/vertical-rl/float-paginate.html:
fast/multicol/vertical-rl/float-truncation.html:
fast/multicol/vertical-rl/image-inside-nested-blocks-with-border.html:
fast/multicol/vertical-rl/nested-columns.html:
fast/multicol/vertical-rl/rule-style.html:
fast/multicol/vertical-rl/rules-with-border-before.html:
fast/multicol/vertical-rl/unsplittable-inline-block.html:
fast/multicol/widows-and-orphans.html:
fast/regions/region-style-in-columns.html:
fast/repaint/multicol-repaint.html:
fast/sub-pixel/column-clipping.html:

11:33 AM Changeset in webkit [157457] by msaboff@apple.com

15 edits in trunk/Source/JavaScriptCore

transition void cti_op_* methods to JIT operations.
https://bugs.webkit.org/show_bug.cgi?id=122617

Reviewed by Geoffrey Garen.

Converted the follow stubs to JIT operations:

cti_handle_watchdog_timer
cti_op_debug
cti_op_pop_scope
cti_op_profile_did_call
cti_op_profile_will_call
cti_op_put_by_index
cti_op_put_getter_setter
cti_op_tear_off_activation
cti_op_tear_off_arguments
cti_op_throw_static_error
cti_optimize

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):
(JSC::CCallHelpers::setupThreeStubArgsGPR):
(JSC::CCallHelpers::setupStubArguments):
(JSC::CCallHelpers::setupStubArguments134):

jit/JIT.cpp:

(JSC::JIT::emitEnterOptimizationCheck):

jit/JIT.h:
jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_tear_off_activation):
(JSC::JIT::emit_op_tear_off_arguments):
(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::emit_op_pop_scope):
(JSC::JIT::emit_op_push_name_scope):
(JSC::JIT::emit_op_throw_static_error):
(JSC::JIT::emit_op_debug):
(JSC::JIT::emit_op_profile_will_call):
(JSC::JIT::emit_op_profile_did_call):
(JSC::JIT::emitSlow_op_loop_hint):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::emit_op_pop_scope):
(JSC::JIT::emit_op_push_name_scope):
(JSC::JIT::emit_op_throw_static_error):
(JSC::JIT::emit_op_debug):
(JSC::JIT::emit_op_profile_will_call):
(JSC::JIT::emit_op_profile_did_call):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_index):
(JSC::JIT::emit_op_put_getter_setter):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_index):
(JSC::JIT::emit_op_put_getter_setter):

jit/JITStubs.cpp:
jit/JITStubs.h:

11:17 AM Changeset in webkit [157456] by akling@apple.com

3 edits in trunk/Source/WebCore

Skip unnecessary null check in RenderText::textLength().
<https://webkit.org/b/122841>

Reviewed by Antti Koivisto.

RenderText will never have a null String in m_text, so textLength()
can grab at the StringImpl directly, avoiding a null check.

11:16 AM Changeset in webkit [157455] by akling@apple.com

4 edits in trunk/Source/WebCore

FontGenericFamilies should not be ref-counted.
<https://webkit.org/b/122835>

Reviewed by Anders Carlsson.

FontGenericFamilies is singly-owned by Settings.

11:08 AM Changeset in webkit [157454] by zoltan@webkit.org

3 edits in trunk/Source/WebCore

[CSS Shapes] Move RenderBlock::layoutShapeInsideInfo into RenderBlock.cpp
http://bugs.webkit.org/show_bug.cgi?id=122843

Reviewed by Oliver Hunt.

Historically, layoutShapeInsideInfo was a static function in RenderBlockLineLayout, then it has changed to be a member of RenderBlock,
but at that time it hasn't been moved to RenderBlock.cpp. This patch moves it into RenderBlock.cpp next to the Shapes functions. I removed
an unnecessary CSS_SHAPES #ifdef as well from RenderBlock.cpp.

No new tests, no behavior change.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::markShapeInsideDescendantsForLayout):
(WebCore::RenderBlock::layoutShapeInsideInfo):

rendering/RenderBlockLineLayout.cpp:

11:05 AM Changeset in webkit [157453] by Darin Adler

7 edits
3 adds in trunk/Tools

Add some API tests for Vector, RefPtr, and Ref
https://bugs.webkit.org/show_bug.cgi?id=122840

Reviewed by Andreas Kling.

TestWebKitAPI/CMakeLists.txt: Added new files.
TestWebKitAPI/GNUmakefile.am: Ditto.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj: Ditto.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj.filters: Ditto.
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.

TestWebKitAPI/Tests/WTF/Ref.cpp: Added.
TestWebKitAPI/Tests/WTF/RefLogger.h: Added.
TestWebKitAPI/Tests/WTF/RefPtr.cpp: Added.
TestWebKitAPI/Tests/WTF/Vector.cpp: Added move-only insert tests.

11:03 AM Changeset in webkit [157452] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

[sh4] Introduce const pools in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=122746

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-15
Reviewed by Michael Saboff.

In current implementation of LLINT for sh4, immediate values outside range -128..127 are
loaded this way:

mov.l .label, rx
bra out
nop
.balign 4
.label: .long immvalue
out:

This change introduces const pools for sh4 implementation to avoid lots of useless branches
and reduce code size. It also removes lines of dirty code, like jmpf and callf.

offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
offlineasm/sh4.rb:

10:01 AM Changeset in webkit [157451] by mark.lam@apple.com

3 edits in trunk/Source/JavaScriptCore

Fix broken C Loop LLINT build.
https://bugs.webkit.org/show_bug.cgi?id=122839.

Reviewed by Michael Saboff.

dfg/DFGFlushedAt.cpp:
jit/JITOperations.h:

9:39 AM Changeset in webkit [157450] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[WinCairo] Build fails.
https://bugs.webkit.org/show_bug.cgi?id=122830

Patch by peavo@outlook.com <peavo@outlook.com> on 2013-10-15
Reviewed by Brent Fulgham.

platform/network/NetworkStorageSessionStub.cpp:

(WebCore::NetworkStorageSession::createPrivateBrowsingSession): Update to new return type.

6:02 AM Changeset in webkit [157449] by akling@apple.com

5 edits in trunk/Source/WebCore

FileIconLoader should not be ref-counted.
<https://webkit.org/b/122827>

FileIconLoader is singly-owned by FileInputType.

Reviewed by Antti Koivisto.

4:45 AM Changeset in webkit [157448] by akling@apple.com

3 edits in trunk/Source/WebCore

RenderText should cache RenderStyle in locals more.
<https://webkit.org/b/122823>

Reviewed by Antti Koivisto.

Now that fetching the RenderStyle has to go through the parent,
we should avoid unnecessary loads by caching style() in a local.

4:44 AM Changeset in webkit [157447] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

[Soup] Unreviewed buildfix after r157445 for ENABLE(NETWORK_PROCESS) builds.

NetworkProcess/soup/NetworkProcessSoup.cpp:

(WebKit::NetworkProcess::allowSpecificHTTPSCertificateForHost):

4:25 AM Changeset in webkit [157446] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

Unreviewed. Fix the GTK+ build after r157445.

UIProcess/API/gtk/WebKitLoaderClient.cpp:

(didFailProvisionalLoadWithErrorForFrame):

3:24 AM Changeset in webkit [157445] by Csaba Osztrogonác

48 edits
1 copy
3 moves
1 delete in trunk/Source

Move PlatformCertificateInfo to WebCore and make the ResourceResponse primitives work in terms of that platform agnostic object
https://bugs.webkit.org/show_bug.cgi?id=118520

Reviewed by Anders Carlsson.

Added PlatformCertificateInfo getter and setter to ResourceErrorBase
and ResourceResponseBase so that getting and setting certificates
becomes cross platform.

Changed the existing platform specific certificate getters and setters
of ResourceError and ResourceResponse to use the
PlatformCertificateInfo member.

Original patch by Kwang Yul Seo <skyul@company100.net>

Source/WebCore:

The following things were fixed by Csaba Osztrogonác:

trivial conflicts resolved in WebCore.exp.in, project.pbxproj, NetworkResourceLoader.cpp, WebPageProxy.h, WebFrameLoaderClient.cpp and PlatformEfl.cmake.
trivial fix in the new AsynchronousNetworkLoaderClient.cpp
style fixed (NULL -> 0 and smaller indentation in WebCoreArgumentCodersSoup.cpp)
obsolete change removed from NetworkResourceLoader.cpp
unneeded typo removed from ResourceHandleSoup.cpp
Fixed the if guard of including RetainPtr.h in PlatformCertificateInfo.h to make Windows build happy.
add PlatformCertificateInfoCFNet.cpp with empty constructor and destructor to make Windows build happy.
resolved conflict in Source/WebCore/WebCore.xcodeproj/project.pbxproj after r156488
renamed KURL to URL after r156550.
removed obsolete Qt changes
added back initializers for m_soupFlags
included gio/gio.h instead of libsoup/soup.h in PlatformCertificateInfo.h
removed unused class forward declarations and includes

GNUmakefile.list.am:
PlatformEfl.cmake:
Target.pri:
WebCore.exp.in:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
platform/network/PlatformCertificateInfo.h: Renamed from Source/WebKit2/Shared/soup/PlatformCertificateInfo.h.

(WebCore::PlatformCertificateInfo::certificate):
(WebCore::PlatformCertificateInfo::setCertificate):
(WebCore::PlatformCertificateInfo::tlsErrors):
(WebCore::PlatformCertificateInfo::setTLSErrors):

platform/network/ResourceErrorBase.h:

(WebCore::ResourceErrorBase::platformCertificateInfo):
(WebCore::ResourceErrorBase::setPlatformCertificateInfo):

platform/network/ResourceResponseBase.h:

(WebCore::ResourceResponseBase::platformCertificateInfo):
(WebCore::ResourceResponseBase::setPlatformCertificateInfo):

platform/network/cf/ResourceResponse.h:
platform/network/mac/PlatformCertificateInfoMac.mm: Renamed from Source/WebKit2/Shared/mac/PlatformCertificateInfo.mm.

(WebCore::PlatformCertificateInfo::PlatformCertificateInfo):
(WebCore::PlatformCertificateInfo::~PlatformCertificateInfo):
(WebCore::PlatformCertificateInfo::setCertificateChain):
(WebCore::PlatformCertificateInfo::certificateChain):
(WebCore::PlatformCertificateInfo::dump):

platform/network/mac/ResourceResponseMac.mm:

(WebCore::ResourceResponse::setCertificateChain):
(WebCore::ResourceResponse::certificateChain):

platform/network/soup/PlatformCertificateInfoSoup.cpp:

(WebCore::PlatformCertificateInfo::PlatformCertificateInfo):
(WebCore::PlatformCertificateInfo::~PlatformCertificateInfo):

platform/network/soup/ResourceError.h:

(WebCore::ResourceError::ResourceError):
(WebCore::ResourceError::tlsErrors):
(WebCore::ResourceError::setTLSErrors):
(WebCore::ResourceError::certificate):
(WebCore::ResourceError::setCertificate):

platform/network/soup/ResourceErrorSoup.cpp:

(WebCore::ResourceError::platformCopy):

platform/network/soup/ResourceResponse.h:

(WebCore::ResourceResponse::ResourceResponse):
(WebCore::ResourceResponse::soupMessageCertificate):
(WebCore::ResourceResponse::setSoupMessageCertificate):
(WebCore::ResourceResponse::soupMessageTLSErrors):
(WebCore::ResourceResponse::setSoupMessageTLSErrors):

platform/network/soup/ResourceResponseSoup.cpp:

(WebCore::ResourceResponse::toSoupMessage):
(WebCore::ResourceResponse::updateFromSoupMessage):

Source/WebKit2:

The following things were fixed by Csaba Osztrogonác:

trivial conflicts resolved in WebCore.exp.in, project.pbxproj, NetworkResourceLoader.cpp, WebPageProxy.h, WebFrameLoaderClient.cpp and PlatformEfl.cmake.
trivial fix in the new AsynchronousNetworkLoaderClient.cpp
style fixed (NULL -> 0 and smaller indentation in WebCoreArgumentCodersSoup.cpp)
obsolete change removed from NetworkResourceLoader.cpp
unneeded typo removed from ResourceHandleSoup.cpp
Fixed the if guard of including RetainPtr.h in PlatformCertificateInfo.h to make Windows build happy.
add PlatformCertificateInfoCFNet.cpp with empty constructor and destructor to make Windows build happy.
resolve conflict in Source/WebCore/WebCore.xcodeproj/project.pbxproj after r156488
rename KURL to URL after r156550.
remove obsolete Qt changes
added back initializers for m_soupFlags
included gio/gio.h instead of libsoup/soup.h in PlatformCertificateInfo.h
removed unused class forward declarations and includes

GNUmakefile.list.am:
NetworkProcess/AsynchronousNetworkLoaderClient.cpp:

(WebKit::AsynchronousNetworkLoaderClient::didReceiveResponse):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
NetworkProcess/NetworkResourceLoader.cpp:
NetworkProcess/mac/NetworkProcessMac.mm:
PlatformEfl.cmake:
PlatformGTK.cmake:
Shared/API/c/mac/WKCertificateInfoMac.mm:

(WKCertificateInfoCreateWithCertficateChain):

Shared/Authentication/AuthenticationManager.h:
Shared/Authentication/AuthenticationManager.messages.in:
Shared/Authentication/mac/AuthenticationManager.mac.mm:
Shared/UserMessageCoders.h:

(WebKit::UserMessageDecoder::baseDecode):

Shared/WebCertificateInfo.h:

(WebKit::WebCertificateInfo::create):
(WebKit::WebCertificateInfo::platformCertificateInfo):
(WebKit::WebCertificateInfo::WebCertificateInfo):

Shared/WebCoreArgumentCoders.cpp:

(CoreIPC::::decode):
(CoreIPC::::encode):

Shared/WebCoreArgumentCoders.h:
Shared/mac/WebCoreArgumentCodersMac.mm:

(CoreIPC::::encodePlatformData):
(CoreIPC::::decodePlatformData):

Shared/soup/PlatformCertificateInfo.cpp: Removed.
Shared/soup/WebCoreArgumentCodersSoup.cpp:

(CoreIPC::::encodePlatformData):
(CoreIPC::::decodePlatformData):

Target.pri:
UIProcess/API/gtk/WebKitWebView.cpp:

(webkit_web_view_get_tls_info):

UIProcess/Authentication/AuthenticationChallengeProxy.cpp:

(WebKit::AuthenticationChallengeProxy::useCredential):

UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::didCommitLoad):

UIProcess/WebFrameProxy.h:
UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
WebKit2.xcodeproj/project.pbxproj:
WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo):

WebProcess/Network/WebResourceLoader.h:
WebProcess/Network/WebResourceLoader.messages.in:
WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidCommitLoad):

12:02 AM Changeset in webkit [157444] by rniwa@webkit.org

4 edits in trunk/Source/WebCore

Remove redundant Document::getElementById
https://bugs.webkit.org/show_bug.cgi?id=122813

Reviewed by Andreas Kling.

Merge https://chromium.googlesource.com/chromium/blink/+/4e8f1c5316415614b84370c602beae4a1008299f

This function simply calls virtual TreeScope::getElementById and Document inherits from TreeScope.

WebCore.exp.in:
dom/Document.cpp:
dom/Document.h:

Oct 14, 2013:

10:55 PM Changeset in webkit [157443] by commit-queue@webkit.org

4 edits
4 adds in trunk

Source/WebCore: in safari,the background-color of input[type="search"] can't work
https://bugs.webkit.org/show_bug.cgi?id=119967

Patch by Santosh Mahto <santosh.ma@samsung.com> on 2013-10-14
Reviewed by Ryosuke Niwa.

When input type=search is styled with css background property then
it does not change the background-color of field. Its happening becasue
search field is not counted as styled control. Thus theme ignores the
css background property. With this patch search field is also counted as
styled control so background property reflects on search field.

Test: fast/forms/search/search-field-background-color.html

rendering/RenderTheme.cpp:

(WebCore::RenderTheme::isControlStyled):Now search field is also
a styled control.

LayoutTests: in safari ,the background-color of input[type="search"] can't work
https://bugs.webkit.org/show_bug.cgi?id=119967

Patch by Santosh Mahto <santosh.ma@samsung.com> on 2013-10-14
Reviewed by Ryosuke Niwa.

Added testcase to verify the background color of search field when
search field is styled with css background property.

fast/forms/search/search-field-background-color-expected.txt: Added.
fast/forms/search/search-field-background-color.html: Added.
platform/mac/fast/forms/search-styled-expected.txt: Rebaselined.

10:06 PM Changeset in webkit [157442] by zoltan@webkit.org

1 edit
22 moves
1 add in trunk/LayoutTests

[CSS Shapes] Move shape-inside floats tests into their own subdirectory
https://bugs.webkit.org/show_bug.cgi?id=122761

Reviewed by Sam Weinig.

I'm going to add some new float tests soon. In order to keep our shapes tests organized,
I'm moving the shape-inside with floating content tests to their own subdirectory.

fast/shapes/shape-inside/floats/shape-inside-floats-simple-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-floats-simple-expected.html.
fast/shapes/shape-inside/floats/shape-inside-floats-simple.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-floats-simple.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-left-triangle-block-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-left-triangle-block-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-left-triangle-block-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-left-triangle-block-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-left-triangle-inline-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-left-triangle-inline-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-left-triangle-inline-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-left-triangle-inline-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle-block-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle-block-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle-block-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle-block-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle-inline-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle-inline-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle-inline-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle-inline-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-lower-right-triangle.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-lower-right-triangle.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-block-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-block-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-block-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-block-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-inline-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-inline-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-inline-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-inline-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-vertical-lr-inline-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-vertical-lr-inline-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-left-triangle-vertical-lr-inline-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-left-triangle-vertical-lr-inline-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-right-triangle-block-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-right-triangle-block-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-right-triangle-block-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-right-triangle-block-content.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-right-triangle-inline-content-expected.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-right-triangle-inline-content-expected.html.
fast/shapes/shape-inside/floats/shape-inside-left-float-in-upper-right-triangle-inline-content.html: Renamed from LayoutTests/fast/shapes/shape-inside/shape-inside-left-float-in-upper-right-triangle-inline-content.html.

9:08 PM Changeset in webkit [157441] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

EventPath::updateTouchLists traverses through EventPath thrice
https://bugs.webkit.org/show_bug.cgi?id=122804

Reviewed by Benjamin Poulain.

Instead of traversing through EventPath for each TouchList, traverse through TouchList for every EventContext.
This paves our way to have one-pass traversal over EventPath, and evetually to remove EventContext altogether.

This change should also improve the cache hit rate since all Touch objects tend to be allocated at the same time
but this performance improvement is probably not observable.

dom/EventContext.h:
dom/EventDispatcher.cpp:

(WebCore::EventRelatedNodeResolver::EventRelatedNodeResolver): Added a new constructor that takes Touch and
and TouchListType. We need to store these two values in order to update EventContext later.
(WebCore::EventRelatedNodeResolver::touch): Added,
(WebCore::EventRelatedNodeResolver::touchListType): Added.
(WebCore::addRelatedNodeResolversForTouchList): Extracted from updateTouchListsInEventPath.
(WebCore::EventPath::updateTouchLists): Moved the loop over m_path here. Notice that the outer loop iterates
over m_path instead of touchList as done in updateTouchListsInEventPath. The inner loop goes through resolvers
and adds Touch objects each EventContext as needed.

8:48 PM Changeset in webkit [157440] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed, EFL gardening. Below tests don't be failed anymore after enabling subpixel layout.

fast/spatial-navigation/snav-container-white-space.html
fast/spatial-navigation/snav-fully-aligned-horizontally.html
fast/spatial-navigation/snav-iframe-no-scrollable-content.html

platform/efl/TestExpectations:

8:03 PM Changeset in webkit [157439] by mark.lam@apple.com

11 edits in trunk/Source/JavaScriptCore

Transition *switch* and *scope* JITStubs to JIT operations.
https://bugs.webkit.org/show_bug.cgi?id=122757.

Reviewed by Geoffrey Garen.

Transitioning:

cti_op_switch_char
cti_op_switch_imm
cti_op_switch_string
cti_op_resolve_scope
cti_op_get_from_scope
cti_op_put_to_scope

jit/JIT.h:
jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitSlow_op_put_to_scope):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitSlow_op_put_to_scope):

jit/JITStubs.cpp:
jit/JITStubs.h:

7:47 PM Changeset in webkit [157438] by ap@apple.com

16 edits in trunk/Source/WebCore

Don't generate a wasteful isObservable check in isReachableFromOpaqueRoots
https://bugs.webkit.org/show_bug.cgi?id=122802

Reviewed by Mark Hahnenberg.

bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): Don't.

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
bindings/scripts/test/JS/JSTestEventConstructor.cpp:
bindings/scripts/test/JS/JSTestEventTarget.cpp:
bindings/scripts/test/JS/JSTestException.cpp:
bindings/scripts/test/JS/JSTestInterface.cpp:
bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
bindings/scripts/test/JS/JSTestTypedefs.cpp:
bindings/scripts/test/JS/JSattribute.cpp:
bindings/scripts/test/JS/JSreadonly.cpp:

Updated results.

6:06 PM Changeset in webkit [157437] by roger_fong@apple.com

5 edits
1 delete in trunk

Windows select element doesn't draw RTL properly.
https://bugs.webkit.org/show_bug.cgi?id=122785.

Reviewed by Brent Fulgham.

Problems include the popup items not drawing on the right hand side and
not respecting the direction or the directional override styling of the option.
The selected element (drawn in the actual select element) also doesn't respect
the style settings of the selected menu option.

Tests:
Covered by fast/text/international/pop-up-button-text-alignment-and-direction.html.

platform/win/PopupMenuWin.cpp:

(WebCore::PopupMenuWin::paint):

WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::selectItemWritingDirectionIsNatural):
(WebChromeClient::selectItemAlignmentFollowsMenuWritingDirection):

platform/win/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt: Removed.

5:38 PM Changeset in webkit [157436] by rniwa@webkit.org

3 edits
2 adds in trunk

Source/WebCore: AX: fieldset should have GroupRole and legend should be description.
https://bugs.webkit.org/show_bug.cgi?id=122534

Patch by Samuel White <Samuel White> on 2013-10-14
Reviewed by Chris Fleizach.

Changes fieldset to derive AXDescription from legend if one is available. Added
convenience method to AccessibilityObject to fetch element if available.

Test: accessibility/fieldset-element.html

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::canHaveChildren):
(WebCore::AccessibilityNodeObject::alternativeText):

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::isARIAHidden):
(WebCore::AccessibilityObject::isDOMHidden):
(WebCore::AccessibilityObject::defaultObjectInclusion):

accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isHidden):

accessibility/AccessibilitySlider.cpp:

(WebCore::AccessibilitySlider::getAttribute):
(WebCore::AccessibilitySlider::valueForRange):
(WebCore::AccessibilitySlider::maxValueForRange):
(WebCore::AccessibilitySlider::minValueForRange):
(WebCore::AccessibilitySlider::setValue):
(WebCore::AccessibilitySlider::inputElement):

accessibility/AccessibilitySlider.h:
accessibility/mac/AccessibilityObjectMac.mm:

(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::legend):

html/HTMLFieldSetElement.h:

LayoutTests: Crash in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine
https://bugs.webkit.org/show_bug.cgi?id=122776

Reviewed by Darin Adler.

fast/text/whitespace/whitespace-and-margin-wrap-after-list-marker-crash-expected.txt: Added.
fast/text/whitespace/whitespace-and-margin-wrap-after-list-marker-crash.html: Added.

5:35 PM Changeset in webkit [157435] by roger_fong@apple.com

2 edits in trunk/Tools

Adding myself to CC list for some components.

Scripts/webkitpy/common/config/watchlist:

5:23 PM Changeset in webkit [157434] by commit-queue@webkit.org

12 edits
2 adds
6 deletes in trunk

AX: fieldset should have GroupRole and legend should be description.
https://bugs.webkit.org/show_bug.cgi?id=122534

Patch by Samuel White <Samuel White> on 2013-10-14
Reviewed by Chris Fleizach.

Source/WebCore:

Changes fieldset to derive AXDescription from legend if one is available. Added
convenience method to AccessibilityObject to fetch element if available.

Test: accessibility/fieldset-element.html

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::canHaveChildren):
(WebCore::AccessibilityNodeObject::alternativeText):

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::isARIAHidden):
(WebCore::AccessibilityObject::isDOMHidden):
(WebCore::AccessibilityObject::defaultObjectInclusion):

accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isHidden):

accessibility/AccessibilitySlider.cpp:

accessibility/AccessibilitySlider.h:
accessibility/mac/AccessibilityObjectMac.mm:

(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::legend):

html/HTMLFieldSetElement.h:

LayoutTests:

legend no longer treated as titleUIElement so removing tests that check this functionality.
Added test to check that legend is used as AXDescription of fieldset if present.

accessibility/fieldset-element.html: Added.
accessibility/hidden-legend-expected.txt: Removed.
accessibility/hidden-legend.html: Removed.
accessibility/legend.html: Removed.
platform/efl/accessibility/legend-expected.txt: Removed.
platform/gtk/accessibility/legend-expected.txt: Removed.
platform/mac/accessibility/fieldset-element-expected.txt: Added.
platform/mac/accessibility/legend-expected.txt: Removed.
platform/mac/accessibility/role-subrole-roledescription-expected.txt:
platform/mac/accessibility/role-subrole-roledescription.html:

5:05 PM Changeset in webkit [157433] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
https://bugs.webkit.org/show_bug.cgi?id=122786

Reviewed by Mark Hahnenberg.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.

jit/Repatch.cpp:

(JSC::repatchPutByID): Doing the PutById patching should hold the lock.
(JSC::buildPutByIdList): Ditto.

5:02 PM Changeset in webkit [157432] by roger_fong@apple.com

2 edits in trunk/Source/WebCore

[Windows] Unreviewed build fix.

WebCore.vcxproj/WebCoreCommon.props:

4:58 PM Changeset in webkit [157431] by rniwa@webkit.org

3 edits
2 adds in trunk

Assertion failure in Range::processContentsBetweenOffsets
https://bugs.webkit.org/show_bug.cgi?id=122777

Reviewed by Darin Adler.

Source/WebCore:

Merge https://chromium.googlesource.com/chromium/blink/+/c15de182774c7859c20d97126eb844ae97b792a4

This patch changes ASSERT statements for checking |endOffset| inbound in Range::processContentsBetweenOffsets()
to limit |endOffset|. This is necessary when DOMNodeRemovedFromDocument event handler splits text nodes,
Range::insertNode() on text node, in the range calling Range::deleteContents().

Test: fast/dom/Range/range-delete-contents-mutation-event-crash.html

dom/Range.cpp:

(WebCore::Range::processContentsBetweenOffsets):

LayoutTests:

fast/dom/Range/range-delete-contents-mutation-event-crash-expected.txt: Added.
fast/dom/Range/range-delete-contents-mutation-event-crash.html: Added.

4:36 PM Changeset in webkit [157430] by ap@apple.com

12 edits
11 adds in trunk

Add an empty window.crypto.webkitSubtle
https://bugs.webkit.org/show_bug.cgi?id=122778

Reviewed by Mark Hahnenberg.

Source/WebCore:

Tests: security/crypto-subtle-gc-2.html

security/crypto-subtle-gc-3.html
security/crypto-subtle-gc.html

DerivedSources.make: Process SubtleCrypto.idl.

crypto: Added.
WebCore.xcodeproj/project.pbxproj:
CMakeLists.txt:
DerivedSources.make:
GNUmakefile.am:
GNUmakefile.list.am:
WebCore.vcxproj/WebCore.vcxproj.filters:

bindings/js/JSSubtleCryptoCustom.cpp: Added. Empty for now, but we'll certainly

need custom bindings code here.

crypto/SubtleCrypto.cpp: Added.

(WebCore::SubtleCrypto::SubtleCrypto):
(WebCore::SubtleCrypto::document):

crypto/SubtleCrypto.h: Added.
crypto/SubtleCrypto.idl: Added.
page/Crypto.cpp:

(WebCore::Crypto::subtle):

page/Crypto.h:
page/Crypto.idl:

LayoutTests:

TestExpectations: The feature isn't enabled anywhere yet, so skipping the new tests.

security/crypto-subtle-gc-2-expected.txt: Added.
security/crypto-subtle-gc-2.html: Added.
security/crypto-subtle-gc-3-expected.txt: Added.
security/crypto-subtle-gc-3.html: Added.
security/crypto-subtle-gc-expected.txt: Added.
security/crypto-subtle-gc.html: Added.

4:30 PM Changeset in webkit [157429] by mark.lam@apple.com

3 edits in trunk/Source/JavaScriptCore

Add FTL support for LogicalNot(string)
https://bugs.webkit.org/show_bug.cgi?id=122765

Patch by Nadav Rotem <nrotem@apple.com> on 2013-10-14
Reviewed by Filip Pizlo.

This patch is tested by:
regress/script-tests/emscripten-cube2hash.js.ftl-eager

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileLogicalNot):

4:26 PM Changeset in webkit [157428] by commit-queue@webkit.org

6 edits in trunk/Source/WebCore

Remove GestureEvent leftovers from WebCore
<https://webkit.org/b/122780>

Patch by Nick Diego Yamane <nick.yamane@openbossa.org> on 2013-10-14
Reviewed by Anders Carlsson.

Removed some remaining references to PlatformGestureEvent, supposed to be removed by r157316
TOUCH_ADJUSTMENT should be reworked after GestureEvent feature removal

page/EventHandler.cpp:

(WebCore::EventHandler::bestZoomableAreaForTouchPoint):

page/EventHandler.h:
platform/PlatformEvent.h:
platform/ScrollAnimatorNone.cpp:
platform/ScrollableArea.h:

4:22 PM Changeset in webkit [157427] by commit-queue@webkit.org

5 edits in trunk/Source/JavaScriptCore

[sh4] Fixes after r157404 and r157411.
https://bugs.webkit.org/show_bug.cgi?id=122782

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-14
Reviewed by Michael Saboff.

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

jit/JITInlines.h:

(JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.

4:17 PM Changeset in webkit [157426] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Build fix after r157366
http://bugs.webkit.org/show_bug.cgi?id=122783

When TOUCH_AJUSTMENT is enabled build fails due to some
refactors in TextRender functions.

Patch by Nick Diego Yamane <nick.yamane@openbossa.org> on 2013-10-14
Reviewed by Anders Carlsson.

page/TouchAdjustment.cpp:

(WebCore::TouchAdjustment::appendContextSubtargetsForNode):

4:08 PM Changeset in webkit [157425] by Alexandru Chiculita

5 edits
3 adds in trunk

The content of the DOM panel for iframes is not updated until the "onload" event
https://bugs.webkit.org/show_bug.cgi?id=122653

Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/inspector-protocol/loading-iframe-document-node.html

Renamed InspectorDOMAgent::loadEventFired to InspectorDOMAgent::didCommitLoad and moved the call site
from InspectorInstrumentation::loadEventFiredImpl to InspectorInstrumentation::didCommitLoadImpl.
This is to make sure that it will invalidate the content of the iframe as soon as the frame navigates
to a different page. This way the new node can be retrieved as soon as the page has some content, and
not just when the page is fully loaded.

inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::didCommitLoad): Renamed from loadEventFired, as it is now called from
didCommitLoadImpl instead.
(WebCore::InspectorDOMAgent::frameDocumentUpdated): Updated comment to point to the new function name.

inspector/InspectorDOMAgent.h:
inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::loadEventFiredImpl): Removed call do InspectorDOMAgent.loadEventFired.
(WebCore::InspectorInstrumentation::didCommitLoadImpl): Added call to InspectorDOMAgent.didCommitLoad.

LayoutTests:

Added test to check that immediately after the scripting context is created, the
inspector already has access to the nodeId of the document of the iframe.

http/tests/inspector-protocol/loading-iframe-document-node-expected.txt: Added.
http/tests/inspector-protocol/loading-iframe-document-node.html: Added.
http/tests/inspector-protocol/resources/slow-test-page.html: Added.

2:59 PM Changeset in webkit [157424] by commit-queue@webkit.org

14 edits
1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r157413.
http://trac.webkit.org/changeset/157413
https://bugs.webkit.org/show_bug.cgi?id=122779

Appears to have caused frequent crashes (Requested by ap on
#webkit).

CMakeLists.txt:
GNUmakefile.list.am:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
heap/DeferGC.cpp: Removed.
heap/DeferGC.h:
jit/JITStubs.cpp:

(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

runtime/ConcurrentJITLock.h:
runtime/InitializeThreading.cpp:

(JSC::initializeThreadingOnce):

runtime/JSCellInlines.h:

(JSC::allocateCell):

runtime/Structure.cpp:

(JSC::Structure::materializePropertyMap):
(JSC::Structure::putSpecificValue):
(JSC::Structure::createPropertyMap):

runtime/Structure.h:

2:45 PM Changeset in webkit [157423] by roger_fong@apple.com

3 edits in trunk/Source/WebCore

https://bugs.webkit.org/show_bug.cgi?id=122774.
<rdar://problem/6138855>.

Reviewed by Brent Fulgham.

Add a field to keep track of hovered over index.
Use index to determine whether or not to use the existing selected index on the mouse down event.

platform/win/PopupMenuWin.cpp:

(WebCore::PopupMenuWin::PopupMenuWin):
(WebCore::PopupMenuWin::show):
(WebCore::PopupMenuWin::wndProc):

platform/win/PopupMenuWin.h:

2:41 PM Changeset in webkit [157422] by mhahnenberg@apple.com

2 edits in trunk/Source/JavaScriptCore

COLLECT_ON_EVERY_ALLOCATION causes assertion failures
https://bugs.webkit.org/show_bug.cgi?id=122652

Reviewed by Filip Pizlo.

COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
so we would end up ASSERTing during garbage collection.

heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateSlowCase):

2:11 PM Changeset in webkit [157421] by fpizlo@apple.com

2 edits in trunk/LayoutTests

Unreviewed, fix the paths so that the test passes.

js/regress/put-by-id.html:

2:08 PM Changeset in webkit [157420] by oliver@apple.com

7 edits in trunk/Source/JavaScriptCore

Separate out array iteration intrinsics
https://bugs.webkit.org/show_bug.cgi?id=122656

Reviewed by Michael Saboff.

Separate out the intrinsics for key and values iteration
of arrays.

This requires moving moving array iteration into the iterator
instance, rather than the prototype, but this is essentially
unobservable so we'll live with it for now.

jit/ThunkGenerators.cpp:

(JSC::arrayIteratorNextThunkGenerator):
(JSC::arrayIteratorNextKeyThunkGenerator):
(JSC::arrayIteratorNextValueThunkGenerator):

jit/ThunkGenerators.h:
runtime/ArrayIteratorPrototype.cpp:

(JSC::ArrayIteratorPrototype::finishCreation):

runtime/Intrinsic.h:
runtime/JSArrayIterator.cpp:

(JSC::JSArrayIterator::finishCreation):
(JSC::createIteratorResult):
(JSC::arrayIteratorNext):
(JSC::arrayIteratorNextKey):
(JSC::arrayIteratorNextValue):
(JSC::arrayIteratorNextGeneric):

runtime/VM.cpp:

(JSC::thunkGeneratorForIntrinsic):

1:49 PM Changeset in webkit [157419] by timothy_horton@apple.com

18 edits
3 adds in trunk/Source

Virtualize PlatformCALayer
https://bugs.webkit.org/show_bug.cgi?id=122672

Reviewed by Anders Carlsson.

No new tests, just a refactoring.

WebCore.exp.in:

setGeometryFlipped is on PlatformCALayerMac now.

WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:

Add PlatformCALayer.cpp, PlatformCALayerWin.h, and let VS do its
thing with some other files.

WebCore.xcodeproj/project.pbxproj:

Add PlatformCALayer.cpp and PlatformCALayerMac.h.

platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:

(WebCore::AVFWrapper::platformLayer):
Make a PlatformCALayerWin explicitly.

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::createPlatformCALayer):
Added. Decide whether to make a PlatformCALayer{Mac, Win} based on the platform.
Later, we will decide between other subclasses based on other things.

(WebCore::GraphicsLayerCA::filtersCanBeComposited):
Do the same thing for filtersCanBeComposited.

(WebCore::GraphicsLayerCA::GraphicsLayerCA):
(WebCore::GraphicsLayerCA::setContentsToSolidColor):
(WebCore::GraphicsLayerCA::setContentsToMedia):
(WebCore::GraphicsLayerCA::setContentsToCanvas):
(WebCore::GraphicsLayerCA::recursiveCommitChanges):
(WebCore::GraphicsLayerCA::ensureStructuralLayer):
(WebCore::GraphicsLayerCA::updateContentsImage):
(WebCore::GraphicsLayerCA::updateContentsRects):
(WebCore::GraphicsLayerCA::swapFromOrToTiledLayer):
Use createPlatformCALayer instead of PlatformCALayer::create.

platform/graphics/ca/mac/PlatformCAFiltersMac.mm:

For now, use the PlatformCALayerMac version of filtersCanBeComposited,
since this code is heavily tied to having CALayers in the Web process.

platform/graphics/ca/GraphicsLayerCA.h:

Include PlatformCALayer.h here so we can get the LayerType enum.
(NOTE-to-be-removed: if there's a better way to do this, I'm open to
suggestions; I couldn't puzzle out nested 'enum class' stuff).

Add the createPlatformCALayers.

platform/graphics/ca/PlatformCAAnimation.h:

Friend the subclasses too.

platform/graphics/ca/PlatformCALayer.cpp: Added.

(WebCore::PlatformCALayer::~PlatformCALayer):
Pull the shared part of the PlatformCALayer destructor out.

platform/graphics/ca/PlatformCALayer.h:

(WebCore::PlatformCALayer::platformLayer):
(WebCore::PlatformCALayer::setOwner):
(WebCore::PlatformCALayer::PlatformCALayer):
Virtualize all the things. Move platform specific members to their new subclasses.

platform/graphics/ca/mac/PlatformCALayerMac.h: Added.
platform/graphics/ca/mac/PlatformCALayerMac.mm:

Move the PLATFORM(MAC) implementations from PlatformCALayer to PlatformCALayerMac.

(PlatformCALayer::platformCALayer):
The platformCALayer lookup function is static on PlatformCALayer, so it can't
be moved to the subclasses. It might be a good idea in the future to move towards
a platform-independent mechanism for looking up PlatformCALayers from PlatformLayers,
and to avoid needing to do this as often as we do now.

platform/graphics/ca/win/CACFLayerTreeHost.cpp:

(WebCore::CACFLayerTreeHost::CACFLayerTreeHost):

platform/graphics/ca/win/PlatformCALayerWin.cpp:

Move the PLATFORM(WIN) implementations from PlatformCALayer to PlatformCALayerWin.

(PlatformCALayerWin::create):
(PlatformCALayer::platformCALayer):

platform/graphics/ca/win/PlatformCALayerWin.h: Added.

platform/graphics/win/GraphicsContext3DWin.cpp:

(WebCore::GraphicsContext3D::GraphicsContext3D):

platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:

(WebCore::MediaPlayerPrivateQuickTimeVisualContext::createLayerForMovie):
Include PlatformCALayerWin.h and explicitly make PlatformCALayerWins here.

FullscreenVideoController.cpp:

(FullscreenVideoController::FullscreenVideoController):
Include PlatformCALayerWin.h and explicitly make PlatformCALayerWins here.

1:44 PM Changeset in webkit [157418] by Hugo Parente Lima

3 edits in trunk/Source/WebCore

[cmake] MediaControlsApple is used only by Efl port and is on CMakeLists.txt
https://bugs.webkit.org/show_bug.cgi?id=122772

Reviewed by Anders Carlsson.

CMakeLists.txt: Removed MediaControlsApple.cpp
PlatformEfl.cmake: Added MediaControlsApple.cpp

1:28 PM Changeset in webkit [157417] by ap@apple.com

6 edits
2 adds in trunk

window.crypto doesn't preserve custom properties
https://bugs.webkit.org/show_bug.cgi?id=122770

Reviewed by Mark Hahnenberg.

Source/WebCore:

Test: security/crypto-gc.html

Generate isReachableFromOpaqueRoots that makes Crypto live as long as the document
lives (because that's when it's observable through window object).

page/Crypto.cpp:

(WebCore::Crypto::Crypto):
(WebCore::Crypto::~Crypto):
(WebCore::Crypto::document):

page/Crypto.h:

(WebCore::Crypto::create):
Made Crypto a ContextDestructionObserver, so that it can report its document to bindings.
Removed ScriptWrappable, because it seems to have served no purpose in this class.

page/Crypto.idl: Added GenerateIsReachable. Removed ImplementationLacksVTable,

because the class now has a vtable, and can be checked for bindings integrity.

page/DOMWindow.cpp: (WebCore::DOMWindow::crypto): Pass a document when creating

crypto.

LayoutTests:

security/crypto-gc-expected.txt: Added.
security/crypto-gc.html: Added.

1:11 PM Changeset in webkit [157416] by akling@apple.com

4 edits in trunk/Source/WebCore

CTTE: NamedNodeMap always has a corresponding Element.
<https://webkit.org/b/122769>

Reviewed by Anders Carlsson.

Made NamedNodeMap::m_element a reference and remove an assertion
that it's never null.

12:53 PM Changeset in webkit [157415] by akling@apple.com

2 edits in trunk/Source/WebCore

REGRESSION(r157408): Crashes in RenderFullScreen::wrapRenderer().

Unreviewed crash fix for these two tests:

fullscreen/full-screen-restrictions.html
fullscreen/empty-anonymous-block-continuation-crash.html

rendering/RenderFullScreen.cpp:

(RenderFullScreen::wrapRenderer):

Get the RenderArena from Document like we did before this patch.

12:35 PM Changeset in webkit [157414] by hmuller@adobe.com

4 edits
2 adds in trunk

[CSS Shapes] Image valued shape-outside shapes should update the layout after the image has been loaded
https://bugs.webkit.org/show_bug.cgi?id=122340

Reviewed by Simon Fraser.

Source/WebCore:

Ensure that the an image-valued shape-outside layout is updated after the image has
been loaded.

Test: http/tests/css/css-image-valued-shape.html

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::imageChanged): Added code for the shape-outside case.
(WebCore::RenderBlock::updateShapeInsideInfoAfterStyleChange): Ditto.

rendering/RenderElement.cpp:

(WebCore::RenderElement::~RenderElement): Ditto.
(WebCore::RenderElement::setStyle): Ditto.

LayoutTests:

Verify that an image-valued shape-outside layout is updated after the image has been loaded.

http/tests/css/css-image-valued-shape-expected.txt: Added.
http/tests/css/css-image-valued-shape.html: Added.

12:34 PM Changeset in webkit [157413] by mhahnenberg@apple.com

14 edits
1 add in trunk/Source/JavaScriptCore

llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
https://bugs.webkit.org/show_bug.cgi?id=122667

Reviewed by Filip Pizlo.

The issue this patch is attempting to fix is that there are places in our codebase
where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
operations that can initiate a garbage collection. Garbage collection then calls
some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
always necessarily run during garbage collection). This causes a deadlock.

To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores
into a thread-local field that indicates that it is unsafe to perform any operation
that could trigger garbage collection on the current thread. In debug builds,
ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly
detect deadlocks.

This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
which uses the DeferGC mechanism to prevent collections from occurring while the
lock is held.

CMakeLists.txt:
GNUmakefile.list.am:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
heap/DeferGC.cpp: Added.
heap/DeferGC.h:

(JSC::DisallowGC::DisallowGC):
(JSC::DisallowGC::~DisallowGC):
(JSC::DisallowGC::isGCDisallowedOnCurrentThread):
(JSC::DisallowGC::initialize):

jit/JITStubs.cpp:

(JSC::tryCachePutByID):
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

runtime/ConcurrentJITLock.h:

(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
(JSC::ConcurrentJITLockerBase::unlockEarly):
(JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
(JSC::ConcurrentJITLocker::ConcurrentJITLocker):

runtime/InitializeThreading.cpp:

(JSC::initializeThreadingOnce):

runtime/JSCellInlines.h:

(JSC::allocateCell):

runtime/Structure.cpp:

(JSC::Structure::materializePropertyMap):
(JSC::Structure::putSpecificValue):
(JSC::Structure::createPropertyMap):

runtime/Structure.h:

12:24 PM Changeset in webkit [157412] by akling@apple.com

3 edits in trunk/Source/WebCore

Remove some silly null checks in Element/NamedNodeMap.
<https://webkit.org/b/122767>

Reviewed by Darin Adler.

Make shouldIgnoreAttributeCase() take a const Element&, exposing
some unnecessary null checks.

11:39 AM Changeset in webkit [157411] by fpizlo@apple.com

19 edits
3 adds in trunk

Baseline JIT should use the DFG's PutById IC
https://bugs.webkit.org/show_bug.cgi?id=122704

Source/JavaScriptCore:

Reviewed by Mark Hahnenberg.

Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
that JIT to use the DFG's (i.e. JITOperations) PutById IC.

The only complicated part was that the PutById operations assumed that we first did a
cell speculation, which the baseline JIT obviously won't do. So I changed all of those
slow paths to deal with EncodedJSValue's.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetStubInternal):

bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFor):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

jit/JIT.cpp:

(JSC::PropertyStubCompilationInfo::copyToStubInfo):

jit/JIT.h:

(JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
(JSC::PropertyStubCompilationInfo::slowCaseInfo):

jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOperationWrappers.h:
jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):

jit/JITStubs.cpp:
jit/JITStubs.h:
jit/Repatch.cpp:

(JSC::appropriateGenericPutByIdFunction):
(JSC::appropriateListBuildingPutByIdFunction):
(JSC::resetPutByID):

LayoutTests:

Reviewed by Mark Hahnenberg.

js/regress/put-by-id-expected.txt: Added.
js/regress/put-by-id.html: Added.
js/regress/script-tests/put-by-id.js: Added.

(foo):
(bar):

11:29 AM Changeset in webkit [157410] by Brent Fulgham

2 edits in trunk/Source/WebCore

[Win] Build fix after r122737.

dom/Node.h: Add explicit WebCore namespace to macro definition to work around

Visual Studio bug.

11:08 AM Changeset in webkit [157409] by fpizlo@apple.com

7 edits in trunk/Source/JavaScriptCore

FTL should have an inefficient but correct implementation of GetById
https://bugs.webkit.org/show_bug.cgi?id=122740

Reviewed by Mark Hahnenberg.

It took some effort to realize that the node->prediction() check in the DFG backends
are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
if !prediction.

But other than that this was an easy patch.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleGetById):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLIntrinsicRepository.h:
ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetById):

10:55 AM Changeset in webkit [157408] by akling@apple.com

149 edits in trunk/Source/WebCore

Pass Document directly to anonymous renderer constructors.
<https://webkit.org/b/122752>

Reviewed by Antti Koivisto.

Added separate constructors for creating anonymous renderers that
take a Document& instead of a null Element*/Text*.

Removed setDocumentForAnonymous() and all createAnonymous() helpers.
...and RenderObject::m_node is now a Node&, wohoo!

10:50 AM Changeset in webkit [157407] by mihnea@adobe.com

7 edits
8 moves
1 add in trunk/LayoutTests

[CSSRegions] Move style-scoped* tests into fast/regions/style-scoped
https://bugs.webkit.org/show_bug.cgi?id=122741

Reviewed by Darin Adler.

Move files, adjust TestExpectations.

fast/regions/style-scoped/style-scoped-in-flow-expected.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-expected.html.
fast/regions/style-scoped/style-scoped-in-flow-override-container-style-expected.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-container-style-expected.html.
fast/regions/style-scoped/style-scoped-in-flow-override-container-style.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-container-style.html.
fast/regions/style-scoped/style-scoped-in-flow-override-region-styling-expected.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-region-styling-expected.html.
fast/regions/style-scoped/style-scoped-in-flow-override-region-styling-multiple-regions-expected.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-region-styling-multiple-regions-expected.html.
fast/regions/style-scoped/style-scoped-in-flow-override-region-styling-multiple-regions.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-region-styling-multiple-regions.html.
fast/regions/style-scoped/style-scoped-in-flow-override-region-styling.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow-override-region-styling.html.
fast/regions/style-scoped/style-scoped-in-flow.html: Renamed from LayoutTests/fast/regions/style-scoped-in-flow.html.
platform/efl/TestExpectations:
platform/gtk-wk2/TestExpectations:
platform/gtk/TestExpectations:
platform/mac/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

10:16 AM Changeset in webkit [157406] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

[WK2][Efl][Soup] Make NetworkProcessMainUnix handle proxy settings.
https://bugs.webkit.org/show_bug.cgi?id=118388

Reviewed by Carlos Garcia Campos.

Original patch by Kwang Yul Seo <skyul@company100.net> .

Proxy configuration should honor the no_proxy environment variable
same to WebProcess. It is necessary not to change the current behaviour.
See https://bugs.webkit.org/show_bug.cgi?id=91747 for details.

The following things were fixed by Csaba Osztrogonác:

moved session variable before #if not to have conflict with https://bugs.webkit.org/show_bug.cgi?id=118343
added GRefPtr.h include
fixed ifdef guards

NetworkProcess/unix/NetworkProcessMainUnix.cpp:

(WebKit::NetworkProcessMain):
Copied from WebProcessMainEfl.cpp.

9:52 AM Changeset in webkit [157405] by weinig@apple.com

31 edits in trunk/Source/WebCore

CTTE: Add more node conversion helpers
https://bugs.webkit.org/show_bug.cgi?id=122737

Reviewed by Darin Adler.

Factor NODE_TYPE_CASTS into TYPE_CASTS_BASE(ToClassName, FromClassName) to allow for DOCUMENT_TYPE_CASTS.
Replace more static_casts<>.

9:42 AM Changeset in webkit [157404] by mark.lam@apple.com

16 edits in trunk/Source/JavaScriptCore

Transition misc cti_op_* JITStubs to JIT operations.
https://bugs.webkit.org/show_bug.cgi?id=122645.

Reviewed by Michael Saboff.

Stubs converted:

cti_op_check_has_instance
cti_op_create_arguments
cti_op_del_by_id
cti_op_instanceof
cti_to_object
cti_op_push_activation
cti_op_get_pnames
cti_op_load_varargs

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

jit/JIT.h:

(JSC::JIT::emitStoreCell):

jit/JITCall.cpp:

(JSC::JIT::compileLoadVarargs):

jit/JITCall32_64.cpp:

(JSC::JIT::compileLoadVarargs):

jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_activation):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emitSlow_op_get_argument_by_val):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_activation):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emitSlow_op_get_argument_by_val):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_del_by_id):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_del_by_id):

jit/JITStubs.cpp:
jit/JITStubs.h:

8:55 AM Changeset in webkit [157403] by Michał Pakuła vel Rutka

9 edits
31 adds in trunk/LayoutTests

Unreviewed EFL gardening

Added new baselines for tests marked as skipped.

platform/efl-wk1/TestExpectations:
platform/efl/TestExpectations:
platform/efl/compositing/overflow/nested-scrolling-expected.txt: Added.
platform/efl/compositing/overflow/remove-overflow-crash2-expected.png: Added.
platform/efl/compositing/overflow/remove-overflow-crash2-expected.txt: Added.
platform/efl/editing/spelling/inline-spelling-markers-hidpi-expected.png: Added.
platform/efl/editing/unsupported-content/list-delete-001-expected.png:
platform/efl/editing/unsupported-content/list-delete-001-expected.txt: Added.
platform/efl/editing/unsupported-content/list-delete-003-expected.png:
platform/efl/editing/unsupported-content/list-delete-003-expected.txt: Added.
platform/efl/editing/unsupported-content/list-type-after-expected.png:
platform/efl/editing/unsupported-content/list-type-after-expected.txt: Added.
platform/efl/editing/unsupported-content/table-delete-002-expected.png:
platform/efl/editing/unsupported-content/table-delete-002-expected.txt: Added.
platform/efl/fast/canvas/fill-stroke-clip-reset-path-expected.png: Added.
platform/efl/fast/table/click-near-anonymous-table-expected.png: Added.
platform/efl/fast/table/click-near-anonymous-table-expected.txt: Added.
platform/efl/fast/text/international/arabic-justify-expected.png: Added.
platform/efl/fast/text/international/arabic-justify-expected.txt: Added.
platform/efl/fast/text/international/bidi-linebreak-001-expected.png: Added.
platform/efl/fast/text/international/bidi-linebreak-001-expected.txt: Added.
platform/efl/fast/text/international/bidi-linebreak-002-expected.png: Added.
platform/efl/fast/text/international/bidi-linebreak-002-expected.txt: Added.
platform/efl/fast/text/international/bidi-linebreak-003-expected.png: Added.
platform/efl/fast/text/international/bidi-linebreak-003-expected.txt: Added.
platform/efl/fast/text/unicode-variation-selector-expected.png: Added.
platform/efl/fast/text/unicode-variation-selector-expected.txt: Added.
platform/efl/media/video-colorspace-yuv420-expected.png: Added.
platform/efl/media/video-colorspace-yuv420-expected.txt: Added.
platform/efl/media/video-colorspace-yuv422-expected.png: Added.
platform/efl/media/video-colorspace-yuv422-expected.txt: Added.
platform/efl/svg/as-image/image-respects-deviceScaleFactor-expected.png: Added.
platform/efl/svg/as-image/image-respects-deviceScaleFactor-expected.txt: Added.
platform/efl/svg/hixie/data-types/002-expected.png: Added.
platform/efl/svg/hixie/data-types/002-expected.txt:
platform/efl/svg/text/non-bmp-positioning-lists-expected.png: Added.
platform/efl/svg/text/non-bmp-positioning-lists-expected.txt: Added.
platform/efl/svg/zoom/text/zoom-hixie-mixed-009-expected.png: Added.
platform/efl/svg/zoom/text/zoom-hixie-mixed-009-expected.txt:

8:46 AM Changeset in webkit [157402] by zandobersek@gmail.com

2 edits in trunk/Source/WTF

Static assertions in WTF::adoptPtr should point to using adoptRef for ref-counted objects
https://bugs.webkit.org/show_bug.cgi?id=122745

Reviewed by Anders Carlsson.

wtf/PassOwnPtr.h:

(WTF::adoptPtr): When the object's type is convertible to the RefCountedBase or ThreadSafeRefCountedBase type,
the static assertion should note that adoptRef should be used instead.

8:45 AM Changeset in webkit [157401] by zandobersek@gmail.com

2 edits in trunk/Source/WebCore

Reintroduce PassRefPtr<Event> copy in ScopedEventQueue::dispatchEvent
https://bugs.webkit.org/show_bug.cgi?id=122742

Reviewed by Alexey Proskuryakov.

This is a follow-up to r157219 which introduced a workaround for the GCC's quirky behavior that
was resulting in crashes due to the PassRefPtr<Event> object passed to EventDispatcher::dispatchEvent
being copied and nullified first before retrieving the EventTarget of the Event object wrapped in that
PassRefPtr.

The implementation is now adjusted to first retrieve the pointer to the Event's EventTarget and store
it in a local variable. That variable is then passed as the first parameter to EventDispatcher::dispatchEvent,
and the PassRefPtr<Event> passed directly as the second parameter. Previously the pointer of that PassRefPtr
object was passed in, with a new PassRefPtr being created which would increase the reference count of the
ref-counted object. Passing in the original PassRefPtr avoids the unnecessary reference count increase by creating
a copy. That still nullifies the original PassRefPtr, but that's not a problem anymore.

dom/ScopedEventQueue.cpp:

(WebCore::ScopedEventQueue::dispatchEvent):

8:34 AM Changeset in webkit [157400] by betravis@adobe.com

4 edits
4 adds in trunk

[CSS Shapes] Shape-Margin should be animatable
https://bugs.webkit.org/show_bug.cgi?id=122524

Reviewed by Darin Adler.

Source/WebCore:

Mark content for relayout after shape-margin changes, and add shape-margin
to the list of animatable properties.

Tests: fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-margin.html

fast/shapes/shape-outside-floats/shape-outside-shape-margin-animation.html

page/animation/CSSPropertyAnimation.cpp:

(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap): Add
shape-margin to the map of animatable CSS properties.

rendering/RenderBox.cpp:

(WebCore::RenderBox::updateShapeOutsideInfoAfterStyleChange): Compare shape-margins,
and mark dependent content for relayout if they have changed.

LayoutTests:

Test that shape-margin can be set dynamically and content lays out correctly.
Also test that shape-margin can be manipulated through CSS Animations.

fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-margin-expected.html: Added.
fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-margin.html: Added.
fast/shapes/shape-outside-floats/shape-outside-shape-margin-animation-expected.txt: Added.
fast/shapes/shape-outside-floats/shape-outside-shape-margin-animation.html: Added.

7:17 AM Changeset in webkit [157399] by g.czajkowski@samsung.com

2 edits in trunk/LayoutTests

[EFL] Accessibility gardening
https://bugs.webkit.org/show_bug.cgi?id=122751

Unreviewed EFL gardening.

Patch by Krzysztof Czech <k.czech@samsung.com> on 2013-10-14

platform/efl-wk2/TestExpectations: Add bug numbers and marked missing tests.

7:03 AM Changeset in webkit [157398] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Don't crash after OpenGL robustness reset
https://bugs.webkit.org/show_bug.cgi?id=122750

Patch by Arvid Nilsson <anilsson@blackberry.com> on 2013-10-14
Reviewed by George Staikos.

JIRA 517132.
Just log the incident and pretend like nothing happened.

No new tests, we don't have repeatable steps to reproduce a robustness
reset.

platform/graphics/blackberry/LayerRenderer.cpp:

(WebCore::LayerRenderer::makeContextCurrent):

6:39 AM Changeset in webkit [157397] by andersca@apple.com

2 edits in trunk/Source/WebCore

[EFL] Buildfix after r157393
https://bugs.webkit.org/show_bug.cgi?id=122749

Patch by Krzysztof Czech <k.czech@samsung.com> on 2013-10-14
Reviewed by Andreas Kling.

Buildfix with error enumeration value 'CSS_FR' not handled in switch.

css/CSSCalculationValue.cpp:

(WebCore::hasDoubleValue):

6:08 AM Changeset in webkit [157396] by andersca@apple.com

3 edits in trunk/Source/WTF

WebKit Nightlies broken by r157374
https://bugs.webkit.org/show_bug.cgi?id=122736

Reviewed by Andreas Kling.

Add back a callOnMainThread overload that Safari is using.

wtf/MainThread.cpp:

(WTF::callOnMainThread):

wtf/MainThread.h:

5:48 AM Changeset in webkit [157395] by gyuyoung.kim@samsung.com

2 edits
5 adds in trunk/LayoutTests

Unreviewed. EFL Gardening.
Add baselines for new tests which was added by r156767.

platform/efl/TestExpectations: Remove tests supported by this commit.
platform/efl/fast/regions/multiple-directionality-changes-in-variable-width-regions-expected.txt: Added.
platform/efl/fast/regions/text-region-split-small-pagination-expected.txt: Added.
platform/efl/fast/regions/top-overflow-out-of-second-region-expected.txt: Added.
platform/efl/fast/repaint/japanese-rl-selection-repaint-in-regions-expected.txt: Added.
platform/efl/fast/repaint/region-painting-invalidation-expected.txt: Added.

3:41 AM Changeset in webkit [157394] by mario@webkit.org

4 edits
1 add in trunk

[EFL] Present replaced objects with 0xFFFC character
https://bugs.webkit.org/show_bug.cgi?id=122744

Patch by Krzysztof Czech <k.czech@samsung.com> on 2013-10-14
Reviewed by Mario Sanchez Prada.

Source/WebCore:

Replaced elements should be emitted in GTK/EFL and
marked their presence with the replacement character.

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::textIteratorBehaviorForTextRange):

LayoutTests:

Added new accessibility expectation after r156532.

platform/efl-wk2/TestExpectations:
platform/efl/accessibility/deleting-iframe-destroys-axcache-expected.txt: Added.

3:36 AM Changeset in webkit [157393] by svillar@igalia.com

25 edits
9 adds in trunk

[CSS Grid Layout] Implement support for <flex>
https://bugs.webkit.org/show_bug.cgi?id=115362

Reviewed by Andreas Kling.

From Blink r149134, r149480, r149532, r150287 and r156127 by <jchaffraix@chromium.org>
From Blink r157820 by <svillar@igalia.com>

Source/WebCore:

Added support for flexible lengths ('fr' unit) in CSS Grid Layout
code. This requires the addition of GridLength class to
encapsulate the knowledge of <flex> to the grid layout code.

Also updated the algorithm that computes the layout. It increases
the value of 1fr based on the grid tracks' usedBreath to fraction
ratio (called normalizedFractionValue). This enables increasing
the fraction value while updating the available space to account
for processed grid tracks. The algorithm stops when we run out of
grid tracks or available space (one grid item has an intrinsic
size too big). This matches the specs to the letter for the known
available space case (both the unknown case and the interaction
with 'span' are left out of this patch).

Tests: fast/css-grid-layout/flex-and-minmax-content-resolution-columns.html

fast/css-grid-layout/flex-and-minmax-content-resolution-rows.html
fast/css-grid-layout/flex-content-resolution-columns.html
fast/css-grid-layout/flex-content-resolution-rows.html

GNUmakefile.list.am: Added GridLength.h to the build system.
Target.pri: Ditto.
WebCore.vcxproj/WebCore.vcxproj: Ditto.
WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
WebCore.xcodeproj/project.pbxproj: Ditto.
css/CSSComputedStyleDeclaration.cpp:

(WebCore::valueForGridTrackBreadth): Replace Length by GridLength.

css/CSSGrammar.y.in: Added FR support.
css/CSSParser.cpp: Ditto.

(WebCore::CSSParser::parseGridBreadth):
(WebCore::CSSParser::detectNumberToken):

css/CSSParserValues.cpp: Added FR support.

(WebCore::CSSParserValue::createCSSValue):

css/CSSParserValues.h:

(WebCore::CSSParserString::operator[]):
(WebCore::CSSParserString::equalIgnoringCase):

css/CSSPrimitiveValue.cpp: Added FR support.

(WebCore::isValidCSSUnitTypeForDoubleConversion):
(WebCore::CSSPrimitiveValue::cleanup):
(WebCore::CSSPrimitiveValue::customCSSText):
(WebCore::CSSPrimitiveValue::cloneForCSSOM):
(WebCore::CSSPrimitiveValue::equals):

css/CSSPrimitiveValue.h: Added a couple of missing const.

(WebCore::CSSPrimitiveValue::isFlex):

css/StyleResolver.cpp: Added FR support.

(WebCore::createGridTrackBreadth):
(WebCore::createGridTrackSize):

rendering/RenderGrid.cpp:

(WebCore::GridTrackForNormalization::GridTrackForNormalization):
New helper struct to ease the computation of track breadths with
flexible lengths.
(WebCore::GridTrackForNormalization::operator=):
(WebCore::RenderGrid::computePreferredTrackWidth): Replaced Length by GridLength.
(WebCore::RenderGrid::computedUsedBreadthOfGridTracks): Grow grid lines
having a fraction as the MaxTrackSizingFunction.
(WebCore::RenderGrid::computeUsedBreadthOfMinLength): Replaced Length by GridLength.
(WebCore::RenderGrid::computeUsedBreadthOfMaxLength): Ditto.
(WebCore::sortByGridNormalizedFlexValue):
(WebCore::RenderGrid::computeNormalizedFractionBreadth): Increase
the fraction value while updating the available space to account
for processed grid tracks.
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::distributeSpaceToTracks): Never shrink track sizes.
(WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):

rendering/RenderGrid.h:
rendering/style/GridLength.h: Added.

(WebCore::GridLength::GridLength):
(WebCore::GridLength::isLength):
(WebCore::GridLength::isFlex):
(WebCore::GridLength::length):
(WebCore::GridLength::flex):
(WebCore::GridLength::setFlex):
(WebCore::GridLength::operator==):

rendering/style/GridTrackSize.h: Replaced Length by GridLength.

(WebCore::GridTrackSize::length):
(WebCore::GridTrackSize::setLength):
(WebCore::GridTrackSize::minTrackBreadth):
(WebCore::GridTrackSize::maxTrackBreadth):
(WebCore::GridTrackSize::setMinMax):
(WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth):
(WebCore::GridTrackSize::hasMaxContentMinTrackBreadth):
(WebCore::GridTrackSize::hasMinOrMaxContentMaxTrackBreadth):
(WebCore::GridTrackSize::hasMaxContentMaxTrackBreadth):

LayoutTests:

Added 4 new test cases to test the support for <flex> in CSS Grid
Layout code. Also updated some of the existing ones to check the
support for 'fr' units.

fast/css-grid-layout/flex-and-minmax-content-resolution-columns-expected.txt: Added.
fast/css-grid-layout/flex-and-minmax-content-resolution-columns.html: Added.
fast/css-grid-layout/flex-and-minmax-content-resolution-rows-expected.txt: Added.
fast/css-grid-layout/flex-and-minmax-content-resolution-rows.html: Added.
fast/css-grid-layout/flex-content-resolution-columns-expected.txt: Added.
fast/css-grid-layout/flex-content-resolution-columns.html: Added.
fast/css-grid-layout/flex-content-resolution-rows-expected.txt: Added.
fast/css-grid-layout/flex-content-resolution-rows.html: Added.
fast/css-grid-layout/grid-columns-rows-get-set-expected.txt:
fast/css-grid-layout/grid-columns-rows-get-set-multiple-expected.txt:
fast/css-grid-layout/grid-columns-rows-get-set-multiple.html:
fast/css-grid-layout/grid-columns-rows-get-set.html:
fast/css-grid-layout/grid-dynamic-updates-relayout-expected.txt:
fast/css-grid-layout/grid-dynamic-updates-relayout.html:
fast/css-grid-layout/resources/grid-columns-rows-get-set-multiple.js:
fast/css-grid-layout/resources/grid-columns-rows-get-set.js:

3:33 AM Changeset in webkit [157392] by commit-queue@webkit.org

3 edits
2 adds in trunk

Broken text rendering when input field has selection.
https://bugs.webkit.org/show_bug.cgi?id=122716

Patch by peavo@outlook.com <peavo@outlook.com> on 2013-10-14
Reviewed by Antti Koivisto.

Source/WebCore:

Tests: fast/text/text-rendering-with-input-selection.html.

fast/text/text-rendering-with-input-selection-expected.html.

rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint): Check that text has selection.

LayoutTests:

fast/text/text-rendering-with-input-selection.html: Added.
fast/text/text-rendering-with-input-selection-expected.html: Added.

2:43 AM Changeset in webkit [157391] by Alan Bujtas

3 edits
2 adds in trunk

Unexpected word wrapping for wrapped content then raw content.
https://bugs.webkit.org/show_bug.cgi?id=121130

Reviewed by Antti Koivisto.

When deciding whether a line is considered empty, we need to check if the current
object is fully responsible for the currently uncommitted width. It helps differentiating
abcd from abcd, where in the first
case when we hit the second the line is still considered empty, as opposed to the
second example.

Source/WebCore:

Test: fast/css/unexpected-word-wrapping-with-non-empty-spans.html

rendering/RenderBlockLineLayout.cpp:

(WebCore::LineBreaker::nextSegmentBreak):

LayoutTests:

fast/css/unexpected-word-wrapping-with-non-empty-spans-expected.html: Added.
fast/css/unexpected-word-wrapping-with-non-empty-spans.html: Added.

2:16 AM Changeset in webkit [157390] by akling@apple.com

2 edits in trunk/Source/WebCore

Be more efficient about passing RenderStyle to attachRenderTree().
<https://webkit.org/b/122743>

Reviewed by Antti Koivisto.

Have attachRenderTree() and createRendererTreeIfNeeded() pass the
RenderStyle in a PassRefPtr to avoid churning the ref count.

2:00 AM Changeset in webkit [157389] by svillar@igalia.com

6 edits
2 adds in trunk

[CSS Grid Layout] 2 span positions are not resolved correctly
https://bugs.webkit.org/show_bug.cgi?id=119717

Reviewed by Andreas Kling.

From Blink r155397 by <jchaffraix@chromium.org>

Source/WebCore:

Test: fast/css-grid-layout/grid-item-bad-resolution-double-span.html

Two opposite 'span' or 'auto' positions should be resolved using
the auto placement algorithm. We were only checking for the 'auto'
case. This also covers the case of other positions that, according
to the spec, should be treated as 'auto'.

rendering/RenderGrid.cpp:

(WebCore::RenderGrid::resolveGridPositionsFromStyle):

LayoutTests:

Added a new test case to check bad grid items resolution with two
opposite span positions. Also added a real grid container to check
also the resolution code path in some other tests.

fast/css-grid-layout/grid-item-area-get-set.html: Added a grid container.
fast/css-grid-layout/grid-item-bad-resolution-double-span-expected.txt: Added.
fast/css-grid-layout/grid-item-bad-resolution-double-span.html: Added.
fast/css-grid-layout/grid-item-end-after-get-set.html: Added a grid container.
fast/css-grid-layout/grid-item-start-before-get-set.html: Ditto.

12:58 AM Changeset in webkit [157388] by akling@apple.com

9 edits in trunk/Source/WebCore

Use RenderElement instead of RenderObject in more places.
<https://webkit.org/b/122734>

Reviewed by Antti Koivisto.

Convert some sites to use RenderElement (or type inference) instead
of RenderObject for less branchy code.

Oct 13, 2013:

10:58 PM Changeset in webkit [157387] by Darin Adler

18 edits in trunk

Deprecate or remove deleteAllValues functions; there are only a few call sites left
https://bugs.webkit.org/show_bug.cgi?id=122738

Reviewed by Anders Carlsson.

Source/WebCore:

platform/blackberry/CookieMap.cpp:

(WebCore::CookieMap::deleteAllCookiesAndDomains):

platform/network/blackberry/rss/RSSParserBase.cpp:

(WebCore::RSSFeed::clear):

platform/win/WCDataObject.cpp:

(WebCore::WCDataObject::~WCDataObject):
Renamed deleteAllValues to deprecatedDeleteAllValues.

Source/WebKit/blackberry:

WebKitSupport/InPageSearchManager.cpp:

(BlackBerry::WebKit::InPageSearchManager::cancelPendingScopingEffort):
Renamed deleteAllValues to deprecatedDeleteAllValues.

Source/WebKit2:

Shared/Plugins/NPRemoteObjectMap.cpp:

(WebKit::NPRemoteObjectMap::pluginDestroyed): Renamed deleteAllValues to
deprecatedDeleteAllValues.

Source/WTF:

wtf/Deque.h: Deleted deleteAllValues.
wtf/HashMap.h: Ditto.
wtf/HashSet.h: Ditto.
wtf/ListHashSet.h: Ditto.
wtf/Vector.h: Renamed deleteAllValues to deprecatedDeleteAllValues.

Tools:

DumpRenderTree/win/DRTDataObject.cpp:

(DRTDataObject::~DRTDataObject):

DumpRenderTree/win/UIDelegate.cpp:

(DRTUndoStack::~DRTUndoStack):
(DRTUndoStack::clear):
Renamed deleteAllValues to deprecatedDeleteAllValues.

Scripts/do-webcore-rename: Updated to perform this rename, as is traditional.

10:02 PM Changeset in webkit [157386] by ap@apple.com

3 edits in trunk/Tools

build.webkit.org/dashboard incorrectly shows interrupted builds as green
https://bugs.webkit.org/show_bug.cgi?id=122732

Reviewed by Tim Hatcher.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:

(BuildbotIteration.prototype.update): Removed a special case for status 4 (EXCEPTION).
I don't see it occur any time in recent history, but judging from what happens for
status 5 (RETRY), we can just finish this function normally.
Record overall text description for iteration as BuildbotIteration.text.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype.update.appendBuilderQueueStatus): If an iteration is a failure,
but no tests failed, make it yellow, and use buildbot-provided description for it.

5:11 PM Changeset in webkit [157385] by weinig@apple.com

104 edits in trunk/Source/WebCore

Merge NODE_TYPE_CASTS and ELEMENT_TYPE_CASTS
https://bugs.webkit.org/show_bug.cgi?id=122735

Reviewed by Antti Koivisto.

NODE_TYPE_CASTS and ELEMENT_TYPE_CASTS are identical. Let them become one
with one another.

3:06 PM Changeset in webkit [157384] by akling@apple.com

2 edits in trunk/Source/WebCore

Uncrashify Document::head() too. (Why am I even awake?)

2:21 PM Changeset in webkit [157383] by akling@apple.com

2 edits in trunk/Source/WebCore

REGRESSION(r157381): Make Document::body() crash less when there is no documentElement.

Unreviewed.

1:45 PM Changeset in webkit [157382] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

FTL OSR exit should perform zero extension on values smaller than 64-bit
https://bugs.webkit.org/show_bug.cgi?id=122688

Reviewed by Gavin Barraclough.

In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
register will have zeros on the high bits. In the few cases where the high bits are
non-zero, the DFG sort of tells us this explicitly.

But when working with llvm.webkit.stackmap, it doesn't work that way. Consider we might
emit LLVM IR like:

%2 = trunc i64 %1 to i32
stuff %2
call @llvm.webkit.stackmap(...., %2)

LLVM may never actually emit a truncation instruction of any kind. And that's great - in
many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
bits anyway. Hence LLVM may tell us that %2 is in the register that still had the value
from before truncation, and that register may have garbage in the high bits.

This means that on our end, if we want a 32-bit value and we want that value to be
zero-extended, we should zero-extend it ourselves. This is pretty easy and should be
cheap, so we should just do it and not make it a requirement that LLVM does it on its
end.

This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.

ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStubWithOSRExitStackmap):

ftl/FTLValueFormat.cpp:

(JSC::FTL::reboxAccordingToFormat):

12:21 PM Changeset in webkit [157381] by Darin Adler

3 edits in trunk/Source/WebCore

Rewrite Document::body and Document::head in modern style, way clearer and shorter
https://bugs.webkit.org/show_bug.cgi?id=122717

Reviewed by Andreas Kling.

dom/Document.cpp:

(WebCore::Document::body): Use iterator to make this way easier to read.
(WebCore::Document::head): Ditto.

html/HTMLTagNames.in: Added generateTypeHelpers for body and head.

12:17 PM Changeset in webkit [157380] by mrowe@apple.com

5 edits
5 copies in trunk

Roll deps^HH^HHChangeLogs.

11:52 AM Changeset in webkit [157379] by berto@igalia.com

2 edits in trunk/LayoutTests

Unreviewed GTK gardening.

platform/gtk-wk2/TestExpectations:

Add bug number to the failing animation tests.

11:39 AM Changeset in webkit [157378] by akling@apple.com

4 edits in trunk/Source/WebCore

RenderLayerBacking should have RenderLayer& backpointer.
<https://webkit.org/b/122731>

Reviewed by Anders Carlsson.

RenderLayerBacking is always owned by a RenderLayer and so should
store its backpointer in a reference.

10:26 AM Changeset in webkit [157377] by commit-queue@webkit.org

4 edits in trunk/LayoutTests

Removing input-file-entries.html from TestExpectation
https://bugs.webkit.org/show_bug.cgi?id=122674

Patch by Santosh Mahto <santosh.ma@samsung.com> on 2013-10-13
Reviewed by Anders Carlsson.

input-file-entries.html has been removed in
changeset 156692. so removing references to this file.

platform/win/TestExpectations:
platform/wincairo/TestExpectations:
platform/wk2/TestExpectations:

10:10 AM Changeset in webkit [157376] by andersca@apple.com

2 edits in trunk/Source/JavaScriptCore

Try to fix the Lion build.

Configurations/JavaScriptCore.xcconfig:

9:15 AM Changeset in webkit [157375] by Darin Adler

52 edits in trunk/Source/WebCore

Make element predicates and type casts work more consistently on more types
https://bugs.webkit.org/show_bug.cgi?id=122718

Reviewed by Antti Koivisto.

dom/ContainerNodeAlgorithms.cpp:

(WebCore::assertConnectedSubrameCountIsConsistent):

dom/ContainerNodeAlgorithms.h:

(WebCore::ChildFrameDisconnector::collectFrameOwners):
Updated for name change.

dom/Document.cpp:

(WebCore::Document::adoptNode): Use a reference instead of a pointer.
(WebCore::Document::dispatchFullScreenChangeOrErrorEvent): Updated for
typecast name change and also to cast a reference, since we don't overload
for pointers.
(WebCore::Document::updateHoverActiveState): Ditto.

dom/Element.h: Made the isElementOfType functions take references instead

of pointers. Also use const in the type template argument. These changes go
hand in hand with the changes in the generated code and all the classes.
Also use a bit of nullptr.

dom/ElementIterator.h:

(WebCore::findElementAncestorOfType): Got rid of the ElementTypeWithConst
naming since this works with or without const. Added const to the call site
for isElementOfType, because it works that way now.

dom/ElementTraversal.h:

(WebCore::Traversal::firstChildTemplate): Add const to the type when calling
isElementOfType. Along with the corresponding changes, this makes these
templates work for const types.
(WebCore::Traversal::lastChildTemplate): Ditto.
(WebCore::Traversal::firstWithinTemplate): Ditto.
(WebCore::Traversal::lastWithinTemplate): Ditto.
(WebCore::Traversal::nextTemplate): Ditto.
(WebCore::Traversal::previousTemplate): Ditto.
(WebCore::Traversal::nextSiblingTemplate): Ditto.
(WebCore::Traversal::previousSiblingTemplate): Ditto.
(WebCore::Traversal::nextSkippingChildrenTemplate): Ditto.

dom/Node.cpp:

(WebCore::Node::handleLocalEvents): Check isElementNode and then call the
isDisabledFormControl member function, since we no longer have a helper that
takes a node.
(WebCore::Node::willRespondToMouseMoveEvents): Ditto.
(WebCore::Node::willRespondToMouseClickEvents): Ditto.
(WebCore::Node::willRespondToTouchEvents): Ditto.

dom/PseudoElement.h: Use some nullptr. Added an isPseudoElement function

that the ELEMENT_TYPE_CASTS macro can use, and also used that macro to make
the toPseudoElement functions instead of a hand-written local variant.

dom/make_names.pl:

(printTypeHelpers): Added unimplemented versions of the element predicate
functions that return void to catch unnecessary runtime checks of types
that are already known at compile time. Added assertions to the pointer
overloads of the predicates. Maybe later we can delete them. Added const
to the isElementOf template arguments to make these work with both const
and non-const. Put overloads in a consistent order, most specific class
first, then less specific. Changed isElementOfType to take references
rather than pointers.

editing/Editor.cpp:

(WebCore::Editor::selectionForCommand): Updated to pass a reference.
(WebCore::Editor::setBaseWritingDirection): Ditto.
(WebCore::findFirstMarkable): Ditto.

html/FormAssociatedElement.h: Tweaked a comment.

html/HTMLBodyElement.cpp:

(WebCore::HTMLBodyElement::insertedInto): Updated for name change and to
pass a reference.

html/HTMLElement.cpp:

(WebCore::HTMLElement::translate): Removed FIXME and const_cast since the
problem is fixed.
(WebCore::HTMLElement::directionality): Use a reference.

html/HTMLElement.h: Use const in the type of the isElementOfType functions.

Use references for all the arguments, not pointers.

html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::refreshElementsIfNeeded): Use documentVersion
instead of docVersion for local variable name. Use elementDescendants instead
of elementTraversal.
(WebCore::HTMLFieldSetElement::length): Use length instead of len for name.

html/HTMLFormControlElement.h: Put predicates into the standard format and

did them on single lines. Added ELEMENT_TYPE_CASTS so we get standard casts.

html/HTMLFrameElementBase.h: Ditto.
html/HTMLFrameOwnerElement.h: Ditto, but changed the name to match the class,

so it's now isHTMLFrameOwnerElement and toHTMLFrameOwnerElement.

html/HTMLLabelElement.cpp:

(WebCore::nodeAsSupportedLabelableElement): Updated to use references.

html/HTMLMediaElement.h: Put predicates into the standard format and did

them on single lines. Added ELEMENT_TYPE_CASTS so we get standard casts.

html/HTMLPlugInElement.h: Ditto. Also marked isPluginElement FINAL.
html/HTMLPlugInImageElement.h: Ditto.
html/HTMLTableCellElement.cpp: Removed old hand-written cast functions.
html/HTMLTableCellElement.h: Did same predicate and ELEMENT_TYPE_CASTS

changes. Also fixed up the ordering of functions in the class.

html/HTMLTextFormControlElement.cpp:

(WebCore::enclosingTextFormControl): Updated to use references and nullptr.

html/HTMLTextFormControlElement.h: Did same predicate and ELEMENT_TYPE_CASTS.

html/HTMLTrackElement.cpp:

(WebCore::HTMLTrackElement::removedFrom): Call isHTMLMediaElement by its new name.

html/LabelableElement.h: Did same predicate and ELEMENT_TYPE_CASTS.

html/track/WebVTTElement.h: Made isWebVTTElement private. Changed the argument

type of setLanguage to const AtomicString& to avoid excess reference count churn.
Did the predicate and type casts thing.

loader/archive/cf/LegacyWebArchive.cpp:

(WebCore::LegacyWebArchive::create): Update for name changes and use references.

mathml/MathMLElement.h: Did same predicate and ELEMENT_TYPE_CASTS.

page/FocusController.cpp:

(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):
(WebCore::FocusController::advanceFocusInDocumentOrder):

page/PageSerializer.cpp:

(WebCore::SerializerMarkupAccumulator::appendCustomAttributes):
Update for name change.

platform/Pasteboard.h: Removed unneeded forward declaration.

rendering/RenderWidget.h: Updated for name change.

rendering/svg/RenderSVGResourceFilter.cpp:

(WebCore::RenderSVGResourceFilter::buildPrimitives): Use element iterator
and nullptr.

svg/SVGAElement.cpp:

(WebCore::SVGAElement::defaultEventHandler): Update for name changes.

svg/SVGAnimateElement.cpp:

(WebCore::isSVGAnimateElement): Moved here since we don't want to inline such
a long list of tag names.

svg/SVGAnimateElement.h: Marked a lot more virtual functions OVERRIDE.

Did predicate and ELEMENT_TYPE_CASTS changes, but did not make the predicate
be inlined.

svg/SVGElement.h: Did predicate and ELEMENT_TYPE_CASTS changes.
svg/SVGFilterPrimitiveStandardAttributes.h: Ditto.

svg/SVGGradientElement.cpp:

(WebCore::isSVGGradientElement): Moved here since we don't want to inline
the two tag names.

svg/SVGGradientElement.h: Did predicate and ELEMENT_TYPE_CASTS changes.
svg/SVGGraphicsElement.h: Ditto.

svg/SVGImageElement.cpp:

(WebCore::SVGImageElement::SVGImageElement): Took out assertion, since it
was asserting the class of the obejct we just created.

svg/SVGPolyElement.cpp:

(WebCore::isSVGPolyElement): Moved here since we don't want to inline the
two tag names.

svg/SVGPolyElement.h: Did predicate and ELEMENT_TYPE_CASTS changes.
svg/SVGTextContentElement.h: Ditto.

svg/animation/SVGSMILElement.cpp:

(WebCore::SVGSMILElement::connectConditions): Update for name changes,
to use references and nullptr, and to get rid of a non-helpful local.

svg/animation/SVGSMILElement.h: Added a virtual function to check if a

given SVGElement is an SVGSMILElement so we don't have to check a long list
of tag names instead. Also did the predicate and ELEMENT_TYPE_CASTS changes.

testing/Internals.cpp:

(WebCore::Internals::visiblePlaceholder): Updated to use references.

9:12 AM Changeset in webkit [157374] by andersca@apple.com

3 edits in trunk/Source/WTF

Change callOnMainThread to take an std::function
https://bugs.webkit.org/show_bug.cgi?id=122698

Reviewed by Darin Adler.

This will let us pass anything that can be converted to an std::function (including lambdas and
WTF::Function objects) to callOnMainThread.

wtf/MainThread.cpp:

(WTF::callOnMainThread):

wtf/MainThread.h:

9:00 AM Changeset in webkit [157373] by Antti Koivisto

13 edits in trunk/Source/WebCore

Text::renderer() should return RenderText
https://bugs.webkit.org/show_bug.cgi?id=122729

Reviewed by Andreas Kling.

Tighten typing.

8:57 AM Changeset in webkit [157372] by akling@apple.com

5 edits in trunk/Source/WebCore

Devirtualize RenderView::viewRect().
<https://webkit.org/b/122730>

Reviewed by Antti Koivisto.

There's no need for viewRect() to be a virtual RenderObject function.
The single call site that didn't already access it through RenderView
can just go via view().

8:56 AM Changeset in webkit [157371] by akling@apple.com

6 edits in trunk/Source/WebCore

Move setPseudoStyle() to RenderImage (from RenderElement.)
<https://webkit.org/b/122726>

Reviewed by Antti Koivisto.

Only RenderImages ever use setPseudoStyle() so move it there and
remove the non-image codepath.

8:04 AM Changeset in webkit [157370] by akling@apple.com

5 edits in trunk/Source/WebCore

CTTE: RenderSlider always has an HTMLInputElement.
<https://webkit.org/b/122728>

Reviewed by Anders Carlsson.

This renderer is never anonymous and always has a corresponding
HTMLInputElement. Tighten this up by having the constructor take
the element by reference, and override element() with a stronger
return type.

7:46 AM Changeset in webkit [157369] by akling@apple.com

4 edits in trunk/Source/WebCore

Remove two unused AX functions for getting a FrameView*.
<https://webkit.org/b/122724>

Reviewed by Anders Carlsson.

6:26 AM Changeset in webkit [157368] by Antti Koivisto

5 edits in trunk/Source/WebCore

Add traverseNextSkippingChildren to ElementIterators
https://bugs.webkit.org/show_bug.cgi?id=122727

Reviewed by Andreas Kling.

Also switch some code using ElementTraversal over to iterators.

4:39 AM Changeset in webkit [157367] by Antti Koivisto

11 edits in trunk/Source/WebCore

Rename InlineBox::remove() to removeFromParent
https://bugs.webkit.org/show_bug.cgi?id=122725

Reviewed by Andreas Kling.

Also make it clear from the code that all InlineTextBoxes have behavesLikeText set.

4:05 AM Changeset in webkit [157366] by Antti Koivisto

11 edits in trunk/Source/WebCore

Make absoluteQuads/Rects functions return Vectors
https://bugs.webkit.org/show_bug.cgi?id=122722

Reviewed by Andreas Kling.

dom/Document.cpp:

(WebCore::Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale):
(WebCore::Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale):

Take RenderStyle instead of RenderObject

dom/Document.h:
dom/Element.cpp:

(WebCore::Element::getClientRects):
(WebCore::Element::getBoundingClientRect):

dom/Range.cpp:

(WebCore::Range::textRects):
(WebCore::Range::textQuads):
(WebCore::Range::getBorderAndTextQuads):

Adapt to the changes.

rendering/RenderObject.h:

Removed unnecessary adjustFloatQuad/RectForAbsoluteZoom functions, inline code to
adjustFloatQuads/RectForScrollAndAbsoluteZoomAndFrameScale.

rendering/RenderText.cpp:

(WebCore::RenderText::absoluteRects):
(WebCore::RenderText::absoluteRectsForRange):
(WebCore::RenderText::absoluteQuadsClippedToEllipsis):
(WebCore::RenderText::absoluteQuads):
(WebCore::RenderText::absoluteQuadsForRange):

rendering/RenderText.h:
rendering/RenderTextLineBoxes.cpp:

(WebCore::RenderTextLineBoxes::absoluteRects):
(WebCore::RenderTextLineBoxes::absoluteRectsForRange):
(WebCore::RenderTextLineBoxes::absoluteQuads):
(WebCore::RenderTextLineBoxes::absoluteQuadsForRange):

rendering/RenderTextLineBoxes.h:

Use return value instead of an out-arg, except for the virtual versions.

4:01 AM Changeset in webkit [157365] by akling@apple.com

6 edits in trunk/Source/WebCore

LiveNodeList: rootNode() and document() should return references.
<https://webkit.org/b/122720>

Reviewed by Antti Koivisto.

Tighten up this code a bit by having rootNode() and document()
return references. Also replaced some handwritten traversal
with a call to Node::lastDescendant().

3:59 AM Changeset in webkit [157364] by akling@apple.com

2 edits in trunk/Source/WebCore

Document::createRenderTree() should assert that there is no arena.
<https://webkit.org/b/122723>

Reviewed by Antti Koivisto.

Calling createRenderTree() with a RenderArena already in place would
be a programming error.

3:16 AM Changeset in webkit [157363] by akling@apple.com

13 edits
5 deletes in trunk/Source

Remove dead ENABLE(CUSTOM_ELEMENTS) code.
<https://webkit.org/b/122721>

Reviewed by Antti Koivisto.

There are no ports building with this flag since April and the code
has bitrotted since. Remove it for now. If someone wants to resurrect
the feature someday, getting back to this point is trivial.

2:39 AM Changeset in webkit [157362] by Antti Koivisto

10 edits in trunk/Source/WebCore

Move absoluteRects/Quads to RenderTextLineBoxes
https://bugs.webkit.org/show_bug.cgi?id=122706

Reviewed by Andreas Kling.

rendering/RenderTextLineBoxes.cpp:

These move.

(WebCore::RenderTextLineBoxes::selectionRectForRange):
(WebCore::RenderTextLineBoxes::setSelectionState):

Also moved a few smaller functions.

2:02 AM Changeset in webkit [157361] by akling@apple.com

9 edits in trunk/Source

Remove dead code hiding behind ENABLE(TOUCH_EVENT_TRACKING).
<https://webkit.org/b/122719>

Reviewed by Antti Koivisto.

Nobody is building with this flag, and it has broken-looking code
behind it anyway. Nuke from orbit.

12:17 AM Changeset in webkit [157360] by akling@apple.com

2 edits in trunk/Source/WebCore

RenderLayer: Check SVG bit instead of element namespace in isTransparent().
<https://webkit.org/b/118171>

Reviewed by Darin Adler.

Replace the (virtual) namespaceURI() check with an isSVGElement() bit check.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::isTransparent):

12:08 AM Changeset in webkit [157359] by ap@apple.com

12 edits in trunk/Tools

Remove Chromium specific code from flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=122714

Reviewed by Sam Weinig.

Also removed code related to GPU tests and virtual suites.
"Fallbacks map" was chromium only too, not sure why they needed special handling there.

TestResultServer/model/jsonresults_unittest.py:
TestResultServer/static-dashboards/builders.js:
TestResultServer/static-dashboards/dashboard_base.js:
TestResultServer/static-dashboards/flakiness_dashboard.html:
TestResultServer/static-dashboards/flakiness_dashboard.js:
TestResultServer/static-dashboards/flakiness_dashboard_tests.css:
TestResultServer/static-dashboards/flakiness_dashboard_unittests.js:
TestResultServer/static-dashboards/history.js:
TestResultServer/static-dashboards/loader.js:
TestResultServer/static-dashboards/ui.js:
TestResultServer/templates/uploadform.html:

Oct 12, 2013:

11:55 PM Changeset in webkit [157358] by Darin Adler

2 edits in trunk/Source/WebCore

Use nullptr in Document.cpp
https://bugs.webkit.org/show_bug.cgi?id=122715

Reviewed by Sam Weinig.

dom/Document.cpp:

(WebCore::widgetForElement):
(WebCore::Document::Document):
(WebCore::Document::~Document):
(WebCore::Document::dropChildren):
(WebCore::Document::getElementByAccessKey):
(WebCore::Document::doctype):
(WebCore::Document::createElement):
(WebCore::Document::createElementNS):
(WebCore::Document::registerElement):
(WebCore::Document::createCDATASection):
(WebCore::Document::createProcessingInstruction):
(WebCore::Document::createEntityReference):
(WebCore::Document::importNode):
(WebCore::Document::adoptNode):
(WebCore::Document::webkitGetNamedFlows):
(WebCore::Document::elementFromPoint):
(WebCore::Document::caretRangeFromPoint):
(WebCore::Document::setTitle):
(WebCore::Document::removeTitle):
(WebCore::Document::view):
(WebCore::Document::page):
(WebCore::Document::settings):
(WebCore::Document::createNodeIterator):
(WebCore::Document::createTreeWalker):
(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
(WebCore::Document::disconnectFromFrame):
(WebCore::Document::destroyRenderTree):
(WebCore::Document::existingAXObjectCache):
(WebCore::Document::axObjectCache):
(WebCore::Document::scriptableDocumentParser):
(WebCore::Document::body):
(WebCore::Document::head):
(WebCore::Document::processBaseElement):
(WebCore::Document::findUnsafeParentScrollPropagationBoundary):
(WebCore::Document::cloneNode):
(WebCore::Document::styleResolverChanged):
(WebCore::Document::removeFocusedNodeOfSubtree):
(WebCore::Document::setFocusedElement):
(WebCore::Document::getWindowAttributeEventListener):
(WebCore::Document::createEvent):
(WebCore::Document::getOverrideStyle):
(WebCore::Document::ownerElement):
(WebCore::Document::setInPageCache):
(WebCore::Document::parentDocument):
(WebCore::Document::createAttributeNS):
(WebCore::Document::initSecurityContext):
(WebCore::Document::resetHiddenFocusElementTimer):
(WebCore::Document::getCSSCanvasContext):
(WebCore::Document::enqueuePopstateEvent):
(WebCore::Document::takeAnyMediaCanStartListener):
(WebCore::Document::requestFullScreenForElement):
(WebCore::Document::webkitExitFullscreen):
(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore::Document::webkitDidExitFullScreenForElement):
(WebCore::Document::fullScreenRendererDestroyed):
(WebCore::Document::webkitPointerLockElement):
(WebCore::Document::seamlessParentIFrame):
(WebCore::Document::loader):
(WebCore::eventTargetElementForDocument):
(WebCore::nearestCommonHoverAncestor):
(WebCore::Document::ensureTemplateDocument):
Use nullptr in many places we were using 0.

11:54 PM Changeset in webkit [157357] by Darin Adler

17 edits in trunk/Source

Get rid of the toHTMLElement helper for casting FormAssociatedElement to HTMLElement
https://bugs.webkit.org/show_bug.cgi?id=122713

Reviewed by Sam Weinig.

Source/WebCore:

Since we are using the function name toHTMLElement for casting to an HTMLElement
from a Node or Element, it's awkward to also use it for a quite different type of
type conversion on a FormAssociatedElement. We already have an asHTMLElement member
function, so lets use that.

html/DOMFormData.cpp:

(WebCore::DOMFormData::DOMFormData): Use references instead of pointers, and
asHTMLElement instead of toHTMLElement.

html/FormAssociatedElement.cpp: Made FormAttributeTargetObserver FINAL, made

its private inheritance explicit, made its constructor public so we can use it
with make_unique and got rid of its creation function. Also use reference instead
of a pointer.
(WebCore::FormAssociatedElement::FormAssociatedElement): Use nullptr.
(WebCore::FormAssociatedElement::~FormAssociatedElement): Ditto.
(WebCore::FormAssociatedElement::didMoveToNewDocument): Use asHTMLElement instead
of toHTMLElement and use a reference instead of a pointer.
(WebCore::FormAssociatedElement::insertedInto): Ditto.
(WebCore::FormAssociatedElement::removedFrom): Ditto.
(WebCore::FormAssociatedElement::formRemovedFromTree): Ditto.
(WebCore::FormAssociatedElement::resetFormOwner): Ditto.
(WebCore::FormAssociatedElement::formAttributeChanged): Ditto.
(WebCore::FormAssociatedElement::customError): Ditto.
(WebCore::FormAssociatedElement::resetFormAttributeTargetObserver): Use make_unique
instead of create here.
(WebCore::FormAssociatedElement::name): Use asHTMLElement.
(WebCore::FormAttributeTargetObserver::FormAttributeTargetObserver): Ditto.
(WebCore::FormAttributeTargetObserver::idTargetChanged): Updated since m_element is
now a reference.

html/FormAssociatedElement.h: Removed some unneeded class declarations.

Made isFormAssociatedElement const. Use std::unique_ptr instead of OwnPtr.

html/FormNamedItem.h: Made asHTMLElement return a reference, and overloaded it

for both const and non-const. Made isFormAssociatedElement const.

html/HTMLFormControlElement.h: Updated for FormNamedItem changes. Removed an

unneeded class declaration.

html/HTMLFormControlsCollection.cpp:

(WebCore::HTMLFormControlsCollection::virtualItemAfter): Use references, asHTMLElement,
and nullptr.
(WebCore::firstNamedItem): Ditto.
(WebCore::HTMLFormControlsCollection::namedItem): Ditto.
(WebCore::HTMLFormControlsCollection::updateNameCache): Ditto.

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::validateInteractively): Use asHTMLElement and references.
(WebCore::HTMLFormElement::getTextFieldValues): Ditto.
(WebCore::HTMLFormElement::formElementIndexWithFormAttribute): Ditto.
(WebCore::HTMLFormElement::formElementIndex): Ditto.
(WebCore::HTMLFormElement::assertItemCanBeInPastNamesMap): Ditto.
(WebCore::HTMLFormElement::elementFromPastNamesMap): Ditto, and nullptr.

html/HTMLImageElement.h: Updated for FormNamedItem changes.
html/HTMLObjectElement.h: Ditto.

loader/FormSubmission.cpp:

(WebCore::FormSubmission::create): Use asHTMLElement and references.

Source/WebKit/blackberry:

WebKitSupport/InputHandler.cpp:

(BlackBerry::WebKit::InputHandler::updateFormState): Use asHTMLElement.

Source/WebKit/mac:

WebView/WebHTMLRepresentation.mm:

(-[WebHTMLRepresentation elementWithName:inForm:]): Use asHTMLElement.
(-[WebHTMLRepresentation controlsInForm:]): Ditto.

Source/WebKit/win:

WebFrame.cpp:

(WebFrame::controlsInForm): Use asHTMLElement.

11:32 PM Changeset in webkit [157356] by Darin Adler

2 edits in trunk/Source/WebCore

Use nullptr instead of 0 in TreeScope.cpp
https://bugs.webkit.org/show_bug.cgi?id=122711

Reviewed by Andreas Kling.

dom/TreeScope.cpp:

(WebCore::TreeScope::TreeScope):
(WebCore::TreeScope::~TreeScope):
(WebCore::TreeScope::clearDocumentScope):
(WebCore::TreeScope::getElementById):
(WebCore::TreeScope::getAllElementsById):
(WebCore::TreeScope::getElementByName):
(WebCore::TreeScope::ancestorInThisScope):
(WebCore::TreeScope::getImageMap):
(WebCore::nodeFromPoint):
(WebCore::TreeScope::labelElementForId):
(WebCore::TreeScope::getSelection):
(WebCore::TreeScope::findAnchor):
(WebCore::focusedFrameOwnerElement):
(WebCore::TreeScope::focusedElement):
(WebCore::commonTreeScope):
Use a lot more nullptr, and also rewrite one while loop as a for loop.

11:03 PM Changeset in webkit [157355] by Darin Adler

3 edits in trunk/Source/WebCore

Remove the not-much-used isShadowHost function from Element.h
https://bugs.webkit.org/show_bug.cgi?id=122710

Reviewed by Andreas Kling.

dom/Element.h: Removed isShadowHost, which just checks if shadowRoot is null.

page/FocusController.cpp:

(WebCore::FocusNavigationScope::focusNavigationScopeOwnedByShadowHost): Added
individual assertions instead of just asserting isShadowHost.
(WebCore::FocusNavigationScope::focusNavigationScopeOwnedByIFrame): Broke an
assertion with && in it into two assertions.
(WebCore::hasCustomFocusLogic): Changed argument type to be Element& and take
a reference instead of a pointer.
(WebCore::isNonFocusableShadowHost): Made arguments references instead of pointers.
Replaced isShadowHost check with a direct check of whether shadowRoot returns null
or not, which seems nearly as clear.
(WebCore::isFocusableShadowHost): Ditto.
(WebCore::adjustedTabIndex): Ditto.
(WebCore::shouldVisit): Ditto.
(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):
Updated for changes above.
(WebCore::FocusController::advanceFocusInDocumentOrder): Ditto. Also some nullptr.
(WebCore::FocusController::findFocusableElementAcrossFocusScope): Ditto.
(WebCore::FocusController::findFocusableElementRecursively): Ditto.
(WebCore::FocusController::findElementWithExactTabIndex): Ditto.
(WebCore::nextElementWithGreaterTabIndex): Ditto.
(WebCore::previousElementWithLowerTabIndex): Ditto.
(WebCore::FocusController::nextFocusableElement): Ditto.
(WebCore::FocusController::previousFocusableElement): Ditto.

10:42 PM Changeset in webkit [157354] by Darin Adler

10 edits in trunk/Source/WebCore

Move querySelector from Node to ContainerNode and use references instead of pointers
https://bugs.webkit.org/show_bug.cgi?id=122709

Reviewed by Anders Carlsson.

dom/ContainerNode.cpp:

(WebCore::ContainerNode::querySelector): Moved here from Node. Pass a reference instead
of a pointer to SelectorQuery. Changed return types to RefPtr and raw pointer instead of
PassRefPtr.
(WebCore::ContainerNode::querySelectorAll): Ditto.

dom/ContainerNode.h: Added the new functions.

dom/Element.cpp:

(WebCore::Element::webkitMatchesSelector): Use && instead of an if statement and a reference rather than
a pointer.

dom/Node.cpp: Sorted includes, removed SelectorQuery.h, removed the querySelector functions.

(WebCore::Node::ownerDocument): Use document instead of doc and nullptr instead of 0.

dom/Node.h: Removed the querySelector functions.

dom/SelectorQuery.cpp:

(WebCore::SelectorDataList::selectorMatches): Take references instead of pointers.
(WebCore::SelectorDataList::matches): Ditto.
(WebCore::SelectorDataList::queryAll): Return a RefPtr instead of PassRefPtr.
(WebCore::SelectorDataList::queryFirst): Ditto. Also use nullptr.
(WebCore::selectorForIdLookup): Take references instead of pointers.
(WebCore::isTreeScopeRoot): Ditto.
(WebCore::SelectorDataList::executeFastPathForIdSelector): Ditto.
(WebCore::isSingleTagNameSelector): Ditto.
(WebCore::elementsForLocalName): Ditto. Also use iterators instead of traversal.
(WebCore::anyElement): Ditto.
(WebCore::SelectorDataList::executeSingleTagNameSelectorData): Ditto.
(WebCore::isSingleClassNameSelector): Ditto.
(WebCore::SelectorDataList::executeSingleClassNameSelectorData): Ditto.
(WebCore::SelectorDataList::executeSingleSelectorData): Ditto.
(WebCore::SelectorDataList::executeSingleMultiSelectorData): Ditto.
(WebCore::SelectorDataList::execute): Ditto.
(WebCore::SelectorQueryCache::add): Ditto.

dom/SelectorQuery.h: Update to use ContainerNode, references, and RefPtr and raw pointers

rather than PassRefPtr.

dom/TreeScope.cpp:

(WebCore::TreeScope::getElementById): Use nullptr instead of 0.
(WebCore::TreeScope::getAllElementsById): Ditto.
(WebCore::TreeScope::getElementByName): Ditto.
(WebCore::TreeScope::ancestorInThisScope): Ditto.

inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::assertNode): Use nullptr instead of 0.
(WebCore::InspectorDOMAgent::assertDocument): Ditto.
(WebCore::InspectorDOMAgent::assertElement): Ditto. Also use isElementNode instead of nodeType.
(WebCore::InspectorDOMAgent::assertEditableNode): Use nullptr instead of 0.
(WebCore::InspectorDOMAgent::assertEditableElement): Ditto.
(WebCore::InspectorDOMAgent::getDocument): Use document instead of doc.
(WebCore::InspectorDOMAgent::querySelector): Changed to pass a ContainerNode.
(WebCore::InspectorDOMAgent::querySelectorAll): Ditto.

10:01 PM Changeset in webkit [157353] by Darin Adler

8 edits in trunk/Source/WebCore

Move code to find elements in slider shadow tree into RangeInputType class, since it creates that tree
https://bugs.webkit.org/show_bug.cgi?id=122708

Reviewed by Anders Carlsson.

accessibility/AccessibilitySlider.cpp:

(WebCore::AccessibilitySliderThumb::elementRect): Use HTMLInputElement::sliderThumbElement
to find the thumb, rather than using the sliderThumbElementOf function.

html/InputType.h: Use nullptr instead of 0. Tweak formatting a bit.

html/RangeInputType.cpp:

(WebCore::RangeInputType::handleMouseDownEvent): Use typedSliderThumbElement function.
(WebCore::RangeInputType::handleTouchEvent): Ditto.
(WebCore::RangeInputType::createShadowSubtree): Fixed assertion to match the code below.
(WebCore::RangeInputType::sliderTrackElement): Moved next to the createShadowSubtree function
since it is finding an element in that subtree. Changed to do the work here instead of calling
a function in another file.
(WebCore::RangeInputType::typedSliderThumbElement): Added. Finds the slider thumb element,
and returns it as a reference with a specific type.
(WebCore::RangeInputType::sliderThumbElement): Changed to call typedSliderThumbElement, loosening
the type, and returning a pointer Changed to call typedSliderThumbElement, loosening
the type, and returning a pointer.
(WebCore::RangeInputType::minOrMaxAttributeChanged): Use typedSliderThumbElement.
(WebCore::RangeInputType::setValue): Ditto.
(WebCore::RangeInputType::listAttributeTargetChanged): Ditto.

html/RangeInputType.h: Marked the class FINAL. Tweaked formatting a bit.

Added the typedSliderThumbElement function.

html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::setPositionFromPoint): Call the HTMLInputElement::sliderTrackElement
function instead of having the input element's shadow subtree hierarchy hard-coded here.
(WebCore::SliderThumbElement::cloneElementWithoutAttributesAndChildren): Moved here from the header,
since it's a virtual function that won't be inlined.

html/shadow/SliderThumbElement.h: Removed unneeded forward declarations. Made more virtual

functions private and added more OVERRIDE. Removed the toSliderThumbElement, sliderThumbElementOf,
and sliderTrackElementOf functions.

rendering/RenderSlider.cpp:

(WebCore::RenderSlider::layout): Use HTMLInputElement::sliderThumbElement.
(WebCore::RenderSlider::inDragMode): Ditto.

10:00 PM Changeset in webkit [157352] by Darin Adler

11 edits
1 delete in trunk/Source/WebCore

Remove unneeded extra memory allocation and indirection for ValidityState
https://bugs.webkit.org/show_bug.cgi?id=122705

Reviewed by Anders Carlsson.

CMakeLists.txt: Removed ValidityState.cpp.
GNUmakefile.list.am: Ditto.
WebCore.vcxproj/WebCore.vcxproj: Ditto.
WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
WebCore.xcodeproj/project.pbxproj: Ditto.

html/FormAssociatedElement.cpp: Removed ValidityState.h include and the

FormAssociatedElement::validity function. That function is now an inline
in the ValidityState.h header.

html/FormAssociatedElement.h: Added badInput function, the only function

from the ValidityState interface that was not already present here. Removed
m_validityState.

html/HTMLFormControlElement.cpp: Removed include of ValidityState.h.

(WebCore::HTMLFormControlElement::isValidFormControlElement): Use the valid
function directly instead of indirectly through the validity state.
(WebCore::HTMLFormControlElement::setNeedsValidityCheck): Ditto.

html/ValidityState.cpp: Removed.

html/ValidityState.h: Removed the body of the ValidityState class and

made it effectively a "typedef" for FormAssociatedElement. It's actually
a derived class that adds no members, which is not quite right but will
work just fine for this.
(WebCore::FormAssociatedElement::validity): Implemented; just returns the
FormAssociatedElement, which the bindings expose as a ValidityState.

html/ValidityState.idl: Use SkipVTableValidation instead of

ImplementationLacksVTable because FormAssociatedElement does have a vtable.

9:05 PM Changeset in webkit [157351] by aroben@webkit.org

2 edits in trunk/Source/WebKit/mac

WebViews inside OS X screen savers have large caches, but should not
https://bugs.webkit.org/show_bug.cgi?id=122604

We use WebCacheModelDocumentViewer by default for apps linked against
modern WebKit, and WebCacheModelDocumentBrowser for apps linked
against legacy WebKit. ScreenSaverEngine.app doesn't link against
WebKit at all, and thus falls into the legacy case by accident because
NSVersionOfLinkTimeLibrary("WebKit") returns -1.

But WebViews inside screen savers are almost certainly not being used
as browsers, so this large-ish cache specified by
WebCacheModelDocumentBrowser is wasteful. This is likely true for all
apps that don't directly link against WebKit, so now we use
WebCacheModelDocumentViewer by default for those apps.

Reviewed by Darin Adler.

WebView/WebPreferences.mm:

(cacheModelForMainBundle): Use WebCacheModelDocumentViewer by default
for apps that don't link against WebKit directly. Also converted to
use @autoreleasepool {} and early returns while I was in here.

6:18 PM Changeset in webkit [157350] by Darin Adler

10 edits in trunk/Source/WebCore

Rename toParentMediaElement to parentMediaElement, since it's not a type cast
https://bugs.webkit.org/show_bug.cgi?id=122707

Reviewed by Eric Carlson.

accessibility/AccessibilityMediaControls.cpp:

(WebCore::AccessibilityMediaControlsContainer::controllingVideoElement): Call the
function by its new name, and also remove unnecessary type casting.

html/shadow/MediaControlElementTypes.cpp:

(WebCore::parentMediaElement): Renamed from toParentMediaElement. Changed to use
nullptr. Removed an unnecessary null check.

html/shadow/MediaControlElementTypes.h: Renamed from toParentMediaElement.

Changed the argument to the RenderObject overload to be a reference rather than
a pointer since it doesn't handle null.

html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlClosedCaptionsTrackListElement::defaultEventHandler):
(WebCore::MediaControlClosedCaptionsTrackListElement::updateDisplay):
(WebCore::MediaControlClosedCaptionsTrackListElement::rebuildTrackListMenu):
(WebCore::MediaControlFullscreenButtonElement::defaultEventHandler):
(WebCore::MediaControlTextTrackContainerElement::updateDisplay):
(WebCore::MediaControlTextTrackContainerElement::updateTimerFired):
(WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation):
(WebCore::MediaControlTextTrackContainerElement::updateSizes):
(WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
Updated to use the new name. Also use nullptr.

html/shadow/MediaControlsBlackBerry.cpp:

(WebCore::MediaControlFullscreenFullscreenButtonElement::defaultEventHandler):
Updated to use the new name.

platform/blackberry/RenderThemeBlackBerry.cpp:

(WebCore::determineFullScreenMultiplier):
(WebCore::RenderThemeBlackBerry::adjustMediaControlStyle):
(WebCore::RenderThemeBlackBerry::paintMediaPlayButton):
(WebCore::RenderThemeBlackBerry::paintMediaRewindButton):
(WebCore::RenderThemeBlackBerry::paintMediaMuteButton):
(WebCore::RenderThemeBlackBerry::paintMediaFullscreenButton):
(WebCore::RenderThemeBlackBerry::paintMediaSliderTrack):
(WebCore::RenderThemeBlackBerry::paintMediaVolumeSliderTrack):
Updated to use the new name.

platform/efl/RenderThemeEfl.cpp:

(WebCore::RenderThemeEfl::paintMediaSliderTrack):
Updated to use the new name.

platform/gtk/RenderThemeGtk.cpp:

(WebCore::RenderThemeGtk::paintMediaSliderTrack):
(WebCore::RenderThemeGtk::paintMediaVolumeSliderTrack):
Updated to use the new name.

rendering/RenderMediaControls.cpp:

(WebCore::RenderMediaControls::paintMediaControlsPart):
Call the function by its new name and with a reference instead of a pointer.

3:33 PM Changeset in webkit [157349] by Antti Koivisto

6 edits in trunk/Source/WebCore

Move positionForPoint to RenderTextLineBoxes
https://bugs.webkit.org/show_bug.cgi?id=122703

Reviewed by Andreas Kling.

3:23 PM Changeset in webkit [157348] by akling@apple.com

4 edits in trunk/Source/WebCore

Remove unused ScrollingCoordinator hooks.
<https://webkit.org/b/122701>

Reviewed by Anders Carlsson.

Remove leftover ScrollingCoordinator hooks that were only used
by the Chromium port.

2:14 PM Changeset in webkit [157347] by zandobersek@gmail.com

2 edits in trunk/Source/WebCore

[Soup] The NeverDestroyed<std::unique_ptr<NetworkStorageSession>> variable in defaultSession() should be static
https://bugs.webkit.org/show_bug.cgi?id=122700

Reviewed by Anders Carlsson.

platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::defaultSession): The NeverDestroyed variable should be static to avoid its reinitialization every time
the function is called. This was exposed by r157337 and should fix the subsequent crashes.

1:33 PM Changeset in webkit [157346] by Antti Koivisto

4 edits in trunk/Source/WebCore

Move line dirtying code to RenderTextLineBoxes
https://bugs.webkit.org/show_bug.cgi?id=122699

Reviewed by Andreas Kling.

rendering/RenderTextLineBoxes.cpp:

(WebCore::RenderTextLineBoxes::removeAllFromParent):

Also moved the removal loop.

(WebCore::RenderTextLineBoxes::dirtyAll):
(WebCore::RenderTextLineBoxes::dirtyRange):

11:40 AM Changeset in webkit [157345] by Antti Koivisto

5 edits in trunk/Source/WebCore

Move more code to RenderTextLineBoxes
https://bugs.webkit.org/show_bug.cgi?id=122697

Reviewed by Andreas Kling.

rendering/RenderTextLineBoxes.cpp:

(WebCore::RenderTextLineBoxes::boundingBox):
(WebCore::RenderTextLineBoxes::visualOverflowBoundingBox):
(WebCore::RenderTextLineBoxes::hasRenderedText):
(WebCore::RenderTextLineBoxes::caretMinOffset):
(WebCore::RenderTextLineBoxes::caretMaxOffset):

Moved these.

11:34 AM Changeset in webkit [157344] by ap@apple.com

8 edits in trunk/Source

Add a feature define for SubtleCrypto
https://bugs.webkit.org/show_bug.cgi?id=122683

Reviewed by Anders Carlsson.

Source/JavaScriptCore:

Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Configurations/FeatureDefines.xcconfig:

11:26 AM Changeset in webkit [157343] by akling@apple.com

3 edits in trunk/Source/WebCore

Generate tighter isFooElement() functions for HTML elements.
<https://webkit.org/b/122696>

Reviewed by Antti Koivisto.

Specialize HTML element type checking helpers to only compare the
localName and not the fully qualified tag name.

11:16 AM Changeset in webkit [157342] by akling@apple.com

27 edits in trunk/Source

Replace static cast ASSERTs with ASSERT_WITH_SECURITY_IMPLICATION
https://bugs.webkit.org/show_bug.cgi?id=120803

Patch by Jessica Pease <jessica_n_pease@apple.com> on 2013-09-27
Reviewed by Andreas Kling.

No new tests because we're just changing assertions.

Source/WebCore:

accessibility/AccessibilityMockObject.h:

(WebCore::toAccessibilityMockObject):

bindings/js/JSCanvasRenderingContextCustom.cpp:

(WebCore::toJS):

bindings/js/ScheduledAction.cpp:

(WebCore::ScheduledAction::execute):

css/CSSGradientValue.cpp:

(WebCore::CSSGradientValue::image):

css/DeprecatedStyleBuilder.cpp:

(WebCore::ApplyPropertyTextUnderlinePosition::applyValue):

dom/Element.cpp:

(WebCore::Element::elementRareData):
(WebCore::Element::synchronizeAttribute):

dom/FocusEvent.h:

(WebCore::toFocusEvent):

dom/MouseEvent.h:

(WebCore::toMouseEvent):

dom/Node.cpp:

(WebCore::Node::rareData):

dom/StyledElement.cpp:

(WebCore::StyledElement::ensureMutableInlineStyle):

dom/TouchEvent.h:

(WebCore::toTouchEvent):

editing/CompositeEditCommand.h:

(WebCore::toCompositeEditCommand):

html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):

html/track/AudioTrack.h:

(WebCore::toAudioTrack):

html/track/TextTrack.h:

(WebCore::toTextTrack):

html/track/VideoTrack.h:

(WebCore::toVideoTrack):

inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::buildObjectForAttributesStyle):

loader/cache/CachedResourceClientWalker.h:

(WebCore::CachedResourceClientWalker::next):

page/FrameView.h:

(WebCore::toFrameView):

rendering/InlineBox.cpp:

(WebCore::InlineBox::root):

rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlock::createLineBoxesFromBidiRuns):

rendering/svg/SVGPathData.cpp:

(WebCore::updatePathFromEllipseElement):
(WebCore::updatePathFromLineElement):
(WebCore::updatePathFromPolygonElement):
(WebCore::updatePathFromPolylineElement):

workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::document):

Source/WebKit2:

Shared/Plugins/NPObjectProxy.h:

(WebKit::NPObjectProxy::toNPObjectProxy):

WebProcess/Plugins/Netscape/NPJSObject.h:

(WebKit::NPJSObject::toNPJSObject):

11:03 AM Changeset in webkit [157341] by akling@apple.com

27 edits in trunk/Source

Replace bounds checking ASSERTs with ASSERT_WITH_SECURITY_IMPLICATION
https://bugs.webkit.org/show_bug.cgi?id=120893

Patch by Jessica Pease <jessica_n_pease@apple.com> on 2013-09-06
Reviewed by Darin Adler.

Source/WebCore:

Modules/indexeddb/IDBKeyPath.cpp:

(WebCore::IDBKeyPathLexer::lex):

Modules/indexeddb/IDBLevelDBCoding.cpp:

(WebCore::IDBLevelDBCoding::compareEncodedIDBKeys):

bindings/js/JSCSSStyleDeclarationCustom.cpp:

(WebCore::cssPropertyIDForJSCSSPropertyName):

css/CSSFontSelector.cpp:

(WebCore::compareFontFaces):

css/CSSParser.cpp:

(WebCore::CSSParser::rewriteSpecifiers):

html/HTMLCollection.cpp:

(WebCore::traverseMatchingElementsForwardToOffset):
(WebCore::LiveNodeListBase::traverseChildNodeListForwardToOffset):
(WebCore::HTMLCollection::traverseForwardToOffset):

html/HTMLFontElement.cpp:

(WebCore::parseFontSize):

html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLNonNegativeIntegerInternal):

inspector/InspectorStyleSheet.h:

(WebCore::InspectorStyleProperty::setRawTextFromStyleDeclaration):

platform/graphics/StringTruncator.cpp:

(WebCore::centerTruncateToBuffer):
(WebCore::rightTruncateToBuffer):
(WebCore::truncateString):

platform/graphics/TextRun.h:

(WebCore::TextRun::subRun):

platform/text/BidiRunList.h:

(WebCore::::reverseRuns):

rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::selectionRectForTextFragment):
(WebCore::SVGInlineTextBox::mapStartEndPositionsIntoFragmentCoordinates):

rendering/svg/SVGTextChunkBuilder.cpp:

(WebCore::SVGTextChunkBuilder::buildTextChunks):

rendering/svg/SVGTextLayoutEngine.cpp:

(WebCore::SVGTextLayoutEngine::currentLogicalCharacterMetrics):

rendering/svg/SVGTextQuery.cpp:

(WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates):

svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::currentValuesForValuesAnimation):

svg/SVGPathByteStreamSource.h:

(WebCore::SVGPathByteStreamSource::readType):

Source/WebKit2:

Shared/Plugins/PluginQuirks.h:

(WebKit::PluginQuirks::add):

Source/WTF:

wtf/BumpPointerAllocator.h:

(WTF::BumpPointerPool::ensureCapacity):
(WTF::BumpPointerPool::alloc):
(WTF::BumpPointerPool::ensureCapacityCrossPool):

wtf/FastMalloc.cpp:

(WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):

wtf/StringPrintStream.cpp:

(WTF::StringPrintStream::increaseSize):

wtf/dtoa/utils.h:

(WTF::double_conversion::BufferReference::SubBufferReference):

wtf/text/WTFString.cpp:

(WTF::String::fromUTF8):

10:41 AM Changeset in webkit [157340] by Antti Koivisto

9 edits
2 adds in trunk/Source/WebCore

Factor line box code from RenderText to a class
https://bugs.webkit.org/show_bug.cgi?id=122694

Reviewed by Andreas Kling.

Create RenderTextLineBoxes and move some line box specific code there.

8:15 AM Changeset in webkit [157339] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Fix potential register trampling in JIT since r157313.
https://bugs.webkit.org/show_bug.cgi?id=122691

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-12
Reviewed by Michael Saboff.

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

7:51 AM Changeset in webkit [157338] by Antti Koivisto

5 edits in trunk/Source/WebCore

Replace RenderText::renderedTextLength with hasRenderedText
https://bugs.webkit.org/show_bug.cgi?id=122693

Reviewed by Andreas Kling.

7:15 AM Changeset in webkit [157337] by Darin Adler

37 edits in trunk/Source

Use unique_ptr instead of delete in a few places
https://bugs.webkit.org/show_bug.cgi?id=122639

Reviewed by Anders Carlsson.

Source/WebCore:

Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::guidToDatabaseMap): Use NeverDestroyed instead of DEFINE_STATIC_LOCAL.
(WebCore::guidForOriginAndName): Ditto.
(WebCore::DatabaseBackendBase::DatabaseBackendBase): Removed unneeded initialization
of m_guid, which is set in the body of the constructor explicitly anyway. Use emptyString.
Use unique_ptr for the values in the map. Use the add idiom instead of the get/set idiom.
(WebCore::DatabaseBackendBase::closeDatabase): Use the find/remove idiom instead of the
get/remove idiom.
(WebCore::DatabaseBackendBase::performOpenAndVerify): Use auto here to avoid having to
use the map type by name.

loader/cache/CachedFont.cpp:

(WebCore::CachedFont::CachedFont): Don't initialize m_fontData to 0; unique_ptr will do that.
(WebCore::CachedFont::~CachedFont): Don't delete m_fontData. unique_ptr will do that.
(WebCore::CachedFont::ensureCustomFontData): Add a get.
(WebCore::CachedFont::allClientsRemoved): Don't delete m_fontData. Use nullptr instead of 0.

loader/cache/CachedFont.h: Changed m_fontData to a unique_ptr.

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::BitmapImage): Don't initialize m_frameTimer to 0; unique_ptr will do that.
(WebCore::BitmapImage::startAnimation): Use make_unique to create the timer.
(WebCore::BitmapImage::stopAnimation): Don't delete m_frameTimer. Use nullptr instead of 0.

platform/graphics/BitmapImage.h: Changed m_FrameTimer to a unique_ptr.
platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::BitmapImage::BitmapImage): Don't initialize m_frameTimer to 0; unique_ptr will do that.

platform/graphics/mac/FontCustomPlatformData.cpp:

(WebCore::FontCustomPlatformData::~FontCustomPlatformData): Don't call CGFontRelease on m_cgFont.
(WebCore::FontCustomPlatformData::fontPlatformData): Use get on m_cgFont.
(WebCore::createFontCustomPlatformData): Use nullptr instead of 0, and make_unique instead of new.

platform/graphics/mac/FontCustomPlatformData.h: Chnaged m_cgFont to be a RetainPtr, and the

return value from createFontCustomPlatformData to be a unique_ptr.

platform/graphics/blackberry/FontCustomPlatformData.h:
platform/graphics/blackberry/FontCustomPlatformDataBlackBerry.cpp:

(WebCore::createFontCustomPlatformData):

platform/graphics/cairo/BitmapImageCairo.cpp:

(WebCore::BitmapImage::BitmapImage):

platform/graphics/cairo/FontCustomPlatformData.h:
platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::BitmapImage::BitmapImage):

platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:

(WebCore::createFontCustomPlatformData):

platform/graphics/win/FontCustomPlatformData.cpp:

(WebCore::createFontCustomPlatformData):

platform/graphics/win/FontCustomPlatformData.h:
platform/graphics/win/FontCustomPlatformDataCairo.cpp:

(WebCore::createFontCustomPlatformData):

platform/graphics/wince/FontCustomPlatformData.cpp:

(WebCore::createFontCustomPlatformData):

platform/graphics/wince/FontCustomPlatformData.h:

Same thing on all the other platforms.

platform/network/NetworkStorageSession.h: Changed return value of createPrivateBrowsingSession

to a unique_ptr, and made constructors public.

platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::createPrivateBrowsingSession): Use make_unique.

platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::defaultSession):
(WebCore::NetworkStorageSession::defaultStorageSession):
(WebCore::NetworkStorageSession::createPrivateBrowsingSession):
(WebCore::NetworkStorageSession::switchToNewTestingSession):
Same thing on all the other platforms.

Source/WebKit/mac:

History/WebHistory.mm:

(-[WebHistoryPrivate init]): Use make_unique.
(-[WebHistoryPrivate dealloc]): Don't delete.
(-[WebHistoryPrivate finalize]): Don't delete.
(-[WebHistoryPrivate data]): Use get.

WebCoreSupport/WebFrameNetworkingContext.mm:

(privateSession): Use NeverDestroyed here instead of a raw pointer.
(WebFrameNetworkingContext::ensurePrivateBrowsingSession): Use the
new function instead of direct global variable access.
(WebFrameNetworkingContext::destroyPrivateBrowsingSession): Ditto.
(WebFrameNetworkingContext::storageSession): Ditto.

WebView/WebFrame.mm:

(-[WebFramePrivate dealloc]): Don't delete.
(-[WebFramePrivate finalize]): Don't delete.
(-[WebFrame _attachScriptDebugger]): Use make_unique.
(-[WebFrame _detachScriptDebugger]): Don't delete.

WebView/WebFrameInternal.h: Use unique_ptr.

Source/WebKit/win:

WebCoreSupport/WebFrameNetworkingContext.cpp:

(privateSession):
(identifierBase):
(WebFrameNetworkingContext::setCookieAcceptPolicyForAllContexts):
(WebFrameNetworkingContext::setPrivateBrowsingStorageSessionIdentifierBase):
(WebFrameNetworkingContext::ensurePrivateBrowsingSession):
(WebFrameNetworkingContext::destroyPrivateBrowsingSession):
(WebFrameNetworkingContext::storageSession):

Source/WebKit2:

NetworkProcess/mac/RemoteNetworkingContext.mm:

(WebKit::privateBrowsingStorageSession): Use NeverDestroyed and unique_ptr.
(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession): Use std::move.

Shared/Downloads/DownloadManager.cpp:

(WebKit::DownloadManager::startDownload): Use std::move. Also add instead of set.
(WebKit::DownloadManager::convertHandleToDownload): Ditto.
(WebKit::DownloadManager::downloadFinished): Don't delete.

Shared/Downloads/DownloadManager.h: Changed m_downloads to hold unique_ptr instead

of raw pointers.

Shared/SandboxExtension.h: Use std::unique_ptr for m_data.

Shared/mac/SandboxExtensionMac.mm:

(WebKit::SandboxExtension::HandleArray::HandleArray): Don't initialize m_data to 0.
(WebKit::SandboxExtension::HandleArray::~HandleArray): Don't delete m_data.
(WebKit::SandboxExtension::HandleArray::allocate): Use make_unique to allocate m_data.

WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:

(WebKit::privateSession): Use NeverDestroyed and unique_ptr.
(WebKit::identifierBase): Use NeverDestroyed.
(WebKit::WebFrameNetworkingContext::setPrivateBrowsingStorageSessionIdentifierBase):
Updated to use the above.
(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession): Ditto.
(WebKit::WebFrameNetworkingContext::destroyPrivateBrowsingSession): Ditto.
(WebKit::WebFrameNetworkingContext::setCookieAcceptPolicyForAllContexts): Ditto.
(WebKit::WebFrameNetworkingContext::storageSession): Ditto.

WebProcess/WebCoreSupport/soup/WebFrameNetworkingContext.cpp:

(WebKit::privateSession):
(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):
(WebKit::WebFrameNetworkingContext::destroyPrivateBrowsingSession):
(WebKit::WebFrameNetworkingContext::storageSession):
(WebKit::WebFrameNetworkingContext::webFrameLoaderClient):
More of the same.

3:06 AM Changeset in webkit [157336] by akling@apple.com

5 edits in trunk/Source/WebCore

Make LayoutState not arena-allocated.
<https://webkit.org/b/122649>

Reviewed by Antti Koivisto.

Let RenderView own a singly-linked chain of LayoutState objects
managed by unique_ptr.

2:25 AM Changeset in webkit [157335] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[sh4] Add missing spaces in JITStubsSH4.h
https://bugs.webkit.org/show_bug.cgi?id=122690

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-12
Reviewed by Andreas Kling.

jit/JITStubsSH4.h: Space between string concatenation is mandatory with C++11

2:19 AM Changeset in webkit [157334] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[sh4] Add missing test32 implementation in macro assembler.
https://bugs.webkit.org/show_bug.cgi?id=122689

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-12
Reviewed by Andreas Kling.

assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::test32):

2:15 AM Changeset in webkit [157333] by akling@apple.com

6 edits in trunk/Source/WebCore

Make RenderLayer not arena-allocated.
<https://webkit.org/b/87523>

Reviewed by Antti Koivisto.

Let RenderLayerModelObject store its RenderLayer in a unique_ptr.
Layers are relatively low-volume objects and this looks neutral
on our performance tests.

Re-landing this since the original commit exposed a problem with
the destruction order. This pattern:

m_someRenderer->destroy();
m_someRenderer = nullptr;

..is different from what we get with unique_ptr, which clears
the pointer storage before calling the destructor.
I believe that the new order is strictly better as it removes
one path to accessing an object that is undergoing destruction.

The exposed bug was in RLC::fixedRootBackgroundLayerChanged()
where we were dereferencing the RenderView's layer() without
checking, despite it being called below ~RenderLayer.

Oct 11, 2013:

11:03 PM Changeset in webkit [157332] by zoltan@webkit.org

2 edits in trunk/Source/WebCore

Move firstPositiveWidth/adjustLogicalLineTop functions where they're actually used
https://bugs.webkit.org/show_bug.cgi?id=122685

Reviewed by Darin Adler.

I'm working on the refactoring of RenderBlockLineLayout, progress tracked under bug #121261. For the better readability, I moved
firstPositiveWidth and adjustLogicalLineTop functions above pushShapeContentOverflowBelowTheContentBox, where these're actually used.

No new tests, no behavior change.

rendering/RenderBlockLineLayout.cpp:

(WebCore::firstPositiveWidth):
(WebCore::adjustLogicalLineTop):

9:52 PM Changeset in webkit [157331] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Extract an iterator/resolver class from calculateAdjustedNodes
https://bugs.webkit.org/show_bug.cgi?id=122687

Reviewed by Darin Adler.

Extracted EventRelatedNodeResolver out of calculateAdjustedNodes and replaced calls to calculateAdjustedNodes
in updateTouchListsInEventPath and setRelatedTarget by the use of this newly added class.

dom/EventContext.h: Added some helper functions to TouchEventContext so that updateTouchListsInEventPath

could obtain respective TouchList* without having to hard-code the name.

dom/EventDispatcher.cpp:

(WebCore::EventRelatedNodeResolver::EventRelatedNodeResolver): Added.
(WebCore::EventRelatedNodeResolver::moveToParentOrShadowHost): Extracted from calculateAdjustedNodes.
(WebCore::EventPath::updateTouchListsInEventPath): Updated to use EventRelatedNodeResolver. Also made this
a member function of EventPath.
(WebCore::EventPath::updateTouchLists): Removed local Vectors to TouchList now that updateTouchListsInEventPath
can obtain TouchList* on demand.
(WebCore::EventPath::setRelatedTarget): Upsed to use EventRelatedNodeResolver.

9:16 PM Changeset in webkit [157330] by Darin Adler

53 edits in trunk/Source

Change most call sites to call ICU directly instead of through WTF::Unicode
https://bugs.webkit.org/show_bug.cgi?id=122635

Reviewed by Alexey Proskuryakov.

Source/JavaScriptCore:

parser/Lexer.cpp:

(JSC::isNonLatin1IdentStart): Take a UChar since that's what the only caller wants to pass.
Use U_GET_GC_MASK instead of WTF::Unicode::category.
(JSC::isNonLatin1IdentPart): Ditto.

parser/Lexer.h:

(JSC::Lexer::isWhiteSpace): Use u_charType instead of WTF::Unicode::isSeparatorSpace.

runtime/JSFunction.cpp: Removed "using namespace" for WTF::Unicode, this will no longer

compile since this doesn't include anything that defines that namespace.

runtime/JSGlobalObjectFunctions.cpp:

(JSC::isStrWhiteSpace): Use u_charType instead of WTF::Unicode::isSeparatorSpace.

yarr/YarrInterpreter.cpp:

(JSC::Yarr::ByteCompiler::atomPatternCharacter): Use u_tolower and u_toupper instead of
Unicode::toLower and Unicode::toUpper. Also added some assertions since this code assumes
it can convert any UChar to lowercase or uppercase in another UChar, with no risk of needing
a UChar32 for the result. I guess that's probably true, but it would be good to know in a
debug build if not.

Source/WebCore:

Modules/indexeddb/IDBKeyPath.cpp:

(isIdentifierStartCharacter): Use U_GET_GC_MASK instead of WTF::Unicode::category.
(isIdentifierCharacter): Ditto.

css/CSSParser.cpp:

(WebCore::makeLower): Use u_tolower instead of WTF::Unicode::toLower.
Also assert the character fits in a UChar.

dom/Document.cpp:

(WebCore::isValidNameStart): Use U_GET_GC_MASK instead of WTF::Unicode::category,
and u_getIntPropertyValue instead of WTF::Unicode::decompositionType.
(WebCore::isValidNamePart): Ditto.
(WebCore::canonicalizedTitle): Ditto.

editing/Editor.cpp:

(WebCore::Editor::insertTextWithoutSendingTextEvent): Use u_isPunct instead of
WTF::Unicode::isPunct.

editing/TextIterator.cpp:

(WebCore::SearchBuffer::append): Use u_strFoldCase instead of WTF::Unicode::foldCase.

html/HTMLElement.cpp:

(WebCore::HTMLElement::directionality): Use UCharDirection instead of
WTF::Unicode::Direction.

html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::defaultEventHandler): Use u_isprint instead of
WTF::Unicode::isPrintableChar.

html/TypeAhead.cpp:

(WebCore::stripLeadingWhiteSpace): Use u_charDirection instead of
WTF::Unicode::direction.

html/track/TextTrackCue.cpp:

(WebCore::isCueParagraphSeparator): Use u_charType instead of
WTF::Unicode::category.
(WebCore::TextTrackCue::determineTextDirection): Use u_charDirection instead of
WTF::Unicode::direction.

page/ContextMenuController.cpp:

(WebCore::selectionContainsPossibleWord): Use U_GET_GC_MASK instead of
WTF::Unicode::category.

platform/graphics/Font.cpp:

(WebCore::Font::canReceiveTextEmphasis): Ditto.

platform/graphics/FontGlyphs.cpp:

(WebCore::FontGlyphs::glyphDataAndPageForCharacter): Use u_toupper instead of
WTF::Unicode::toUpper. Use u_charMirror instead of WTF::Unicode::mirroredChar.

platform/graphics/GraphicsContext.cpp:

(WebCore::TextRunIterator::direction): Use u_charDirection instead of
WTF::Unicode::direction.

platform/graphics/SVGGlyph.cpp:

(WebCore::charactersWithArabicForm): Use ublock_getCode instead of
WTF::Unicode::isArabicChar.

platform/graphics/SurrogatePairAwareTextIterator.cpp:

(WebCore::SurrogatePairAwareTextIterator::normalizeVoicingMarks): Use
u_getCombiningClass instead of WTF::Unicode::combiningClass.

platform/graphics/WidthIterator.cpp:

(WebCore::WidthIterator::advanceInternal): Use u_toupper instead of
WTF::Unicode::toUpper.

platform/graphics/mac/ComplexTextController.cpp:

(WebCore::ComplexTextController::collectComplexTextRuns): Added some
assertions about the user of u_toupper and tweaked coding style a bit.

platform/text/BidiContext.cpp:

(WebCore::BidiContext::createUncached): Use UCharDirection instead of
WTF::Unicode::Direction.
(WebCore::BidiContext::create): Ditto.
(WebCore::copyContextAndRebaselineLevel): Ditto.

platform/text/BidiContext.h:

(WebCore::BidiContext::dir): Ditto.
(WebCore::BidiContext::BidiContext): Ditto.

platform/text/BidiResolver.h:

(WebCore::BidiStatus::BidiStatus): Ditto.
(WebCore::BidiEmbedding::BidiEmbedding): Ditto.
(WebCore::BidiEmbedding::direction): Ditto.
(WebCore::BidiCharacterRun::BidiCharacterRun): Ditto.
(WebCore::BidiResolver::BidiResolver): Ditto.
(WebCore::BidiResolver::setLastDir): Ditto.
(WebCore::BidiResolver::setLastStrongDir): Ditto.
(WebCore::BidiResolver::setEorDir): Ditto.
(WebCore::BidiResolver::dir): Ditto.
(WebCore::BidiResolver::setDir): Ditto.
(WebCore::BidiResolver::appendRun): Ditto.
(WebCore::BidiResolver::embed): Ditto.
(WebCore::BidiResolver::checkDirectionInLowerRaiseEmbeddingLevel): Ditto.
(WebCore::BidiResolver::lowerExplicitEmbeddingLevel): Ditto.
(WebCore::BidiResolver::raiseExplicitEmbeddingLevel): Ditto.
(WebCore::BidiResolver::commitExplicitEmbedding): Ditto.
(WebCore::BidiResolver::updateStatusLastFromCurrentDirection): Ditto.
(WebCore::BidiResolver::createBidiRunsForLine): Ditto.

platform/text/SegmentedString.h:

(WebCore::SegmentedString::advanceAndASSERTIgnoringCase): Use u_foldCase
instead of WTF::Unicode::foldCase.

platform/text/TextBoundaries.cpp:

(WebCore::findNextWordFromIndex): Use u_isalnum instead of
WTF::Unicode::isAlphanumeric.

platform/text/TextBoundaries.h:

(WebCore::requiresContextForWordBoundary): Use u_getIntPropertyValue directly
instead of WTF::Unicode::requiresComplexContextForWordBreaking.

platform/text/mac/TextBoundaries.mm: Removed explicit use of WTF::Unicode,

which was unneeded and also will no longer compile.

rendering/BidiRun.h:

(WebCore::BidiRun::BidiRun): Use UCharDirection instead of WTF::Unicode::Direction.

rendering/InlineFlowBox.h: Ditto.
rendering/InlineIterator.h:

(WebCore::embedCharFromDirection): Ditto.
(WebCore::notifyObserverWillExitObject): Ditto.
(WebCore::InlineIterator::direction): Ditto.
(WebCore::IsolateTracker::embed): Ditto.
(WebCore::InlineBidiResolver::appendRun): Ditto.

rendering/RenderBlock.cpp:

(WebCore::isPunctuationForFirstLetter): Use U_GET_GC_MASK instead of
WTF::Unicode::category.

rendering/RenderBlockLineLayout.cpp:

(WebCore::determineDirectionality): Use u_charDirection instead of
WTF::Unicode::direction.
(WebCore::RenderBlockFlow::handleTrailingSpaces): Ditto.
(WebCore::statusWithDirection): Ditto.
(WebCore::LineBreaker::nextSegmentBreak): Use U_GET_GC_MASK instead of
WTF::Unicode::category.

rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::paint): Use u_charDirection instead of
WTF::Unicode::direction.

rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::adjustInnerStyle): Use UCharDirection instead of
WTF::Unicode::Direction.

rendering/RenderText.cpp:

(WebCore::makeCapitalized): Use u_totile instead of WTF::Unicode::toTitleCase.
Also added a comment about the fact that we need to use u_strToTitle instead.

rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::lineBreakBidiStatus): Use UCharDirection instead of
WTF::Unicode::Direction.

svg/SVGFontData.cpp:

(WebCore::SVGFontData::createStringWithMirroredCharacters): Use u_charMirror
instead of WTF::Unicode::mirroredChar.

xml/XPathParser.cpp:

(WebCore::XPath::charCat): Use U_GET_GC_MASK instead of WTF::Unicode::category.

platform/graphics/win/UniscribeController.cpp:

(WebCore::UniscribeController::advance):

platform/win/PopupMenuWin.cpp:

(WebCore::PopupMenuWin::paint):

platform/win/WebCoreTextRenderer.cpp:

(WebCore::isOneLeftToRightRun):
More of the same for Windows.

Source/WTF:

wtf/text/StringHash.h:

(WTF::CaseFoldingHash::foldCase): Use u_foldCase instead of WTF::Unicode::foldCase.
(WTF::CaseFoldingHash::hash): Added an overload for a StringImpl& because why not.

wtf/text/StringImpl.cpp:

(WTF::StringImpl::lower): Use u_tolower rather than WTF::Unicode::toLower. Also added
an assertion to check that the lowercase version is also part of Latin-1. If this
is not guaranteed it would be good to know in a debug build at least. Use u_strToLower
rather than WTF::Unicode::toLower. Also removed #if USE(ICU_UNICODE) around the
locale-specific version.
(WTF::StringImpl::upper): Use u_toupper and u_strToUpper, as above.
(WTF::StringImpl::foldCase): Use u_tolower and u_strFoldCase, as above.
(WTF::equalIgnoringCase): Use u_foldCase instead of WTF::Unicode::foldCase.
(WTF::StringImpl::defaultWritingDirection): Use u_charDirection and UCharDirection
instead of WTF::Unicode::direction and WTF::Unicode::Direction.

wtf/text/StringImpl.h:

(WTF::equalIgnoringCase): Use u_memcasecmp instead of WTF::Unicode::umemcasecmp.
(WTF::isSpaceOrNewline): Use u_charDirection instead of WTF::Unicode::direction.

wtf/text/WTFString.h:

(WTF::String::defaultWritingDirection): Use UCharDirection instead of WTF::Unicode::Direction.

wtf/unicode/icu/UnicodeIcu.h: Removed almost everything.

wtf/unicode/wchar/UnicodeWchar.cpp: Tried to do the right thing in this file, but

I did not actually compile it. Also, the implementations here aren't really sufficient
to make WebKit work broadly. There are many things that just aren't working with this
implementation, such as parsing that uses u_charType to figure out which characters are valid.
(unorm_normalize): Added.
(u_charDirection): Added.
(u_charMirror): Added.
(u_charType): Added.
(u_getCombiningClass): Added.
(u_getIntPropertyValue): Added.
(u_memcasecmp): Added.
(convertWithFunction): Changed to work with ICU-style status code instead of error bool.
(u_strFoldCase): Added.
(u_strToLower): Added.
(u_strToUpper): Added.

wtf/unicode/wchar/UnicodeWchar.h: Ditto. Later this file should just be named like the

real ICU headers so the code can include it the same way it would ICU. But that will be
in a future patch.

7:21 PM Changeset in webkit [157329] by commit-queue@webkit.org

7 edits
3 adds in trunk

DFG: Add JIT support for LogicalNot(String/StringIdent)
https://bugs.webkit.org/show_bug.cgi?id=122627

Patch by Nadav Rotem <nrotem@apple.com> on 2013-10-11
Reviewed by Filip Pizlo.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::::executeEffects):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStringZeroLength):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):

7:05 PM Changeset in webkit [157328] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Dramatically simplify calculateAdjustedNodes
https://bugs.webkit.org/show_bug.cgi?id=122680

Reviewed by Antti Koivisto.

Without insertion points, we never have to worry about entering a shadow DOM we've already climbed out of.
Deleted the logic to deal with insertion points in calculateAdjustedNodes accordingly.

dom/EventDispatcher.cpp:

(WebCore::EventPath::EventPath):
(WebCore::calculateAdjustedNodes):
(WebCore::updateTouchListsInEventPath):
(WebCore::EventPath::updateTouchLists):
(WebCore::EventPath::setRelatedTarget):

6:35 PM Changeset in webkit [157327] by fpizlo@apple.com

5 edits in trunk/Source/JavaScriptCore

sunspider-1.0/math-spectral-norm.js.dfg-eager occasionally fails with Trap 5 (i.e int $3)
https://bugs.webkit.org/show_bug.cgi?id=122462

Reviewed by Mark Hahnenberg.

This fixes two bugs, both of which led to GetByVal on Int32 trapping because the
array no longer had Int32 shape but the check wasn't executed:

1) We weren't snapshotting the structures of mustHandleValues. This led to an awesome

race where if a mustHandleValue JSValue's structure changed on the main thread
between runs of the AI, the AI would contradict each other and things would just
get corrupted in funny ways.

2) The constant folder has a long standing bug! It will fold a node to a constant if

the AI proved it to be a constant. But it's possible that the original node also
proved things about the constant's structure. In that case "folding" to a
JSConstant actually loses information since JSConstant doesn't guarantee anything
about a constant's structure. There are various things we could do here to ensure
that a folded constant's structure doesn't change, and that if it does, we
deoptimize the code. But for now we can just make this sound by disabling folding
in this pathological case.

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::Graph):

dfg/DFGGraph.h:
dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

6:33 PM Changeset in webkit [157326] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

Fix handling of indirect stackmap locations in FTL OSR exit
https://bugs.webkit.org/show_bug.cgi?id=122666

Reviewed by Mark Hahnenberg.

With this change, the llvm.webkit.stackmap-based OSR exit only fails one test, down from
five tests previously.

ftl/FTLLocation.cpp:

(JSC::FTL::Location::gpr): It's OK to call this method when kind() == Indirect, so asserting that isGPR() is wrong; change to assert that involvesGPR().
(JSC::FTL::Location::restoreInto): Stack-related registers aren't saved to the scratch buffer, so use them directly.

ftl/FTLLocation.h: Add comment about requirements for stack layout.
ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStubWithOSRExitStackmap): Make enough room on the stack so that saveAllRegisters() has a scratchpad to save things to. Without this, saveAllRegisters() may clobber a spilled value.

6:22 PM Changeset in webkit [157325] by ryuan.choi@samsung.com

2 edits in trunk/LayoutTests

Unreviewed EFL gardening.

Unskip tests that are already passing.

platform/efl-wk2/TestExpectations:

5:43 PM Changeset in webkit [157324] by roger_fong@apple.com

2 edits in trunk/Source/WebCore

[Windows] Fix for fast/xpath test regressions caused by r157205.
https://bugs.webkit.org/show_bug.cgi?id=122658.

Reviewed by Darin Adler.

xml/XPathStep.h:

(WebCore::XPath::Step::NodeTest::NodeTest):
(WebCore::XPath::Step::NodeTest::operator=):
We were incorrectly setting the predicate list to null instead of the predicate list of the NodeTest being passed in.

4:09 PM Changeset in webkit [157323] by timothy@apple.com

13 edits in trunk

Remove preference support for picking the old Web Inspector.
https://bugs.webkit.org/show_bug.cgi?id=122655

Reviewed by Alexey Proskuryakov.

Source/WebKit/mac:

WebCoreSupport/WebInspectorClient.mm:

(WebInspectorFrontendClient::localizedStringsURL):
(-[WebInspectorWindowController inspectorPagePath]):

Source/WebKit2:

Shared/WebPreferencesStore.h:
UIProcess/API/C/WKPreferences.cpp:
UIProcess/API/C/WKPreferencesPrivate.h:
UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::WebInspector):

WebProcess/WebPage/WebInspector.h:
WebProcess/WebPage/mac/WebInspectorMac.mm:

(WebKit::WebInspector::localizedStringsURL):

WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::platformPreferencesDidChange):

Tools:

WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetStateToConsistentValues):

3:59 PM Changeset in webkit [157322] by fpizlo@apple.com

2 edits in trunk/Tools

Fix 64-bit build on everything but Windows.

Rubber stamped by Brent Fulgham.

Scripts/webkitdirs.pm:

(argumentsForConfiguration):

3:45 PM Changeset in webkit [157321] by ap@apple.com

2 edits in trunk/Tools

Touch a file to see how auto-update works.

Rubber-stamped by Tim Hatcher.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:

3:12 PM Changeset in webkit [157320] by beidson@apple.com

6 edits
3 adds in trunk/Source/WebKit2

Lay the groundwork for a multi-process aware Indexed DB implementation in WebKit2.
https://bugs.webkit.org/show_bug.cgi?id=122675

Reviewed by Alexey Proskuryakov.

CMakeLists.txt:
GNUmakefile.am:
GNUmakefile.list.am:
WebKit2.xcodeproj/project.pbxproj:

WebProcess/IndexedDB/WebIDBFactoryBackend.cpp: Added.

(WebKit::WebIDBFactoryBackend::WebIDBFactoryBackend):
(WebKit::WebIDBFactoryBackend::~WebIDBFactoryBackend):
(WebKit::WebIDBFactoryBackend::getDatabaseNames):
(WebKit::WebIDBFactoryBackend::open):
(WebKit::WebIDBFactoryBackend::deleteDatabase):

WebProcess/IndexedDB/WebIDBFactoryBackend.h: Added.

(WebKit::WebIDBFactoryBackend::create):

WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::createIDBFactoryBackend): Return a WebIDBFactoryBackend.

2:14 PM Changeset in webkit [157319] by andersca@apple.com

19 edits
1 delete in trunk/Source/WebKit2

Remove ENABLE(GESTURE_EVENTS) from WebKit2
https://bugs.webkit.org/show_bug.cgi?id=122673

Reviewed by Ryosuke Niwa.

Shared/WebEvent.h:
Shared/WebEventConversion.cpp:
Shared/WebEventConversion.h:
Shared/WebGestureEvent.cpp: Removed.
Shared/mac/WebEventFactory.h:
Shared/mac/WebEventFactory.mm:
UIProcess/API/mac/PageClientImpl.h:
UIProcess/API/mac/PageClientImpl.mm:
UIProcess/API/mac/WKView.mm:

(-[WKView viewDidMoveToWindow]):

UIProcess/PageClient.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didReceiveEvent):
(WebKit::WebPageProxy::resetStateAfterProcessExited):

UIProcess/WebPageProxy.h:
WebKit2.xcodeproj/project.pbxproj:
WebProcess/WebPage/EventDispatcher.cpp:
WebProcess/WebPage/EventDispatcher.h:
WebProcess/WebPage/EventDispatcher.messages.in:
WebProcess/WebPage/WebPage.cpp:
WebProcess/WebPage/WebPage.h:

2:01 PM Changeset in webkit [157318] by zoltan@webkit.org

2 edits in trunk/Source/WebCore

[CSS Shapes] Use the floatingObject's logical coordinates to determine its size in computeLogicalLocationForFloat
https://bugs.webkit.org/show_bug.cgi?id=122663

Reviewed by David Hyatt.

Covered by existing float tests in fast/shapes/shape-inside.
I'll add additional tests in bug #122664.

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeLogicalLocationForFloat):

12:18 PM Changeset in webkit [157317] by commit-queue@webkit.org

7 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r157307.
http://trac.webkit.org/changeset/157307
https://bugs.webkit.org/show_bug.cgi?id=122671

Many assertion failures (Requested by ap on #webkit).

jit/ThunkGenerators.cpp:

(JSC::arrayIteratorNextThunkGenerator):

jit/ThunkGenerators.h:
runtime/ArrayIteratorPrototype.cpp:

(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::createIteratorResult):
(JSC::arrayIteratorPrototypeNext):

runtime/Intrinsic.h:
runtime/JSArrayIterator.cpp:

(JSC::JSArrayIterator::finishCreation):

runtime/VM.cpp:

(JSC::thunkGeneratorForIntrinsic):

12:16 PM Changeset in webkit [157316] by andersca@apple.com

17 edits
3 deletes in trunk/Source

Remove gesture event support from WebCore
https://bugs.webkit.org/show_bug.cgi?id=122650

Reviewed by Ryosuke Niwa.

Source/WebCore:

CMakeLists.txt:
GNUmakefile.list.am:
WebCore.exp.in:
WebCore.xcodeproj/project.pbxproj:
dom/GestureEvent.cpp: Removed.
dom/GestureEvent.h: Removed.
dom/Node.cpp:
dom/Node.h:
page/EventHandler.cpp:

(WebCore::EventHandler::EventHandler):
(WebCore::EventHandler::clear):
(WebCore::EventHandler::sendContextMenuEventForKey):

page/EventHandler.h:
platform/PlatformGestureEvent.h: Removed.
platform/Scrollbar.cpp:
platform/Scrollbar.h:
platform/mac/PlatformEventFactoryMac.h:
platform/mac/PlatformEventFactoryMac.mm:

Source/WTF:

wtf/FeatureDefines.h:
wtf/nix/FeatureDefinesNix.h:

12:15 PM Changeset in webkit [157315] by Gustavo Noronha Silva

3 edits in trunk/LayoutTests

Unreviewed gardening. Rebaseline after 157292.

platform/gtk/editing/unsupported-content/table-delete-001-expected.txt:
platform/gtk/editing/unsupported-content/table-delete-003-expected.txt:

12:04 PM Changeset in webkit [157314] by timothy_horton@apple.com

5 edits in trunk/Source/WebCore

Remove some dead code from PlatformCALayer*
https://bugs.webkit.org/show_bug.cgi?id=122641

Reviewed by Anders Carlsson.

Remove some unused getters from PlatformCALayer and its implementations.

No new tests, just removing dead code.

platform/graphics/ca/PlatformCALayer.h:
platform/graphics/ca/mac/PlatformCALayerMac.mm:
platform/graphics/ca/win/PlatformCALayerWin.cpp:

12:03 PM Changeset in webkit [157313] by mark.lam@apple.com

14 edits in trunk/Source/JavaScriptCore

Transition op_new_* JITStubs to JIT operations.
https://bugs.webkit.org/show_bug.cgi?id=122460.

Reviewed by Michael Saboff.

Also:

Removed the redundant operationNewFunctionExpression(). It is identical to operationNewFunctionNoCheck().
Sorted JIT operation signature keys in the comment in JITOperations.h.
Removed the unused returnValue2Register definition for X86_64.

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

jit/JIT.h:
jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOpcodes.cpp:

(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_with_size):
(JSC::JIT::emit_op_new_array_buffer):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_new_object):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITStubs.cpp:
jit/JITStubs.h:
jit/JSInterfaceJIT.h:

11:59 AM Changeset in webkit [157312] by ap@apple.com

2 edits in trunk/Tools

LeaksViewer fails to present recent results list if current build is still updating svn
https://bugs.webkit.org/show_bug.cgi?id=122670

Fixed an obvious mistake in the previous patch.

BuildSlaveSupport/build.webkit.org-config/public_html/LeaksViewer/RecentBuildsLoader.js:

(RecentBuildsLoader.prototype.start):

11:56 AM Changeset in webkit [157311] by ap@apple.com

2 edits in trunk/Tools

LeaksViewer fails to present recent results list if current build is still updating svn
https://bugs.webkit.org/show_bug.cgi?id=122670

Reviewed by Adam Roben.

BuildSlaveSupport/build.webkit.org-config/public_html/LeaksViewer/RecentBuildsLoader.js:

(RecentBuildsLoader.prototype.start): Skip builds that don't have an svn revision yet.

11:50 AM Changeset in webkit [157310] by aroben@webkit.org

6 edits in trunk/Source

Confusing CGImageRef memory management in ImageBuffer::copyImage
https://bugs.webkit.org/show_bug.cgi?id=122605

Source/WebCore:

BitmapImage::create was adopting the CGImage passed into it, which
resulted in some strange contortions in ImageBuffer::copyImage that
made it look like it was leaking CGImages, when in fact it was just
relying on BitmapImage to adopt the extra references.

BitmapImage::create now retains the passed-in CGImage, and I updated
the two callers to it to expect that (one here, one in WebKit2). I
also changed ImageBuffer::copyNativeImage to return a RetainPtr to
reduce the number of adoptCF()s needed and make it harder to make
programming mistakes.

Reviewed by Simon Fraser.

No new tests because this is just a code cleanup.

platform/graphics/ImageBuffer.h: Changed copyNativeImage to return a

RetainPtr<CGImageRef.

platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::BitmapImage::BitmapImage): Adopt the passed-in CGImage,
since we're taking ownership of it. (We release it in
FrameData::clear.)

platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::copyImage): Updated for copyNativeImage's new
return type and to take into account BitmapImage::create's new
retaining semantics. This makes this function not have to be so clever
about retain counts.

(WebCore::ImageBuffer::copyNativeImage): Changed to return a
RetainPtr<CGImageRef>.

(WebCore::ImageBuffer::draw):
(WebCore::ImageBuffer::clip):
(WebCore::ImageBuffer::putByteArray):
(WebCore::ImageBuffer::toDataURL):
Updated for changes to copyNativeImage.

Source/WebKit2:

Reviewed by Simon Fraser.

Shared/cg/ShareableBitmapCG.cpp:

(WebKit::ShareableBitmap::createImage): BitmapImage::create now
retains the passed-in CGImage, so we don't need to dance around it
anymore. Also changed to use nullptr instead of 0 while I was in here.

11:01 AM Changeset in webkit [157309] by betravis@adobe.com

5 edits
6 adds in trunk

[CSS Shapes] Shape-Image-Threshold should be animatable
https://bugs.webkit.org/show_bug.cgi?id=122622

Reviewed by Darin Adler.

Source/WebCore:

Make the shape-image-threshold property respond to dynamic changes
made through JS or CSS animations. Responding to changes made to
shape-image-threshold is handled in RenderBox::updateShapeOutsideInfoAfterStyleChange,
while CSSPropertyAnimation.cpp adds the property to the list of
animatable properties.

Tests: fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-image-threshold.html

fast/shapes/shape-outside-floats/shape-outside-shape-image-threshold-animation.html

page/animation/CSSPropertyAnimation.cpp:

(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap): Add
shape-image-threshold to the list of animatable properties.

rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange): updateShapeOutsideInfoAfterStyleChange
needs to take two RenderStyle arguments to compare multiple shape properties,
rather than just the shape-outside property.
(WebCore::RenderBox::updateShapeOutsideInfoAfterStyleChange): Compare
shape-image-threshold values to see if they changed, and invalidate the layout
if necessary.

rendering/RenderBox.h:

LayoutTests:

Adding tests for dynamically changing shape-image threshold via JS and CSS
animations. Included are some SVG resources used as the shape image sources.

fast/shapes/resources/svg-shape-002.svg: Added.
fast/shapes/resources/svg-shape-003.svg: Added.
fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-image-threshold-expected.html: Added.
fast/shapes/shape-outside-floats/shape-outside-dynamic-shape-image-threshold.html: Added.
fast/shapes/shape-outside-floats/shape-outside-shape-image-threshold-animation-expected.txt: Added.
fast/shapes/shape-outside-floats/shape-outside-shape-image-threshold-animation.html: Added.

10:57 AM Changeset in webkit [157308] by Brent Fulgham

3 edits in trunk/Source/WebCore

Unreviewed gardening. Remove a Windows work-around that is not needed.

dom/Range.cpp:

(WebCore::rangeOfContents): Move implementation back to source file.

dom/Range.h: Remove inline I added to work around a compiler bug.

10:30 AM Changeset in webkit [157307] by oliver@apple.com

7 edits in trunk/Source/JavaScriptCore

Separate out array iteration intrinsics
https://bugs.webkit.org/show_bug.cgi?id=122656

Reviewed by Michael Saboff.

Separate out the intrinsics for key and values iteration
of arrays.

This requires moving moving array iteration into the iterator
instance, rather than the prototype, but this is essentially
unobservable so we'll live with it for now.

jit/ThunkGenerators.cpp:

(JSC::arrayIteratorNextThunkGenerator):
(JSC::arrayIteratorNextKeyThunkGenerator):
(JSC::arrayIteratorNextValueThunkGenerator):

jit/ThunkGenerators.h:
runtime/ArrayIteratorPrototype.cpp:

(JSC::ArrayIteratorPrototype::finishCreation):

runtime/Intrinsic.h:
runtime/JSArrayIterator.cpp:

(JSC::JSArrayIterator::finishCreation):
(JSC::createIteratorResult):
(JSC::arrayIteratorNext):
(JSC::arrayIteratorNextKey):
(JSC::arrayIteratorNextValue):
(JSC::arrayIteratorNextGeneric):

runtime/VM.cpp:

(JSC::thunkGeneratorForIntrinsic):

9:54 AM Changeset in webkit [157306] by commit-queue@webkit.org

5 edits in trunk/Source/WebCore

Unreviewed, rolling out r157297.
http://trac.webkit.org/changeset/157297
https://bugs.webkit.org/show_bug.cgi?id=122651

Caused crashes on multiple platform/mac-wk2/tiled-drawing
tests (Requested by ap on #webkit).

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::operator new):
(WebCore::RenderLayer::operator delete):
(WebCore::RenderLayer::destroy):

rendering/RenderLayer.h:
rendering/RenderLayerModelObject.cpp:

(WebCore::RenderLayerModelObject::RenderLayerModelObject):
(WebCore::RenderLayerModelObject::destroyLayer):
(WebCore::RenderLayerModelObject::ensureLayer):

rendering/RenderLayerModelObject.h:

(WebCore::RenderLayerModelObject::layer):

9:53 AM Changeset in webkit [157305] by Bem Jones-Bey

3 edits
24 adds in trunk/LayoutTests

[CSS Shapes] New positioning model: Negative margins
https://bugs.webkit.org/show_bug.cgi?id=118090

Reviewed by Darin Adler.

Tests for shape-outside with negative margins:

negative top margin
negative left margin
negative right margin
negative bottom margin
negative top margin vertical right-left writing mode
negative left margin vertical right-left writing mode
negative right margin vertical right-left writing mode
negative bottom margin vertical right-left writing mode
negative top margin vertical left-right writing mode
negative left margin vertical left-right writing mode
negative right margin vertical left-right writing mode
negative bottom margin vertical left-right writing mode

csswg/contributors/adobe/submitted/shapes/shape-outside/resources/w3c-import.log:
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-010-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-010.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-011-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-011.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-012-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-012.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-013-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-013.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-014-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-014.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-015-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-015.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-016-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-016.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-017-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-017.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-018-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-018.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-019-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-019.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-020-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-020.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-021-expected.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/shape-outside-floats-margin-021.html: Added.
csswg/contributors/adobe/submitted/shapes/shape-outside/w3c-import.log:

9:51 AM Changeset in webkit [157304] by commit-queue@webkit.org

2 edits
1 add in trunk/LayoutTests

[EFL] Added new accessibility expectation after r154697
https://bugs.webkit.org/show_bug.cgi?id=122646

Unreviewed EFL gardening

Patch by Krzysztof Czech <k.czech@samsung.com> on 2013-10-11

platform/efl-wk2/TestExpectations:
platform/efl/accessibility/aria-checkbox-sends-notification-expected.txt: Added.

9:46 AM Changeset in webkit [157303] by Brent Fulgham

2 edits in trunk/Tools

Unreviewed build fix for --64-bit target.

Scripts/webkitdirs.pm:

(argumentsForConfiguration): Use 'isWin64' test, since @ARGV value may have
been removed by this point.
(hasArgument): Remove unused temporary.

9:34 AM Changeset in webkit [157302] by Darin Adler

2 edits in trunk/Source/WebCore

Fix build.

html/HTMLElement.cpp:

(WebCore::HTMLElement::translate): Do a const_cast when creating the
lineage, since it doesn't yet work with const pointers.

8:26 AM Changeset in webkit [157301] by akling@apple.com

4 edits in trunk/Source/JavaScriptCore

Pass VM instead of ExecState to JSGenericTypedArrayViewPrototype.
<https://webkit.org/b/122632>

Reviewed by Sam Weinig.

This code was only using the ExecState to find the VM.

8:07 AM Changeset in webkit [157300] by Darin Adler

4 edits in trunk/Source/WebCore

Do a bit of optimization and cleanup in the HTMLElement class
https://bugs.webkit.org/show_bug.cgi?id=122640

Reviewed by Andreas Kling.

html/HTMLElement.cpp:

(WebCore::unicodeBidiAttributeForDirAuto): Take a reference.
(WebCore::HTMLElement::collectStyleForPresentationAttribute): Pass one.
(WebCore::mergeWithNextTextNode): Take a reference to a Text node instead
of a PassRefPtr to a Node. Also removed unnecessary check of parentNode.
Also update to new calling convention for mergeWithNextTextNode.
(WebCore::HTMLElement::setOuterHTML): Use parentElement instead of
parentNode, since Antti says that's the future, and either will work here.
Also use nullptr.
(WebCore::HTMLElement::textToFragment): Fix indentation and use nullptr.
(WebCore::HTMLElement::setOuterText): Use a RefPtr for the parent here,
since otherwise there is no guarantee it survives. Also use nullptr and
update to new calling convention for mergeWithNextTextNode.
(WebCore::HTMLElement::insertAdjacent): Use nullptr.
(WebCore::HTMLElement::insertAdjacentElement): Use nullptr.
(WebCore::contextElementForInsertion): Use nullptr.
(WebCore::HTMLElement::contentEditable): Use ASCIILiteral.
(WebCore::HTMLElement::setContentEditable): Use AtomicString::ConstructFromLiteral.
(WebCore::HTMLElement::draggable): Use fastGetAttribute.
(WebCore::HTMLElement::setDraggable): Use AtomicString::ConstructFromLiteral.
(WebCore::HTMLElement::setSpellcheck): Use AtomicString::ConstructFromLiteral.
(WebCore::HTMLElement::click): Use nullptr.
(WebCore::HTMLElement::accessKeyAction): Use nullptr.
(WebCore::HTMLElement::title): Use fastGetAttribute.
(WebCore::HTMLElement::translateAttributeMode): Use fastGetAttribute, isNull,
and isEmpty.
(WebCore::HTMLElement::translate): Use parentElement and toHTMLElement.
Use early-continue style instead of nesting the whole loop body inside an if.
(WebCore::setHasDirAutoFlagRecursively): Use nullptr.
(WebCore::HTMLElement::hasDirectionAuto): Use isNull.
(WebCore::HTMLElement::directionality): Use nullptr.
(WebCore::HTMLElement::adjustDirectionalityIfNeededAfterChildrenChanged): Use nullptr.
(WebCore::HTMLElement::addHTMLLengthToStyle): Use longer variable names.

html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::abbr): Use fastGetAttribute.
(WebCore::HTMLTableCellElement::axis): Ditto.
(WebCore::HTMLTableCellElement::headers): Ditto.
(WebCore::HTMLTableCellElement::scope): Ditto.

html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::width): Ditto.

2:44 AM Changeset in webkit [157299] by dino@apple.com

8 edits in trunk

Source/WebCore: Use after free in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=121033

Patch by Darin Adler <Darin Adler> on 2013-10-10
Reviewed by Dean Jackson.

For safe iteration, use a set rather than a vector, and remove the clients from
the set if they are removed during iteration.

Test: fast/animation/request-animation-frame-remove-client.html

platform/graphics/DisplayRefreshMonitor.cpp:

(WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor): Initialize the
m_clientsToBeNotified pointer to null.
(WebCore::DisplayRefreshMonitor::removeClient): If there is a m_clientsToBeNotified
set, remove from it as well as the real m_clients set.
(WebCore::DisplayRefreshMonitor::displayDidRefresh): Use a HashSet instead of a
vector for the copy of the clients set we iterate.

platform/graphics/DisplayRefreshMonitor.h: Moved some of the BlackBerry-specific

part of this out of the header. Added a new HashSet pointer, m_clientsToBeNotified,
to be used to remove clients during the notification process. Also added a FIXME.

platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp: Moved the

DisplayAnimationClient class in here.

LayoutTests: Use after free in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded
http://webkit.org/b/121033

Update test to indicate it no longer crashes.

TestExpectations: Mark test as passing.
fast/animation/request-animation-frame-remove-client-expected.txt:
fast/animation/request-animation-frame-remove-client.html:

2:43 AM Changeset in webkit [157298] by dino@apple.com

4 edits
2 adds in trunk

Use after free in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded
http://webkit.org/b/121033

Reviewed by Darin Adler.

Source/WebCore:

Add an ASSERT to detect if an animation client will be removed
during the callback dispatch.

Test: fast/animation/request-animation-frame-remove-client.html

platform/graphics/DisplayRefreshMonitor.cpp:

(WebCore::DisplayRefreshMonitor::displayDidRefresh):

LayoutTests:

Test that assertion fires if you try to remove potential client while in a
animation dispatch.

TestExpectations: Mark test as crashing.
fast/animation/request-animation-frame-remove-client-expected.txt: Added.
fast/animation/request-animation-frame-remove-client.html: Added.

2:39 AM Changeset in webkit [157297] by akling@apple.com

5 edits in trunk/Source/WebCore

Make RenderLayer not arena-allocated.
<https://webkit.org/b/87523>

Reviewed by Antti Koivisto.

Let RenderLayerModelObject store its RenderLayer in a unique_ptr.
Layers are relatively low-volume objects and this looks neutral
on our performance tests.

1:35 AM Changeset in webkit [157296] by Alan Bujtas

11 edits in trunk

REGRESSION (r155607): Javascript site does not load visually on panerabread.com
https://bugs.webkit.org/show_bug.cgi?id=122461

Reviewed by Simon Fraser.

Do not modify the composited layer backing's internal layer structure directly
when the clipping behaviour changes.

When we directly create/destroy RenderLayerBacking::m_ancestorClippingLayer to
reflect the new clipping state, other, depending layers need updating. In order to
not to corrupt the internal hierarchy, mark the compositing layers dirty and let
the normal updating mechanism take care of creating/destroying the ancestor layers.

Source/WebCore:

Existing tests are extended.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::checkIfDescendantClippingContextNeedsUpdate):
(WebCore::RenderLayer::styleChanged):

rendering/RenderLayer.h:
rendering/RenderLayerBacking.h:

LayoutTests:

compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants-expected.txt:
compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants.html:
compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants2-expected.txt:
compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants2.html:
platform/mac/compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants-expected.txt:
platform/mac/compositing/overflow/clipping-behaviour-change-is-not-propagated-to-descendants2-expected.txt:

1:26 AM Changeset in webkit [157295] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

[sh4] Fix build after r157209.
https://bugs.webkit.org/show_bug.cgi?id=122643

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-11
Reviewed by Ryosuke Niwa.

Context Navigation

Timeline

Oct 15, 2013:

Oct 14, 2013:

Oct 13, 2013:

Oct 12, 2013:

Oct 11, 2013:

Download in other formats: