Timeline

View changes from
going back days
by author

Repository changesets Wiki changes

Dec 22, 2013:

10:20 PM Changeset in webkit [160986] by commit-queue@webkit.org

• 5 edits in trunk/Source/WebKit2

[WK2][SOUP] WebContext::allowSpecificHTTPSCertificateForHost does not work correctly when m_usesNetworkProcess is false
​https://bugs.webkit.org/show_bug.cgi?id=125564

Reviewed Carlos Garcia Campos.

WebContext::allowSpecificHTTPSCertificateForHost should send
AllowSpecificHTTPSCertificateForHost to the web process when
m_usesNetworkProcess is false. Also we shouldn't guard
WebProcess::allowSpecificHTTPSCertificateForHost with
!ENABLE(NETWORK_PROCESS) because we need this method when
m_usesNetworkProcess is false.

Patch by Kwang Yul Seo <​skyul@company100.net> on 2013-12-22

• UIProcess/WebContext.cpp:

(WebKit::WebContext::allowSpecificHTTPSCertificateForHost):

• WebProcess/WebProcess.h:
• WebProcess/WebProcess.messages.in:
• WebProcess/soup/WebProcessSoup.cpp:

10:08 PM Changeset in webkit [160985] by Martin Robinson

• 6 edits
  2 adds in trunk

[GTK][CMake] Integrate GResource for inspector files (and others?)
​https://bugs.webkit.org/show_bug.cgi?id=125569

Reviewed by Gustavo Noronha Silva.

Source/WebInspectorUI:

• GNUmakefile.am: Use the new generation script instead of generating with

shell scripting in the makefile.

Source/WebKit2:

• GNUmakefile.am: Use the newly added static WebKit2InspectorGResourceBundle.xml

instead of generating the same file each time.

• PlatformGTK.cmake: Add support for building the GResource bundles into WebKit2.
• UIProcess/API/gtk/WebKit2InspectorGResourceBundle.xml: Added.

Tools:

• gtk/generate-inspector-gresource-manifest.py: Added.

8:40 PM Changeset in webkit [160984] by Martin Robinson

• 2 edits in trunk/Source/WebKit

Small build fix for GTK+ with the CMake build

• CMakeLists.txt: Remove duplicate include directory and add missing directories

necessary for GTK+.

4:45 PM Changeset in webkit [160983] by benjamin@webkit.org

• 8 edits
  2 adds in trunk/Source

Create a skeleton for CSS Selector code generation
​https://bugs.webkit.org/show_bug.cgi?id=126044

Source/JavaScriptCore:

Reviewed by Antti Koivisto and Gavin Barraclough.

• assembler/LinkBuffer.h:

Add a new owner UID for code compiled for CSS.
Export the symbols needed to link code from WebCore.

Source/WebCore:

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2013-12-22
Reviewed by Antti Koivisto and Gavin Barraclough.

Add CSSCompiler, which provides the basic infrastructure to compile
CSS Selectors on x86_64.

Compilation happens in two phases.
1) The various matching and relation of each CSSSelector is aggregated into units

matching a single element: SelectorFragment.
SelectorFragment also knows about the relations between different fragments,
and contains all the information to generate the code for a particular element.

2) The compiler then goes over the fragments, and generate code based on the information

of each fragment.

It the current state, SelectorCompiler only compiles the tag matching selectors and
any of the relation between selectors.

Depending on the relation and position of a fragment, failure on traversal or matching
does not necessarily causes the complete selector. A failure can cause matching to
resume from the parent or the sibling of a previously visisted node.
The implementation of this is done through the BacktrackingAction. In case of failure,
the next starting state is setup and the program counter jumps back to the appropriate
starting point.

When backtracking, the method used to save the starting point depends on the type
of backtracking.
The child/parent relation (">") is very common so it uses an additional register to keep
the next starting point (m_descendantBacktrackingStart).
The indirect sibling relation ("~") is much less common and uses the stack to save
the next starting point.

• WebCore.xcodeproj/project.pbxproj:
• cssjit/SelectorCompiler.cpp: Added.

(WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
(WebCore::SelectorCompiler::compileSelector):
(WebCore::SelectorCompiler::fragmentRelationForSelectorRelation):
(WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
(WebCore::SelectorCompiler::SelectorCodeGenerator::compile):
(WebCore::SelectorCompiler::updateChainStates):
(WebCore::SelectorCompiler::isFirstAncestor):
(WebCore::SelectorCompiler::isFirstAdjacent):
(WebCore::SelectorCompiler::isAfterChildRelation):
(WebCore::SelectorCompiler::solveBacktrackingAction):
(WebCore::SelectorCompiler::requiresAdjacentTail):
(WebCore::SelectorCompiler::requiresDescendantTail):
(WebCore::SelectorCompiler::SelectorCodeGenerator::computeBacktrackingInformation):
(WebCore::SelectorCompiler::testIsElementFlagOnNode):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToParentElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateParentElementTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAncestorTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacent):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::markParentElementIfResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAdjacentBacktrackingTail):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDescendantBacktrackingTail):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateBacktrackingTailsIfNeeded):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName):

• cssjit/SelectorCompiler.h: Added.

(WebCore::SelectorCompilationStatus::SelectorCompilationStatus):
(WebCore::SelectorCompilationStatus::operator Status):
(WebCore::SelectorCompiler::simpleSelectorCheckerFunction):
(WebCore::SelectorCompiler::selectorCheckerFunctionWithCheckingContext):

• dom/Element.cpp:

(WebCore::Element::setChildrenAffectedByDirectAdjacentRules):
(WebCore::Element::setChildrenAffectedByForwardPositionalRules):

• dom/Element.h:

(WebCore::Element::tagQNameMemoryOffset):
(WebCore::Element::setChildrenAffectedByForwardPositionalRules):

• dom/Node.h:

(WebCore::Node::parentNodeMemoryOffset):
(WebCore::Node::previousSiblingMemoryOffset):
(WebCore::Node::nodeFlagsMemoryOffset):
(WebCore::Node::flagIsElement):

• dom/QualifiedName.h:

(WebCore::QualifiedName::QualifiedNameImpl::localNameMemoryOffset):
(WebCore::QualifiedName::QualifiedNameImpl::namespaceMemoryOffset):
(WebCore::QualifiedName::implMemoryOffset):

4:02 PM Changeset in webkit [160982] by mark.lam@apple.com

• 4 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Add #if ENABLE(LLINT_C_LOOP) to C loop LLINT only parts of JSStack.
​https://bugs.webkit.org/show_bug.cgi?id=126140.

Not yet reviewed.

Also moved startOfFrameFor() to the ENABLE(DEBUG_JSSTACK) section because
it's only needed there.

• interpreter/JSStack.cpp:

(JSC::JSStack::JSStack):
(JSC::JSStack::gatherConservativeRoots):
(JSC::JSStack::sanitizeStack):

• interpreter/JSStack.h:

(JSC::JSStack::gatherConservativeRoots):
(JSC::JSStack::sanitizeStack):
(JSC::JSStack::initializeThreading):

• interpreter/JSStackInlines.h:

(JSC::JSStack::topOfFrameFor):

2:26 PM Changeset in webkit [160981] by mark.lam@apple.com

• 3 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Fixed some JSStack on C Stack boundary computations.
​https://bugs.webkit.org/show_bug.cgi?id=126139.

Not yet reviewed.

1. Implement committedByteCount() for JSStack on the C stack using the current stack usage as an estimate of committed stack memory.
2. Implement lowAddress() and highAddress() for JSStack on the C stack for containsAddress(). lowAddress() will be the top of the JS stack. highAddress() will be 1 past the end of the JS stack.
3. Moved some functions around in preparation for an upcoming patch to #if out code which is only used when ENABLE(LLINT_C_LOOP)

• interpreter/JSStack.cpp:

(JSC::JSStack::lowAddress):
(JSC::JSStack::highAddress):
(JSC::JSStack::committedByteCount):

• interpreter/JSStack.h:

(JSC::JSStack::containsAddress):
(JSC::JSStack::lowAddress):

10:42 AM Changeset in webkit [160980] by fpizlo@apple.com

• 19 edits in branches/jsCStack/Source/JavaScriptCore

It should be possible to run the full version of V8v7/crypto with the FTL and call IC's
​https://bugs.webkit.org/show_bug.cgi?id=126116

Not yet reviewed.

This involved a number of minor fixes:

• CallLinkInfo::unlink() was assuming that repatchBuffer.codeBlock() is the caller. It's actually the callee. So, to determine if the caller requires register preservation, we need an extra bit to say whether the CallLinkInfo belongs to an FTL JITCode.

• A lot of bugs arise from us incorrectly preserving (or failing to preserve) registers. This adds a bunch of jitAssertTagsInPlace() assertion that helps to catch a bunch of those bugs.

• Apparently the compact_unwind sometimes has garbage after its one entry. This changes our unwind parser so that it doesn't assert that the second entry is null, but it does assert that the first entry corresponds to our generated function.

• The native function thunks assume that tags are set up and that they can clobber any registers. This breaks if we call the thunks from the FTL. This patch fixes the bug by wrapping just those thunks in a DirectJITCode, which has the register preservation wrappers. This probably ends up making sense because the FTL *really* should have intrinsics for all of those thunks. As part of this change, I refactored how NativeExecutable gets its JITCode to make things somewhat more explicit.

We still have a bunch of known performance bugs to fix, but the FTL is already at near
parity with the DFG on V8v7/crypto. This is pretty cool considering the FTL's other
speed-ups, and the fact that crypto has been our primary DFG tuning test for the past
2.5 years.

• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::unlink):

• bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::CallLinkInfo):

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntry):

• dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::adjustAndJumpToTarget):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock):

• ftl/FTLCompile.cpp:

(JSC::FTL::compile):

• ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::link):

• ftl/FTLUnwindInfo.cpp:

(JSC::FTL::UnwindInfo::parse):

• ftl/FTLUnwindInfo.h:
• jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::jitAssertTagsInPlace):

• jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::jitAssertTagsInPlace):

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

• jit/JITCode.cpp:
• jit/JITCode.h:
• jit/JITThunks.cpp:

(JSC::JITThunks::hostFunctionStub):

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterPreservationWrapper):

• runtime/Executable.h:

(JSC::NativeExecutable::create):

10:15 AM Changeset in webkit [160979] by mihnea@adobe.com

• 3 edits
  2 adds in trunk

[CSSRegions] Crash when trying to select content from invalid region
​https://bugs.webkit.org/show_bug.cgi?id=126113

Reviewed by Antti Koivisto.

Source/WebCore:

After fix for ​https://bugs.webkit.org/show_bug.cgi?id=120769, positionForPoint for a region attempts to use the associated named flow to perform its task.
However, this should happen only when the region is valid. If the region is invalid, part of a dependency cycle, positionForPoint should behave as usual
for a block instead of a region, otherwise it may run into an infinite loop due to cyclic dependencies and a crash will occur.

This patch ensures that positionForPoint region specifie behaviour is followed only if the region is valid - not part of a dependency cycle.

Test: fast/regions/selection/invalid-region-selection-crash.html

• rendering/RenderRegion.cpp:

(WebCore::RenderRegion::positionForPoint):

LayoutTests:

• fast/regions/selection/invalid-region-selection-crash-expected.txt: Added.
• fast/regions/selection/invalid-region-selection-crash.html: Added.

10:03 AM Changeset in webkit [160978] by mihnea@adobe.com

• 9 edits in trunk/LayoutTests

[CSSRegions] Clean-up selection tests a bit
​https://bugs.webkit.org/show_bug.cgi?id=126135

Reviewed by Dirk Schulze.

Move function clearSelection in helper.js. Combine checkResult() from position-for-point* and position-for-point-1*
into a single function, checkSelectionResult() and move it into helper.js too.

• fast/regions/resources/helper.js:
• fast/regions/selection/position-for-point-1-vert-lr.html:
• fast/regions/selection/position-for-point-1-vert-rl.html:
• fast/regions/selection/position-for-point-1.html:
• fast/regions/selection/position-for-point-vert-lr.html:
• fast/regions/selection/position-for-point-vert-rl.html:
• fast/regions/selection/position-for-point.html:
• fast/regions/selection/selecting-text-through-different-region-flows.html:

8:45 AM Changeset in webkit [160977] by barraclough@apple.com

• 24 edits in trunk/Source/WebKit2

URTBF after r160971 to try to make EFL build again.

Patch by Csaba Osztrogonác <Csaba Osztrogonác> on 2013-12-22

• WebProcess/WebCoreSupport/efl/WebErrorsEfl.cpp:

(WebKit::internalError):

8:33 AM Changeset in webkit [160976] by Csaba Osztrogonác

• 3 edits in trunk/Tools

Last URTBF after r160971 to make EFL build happy.

• TestWebKitAPI/efl/PlatformWebView.cpp:
• WebKitTestRunner/efl/PlatformWebViewEfl.cpp:

7:45 AM Changeset in webkit [160975] by Csaba Osztrogonác

• 2 edits in trunk/Source/WebKit2

URTBF after r160971 to try to make EFL build again.

• WebProcess/WebCoreSupport/efl/WebErrorsEfl.cpp:

(WebKit::internalError):

1:09 AM Changeset in webkit [160974] by Carlos Garcia Campos

• 9 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ build after r160971 and r160969.

• GNUmakefile.list.am:
• UIProcess/API/gtk/WebKitFileChooserRequest.cpp:

(webkit_file_chooser_request_select_files):

• UIProcess/API/gtk/WebKitInjectedBundleClient.cpp:

(didReceiveWebViewMessageFromInjectedBundle):

• UIProcess/API/gtk/WebKitURISchemeRequest.cpp:

(webkitURISchemeRequestCreate):

• UIProcess/API/gtk/WebKitURISchemeRequestPrivate.h:
• UIProcess/API/gtk/WebKitWebResource.cpp:

(webkit_web_resource_get_data):

• UIProcess/soup/WebSoupRequestManagerClient.h:
• WebProcess/WebCoreSupport/gtk/WebErrorsGtk.cpp:

(WebKit::internalError):

Dec 21, 2013:

11:01 PM Changeset in webkit [160973] by krit@webkit.org

• 3 edits in trunk/Source/WebCore

Start refactoring Filter code to reuse CachedSVGDocument for clipPath
​https://bugs.webkit.org/show_bug.cgi?id=126069

Reviewed by Andreas Kling.

Smaller refactoring of the CSS filter style resolver code. Previously the code
requested the FilterOperations list from RenderStyle and compared the content
in this list with an internal map. Then the resource loading was triggered.
With the refactoring we do not request the list from RenderStyle anymore but
rely on the hash map data entirely.

• css/StyleResolver.cpp:

(WebCore::StyleResolver::loadPendingSVGDocuments):

• platform/graphics/filters/FilterOperation.h:

6:45 PM Changeset in webkit [160972] by ryuan.choi@samsung.com

• 4 edits in trunk/Source/WebKit2

Unreviewed build fix attempt on EFL port after r160971 and r160969

• CMakeLists.txt:
• UIProcess/soup/WebSoupRequestManagerClient.cpp:

(WebKit::WebSoupRequestManagerClient::didReceiveURIRequest):

• UIProcess/soup/WebSoupRequestManagerProxy.cpp:

(WebKit::WebSoupRequestManagerProxy::didReceiveURIRequest):

6:18 PM Changeset in webkit [160971] by weinig@apple.com

• 16 edits
  2 moves in trunk/Source/WebKit2

[WK2] Rename WebError to API::Error
​https://bugs.webkit.org/show_bug.cgi?id=126125

Reviewed by Anders Carlsson.

• Shared/API/c/WKError.cpp:

(WKErrorGetTypeID):
(WKErrorCopyWKErrorDomain):

• Shared/API/c/WKSharedAPICast.h:

(WebKit::toAPI):

• Shared/API/c/cf/WKErrorCF.cpp:

(WKErrorCreateWithCFError):

• Shared/APIError.cpp: Copied from Source/WebKit2/Shared/WebError.cpp.

(API::Error::webKitErrorDomain):
(API::Error::encode):
(API::Error::decode):

• Shared/APIError.h: Copied from Source/WebKit2/Shared/WebError.h.

(API::Error::create):
(API::Error::domain):
(API::Error::failingURL):
(API::Error::localizedDescription):
(API::Error::Error):

• Shared/Cocoa/WKNSError.h:

(WebKit::wrapper):

• Shared/Cocoa/WKNSError.mm:

(-[WKNSError _web_createTarget]):

• Shared/UserData.cpp:

(WebKit::UserData::encode):
(WebKit::UserData::decode):

• Shared/UserMessageCoders.h:

(WebKit::UserMessageEncoder::baseEncode):
(WebKit::UserMessageDecoder::baseDecode):

• Shared/WebError.cpp: Removed.
• Shared/WebError.h: Removed.
• UIProcess/AutoCorrectionCallback.h:

(WebKit::AutocorrectionDataCallback::invalidate):

• UIProcess/GenericCallback.h:

(WebKit::VoidCallback::invalidate):
(WebKit::GenericCallback::invalidate):
(WebKit::ComputedPagesCallback::invalidate):
(WebKit::ImageCallback::invalidate):

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::printFinishedCallback):

• UIProcess/WebPageProxy.h:

(WebKit::ValidateCommandCallback::invalidate):
(WebKit::GestureCallback::invalidate):
(WebKit::TouchesCallback::invalidate):

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.cpp:
• WebProcess/InjectedBundle/InjectedBundlePagePolicyClient.cpp:
• WebProcess/WebCoreSupport/mac/WebErrorsMac.mm:

(WebKit::blockedError):
(WebKit::cannotShowURLError):
(WebKit::interruptedForPolicyChangeError):
(WebKit::cannotShowMIMETypeError):
(WebKit::pluginWillHandleLoadError):
(WebKit::internalError):

5:04 PM Changeset in webkit [160970] by aestes@apple.com

• 5 edits in trunk/Source/WebCore

[Mac] Soft-link WebContentAnalysis.framework
​https://bugs.webkit.org/show_bug.cgi?id=126102

Reviewed by Dan Bernstein.

• Configurations/WebCore.xcconfig: There's no need to modify LDFLAGS

now that we don't hard link against WebContentAnalysis.framework.

• WebCore.xcodeproj/project.pbxproj: Removed

WebContentAnalysis.framework from the 'Link Binary with Libraries'
build phase.

• platform/mac/ContentFilterMac.mm: Soft-linked

WebContentAnalysis.framework and the WebFilterEvaluator @class.
(WebCore::ContentFilter::ContentFilter): Called getWebFilterEvaluatorClass().
(WebCore::ContentFilter::isEnabled): Ditto.

• platform/mac/SoftLinking.h: Added an implementation of

SOFT_LINK_PRIVATE_FRAMEWORK().

4:57 PM Changeset in webkit [160969] by weinig@apple.com

• 20 edits
  1 move in trunk/Source/WebKit2

[WK2] Rename WebURL to API::URL
​https://bugs.webkit.org/show_bug.cgi?id=126100

Reviewed by Anders Carlsson.

• Shared/API/c/WKSharedAPICast.h:

(WebKit::toURLRef):
(WebKit::toCopiedURLAPI):

• Shared/API/c/WKURL.cpp:

(WKURLGetTypeID):
(WKURLCreateWithUTF8CString):
(WKURLCreateWithBaseURL):

• Shared/API/c/cf/WKURLCF.mm:

(WKURLCreateWithCFURL):

• Shared/APIURL.h: Copied from Source/WebKit2/Shared/WebURL.h.

(API::URL::create):
(API::URL::string):
(API::URL::host):
(API::URL::protocol):
(API::URL::path):
(API::URL::lastPathComponent):
(API::URL::encode):
(API::URL::decode):
(API::URL::URL):

• Shared/Cocoa/WKNSURL.h:

(WebKit::wrapper):

• Shared/Cocoa/WKNSURL.mm:

(-[WKNSURL _web_createTarget]):

• Shared/Plugins/Netscape/PluginInformation.cpp:

(WebKit::createPluginInformationDictionary):

• Shared/UserData.cpp:

(WebKit::UserData::encode):
(WebKit::UserData::decode):

• Shared/UserMessageCoders.h:

(WebKit::UserMessageEncoder::baseEncode):
(WebKit::UserMessageDecoder::baseDecode):

• Shared/WebArchiveResource.h:
• Shared/WebURL.h: Removed.
• UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::getResourceData):

• UIProcess/WebFrameProxy.h:
• UIProcess/WebIconDatabase.cpp:

(WebKit::WebIconDatabase::didChangeIconForPageURL):
(WebKit::WebIconDatabase::notifyIconDataReadyForPageURL):

• UIProcess/WebIconDatabaseClient.cpp:

(WebKit::WebIconDatabaseClient::didChangeIconForPageURL):
(WebKit::WebIconDatabaseClient::iconDataReadyForPageURL):

• UIProcess/WebIconDatabaseClient.h:
• UIProcess/WebOpenPanelResultListenerProxy.cpp:

(WebKit::WebOpenPanelResultListenerProxy::chooseFiles):

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::getResourceDataFromFrame):

• UIProcess/WebPageProxy.h:
• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

12:25 PM Changeset in webkit [160968] by Antti Koivisto

• 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r160916.
​http://trac.webkit.org/changeset/160916
​https://bugs.webkit.org/show_bug.cgi?id=126073

Roll out a temporary fix. The underlying issue was fixed.

• accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::AccessibilityRenderObject):
(WebCore::AccessibilityRenderObject::~AccessibilityRenderObject):
(WebCore::AccessibilityRenderObject::detach):
(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):

• accessibility/AccessibilityRenderObject.h:

11:25 AM Changeset in webkit [160967] by mark.lam@apple.com

• 13 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Update the VMEntryScope's stack limit when the VM enters/exits ErrorMode.
​https://bugs.webkit.org/show_bug.cgi?id=126009.

Not yet reviewed.

1. Renamed JSStack::updateStackLimit() to setStackLimit() because that is what it actually does. We're going to repurpose the updateStackLimit name for another function.

2. Fixed a bug in setStackLimit() where setJSStackLimit() was called with the value of newEnd which points past the end of the stack. The fix is to add 1 to point at the last slot at top of the stack. This is what is the users of the jsStackLimit value expects.

3. Introduce the new JSStack::updateStackLimit() which is responsible for re-setting the current stack limit. updateStackLimit() will handle both cases of the JS stack being on the C stack or a separate stack.

For the C stack case, JStack::updateStackLimit() will check if a
VMEntryScope has been installed in the VM. If so, it will tell the
VMEntryScope to do the real work of updating the stack limit. The
VMEntryScope will take into account whether the VM's Interpreter is
in an error handling mode or not when determining the amount of host
zone space to reserve on the stack for computing the stack limit value.

4. Interpreter::ErrorHandlingMode now calls JSStack::updateStackLimit whenever it enters / exit error handling mode. This allows the stack limit to change with the error mode change.

5. A lot of places in the code were throwing StackOverflowErrors by creating and throwing the error themselves instead of using the throwStackOverflowError() helper function. As a result, the VM never got the chance to enter error mode. This is a bug and is now fixed by making all these sites use throwStackOverflowError() instead.

For sites that can't use throwStackOverflowError(), I updated them to
instantiate Interpreter::ErrorHandlingMode to set the error mode
appropriately.

6. Made JSStack::enableErrorStackReserve() and disableErrorStackReserve() private. They are no longer called from outside of JSStack.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
(JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
(JSC::sizeFrameForVarargs):

• interpreter/JSStack.cpp:

(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):
(JSC::JSStack::updateStackLimit):

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:

(JSC::JSStack::shrink):
(JSC::JSStack::setStackLimit):

• jit/JITOperations.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• parser/ParserError.h:

(JSC::ParserError::toErrorObject):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/JSONObject.cpp:

(JSC::Walker::walk):

• runtime/StringRecursionChecker.cpp:

(JSC::StringRecursionChecker::throwStackOverflowError):

• runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::updateStackLimit):

• runtime/VMEntryScope.h:

10:51 AM Changeset in webkit [160966] by Antti Koivisto

• 51 edits in trunk/Source/WebCore

Figure out if node is focusable without requiring renderer
​https://bugs.webkit.org/show_bug.cgi?id=126118

Reviewed by Andreas Kling.

• dom/Element.cpp:

(WebCore::Element::computedStyle):

Use inDocument() test instead of the attached() test. We can compute style for anything that
is in document.

• dom/Node.cpp:

(WebCore::Node::isContentEditable):
(WebCore::Node::isContentRichlyEditable):
(WebCore::Node::hasEditableStyle):

Use computedStyle instead of getting the style from renderer. Computed style gets constructed
on demand if renderer does not exist. If it does then the existing style is used.

(WebCore::Node::isEditableToAccessibility):
(WebCore::Node::canStartSelection):
(WebCore::Node::isRootEditableElement):
(WebCore::Node::rootEditableElement):

• dom/Node.h:

(WebCore::Node::hasEditableStyle):
(WebCore::Node::hasRichlyEditableStyle):

Renamed from rendererIsEditable since these no longer require renderer.

(WebCore::HTMLElement::supportsFocus):

Stop calling updateStyleIfNeeded() and forcing render tree construction.

6:40 AM Changeset in webkit [160965] by Carlos Garcia Campos

• 2 edits in trunk/Source/WebKit2

[GTK] Test /webkit2/WebKitWebResource/mime-type fails when run after /webkit2/WebKitWebView/resources
​https://bugs.webkit.org/show_bug.cgi?id=126119

Reviewed by Martin Robinson.

The problem is that when the blank.ico resource is loaded from the
disk cache, the mime type is null, because the soup cache doesn't
cache sniffed mime types. This doesn't happen when a resource is
loaded form the memory cache, because the ResourceResponse is
cached, not only the headers. I think the disk cache should also
cache the sniffed content type, but that needs to be done in
soup. For now we can workaround the issue in the unit test by
making sure that resources that can be cached, also include the
Content-Type header, this way the mime type won't be sniffed and
it will be cached as a HTTP header in the disk cache.

• UIProcess/API/gtk/tests/TestResources.cpp:

(serverCallback): Add Content-Type header for resources that can
be cached.

6:36 AM Changeset in webkit [160964] by Carlos Garcia Campos

• 3 edits in trunk/Source/WebKit2

REGRESSION(r160909): [GTK] Tests /webkit2/WebKitWebView/default-menu and /webkit2/WebKitSettings/webkit-settings fail
​https://bugs.webkit.org/show_bug.cgi?id=126117

Reviewed by Martin Robinson.

In r160909 the fullscreen setting default value was changed, but
the unit tests relaying on the default value were not updated
accordingly.

• UIProcess/API/gtk/tests/TestContextMenu.cpp:
• UIProcess/API/gtk/tests/TestWebKitSettings.cpp:

(testWebKitSettings):

1:49 AM Changeset in webkit [160963] by fpizlo@apple.com

• 5 edits in branches/jsCStack/Source/JavaScriptCore

Register restoration thunk should restore the ArgumentCount after it restores registers
​https://bugs.webkit.org/show_bug.cgi?id=126115

Not yet reviewed.

Just getting us further along in V8/crypto...

• ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::JSCall):
(JSC::FTL::JSCall::link):

• ftl/FTLJSCall.h:
• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterRestoration):

12:59 AM Changeset in webkit [160962] by Carlos Garcia Campos

• 2 edits in trunk/Tools

Unreviewed. Add myself to some more watch lists.

• Scripts/webkitpy/common/config/watchlist: Watch also soup, gst

and binding scripts patches.

12:51 AM Changeset in webkit [160961] by Carlos Garcia Campos

• 3 edits in trunk/Source/WebCore

[SOUP] ResourceHandleSoup should use async client callbacks when client uses async callbacks
​https://bugs.webkit.org/show_bug.cgi?id=126006

Reviewed by Martin Robinson.

This fixes WebKit2 loader client unit tests when using the network
process.

• platform/network/ResourceHandle.cpp:
• platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect): Call willSendRequestAsync on the client
when usesAsyncCallbacks returns true.
(WebCore::nextMultipartResponsePartCallback): Call
didReceiveResponseAsync on the client when usesAsyncCallbacks
returns true.
(WebCore::sendRequestCallback): Ditto.
(WebCore::ResourceHandle::continueWillSendRequest): Empty
implementation for now because the default one asserts.
(WebCore::ResourceHandle::continueDidReceiveResponse): Ditto.
(WebCore::ResourceHandle::continueShouldUseCredentialStorage): Ditto.

Dec 20, 2013:

11:11 PM Changeset in webkit [160960] by mark.lam@apple.com

• 8 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Introduce JSStack::ensureCapacityFor().
​https://bugs.webkit.org/show_bug.cgi?id=126109.

Not yet reviewed.

Client code should use JSStack::ensureCapacityFor() when checking for
available stack space for pushing JS frames or making arity adjustments.
JSStack::ensureCapacityFor() works for both cases of the JS stack on the
C stack or as a sperate stack.

JSStack::grow() is now private, and is only used by the C Loop LLINT.

Also made some other JSStack methods private as they are not needed
outside of the JSSTack class.

• dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

• ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry):

• interpreter/Interpreter.cpp:

(JSC::sizeFrameForVarargs):

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:

(JSC::JSStack::ensureCapacityFor):
(JSC::JSStack::topOfStackForCapacityCheck):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):

9:23 PM Changeset in webkit [160959] by andersca@apple.com

• 8 edits in trunk/Source

Replace yield() and pauseBriefly() with std::this_thread::yield()
​https://bugs.webkit.org/show_bug.cgi?id=126105

Reviewed by Sam Weinig.

Source/WebCore:

• platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::interrupt):

Source/WTF:

• wtf/ByteSpinLock.h:

(WTF::ByteSpinLock::lock):

• wtf/Threading.h:
• wtf/ThreadingPrimitives.h:
• wtf/ThreadingPthreads.cpp:
• wtf/ThreadingWin.cpp:

8:58 PM Changeset in webkit [160958] by fpizlo@apple.com

• 3 edits
  3 adds in branches/jsCStack/Source/JavaScriptCore

FTL OSR exit should be able to handle the arity check fail case
​https://bugs.webkit.org/show_bug.cgi?id=126111

Not yet reviewed.

• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterRestoration):

• tests/stress: Added.
• tests/stress/exit-from-ftl-with-arity-check-fail.js: Added.

(foo):
(bar):

• tests/stress/repeated-arity-check-fail.js: Added.

(bar):

7:50 PM Changeset in webkit [160957] by rniwa@webkit.org

• 2 edits in trunk/Source/WebCore

Assert that RootInlineBox::setLineBreakInfo should is never called on a RenderInline without line boxes
​https://bugs.webkit.org/show_bug.cgi?id=126101

Reviewed by Simon Fraser.

Merge assertions added in ​https://chromium.googlesource.com/chromium/blink/+/716ac74fd475b581d69c0aa8ec2d806201c3a420

The code change was not merged since we never hit the added assertion on the attached test case in WebKit.

• rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::setLineBreakInfo):

6:48 PM Changeset in webkit [160956] by fpizlo@apple.com

• 3 edits in branches/jsCStack/Source/JavaScriptCore

Arity check stack restoration should preserve the ArgumentCount in case there is a register restoration thunk below it
​https://bugs.webkit.org/show_bug.cgi?id=126106

Not yet reviewed.

• assembler/MacroAssemblerCodeRef.h:

(JSC::ReturnAddressPtr::dump):

• jit/ArityCheckFailReturnThunks.cpp:

(JSC::ArityCheckFailReturnThunks::returnPCsFor):

6:47 PM Changeset in webkit [160955] by commit-queue@webkit.org

• 9 edits in trunk/Source/WebCore

Web Inspector: Remove the references to Node in InjectedScript
​https://bugs.webkit.org/show_bug.cgi?id=126091

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-12-20
Reviewed by Timothy Hatcher.

Remove the last DOM references from InjectedScript so that
InjectedScript can move down into JavaScriptCore. The only
remaining references were to Nodes, which are all just thin
wrappers around existing functions. Move Node / JSNode (JSValue)
conversion into InspectorDOMAgent, where it was used.

No new tests, no observable change in functionality.

• bindings/js/JSInjectedScriptHostCustom.cpp:
• inspector/InjectedScript.cpp:

(WebCore::InjectedScript::inspectObject):
(WebCore::InjectedScript::releaseObject):

• inspector/InjectedScript.h:
• inspector/InjectedScriptHost.h:
• inspector/InjectedScriptSource.js:
• inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::focusNode):
(WebCore::InspectorDOMAgent::highlightNode):
(WebCore::InspectorDOMAgent::requestNode):
(WebCore::InspectorDOMAgent::nodeForObjectId):
(WebCore::InspectorDOMAgent::resolveNode):
(WebCore::InspectorDOMAgent::scriptValueAsNode):
(WebCore::InspectorDOMAgent::nodeAsScriptValue):

• inspector/InspectorDOMAgent.h:
• inspector/PageConsoleAgent.cpp:

6:25 PM Changeset in webkit [160954] by andersca@apple.com

• 4 edits in trunk/Source/WTF

Speed up case folding for 8-bit strings
​https://bugs.webkit.org/show_bug.cgi?id=126098

Reviewed by Geoffrey Garen.

Add a case folding lookup table for 8-bit strings and use it instead of calling down to u_foldCase.
On a simple microbenchmark using a lookup table is about 15x faster.

• wtf/text/StringHash.h:

(WTF::CaseFoldingHash::foldCase):

• wtf/text/StringImpl.cpp:

(WTF::equalIgnoringCase):

• wtf/text/StringImpl.h:

6:15 PM Changeset in webkit [160953] by commit-queue@webkit.org

• 3 edits in trunk/Tools

Unreviewed, rolling out r160941.
​http://trac.webkit.org/changeset/160941
​https://bugs.webkit.org/show_bug.cgi?id=126095

Doesn't handle subpixel layout being disabled (Requested by
smfr on #webkit).

• gdb/webkit.py:

(JSCJSStringPrinter.to_string):
(add_pretty_printers):

• lldb/lldb_webkit.py:

(WTFMediaTime_SummaryProvider):
(WTFStringProvider.to_string):

6:11 PM Changeset in webkit [160952] by ljaehun.lim@samsung.com

• 2 edits in trunk/Source/WebKit2

Unreviewed build fix after r160939

Add ENABLE(CUSTOM_PROTOCOLS) guard.

• UIProcess/WebContext.cpp:

5:55 PM Changeset in webkit [160951] by mmaxfield@apple.com

• 8 edits in trunk/Source

Faster implementation of text-decoration-skip: ink
​https://bugs.webkit.org/show_bug.cgi?id=125718

Reviewed by Simon Fraser.

Source/WebCore:

This new implementation of text-decoration-skip: ink extracts
each glyph into a path, then decomposes each path into a series
of contours. It then intersects each contour with the top and
bottom of the underline (by approximating the contour with a line).
It then draws underlines in between these intersection regions.

Tests for text-decoration-skip: ink already exist in
fast/css3-text/css3-text-decoration/text-decoration-skip

• platform/graphics/Font.h: Signature of new function
• platform/graphics/mac/FontMac.mm:

(WebCore::GlyphIterationState::GlyphIterationState): Persistent
between calls to findPathIntersections
(WebCore::findIntersectionPoint): Calculates an intersection point
between two lines
(WebCore::findPathIntersections): Called by CGPathApply to find
intersections of each contour
(WebCore::Font::intersectionPoints): Function to get the places
where an underline would intersect a TextRun.

• rendering/InlineTextBox.cpp:

(WebCore::compareTuples): Used for sorting intersection ranges
(WebCore::translateIntersectionPointsToSkipInkBoundaries): Converts
a sequence of intersection points to the locations where
text-decoration-skip: ink should draw underlines
(WebCore::drawSkipInkUnderline): Draws a sequence of short underlines
(WebCore::InlineTextBox::paintDecoration):

• rendering/TextPainter.cpp:

(WebCore::TextPainter::intersectionPoints): Calls Font::intersectionPoints

• rendering/TextPainter.h:

Source/WTF:

This creates a new preprocessor define, CSS3_TEXT_DECORATION_SKIP_INK,
which enables the use of the text-decoration-skip: ink CSS value.
Creating this new value simplifies the logic about when to enable the
codepath for this CSS value.

• wtf/Platform.h:

5:27 PM Changeset in webkit [160950] by mark.lam@apple.com

• 1 edit in branches/jsCStack/Source/JavaScriptCore/ChangeLog

Updating review status for r160947.

5:05 PM Changeset in webkit [160949] by Lucas Forschler

• 7 edits in tags/Safari-538.10/Source/WebKit2

Merge r160939.

4:59 PM Changeset in webkit [160948] by Simon Fraser

• 2 edits in trunk/Source/WebKit

Try to fix the Windows build.

• WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

4:56 PM Changeset in webkit [160947] by mark.lam@apple.com

• 12 edits in branches/jsCStack/Source/JavaScriptCore

CStack: callToJavaScript should do stack check for incoming args.
​https://bugs.webkit.org/show_bug.cgi?id=126088.

Not yet reviewed.

1. Change callToJavaScript()'s prototype to:

EncodedJSValue callToJavaScript(void*, VM*, ProtoCallFrame*);

We now pass VM* instead of &vm.topCallFrame for the second argument.
This gives us greater utility out of that arg.
We also now save the VM* in the VMEntrySentinelFrame instead of
&vm.topCallFrame.

2. Change callToJavaScript() to do a stack check to ensure that we have adequate stack space to copy all the args from the protoCallFrame. If not, it'll throw a StackOverflowError.

3. Removed JSStack::entryCheck() and calls to it.

callToJavaScript now takes care of the stack check that ensures
adequate stack space for incoming args.
callToJavaScript does assume that we have adequate stack space for
the VMEntrySentinelFrame, but that is ensured by our stack host zone.

Changes to callToJavaScript are done in the doCallToJavaScript macro.
Hence, all the changes apply to callToNativeFunction as well.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:
• jit/JITCode.cpp:

(JSC::JITCode::execute):

• jit/JITStubs.h:
• jit/JITStubsMSVC64.asm: Added a FIXME.
• jit/JITStubsX86.h: Added a FIXME.
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_throw_stack_overflow_error):

• llint/LLIntSlowPaths.h:
• llint/LLIntThunks.h:
• llint/LowLevelInterpreter64.asm:

4:44 PM Changeset in webkit [160946] by Joseph Pecoraro

• 32 edits
  3 copies
  1 add in trunk/Source/WebCore

Web Inspector: Give the CommandLineAPIModule its own Host object, making InjectedScriptHost viable for a JS Context
​https://bugs.webkit.org/show_bug.cgi?id=126082

Reviewed by Timothy Hatcher.

Extract CommandLineAPIHost from InjectedScriptHost. The command line API contained
a bunch of DOM specific JavaScript that would not be suitable for a pure JavaScript
environment. Now that the DOM related code is in this WebCore only module, give this
module a host object that WebCore will provide.

No new tests, no observable change in functionality.

• CMakeLists.txt:
• DerivedSources.cpp:
• DerivedSources.make:
• GNUmakefile.list.am:
• UseJSC.cmake:
• WebCore.vcxproj/WebCore.vcxproj:
• WebCore.vcxproj/WebCore.vcxproj.filters:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSBindingsAllInOne.cpp:

Add new files.

• bindings/js/JSCommandLineAPIHostCustom.cpp: Added.

(WebCore::JSCommandLineAPIHost::inspectedObject):
(WebCore::getJSListenerFunctions):
(WebCore::JSCommandLineAPIHost::getEventListeners):
(WebCore::JSCommandLineAPIHost::inspect):
(WebCore::JSCommandLineAPIHost::databaseId):
(WebCore::JSCommandLineAPIHost::storageId):

• bindings/js/JSInjectedScriptHostCustom.cpp:
• inspector/CommandLineAPIHost.cpp: Copied from Source/WebCore/inspector/InjectedScriptHost.cpp.

(WebCore::CommandLineAPIHost::create):
(WebCore::CommandLineAPIHost::CommandLineAPIHost):
(WebCore::CommandLineAPIHost::~CommandLineAPIHost):
(WebCore::CommandLineAPIHost::disconnect):
(WebCore::CommandLineAPIHost::inspectImpl):
(WebCore::CommandLineAPIHost::getEventListenersImpl):
(WebCore::CommandLineAPIHost::clearConsoleMessages):
(WebCore::CommandLineAPIHost::copyText):
(WebCore::CommandLineAPIHost::InspectableObject::get):
(WebCore::CommandLineAPIHost::addInspectedObject):
(WebCore::CommandLineAPIHost::clearInspectedObjects):
(WebCore::CommandLineAPIHost::inspectedObject):
(WebCore::CommandLineAPIHost::databaseIdImpl):
(WebCore::CommandLineAPIHost::storageIdImpl):

• inspector/CommandLineAPIHost.h: Copied from Source/WebCore/inspector/InjectedScriptHost.h.

(WebCore::CommandLineAPIHost::init):

• inspector/CommandLineAPIHost.idl: Copied from Source/WebCore/inspector/InjectedScriptHost.idl.
• inspector/CommandLineAPIModule.cpp:

These are almost all pure copies from InjectedScriptHost files. Cleaned up a bit.

• inspector/InjectedScriptModule.h:
• inspector/InjectedScriptModule.cpp:

(WebCore::InjectedScriptModule::ensureInjected):
Modules can now define a host object when they are getting injected.

(WebCore::CommandLineAPIModule::host):

• inspector/CommandLineAPIModule.h:

Provide a CommandLineAPIHost, host object.

• inspector/InjectedScriptCanvasModule.h:
• inspector/InjectedScriptCanvasModule.cpp:

(WebCore::InjectedScriptCanvasModule::host):
No host object is needed for the CanvasModule.

• inspector/InjectedScriptSource.js:
• inspector/CommandLineAPIModuleSource.js:

When injecting a module, pass on an optional host object to
the module's source. Move a little more code between the
two files. The two files are very tightly coupled right now.

• inspector/InjectedScriptHost.cpp:

(WebCore::InjectedScriptHost::create):

• inspector/InjectedScriptHost.h:

(WebCore::InjectedScriptHost::~InjectedScriptHost):
(WebCore::InjectedScriptHost::InjectedScriptHost):

• inspector/InjectedScriptHost.idl:

Move any command line specific logic to CommandLineAPIHost classes.

• inspector/InjectedScriptManager.cpp:

(WebCore::InjectedScriptManager::disconnect):

• inspector/InjectedScriptManager.h:

(WebCore::InjectedScriptManager::commandLineAPIHost):

• inspector/InspectorConsoleAgent.cpp:

(WebCore::InspectorConsoleAgent::addInspectedHeapObject):

• inspector/InspectorController.cpp:

(WebCore::InspectorController::InspectorController):

• inspector/InspectorHeapProfilerAgent.cpp:

(WebCore::InspectorHeapProfilerAgent::resetState):

• inspector/InspectorProfilerAgent.cpp:

(WebCore::InspectorProfilerAgent::resetState):

• inspector/PageConsoleAgent.cpp:

(WebCore::PageConsoleAgent::addInspectedNode):

• inspector/PageInjectedScriptManager.cpp:

(WebCore::PageInjectedScriptManager::PageInjectedScriptManager):
(WebCore::PageInjectedScriptManager::disconnect):

• inspector/PageInjectedScriptManager.h:
• inspector/WorkerInspectorController.cpp:

(WebCore::WorkerInspectorController::WorkerInspectorController):
An InjectedScriptManager may optionally have a commandLineAPIHost object.
If it does, initialize it, and send it messages.

4:43 PM Changeset in webkit [160945] by mmaxfield@apple.com

• 5 edits
  5 adds in trunk

Allow ImageBuffer to re-use IOSurfaces
​https://bugs.webkit.org/show_bug.cgi?id=125477

Reviewed by Geoff Garen.

PerformanceTests:

This test times creating a variety of different sizes of canvases
once some have already been created. The second creation of the
canvases should re-use the existing IOSurfaces.

• Canvas/reuse.html: Added.

Source/WebCore:

This test adds a static class, ImageBufferBackingStoreCache, that vends
IOSurfaces. It remembers IOSurfaces that have been returned to it until
a configurable timeout.

The storage used by this class is in the form of a HashMap from a
bucketed size to the IOSurface. There are many other data structures
that could be used, but this implementation gives a 80% hit rate on
normal browsing of some example sites with Canvas and
text-decoration-skip: ink. Because the buckets are fairly
small (rounding the width and height up to multiples of 8), traversing the
bucket contents takes on average 2 steps.

Test: fast/canvas/canvas-backing-store-reuse.html

• WebCore.xcodeproj/project.pbxproj: Added new caching class
• platform/graphics/cg/ImageBufferBackingStoreCache.cpp: Added.

(WebCore::createIOSurface): Moved from ImageBufferCG.cpp
(WebCore::ImageBufferBackingStoreCache::timerFired): Forget the cache
contents
(WebCore::ImageBufferBackingStoreCache::schedulePurgeTimer):
(WebCore::ImageBufferBackingStoreCache::get): Static getter
(WebCore::ImageBufferBackingStoreCache::ImageBufferBackingStoreCache):
(WebCore::ImageBufferBackingStoreCache::insertIntoCache): Memory-management
creation function
(WebCore::ImageBufferBackingStoreCache::takeFromCache): Memory-management
deletion function
(WebCore::ImageBufferBackingStoreCache::isAcceptableSurface): Does this cached
IOSurface fit the bill?
(WebCore::ImageBufferBackingStoreCache::tryTakeFromCache): Lookup
a bucket and walk through its contents
(WebCore::ImageBufferBackingStoreCache::getOrAllocate): Public function
for clients who want a IOSurface from the cache
(WebCore::ImageBufferBackingStoreCache::deallocate): Public
function for clients to return an IOSurface to the pool

• platform/graphics/cg/ImageBufferBackingStoreCache.h: Added.
• platform/graphics/cg/ImageBufferCG.cpp: Update to use new cache

(WebCore::ImageBuffer::ImageBuffer):
(WebCore::ImageBuffer::~ImageBuffer):

LayoutTests:

Now that we're re-using the backing store of canvases, this
test makes sure that if we draw to a canvas, then destroy it,
then create a new canvas (which should share the same backing
store) that it doesn't have the stale data in it

• fast/canvas/canvas-backing-store-reuse-expected.txt: Added.
• fast/canvas/canvas-backing-store-reuse.html: Added.

4:35 PM Changeset in webkit [160944] by Simon Fraser

• 51 edits in trunk/Source

Change "threaded scrolling" terminology to "asynchronous scrolling"
​https://bugs.webkit.org/show_bug.cgi?id=126094

Source/WebCore:

Reviewed by Tim Horton.

Rename ENABLE_THREADED_SCROLLING to ENABLE_ASYNC_SCROLLING, and change
references to "main thread scrolling" to "synchronous scrolling".

In a few places, functions with names like shouldUpdateScrollLayerPositionOnMainThread()
were actually returning SynchronousScrollingReasons, so rename them appropriately.

• WebCore.exp.in:
• page/FrameView.cpp:

(WebCore::FrameView::shouldUpdateCompositingLayersAfterScrolling):
(WebCore::FrameView::isRubberBandInProgress):
(WebCore::FrameView::requestScrollPositionUpdate):
(WebCore::FrameView::updatesScrollLayerPositionOnMainThread):
(WebCore::FrameView::wheelEvent):

• page/Page.cpp:

(WebCore::Page::synchronousScrollingReasonsAsText):

• page/Page.h:
• page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::create):
(WebCore::ScrollingCoordinator::ScrollingCoordinator):
(WebCore::ScrollingCoordinator::frameViewHasSlowRepaintObjectsDidChange):
(WebCore::ScrollingCoordinator::frameViewFixedObjectsDidChange):
(WebCore::ScrollingCoordinator::frameViewRootLayerDidChange):
(WebCore::ScrollingCoordinator::synchronousScrollingReasons):
(WebCore::ScrollingCoordinator::updateSynchronousScrollingReasons):
(WebCore::ScrollingCoordinator::setForceSynchronousScrollLayerPositionUpdates):
(WebCore::ScrollingCoordinator::synchronousScrollingReasonsAsText):

• page/scrolling/ScrollingCoordinator.h:

(WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionSynchronously):
(WebCore::ScrollingCoordinator::setSynchronousScrollingReasons):

• page/scrolling/ScrollingStateFixedNode.cpp:
• page/scrolling/ScrollingStateFixedNode.h:
• page/scrolling/ScrollingStateNode.cpp:
• page/scrolling/ScrollingStateNode.h:
• page/scrolling/ScrollingStateScrollingNode.cpp:

(WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
(WebCore::ScrollingStateScrollingNode::setSynchronousScrollingReasons):
(WebCore::ScrollingStateScrollingNode::dumpProperties):

• page/scrolling/ScrollingStateScrollingNode.h: Awkward "ReasonsForSynchronousScrolling" to avoid

conflict with the enum called SynchronousScrollingReasons.

• page/scrolling/ScrollingStateStickyNode.cpp:
• page/scrolling/ScrollingStateStickyNode.h:
• page/scrolling/ScrollingStateTree.cpp:
• page/scrolling/ScrollingStateTree.h:
• page/scrolling/ScrollingThread.cpp:
• page/scrolling/ScrollingThread.h:
• page/scrolling/ScrollingTree.cpp:
• page/scrolling/ScrollingTree.h:
• page/scrolling/ScrollingTreeNode.cpp:
• page/scrolling/ScrollingTreeNode.h:
• page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::ScrollingTreeScrollingNode):
(WebCore::ScrollingTreeScrollingNode::updateBeforeChildren):

• page/scrolling/ScrollingTreeScrollingNode.h:

(WebCore::ScrollingTreeScrollingNode::synchronousScrollingReasons):
(WebCore::ScrollingTreeScrollingNode::shouldUpdateScrollLayerPositionSynchronously):

• page/scrolling/mac/ScrollingCoordinatorMac.h:
• page/scrolling/mac/ScrollingCoordinatorMac.mm:

(WebCore::ScrollingCoordinatorMac::setSynchronousScrollingReasons):
(WebCore::ScrollingCoordinatorMac::commitTreeState):

• page/scrolling/mac/ScrollingStateNodeMac.mm:
• page/scrolling/mac/ScrollingStateScrollingNodeMac.mm:
• page/scrolling/mac/ScrollingThreadMac.mm:
• page/scrolling/mac/ScrollingTreeFixedNode.h:
• page/scrolling/mac/ScrollingTreeFixedNode.mm:
• page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
• page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:

(WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren):
(WebCore::ScrollingTreeScrollingNodeMac::scrollPosition):
(WebCore::ScrollingTreeScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints):
(WebCore::ScrollingTreeScrollingNodeMac::setScrollLayerPosition):
(WebCore::logThreadedScrollingMode):

• page/scrolling/mac/ScrollingTreeStickyNode.h:
• page/scrolling/mac/ScrollingTreeStickyNode.mm:
• platform/Scrollbar.cpp:

(WebCore::Scrollbar::supportsUpdateOnSecondaryThread):

• platform/graphics/TiledBacking.h:
• platform/graphics/ca/mac/TileController.mm:

(WebCore::TileController::TileController):
(WebCore::TileController::updateTileCoverageMap):

• platform/mac/MemoryPressureHandlerMac.mm:

(WebCore::MemoryPressureHandler::releaseMemory):

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::setupFontSubpixelQuantization):

• rendering/RenderLayerBacking.cpp:

(WebCore::computeTileCoverage):

• testing/Internals.cpp:

(WebCore::Internals::mainThreadScrollingReasons):

• testing/Internals.idl:

Source/WebKit2:

Reviewed by Tim Horton.

Rename ENABLE_THREADED_SCROLLING to ENABLE_ASYNC_SCROLLING, and change
references to "main thread scrolling" to "synchronous scrolling".

• WebProcess/WebPage/EventDispatcher.cpp:

(WebKit::EventDispatcher::wheelEvent):

• WebProcess/WebPage/EventDispatcher.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::~WebPage):

• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::didInstallPageOverlay):
(WebKit::TiledCoreAnimationDrawingArea::didUninstallPageOverlay):
(WebKit::TiledCoreAnimationDrawingArea::updatePreferences):
(WebKit::TiledCoreAnimationDrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):

Source/WTF:

Reviewed by Tim Horton.

Rename ENABLE_THREADED_SCROLLING to ENABLE_ASYNC_SCROLLING.

• wtf/FeatureDefines.h:

4:26 PM Changeset in webkit [160943] by timothy_horton@apple.com

• 7 edits in trunk/Source/WebCore

Revert r160327, r160273, and r160260.

We'll come up with something less aggressive, as this doesn't quite work.

• loader/cache/CachedImage.h:
• loader/cache/CachedResource.h:
• loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::pruneLiveResourcesToSize):

• platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::destroyDecodedDataIfNecessary):

• platform/graphics/BitmapImage.h:
• platform/graphics/Image.h:

4:12 PM Changeset in webkit [160942] by andersca@apple.com

• 5 edits in trunk/Source/WebCore

PostAttachCallbackDisabler should take a Document
​https://bugs.webkit.org/show_bug.cgi?id=126090

Reviewed by Andreas Kling.

suspendPostAttachCallbacks and resumePostAttachCallbacks always only get the document from the
container node, so make them static member functions that take a Document&. Also, move PostAttachCallbackDisabler
to Element.h in preparation for moving post attach callback handling to Element.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::suspendPostAttachCallbacks):
(WebCore::ContainerNode::resumePostAttachCallbacks):

• dom/ContainerNode.h:
• dom/Element.h:

(WebCore::PostAttachCallbackDisabler::PostAttachCallbackDisabler):
(WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler):

• style/StyleResolveTree.cpp:

(WebCore::Style::attachRenderTree):

4:05 PM Changeset in webkit [160941] by Bem Jones-Bey

• 3 edits in trunk/Tools

Pretty print LayoutUnit, LayoutPoint, and LayoutSize in gdb and lldb
​https://bugs.webkit.org/show_bug.cgi?id=126080

Reviewed by Anders Carlsson.

This changes the output of printing LayoutUnits to be in px, removing
the need to divide by 64 manually.

This will lead to gdb output like:

m_frameRect = {

m_location = LayoutPoint(0px, 0px),
m_size = LayoutSize(800px, 585px)

}

And lldb output like:

(const WebCore::LayoutRect) $0 = {

m_location = { x = 744px, y = 1px }
m_size = { width = 236px, height = 40px }

}

This patch is based on patch for Blink by ​cbiesinger@chromium.org.

• gdb/webkit.py:

(WebCoreLayoutUnitPrinter):
(WebCoreLayoutUnitPrinter.init):
(WebCoreLayoutUnitPrinter.to_string):
(WebCoreLayoutSizePrinter):
(WebCoreLayoutSizePrinter.init):
(WebCoreLayoutSizePrinter.to_string):
(WebCoreLayoutPointPrinter):
(WebCoreLayoutPointPrinter.init):
(WebCoreLayoutPointPrinter.to_string):
(add_pretty_printers):

• lldb/lldb_webkit.py:

(lldb_init_module):
(WebCoreLayoutUnit_SummaryProvider):
(WebCoreLayoutSize_SummaryProvider):
(WebCoreLayoutPoint_SummaryProvider):
(WebCoreLayoutUnitProvider):
(WebCoreLayoutUnitProvider.init):
(WebCoreLayoutUnitProvider.to_string):
(WebCoreLayoutSizeProvider):
(WebCoreLayoutSizeProvider.init):
(WebCoreLayoutSizeProvider.get_width):
(WebCoreLayoutSizeProvider.get_height):
(WebCoreLayoutPointProvider):
(WebCoreLayoutPointProvider.init):
(WebCoreLayoutPointProvider.get_x):
(WebCoreLayoutPointProvider.get_y):

3:56 PM Changeset in webkit [160940] by commit-queue@webkit.org

• 7 edits in trunk/Source/WebKit2

Rename PlugInAutoStartProvider's ...EntriesAddedBeforeTime facility to ...EntriesAddedAfterTime
​https://bugs.webkit.org/show_bug.cgi?id=126078

Patch by Ricky Mondello <Ricky Mondello> on 2013-12-20
Reviewed by Anders Carlsson.

r160922 accidentally named a facility for filtering out data added after a certain time,
"...FilteringOutEntriesAddedBeforeTime", which was incorrect. This patch renames those instances
to "...FilteringOutEntriesAddedAfterTime".

• UIProcess/API/C/WKContext.cpp:

(WKContextSetPlugInAutoStartOriginsFilteringOutEntriesAddedAfterTime):

• UIProcess/API/C/WKContext.h:
• UIProcess/Plugins/PlugInAutoStartProvider.cpp:

(WebKit::PlugInAutoStartProvider::setAutoStartOriginsFilteringOutEntriesAddedAfterTime):

• UIProcess/Plugins/PlugInAutoStartProvider.h:
• UIProcess/WebContext.cpp:

(WebKit::WebContext::setPlugInAutoStartOriginsFilteringOutEntriesAddedAfterTime):

• UIProcess/WebContext.h:

3:55 PM Changeset in webkit [160939] by weinig@apple.com

• 7 edits in trunk/Source/WebKit2

[WK2] Add SPI for using a custom protocol handler
​https://bugs.webkit.org/show_bug.cgi?id=126089

Reviewed by Anders Carlsson.

• UIProcess/API/C/mac/WKContextPrivateMac.h:
• UIProcess/API/C/mac/WKContextPrivateMac.mm:

(WKContextRegisterSchemeForCustomProtocol):
(WKContextUnregisterSchemeForCustomProtocol):

• UIProcess/API/Cocoa/WKBrowsingContextController.mm:

(+[WKBrowsingContextController registerSchemeForCustomProtocol:]):
(+[WKBrowsingContextController unregisterSchemeForCustomProtocol:]):

• UIProcess/WebContext.cpp:

(WebKit::WebContext::globalURLSchemesWithCustomProtocolHandlers):
(WebKit::WebContext::registerGlobalURLSchemeAsHavingCustomProtocolHandlers):
(WebKit::WebContext::unregisterGlobalURLSchemeAsHavingCustomProtocolHandlers):

• UIProcess/WebContext.h:
• UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::platformInitializeWebProcess):
(WebKit::WebContext::platformInitializeNetworkProcess):
(WebKit::WebContext::registerNotificationObservers):
(WebKit::WebContext::unregisterNotificationObservers):

3:46 PM Changeset in webkit [160938] by Martin Robinson

• 2 edits
  1 add in trunk/Tools

[GTK] [CMake] Add support for building ImageDiff
​https://bugs.webkit.org/show_bug.cgi?id=125960

Reviewed by Gustavo Noronha Silva.

• CMakeLists.txt: Build ImageDiff for GTK+.
• ImageDiff/PlatformGTK.cmake: Added.

3:44 PM Changeset in webkit [160937] by Martin Robinson

• 2 edits
  1 add in trunk/Tools

[GTK] [CMake] Add support for building DumpRenderTree
​https://bugs.webkit.org/show_bug.cgi?id=125767

Reviewed by Gustavo Noronha Silva.

• CMakeLists.txt: Load the DumpRenderTree cmake file for GTK+ when WebKit1 is enabled.
• DumpRenderTree/PlatformGTK.cmake: Added.

3:38 PM Changeset in webkit [160936] by fpizlo@apple.com

• 22 edits
  2 adds in branches/jsCStack/Source/JavaScriptCore

Arity check slow path should ensure that when we return, we restore SP back to what the caller expects
​https://bugs.webkit.org/show_bug.cgi?id=126043

Not yet reviewed.

Implements proper stack restoration after return from a function that failed arity
check.

• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileFunction):

• ftl/FTLLink.cpp:

(JSC::FTL::link):

• ftl/FTLOSRExit.h:
• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• jit/ArityCheckFailReturnThunks.cpp: Added.

(JSC::ArityCheckFailReturnThunks::ArityCheckFailReturnThunks):
(JSC::ArityCheckFailReturnThunks::~ArityCheckFailReturnThunks):
(JSC::ArityCheckFailReturnThunks::returnPCsFor):
(JSC::ArityCheckFailReturnThunks::returnPCFor):

• jit/ArityCheckFailReturnThunks.h: Added.
• jit/JIT.cpp:

(JSC::JIT::privateCompile):

• jit/JITCode.cpp:

(JSC::DirectJITCode::addressForCall):

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterPreservationWrapper):
(JSC::generateRegisterRestoration):
(JSC::registerRestorationThunkGenerator):

• jit/RegisterPreservationWrapperGenerator.h:
• jit/ThunkGenerators.cpp:

(JSC::arityFixup):

• llint/LLIntOffsetsExtractor.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• offlineasm/x86.rb:
• runtime/CommonSlowPaths.cpp:

(JSC::setupArityCheckData):
(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):

• runtime/StackAlignment.h:

(JSC::logStackAlignmentRegisters):

• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:

3:30 PM Changeset in webkit [160935] by msaboff@apple.com

• 2 edits in branches/jsCStack/PerformanceTests/SunSpider

Unreviewed change. Restoring v8-crypto.js back to trunk.

Removing print()'s that are no longer needed.

• tests/v8-v6/v8-crypto.js:

3:24 PM Changeset in webkit [160934] by Martin Robinson

• 4 edits
  1 add in trunk/Tools

[GTK] [CMake] Add support for building WebKitTestRunner
​https://bugs.webkit.org/show_bug.cgi?id=125768

Reviewed by Gustavo Noronha Silva.

• CMakeLists.txt: Compile WebKitTestRunner for GTK+ when WebKit2 is enabled.
• WebKitTestRunner/CMakeLists.txt: Remove some EFL specific flags from the common

build file.

• WebKitTestRunner/PlatformEfl.cmake: Move the flags here.
• WebKitTestRunner/PlatformGTK.cmake: Added.

3:09 PM Changeset in webkit [160933] by mark.lam@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

Fix broken non-FTL build.

Not reviewed.

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterPreservationWrapper):

3:04 PM Changeset in webkit [160932] by matthew_hanson@apple.com

• 5 edits in branches/safari-537.74-branch/Source

Versioning

3:04 PM Changeset in webkit [160931] by msaboff@apple.com

• 4 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: CodeBlocks aren't being marked by garbage collector
​https://bugs.webkit.org/show_bug.cgi?id=126084

Reviewed by Filip Pizlo.

Changed the native stack marking to include marking CodeBlocks and JITStubRoutines.
Patterned the code after what was in JSStack::gatherConservativeRoots()

• heap/Heap.cpp:

(JSC::Heap::markRoots):

• heap/MachineStackMarker.cpp:

(JSC::MachineThreads::gatherFromCurrentThread):
(JSC::MachineThreads::gatherFromOtherThread):
(JSC::MachineThreads::gatherConservativeRoots):

• heap/MachineStackMarker.h:

3:01 PM Changeset in webkit [160930] by matthew_hanson@apple.com

• 1 copy in tags/Safari-537.74.3

New tag.

2:59 PM Changeset in webkit [160929] by msaboff@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

Unreviewed build fix for building without the FTL.

• jit/RegisterPreservationWrapperGenerator.cpp:

(JSC::generateRegisterPreservationWrapper):

2:34 PM Changeset in webkit [160928] by andersca@apple.com

• 6 edits in trunk/Source/WebCore

Move scheduleSetNeedsStyleRecalc to HTMLFrameOwnerElement
​https://bugs.webkit.org/show_bug.cgi?id=126083

Reviewed by Antti Koivisto.

scheduleSetNeedsStyleRecalc is only ever called on HTMLFrameOwnerElement, so
move it there, remove the Node implementation and make it non-virtual.

• dom/ContainerNode.cpp:
• dom/ContainerNode.h:
• dom/Node.h:
• html/HTMLFrameOwnerElement.cpp:

(WebCore::needsStyleRecalcCallback):
(WebCore::HTMLFrameOwnerElement::scheduleSetNeedsStyleRecalc):

• html/HTMLFrameOwnerElement.h:

2:19 PM Changeset in webkit [160927] by aestes@apple.com

• 2 edits in trunk/Source/WebCore

Remove an unneeded include of WebCoreSystemInterface.h.

Rubber-stamped by Dan Bernstein.

• platform/mac/ContentFilterMac.mm:

2:15 PM Changeset in webkit [160926] by andersca@apple.com

• 6 edits in trunk/Source/WebCore

Node post attach callbacks should use references
​https://bugs.webkit.org/show_bug.cgi?id=126081

Reviewed by Antti Koivisto.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::queuePostAttachCallback):
(WebCore::ContainerNode::dispatchPostAttachCallbacks):
(WebCore::needsStyleRecalcCallback):
(WebCore::ContainerNode::scheduleSetNeedsStyleRecalc):

• dom/ContainerNode.h:
• html/HTMLFormControlElement.cpp:

(WebCore::focusPostAttach):
(WebCore::HTMLFormControlElement::didAttachRenderers):
(WebCore::updateFromElementCallback):
(WebCore::HTMLFormControlElement::didRecalcStyle):

• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAttachRenderers):
(WebCore::HTMLPlugInImageElement::updateWidgetCallback):
(WebCore::HTMLPlugInImageElement::startLoadingImageCallback):

• html/HTMLPlugInImageElement.h:

2:04 PM Changeset in webkit [160925] by Joseph Pecoraro

• 11 edits
  2 adds in trunk/Source/WebCore

Web Inspector: Extract CommandLineAPI into its own InjectedScriptModule
​https://bugs.webkit.org/show_bug.cgi?id=126038

Reviewed by Timothy Hatcher.

Only inject the CommandLineAPIModule once, when the InjectedScript
is first created. This avoids running a small snippet of JavaScript
to check if the module is loaded every time we fetch the InjectedScript.

• CMakeLists.txt:
• GNUmakefile.list.am:
• WebCore.vcxproj/WebCore.vcxproj:
• WebCore.vcxproj/WebCore.vcxproj.filters:
• WebCore.xcodeproj/project.pbxproj:
• inspector/InspectorAllInOne.cpp:

Add new files to the build.

• inspector/InjectedScriptManager.h:
• inspector/InjectedScriptManager.cpp:

(WebCore::InjectedScriptManager::createForPage):
(WebCore::InjectedScriptManager::injectedScriptFor):
(WebCore::InjectedScriptManager::didCreateInjectedScript):
Add didCreateInjectedScript hook for a subclass to inject more scripts.

• inspector/PageInjectedScriptManager.h: Added.
• inspector/PageInjectedScriptManager.cpp: Added.

(WebCore::PageInjectedScriptManager::didCreateInjectedScript):
For pages, inject the CommandLineAPIModule.

• inspector/PageRuntimeAgent.cpp:

(WebCore::PageRuntimeAgent::injectedScriptForEval):
This is replaced by PageInjectedScriptManager, we no longer need
to do extra work every time we fetch the injectedScriptForEval.

2:04 PM Changeset in webkit [160924] by Joseph Pecoraro

• 14 edits
  3 adds in trunk/Source/WebCore

Web Inspector: Extract CommandLineAPI into its own InjectedScriptModule
​https://bugs.webkit.org/show_bug.cgi?id=126038

Reviewed by Timothy Hatcher.

No tests, no observable change in behavior.

Move the CommandLineAPI source into its own module. Load the module
in InjectedScripts for WebCore::Pages. Not for workers.

Moving CommandLineAPI into it's own module moves it from being inside
the same anonymous function to being evaluated outside the anonymous
function. To connect the two InjectedScript passes itself to the
injected module, and the CommandLineAPI module places its class on the
injectedScript as injectedScript.CommandLineAPI.

This essentially makes the CommandLineAPI module an InjectedScript
extension. InjectedScriptSource checks for the existence of
this.CommandLineAPI to see if the fuller version is available. Otherwise
it falls back to a BasicCommandLineAPI which only exposes "$_",
which is the "last evaluated result". That will be useful for JS Contexts
and Workers.

At the same time, this patch makes InjectedScriptModule more generic,
to support being used in a pure JavaScript environment, meaning one
without "window" as the global object.

• CMakeLists.txt:
• DerivedSources.make:
• GNUmakefile.am:
• GNUmakefile.list.am:
• WebCore.vcxproj/WebCore.vcxproj:
• WebCore.vcxproj/WebCore.vcxproj.filters:
• WebCore.xcodeproj/project.pbxproj:
• inspector/InspectorAllInOne.cpp:

Add files. Minify the CommandLineAPIModuleSource in generation.

• inspector/CommandLineAPIModule.h: Added.
• inspector/CommandLineAPIModule.cpp: Added.

(WebCore::CommandLineAPIModule::CommandLineAPIModule):
(WebCore::CommandLineAPIModule::injectIfNeeded):
(WebCore::CommandLineAPIModule::source):
Inject the module that doesn't return an object, its just evaluated code
extending the original InjectedScript.

• inspector/InjectedScriptModule.h:
• inspector/InjectedScriptModule.cpp:

(WebCore::InjectedScriptModule::ensureInjected):
Only ASSERT the result was an object if the Module claims it returns an object.

• inspector/InjectedScriptCanvasModule.h:

(WebCore::InjectedScriptCanvasModule::returnsObject):
Return an object used later to call into the CanvasModule.

• inspector/PageRuntimeAgent.cpp:

(WebCore::PageRuntimeAgent::injectedScriptForEval):
Ensure the CommandLineAPIModule is loaded in the Page's InjectedScript.

• inspector/CommandLineAPIModuleSource.js: Added.

Create the CommandLineAPI class and place it on injectedScript.

• inspector/InjectedScriptSource.js:

(InjectedScript.prototype._evaluateOn):
Inject either the BasicCommandLineAPI or extended CommandLineAPI.
Derive the globalObject dynamically instead of assuming window.
Inject the commandLineAPI on window.console or the globalObject based on context.
Audit and rename uses of "window" to something like globalObject.

2:01 PM Changeset in webkit [160923] by timothy_horton@apple.com

• 12 edits in trunk/Source

WebKit2 View Gestures: Implement smartMagnifyWithEvent: and make it work
​https://bugs.webkit.org/show_bug.cgi?id=125752
<rdar://problem/15664245>

Reviewed by Anders Carlsson.

Implement "smart magnify", which is the double-tap-to-zoom gesture on OS X.

• UIProcess/API/mac/WKView.mm:

(-[WKView smartMagnifyWithEvent:]):
Forward smartMagnifyWithEvent to ViewGestureController.

• UIProcess/mac/ViewGestureController.cpp:

(WebKit::ViewGestureController::handleMagnificationGesture):
Drive-by repair a comment.

(WebKit::ViewGestureController::handleSmartMagnificationGesture):
Added. Immediately dispatch a message to the web process to retrieve
the rendered rect of the element under the gesture.

(WebKit::maximumRectangleComponentDelta):
Return the absolute maximum delta between corresponding components of two rects.

(WebKit::ViewGestureController::didCollectGeometryForSmartMagnificationGesture):
Once the WebProcess has replied with the relevant geometry, use it to
determine our target rectangle (the element's rect, with some padding)
and target magnification (attempting to keep replaced elements
fully in-view, and otherwise zooming in as far as possible to fit the
element's width).

If this gesture occurs after the page is already magnified, and targets
a similar region to the previous smart magnification gesture, zoom out
instead of panning across the page.

Begin a transient zoom with the current magnification, and immediately
commit it at our target magnification and offset, so that the drawing
area will animate to the new parameters.

(WebKit::ViewGestureController::endActiveGesture):

• UIProcess/mac/ViewGestureController.h:
• UIProcess/mac/ViewGestureController.messages.in:
• WebProcess/WebPage/ViewGestureGeometryCollector.cpp:

(WebKit::ViewGestureGeometryCollector::collectGeometryForSmartMagnificationGesture):
Hit-test the document to determine the node under the smart magnification
gesture, and return it to the UI process along with various other bits of data.

• WebProcess/WebPage/ViewGestureGeometryCollector.h:
• WebProcess/WebPage/ViewGestureGeometryCollector.messages.in:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::TiledCoreAnimationDrawingArea):
(WebKit::TiledCoreAnimationDrawingArea::adjustTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::applyTransientZoomToPage):
Instead of short-circuiting the animation if we didn't have to constrain
the origin, short-circuit if we're already *at* the right origin,
like the comment said. This prevents jarring jumps when double-tap-panning
between elements when zoomed all the way in.

• WebCore.exp.in:

Add some exports.

1:00 PM Changeset in webkit [160922] by commit-queue@webkit.org

• 7 edits in trunk/Source/WebKit2

Allow partial application of PlugInAutoStart tables based on timestamp
​https://bugs.webkit.org/show_bug.cgi?id=125871

Patch by Ricky Mondello <Ricky Mondello> on 2013-12-20
Reviewed by Anders Carlsson.

• UIProcess/API/C/WKContext.cpp:

(WKContextSetPlugInAutoStartOriginsFilteringOutEntriesAddedBeforeTime): New API.

• UIProcess/API/C/WKContext.h: New API.

• UIProcess/Plugins/PlugInAutoStartProvider.cpp:

(WebKit::PlugInAutoStartProvider::setAutoStartOriginsTable): Call setAutoStartOriginsTableWithItemsPassingTest

with a predicate that lets all policies pass.

(WebKit::PlugInAutoStartProvider::setAutoStartOriginsFilteringOutEntriesAddedBeforeTime): Call

setAutoStartOriginsTableWithItemsPassingTest with a predicate that lets policies created before a certain
time pass.

(WebKit::PlugInAutoStartProvider::setAutoStartOriginsTableWithItemsPassingTest): Added. Contains most of the

contents of setAutoStartOriginsTable, with support for applying a predicate.

• UIProcess/Plugins/PlugInAutoStartProvider.h: Add public method,

setAutoStartOriginsFilteringOutEntriesAddedBeforeTime, and private method,
setAutoStartOriginsTableWithItemsPassingTest.

• UIProcess/WebContext.cpp:

(WebKit::WebContext::setPlugInAutoStartOriginsFilteringOutEntriesAddedBeforeTime): Pass through to the

PlugInAutoStartProvider.

• UIProcess/WebContext.h: Declare setPlugInAutoStartOriginsFilteringOutEntriesAddedBeforeTime.

12:54 PM Changeset in webkit [160921] by mmaxfield@apple.com

• 2 edits in trunk/Tools

Myles C. Maxfield is a committer now

Unreviewed.

• Scripts/webkitpy/common/config/contributors.json:

12:49 PM Changeset in webkit [160920] by Antti Koivisto

• 3 edits in trunk/Source/WebCore

http/tests/misc/object-image-error.html asserts
​https://bugs.webkit.org/show_bug.cgi?id=126074

Reviewed by Andreas Kling.

• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAttachRenderers):
(WebCore::HTMLPlugInImageElement::updateWidgetCallback):
(WebCore::HTMLPlugInImageElement::startLoadingImage):
(WebCore::HTMLPlugInImageElement::startLoadingImageCallback):

• html/HTMLPlugInImageElement.h:

Start image load from post-attach so we don't re-enter attach when image load fails synchronously.

12:19 PM Changeset in webkit [160919] by mhahnenberg@apple.com

• 6 edits in trunk/Source/JavaScriptCore

Clean up DFG write barriers
​https://bugs.webkit.org/show_bug.cgi?id=126047

Reviewed by Filip Pizlo.

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to
determine which registers need saving instead of saving every single one of them.
(JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state
because the write barriers during OSR execute when there are no live registers. Also we
don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
(JSC::DFG::SpeculativeJIT::writeBarrier):

• dfg/DFGSpeculativeJIT.h:
• jit/Repatch.cpp:

(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStub):

• runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.

11:45 AM Changeset in webkit [160918] by commit-queue@webkit.org

• 4 edits in trunk/Source/WebKit2

[GTK] WebKitWebViewBase's ClickCounter should be reset
​https://bugs.webkit.org/show_bug.cgi?id=122551

Patch by Enrique Ocaña González <​eocanha@igalia.com> on 2013-12-20
Reviewed by Martin Robinson.

• UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::didCommitLoadForMainFrame):

• UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseResetClickCounter):

• UIProcess/API/gtk/WebKitWebViewBasePrivate.h:

11:34 AM Changeset in webkit [160917] by matthew_hanson@apple.com

• 7 edits in branches/safari-537.74-branch/Source/WebCore

Merge r160898: <rdar://problems/15709940>

11:05 AM Changeset in webkit [160916] by Antti Koivisto

• 3 edits in trunk/Source/WebCore

Crashes in AccessibilityRenderObject::computeAccessibilityIsIgnored()
​https://bugs.webkit.org/show_bug.cgi?id=126073

Reviewed by Ryosuke Niwa.

Prevent the crash and try to catch in debug why it is happening.

• accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::AccessibilityRenderObject):
(WebCore::AccessibilityRenderObject::~AccessibilityRenderObject):
(WebCore::AccessibilityRenderObject::detach):
(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):

• accessibility/AccessibilityRenderObject.h:

9:27 AM Changeset in webkit [160915] by Brent Fulgham

• 2 edits in trunk/Source/WebKit

[Win] Unreviewed build fix after r160908.

• WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in: Add

missing export.

8:50 AM Changeset in webkit [160914] by Antti Koivisto

• 2 edits in trunk/Source/WebCore

Fix asserting accesibility tests.

• html/HTMLElement.cpp:

(WebCore::HTMLElement::supportsFocus): Accessibility code checks focus status during painting.

7:51 AM Changeset in webkit [160913] by commit-queue@webkit.org

• 2 edits in trunk/Source/JavaScriptCore

[MIPS] Missing MacroAssemblerMIPS::branchTest8(ResultCondition, BaseIndex, TrustedImm32)
​https://bugs.webkit.org/show_bug.cgi?id=126062

Patch by Balazs Kilvady <​kilvadyb@homejinni.com> on 2013-12-20
Reviewed by Mark Hahnenberg.

• assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::branchTest8):

7:48 AM Changeset in webkit [160912] by commit-queue@webkit.org

• 2 edits in trunk/Source/JavaScriptCore

[sh4] Add missing implementation in MacroAssembler to fix build.
​https://bugs.webkit.org/show_bug.cgi?id=126063

Patch by Julien Brianceau <​jbriance@cisco.com> on 2013-12-20
Reviewed by Mark Hahnenberg.

• assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::branchTest8):

7:46 AM Changeset in webkit [160911] by commit-queue@webkit.org

• 2 edits in trunk/Source/JavaScriptCore

[arm] Add missing implementation in MacroAssembler to fix CPU(ARM_TRADITIONAL) build.
​https://bugs.webkit.org/show_bug.cgi?id=126064

Patch by Julien Brianceau <​jbriance@cisco.com> on 2013-12-20
Reviewed by Mark Hahnenberg.

• assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::branchTest8):

7:36 AM Changeset in webkit [160910] by zandobersek@gmail.com

• 2 edits in trunk/Source/WebCore

Unreviewed GTK build fix after r160909.
Remove remaining uses of AttachLazily in code specific to the GTK port.

• html/shadow/MediaControlsGtk.cpp:

(WebCore::MediaControlsGtk::initializeControls):
(WebCore::MediaControlsGtk::createTextTrackDisplay):

6:58 AM Changeset in webkit [160909] by commit-queue@webkit.org

• 4 edits in trunk/Source

[GTK] The fullscreen API should be enabled by default
​https://bugs.webkit.org/show_bug.cgi?id=125993

Patch by Enrique Ocaña González <​eocanha@igalia.com> on 2013-12-20
Reviewed by Gustavo Noronha Silva.

Set the WebSettings property to TRUE

Source/WebKit/gtk:

• webkit/webkitwebsettings.cpp:

(webkit_web_settings_class_init):

Source/WebKit2:

• UIProcess/API/gtk/WebKitSettings.cpp:

(webkit_settings_class_init):

6:44 AM Changeset in webkit [160908] by Antti Koivisto

• 75 edits in trunk

Create render tree lazily
​https://bugs.webkit.org/show_bug.cgi?id=120685

Source/WebCore:

Reviewed by Andreas Kling.

We currently recompute style and construct renderer for each DOM node immediately after they are added to
the tree. This is often inefficient as the style may change immediately afterwards and the work needs to be
redone.

With this patch we always compute style and construct render tree lazily, either on style recalc timer or
synchronously when they are needed. It also removes the 'attached' bit. If document has render tree then
all nodes are conceptually "attached" even if this happens lazily.

The patch slightly changes behavior of implicit CSS transitions. A synchronous style change during parsing
may not trigger the animation anymore as laziness means we don't see anything changing. This matches Firefox
and Chrome in our test cases.

• WebCore.exp.in:
• bindings/js/JSNodeCustom.cpp:

(WebCore::JSNode::insertBefore):
(WebCore::JSNode::replaceChild):
(WebCore::JSNode::appendChild):

All attaching is now lazy, remove AttachLazily.

• css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

SVG renderers with !isValid() have empty display property value for some reason. Keep the behavior.

• dom/ContainerNode.cpp:

(WebCore::ContainerNode::insertBefore):
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::appendChild):
(WebCore::ContainerNode::parserAppendChild):
(WebCore::ContainerNode::updateTreeAfterInsertion):

• dom/ContainerNode.h:
• dom/Document.cpp:

(WebCore::Document::~Document):
(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::createRenderTree):
(WebCore::Document::destroyRenderTree):

Remove attach bit maintenance.

(WebCore::Document::webkitDidExitFullScreenForElement):

Do lazy render tree reconstruction after returning from full screen. That is the only reliable way
to get the render tree back to decent shape.

• dom/Element.cpp:

(WebCore::Element::isFocusable):

Remove pointless !renderer()->needsLayout() assert.

(WebCore::Element::addShadowRoot):
(WebCore::Element::childShouldCreateRenderer):
(WebCore::Element::resetComputedStyle):

Take care to reset computed style in all descendants. attachRenderTree no longer does this.

• dom/Element.h:
• dom/Node.cpp:

(WebCore::Node::insertBefore):
(WebCore::Node::replaceChild):
(WebCore::Node::appendChild):
(WebCore::Node::setNeedsStyleRecalc):

Propagate ReconstructRenderTree.

(WebCore::Node::attached):

Emulate the behavior of old attached bit for now so existing code calling this mostly stays working.

• dom/Node.h:

Add new ReconstructRenderTree value for StyleChangeType.

• dom/Range.cpp:

(WebCore::Range::isPointInRange):
(WebCore::Range::comparePoint):
(WebCore::Range::compareNode):
(WebCore::Range::intersectsNode):

• editing/AppendNodeCommand.cpp:

(WebCore::AppendNodeCommand::doApply):

• editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::canRebalance):

• editing/InsertNodeBeforeCommand.cpp:

(WebCore::InsertNodeBeforeCommand::doApply):

• html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):

• html/HTMLDocument.cpp:

(WebCore::HTMLDocument::activeElement):

• html/HTMLElement.cpp:

(WebCore::HTMLElement::setInnerText):

TextControlInnerTextElement always preserves newline even if it doesn't have style yet.

(WebCore::HTMLElement::supportsFocus):

• html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::parseAttribute):

• html/HTMLFormControlElement.cpp:

(WebCore::shouldAutofocus):

Don't autofocus until we have renderer.

• html/HTMLFormControlElementWithState.cpp:

(WebCore::HTMLFormControlElementWithState::shouldSaveAndRestoreFormControlState):

• html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions):

• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::updateType):

Lazy render tree construction.

(WebCore::HTMLInputElement::parseAttribute):
(WebCore::HTMLInputElement::defaultEventHandler):

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::parseAttribute):

• html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::parseAttribute):

• html/HTMLSummaryElement.cpp:

(WebCore::HTMLSummaryElement::didAddUserAgentShadowRoot):

• html/parser/HTMLConstructionSite.cpp:

(WebCore::executeTask):

Don't attach renderer after construction.

• html/parser/HTMLTreeBuilder.cpp:

(WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

• html/shadow/ContentDistributor.cpp:

(WebCore::ContentDistributor::invalidateDistribution):

• html/shadow/InsertionPoint.cpp:

(WebCore::InsertionPoint::willAttachRenderers):
(WebCore::InsertionPoint::willDetachRenderers):

• html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlTextTrackContainerElement::updateDisplay):

• html/shadow/MediaControls.cpp:

(WebCore::MediaControls::createTextTrackDisplay):

• html/shadow/MediaControlsApple.cpp:

(WebCore::MediaControlsApple::createControls):

• html/track/TextTrackCue.cpp:

(WebCore::TextTrackCue::getDisplayTree):

• loader/PlaceholderDocument.cpp:

(WebCore::PlaceholderDocument::createRenderTree):

• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::preload):

• style/StyleResolveTree.cpp:

(WebCore::Style::attachTextRenderer):
(WebCore::Style::detachTextRenderer):

Remove attached bit maintenance.

(WebCore::Style::attachChildren):
(WebCore::Style::attachShadowRoot):
(WebCore::Style::attachRenderTree):
(WebCore::Style::detachShadowRoot):
(WebCore::Style::detachRenderTree):
(WebCore::Style::resolveLocal):

• svg/SVGTests.cpp:

(WebCore::SVGTests::handleAttributeChange):

Make lazy.

• testing/Internals.cpp:

(WebCore::Internals::attached):
(WebCore::Internals::elementRenderTreeAsText):
(WebCore::Internals::markerAt):
(WebCore::Internals::nodesFromRect):

LayoutTests:

Reviewed by Andreas Kling.

Most of these are non-visible render tree dump changes (they become simpler).

• editing/selection/click-on-head-margin-expected.txt:
• fast/css-generated-content/before-content-continuation-chain-expected.txt:
• fast/css/transition-color-unspecified.html:
• fast/dom/adopt-node-crash-2-expected.txt:
• fast/dom/modify-node-and-while-in-the-callback-too-crash-expected.txt:
• fast/forms/radio/radio_checked_dynamic-expected.txt:
• fast/frames/lots-of-iframes-expected.txt:
• fast/frames/sandboxed-iframe-autofocus-denied-expected.txt:
• fast/table/table-row-style-not-updated-with-after-content-expected.txt:
• fullscreen/full-screen-render-inline-expected.txt:
• fullscreen/parent-flow-inline-with-block-child-expected.txt:
• platform/mac/editing/inserting/break-blockquote-after-delete-expected.txt:
• platform/mac/fast/css-generated-content/table-row-group-to-inline-expected.txt:
• platform/mac/fast/dynamic/011-expected.txt:
• platform/mac/fast/forms/formmove3-expected.txt:
• platform/mac/fast/forms/preserveFormDuringResidualStyle-expected.txt:
• platform/mac/fast/invalid/001-expected.txt:
• platform/mac/fast/invalid/003-expected.txt:
• platform/mac/fast/invalid/004-expected.txt:
• platform/mac/fast/invalid/007-expected.txt:
• platform/mac/fast/invalid/019-expected.txt:
• platform/mac/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
• platform/mac/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
• platform/mac/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
• platform/mac/fast/ruby/ruby-base-merge-block-children-crash-expected.txt:
• platform/mac/tables/mozilla/bugs/bug113235-1-expected.txt:
• platform/mac/tables/mozilla/bugs/bug647-expected.txt:
• platform/mac/tables/mozilla/other/wa_table_tr_align-expected.txt:
• plugins/plugin-remove-readystatechange-expected.txt:
• svg/custom/system-language-crash-expected.txt:
• transitions/equivalent-background-image-no-transition.html:
• transitions/repeated-firing-background-color.html:
• transitions/transition-duration-cleared-in-transitionend-crash.html:

Adopt a few transition test cases to new behavior.

6:12 AM Changeset in webkit [160907] by mario.prada@samsung.com

• 14 edits in trunk

[ATK] [WK2] platform/gtk/accessibility/roles-exposed.html is failing
​https://bugs.webkit.org/show_bug.cgi?id=125854

Reviewed by Chris Fleizach.

Tools:

Ensure we don't ever create instances of AccessibilityUIElement
wrapping invalid platform-specific accessibility objects in DRT,
both for consistency with what WKTR does (so we avoid situations
where some tests fail in WK2 and not in WK1) and also to avoid
overlooking tests that might not be checking the right thing.

• DumpRenderTree/AccessibilityUIElement.cpp:

(AccessibilityUIElement::makeJSAccessibilityUIElement): Return a
nullPtr if the platformUIElement() is not a valid one.

• DumpRenderTree/AccessibilityUIElement.h:

(AccessibilityUIElement::platformUIElement): Added const modifier.

LayoutTests:

Updated tests and expectations to keep them passing after the
change done in DRT, without changing their actual purpose.

• platform/gtk/accessibility/roles-exposed.html: Make sure we

print "AXRole: (no element)" when accessibilityElementByID() does
not return a valid object, not to confuse it with cases where the
returned string for the role is an empty string.

• platform/gtk/accessibility/roles-exposed-expected.txt: Update

test expectations to reflect the "AXRole: (no element)" string
that is now being exposed. Also, replace the (wrongly added) PASS
expectations with FAIL for rowgroups, which are currently not
being exposed for ATK either.

• accessibility/deleting-iframe-destroys-axcache.html: Just

consider the first and third sons of the accessibility object for
the body (instead of the grandsons), so the test can run both in
Mac, where sons and grandsons are exposed, and ATK, where only
sons are exposed (no StaticText objects exposed there).

• accessibility/non-data-table-cell-title-ui-element.html: Use

accessibilityElementById() to get the accessibility object for the
"skip" table header instead of navigating with childAtIndex(),
since the hierarchy is not the same for Mac and ATK based ports.

• platform/mac/accessibility/search-predicate.html: Do not rely on

shouldBe() together with the string "AXRole: " when asking for the
role of objects that should no longer be in the accessibility
tree, and use shouldBeUndefined() instead.

• platform/mac/accessibility/search-when-element-starts-in-table.html: Ditto.

• platform/mac/accessibility/search-predicate-expected.txt: Update

expectations according to the usage of shouldBeUndefined().

• platform/mac/accessibility/search-when-element-starts-in-table-expected.txt: Ditto.

• platform/mac/TestExpectations: Add loading-iframe-updates-axtree.html

here, since it seems not to be returning the expected values for
either the scrollarea and the webarea in the iframe (see bug 126066).

• platform/mac-wk2/TestExpectations: Add search-when-element-starts-in-table.html

here, since it does not return an undefined object in WebKit2 when
the search query should return no results (see bug 125996).

5:47 AM Changeset in webkit [160906] by akling@apple.com

• 6 edits in trunk/Source/WebCore

Devirtualize RenderElement::setStyle().
<​https://webkit.org/b/126065>

setStyle() was only virtual in order to let RenderSVGBlock override
the display type in some cases. Devirtualized it and moved the fixup
logic to StyleResolver::adjustRenderStyle().

This hack had an evil twin in RenderElement::initializeStyle() that
also goes away. FIXME--!

Based on a Blink change by Elliott Sprehn.

Reviewed by Antti Koivisto.

5:44 AM Changeset in webkit [160905] by stavila@adobe.com

• 5 edits
  4 adds in trunk

[CSS Regions] When changing flow-from/flow-into on :hover, elements overflowing the region are not correctly repainted
​https://bugs.webkit.org/show_bug.cgi?id=117259

Reviewed by Antti Koivisto.

Source/WebCore:

When computing the repaint rect for a region, the existing visual overflow must be taken into consideration.
For this purpose, I overridden the visualOverflowRect method in RenderNamedFlowFragment, which ends up being
called from RenderBox::clippedOverflowRectForRepaint.

Test: fast/regions/hover-single-flow-from-none-overflow.html

fast/regions/hover-single-flow-from-none-overflow-top.html

• rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::visualOverflowRect):

• rendering/RenderNamedFlowFragment.h:

LayoutTests:

Added new tests and rebased existing test.

• fast/regions/hover-single-flow-from-none-overflow-expected.html: Added.
• fast/regions/hover-single-flow-from-none-overflow.html: Added.
• fast/regions/hover-single-flow-from-none-overflow-top-expected.html: Added.
• fast/regions/hover-single-flow-from-none-overflow-top.html: Added.
• fast/regions/repaint/repaint-regions-overflow-expected.txt: Rebased.

4:11 AM Changeset in webkit [160904] by Carlos Garcia Campos

• 2 edits in trunk/Source/WebKit2

[GTK] Some unit tests using web extensions fail when run alone
​https://bugs.webkit.org/show_bug.cgi?id=126002

Reviewed by Gustavo Noronha Silva.

The problem is that the page is created before the dbus connection
has been established, and we are connecting to web-page-created
signal once we have a valid dbus connection. We should connect to
the signal before connecting to dbus and queue any request to emit
a dbus signal until the connection is set. This also fixes the
WebExtensions tests when using the network process because a new
web process is launched for every test case.

• UIProcess/API/gtk/tests/WebExtensionTest.cpp:

(DelayedSignal::DelayedSignal): Helper struct to queue signal
emissions requested before the dbus connection has been
established.
(emitDocumentLoaded): Emit the dbus DocumentLoaded signal.
(documentLoadedCallback): Queue the signal emission if we still
don't have a connection or call emitDocumentLoaded otherwise.
(emitURIChanged): Emit the dbus URIChanged signal.
(uriChangedCallback): Queue the signal emission if we still don't
have a connection or call emitURIChanged otherwise.
(pageCreatedCallback): Pass the web extension as user data to
document-loaded and uri-changed callbacks.
(busAcquiredCallback): Set the connection as user data of the web
extension and process any delayed signal emission pending.
(webkit_web_extension_initialize): Connect to web-page-create
signal before connecting to dbus.

3:52 AM Changeset in webkit [160903] by mario.prada@samsung.com

• 15 edits
  2 adds in trunk

Programmatically-inserted children lack accessibility events
​https://bugs.webkit.org/show_bug.cgi?id=100275

Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/children-changed-sends-notification.html

Emit children-changed::add and children-changed::remove whenever
an object has been added/removed to the accessibility hierarchy,
that is, when a new AtkObject is being attached/detached.

• accessibility/AXObjectCache.h:

(WebCore::AXObjectCache::detachWrapper): Added a new parameter and
updated all the prototypes in different ports.

• accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::~AXObjectCache): Call detachWrapper()
specifying that we do it because the cache is being destroyed.
(WebCore::AXObjectCache::remove): Call detachWrapper() specifying
that we do it because an accessible element is being destroyed.

• accessibility/atk/AXObjectCacheAtk.cpp:

(WebCore::AXObjectCache::detachWrapper): Emit the children-changed
signal when needed. We rely on the cached reference to the parent
AtkObject (using the implementation of atk_object_get_parent from
the AtkObject class) to find the right object to emit the signal
from here, since the accessibility hierarchy from WebCore will no
longer be accessible at this point.
(WebCore::AXObjectCache::attachWrapper): Emit the children-change
signal from here unless we are in the middle of a layout update,
trying to provide as much information (e.g. the offset) as possible.
(WebCore::AXObjectCache::postPlatformNotification): Make sure we
update (touch) the subtree under an accessibility object whenever
we receive AXChildrenChanded from WebCore, to ensure that those
objects will also be visible rightaway to ATs, and that those get
properly notified of the event at that very same moment.

• accessibility/ios/AXObjectCacheIOS.mm:

(WebCore::AXObjectCache::detachWrapper): Updated function signature.

• accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::detachWrapper): Ditto.

• accessibility/win/AXObjectCacheWin.cpp:

(WebCore::AXObjectCache::detachWrapper): Ditto.

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::children): Add the option ot
request the AccessibilityChildrenVector without updating it if
needed, to avoid maybe recreating the child subtree when trying to
get the offset of a newly attached element from attachWrapper.

• accessibility/AccessibilityObject.h:

Tools:

Update DRT and WebKitTestRunner to handle the children-changed
signal properly, considering the detail and optional parameters.

• DumpRenderTree/atk/AccessibilityCallbacksAtk.cpp: Updated.

(axObjectEventListener):

• WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.cpp: Updated.

LayoutTests:

Add new test to chack that children-changed signals are properly
emitted when adding/removing elements in the accessibility hierarchy.

• accessibility/children-changed-sends-notification-expected.txt: Added.
• accessibility/children-changed-sends-notification.html: Added.

Update test to filter out unrelated non-loading events.

• accessibility/loading-iframe-sends-notification.html: Updated.

Skip the test on the Mac as it does not expose these kind of
notifications when children are being added or removed.

• platform/mac/TestExpectations: Skip newly added test.

3:28 AM Changeset in webkit [160902] by Csaba Osztrogonác

• 2 edits in trunk/Tools

Removed unused BUILDER_BASE_URL.
​https://bugs.webkit.org/show_bug.cgi?id=125442

Patch by Peter Molnar <​pmolnar.u-szeged@partner.samsung.com> on 2013-12-20
Reviewed by Csaba Osztrogonác.

• Scripts/webkitpy/layout_tests/layout_package/json_results_generator_unittest.py:

(JSONGeneratorTest._test_json_generation): Trivial test fix after r160900.

3:02 AM Changeset in webkit [160901] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Move function calls outside loop in dom
​https://bugs.webkit.org/show_bug.cgi?id=125916

Patch by Laszlo Vidacs <​lvidacs.u-szeged@partner.samsung.com> on 2013-12-20
Reviewed by Csaba Osztrogonác.

Do not call length() in each iteration.

• dom/Element.cpp:

(WebCore::Element::cloneAttributesFromElement):

• dom/Node.cpp:

(WebCore::Node::dumpStatistics):

3:00 AM Changeset in webkit [160900] by commit-queue@webkit.org

• 4 edits in trunk/Tools

Removed unused BUILDER_BASE_URL.
​https://bugs.webkit.org/show_bug.cgi?id=125442

Patch by Peter Molnar <​pmolnar.u-szeged@partner.samsung.com> on 2013-12-20
Reviewed by Csaba Osztrogonác.

The string constant BUILDER_BASE_URL is passed around several times,
but we don't use it anywhere. It is a leftover from Chromium, cleaned it up.

• Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager._upload_json_files):

• Scripts/webkitpy/layout_tests/layout_package/json_layout_results_generator.py:

(JSONLayoutResultsGenerator.init):

• Scripts/webkitpy/layout_tests/layout_package/json_results_generator.py:

(JSONResultsGenerator.init):

2:52 AM Changeset in webkit [160899] by commit-queue@webkit.org

• 2 edits in trunk/Source/WTF

Build fails in debug mode after r160834.
​https://bugs.webkit.org/show_bug.cgi?id=126059

Patch by Tamas Gergely <​tgergely.u-szeged@partner.samsung.com> on 2013-12-20
Reviewed by Csaba Osztrogonác.

Debug mode build failed due to comparing signed and unsigned in
ASSERT(). Now both values are unsigned.

• wtf/dtoa/double-conversion.cc:

Dec 19, 2013:

11:20 PM Changeset in webkit [160898] by Beth Dakin

• 7 edits in trunk/Source/WebCore

REGRESSION: cnn.com will continue to reveal 1 px of overhang after rubber-banding
at the top
​https://bugs.webkit.org/show_bug.cgi?id=126054

Reviewed by Simon Fraser.

This regression was caused by ​http://trac.webkit.org/changeset/160791 It turns out
that the line of code I removed was not always a no-op. In some instances, like on
cnn.com, it would ensure that our final scroll position after a rubber-band was
not something within the overhang area. It was still wrong in its assumption that
rubber-band is always bouncing back the spot it originated from. So this patch
continues to ignore the rubber-bands origin, and instead finds the nearest point
that is not in the overhang area, and scrolls to that point instead of the origin.

• page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
• page/scrolling/mac/ScrollingTreeScrollingNodeMac.mm:

(WebCore::ScrollingTreeScrollingNodeMac::adjustScrollPositionToBoundsIfNecessary):

• platform/mac/ScrollAnimatorMac.h:
• platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::adjustScrollPositionToBoundsIfNecessary):

• platform/mac/ScrollElasticityController.h:
• platform/mac/ScrollElasticityController.mm:

(WebCore::ScrollElasticityController::snapRubberBandTimerFired):

9:52 PM Changeset in webkit [160897] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Frontend Error when selecting Database folder in Resources Sidebar
​https://bugs.webkit.org/show_bug.cgi?id=126029

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-12-19
Reviewed by Timothy Hatcher.

Treat the DatabaseHostTreeElement tree element like a folder. It pretty much
is a folder, but inherits from StorageTreeElement to share some code there.

• UserInterface/ResourceSidebarPanel.js:

(WebInspector.ResourceSidebarPanel.prototype._treeElementSelected):

8:01 PM Changeset in webkit [160896] by rniwa@webkit.org

• 3 edits in trunk/LayoutTests

REGRESSION(r160847): fast/events/overflowchanged-inside-selection-collapse-crash.html fails
​https://bugs.webkit.org/show_bug.cgi?id=126037

Reviewed by Anders Carlsson.

Since overflowchanged event is now asynchronous, make the call to testRunner.notifyDone() also asynchronous.

• TestExpectations:
• fast/dynamic/paused-event-dispatch.html:

7:49 PM Changeset in webkit [160895] by commit-queue@webkit.org

• 3 edits in trunk/Tools

check-webkit-style mistakenly flags assigning to a dereferenced pointer
​https://bugs.webkit.org/show_bug.cgi?id=126041

Patch by Myles C. Maxfield <​mmaxfield@apple.com> on 2013-12-19
Reviewed by Ryosuke Niwa.

When checking for lines like "Foo *bar;", check-webkit-style doesn't make
sure that there is a declaration. This patch makes sure that there is a
declaration in order to flag spacing around asterisks.

• Scripts/webkitpy/style/checkers/cpp.py:

(check_spacing):

• Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_pointer_reference_marker_location):

7:48 PM Changeset in webkit [160894] by Simon Fraser

• 4 edits in trunk/Source/WebCore

Clarify the behavior of composited canvases
​https://bugs.webkit.org/show_bug.cgi?id=126042

Reviewed by Tim Horton.

Different platforms composite 2D and 3D canvases in different ways.

"Accelerated 2D" canvases, and WebGL are always set as GraphicsLayer
contents.

"IOSurface" canvases (Mac and iOS-only) get a compositing layer, but
paint into it (because this is fast, and a convenient way to get
synchronization).

So make these behaviors explicit in RenderLayerBacking and RenderLayerCompositor.
No behavior changes on OS X, bug fix on iOS.

• rendering/RenderLayerBacking.cpp:

(WebCore::canvasCompositingStrategy):
(WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration):
(WebCore::RenderLayerBacking::containsPaintedContent):
(WebCore::RenderLayerBacking::contentChanged):

• rendering/RenderLayerBacking.h:
• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForCanvas):

7:33 PM Changeset in webkit [160893] by fpizlo@apple.com

• 41 edits
  10 adds in branches/jsCStack/Source/JavaScriptCore

FTL should be able to do call ICs
​https://bugs.webkit.org/show_bug.cgi?id=125811

Reviewed by Geoffrey Garen.

Add Call/Construct inline caching to the FTL. That part is super easy.

But to make it possible for the FTL (which preserves system ABI callee-save registers
and expects calls to preserve them) to call into non-FTL JSC JITs (which don't preserve
any registers), we need to have some special thunks. That's most of the patch. In
particular, all JITCode's can now give you entrypoints with or without register
preservation and this may mean lazily creating wrapper thunks that preserve registers.
FTL OSR exit may involve exiting into a register restoration thunk and it may also
involve decoding FTL unwind info in order to figure out where registers were preserved.

• JavaScriptCore.xcodeproj/project.pbxproj:
• assembler/MacroAssemblerCodeRef.h:

(JSC::MacroAssemblerCodePtr::operator UnspecifiedBoolType*):
(JSC::MacroAssemblerCodeRef::operator UnspecifiedBoolType*):

• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::unlink):

• bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::CallLinkInfo):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::jitCode):

• dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

• dfg/DFGJITFinalizer.cpp:

(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

• ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateCodeSection):
(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):

• ftl/FTLInlineCacheSize.cpp:

(JSC::FTL::sizeOfCall):

• ftl/FTLInlineCacheSize.h:
• ftl/FTLIntrinsicRepository.h:
• ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::initializeArityCheckEntrypoint):
(JSC::FTL::JITCode::addressForCall):
(JSC::FTL::JITCode::executableAddressAtOffset):
(JSC::FTL::JITCode::dataAddressAtOffset):
(JSC::FTL::JITCode::offsetOf):
(JSC::FTL::JITCode::size):
(JSC::FTL::JITCode::contains):

• ftl/FTLJITCode.h:
• ftl/FTLJITFinalizer.cpp:

(JSC::FTL::JITFinalizer::finalizeFunction):

• ftl/FTLJSCall.cpp: Added.

(JSC::FTL::JSCall::JSCall):
(JSC::FTL::JSCall::emit):
(JSC::FTL::JSCall::link):

• ftl/FTLJSCall.h: Added.

(JSC::FTL::JSCall::stackmapID):
(JSC::FTL::JSCall::operator<):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileGetById):
(JSC::FTL::LowerDFGToLLVM::compilePutById):
(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
(JSC::FTL::LowerDFGToLLVM::callStackmap):

• ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry):

• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• ftl/FTLRegisterAtOffset.cpp: Added.

(JSC::FTL::RegisterAtOffset::dump):

• ftl/FTLRegisterAtOffset.h: Added.

(JSC::FTL::RegisterAtOffset::RegisterAtOffset):
(JSC::FTL::RegisterAtOffset::operator!):
(JSC::FTL::RegisterAtOffset::gpr):
(JSC::FTL::RegisterAtOffset::offset):
(JSC::FTL::RegisterAtOffset::operator==):
(JSC::FTL::RegisterAtOffset::operator<):
(JSC::FTL::RegisterAtOffset::getGPR):

• ftl/FTLStackMaps.cpp:

(JSC::FTL::StackMaps::Record::parse):

• ftl/FTLState.cpp:

(JSC::FTL::State::State):

• ftl/FTLState.h:
• ftl/FTLUnwindInfo.cpp: Added.

(JSC::FTL::UnwindInfo::UnwindInfo):
(JSC::FTL::UnwindInfo::~UnwindInfo):
(JSC::FTL::UnwindInfo::parse):
(JSC::FTL::UnwindInfo::dump):
(JSC::FTL::UnwindInfo::find):
(JSC::FTL::UnwindInfo::indexOf):

• ftl/FTLUnwindInfo.h: Added.
• jit/JIT.cpp:

(JSC::JIT::privateCompile):

• jit/JIT.h:
• jit/JITCall.cpp:

(JSC::JIT::compileOpCallSlowCase):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileOpCallSlowCase):

• jit/JITCode.cpp:

(JSC::JITCode::hostFunction):
(JSC::JITCodeWithCodeRef::JITCodeWithCodeRef):
(JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef):
(JSC::JITCodeWithCodeRef::executableAddressAtOffset):
(JSC::JITCodeWithCodeRef::dataAddressAtOffset):
(JSC::JITCodeWithCodeRef::offsetOf):
(JSC::JITCodeWithCodeRef::size):
(JSC::JITCodeWithCodeRef::contains):
(JSC::DirectJITCode::DirectJITCode):
(JSC::DirectJITCode::~DirectJITCode):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::ensureWrappers):
(JSC::DirectJITCode::addressForCall):
(JSC::NativeJITCode::NativeJITCode):
(JSC::NativeJITCode::~NativeJITCode):
(JSC::NativeJITCode::initializeCodeRef):
(JSC::NativeJITCode::addressForCall):

• jit/JITCode.h:
• jit/JITOperations.cpp:
• jit/JITOperations.h:

(JSC::operationLinkFor):
(JSC::operationVirtualFor):
(JSC::operationLinkClosureCallFor):

• jit/RegisterPreservationWrapperGenerator.cpp: Added.

(JSC::registersToPreserve):
(JSC::registerPreservationOffset):
(JSC::generateWrapper):
(JSC::generateRegisterRestoration):
(JSC::registerRestorationThunkGenerator):

• jit/RegisterPreservationWrapperGenerator.h: Added.
• jit/Repatch.cpp:

(JSC::linkSlowFor):
(JSC::linkFor):
(JSC::linkClosureCall):

• jit/Repatch.h:
• jit/ThunkGenerators.cpp:

(JSC::linkForThunkGenerator):
(JSC::linkCallThunkGenerator):
(JSC::linkConstructThunkGenerator):
(JSC::linkCallThatPreservesRegsThunkGenerator):
(JSC::linkConstructThatPreservesRegsThunkGenerator):
(JSC::linkClosureCallForThunkGenerator):
(JSC::linkClosureCallThunkGenerator):
(JSC::linkClosureCallThatPreservesRegsThunkGenerator):
(JSC::virtualForThunkGenerator):
(JSC::virtualCallThunkGenerator):
(JSC::virtualConstructThunkGenerator):
(JSC::virtualCallThatPreservesRegsThunkGenerator):
(JSC::virtualConstructThatPreservesRegsThunkGenerator):

• jit/ThunkGenerators.h:

(JSC::linkThunkGeneratorFor):
(JSC::linkClosureCallThunkGeneratorFor):
(JSC::virtualThunkGeneratorFor):

• llint/LLIntEntrypoint.cpp:

(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::entryOSR):
(JSC::LLInt::setUpCall):

• llint/LowLevelInterpreter.asm:
• runtime/ArityCheckMode.h: Added.
• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/Executable.cpp:

(JSC::ScriptExecutable::installCode):

• runtime/Executable.h:

(JSC::ExecutableBase::entrypointFor):
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
(JSC::NativeExecutable::finishCreation):

• runtime/RegisterPreservationMode.h: Added.

6:58 PM Changeset in webkit [160892] by Lucas Forschler

• 5 edits in trunk/Source

Versioning.

6:55 PM Changeset in webkit [160891] by Lucas Forschler

• 1 copy in tags/Safari-538.10

New Tag.

6:38 PM Changeset in webkit [160890] by mark.lam@apple.com

• 5 edits in branches/jsCStack/Source/JavaScriptCore

CStack: The JIT does not need a slow path stack check.
​https://bugs.webkit.org/show_bug.cgi?id=126036.

Reviewed by Geoffrey Garen.

The JIT uses the C stack which is not growable. If we fail a stack
check in the function header, then a stack overflow is imminent, and
there's no need to redo the check in the slow path helper.

Hence, renamed operationStackCheck() to operationThrowStackOverflowError()
and change the JIT and DFG code to use this appropriately.

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileFunction):

• jit/JIT.cpp:

(JSC::JIT::privateCompile):

• jit/JITOperations.cpp:
• jit/JITOperations.h:

6:01 PM Changeset in webkit [160889] by matthew_hanson@apple.com

• 5 edits in branches/safari-537.74-branch/Source

Versioning

6:00 PM Changeset in webkit [160888] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Uncaught Exception: NavigationSidebarPanel.js: TypeError: undefined is not a function
​https://bugs.webkit.org/show_bug.cgi?id=126018

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-12-19
Reviewed by Timothy Hatcher.

ERROR: TypeError: undefined is not a function (evaluating 'representedObject.saveIdentityToCookie(candidateObjectCookie)')

There are some TreeElements (Folders, and the special Databases Folder)
which do not have a represented object, and would throw an exception
when trying to use saveIdentityToCookie.

We should always provide a saveIdentityToCookie when possible. So just
blacklist the tree element types we know do not have representedObjects,
and where we don't want to save identity. This will continue to throw
exceptions in the future for tree elements that don't have the save
function implemented, but should.

Note that even if a TreeElement is constructed with a null represented

object, it becomes an empty object (representedObject

{}).

• UserInterface/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel.prototype.saveStateToCookie):
(WebInspector.NavigationSidebarPanel.prototype._isTreeElementWithoutRepresentedObject):
(WebInspector.NavigationSidebarPanel.prototype.treeElementMatchesCookie):
(WebInspector.NavigationSidebarPanel.prototype._checkElementsForPendingViewStateCookie):

5:59 PM Changeset in webkit [160887] by commit-queue@webkit.org

• 9 edits in trunk/Source

Web Inspector: Add InspectorFrontendHost.debuggableType to let the frontend know it's backend is JavaScript or Web
​https://bugs.webkit.org/show_bug.cgi?id=126016

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-12-19
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

• inspector/remote/RemoteInspector.mm:

(Inspector::RemoteInspector::listingForDebuggable):

• inspector/remote/RemoteInspectorConstants.h:

Include a debuggable type identifier in the debuggable listing,
so the remote frontend can know if it is debugging a Web Page
or JS Context.

Source/WebCore:

• inspector/InspectorFrontendHost.cpp:

(WebCore::InspectorFrontendHost::debuggableType):

• inspector/InspectorFrontendHost.h:
• inspector/InspectorFrontendHost.idl:

Expose the debuggableType to the frontend. In WebCore it is always a "web" type.

Source/WebInspectorUI:

• UserInterface/LoadInspectorBackendCommands.js:

If the debuggable target is "web" load both JS and Web backend commands.
Otherwise, we only load the default, js backend commands.

5:55 PM Changeset in webkit [160886] by matthew_hanson@apple.com

• 1 copy in tags/Safari-537.74.2

New tag.

5:54 PM Changeset in webkit [160885] by matthew_hanson@apple.com

• 1 delete in tags/Safari-537.74.2

Deleting tag. The tag was copied incorrectly from ​http://svn.webkit.org/repository/webkit/tags/Safari-537.74.1.

5:48 PM Changeset in webkit [160884] by matthew_hanson@apple.com

• 1 copy in tags/Safari-537.74.2

New Tag.

5:45 PM Changeset in webkit [160883] by matthew_hanson@apple.com

• 5 edits in branches/safari-537.74-branch/Source

Versioning

5:41 PM Changeset in webkit [160882] by benjamin@webkit.org

• 2 edits in trunk/Source/WebKit2

[WK2][iOS] Enable multiprocess by default
​https://bugs.webkit.org/show_bug.cgi?id=126030

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2013-12-19
Reviewed by Anders Carlsson.

• UIProcess/API/Cocoa/WKProcessGroup.mm:

(-[WKProcessGroup initWithInjectedBundleURL:]):

5:39 PM Changeset in webkit [160881] by benjamin@webkit.org

• 4 edits
  1 add in trunk/Source

Add an utility class to simplify generating function calls
​https://bugs.webkit.org/show_bug.cgi?id=125972

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Split branchTest32 in two functions: test32AndSetFlags and branchOnFlags.
This is done to allow code where the flags are set, multiple operation that
do not modify the flags occur, then the flags are used.

This is used for function calls to test the return value while discarding the
return register.

• assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::test32AndSetFlags):
(JSC::MacroAssemblerX86Common::branchOnFlags):
(JSC::MacroAssemblerX86Common::branchTest32):

Source/WebCore:

FunctionCall is a little helper class to make function calls from the JIT
in 3 or 4 lines.

FunctionCall takes a StackAllocator, a RegisterAllocator and a function pointer.
When the call is generated, the helper saves the registers as necessary, aligns
the stack, does the call, restores the stack, and restore the registers.

• cssjit/FunctionCall.h: Added.

(WebCore::FunctionCall::FunctionCall):
(WebCore::FunctionCall::setFunctionAddress):
(WebCore::FunctionCall::setFirstArgument):
(WebCore::FunctionCall::call):

(WebCore::FunctionCall::callAndBranchOnCondition): Most test functions used
with FunctionCall return a boolean. When the boolean is the sole purpose of the function
call, this provides an easy way to branch on the boolean without worrying about registers.

The return register is tested first, then all the saved registers are restored from the stack
(which can include the return register), finally the flags are used for a jump.

(WebCore::FunctionCall::prepareAndCall):
(WebCore::FunctionCall::cleanupPostCall):
(WebCore::FunctionCall::saveAllocatedRegisters):
(WebCore::FunctionCall::restoreAllocatedRegisters):

• WebCore.xcodeproj/project.pbxproj:
• cssjit/FunctionCall.h: Added.

(WebCore::FunctionCall::FunctionCall):
(WebCore::FunctionCall::setFunctionAddress):
(WebCore::FunctionCall::setFirstArgument):
(WebCore::FunctionCall::call):
(WebCore::FunctionCall::callAndBranchOnCondition):
(WebCore::FunctionCall::prepareAndCall):
(WebCore::FunctionCall::cleanupPostCall):
(WebCore::FunctionCall::saveAllocatedRegisters):
(WebCore::FunctionCall::restoreAllocatedRegisters):

5:18 PM Changeset in webkit [160880] by andersca@apple.com

• 4 edits in trunk/Source/WebCore

Begin stubbing out the KeyedDecoder class
​https://bugs.webkit.org/show_bug.cgi?id=126031

Reviewed by Andreas Kling.

KeyedDecoder is going to be the new way to decode back forward trees.

• history/HistoryItem.cpp:

(WebCore::HistoryItem::decodeBackForwardTree):

• history/HistoryItem.h:
• platform/KeyedCoding.h:

(WebCore::KeyedDecoder::~KeyedDecoder):

4:52 PM Changeset in webkit [160879] by oliver@apple.com

• 23 edits
  2 adds in trunk

DOM bindings should use thisValue for attributes
​https://bugs.webkit.org/show_bug.cgi?id=126011

Reviewed by Antti Koivisto.

Source/WebCore:

Make all standard DOM attributes use the thisValue instead
of the slot object. This requires using a dynamic cast in
the attribute getters. Happily for normal uses this a single
indirect load and pointer compare, and we were already doing
it for many attributes.

Alas it's too expensive to do this on the window object still
due to the proxy indirection that intercepts global variable
access. I'll correct this in a follow on patch (bug 126013).

A number of custom getters have also been updated to use the
thisValue and full type checks.

This patch still leaves the index and generic named getters
on the slot based model as fixing these cases requires more
complicated changes.

• bindings/js/JSCSSStyleDeclarationCustom.cpp:

(WebCore::cssPropertyGetterPixelOrPosPrefixCallback):
(WebCore::cssPropertyGetterCallback):

• bindings/js/JSPluginElementFunctions.cpp:

(WebCore::pluginElementPropertyGetter):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

• bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::jsTestActiveDOMObjectExcitingAttr):
(WebCore::jsTestActiveDOMObjectConstructor):

• bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::jsTestCustomNamedGetterConstructor):

• bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::jsTestEventConstructorAttr1):
(WebCore::jsTestEventConstructorAttr2):
(WebCore::jsTestEventConstructorConstructor):

• bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::jsTestEventTargetConstructor):

• bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::jsTestExceptionName):
(WebCore::jsTestExceptionConstructor):

• bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::jsTestGenerateIsReachableConstructor):

• bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::jsTestInterfaceConstructorImplementsStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorImplementsStaticAttr):
(WebCore::jsTestInterfaceImplementsStr1):
(WebCore::jsTestInterfaceImplementsStr2):
(WebCore::jsTestInterfaceImplementsStr3):
(WebCore::jsTestInterfaceImplementsNode):
(WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::jsTestInterfaceSupplementalStr1):
(WebCore::jsTestInterfaceSupplementalStr2):
(WebCore::jsTestInterfaceSupplementalStr3):
(WebCore::jsTestInterfaceSupplementalNode):
(WebCore::jsTestInterfaceConstructor):

• bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::jsTestMediaQueryListListenerConstructor):

• bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::jsTestNamedConstructorConstructor):

• bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::jsTestNodeConstructor):

• bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjReadOnlyLongAttr):
(WebCore::jsTestObjReadOnlyStringAttr):
(WebCore::jsTestObjReadOnlyTestObjAttr):
(WebCore::jsTestObjConstructorStaticReadOnlyLongAttr):
(WebCore::jsTestObjConstructorStaticStringAttr):
(WebCore::jsTestObjConstructorTestSubObj):
(WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
(WebCore::jsTestObjEnumAttr):
(WebCore::jsTestObjByteAttr):
(WebCore::jsTestObjOctetAttr):
(WebCore::jsTestObjShortAttr):
(WebCore::jsTestObjUnsignedShortAttr):
(WebCore::jsTestObjLongAttr):
(WebCore::jsTestObjLongLongAttr):
(WebCore::jsTestObjUnsignedLongLongAttr):
(WebCore::jsTestObjStringAttr):
(WebCore::jsTestObjTestObjAttr):
(WebCore::jsTestObjXMLObjAttr):
(WebCore::jsTestObjCreate):
(WebCore::jsTestObjReflectedStringAttr):
(WebCore::jsTestObjReflectedIntegralAttr):
(WebCore::jsTestObjReflectedUnsignedIntegralAttr):
(WebCore::jsTestObjReflectedBooleanAttr):
(WebCore::jsTestObjReflectedURLAttr):
(WebCore::jsTestObjReflectedCustomIntegralAttr):
(WebCore::jsTestObjReflectedCustomBooleanAttr):
(WebCore::jsTestObjReflectedCustomURLAttr):
(WebCore::jsTestObjTypedArrayAttr):
(WebCore::jsTestObjAttrWithGetterException):
(WebCore::jsTestObjAttrWithSetterException):
(WebCore::jsTestObjStringAttrWithGetterException):
(WebCore::jsTestObjStringAttrWithSetterException):
(WebCore::jsTestObjCustomAttr):
(WebCore::jsTestObjWithScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute):
(WebCore::jsTestObjConditionalAttr1):
(WebCore::jsTestObjConditionalAttr2):
(WebCore::jsTestObjConditionalAttr3):
(WebCore::jsTestObjConditionalAttr4Constructor):
(WebCore::jsTestObjConditionalAttr5Constructor):
(WebCore::jsTestObjConditionalAttr6Constructor):
(WebCore::jsTestObjCachedAttribute1):
(WebCore::jsTestObjCachedAttribute2):
(WebCore::jsTestObjAnyAttribute):
(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjMutablePoint):
(WebCore::jsTestObjImmutablePoint):
(WebCore::jsTestObjStrawberry):
(WebCore::jsTestObjStrictFloat):
(WebCore::jsTestObjDescription):
(WebCore::jsTestObjId):
(WebCore::jsTestObjHash):
(WebCore::jsTestObjReplaceableAttribute):
(WebCore::jsTestObjNullableDoubleAttribute):
(WebCore::jsTestObjNullableLongAttribute):
(WebCore::jsTestObjNullableBooleanAttribute):
(WebCore::jsTestObjNullableStringAttribute):
(WebCore::jsTestObjNullableLongSettableAttribute):
(WebCore::jsTestObjNullableStringValue):
(WebCore::jsTestObjAttribute):
(WebCore::jsTestObjAttributeWithReservedEnumType):
(WebCore::jsTestObjConstructor):

• bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::jsTestOverloadedConstructorsConstructor):

• bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::jsTestSerializedScriptValueInterfaceValue):
(WebCore::jsTestSerializedScriptValueInterfaceReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
(WebCore::jsTestSerializedScriptValueInterfacePorts):
(WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceConstructor):

• bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::jsTestTypedefsUnsignedLongLongAttr):
(WebCore::jsTestTypedefsImmutableSerializedScriptValue):
(WebCore::jsTestTypedefsConstructorTestSubObj):
(WebCore::jsTestTypedefsAttrWithGetterException):
(WebCore::jsTestTypedefsAttrWithSetterException):
(WebCore::jsTestTypedefsStringAttrWithGetterException):
(WebCore::jsTestTypedefsStringAttrWithSetterException):
(WebCore::jsTestTypedefsConstructor):

• bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::jsattributeReadonly):
(WebCore::jsattributeConstructor):

• bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::jsreadonlyConstructor):

• bridge/runtime_array.cpp:

(JSC::RuntimeArray::lengthGetter):

• bridge/runtime_method.cpp:

(JSC::RuntimeMethod::lengthGetter):

LayoutTests:

• js/dom/dom-attributes-on-mismatch-type.html: Added.
• js/dom/dom-attributes-on-mismatch-type-expected.txt: Added.

4:49 PM Changeset in webkit [160878] by mhahnenberg@apple.com

• 10 edits in trunk/Source/JavaScriptCore

Put write barriers in the right places in the baseline JIT
​https://bugs.webkit.org/show_bug.cgi?id=125975

Reviewed by Filip Pizlo.

• jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::callOperation):
(JSC::JIT::emitArrayProfilingSite):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_enter):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_enter):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitArrayStoragePutByVal):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_init_global_const):
(JSC::JIT::checkMarkWord):
(JSC::JIT::emitWriteBarrier):
(JSC::JIT::privateCompilePutByVal):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitArrayStoragePutByVal):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_init_global_const):

• jit/Repatch.cpp:

(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStub):
(JSC::repatchPutByID):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:

4:48 PM Changeset in webkit [160877] by aestes@apple.com

• 11 edits in trunk/Source

Remove WebFilterEvaluator wrappers from WebKitSystemInterface
​https://bugs.webkit.org/show_bug.cgi?id=126028

Reviewed by Anders Carlsson.

Source/WebCore:

It's overkill to pipe access to WebFilterEvaluator through
WebKitSystemInterface. Instead, include WebFilterEvaluator.h when it
exists and re-declare WebFilterEvaluator when it doesn't.

WebKitSystemInterface used to soft-link WebContentAnalysis.framework
since OS X 10.7 didn't contain this framework. Since we no longer
support 10.7, we can now directly link against the framework.

• Configurations/WebCore.xcconfig: Add /System/Library/PrivateHeaders

to the system framework search path at both compile and link time so
that we can find WebContentAnalysis.framework.

• WebCore.exp.in: Don't export removed symbols.
• WebCore.xcodeproj/project.pbxproj: Added WebContentAnalysis.framework

to the 'Link Binary With Libraries' build phase.

• platform/mac/ContentFilterMac.mm: Included WebFilterEvaluator.h when

it exists and re-declared WebFilterEvaluator when it doesn't.
(WebCore::ContentFilter::ContentFilter): Directly called a method on
m_platformContentFilter rather than going through WKSI.
(WebCore::ContentFilter::isEnabled): Ditto.
(WebCore::ContentFilter::addData): Ditto.
(WebCore::ContentFilter::finishedAddingData): Ditto.
(WebCore::ContentFilter::needsMoreData): Ditto.
(WebCore::ContentFilter::didBlockData): Ditto.

• platform/mac/WebCoreSystemInterface.h: Removed function pointers for

calling into WKSI.

• platform/mac/WebCoreSystemInterface.mm: Ditto.

Source/WebKit/mac:

• WebCoreSupport/WebSystemInterface.mm:

(InitWebCoreSystemInterface): Don't INIT() removed function pointers.

Source/WebKit2:

• WebProcess/WebCoreSupport/mac/WebSystemInterface.mm:

(InitWebCoreSystemInterface): Don't INIT() removed function pointers.

4:42 PM Changeset in webkit [160876] by Brent Fulgham

• 5 edits in trunk

Implement ArrayBuffer.isView
​https://bugs.webkit.org/show_bug.cgi?id=126004

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Test coverage in webgl/1.0.2/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html

• runtime/JSArrayBufferConstructor.cpp:

(JSC::JSArrayBufferConstructor::finishCreation): Add 'isView' to object constructor.
(JSC::arrayBufferFuncIsView): New method.

LayoutTests:

• webgl/1.0.2/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html:

Correct test for 'isView' to actually check for 'isView' function.

4:39 PM Changeset in webkit [160875] by ap@apple.com

• 2 edits in trunk/LayoutTests

Layout Test plugins/destroy-during-npp-new.html is flaky
​https://bugs.webkit.org/show_bug.cgi?id=126027

• plugins/destroy-during-npp-new.html: Streamlined the test a little bit to see

what changes, if anything. There should be no effect on what is tested.

4:38 PM Changeset in webkit [160874] by msaboff@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Fix call operationStackCheck to check the proper stack
​https://bugs.webkit.org/show_bug.cgi?id=126026

Unreviewed change suggested by Geoff Garen post landing.

Change from using codeBlock->stackPointerOffset to using codeBlock->frameRegisterCount()
to caclulate the needed stack space.

• jit/JITOperations.cpp:

4:23 PM Changeset in webkit [160873] by matthew_hanson@apple.com

• 4 edits in branches/safari-537.74-branch/Source/WebCore

Merge r159463: <rdar://problems/15701094>

4:22 PM Changeset in webkit [160872] by benjamin@webkit.org

• 5 edits
  1 delete in trunk/Source/WebKit2

Remove WKContentViewPrivate.h, WKContentView.h is private now
​https://bugs.webkit.org/show_bug.cgi?id=125981

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2013-12-19
Reviewed by Dan Bernstein.

There is no need for a separate header, WKContentView has become an implementation
detail of WKView.

• UIProcess/API/ios/WKContentView.h:
• UIProcess/API/ios/WKContentViewInternal.h:
• UIProcess/API/ios/WKContentViewPrivate.h: Removed.
• UIProcess/API/ios/WKView.mm:

4:22 PM Changeset in webkit [160871] by msaboff@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Fix call operationStackCheck to check the proper stack
​https://bugs.webkit.org/show_bug.cgi?id=126026

Reviewed by Mark Lam.

Changed operationStackCheck() to check the appropriate stack based on the
compile flag ENABLE(LLINT_CLOOP).

• jit/JITOperations.cpp:

4:14 PM Changeset in webkit [160870] by matthew_hanson@apple.com

• 2 edits in branches/safari-537.74-branch/LayoutTests

Merge r160826: <rdar://problems/15701133>

4:09 PM Changeset in webkit [160869] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Fix broken C loop LLINT build.
​https://bugs.webkit.org/show_bug.cgi?id=126024.

Reviewed by Oliver Hunt.

• runtime/VM.h:

4:05 PM Changeset in webkit [160868] by matthew_hanson@apple.com

• 2 edits in branches/safari-537.74-branch/Source/WebCore

Merge r160791: <rdar://problems/15694289>

3:37 PM Changeset in webkit [160867] by msaboff@apple.com

• 6 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Fix call eval in baseline JIT
​https://bugs.webkit.org/show_bug.cgi?id=126020

Reviewed by Geoffrey Garen.

Added code to properly set and restore the stack pointer around the call to
operationCallEval. Due to the state the stack is in when the exception check
in the call is done, I changed callOperationWithCallFrameRollbackOnException()
to be callOperationNoExceptionCheck() and check for an exception after the
caller's stack has been restored. Changed operationCallEval() to take a second
argument for the execCallee, given that we always pass the caller's exec as the
first arguement.

• jit/JIT.h:
• jit/JITCall.cpp:

(JSC::JIT::compileCallEval):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCallSlowCase):

• jit/JITInlines.h:

(JSC::JIT::callOperationNoExceptionCheck):

• jit/JITOperations.cpp:
• jit/JITOperations.h:

3:32 PM Changeset in webkit [160866] by ap@apple.com

• 3 edits in trunk/Source/WebKit2

REGRESSION (r160515): Frequent assertion failures on printing/print-close-crash.html
​https://bugs.webkit.org/show_bug.cgi?id=126014

Rolled out r160515 while Chris is investigating. Added FIXME comments in other
places where we use this pattern.

• WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::runJavaScriptAlert):
(WebKit::WebChromeClient::runJavaScriptConfirm):
(WebKit::WebChromeClient::runJavaScriptPrompt):
(WebKit::WebChromeClient::print):

• WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):

3:24 PM Changeset in webkit [160865] by commit-queue@webkit.org

• 1 edit
  2 adds in trunk/LayoutTests

Test that text-decoration-skip: ink is the same as regular underlines if no descenders
​https://bugs.webkit.org/show_bug.cgi?id=125985

Patch by Myles C. Maxfield <​mmaxfield@apple.com> on 2013-12-19
Reviewed by Simon Fraser.

If there are no descenders in the underlined text, using the text-decoration-skip: ink
CSS property should behave as if it wasn't specified (and the underline is a normal one)

• fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-ink-no-descenders-expected.html: Added.
• fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-ink-no-descenders.html: Added.

3:23 PM Changeset in webkit [160864] by commit-queue@webkit.org

• 3 edits in trunk/Tools

check-webkit-style marks rvalue references as violations
​https://bugs.webkit.org/show_bug.cgi?id=126000

Patch by Myles C. Maxfield <​mmaxfield@apple.com> on 2013-12-19
Reviewed by Ryosuke Niwa.

Previously, check-webkit-style was making sure that any line with "&&" had
spaces around it. However, we can now legitimately use "&&" without a previous
space when declaring an rvalue reference. This patch relaxes this check.

• Scripts/webkitpy/style/checkers/cpp.py:

(check_spacing):

• Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_spacing_for_binary_ops):

3:22 PM Changeset in webkit [160863] by commit-queue@webkit.org

• 3 edits in trunk/Tools

check-webkit-style marks auto return types for functions as violations
​https://bugs.webkit.org/show_bug.cgi?id=125999

Patch by Myles C. Maxfield <​mmaxfield@apple.com> on 2013-12-19
Reviewed by Ryosuke Niwa.

If a function declaration ends with a "->" followed by a non whitespace
string, don't mark as an invalid "{" on its own line

• Scripts/webkitpy/style/checkers/cpp.py:

(check_braces):

• Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_brace_at_begin_of_line):

3:14 PM Changeset in webkit [160862] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebKit2

Add WebKit2 API for clearing the back-forward list
​https://bugs.webkit.org/show_bug.cgi?id=126005

Patch by Ricky Mondello <Ricky Mondello> on 2013-12-19
Reviewed by Anders Carlsson.

• UIProcess/API/C/WKBackForwardListRef.cpp:

(WKBackForwardListClear): Call through to the back-forward list's clear().

• UIProcess/API/C/WKBackForwardListRef.h: Declare new API.

2:41 PM Changeset in webkit [160861] by Csaba Osztrogonác

• 5 edits in trunk/Source/WebKit2

One more URTBF to make GTK build happy after r160853.

• UIProcess/API/gtk/WebKitDownloadClient.cpp:
• UIProcess/API/gtk/WebKitInjectedBundleClient.cpp:

(didReceiveWebViewMessageFromInjectedBundle):

• UIProcess/API/gtk/WebKitResponsePolicyDecision.cpp:

(webkitResponsePolicyDecisionCreate):

• UIProcess/API/gtk/WebKitResponsePolicyDecisionPrivate.h:

2:08 PM Changeset in webkit [160860] by Csaba Osztrogonác

• 2 edits in trunk/Source/WebKit2

URTBF for GTK after r160853.

• GNUmakefile.list.am:

2:07 PM Changeset in webkit [160859] by alex.christensen@flexsim.com

• 2 edits in trunk/Tools

[WinCairo] More GStreamer preparations.

Unreviewed.

• WinLauncher/WinLauncher.vcxproj/WinLauncherCFLite.props:

Include FeatureDefinesCairo and WinCairo to compile the GLib part of WinLauncher.

2:04 PM Changeset in webkit [160858] by Lucas Forschler

• 2 edits in trunk/Tools

Add Apple Mavericks perf bot.

Unreviewed.

• BuildSlaveSupport/build.webkit.org-config/config.json:

1:55 PM Changeset in webkit [160857] by matthew_hanson@apple.com

• 3 edits
  2 copies in branches/safari-537.74-branch

Merge r160819: <rdar://problems/15701133>

1:52 PM Changeset in webkit [160856] by Michał Pakuła vel Rutka

• 2 edits in trunk/Source/WebKit2

Unreviewed EFL build fix attempt after r160853

• CMakeLists.txt: Change WebURLResponse.cpp to APIURLResponse.cpp.

1:38 PM Changeset in webkit [160855] by commit-queue@webkit.org

• 6 edits in trunk

Final preparations for GStreamer on Windows.
​https://bugs.webkit.org/show_bug.cgi?id=125958

Patch by Alex Christensen <​achristensen@webkit.org> on 2013-12-19
Reviewed by Benjamin Poulain.

Source/WTF:

• WTF.vcxproj/WTFDebugWinCairo.props:
• WTF.vcxproj/WTFReleaseWinCairo.props:

Include WinCairo.props.

• wtf/Platform.h:

Use GLib and GStreamer on WinCairo with video.

WebKitLibraries:

• win/tools/vsprops/FeatureDefinesCairo.props:

Removed duplicate ENABLE_VIDEO_TRACK definition.

1:36 PM Changeset in webkit [160854] by Lucas Forschler

• 2 edits in branches/safari-537.74-branch/Tools

Merge r160726

2013-12-17 Brent Fulgham <Brent Fulgham>

[Win] Revise filter-build-webkit to deal with Windows build logs
​https://bugs.webkit.org/show_bug.cgi?id=125866

Reviewed by David Kilzer.

Enhance the script to accept a 'platform' argument. When platform
'win' is provided, use processing for the Windows build file format.
Otherwise, process the files as normal.

• Scripts/filter-build-webkit: (usageAndExit): Add a 'platform' argument (shouldIgnoreLine): When platform == 'win' use the new Windows rules for processing the build file.

1:32 PM Changeset in webkit [160853] by weinig@apple.com

• 10 edits
  2 moves in trunk/Source/WebKit2

[WK2] Rename WebURLResponse to API::URLResponse
​https://bugs.webkit.org/show_bug.cgi?id=125910

Reviewed by Andreas Kling.

• Shared/API/c/WKSharedAPICast.h:

(WebKit::toAPI):

• Shared/API/c/WKURLResponse.cpp:

(WKURLResponseGetTypeID):

• Shared/API/c/mac/WKURLResponseNS.mm:

(WKURLResponseCreateWithNSURLResponse):

• Shared/APIURLRequest.cpp:
• Shared/APIURLResponse.cpp: Copied from Source/WebKit2/Shared/WebURLResponse.cpp.

(API::URLResponse::URLResponse):
(API::URLResponse::encode):
(API::URLResponse::decode):

• Shared/APIURLResponse.h: Copied from Source/WebKit2/Shared/WebURLResponse.h.

(API::URLResponse::create):

• Shared/UserMessageCoders.h:

(WebKit::UserMessageEncoder::baseEncode):
(WebKit::UserMessageDecoder::baseDecode):

• Shared/WebURLResponse.cpp: Removed.
• Shared/WebURLResponse.h: Removed.
• UIProcess/WebDownloadClient.cpp:

(WebKit::WebDownloadClient::didReceiveResponse):

• UIProcess/WebPolicyClient.cpp:

(WebKit::WebPolicyClient::decidePolicyForResponse):

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/InjectedBundle/InjectedBundlePagePolicyClient.cpp:

(WebKit::InjectedBundlePagePolicyClient::decidePolicyForResponse):

1:15 PM Changeset in webkit [160852] by akling@apple.com

• 3 edits in trunk/Source/WebCore

Use CascadedProperties for page and keyframe style resolution as well.
<​https://webkit.org/b/125997>

Port StyleResolver's styleForKeyframe() and styleForPage() over to
the new property cascading code. Neither of them care about !important
or matched properties caches, so the code is very simple.

Removed the old applyMatchedProperties and applyProperties code with
low/high priority passes.

Reviewed by Antti Koivisto.

12:42 PM Changeset in webkit [160851] by rniwa@webkit.org

• 2 edits in trunk/LayoutTests

Add a failing test expectation to fast/dynamic/paused-event-dispatch.html
while I investigate.

• TestExpectations:

11:49 AM Changeset in webkit [160850] by commit-queue@webkit.org

• 15 edits in trunk

Unreviewed, rolling out r160842.
​http://trac.webkit.org/changeset/160842
​https://bugs.webkit.org/show_bug.cgi?id=126003

broke accessibility/loading-iframe-updates-axtree.html
(Requested by ap on #webkit).

Tools:

• DumpRenderTree/AccessibilityUIElement.cpp:

(AccessibilityUIElement::makeJSAccessibilityUIElement):

• DumpRenderTree/AccessibilityUIElement.h:

(AccessibilityUIElement::platformUIElement):

LayoutTests:

• accessibility/deleting-iframe-destroys-axcache.html:
• accessibility/loading-iframe-updates-axtree-expected.txt:
• accessibility/loading-iframe-updates-axtree.html:
• accessibility/non-data-table-cell-title-ui-element.html:
• platform/gtk/accessibility/roles-exposed-expected.txt:
• platform/gtk/accessibility/roles-exposed.html:
• platform/mac-wk2/TestExpectations:
• platform/mac/accessibility/search-predicate-expected.txt:
• platform/mac/accessibility/search-predicate.html:
• platform/mac/accessibility/search-when-element-starts-in-table-expected.txt:
• platform/mac/accessibility/search-when-element-starts-in-table.html:

11:42 AM Changeset in webkit [160849] by eric.carlson@apple.com

• 2 edits in trunk/Source/WebCore

tryAddEventListener uses local PassRefPtr<>
​https://bugs.webkit.org/show_bug.cgi?id=126001

Reviewed by Daniel Bates.

• dom/Node.cpp:

(WebCore::tryAddEventListener): Put PassRefPtr<EventListener> parameter into a local RefPtr

because it is sometimes used twice.

11:32 AM Changeset in webkit [160848] by commit-queue@webkit.org

• 4 edits in trunk/Tools

get_test_baseline should get Host from test_config
​https://bugs.webkit.org/show_bug.cgi?id=125989

Patch by Dániel Bátyai <Dániel Bátyai> on 2013-12-19
Reviewed by Ryosuke Niwa.

• Scripts/webkitpy/tool/commands/rebaselineserver.py:

(TestConfig.init):
(RebaselineServer._prepare_config):

• Scripts/webkitpy/tool/servers/rebaselineserver.py:

(get_test_baselines):

• Scripts/webkitpy/tool/servers/rebaselineserver_unittest.py:

(get_test_config):

11:10 AM Changeset in webkit [160847] by rniwa@webkit.org

• 9 edits
  2 adds in trunk

overflowchanged event could cause a crash
​https://bugs.webkit.org/show_bug.cgi?id=125978

Reviewed by Tim Horton.

Source/WebCore:

Made the event asynchrnous by re-using Document's event queuing ability. Also removed
the infrastructure to queue up events in FrameView.

Test: fast/events/overflowchanged-inside-selection-collapse-crash.html

• dom/Document.cpp:

(WebCore::Document::recalcStyle):
(WebCore::Document::enqueueOverflowEvent):

• dom/Document.h:
• page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::~FrameView):
(WebCore::FrameView::layout):
(WebCore::FrameView::performPostLayoutTasks):
(WebCore::FrameView::updateOverflowStatus):

• page/FrameView.h:
• rendering/RenderBlock.cpp:

(WebCore::OverflowEventDispatcher::~OverflowEventDispatcher):

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollRectToVisible):

• rendering/RenderMarquee.cpp:

(WebCore::RenderMarquee::start):

LayoutTests:

Add a regression test.

• fast/events/overflowchanged-inside-selection-collapse-crash-expected.txt: Added.
• fast/events/overflowchanged-inside-selection-collapse-crash.html: Added.

11:10 AM Changeset in webkit [160846] by roger_fong@apple.com

• 2 edits in trunk/Tools

Don't check VSINSTALLDIR when looking for Visual Studio install directory.
​https://bugs.webkit.org/show_bug.cgi?id=125998.

Reviewed by Alexey Proskuryakov.

• Scripts/webkitdirs.pm:

(visualStudioInstallDir):
Get rid of the VSINSTALLDIR check. We can't build on anything besides VS2013 now anyways.

10:58 AM Changeset in webkit [160845] by dbates@webkit.org

• 2 edits in trunk/Source/WebCore

Fix the Windows build after <​http://trac.webkit.org/changeset/160841>
(​https://bugs.webkit.org/show_bug.cgi?id=125879)

Add ENABLE(CACHE_PARTITIONING)-guard around call to ResourceRequest::setCachePartition()
as this function is only compiled when building with cache partitioning enabled.

• loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::addImageToCache):

10:46 AM Changeset in webkit [160844] by dbates@webkit.org

• 2 edits in trunk/Source/WebCore

[iOS] Upstream WebCore/accessibility changes
​https://bugs.webkit.org/show_bug.cgi?id=125925

Reviewed by Chris Fleizach.

• accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::visiblePositionForPoint): Opt out of code when building for iOS.

10:25 AM Changeset in webkit [160843] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

[WinCairo] Compile fix for VS2013 when using ACCELERATED_COMPOSITING.
​https://bugs.webkit.org/show_bug.cgi?id=124866

Patch by Alex Christensen <​achristensen@webkit.org> on 2013-12-19
Reviewed by Darin Adler.

• platform/graphics/TiledBackingStore.cpp:

(WebCore::TiledBackingStore::TiledBackingStore):

• platform/graphics/TiledBackingStore.h:

Added constructor overload to avoid compile errors
from using MSVC's make_unique as a default parameter.

10:14 AM Changeset in webkit [160842] by mario.prada@samsung.com

• 15 edits in trunk

[ATK] [WK2] platform/gtk/accessibility/roles-exposed.html is failing
​https://bugs.webkit.org/show_bug.cgi?id=125854

Reviewed by Chris Fleizach.

Tools:

Ensure we don't ever create instances of AccessibilityUIElement
wrapping invalid platform-specific accessibility objects in DRT,
both for consistency with what WKTR does (so we avoid situations
where some tests fail in WK2 and not in WK1) and also to avoid
overlooking tests that might not be checking the right thing.

• DumpRenderTree/AccessibilityUIElement.cpp:

(AccessibilityUIElement::makeJSAccessibilityUIElement): Return a
nullPtr if the platformUIElement() is not a valid one.

• DumpRenderTree/AccessibilityUIElement.h:

(AccessibilityUIElement::platformUIElement): Added const modifier.

LayoutTests:

Updated tests and expectations to keep them passing after the
change done in DRT, without changing their actual purpose.

• platform/gtk/accessibility/roles-exposed.html: Make sure we

print "AXRole: (no element)" when accessibilityElementByID() does
not return a valid object, not to confuse it with cases where the
returned string for the role is an empty string.

• platform/gtk/accessibility/roles-exposed-expected.txt: Update

test expectations to reflect the "AXRole: (no element)" string
that is now being exposed. Also, replace the (wrongly added) PASS
expectations with FAIL for rowgroups, which are currently not
being exposed for ATK either.

• accessibility/deleting-iframe-destroys-axcache.html: Just

consider the first and third sons of the accessibility object for
the body (instead of the grandsons), so the test can run both in
Mac, where sons and grandsons are exposed, and ATK, where only
sons are exposed (no StaticText objects exposed there).

• accessibility/non-data-table-cell-title-ui-element.html: Use

accessibilityElementById() to get the accessibility object for the
"skip" table header instead of navigating with childAtIndex(),
since the hierarchy is not the same for Mac and ATK based ports.

• accessibility/loading-iframe-updates-axtree.html: Use the new

web area inside the iframe to compare against the old one, instead
of doing it the other way around, to avoid calling isEqual for an
undefined value (the old web area).

• accessibility/loading-iframe-updates-axtree-expected.txt:

Removed line comparing the old and new web areas inside the iframe.

• platform/mac/accessibility/search-predicate.html: Do not rely on

shouldBe() together with the string "AXRole: " when asking for the
role of objects that should no longer be in the accessibility
tree, and use shouldBeUndefined() instead.

• platform/mac/accessibility/search-when-element-starts-in-table.html: Ditto.

• platform/mac/accessibility/search-predicate-expected.txt: Update

expectations according to the usage of shouldBeUndefined().

• platform/mac/accessibility/search-when-element-starts-in-table-expected.txt: Ditto.

• platform/mac-wk2/TestExpectations: Add search-when-element-starts-in-table.html

here, since it does not return an undefined object in WebKit2 when
the search query should return no results (see bug 125996).

10:10 AM Changeset in webkit [160841] by dbates@webkit.org

• 35 edits in trunk/Source/WebCore

[iOS] Upstream WebCore/loader changes
​https://bugs.webkit.org/show_bug.cgi?id=125879

Reviewed by Darin Adler.

• WebCore.exp.in: Added symbols for MemoryCache::{addImageToCache, removeImageFromCache}().
• loader/DocumentLoader.cpp:

(WebCore::areAllLoadersPageCacheAcceptable): Added.
(WebCore::DocumentLoader::DocumentLoader): Initialize m_subresourceLoadersArePageCacheAcceptable.
(WebCore::DocumentLoader::stopLoading): Modified to conditionally call areAllLoadersPageCacheAcceptable().
(WebCore::DocumentLoader::handleSubstituteDataLoadSoon): Modified to query FrameLoader::loadsSynchronously()
whether to load substitute data immediately or to schedule a load.
(WebCore::DocumentLoader::responseReceived): Modified to create a content filer when the response protocol
is either HTTP or HTTPS, assuming content filtering is enabled.
(WebCore::DocumentLoader::dataReceived): Modified to call DocumentLoader::setContentFilterForBlockedLoad()
as appropriate.
(WebCore::DocumentLoader::clearMainResourceLoader): Added PLATFORM(IOS)-guarded code. Also added a
FIXME comment to remove the PLATFORM(IOS)-guard once we upstream the iOS changes to ResourceRequest.h.
(WebCore::DocumentLoader::setResponseMIMEType): Added; guard by PLATFORM(IOS). Also added FIXME comment.
(WebCore::DocumentLoader::startLoadingMainResource): Added PLATFORM(IOS)-guarded code. Also added a
FIXME comment to remove the PLATFORM(IOS)-guard once we upstream the iOS changes to ResourceRequest.h.
I also substituted static NeverDestroyed<> for DEFINE_STATIC_LOCAL.
(WebCore::DocumentLoader::setContentFilterForBlockedLoad): Added; guarded by USE(CONTENT_FILTERING).
(WebCore::DocumentLoader::handleContentFilterRequest): Added; guarded by USE(CONTENT_FILTERING) and PLATFORM(IOS).
Also added a FIXME comment to remove the PLATFORM(IOS) guard inside its function body once we upstream
file ContentFilterIOS.mm and implement ContentFilter::requestUnblockAndDispatchIfSuccessful() for Mac.

• loader/DocumentLoader.h:

(WebCore::DocumentLoader::setResponse): Added; guard by PLATFORM(IOS). Also added a FIXME comment as
this method seems to violate the encapsulation of DocumentLoader.
(WebCore::DocumentLoader::subresourceLoadersArePageCacheAcceptable): Added.
(WebCore::DocumentLoader::documentURL): Added; returns the URL of the document resulting from the DocumentLoader.

• loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::createDocument): Added iOS-specific code to create a PDF document.

• loader/EmptyClients.cpp:

(WebCore::EmptyChromeClient::openDateTimeChooser): Opt out of compiling this code for iOS. Also substituted
nullptr for 0.

• loader/EmptyClients.h:
• loader/FrameLoader.cpp:

(WebCore::FrameLoader::FrameProgressTracker::~FrameProgressTracker):
(WebCore::FrameLoader::FrameLoader): Initialize m_loadsSynchronously.
(WebCore::FrameLoader::initForSynthesizedDocument): Added; guarded by PLATFORM(IOS). Also added FIXME comment.
(WebCore::FrameLoader::checkCompleted): Added iOS-specific code with FIXME comment.
(WebCore::FrameLoader::willLoadMediaElementURL): Added iOS-specific code.
(WebCore::FrameLoader::stopForUserCancel): Added iOS-specific code and FIXME comment.
(WebCore::FrameLoader::commitProvisionalLoad): Added iOS-specific code and FIXME comment.
(WebCore::FrameLoader::transitionToCommitted): Opt out of ENABLE(TOUCH_EVENTS) logic when building for iOS.
(WebCore::FrameLoader::didFirstLayout): Added iOS-specific code.
(WebCore::FrameLoader::connectionProperties): Added; guarded by PLATFORM(IOS).
(WebCore::createWindow): Added iOS-specific code and FIXME comment.

• loader/FrameLoader.h:

(WebCore::FrameLoader::setLoadsSynchronously): Added.
(WebCore::FrameLoader::loadsSynchronously): Added.

• loader/FrameLoaderClient.h:
• loader/HistoryController.cpp:

(WebCore::HistoryController::restoreScrollPositionAndViewState): Opt out of scroll position logic when building for iOS.
(WebCore::HistoryController::replaceCurrentItem): Added.

• loader/HistoryController.h:
• loader/PlaceholderDocument.h: Changed access control of constructor from private to protected and removed the FINAL

keyword from the class so that we can subclass PlaceholderDocument on iOS.

• loader/PolicyChecker.cpp:

(WebCore::PolicyChecker::checkNavigationPolicy): Added USE(QUICK_LOOK)- and USE(CONTENT_FILTERING)-guarded code.

• loader/ResourceBuffer.cpp:

(WebCore::ResourceBuffer::shouldUsePurgeableMemory): Added; guarded by PLATFORM(IOS).

• loader/ResourceBuffer.h:
• loader/ResourceLoadNotifier.cpp:

(WebCore::ResourceLoadNotifier::dispatchWillSendRequest): Added USE(QUICK_LOOK)-guarded code.

• loader/ResourceLoadScheduler.cpp:

(WebCore::ResourceLoadScheduler::scheduleSubresourceLoad): Added iOS-specific code.
(WebCore::ResourceLoadScheduler::scheduleLoad): Ditto.
(WebCore::ResourceLoadScheduler::remove): Added iOS-specific code with FIXME comment.
(WebCore::ResourceLoadScheduler::crossOriginRedirectReceived): Added null-check for variable oldHost. Also added
iOS-specific code.
(WebCore::ResourceLoadScheduler::servePendingRequests): Added iOS-specific code.

• loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::init): Ditto.
(WebCore::ResourceLoader::willSendRequest): Ditto.
(WebCore::ResourceLoader::connectionProperties): Added; guarded by PLATFORM(IOS).

• loader/ResourceLoader.h:

(WebCore::ResourceLoader::startLoading): Added; guarded by PLATFORM(IOS).
(WebCore::ResourceLoader::iOSOriginalRequest): Added; iOS-specific.

• loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadPlugin): Added iOS-specific code.

• loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::create): Ditto.
(WebCore::SubresourceLoader::startLoading): Added; guarded by PLATFORM(IOS).
(WebCore::SubresourceLoader::didFinishLoading): Added iOS-specific code.
(WebCore::SubresourceLoader::willCancel): Ditto.
(WebCore::SubresourceLoader::notifyDone): Ditto.
(WebCore::SubresourceLoader::releaseResources): Ditto.

• loader/SubresourceLoader.h:
• loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::loadCacheGroup): Added iOS-specific code.
(WebCore::ApplicationCacheStorage::loadManifestHostHashes): Ditto.
(WebCore::ApplicationCacheStorage::cacheGroupForURL): Ditto.
(WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL): Ditto.
(WebCore::ApplicationCacheStorage::calculateQuotaForOrigin): Ditto.
(WebCore::ApplicationCacheStorage::calculateUsageForOrigin): Ditto.
(WebCore::ApplicationCacheStorage::calculateRemainingSizeForOriginExcludingCache): Ditto.
(WebCore::ApplicationCacheStorage::storeUpdatedQuotaForOrigin): Ditto.
(WebCore::ApplicationCacheStorage::executeSQLCommand): Ditto.
(WebCore::ApplicationCacheStorage::verifySchemaVersion): Ditto.
(WebCore::ApplicationCacheStorage::openDatabase): Ditto.
(WebCore::ApplicationCacheStorage::executeStatement): Ditto.
(WebCore::ApplicationCacheStorage::store): Ditto.
(WebCore::ApplicationCacheStorage::storeUpdatedType): Ditto.
(WebCore::ApplicationCacheStorage::ensureOriginRecord): Ditto.
(WebCore::ApplicationCacheStorage::loadCache): Ditto.
(WebCore::ApplicationCacheStorage::remove): Ditto.
(WebCore::ApplicationCacheStorage::empty): Ditto.
(WebCore::ApplicationCacheStorage::storeCopyOfCache): Ditto.
(WebCore::ApplicationCacheStorage::manifestURLs): Ditto.
(WebCore::ApplicationCacheStorage::cacheGroupSize): Ditto.
(WebCore::ApplicationCacheStorage::deleteCacheGroup): Ditto.
(WebCore::ApplicationCacheStorage::vacuumDatabaseFile): Ditto.

• loader/cache/CachedImage.cpp:

(WebCore::CachedImage::CachedImage): Added.
(WebCore::CachedImage::imageSizeForRenderer): Added iOS-specific code.
(WebCore::CachedImageManual::CachedImageManual): Added; guarded by USE(CF). Also added FIXME comment to incorporate
the functionality of this class into CachedImage and to remove the USE(CF)-guard once we make MemoryCache::addImageToCache()
platform-independent.
(WebCore::CachedImageManual::mustRevalidateDueToCacheHeaders): Added; guarded by USE(CF).

• loader/cache/CachedImage.h: Removed FINAL keyword from class so that we can define derived class CachedImageManual.

(WebCore::CachedImage::isManual): Added; guarded by USE(CF). Also added FIXME comment.
(WebCore::CachedImageManual::addFakeClient): Added; guarded by USE(CF).
(WebCore::CachedImageManual::removeFakeClient): Added; guarded by USE(CF).

• loader/cache/CachedResource.cpp:

(WebCore::CachedResource::load): Added iOS-specific code.

• loader/cache/CachedResource.h:
• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::loadDone): Added argument shouldPerformPostLoadActions, defaults to true. Modified
to conditionally call performPostLoadActions() with respect to the argument shouldPerformPostLoadActions.
(WebCore::CachedResourceLoader::preload): Added iOS-specific code.
(WebCore::CachedResourceLoader::checkForPendingPreloads): Ditto.

• loader/cache/CachedResourceLoader.h:
• loader/cache/MemoryCache.cpp:

(WebCore::memoryCache):
(WebCore::MemoryCache::add): Added iOS-specific code.
(WebCore::MemoryCache::revalidationFailed): Ditto.
(WebCore::MemoryCache::resourceForRequest): Ditto.
(WebCore::MemoryCache::addImageToCache): Added; guarded by USE(CF). Also added FIXME comment.
(WebCore::MemoryCache::removeImageFromCache): Added; guarded by USE(CF). Also added FIXME comment.
(WebCore::MemoryCache::pruneLiveResources): Modified to take argument shouldDestroyDecodedDataForAllLiveResources.
(WebCore::MemoryCache::pruneLiveResourcesToSize): Modified to take argument shouldDestroyDecodedDataForAllLiveResources,
defaults to false. When this argument is true we destroy the decoded data for all live resources from the memory cache.
Such functionality is useful when the system is running low on memory.
(WebCore::MemoryCache::evict): Added iOS-specific code.

• loader/cache/MemoryCache.h:
• loader/cf/SubresourceLoaderCF.cpp:

(WebCore::SubresourceLoader::didReceiveDataArray): Actually make this code compile. In particular, there is no
method called sendDataToResource on SubresourceLoader or in its class hierarchy.

• loader/mac/DocumentLoaderMac.cpp:

(WebCore::DocumentLoader::schedule): This method has an empty implementation when building for iOS.
(WebCore::DocumentLoader::unschedule): Ditto.

• platform/graphics/BitmapImage.h: Exposed decodedSize() to access the decoded size of the bitmap image.

This functionality is used in MemoryCache::addImageToCache().

10:03 AM Changeset in webkit [160840] by ap@apple.com

• 2 edits in trunk/LayoutTests

platform/mac/editing/attributed-string tests all flakily assert
​https://bugs.webkit.org/show_bug.cgi?id=123029

• platform/mac/TestExpectations: Marked as flakily asserting.

9:51 AM Changeset in webkit [160839] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

Build fix for platforms which do not define -[AVSampleBufferAudioRenderer muted].
Rubber-stamped by Eric Carlson.

To work around platforms with broken AVSampleBufferAudioRenderer headers, just
declare only those functions we need, and update isAvalable to bail out early if
those methods are not present.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

9:50 AM Changeset in webkit [160838] by dbates@webkit.org

• 2 edits in trunk/Source/WTF

WTF, JavaScriptCore fails to build with trunk clang: operators new, new[],
delete, delete[] cannot be declared inline
​https://bugs.webkit.org/show_bug.cgi?id=124186
<rdar://problem/15644039>

Reviewed by Geoffrey Garen and Anders Carlsson.

Following <​http://llvm.org/viewvc/llvm-project?view=revision&revision=193044>
(​http://llvm.org/bugs/show_bug.cgi?id=17591>), Clang emits warnings when
operator new, delete are inlined. Such definitions cannot be inline per
replacement.functions (17.6.4.6/3) of the C++ standard. For now,
disable these warnings instead of exporting these functions.

• wtf/FastMalloc.h:

9:40 AM Changeset in webkit [160837] by Darin Adler

• 5 edits in trunk/Source/WebCore

Improve "bad parent" and "bad child list" assertions in line boxes
​https://bugs.webkit.org/show_bug.cgi?id=125656

Reviewed by Sam Weinig.

• rendering/InlineBox.cpp:

(WebCore::InlineBox::root): Use parent() function with assertions rather than
using m_parent function, which skips the assertions.

• rendering/RenderText.cpp:

(WebCore::RenderText::removeAndDestroyTextBoxes): Call invalidateParentChildLists
if we are in the optimized document-destruction code path and destroying children
without removing them from their parents.

• rendering/RenderTextLineBoxes.cpp:

(WebCore::RenderTextLineBoxes::invalidateParentChildLists): Added.

• rendering/RenderTextLineBoxes.h: Added invalidateParentChildLists.

9:32 AM Changeset in webkit [160836] by mitz@apple.com

• 2 edits in trunk/Source/WebCore

<rdar://problem/15696824> [CFNetwork] Loading stops at server redirects
​https://bugs.webkit.org/show_bug.cgi?id=125984

Reviewed by Anders Carlsson.

• platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::willSendRequest): If the client uses async callbacks, call its
willSendRequestAsync callback instead if willSendRequest.

9:22 AM Changeset in webkit [160835] by ggaren@apple.com

• 21 edits in branches/jsCStack/Source/JavaScriptCore

Clarified stack maintainence code
​https://bugs.webkit.org/show_bug.cgi?id=125979

Reviewed by Phil Pizlo.

Our idiom is:

• frameRegisterCount() is the distance between BP and SP
• stackPointerOffset() is frameRegisterCount() converted to a stack offset
• Stack checks don't need to check the stack used by C helper functions, since our reserved host zone will cover that.

• assembler/MaxFrameExtentForSlowPathCall.h: Reverted some pieces of

<​http://trac.webkit.org/changeset/160745>. We don't consider our
callee's saved PC and BP a part of our stack frame because they lie
beneath our SP.

• bytecode/CodeBlock.cpp:
• bytecode/CodeBlock.h:

(JSC::CodeBlock::stackPointerOffset): New helper function. Lots of
callers were duplicating this, so I made a helper function.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::parseBlock): Fixed a bug in the calculation
of m_parameterSlots. Within our stack frame, we don't reserve space for
our callee's saved PC and BP, so we don't need to add them to
m_parameterSlots.

• dfg/DFGGraph.cpp:
• dfg/DFGGraph.h:

(JSC::DFG::Graph::stackPointerOffset): New helper function. Lots of
callers were duplicating this, so I made a helper function.

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::adjustAndJumpToTarget):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::topOfFrameInternal): Use the new helper function, so
everybody calculates SP the same way. This removes the two idiosyncratic
places that reserved extra space for our callee's CallerFrameAndPCSize.

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:

(JSC::JSStack::entryCheck):
(JSC::JSStack::pushFrame):
(JSC::JSStack::grow): Changed the interface here to accept a top-of-stack
pointer instead of a past-the-end pointer. The engine no longer computes
a past-the-end pointer, so this is more convenient.

• jit/JIT.cpp:

(JSC::JIT::privateCompile):
(JSC::JIT::stackPointerOffsetFor): Use the helper function, fixing a bug
where, incorrectly, we subtracted out maxFrameExtentForSlowPathCall.

• jit/JIT.h:
• jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

• jit/JITOperations.cpp: Use the helper function, so everybody does this

calculation the same way.

• llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions): Reverted some pieces of
<​http://trac.webkit.org/changeset/160745>, as above.

• llint/LLIntEntrypoint.cpp:
• llint/LLIntEntrypoint.h:

(JSC::LLInt::stackPointerOffsetFor): Helper function, as above.

• llint/LowLevelInterpreter.asm: Reverted some pieces of

<​http://trac.webkit.org/changeset/160745>, as above.

9:11 AM Changeset in webkit [160834] by Hugo Parente Lima

• 2 edits in trunk/Source/WTF

WTF fails to compile with gcc 4.8.2 and -Werror=array-bounds
​https://bugs.webkit.org/show_bug.cgi?id=125936

Reviewed by Anders Carlsson.

• wtf/dtoa/double-conversion.cc: Use a unsigned instead of int on buffer_pos type.

8:30 AM Changeset in webkit [160833] by commit-queue@webkit.org

• 4 edits in trunk/Source/WebKit2

[CoordinatedGraphics] Regressions in WebView's contentScaleFactor/contentPosition
​https://bugs.webkit.org/show_bug.cgi?id=125943

Patch by Nick Diego Yamane <​nick.yamane@openbossa.org> on 2013-12-19
Reviewed by Noam Rosenthal.

When WebView::pageDidRequestScroll is called it is scaling position requested
to scroll before store it as contentPosition, that is not necessary since WebView
already stores the requested contentScaleFactor so it's able to do that internally
when needed, what simplifies the API and improves the readability of webview's code.
This patch reverts changes from ​https://bugs.webkit.org/show_bug.cgi?id=118548, which
was causing some regressions in contentScaleFactor/contentPosition related stuff.
Besides that WebView::pageDidRequestScroll calls viewClient callback with the wrong
position (different from the position stored in WebView).

• UIProcess/API/efl/EwkView.cpp:

(EwkView::scrollBy):

• UIProcess/CoordinatedGraphics/WebView.cpp:

(WebKit::WebView::transformToScene):
(WebKit::WebView::updateViewportSize):
(WebKit::WebView::pageDidRequestScroll):

• UIProcess/efl/PageViewportControllerClientEfl.cpp:

(WebKit::PageViewportControllerClientEfl::setViewportPosition):

8:21 AM Changeset in webkit [160832] by Csaba Osztrogonác

• 2 edits in trunk/Source/WTF

Delete RVCT related code parts.
​https://bugs.webkit.org/show_bug.cgi?id=125626

Patch by Peter Szanka <​h868064@stud.u-szeged.hu> on 2013-12-19
Reviewed by Csaba Osztrogonác.

• wtf/Compiler.h: follow-up fix for r160648, remove an unnecessary comment.

7:48 AM Changeset in webkit [160831] by msaboff@apple.com

• 10 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Remove "AndAlloc" from sizeAndAllocFrameForVarargs and friends
​https://bugs.webkit.org/show_bug.cgi?id=125980

Reviewed by Mark Lam.

Renamed sizeAndAllocFrameForVarargs to sizeFrameForVarargs along with
removing "and alloc" from all related callers. This was done because
sizeAndAllocFrameForVarargs, didn't really allocate but just sized the
new call frame.

• interpreter/Interpreter.cpp:

(JSC::sizeFrameForVarargs):

• interpreter/Interpreter.h:
• jit/JITCall.cpp:

(JSC::JIT::compileLoadVarargs):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileLoadVarargs):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:

7:24 AM Changeset in webkit [160830] by akling@apple.com

• 2 edits in trunk/Source/WebCore

CascadedProperties: Deferred properties should have inline capacity.
<​https://webkit.org/b/125994>

Give CascadedProperties::m_deferredProperties an inline capacity
of 8 to sidestep malloc churn (0.2% of HTML5-8266 profile.)

Reviewed by Antti Koivisto.

5:59 AM Changeset in webkit [160829] by akling@apple.com

• 2 edits in trunk/Source/WebCore

Two small refinements to matched properties cache.
<​https://webkit.org/b/125992>

• Avoid computing the matched properties hash if we're banned from using the cache anyway.

• When adding a new entry to the cache, use move semantics to avoid creating a transient copy of all the data.

Reviewed by Antti Koivisto.

4:15 AM Changeset in webkit [160828] by akling@apple.com

• 2 edits in trunk/Source/WebCore

CascadedProperties should use a bitset to track property presence.
<​https://webkit.org/b/125991>

Avoid zeroing out a bunch of memory in the CascadedProperties ctor
by using a bitset to track whether each property is present in the
cascaded set.

Reviewed by Antti Koivisto.

1:20 AM Changeset in webkit [160827] by Seokju Kwon

• 2 edits in trunk/Source/WebCore

Web Inspector: Fix description of parameters in Page.setGeolocationOverride
​https://bugs.webkit.org/show_bug.cgi?id=125983

Reviewed by Joseph Pecoraro.

No new tests, no changes in behavior.

• inspector/protocol/Page.json:

Dec 18, 2013:

11:19 PM Changeset in webkit [160826] by rniwa@webkit.org

• 2 edits in trunk/LayoutTests

Rebaseline the test I added in r160819.

• svg/text/select-text-inside-non-static-position-expected.txt:

11:01 PM Changeset in webkit [160825] by jer.noble@apple.com

• 4 edits in trunk/Source/WebCore

[MSE][Mac] Add AVSampleBufferRendererSynchronizer support.
​https://bugs.webkit.org/show_bug.cgi?id=125954

Reviewed by NOBODY (OOPS!).

Instead of slaving all the various renderer's CMTimebases to one master timebase,
use AVSampleBufferRenderSynchronizer, which essentially does the same thing.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::CMTimebaseEffectiveRateChangedCallback): Added; call effectiveRateChanged().
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): Set up

the synchronizer and all the observers.

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC): Tear down

the same.

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::isAvailable): Require the

AVSampleBufferRenderSynchronizer class.

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal): Convert Clock -> Synchronizer.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::pauseInternal): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paused): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentTimeDouble): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setRateDouble): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::destroyLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::effectiveRateChanged): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addAudioRenderer): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeAudioRenderer): Ditto.

Drive-by fix; audio samples can't be subdivided, and video samples are
rarely combined, so remove the call to CMSampleBufferCallForEachSample:

• platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::didProvideMediaDataForTrackID):

10:12 PM Changeset in webkit [160824] by mark.lam@apple.com

• 4 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Rename functions in JSStack to fit WebKit Coding Style.
​https://bugs.webkit.org/show_bug.cgi?id=125974.

Reviewed by Filip Pizlo.

This is a purely cosmetic change. There are no semantic changes.

• interpreter/JSStack.cpp:

(JSC::JSStack::JSStack):
(JSC::JSStack::gatherConservativeRoots):
(JSC::JSStack::sanitizeStack):

• interpreter/JSStack.h:

(JSC::JSStack::baseOfStack):

• interpreter/JSStackInlines.h:

(JSC::JSStack::topOfFrameFor):
(JSC::JSStack::topOfStack):
(JSC::JSStack::startOfFrameFor):
(JSC::JSStack::entryCheck):
(JSC::JSStack::pushFrame):
(JSC::JSStack::popFrame):
(JSC::JSStack::shrink):
(JSC::JSStack::installFence):
(JSC::JSStack::validateFence):
(JSC::JSStack::installTrapsAfterFrame):

8:47 PM Changeset in webkit [160823] by alex.christensen@flexsim.com

• 2 edits in trunk/WebKitLibraries

[WinCairo] Unreviewed build fix after r160798.

• win/tools/vsprops/FeatureDefinesCairo.props:

Removed ENABLE_MEDIA_CONTROLS_SCRIPT definition for now.

8:30 PM Changeset in webkit [160822] by mhahnenberg@apple.com

• 3 edits in trunk/Source/JavaScriptCore

DelayedReleaseScope is in the wrong place
​https://bugs.webkit.org/show_bug.cgi?id=125876

Reviewed by Geoffrey Garen.

The DelayedReleaseScope needs to be around the free list sweeping in MarkedAllocator::tryAllocateHelper.
This location gives us a good safe point between getting ready to allocate (i.e. identifying a non-empty
free list) and doing the actual allocation (popping the free list).

• heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::tryAllocateHelper):
(JSC::MarkedAllocator::allocateSlowCase):
(JSC::MarkedAllocator::addBlock):

• runtime/JSCellInlines.h:

(JSC::allocateCell):

7:48 PM Changeset in webkit [160821] by mark.lam@apple.com

• 8 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Fix baseline to DFG JIT OSR.
​https://bugs.webkit.org/show_bug.cgi?id=125969.

Reviewed by Filip Pizlo.

1. Change operationOptimize() to return a tuple of OSR target address and new topOfFrame value (as opposed to just the OSR target address).
2. Change emitEnterOptimizationCheck() and emitSlow_op_loop_hint() to emit code to set the stackPointer with the returned topOfFrame value if we take the OSR path.

• jit/JIT.cpp:

(JSC::JIT::emitEnterOptimizationCheck):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOpcodes.cpp:

(JSC::JIT::emitSlow_op_loop_hint):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• runtime/Options.h:

7:13 PM Changeset in webkit [160820] by akling@apple.com

• 2 edits in trunk/Source/WebCore

CSS: Fall back to cache-less cascade when encountering explicitly inherited value.
<​https://webkit.org/b/125968>

When encountering an explicitly inherited value for a property that's not
"statically inherited", drop out of the matched properties cache path
immediately instead of waiting for some coincidence to trigger it later on.

Fixes 3 asserting table tests:

• fast/table/border-collapsing/cached-69296.html
• tables/mozilla/bugs/bug27038-3.html
• tables/mozilla_expected_failures/marvin/backgr_border-table-row-group.html

Reviewed by Antti Koivisto.

7:09 PM Changeset in webkit [160819] by rniwa@webkit.org

• 3 edits
  2 adds in trunk

Crash in WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches
​https://bugs.webkit.org/show_bug.cgi?id=125970

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by containingBlockForAbsolutePosition returning a non-RenderBlock render object.
Fixed the bug by obtaining its containg block.

Also changed the return type of containingBlockForFixedPosition, containingBlockForAbsolutePosition,
containingBlockForObjectInFlow from RenderElement to RenderBlock as all callers of these functions
had assumed the return value to be an instance of RenderBlock.

Test: svg/text/select-text-inside-non-static-position.html

• rendering/LogicalSelectionOffsetCaches.h:

(WebCore::containingBlockForFixedPosition):
(WebCore::containingBlockForAbsolutePosition):
(WebCore::containingBlockForObjectInFlow):
(WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):

LayoutTests:

Added a regression test.

• svg/text/select-text-inside-non-static-position-expected.txt: Added.
• svg/text/select-text-inside-non-static-position.html: Added.

6:33 PM Changeset in webkit [160818] by timothy_horton@apple.com

• 15 edits
  3 adds in trunk/Source/WebKit2

WebKit2 View Gestures: Move WebProcess-side geometry collection into its own class
​https://bugs.webkit.org/show_bug.cgi?id=125967

Reviewed by Anders Carlsson.

Move the messages dispatched by ViewGestureController that grab geometry
from the WebProcess out of the DrawingArea and into ViewGestureGeometryCollector.
This class will grow when smart magnification is implemented.

• UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.h:
• UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:
• WebProcess/WebPage/DrawingArea.h:
• WebProcess/WebPage/DrawingArea.messages.in:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

Remove BeginTransientZoom() message.

• DerivedSources.make:
• UIProcess/DrawingAreaProxy.h:

• UIProcess/mac/ViewGestureController.cpp:

(WebKit::ViewGestureController::didCollectGeometryForMagnificationGesture):
(WebKit::ViewGestureController::handleMagnificationGesture):

• UIProcess/mac/ViewGestureController.h:
• UIProcess/mac/ViewGestureController.messages.in:

Make use of ViewGestureGeometryCollector and rename didBeginTransientZoom to didCollectGeometryForMagnificationGesture.

• WebKit2.xcodeproj/project.pbxproj:

Add new files.

• WebProcess/WebPage/ViewGestureGeometryCollector.cpp: Added.

(WebKit::ViewGestureGeometryCollector::ViewGestureGeometryCollector):
(WebKit::ViewGestureGeometryCollector::~ViewGestureGeometryCollector):
(WebKit::ViewGestureGeometryCollector::collectGeometryForMagnificationGesture):

• WebProcess/WebPage/ViewGestureGeometryCollector.h: Added.
• WebProcess/WebPage/ViewGestureGeometryCollector.messages.in: Added.

Move the code to collect the visible content rect and return it to the ViewGestureController into its own class.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):

• WebProcess/WebPage/WebPage.h:

Move m_pageID to the top of WebPage's initialization list so that
it can be safely used from other members' constructors.

Add a ViewGestureGeometryCollector member and construct it.

6:29 PM Changeset in webkit [160817] by akling@apple.com

• 2 edits in trunk/Source/WebCore

Don't waste cycles on zeroing every CascadedProperties::Property.
<​https://webkit.org/b/125966>

The CascadedProperties constructor already zeroes out the whole
property array. Move the memset() to setDeferred() which is the only
other place we create a Property.

Brought to you by Instruments.app. Profile your code today!

Reviewed by Antti Koivisto.

6:22 PM Changeset in webkit [160816] by Gustavo Noronha Silva

• 4 edits in trunk/Source

Unreviewed cmake build fix for GTK+.

Source/WebKit:

• PlatformGTK.cmake: add missing include directory.

Source/WebKit2:

• PlatformGTK.cmake: fix paths for files that were moved.

6:21 PM Changeset in webkit [160815] by msaboff@apple.com

• 4 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Stop threading callFrameRegister through LLIntSlowCalls
​https://bugs.webkit.org/show_bug.cgi?id=125964

Reviewed by Geoffrey Garen.

Removed the general restoring of the call frame registers (cfr) after the return
from a LLInt slow calls. In most cases, the "exec" value of the LLInt slow
path return pair is set to 0. For llint_slow_path_call/construct and
llint_slow_path_size_and_alloc_frame_for_varargs the execCallee is returned in
the "exec" value. When an exception happens in a slow path handler we return 0,
because the llint_throw_from_slow_path_trampoline path will properly unwind by
making a slow call that will invoke genericUnwind() to do the real unwinding.

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter64.asm:

5:55 PM Changeset in webkit [160814] by hmuller@adobe.com

• 4 edits in trunk/Source/WebCore

[CSS Shapes] Simplify the BoxShape implementation
​https://bugs.webkit.org/show_bug.cgi?id=125548

Reviewed by Andreas Kling.

Reduce BoxShape's footprint by about 2/3rds. Instead of caching the
FloatRoundedRects which represent a BoxShape's shape-padding and shape-margin
boundaries, compute them as needed.

No new tests, this is just an internal refactoring.

• rendering/shapes/BoxShape.cpp:

(WebCore::BoxShape::shapeMarginLogicalBoundingBox): Now just computes the bounding box rect.
(WebCore::BoxShape::shapePaddingLogicalBoundingBox): Ditto.
(WebCore::BoxShape::shapeMarginBounds): Removed the caching logic.
(WebCore::BoxShape::shapePaddingBounds): Ditto.
(WebCore::BoxShape::getExcludedIntervals): Use the computed margin bounds, instead of the cached one.
(WebCore::BoxShape::getIncludedIntervals): Ditto (padding bounds).

• rendering/shapes/BoxShape.h:

(WebCore::BoxShape::BoxShape): Simplified the constructor.

• rendering/shapes/Shape.cpp:

(WebCore::createBoxShape):
(WebCore::Shape::createShape):

5:39 PM Changeset in webkit [160813] by andersca@apple.com

• 2 edits in trunk/Source/WebKit2

MessageReceiverMap::addMessageReceiver should assert that destinationID is not zero
​https://bugs.webkit.org/show_bug.cgi?id=125965

Reviewed by Tim Horton.

• Platform/CoreIPC/MessageReceiverMap.cpp:

(CoreIPC::MessageReceiverMap::addMessageReceiver):

5:35 PM Changeset in webkit [160812] by Gustavo Noronha Silva

• 5 edits in trunk

[GTK][CMake] make libjavascriptcoregtk a public shared library again
​https://bugs.webkit.org/show_bug.cgi?id=125512

Reviewed by Martin Robinson.

.:

• CMakeLists.txt: make JavaScriptCore always be a shared library for the GTK+ port.
• Source/cmake/WebKitHelpers.cmake: make -fvisibility=hidden not be applied for GTK+,

visibility of some symbols is required for threading to be initialized properly by
WebKit2 processes, and we will rely on a linker script that will be added later on,
for production builds.

Source/JavaScriptCore:

• CMakeLists.txt: use target type instead of SHARED_CORE to decide whether

JavaScriptCore is a shared library, since it's always shared for GTK+ regardless
of SHARED_CORE.

5:22 PM Changeset in webkit [160811] by andersca@apple.com

• 12 edits in trunk

Deprecate some WKMutableDictionary functions
​https://bugs.webkit.org/show_bug.cgi?id=125962

Reviewed by Tim Horton.

Source/WebKit2:

• Shared/API/c/WKDeprecatedFunctions.cpp:

(WKDictionaryIsMutable):
(WKDictionaryAddItem):
(WKDictionaryRemoveItem):

• Shared/API/c/WKMutableDictionary.cpp:
• Shared/API/c/WKMutableDictionary.h:

Tools:

• TestWebKitAPI/PlatformUtilities.cpp:

(TestWebKitAPI::Util::createInitializationDictionaryForInjectedBundleTest):

• TestWebKitAPI/Tests/WebKit2/DidAssociateFormControls_Bundle.cpp:

(TestWebKitAPI::didAssociateFormControls):

• TestWebKitAPI/Tests/WebKit2/WillLoad_Bundle.cpp:

(TestWebKitAPI::WillLoadTest::willLoadURLRequest):
(TestWebKitAPI::WillLoadTest::willLoadDataRequest):

• WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::createMouseMessageBody):
(WTR::EventSendingController::mouseMoveTo):
(WTR::EventSendingController::leapForward):
(WTR::createKeyDownMessageBody):
(WTR::EventSendingController::mouseScrollBy):
(WTR::EventSendingController::continuousMouseScrollBy):
(WTR::EventSendingController::addTouchPoint):
(WTR::EventSendingController::updateTouchPoint):
(WTR::EventSendingController::setTouchModifier):
(WTR::EventSendingController::setTouchPointRadius):
(WTR::EventSendingController::touchStart):
(WTR::EventSendingController::touchMove):
(WTR::EventSendingController::touchEnd):
(WTR::EventSendingController::touchCancel):
(WTR::EventSendingController::clearTouchPoints):
(WTR::EventSendingController::releaseTouchPoint):
(WTR::EventSendingController::cancelTouchPoint):

• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::done):
(WTR::InjectedBundle::setMockGeolocationPosition):
(WTR::InjectedBundle::setCustomPolicyDelegate):
(WTR::InjectedBundle::setVisibilityState):
(WTR::InjectedBundle::queueLoad):
(WTR::InjectedBundle::queueLoadHTMLString):

• WebKitTestRunner/TestController.cpp:

(WTR::TestController::initialize):
(WTR::TestController::resetStateToConsistentValues):

• WebKitTestRunner/TestInvocation.cpp:

(WTR::updateThreadedScrollingForCurrentTest):
(WTR::updateLayoutType):
(WTR::TestInvocation::invoke):

5:14 PM Changeset in webkit [160810] by jer.noble@apple.com

• 5 edits in trunk/Source/WebCore

[MSE][Mac] Add AVSampleBufferAudioRenderer support.
​https://bugs.webkit.org/show_bug.cgi?id=125905

Reviewed by Eric Carlson.

On platforms which support AVSampleBufferAudioRenderer, add support
for playback of audio CMSampleBufferRefs generated by AVStreamDataParser.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::isAvailable): Require AVSampleBufferAudioRenderer.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVolume): Pass through to every audio renderer.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setMuted): Ditto.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addAudioRenderer): Slave the renderer's

timebase to the master clock.

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeAudioRenderer):

• platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
• platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC): Drive by fix; initialize

m_enabledVideoTrackID.

(WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC): Call destroyRenderers().
(WebCore::callProcessCodedFrameForEachSample): Drive by fix; convert the bool return to an OSErr.
(WebCore::SourceBufferPrivateAVFObjC::destroyRenderers): Added; flush and destroy the audio

renderers.

(WebCore::SourceBufferPrivateAVFObjC::removedFromMediaSource): Call destroyRenderers().
(WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled): Enable or disable the audio

renderer in response.

(WebCore::SourceBufferPrivateAVFObjC::flushAndEnqueueNonDisplayingSamples): Added audio

specific version.

(WebCore::SourceBufferPrivateAVFObjC::enqueueSample): Ditto.
(WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples): Ditto.
(WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples): Ditto.
(WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples): Ditto.

4:52 PM Changeset in webkit [160809] by mitz@apple.com

• 3 edits in trunk/Source/WebKit2

[Cocoa] Allow the web process plug-in to intercept resource requests
​https://bugs.webkit.org/show_bug.cgi?id=125959

Reviewed by Anders Carlsson.

• WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInLoadDelegate.h: Declared new

delegate method.

• WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(willSendRequestForFrame): Implemented this WKBundlePageResourceClient callback by calling
the load delegate.
(setUpResourceLoadClient): Added. Initializes the resource load client with the above
function.
(-[WKWebProcessPlugInBrowserContextController setLoadDelegate:]): Added calls to initialize
and clear the resource load client.

4:48 PM Changeset in webkit [160808] by mark.lam@apple.com

• 9 edits in branches/jsCStack/Source/JavaScriptCore

CStack: Fix LLINT to baseline JIT OSR.
​https://bugs.webkit.org/show_bug.cgi?id=125957.

Reviewed by Michael Saboff.

1. In LLINT prologue code, when taking the OSR path, we don't actually need the OSR slow path function to return the new stackPointer value. Instead, the OSR prep code in the prologue needs to restore the previous sp because we are going to jump to the prologue of the target codeBlock, which will assume that the stack pointer to be pointing to the top of the caller frame.

To do this, we simply set stackPointer to the "new" callFrameRegister
before we pop the "old" callFrame address into the callFrameRegister.

2. In the LLINT checkSwitchToJITForLoop() macro, if we're going to take the OSR path, we'll need to set the stackPointer to the new topOfFrame for the target codeBlock. Hence, we make llint_loop_osr return exec->topOfFrame() for this purpose.

3. Previously, CallFrame::topOfFrame() (renamed from CallFrame::frameExtent()) would return the address of the slot past the top of the frame. It now returns the slot at the top of the frame as it should.

• interpreter/CallFrame.cpp:

(JSC::CallFrame::topOfFrameInternal):

• interpreter/CallFrame.h:

(JSC::ExecState::topOfFrame):

• interpreter/JSStack.cpp:

(JSC::JSStack::disableErrorStackReserve):

• interpreter/JSStackInlines.h:

(JSC::JSStack::getTopOfFrame):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

4:42 PM Changeset in webkit [160807] by Seokju Kwon

• 2 edits in trunk/Source/WebCore

Web Inspector: Remove leftover code from InspectorController after r108965
​https://bugs.webkit.org/show_bug.cgi?id=125956

Reviewed by Joseph Pecoraro.

No new tests, no changes in behavior.

• inspector/InspectorController.h: PostWorkerNotificationToFrontendTask was removed in r108965.

4:33 PM Changeset in webkit [160806] by akling@apple.com

• 3 edits in trunk/Source/WebCore

CSS: Add a property cascading pass to style application.
<​https://webkit.org/b/125213>

Add an intermediate pass to style application where we cascade all
style properties to figure out their final values before starting
to build RenderStyles.

This opens up various opportunities for further optimization.

Reviewed by Antti Koivisto.

• css/StyleResolver.cpp:

(WebCore::StyleResolver::CascadedProperties::Property::Property):
(WebCore::StyleResolver::CascadedProperties::CascadedProperties):
(WebCore::StyleResolver::CascadedProperties::property):
(WebCore::StyleResolver::CascadedProperties::set):
(WebCore::StyleResolver::CascadedProperties::addStyleProperties):
(WebCore::StyleResolver::CascadedProperties::addMatches):
(WebCore::StyleResolver::CascadedProperties::Property::apply):

Added. CascadedProperties is something of a container class
that takes CSS property/value/linkMatchType as input and boils
them down to the final values that will actually be used.

Most properties are poked into an unfancy array where latest
is greatest (unless !important, of course.) Some properties are
queued up to be applied in parse order, more on that below.

(WebCore::StyleResolver::applyCascadedProperties):
(WebCore::StyleResolver::applyMatchedProperties):

The brains of this patch. applyMatchedProperties() now creates
a CascadedProperties and uses it to figure out the final values
and uses applyCascadedProperties() to apply them. Deferred
properties (parse order) are applied last.

We may discover during property application that we won't be
able to use a matched properties cache item. This happens if
the effective zoom or font changes. If that happens, we start
the process over, now with the cache disabled. This may need
some optimization work.

(WebCore::extractDirectionAndWritingMode):

Directional properties ending in e.g -before or -after depend on
the direction and writing mode in effect, so we must begin with
resolving those properties before doing the full cascade.

This is done by simply walking the set of matched properties and
manually applying '-webkit-writing-mode' and 'direction'.

If this starts showing up in profiles, we can easily cache some
of the information in e.g RuleData to avoid the traversal here.

(WebCore::elementTypeHasAppearanceFromUAStyle):

To determine whether a form element is styled beyond the default
UA style sheet, StyleResolver caches the border and background
values from RenderStyle after applying the UA style sheet.

Those values are then compared against after all style is applied
and if some (platform-dependent) values differ, the element is
considered "styled."

This really only affects elements with -webkit-appearance values
in the default UA style sheet, so this function determines if an
element should take the goofy slow path for this.

(WebCore::shouldApplyPropertyInParseOrder):
(WebCore::StyleResolver::CascadedProperties::setDeferred):
(WebCore::StyleResolver::CascadedProperties::applyDeferredProperties):

Some CSS properties will write to the same RenderStyle fields when
applied, so in order to maintain previous behavior, we must apply
them in the order they were parsed.

We accomplish this by keeping an ordered queue of such properties
to apply separately after all the other properties.

(WebCore::StyleResolver::CascadedProperties::setPropertyInternal):

Helper for poking values into a CascadedProperties::Property.

• css/StyleResolver.h:

(WebCore::StyleResolver::state):

Expose the StyleResolver::State so CascadedProperties can access it.

4:10 PM Changeset in webkit [160805] by Martin Robinson

• 3 edits
  1 add in trunk/Tools

[GTK] [CMake] Add support for building GtkLauncher
​https://bugs.webkit.org/show_bug.cgi?id=125766

Reviewed by Gustavo Noronha Silva.

• CMakeLists.txt: Add the GtkLauncher subdirectory for the GTK port.
• GtkLauncher/CMakeLists.txt: Added.
• GtkLauncher/main.c: Support including the CMake config file.

4:04 PM Changeset in webkit [160804] by Martin Robinson

• 8 edits
  3 adds in trunk

[GTK] [CMake] Add support for building WebKit1
​https://bugs.webkit.org/show_bug.cgi?id=116377

Reviewed by Gustavo Noronha Silva.

.:

• Source/cmake/OptionsGTK.cmake: Turn off some features that do not build properly

for WebKit1 and stop using the version script which we haven't implemented yet. Turn
on WebKit1.

Source/WebCore:

• PlatformGTK.cmake: Add a missing source required by WebKit1 to

the WebCore build.

Source/WebKit:

• CMakeLists.txt: Updated WebCore include directory list for WebKitGTK+ and

added BUILDING_WEBKIT to the list of defines.

• PlatformGTK.cmake: Added.

Source/WebKit/gtk:

• GNUmakefile.am: Switch to using the templates for building the GObject enums.
• webkit/webkitenumtypes.cpp.template: Added.
• webkit/webkitenumtypes.h.template: Added.

3:50 PM Changeset in webkit [160803] by commit-queue@webkit.org

• 5 edits
  3 copies in trunk/Source/WebKit2

​https://bugs.webkit.org/show_bug.cgi?id=125941
Add Obj C API for injected bundle PageGroup class.

Patch by Yongjun Zhang <​yongjun_zhang@apple.com> on 2013-12-18
Reviewed by Dan Bernstein.

Add Obj C API (WKWebProcessPlugInPageGroup) for injected bundle PageGroup class. And add APIs to
expose the main frame and page group from WKWebProcessPlugInBrowsingContextController.

• Shared/Cocoa/APIObject.mm:

(API::Object::newObject): Create wrapper object for InjectedPageGroup object.

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInPageGroup.h: Added.
• WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInPageGroup.mm: Added.

(-[WKWebProcessPlugInPageGroup identifier]):
(-[WKWebProcessPlugInPageGroup dealloc]):
(-[WKWebProcessPlugInPageGroup API::]):

• WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInPageGroupInternal.h: Added.

(WebKit::wrapper):

• WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.h: Add API to expose the main frame and page group

for WKWebPocessPlugInBrowserContextController.

• WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController mainFrame]):
(-[WKWebProcessPlugInBrowserContextController pageGroup]):

3:33 PM Changeset in webkit [160802] by hmuller@adobe.com

• 4 edits in trunk/Source/WebCore

[CSS Shapes] Simplify RectangleShape implementation
​https://bugs.webkit.org/show_bug.cgi?id=125536

Reviewed by Andreas Kling.

Instead of caching an instance of a private FloatRoundedRect (ish) class for
RectangleShape's shape-margin and shape-padding bounds, we just compute
the FloatRect and radii as needed. This reduces the classes footprint a little
and it simplifies the implementation.

Removed the private RectangleShape::ShapeBounds class and made its
cornerInterceptForWidth() method a static function. Added members for
the RectangleShape constructor args, and private getters for their properties.

There are no new tests because this is just an internal refactoring.

• rendering/shapes/RectangleShape.cpp:

(WebCore::RectangleShape::shapePaddingBounds):
(WebCore::RectangleShape::shapeMarginBounds):
(WebCore::ellipseXIntercept):
(WebCore::ellipseYIntercept):
(WebCore::RectangleShape::getExcludedIntervals):
(WebCore::RectangleShape::getIncludedIntervals):
(WebCore::cornerInterceptForWidth):
(WebCore::RectangleShape::firstIncludedIntervalLogicalTop):
(WebCore::RectangleShape::buildPath):

• rendering/shapes/RectangleShape.h:

(WebCore::RectangleShape::RectangleShape):
(WebCore::RectangleShape::rx):
(WebCore::RectangleShape::ry):
(WebCore::RectangleShape::x):
(WebCore::RectangleShape::y):
(WebCore::RectangleShape::width):
(WebCore::RectangleShape::height):

• rendering/shapes/Shape.cpp:

(WebCore::createCircleShape): Renamed this internal function (it was createShapeCircle) because it was inconsistent.
(WebCore::createEllipseShape): Ditto.
(WebCore::Shape::createShape):

3:25 PM Changeset in webkit [160801] by timothy_horton@apple.com

• 2 edits in trunk/Source/WebKit2

PDFPlugin: Never make a NSEventType = 0
​https://bugs.webkit.org/show_bug.cgi?id=125955

Reviewed by Dan Bernstein.

• WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::getEventTypeFromWebEvent):
Make getEventTypeFromWebEvent return its NSEventType as an out arg, and
make the return value represent whether or not we set it.

(WebKit::PDFPlugin::nsEventForWebMouseEvent):
(WebKit::PDFPlugin::handleKeyboardEvent):
Make use of getEventTypeFromWebEvent.

3:23 PM Changeset in webkit [160800] by benjamin@webkit.org

• 4 edits
  1 add in trunk/Source

Add a simple stack abstraction for x86_64
​https://bugs.webkit.org/show_bug.cgi?id=125908

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

• assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::addPtrNoFlags):
Add an explicit abstraction for the "lea" instruction. This is needed
by the experimental JIT to have add and substract without changing the flags.

This is useful for function calls to test the return value, restore the registers,
then branch on the flags from the return value.

Source/WebCore:

StackAllocator provides an abstraction to make it hard to make mistakes and protects from obvious
issues at runtime.

The key roles of StackAllocators are:
-Provide the necessary stack alignment for function calls (only x86_64 stack for now).
-Provide ways to save registers on the stack, restore or discard them as needed.
-Crash at runtime if an operation would obviously cause a stack inconsistency.

The way simple inconsistencies are detected is through the StackReference object
returned whenever something is added on the stack.
The object keeps a reference to the offset of what has been pushed. When the StackReference
is used to recover the register, if the offset is different, there is a missmatch between
push() and pop() after the object was pushed.

• cssjit/StackAllocator.h: Added.

(WebCore::StackAllocator::StackReference::StackReference):
(WebCore::StackAllocator::StackReference::operator unsigned):
(WebCore::StackAllocator::StackAllocator):
(WebCore::StackAllocator::~StackAllocator):
(WebCore::StackAllocator::push):
(WebCore::StackAllocator::pop):

(WebCore::StackAllocator::alignStackPreFunctionCall):
(WebCore::StackAllocator::unalignStackPostFunctionCall):
Those helpers provide a simple way to have a valid stack prior to a function call.
Since StackAllocator knows the offset and the platform rules, it can adjust the stack
if needed for x86_64.

(WebCore::StackAllocator::discard): Discard a single register or the full stack.

(WebCore::StackAllocator::combine): combining stacks is the way to solve branches
where the stack is used differently in each case.
To do that, the stack is first copied to A and B. Each branch works on its own
StackAllocator copy, then the two copies are linked together to the original stack.

The copies ensure the local consistency in each branch, linking the copies ensure global
consistencies and that both branches end in the same stack state.

(WebCore::StackAllocator::offsetToStackReference): Helper function to access the stack by address
through its StackReference.

(WebCore::StackAllocator::reset):

3:12 PM Changeset in webkit [160799] by Gustavo Noronha Silva

• 2 edits in trunk

[GTK][CMake] Use thin archives if building on Linux, only way to get non-shared-core debug builds
​https://bugs.webkit.org/show_bug.cgi?id=125951

Reviewed by Martin Robinson.

• Source/cmake/OptionsGTK.cmake: append T for thin archives to the flags passed to ar,

also use u, which is used in the autotools build (it avoids adding a file twice).

3:11 PM Changeset in webkit [160798] by commit-queue@webkit.org

• 13 edits
  3 adds in trunk

[WinCairo] Preparation for GStreamer on Windows.
​https://bugs.webkit.org/show_bug.cgi?id=125946

Patch by Alex Christensen <​achristensen@webkit.org> on 2013-12-18
Reviewed by Brent Fulgham.

Source/WebCore:

• WebCore.vcxproj/WebCore.vcxproj:

Use new GStreamer property sheets for WinCairo.

• WebCore.vcxproj/WebCoreCairo.props:

Include GStreamer directory.

Source/WebKit:

• WebKit.vcxproj/WebKit/WebKit.vcxproj:

Use new GStreamer property sheets for WinCairo.

• WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

Fixed 64-bit symbols, added GStreamer symbol.

Source/WTF:

• WTF.vcxproj/WTF.vcxproj:

Use new GStreamer property sheets for WinCairo.

Tools:

• WinLauncher/WinLauncher.vcxproj/WinLauncherLib.vcxproj:

Use new GStreamer property sheets for WinCairo.

• win/DLLLauncher/DLLLauncherMain.cpp:

(modifyPath):
(wWinMain):
Prepend GStreamer bin directory to path if it exists.

WebKitLibraries:

• win/tools/vsprops/FeatureDefinesCairo.props:

Added ENABLE_MEDIA_CONTROLS_SCRIPT and ENABLE_VIDEO_TRACK for DerivedSources.make.

• win/tools/vsprops/GStreamer32.props: Added.
• win/tools/vsprops/GStreamer64.props: Added.
• win/tools/vsprops/GStreamerCommon.props: Added.

3:05 PM Changeset in webkit [160797] by Gustavo Noronha Silva

• 2 edits in trunk

[GTK][CMake] Remove binary size optimizations we do not use in the autotools build
​https://bugs.webkit.org/show_bug.cgi?id=125947

Reviewed by Martin Robinson.

• Source/cmake/OptionsGTK.cmake: remove the relevant flags.

2:50 PM Changeset in webkit [160796] by mhahnenberg@apple.com

• 31 edits
  4 adds in trunk/Source

DFG should have a separate StoreBarrier node
​https://bugs.webkit.org/show_bug.cgi?id=125530

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly
part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase.
They are inserted during the fixup phase. Initially they do not generate any code.

• CMakeLists.txt:
• GNUmakefile.list.am:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGAbstractHeap.h:
• dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::isKnownNotCell):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::::executeEffects):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberizeForAllocation):
(JSC::DFG::clobberize):

• dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and
ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
If we ever require that write barriers occur before stores, we'll have to split these nodes into
AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::insertStoreBarrier):

• dfg/DFGNode.h:

(JSC::DFG::Node::isStoreBarrier):

• dfg/DFGNodeType.h:
• dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

• dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

• dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
(JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the
byte that contains the mark bit of the object.
(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the
cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed
during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles
are properly cleared during GC.

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):

• dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant

StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that
that object doesn't need any more StoreBarriers.
(JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
(JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the
objects known in the current block.
(JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically
sets the bit for that object since if a GC occurred as the result of that object's allocation then that
object would not need a barrier since it would be guaranteed to be a young generation object until the
next GC point.
(JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
(JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
(JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
(JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
(JSC::DFG::StoreBarrierElisionPhase::handleNode):
(JSC::DFG::StoreBarrierElisionPhase::handleBlock):
(JSC::DFG::StoreBarrierElisionPhase::run):
(JSC::DFG::performStoreBarrierElision):

• dfg/DFGStoreBarrierElisionPhase.h: Added.
• heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::flushWriteBarrierBuffer):

• heap/Heap.h:

(JSC::Heap::writeBarrier):

• heap/MarkedBlock.h:

(JSC::MarkedBlock::offsetOfMarks):

• heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting

a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to
each EdenCollection.
(JSC::WriteBarrierBuffer::WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::flush):
(JSC::WriteBarrierBuffer::reset):
(JSC::WriteBarrierBuffer::add):

• heap/WriteBarrierBuffer.h: Added.

(JSC::WriteBarrierBuffer::currentIndexOffset):
(JSC::WriteBarrierBuffer::capacityOffset):
(JSC::WriteBarrierBuffer::bufferOffset):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• runtime/VM.h:

Source/WTF:

• wtf/Platform.h: Added an #define for ENABLE(GGC) which will be used for landing things related to GenGC.

2:02 PM Changeset in webkit [160795] by andersca@apple.com

• 2 edits in trunk/Source/WebKit2

WKRemoteObjectRegistry should invoke invocations
​https://bugs.webkit.org/show_bug.cgi?id=125945

Reviewed by Tim Horton.

• Shared/API/Cocoa/WKRemoteObjectRegistry.mm:

(-[WKRemoteObjectRegistry _invokeMessageWithInterfaceIdentifier:encodedInvocation:]):

1:36 PM Changeset in webkit [160794] by andersca@apple.com

• 2 edits
  3 deletes in trunk/Tools

Remove now useless test.

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKit2ObjC/WKRemoteObjectRegistry.mm: Removed.
• TestWebKitAPI/Tests/mac/WKRemoteObjectRegistry_Bundle.mm: Removed.
• TestWebKitAPI/Tests/mac/WKRemoteObjectRegistry_Shared.h: Removed.

1:08 PM Changeset in webkit [160793] by oliver@apple.com

• 2 edits in trunk/Source/WebCore

Refactor CodeGeneratorJS - Move attribute function creation out of getOwnPropertyName guard
​https://bugs.webkit.org/show_bug.cgi?id=125940

Reviewed by Simon Fraser.

This is just a huge block move of code out from behind the
ImplementationOverridesGetOwnProperty guard.

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

1:03 PM Changeset in webkit [160792] by timothy_horton@apple.com

• 3 edits in trunk/Source/WebCore

[iOS] Frequent ASSERT(hasOneRef()) in SharedBuffer::releasePurgeableBuffer
​https://bugs.webkit.org/show_bug.cgi?id=125939

Reviewed by Simon Fraser.

r146082 fixed these assertions by not making a purgeable buffer if a SharedBuffer
has multiple refs, but the check was put in ResourceBuffer::createPurgeableBuffer
instead of down in SharedBuffer::createPurgeableBuffer.

This is fine for most WebKit ports, because ResourceBuffer::createPurgeableBuffer
is the only caller of SharedBuffer::createPurgeableBuffer, but causes trouble for
not-quite-yet-upstreamed iOS SharedBuffer code, which adds another caller
of SharedBuffer::createPurgeableBuffer.

Push the early-return down into SharedBuffer::createPurgeableBuffer to ensure
that all callers are protected from creating a purgeable buffer if the SharedBuffer
has previously been vended elsewhere.

No new tests, has no effect on the current Open Source tree.

• loader/ResourceBuffer.cpp:

(WebCore::ResourceBuffer::createPurgeableBuffer):

• platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::createPurgeableBuffer):

12:58 PM Changeset in webkit [160791] by Beth Dakin

• 2 edits in trunk/Source/WebCore

Starting a momentum scroll while rubber banding can cause scrolling to jump back
when the rubberband snaps
​https://bugs.webkit.org/show_bug.cgi?id=119507
-and corresponding-
<rdar://problem/14655893>

Reviewed by Simon Fraser.

This line of code was added with the very first implementation of rubber-banding.
As far as I can tell, it was always a belt-and-suspenders line of code that is a
no-op in all normal rubber-banding. In this J-shaped scrolling case, this line of
code is what causes the bug to occur because this line of code assumes that your
rubber-band is always trying to take you back to the origin.

• platform/mac/ScrollElasticityController.mm:

(WebCore::ScrollElasticityController::snapRubberBandTimerFired):

12:50 PM Changeset in webkit [160790] by barraclough@apple.com

• 4 edits in trunk

Fix page visibility api test, initialization in WebKit2
​https://bugs.webkit.org/show_bug.cgi?id=125933

Reviewed by Anders Carlsson.

The API test for page visibility is broken, fix this. This revealed a recent regression in WebKit2
(introduced in ​https://bugs.webkit.org/show_bug.cgi?id=123379), caused by a typo removing a '!'.

Source/WebKit2:

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::setVisibilityState):

• Fix regression, accidentally removed a '!'.

Tools:

• TestWebKitAPI/Tests/mac/PageVisibilityStateWithWindowChanges.mm:

(TestWebKitAPI::TEST_F):

• Running a test on WebKit1 twice is not the same as running it on WebKit2!

12:40 PM Changeset in webkit [160789] by Chris Fleizach

• 4 edits
  2 adds in trunk

AX: make aria-hidden=false work with subtrees
​https://bugs.webkit.org/show_bug.cgi?id=125592

Reviewed by Mario Sanchez Prada.

Source/WebCore:

When a hidden object uses aria-hidden=false, that needs to apply to
the entire sub-tree (not just the object with aria-hidden on it as it does now).

Enabling this had the side effect of exposing non-rendered text nodes, so there's
some extra checks to ensure we don't include those elements in this cases.

Test: accessibility/aria-hidden-false-works-in-subtrees.html

• accessibility/AXObjectCache.cpp:

(WebCore::isNodeAriaVisible):

• accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::computeAccessibilityIsIgnored):

LayoutTests:

• platform/mac/accessibility/aria-hidden-false-works-in-subtrees-expected.txt: Added.
• accessibility/aria-hidden-false-works-in-subtrees.html: Added.

12:37 PM Changeset in webkit [160788] by andersca@apple.com

• 2 edits in trunk/Source/WebKit2

Fix 32-bit build.

• Shared/API/Cocoa/RemoteObjectRegistry.mm:

(WebKit::RemoteObjectRegistry::invokeMethod):

12:20 PM Changeset in webkit [160787] by andersca@apple.com

• 11 edits
  1 copy
  1 move
  1 add in trunk/Source/WebKit2

Make WKObjectRegistry objects be per page
​https://bugs.webkit.org/show_bug.cgi?id=125937

Reviewed by Andreas Kling.

Remove WKObjectRegistry from WKConnection. Also, add a C++ object that is in charge
of actually sending and receiving messages.

• DerivedSources.make:
• Shared/API/Cocoa/RemoteObjectRegistry.h: Added.
• Shared/API/Cocoa/RemoteObjectRegistry.messages.in: Added.
• Shared/API/Cocoa/RemoteObjectRegistry.mm: Added.

(WebKit::RemoteObjectRegistry::RemoteObjectRegistry):
(WebKit::RemoteObjectRegistry::~RemoteObjectRegistry):
(WebKit::RemoteObjectRegistry::sendInvocation):
(WebKit::RemoteObjectRegistry::invokeMethod):

• Shared/API/Cocoa/WKRemoteObjectRegistry.mm:

(-[WKRemoteObjectRegistry _initWithMessageSender:IPC::]):
(-[WKRemoteObjectRegistry _invalidate]):
(-[WKRemoteObjectRegistry _sendInvocation:interface:]):
(-[WKRemoteObjectRegistry WebKit::]):
(-[WKRemoteObjectRegistry _invokeMethod:]):

• Shared/API/Cocoa/WKRemoteObjectRegistryInternal.h:
• UIProcess/API/Cocoa/WKBrowsingContextController.mm:

(-[WKBrowsingContextController dealloc]):
(-[WKBrowsingContextController remoteObjectRegistry]):

• UIProcess/API/Cocoa/WKBrowsingContextControllerPrivate.h:
• UIProcess/API/Cocoa/WKConnection.h:
• UIProcess/API/Cocoa/WKConnection.mm:

(didReceiveMessage):

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController remoteObjectRegistry]):

• WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextControllerPrivate.h:

12:12 PM Changeset in webkit [160786] by oliver@apple.com

• 2 edits in trunk/Source/WebCore

Simplify bindings codegen for adding getOwnPropertySlot overrides
​https://bugs.webkit.org/show_bug.cgi?id=125934

Reviewed by Alexey Proskuryakov.

Simple refactoring no change in behavior.

• bindings/scripts/CodeGeneratorJS.pm:

(InstanceOverridesGetOwnPropertySlot):
(PrototypeOverridesGetOwnPropertySlot):
(GenerateHeader):
(GenerateImplementation):

12:08 PM WebKitGTK/2.2.x edited by vjaquez@igalia.com

(diff)

12:05 PM Changeset in webkit [160785] by ap@apple.com

• 2 edits in trunk/LayoutTests

Flaky Test: media/video-buffered.html
​https://bugs.webkit.org/show_bug.cgi?id=116277

• platform/mac/TestExpectations: Mark it as such.

11:54 AM Changeset in webkit [160784] by msaboff@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: getHostCallReturnValue shouldn't pop the callFrame
​https://bugs.webkit.org/show_bug.cgi?id=125931

Reviewed by Geoffrey Garen.

Since getHostCallReturnValue() is called after a call to a slow path
function and the return from the slow patch pops the call frame there is
no need for getHostCallReturnValue() to pop the frame.
Removed the popping of the call frame getHostCallReturnValue() for all CPU platforms.

• jit/JITOperations.cpp:

11:46 AM Changeset in webkit [160783] by msaboff@apple.com

• 2 edits in branches/jsCStack/Source/JavaScriptCore

CStack Branch: Exceptions in LLIntSlowPaths shouldn't pop call frame
​https://bugs.webkit.org/show_bug.cgi?id=125932

Reviewed by Mark Lam.

Removed the unwinding of the call frame in LLINT_CALL_RETURN().
Since llint_slow_path_handle_exception will unwind to the proper callFrame
via genericUnwind() there is no need for the frame to be unwound in
llint slow paths.

• llint/LLIntSlowPaths.cpp:

11:42 AM Changeset in webkit [160782] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

AudioSessionManagerMac.cpp: kLowPowerVideoBufferSize unused before OS X 10.9
​https://bugs.webkit.org/show_bug.cgi?id=125935

Patch by Conrad Shultz <Conrad Shultz> on 2013-12-18
Reviewed by Jer Noble.

• platform/audio/mac/AudioSessionManagerMac.cpp:

Add MAC_OS_X_VERSION_MIN_REQUIRED >= 1090 guard.

11:41 AM Changeset in webkit [160781] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebKit2

API to set a favicon
​https://bugs.webkit.org/show_bug.cgi?id=125892

Patch by Conrad Shultz <Conrad Shultz> on 2013-12-18
Reviewed by Brian Weinstein.

• UIProcess/API/C/WKIconDatabase.cpp:

(WKIconDatabaseSetIconDataForIconURL):
Call WebIconDatabase::setIconDataForIconURL().

• UIProcess/API/C/WKIconDatabase.h:

Declare WKIconDatabaseSetIconDataForIconURL().

11:26 AM Changeset in webkit [160780] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Web Inspector: Some basic DebuggerAgent cleanup
​https://bugs.webkit.org/show_bug.cgi?id=125901

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2013-12-18
Reviewed by Timothy Hatcher.

• inspector/InspectorDebuggerAgent.h:

Remove virtual from not really virtual method.

• inspector/InspectorDebuggerAgent.cpp:

(WebCore::InspectorDebuggerAgent::enable):
(WebCore::InspectorDebuggerAgent::disable):
Use member variable instead of private function.

(WebCore::InspectorDebuggerAgent::setPauseOnExceptions):
Inline the three lines from the private function.

10:59 AM Changeset in webkit [160779] by commit-queue@webkit.org

• 3 edits
  2 adds in trunk

REGRESSION (r155536): Broken error recovery in @media at-rule
​https://bugs.webkit.org/show_bug.cgi?id=125637

Patch by Martin Hodovan <​mhodovan@inf.u-szeged.hu> on 2013-12-18
Reviewed by Darin Adler.

Source/WebCore:

Error recovery in @media is broken if any of its rules misses the opening '{'.
The problem is that when the parser recognises the mistake it removes only the last
WHITESPACE token instead of the whole selector and tries to recover the selector again.
it swallows everything until it finds the next opening bracket. thats why the '}' brackets
of both subrules and even the @media rule are ignored, and the whole @media will be
considered invalid. By joining the selector and its trailing whitespace the error recovery
ignores the bad selector only and keep the @media rule.

Test: fast/css/media-error-recovery.html

• css/CSSGrammar.y.in:

LayoutTests:

Test with broken @media rule.

• fast/css/media-error-recovery-expected.txt: Added.
• fast/css/media-error-recovery.html: Added.

10:50 AM Changeset in webkit [160778] by Chris Fleizach

• 13 edits
  2 adds in trunk

AX: WebKit not sending AXMenuClosed notification
​https://bugs.webkit.org/show_bug.cgi?id=125783

Reviewed by Mario Sanchez Prada.

Source/WebCore:

When an object with a role=menu is removed, we need to send out a notification informing that the menu has closed.
This means detecting the right kind of destruction event for an element, because we do not want to
send this notification when the entire cache is being torn down.

Test: platform/mac/accessibility/aria-menu-closed-notification.html

• accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::~AXObjectCache):
(WebCore::AXObjectCache::remove):

• accessibility/AXObjectCache.h:

(WebCore::AXObjectCache::document):

• accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::detach):

• accessibility/AccessibilityNodeObject.h:
• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::detach):

• accessibility/AccessibilityObject.h:
• accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::detach):

• accessibility/AccessibilityRenderObject.h:
• accessibility/AccessibilityScrollView.cpp:

(WebCore::AccessibilityScrollView::detach):

• accessibility/AccessibilityScrollView.h:
• accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::postPlatformNotification):

LayoutTests:

• platform/mac/accessibility/aria-menu-closed-notification-expected.txt: Added.
• platform/mac/accessibility/aria-menu-closed-notification.html: Added.

10:32 AM Changeset in webkit [160777] by eric.carlson@apple.com

• 2 edits in trunk/Source/WebCore

Do not create cue subtree just to delete it
​https://bugs.webkit.org/show_bug.cgi?id=125904

Reviewed by Jer Noble.

No new tests, covered by existing tests.

• html/track/TextTrackCue.cpp:

(WebCore::TextTrackCue::setIsActive): Return early if display tree is NULL.
(WebCore::TextTrackCue::removeDisplayTree): Ditto.

10:30 AM Changeset in webkit [160776] by andersca@apple.com

• 2 edits in trunk/Source/WebKit2

Fix Dictionary encoding
​https://bugs.webkit.org/show_bug.cgi?id=125930

Reviewed by Andreas Kling.

Encode the HashMap size as a 64-bit unsigned integer.

• Shared/UserData.cpp:

(WebKit::UserData::encode):

10:26 AM Changeset in webkit [160775] by oliver@apple.com

• 6 edits in trunk/Source/WebCore

Remove JSInlineGetOwnPropertySlot attribute as it is no longer necessary
​https://bugs.webkit.org/show_bug.cgi?id=125875

Reviewed by Brady Eidson.

Tested this on dromaeo and acid3 (the original reason for this attribute)
and it no longer provided any benefit. This makes it easier to reason about
creation of getOwnPropertySlot during binding generation.

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

• bindings/scripts/IDLAttributes.txt:
• dom/Document.idl:
• dom/Element.idl:
• dom/Node.idl:

10:14 AM Changeset in webkit [160774] by commit-queue@webkit.org

• 5 edits
  4 adds in trunk

Fix ASSERTION FAILED in WebCore::SVGLengthContext::determineViewport
​https://bugs.webkit.org/show_bug.cgi?id=120284

Patch by Tamas Gergely <​tgergely.u-szeged@partner.samsung.com> on 2013-12-18
Reviewed by Philip Rogers.

Source/WebCore:

Added handling of root <svg> elements.
Blink merge: ​https://chromium.googlesource.com/chromium/blink/+/a7dedf81eb7008276bb6854f0e46465e039788f8

SVGLengthContext::determineViewport() currently asserts that we're not
resolving lengths for the topmost element, but there's nothing to
prevent such calls.

The patch updates determineViewport() to handle root elements geracefully
(using their current viewport). It also changes the signature slightly
to operate directly on a FloatSize, reducing some of the boiler-plate
client code.

Tests: svg/custom/svg-length-value-handled.svg

svg/dom/svg-root-lengths.html

• svg/SVGLengthContext.cpp:

(WebCore::SVGLengthContext::convertValueFromUserUnitsToPercentage):
(WebCore::SVGLengthContext::convertValueFromPercentageToUserUnits):
(WebCore::SVGLengthContext::determineViewport):

• svg/SVGLengthContext.h:
• svg/graphics/filters/SVGFEImage.cpp:

(WebCore::FEImage::platformApplySoftware):

LayoutTests:

Added tests of handling root <svg> elements.
Blink merge: ​https://chromium.googlesource.com/chromium/blink/+/a7dedf81eb7008276bb6854f0e46465e039788f8

• svg/custom/svg-length-value-handled-expected.txt: Added.
• svg/custom/svg-length-value-handled.svg: Added.

Tests whether root svg elements sizes are handled.

• svg/dom/svg-root-lengths-expected.txt: Added.
• svg/dom/svg-root-lengths.html: Added.

Tests the correct handling of root svg elements sizes.

10:07 AM Changeset in webkit [160773] by commit-queue@webkit.org

• 3 edits in trunk/Tools

Should not have identifiers with underscores in them, especially not leading underscores.
​https://bugs.webkit.org/show_bug.cgi?id=125847

Patch by Gergo Balogh <​geryxyz@inf.u-szeged.hu> on 2013-12-18
Reviewed by Darin Adler.

• Scripts/webkitpy/style/checkers/cpp.py:

(check_identifier_name_in_declaration):

• Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_runtime_selfinit):
(WebKitStyleTest.test_names):

10:06 AM Changeset in webkit [160772] by commit-queue@webkit.org

• 3 edits in trunk/Tools

False webkit-check-style warnings on *.
​https://bugs.webkit.org/show_bug.cgi?id=125915

Patch by Gergo Balogh <​geryxyz@inf.u-szeged.hu> on 2013-12-18
Reviewed by Darin Adler.

• Scripts/webkitpy/style/checkers/cpp.py:

(check_spacing):

• Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_pointer_reference_marker_location):

10:02 AM Changeset in webkit [160771] by Darin Adler

• 5 edits in trunk

Additional refinement in MathMLSelectElement toggle implementation
​https://bugs.webkit.org/show_bug.cgi?id=125785

Reviewed by Andreas Kling.

Source/WebCore:

• mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::defaultEventHandler): Call setDefaultHandled
so this will be handled by only one element.
(WebCore::MathMLSelectElement::willRespondToMouseClickEvents): Return true
only when action is set to toggle, since other select elements will not
respond to mouse click events.
(WebCore::MathMLSelectElement::toggle): Simplified code a bit and gave
local a clearer variable name.

LayoutTests:

• mathml/presentation/maction-toggle-expected.html: Updated incorrect expected

result, which expected an already-handled event to be re-handled by a parent
element during the bubbling process.

• mathml/presentation/maction-toggle.html: Ditto.

9:27 AM Changeset in webkit [160770] by rwlbuis@webkit.org

• 10 edits in trunk

2013-12-18 Rob Buis <​rob.buis@samsung.com>

[CSS Shapes] Implement interpolation between keywords in basic shapes
​https://bugs.webkit.org/show_bug.cgi?id=125108

Reviewed by Simon Fraser.

Allow blending for all center coordinates since top/left and bottom/right default to correct
Length values of 0% and 100%. For mixed keyword and value positions compute the length's used
for blending to percentages. This is possible since we compute the reference box bounds given the
renderer.

• page/animation/CSSPropertyAnimation.cpp: (WebCore::blendFunc): Pass additional RenderBox parameter.
• rendering/style/BasicShapes.cpp: (WebCore::BasicShape::canBlend): Don't check circle/ellipse center anymore, but do check that both shapes use the same reference box. (WebCore::BasicShape::referenceBoxSize): Compute box dimension depending on reference box. (WebCore::BasicShapeCenterCoordinate::lengthForBlending): Convert to percentage for Bottom/Right. (WebCore::BasicShapeRectangle::blend): (WebCore::DeprecatedBasicShapeCircle::blend): (WebCore::BasicShapeCircle::blend): (WebCore::DeprecatedBasicShapeEllipse::blend): (WebCore::BasicShapeEllipse::blend): (WebCore::BasicShapePolygon::blend): (WebCore::BasicShapeInsetRectangle::blend): (WebCore::BasicShapeInset::blend):
• rendering/style/BasicShapes.h: (WebCore::BasicShapeCenterCoordinate::blend): Use new lengthForBlending.

9:26 AM Changeset in webkit [160769] by commit-queue@webkit.org

• 4 edits in trunk/Tools

prepare-ChangeLog doesn't handle templates properly
​https://bugs.webkit.org/show_bug.cgi?id=125853

Patch by Dániel Bátyai <Dániel Bátyai> on 2013-12-18
Reviewed by Daniel Bates.

• Scripts/prepare-ChangeLog:

(get_function_line_ranges_for_cpp):

• Scripts/webkitperl/prepare-ChangeLog_unittest/resources/cpp_unittests-expected.txt:
• Scripts/webkitperl/prepare-ChangeLog_unittest/resources/cpp_unittests.cpp:

(Class110<TemplateClass>::func36):

8:54 AM Changeset in webkit [160768] by Lucas Forschler

• 5 edits in branches/safari-537.60-branch/Source

Versioning.

8:52 AM Changeset in webkit [160767] by Lucas Forschler

• 1 copy in tags/Safari-537.60.12

New Tag.

7:51 AM Changeset in webkit [160766] by commit-queue@webkit.org

• 3 edits
  2 adds in trunk

CSS: Null-pointer dereference with negative 'orphans' value.
​https://bugs.webkit.org/show_bug.cgi?id=125924

Patch by Dániel Bátyai <Dániel Bátyai> on 2013-12-18
Reviewed by Andreas Kling.

Source/WebCore:

orphans and widows should be positive integer.

spec link:
​http://www.w3.org/TR/CSS2/page.html#propdef-orphans

Backported from Blink: ​https://codereview.chromium.org/108663009

Test: fast/css/negative-orphans-crash.html

• css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):

LayoutTests:

Test with negative orphans value.

• fast/css/negative-orphans-crash-expected.txt: Added.
• fast/css/negative-orphans-crash.html: Added.

7:05 AM Changeset in webkit [160765] by akling@apple.com

• 2 edits in trunk/Source/WebCore

Make more computed style helpers return values by PassRef.
<​https://webkit.org/b/125923>

Tighten yet another handful of CSS computed style helper functions
to return their CSSValues by PassRef where we never return null.

Reviewed by Antti Koivisto.

7:04 AM Changeset in webkit [160764] by akling@apple.com

• 3 edits in trunk/Source/WebCore

Use range for syntax in Frame and FrameView.
<​https://webkit.org/b/125922>

Convert code in Frame and FrameView to use C++11's range for syntax.

Reviewed by Antti Koivisto.

7:02 AM Changeset in webkit [160763] by akling@apple.com

• 9 edits in trunk/Source/WebCore

RenderElement-ize adjustForAbsoluteZoom() and friends.
<​https://webkit.org/b/125921>

Make adjustForAbsoluteZoom() take a const RenderElement& instead
of a RenderObject* so we can avoid the extra branch in style().
All call sites already had RenderElements.

Reviewed by Antti Koivisto.

6:18 AM Changeset in webkit [160762] by Chris Fleizach

• 5 edits in trunk

AX: HTML spec change indicates @aria-required should trump @required on any element
​https://bugs.webkit.org/show_bug.cgi?id=122145

Reviewed by Mario Sanchez Prada.

Source/WebCore:

aria-required should win over the native "required" attribute.

Updated tests: accessibility/aria-required.html

• accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::isRequired):

LayoutTests:

• accessibility/aria-required-expected.txt:
• accessibility/aria-required.html:

5:56 AM Changeset in webkit [160761] by Carlos Garcia Campos

• 1 copy in releases/WebKitGTK/webkit-2.3.3

Tagging the WebKitGTK+ 2.3.3 release

5:23 AM Changeset in webkit [160760] by Michał Pakuła vel Rutka

• 9 edits in trunk/LayoutTests

Unreviewed EFL gardening

Rebaseline tests after r160715.

• platform/efl/css2.1/t0905-c414-flt-wrap-00-e-expected.png:
• platform/efl/css2.1/t0905-c414-flt-wrap-00-e-expected.txt:
• platform/efl/fast/backgrounds/background-position-parsing-expected.png:
• platform/efl/fast/backgrounds/background-position-parsing-expected.txt:
• platform/efl/fast/backgrounds/size/contain-and-cover-zoomed-expected.png:
• platform/efl/fast/backgrounds/size/contain-and-cover-zoomed-expected.txt:
• platform/efl/fast/block/float/016-expected.png:
• platform/efl/fast/block/float/016-expected.txt:

4:27 AM Changeset in webkit [160759] by Carlos Garcia Campos

• 4 edits in trunk

Unreviewed. Update NEWS and Versions.m4 for 2.3.3 release.

.:

• Source/autotools/Versions.m4: Bump version numbers.

Source/WebKit/gtk:

• NEWS: Added release notes for 2.3.3.

4:24 AM Changeset in webkit [160758] by Carlos Garcia Campos

• 9 edits in trunk/Source

Unreviewed. Fix make distcheck.

Source/JavaScriptCore:

• GNUmakefile.am:

Source/ThirdParty/ANGLE:

• GNUmakefile.am:

Source/WebCore:

• GNUmakefile.am:
• GNUmakefile.list.am:

Source/WebKit2:

• GNUmakefile.list.am:

4:01 AM Changeset in webkit [160757] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

[soup] Fix unused parameter warnings in ResourceHandleSoup.
​https://bugs.webkit.org/show_bug.cgi?id=125918

Patch by Dániel Bátyai <Dániel Bátyai> on 2013-12-18
Reviewed by Martin Robinson.

Comment out the method parameters to avoid the warnings.

No tests required.

• platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::WebCoreSynchronousLoader::didReceiveData):

3:41 AM Changeset in webkit [160756] by commit-queue@webkit.org

• 10 edits in trunk/Tools

Move expectation parsing out of the constructor of TestExpectations
​https://bugs.webkit.org/show_bug.cgi?id=125439

Patch by Dániel Bátyai <​Batyai.Daniel@stud.u-szeged.hu> on 2013-12-18
Reviewed by Csaba Osztrogonác.

• Scripts/webkitpy/layout_tests/controllers/layout_test_runner_unittest.py:

(LayoutTestRunnerTests._run_tests):
(LayoutTestRunnerTests.test_interrupt_if_at_failure_limits):
(LayoutTestRunnerTests.test_update_summary_with_result):

• Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

• Scripts/webkitpy/layout_tests/controllers/manager_unittest.py:

(ManagerTest.test_look_for_new_crash_logs):

• Scripts/webkitpy/layout_tests/lint_test_expectations.py:

(lint):

• Scripts/webkitpy/layout_tests/models/test_expectations.py:

(TestExpectations.suffixes_for_expectations):
(TestExpectations.init):
(TestExpectations):
(TestExpectations.parse_generic_expectations):
(TestExpectations.parse_default_port_expectations):
(TestExpectations.parse_override_expectations):
(TestExpectations.parse_all_expectations):

• Scripts/webkitpy/layout_tests/models/test_expectations_unittest.py:

(parse_exp):
(SkippedTests.check):
(SkippedTests.test_skipped_entry_dont_exist):

• Scripts/webkitpy/layout_tests/models/test_run_results_unittest.py:

(run_results):

• Scripts/webkitpy/tool/commands/queries.py:

(PrintExpectations._model):

• Scripts/webkitpy/tool/commands/rebaseline.py:

(RebaselineTest._update_expectations_file):
(RebaselineExpectations._update_expectations_files):
(RebaselineExpectations._tests_to_rebaseline):

1:08 AM WebKitGTK/2.2.x edited by Carlos Garcia Campos

(diff)