Context Navigation

Reviewed by Oliver Hunt.

This moves NaN purification to stores that could see an impure NaN.

5% speed-up on AsmBench, 50% speed-up on AsmBench/n-body. It is a regression on FloatMM
though, because of the other bug that causes that benchmark to box doubles in a loop.

bytecode/SpeculatedType.h:

(JSC::isInt32SpeculationForArithmetic):
(JSC::isMachineIntSpeculationForArithmetic):
(JSC::isDoubleSpeculation):
(JSC::isDoubleSpeculationForArithmetic):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::fixTypeForRepresentation):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::injectTypeConversionsForEdge):

dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileValueRep):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileValueRep):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):

runtime/PureNaN.h:
tests/stress/float32-array-nan-inlined.js: Added.

(foo):
(test):

tests/stress/float32-array-nan.js: Added.

(foo):
(test):

tests/stress/float64-array-nan-inlined.js: Added.

(foo):
(isBigEndian):
(test):

tests/stress/float64-array-nan.js: Added.

(foo):
(isBigEndian):
(test):

8:54 PM Changeset in webkit [167415] by benjamin@webkit.org

2 edits in trunk/Source/WebCore

Fix the build after r167412

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-16

platform/ScrollView.cpp:

(WebCore::ScrollView::updateScrollbars):

8:48 PM Changeset in webkit [167414] by Lucas Forschler

5 edits in trunk/Source

Versioning.

8:44 PM Changeset in webkit [167413] by Lucas Forschler

1 copy in tags/Safari-538.30

New Tag.

8:28 PM Changeset in webkit [167412] by benjamin@webkit.org

2 edits in trunk/Source/WebKit2

[iOS][WK2] Fix the DidCommitLoad initial scrolling position
https://bugs.webkit.org/show_bug.cgi?id=131780

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-16
Reviewed by Jon Honeycutt.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLayerTree:]):
That code is older than _obscuredInsets and used the contentInsets as a workaround.

8:26 PM Changeset in webkit [167411] by benjamin@webkit.org

4 edits in trunk/Source

[iOS][WK2] Fix annoying scrolling bugs
https://bugs.webkit.org/show_bug.cgi?id=131722

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-16
Reviewed by Simon Fraser.

Source/WebCore:

platform/ScrollView.cpp:

(WebCore::ScrollView::updateScrollbars):
Since ScrollingStateScrollingNode::setRequestedScrollPosition() was added, we see ScrollView::updateScrollbars()
keep changing the scroll position to incorrect values.

On iOS, the scrollbars are handled by the native UI, the code just compute incorrect scroll position. On WebKit1,
the code does not run because there is a platformWidget().

Just #ifdef the whole useless code.

Source/WebKit2:

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _scrollToContentOffset:WebCore::]):
We are scrolling at the wrong position when we have the "small obscured insets".

6:40 PM Changeset in webkit [167410] by barraclough@apple.com

7 edits
2 adds in trunk/Source/WebKit2

On iOS keep network process running using a process assertion rather than a boost
https://bugs.webkit.org/show_bug.cgi?id=131779

Reviewed by Benjamin Poulain.

UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService):

No need to leak a boost onto the NetworkProcess on iOS.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::didFinishLaunching):

Take a ProcessAssertion on the NetworkProcess.

UIProcess/Shared/ChildProcessProxy.h:
- Added m_assertion.
UIProcess/WebProcessProxy.h:
- Removed m_assertion.
UIProcess/ios/ProcessAssertion.h: Added.
- Added - refactored from WebProcessProxy.h.
UIProcess/ios/ProcessAssertion.mm: Added.

(WebKit::ProcessAssertion::ProcessAssertion):
(WebKit::ProcessAssertion::setState):

Added - refactored from WebProcessProxyIOS.mm.

UIProcess/ios/WebProcessProxyIOS.mm:

(WebKit::WebProcessProxy::updateProcessState):

Code refactored out to ProcessAssertion.mm.

WebKit2.xcodeproj/project.pbxproj:
- Added files.

6:26 PM Changeset in webkit [167409] by benjamin@webkit.org

3 edits in trunk/Source/WebKit2

[iOS][WK2] Improve the approximation of the scroll position of the dynamic viewport size updates
https://bugs.webkit.org/show_bug.cgi?id=131720

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-16
Reviewed by Tim Horton.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _scrollToContentOffset:]):
The scrolling tree was forcing scroll at the wrong scale during the transition.

(-[WKWebView _setMinimumLayoutSizeOverride:]):
This was left out by accident. The WebProcess was getting the new layout size twice, making
WebPage::dynamicViewportSizeUpdate() very confused when the content size changes.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::dynamicViewportSizeUpdate):
Add scrolling adjustment for the dynamic relayout case:
-Sticky top and bottom like the UIProcess.
-Keep the same relative position of the unobscured rect's center.

Also fix a bug in the horizontal and vertical adjustments: the code was using the exposed rect
instead of the unobscured rect, which made the adjustments off by the size of the obscured insets.

The type is changed from double to float since ARMv7 has a grudge against double.

6:23 PM Changeset in webkit [167408] by benjamin@webkit.org

2 edits in trunk/Source/WebKit2

[iOS][WK2] Do not update the visible content rects when setting the same obscured insets multiple times
https://bugs.webkit.org/show_bug.cgi?id=131633

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-16
Reviewed by Darin Adler.

We should avoid computing the visible content rects when not needed.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setObscuredInsets:]):

6:00 PM Changeset in webkit [167407] by Alexandru Chiculita

3 edits
2 adds in trunk

Improve performance of the RenderLayerCompositor::OverlapMap
https://bugs.webkit.org/show_bug.cgi?id=115063

Reviewed by Simon Fraser.

PerformanceTests:
Testing the performance of computing the overlap of 5000 layers.

Layout/layers_overlap_2d.html: Added. Using non-composited layers, to check

that the performance on the non-composited path is not changing with this patch.

Layout/layers_overlap_3d.html: Added. Records the time to do the layout of 5000

non-overlapping 3D layers.

Source/WebCore:
No new tests, no new functionality or behavior.

Do not use the OverlapMap in RenderLayerCompositor::computeCompositingRequirements if the layer already
has a 3D transform. This way we can avoid a potential expensive lookups when we know for sure the layer
is already supposed to be composited.

Also, added a bounding box of the overlap map, so that it can catch cases when the new layer is not overlapping
any of the previous layers. This is pretty common when having composited layers laid out in a vertical/horizontal list.

rendering/RenderLayerCompositor.cpp:

(OverlapMapContainer):
(WebCore::OverlapMapContainer::add):
(WebCore::OverlapMapContainer::overlapsLayers):
(WebCore::OverlapMapContainer::unite):
(WebCore):
(WebCore::RenderLayerCompositor::OverlapMap::add):
(WebCore::RenderLayerCompositor::OverlapMap::overlapsLayers):
(WebCore::RenderLayerCompositor::OverlapMap::pushCompositingContainer):
(WebCore::RenderLayerCompositor::OverlapMap::popCompositingContainer):
(RenderLayerCompositor::OverlapMap):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):

5:56 PM Changeset in webkit [167406] by Brian Burg

5 edits
2 adds in trunk

Web Replay: memoize fallback time values for document.lastModified
https://bugs.webkit.org/show_bug.cgi?id=131318

Reviewed by Joseph Pecoraro.

Source/WebCore:
If a document's Last-Modified header can't be found or used, then
document.lastModified is derived from the current system time or
from filesystem data, which is obviously nondeterministic.

It's better to handle this inside Document::lastModified rather than using
MemoizedDOMResult, because only the fallback case is nondeterministic.

Test: http/tests/inspector/replay/document-last-modified-fallback-value.html

The test is skipped for now, as it will be very flaky without the
functionality introduced by bugs 130728 and 129391.

dom/Document.cpp:

(WebCore::Document::lastModified): Save or reuse memoized fallback value.

replay/WebInputs.json: Add input DocumentLastModifiedDate.

LayoutTests:
Mark the new test as skipped until dependent functionality is landed.

http/tests/inspector/replay/document-last-modified-fallback-value.html: Added.

5:40 PM Changeset in webkit [167405] by Brent Fulgham

2 edits in trunk/Source/JavaScriptCore

[Win] Unreviewed Windows gardening. Restrict our new 'isinf' check
to 32-bit builds, and revise the comment to explain what we are
doing.

runtime/JSCJSValueInlines.h:

(JSC::JSValue::isMachineInt): Provide motivation for the new
'isinf' check for our 32-bit code path.

5:27 PM Changeset in webkit [167404] by hyatt@apple.com

6 edits in trunk/Source/WebCore

[New Multicolumn] Selection gets confused when the mouse is in the column gaps.
https://bugs.webkit.org/show_bug.cgi?id=131739

Reviewed by Enrica Casucci.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::selectionGaps):
Make sure not to paint selection gaps. This matches the old multi-column behavior. Even though
selection gaps *nearly* work with the new multi-column code, I am disabling them so that we
can turn them on without visual regressions.

(WebCore::isChildHitTestCandidate):
Don't allow in-flow RenderFlowThreads to be descended into from positionForPoint. We always want
to look only at the spanners and at the sets.

rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::RenderMultiColumnFlowThread::nodeAtPoint):

rendering/RenderMultiColumnFlowThread.h:

Override nodeAtPoint to disallow the RenderMultiColumnFlowThread from being considered for hit
testing when no DOM node is found. It's better to just let RenderBlock's positionForPoint run
to drill back down into the appropriate column set.

rendering/RenderMultiColumnSet.cpp:

(WebCore::RenderMultiColumnSet::positionForPoint):
Implement positionForPoint for RenderMultiColumnSets. This is a straight-up port of the
old multi-column code's adjustPointToColumnContents function.

rendering/RenderMultiColumnSet.h:

Add override of positionForPoint.

4:59 PM Changeset in webkit [167403] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit/mac

Images dragged from WebKit1 on 2x displays are too big
https://bugs.webkit.org/show_bug.cgi?id=131775
<rdar://problem/15933525>

Reviewed by Simon Fraser.

WebCoreSupport/WebDragClient.mm:

(WebDragClient::startDrag):
Scale the drag image's logical size down by the device scale factor
in WebKit1 just like we do in WebKit2.

4:55 PM Changeset in webkit [167402] by dino@apple.com

3 edits
4 adds in trunk

MediaDocument on iOS should be full page
https://bugs.webkit.org/show_bug.cgi?id=131774

Reviewed by Jer Noble.

Source/WebCore:
A MediaDocument on iOS has two problems. It can't rely
on intrinsic size, since it doesn't load the content until
a user gesture. Secondly, on a small screen you want the
media to fill the page.

Add width/height 100% for iOS documents.

Test: platform/iphone-simulator/media/media-document-controls-size.html

html/MediaDocument.cpp:

(WebCore::MediaDocumentParser::createDocumentStructure):

LayoutTests:

platform/iphone-simulator/media/media-document-controls-size-expected.txt: Added.
platform/iphone-simulator/media/media-document-controls-size.html: Added.

4:53 PM Changeset in webkit [167401] by roger_fong@apple.com

7 edits in trunk

Add a way for layout tests to determine whether or not a plugin is snapshotted.
https://bugs.webkit.org/show_bug.cgi?id=131650.
<rdar://problem/16615528>

Reviewed by Dean Jackson.

testing/Internals.cpp:

(WebCore::Internals::isPluginSnapshotted):

testing/Internals.h:
testing/Internals.idl:

Adjust simple.html accordingly, more snapshotting test changes to come.

platform/mac-wk2/plugins/snapshotting/simple-expected.txt:
plugins/snapshotting/simple.html:

4:50 PM Changeset in webkit [167400] by Simon Fraser

2 edits in trunk/Source/WTF

Don't include CryptographicallyRandomNumber.h in StringImpl.h
https://bugs.webkit.org/show_bug.cgi?id=131772

Reviewed by Sam Weinig.

wtf/text/StringImpl.h:

4:46 PM Changeset in webkit [167399] by zandobersek@gmail.com

5 edits in trunk/Source/WebKit2

Make IPC::Arguments a variadic template
https://bugs.webkit.org/show_bug.cgi?id=131684

Reviewed by Darin Adler.

Make IPC::Arguments a variadic template that uses the template parameter pack to further
define the std::tuple ValueType and is used to define the std::tuple container of the
values passed into the container.

Platform/IPC/Arguments.h:

(IPC::Arguments::Arguments):
(IPC::Arguments::encode):
(IPC::Arguments::decode):
(IPC::Arguments0::encode): Deleted.
(IPC::Arguments0::decode): Deleted.
(IPC::Arguments1::Arguments1): Deleted.
(IPC::Arguments1::encode): Deleted.
(IPC::Arguments1::decode): Deleted.
(IPC::Arguments2::Arguments2): Deleted.
(IPC::Arguments2::encode): Deleted.
(IPC::Arguments2::decode): Deleted.
(IPC::Arguments3::Arguments3): Deleted.
(IPC::Arguments3::encode): Deleted.
(IPC::Arguments3::decode): Deleted.
(IPC::Arguments4::Arguments4): Deleted.
(IPC::Arguments4::encode): Deleted.
(IPC::Arguments4::decode): Deleted.
(IPC::Arguments5::Arguments5): Deleted.
(IPC::Arguments5::encode): Deleted.
(IPC::Arguments5::decode): Deleted.
(IPC::Arguments6::Arguments6): Deleted.
(IPC::Arguments6::encode): Deleted.
(IPC::Arguments6::decode): Deleted.
(IPC::Arguments7::Arguments7): Deleted.
(IPC::Arguments7::encode): Deleted.
(IPC::Arguments7::decode): Deleted.
(IPC::Arguments8::Arguments8): Deleted.
(IPC::Arguments8::encode): Deleted.
(IPC::Arguments8::decode): Deleted.
(IPC::Arguments10::Arguments10): Deleted.
(IPC::Arguments10::encode): Deleted.
(IPC::Arguments10::decode): Deleted.

Scripts/webkit2/LegacyMessages-expected.h:
Scripts/webkit2/Messages-expected.h:
Scripts/webkit2/messages.py: Clean up the code a bit.

(reply_parameter_type):
(arguments_type):
(reply_type):
(decode_type):
(arguments_type_old): Deleted.
(base_class): Deleted.
(delayed_reply_type): Deleted.

4:40 PM Changeset in webkit [167398] by timothy_horton@apple.com

8 edits
1 add
3 deletes in trunk/Source/WebKit2

Deduplicate LayerTreeContext
https://bugs.webkit.org/show_bug.cgi?id=131773

Reviewed by Simon Fraser.

There are three identical implementations, one for each platform, for no reason.

CMakeLists.txt:
PlatformEfl.cmake:
PlatformGTK.cmake:
Shared/LayerTreeContext.cpp: Renamed from Source/WebKit2/Shared/mac/LayerTreeContextMac.mm.

(WebKit::LayerTreeContext::LayerTreeContext):
(WebKit::LayerTreeContext::~LayerTreeContext):
(WebKit::LayerTreeContext::encode):
(WebKit::LayerTreeContext::decode):
(WebKit::LayerTreeContext::isEmpty):
(WebKit::operator==):

Shared/LayerTreeContext.h:

(WebKit::operator!=): Deleted.

Shared/efl/LayerTreeContextEfl.cpp: Removed.
Shared/gtk/LayerTreeContextGtk.cpp: Removed.
WebKit2.xcodeproj/project.pbxproj:
WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:

(WebKit::CoordinatedLayerTreeHost::CoordinatedLayerTreeHost):

WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:

(WebKit::LayerTreeHostGtk::initialize):

4:30 PM Changeset in webkit [167397] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

Allocate the data section on the heap again for FTL on ARM64
https://bugs.webkit.org/show_bug.cgi?id=130156

Patch by Juergen Ributzka <juergen@apple.com> on 2014-04-16
Reviewed by Geoffrey Garen and Filip Pizlo.

ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

ftl/FTLDataSection.cpp:

(JSC::FTL::DataSection::DataSection):
(JSC::FTL::DataSection::~DataSection):

ftl/FTLDataSection.h:

4:07 PM Changeset in webkit [167396] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Crash in CodeBlock::setOptimizationThresholdBasedOnCompilationResult() when the debugger activates.
<https://webkit.org/b/131747>

Reviewed by Filip Pizlo.

When the debugger is about to activate (e.g. enter stepping mode), it first
waits for all DFG compilations to complete. However, when the DFG completes,
if compilation is successful, it will install a new DFG codeBlock. The
CodeBlock installation process is required to register codeBlocks with the
debugger. Debugger::registerCodeBlock() will eventually call
CodeBlock::setSteppingMode() which may jettison the DFG codeBlock that we're
trying to install. Thereafter, chaos ensues.

This jettison'ing only happens because the debugger currently set its
m_steppingMode flag before waiting for compilation to complete. The fix is
simply to set that flag only after compilation is complete.

debugger/Debugger.cpp:

(JSC::Debugger::setSteppingMode):
(JSC::Debugger::registerCodeBlock):

3:54 PM Changeset in webkit [167395] by zoltan@webkit.org

5 edits in trunk/Source/WebCore

Vanish unnecessary includes from Shapes.{h|cpp}
https://bugs.webkit.org/show_bug.cgi?id=131762

Reviewed by Andreas Kling.

No new tests, no behavior change.

rendering/shapes/BoxShape.h:
rendering/shapes/Shape.cpp:
rendering/shapes/Shape.h:
rendering/shapes/ShapeOutsideInfo.h:

3:44 PM Changeset in webkit [167394] by fpizlo@apple.com

36 edits
1 add in trunk/Source/JavaScriptCore

Discern between NaNs that would be safe to tag and NaNs that need some purification before tagging
https://bugs.webkit.org/show_bug.cgi?id=131420

Reviewed by Oliver Hunt.

Rationalizes our handling of NaNs. We now have the notion of pureNaN(), or PNaN, which
replaces QNaN and represents a "safe" NaN for our tagging purposes. NaN purification now
goes through the purifyNaN() API.

SpeculatedType and its clients can now distinguish between a PureNaN and an ImpureNaN.

Prediction propagator is made slightly more cautious when dealing with NaNs. It doesn't
have to be too cautious since most prediction-based logic only cares about whether or not
a value could be an integer.

AI is made much more cautious when dealing with NaNs. We don't yet introduce ImpureNaN
anywhere in the compiler, but when we do, we ought to be able to trust AI to propagate it
soundly and precisely.

No performance change because this just unblocks
https://bugs.webkit.org/show_bug.cgi?id=131419.

API/JSValueRef.cpp:

(JSValueMakeNumber):
(JSValueToNumber):

JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromValue):
(JSC::typeOfDoubleSum):
(JSC::typeOfDoubleDifference):
(JSC::typeOfDoubleProduct):
(JSC::polluteDouble):
(JSC::typeOfDoubleQuotient):
(JSC::typeOfDoubleMinMax):
(JSC::typeOfDoubleNegation):
(JSC::typeOfDoubleAbs):
(JSC::typeOfDoubleFRound):
(JSC::typeOfDoubleBinaryOp):
(JSC::typeOfDoubleUnaryOp):

bytecode/SpeculatedType.h:
dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseCodeBlock):

dfg/DFGCriticalEdgeBreakingPhase.cpp:

(JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):

dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):

dfg/DFGLoopPreHeaderCreationPhase.cpp:

(JSC::DFG::createPreHeader):

dfg/DFGNode.h:

(JSC::DFG::BranchTarget::BranchTarget):

dfg/DFGOSREntrypointCreationPhase.cpp:

(JSC::DFG::OSREntrypointCreationPhase::run):

dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGVariableAccessData.h:

(JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileArrayPush):
(JSC::FTL::LowerDFGToLLVM::compileArrayPop):
(JSC::FTL::LowerDFGToLLVM::compileNewArrayWithSize):
(JSC::FTL::LowerDFGToLLVM::numberOrNotCellToInt32):
(JSC::FTL::LowerDFGToLLVM::allocateJSArray):

ftl/FTLValueFormat.cpp:

(JSC::FTL::reboxAccordingToFormat):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::purifyNaN):
(JSC::AssemblyHelpers::sanitizeDouble): Deleted.

jit/AssemblyHelpers.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emitFloatTypedArrayGetByVal):

runtime/DateConstructor.cpp:

(JSC::constructDate):

runtime/DateInstanceCache.h:

(JSC::DateInstanceData::DateInstanceData):
(JSC::DateInstanceCache::reset):

runtime/ExceptionHelpers.cpp:

(JSC::TerminatedExecutionError::defaultValue):

runtime/JSArray.cpp:

(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::sortVector):
(JSC::JSArray::compactForSorting):

runtime/JSArray.h:

(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized):

runtime/JSCJSValue.cpp:

(JSC::JSValue::toNumberSlowCase):

runtime/JSCJSValue.h:
runtime/JSCJSValueInlines.h:

(JSC::jsNaN):
(JSC::JSValue::JSValue):
(JSC::JSValue::getPrimitiveNumber):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::parseInt):
(JSC::jsStrDecimalLiteral):
(JSC::toDouble):
(JSC::jsToNumber):
(JSC::parseFloat):

runtime/JSObject.cpp:

(JSC::JSObject::createInitialDouble):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::ensureLengthSlow):

runtime/MathObject.cpp:

(JSC::mathProtoFuncMax):
(JSC::mathProtoFuncMin):

runtime/PureNaN.h: Added.

(JSC::pureNaN):
(JSC::isImpureNaN):
(JSC::purifyNaN):

runtime/TypedArrayAdaptors.h:

(JSC::FloatTypedArrayAdaptor::toJSValue):

3:39 PM Changeset in webkit [167393] by timothy_horton@apple.com

8 edits in trunk/Source/WebKit2

Don't build LayerTreeHost on Mac (and clean it up)
https://bugs.webkit.org/show_bug.cgi?id=131769

Reviewed by Simon Fraser.

WebKit2.xcodeproj/project.pbxproj:

Don't include it in the project.

WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):

WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:

(WebKit::CoordinatedDrawingArea::updatePreferences):

WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::updatePreferences):

WebProcess/WebPage/LayerTreeHost.h:

(WebKit::LayerTreeHost::setLayerHostingMode): Deleted.
(WebKit::LayerTreeHost::supportsAcceleratedCompositing): Deleted.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

WebProcess/WebPage/ios/WebPageIOS.mm:

Get rid of LayerTreeHost::supportsAcceleratedCompositing, which always returns true everywhere.
Remove some LayerTreeHost.h includes.
Remove LayerTreeHost::setLayerHostingMode, which is PLATFORM(COCOA) and not needed.

3:39 PM Changeset in webkit [167392] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

Enable system library calls in FTL for ARM64
https://bugs.webkit.org/show_bug.cgi?id=130154

Patch by Juergen Ributzka <juergen@apple.com> on 2014-04-16
Reviewed by Geoffrey Garen and Filip Pizlo.

ftl/FTLIntrinsicRepository.h:
ftl/FTLOutput.h:

(JSC::FTL::Output::doubleRem):
(JSC::FTL::Output::doubleSin):
(JSC::FTL::Output::doubleCos):

3:21 PM Changeset in webkit [167391] by akling@apple.com

3 edits in trunk/Source/WebCore

Revert direct caching of tagName and nodeName from r167383.

Ryosuke tells me this is not entirely safe, will need to rethink.

dom/Element.idl:
dom/Node.idl:

3:04 PM Changeset in webkit [167390] by Simon Fraser

2 edits in trunk/Source/WebKit2

Failing to decode a layer tree commit message resulted in silent and mysterious failure
https://bugs.webkit.org/show_bug.cgi?id=131766
<rdar://problem/16520894>

Reviewed by Sam Weinig.

If the message decode failed, we should have already marked the message as invalid.
Failing to do so indicates in a decode code coding error.

Platform/IPC/HandleMessage.h:

(IPC::handleMessage):
(IPC::handleMessageVariadic):
(IPC::handleMessageDelayed):

2:58 PM Changeset in webkit [167389] by commit-queue@webkit.org

2 edits in trunk/Tools

[Win] run-javascriptcore-tests fails to run.
https://bugs.webkit.org/show_bug.cgi?id=131761

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-04-16
Reviewed by Brent Fulgham.

Scripts/build-jsc: For now, don't try to build bmalloc on Windows.

2:53 PM Changeset in webkit [167388] by timothy_horton@apple.com

11 edits in trunk/Source/WebKit2

Minor include sanity in WebPage.h
https://bugs.webkit.org/show_bug.cgi?id=131752

Reviewed by Simon Fraser.

WebProcess/WebPage/WebPage.h:

Remove a bunch of unnecessary includes.
Un-indent some stuff.

WebProcess/WebCoreSupport/WebEditorClient.cpp:
WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
WebProcess/WebPage/FindController.cpp:
WebProcess/WebPage/WebPage.cpp:
WebProcess/WebPage/mac/WebPageMac.mm:

Add back more specific includes, into implementation files.

WebProcess/WebPage/WebUndoStep.cpp:

(WebKit::WebUndoStep::~WebUndoStep):

WebProcess/WebPage/WebUndoStep.h:

Add an out-of-line destructor.

2:50 PM Changeset in webkit [167387] by pmolnar.u-szeged@partner.samsung.com

3 edits in trunk/Source/WebCore

Improve security mitigation added in webkit r94001.
We missed the case where attachLine was called when we already had an inline box wrapper.
https://bugs.webkit.org/show_bug.cgi?id=127285

Reviewed by Brent Fulgham.

Merged from Blink: https://src.chromium.org/viewvc/blink?revision=150697&view=revision

rendering/RenderBox.cpp:

(WebCore::RenderBox::positionLineBox):

rendering/RenderBox.h:

(WebCore::RenderBox::setInlineBoxWrapper):

2:43 PM April 2014 Meeting edited by ddkilzer@webkit.org

(diff)

2:34 PM Changeset in webkit [167386] by barraclough@apple.com

2 edits in trunk/Source/WebKit2

REGRESSION: PCE.js is 20x slower in WebKit2 because timers are throttled
https://bugs.webkit.org/show_bug.cgi?id=131189

Unreviewed rollout of r166754

This change is no longer necessary.

UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService):

2:24 PM Changeset in webkit [167385] by b.long@cablelabs.com

2 edits in trunk

[GTK][CMAKE] build-webkit doesn't detect when the build fails
https://bugs.webkit.org/show_bug.cgi?id=130148

Reviewed by Martin Robinson.

Source/cmake/OptionsGTK.cmake: Replace CMake's automatic make -i with make -k, which still continues after errors, but correctly reports tha the build failed.

2:14 PM Changeset in webkit [167384] by Bem Jones-Bey

2 edits in trunk/Source/WebCore

Fix CodeGenerator.pm to only write files if the generated content has changed
https://bugs.webkit.org/show_bug.cgi?id=131756

Reviewed by Sam Weinig.

To improve build speed, don't touch generated files unless the newly
generated content is actually different.

bindings/scripts/CodeGenerator.pm:

(UpdateFile):

2:07 PM Changeset in webkit [167383] by akling@apple.com

14 edits in trunk/Source/WebCore

Add a way to cache never-changing IDL attributes in the wrapper.
<https://webkit.org/b/131759>

Some IDL attributes will always return the same value when queried
on an object, so let's have a way to avoid calling into C++ code
every time they are queried.

This patch adds a custom IDL thingy called "ReturnsCacheableValue"
which causes the code generator to emit code to cache the returned
value directly in the JS wrapper object.

Reviewed by Oliver Hunt.

bindings/scripts/IDLAttributes.txt:
bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

Add ReturnsCacheableValue custom attribute.

dom/Element.idl:
dom/Node.idl:

Annotate some attributes that return fully cacheable values.

bindings/scripts/test/*:

Rebaseline.

1:54 PM Changeset in webkit [167382] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Fix JSC Debug Regressions on Windows
https://bugs.webkit.org/show_bug.cgi?id=131182

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-04-16
Reviewed by Brent Fulgham.

The cast static_cast<int64_t>(number) in JSValue::isMachineInt() can generate a floating point error,
and set the st floating point register tags, if the value of the number parameter is infinite.
If the st floating point register tags are not cleared, this can cause strange floating point behavior later on.
This can be avoided by checking for infinity first.

runtime/JSCJSValueInlines.h:

(JSC::JSValue::isMachineInt): Avoid floating point error by checking for infinity first.

runtime/Options.cpp:

(JSC::recomputeDependentOptions): Re-enable jit for Windows.

1:43 PM Changeset in webkit [167381] by noel.gordon@gmail.com

2 edits in trunk/Source/WebCore

Progressive JPEG outputScanlines() calls should handle failure
https://bugs.webkit.org/show_bug.cgi?id=116701

Reviewed by Brent Fulgham.

outputScanlines() can fail and delete |this|. Copy the decoder pointer
member and use that copy to detect and handle the failure case.

platform/image-decoders/jpeg/JPEGImageDecoder.cpp:

(WebCore::JPEGImageReader::decode):

1:10 PM Changeset in webkit [167380] by oliver@apple.com

6 edits
3 adds in trunk

Simple ES6 feature:Array.prototype.fill
https://bugs.webkit.org/show_bug.cgi?id=131703

Reviewed by David Hyatt.

Source/JavaScriptCore:
Add support for Array.prototype.fill

builtins/Array.prototype.js:

(fill):

runtime/ArrayPrototype.cpp:

LayoutTests:
Add tests.

js/Object-getOwnPropertyNames-expected.txt:
js/array-fill-expected.txt: Added.
js/array-fill.html: Added.
js/script-tests/Object-getOwnPropertyNames.js:
js/script-tests/array-fill.js: Added.

1:02 PM Changeset in webkit [167379] by ap@apple.com

3 edits in trunk/Source/WebKit2

Updating tests after bug 131721, [GTK] Fix unused parameter warnings.

Scripts/webkit2/LegacyMessageReceiver-expected.cpp:

(WebKit::WebPage::didReceiveWebPageMessage):
(WebKit::WebPage::didReceiveSyncWebPageMessage):

Scripts/webkit2/MessageReceiver-expected.cpp:

(WebKit::WebPage::didReceiveMessage):
(WebKit::WebPage::didReceiveSyncMessage):

12:57 PM Changeset in webkit [167378] by barraclough@apple.com

2 edits in trunk/Source/WTF

Update to pthread QoS SPI
https://bugs.webkit.org/show_bug.cgi?id=131753

Rubber stamped by Benjamin Poulain

wtf/ThreadingPthreads.cpp:

(WTF::setCurrentThreadQOSUtility):

12:54 PM Changeset in webkit [167377] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[curl] Add WEB_TIMING support
https://bugs.webkit.org/show_bug.cgi?id=127555

Patch by Robert Sipka <sipka@inf.u-szeged.hu> on 2014-04-16
Reviewed by Brent Fulgham.

Access timing information related to navigation.

platform/network/curl/ResourceHandleManager.cpp:

(WebCore::milisecondsSinceRequest):
(WebCore::calculateWebTimingInformations):
(WebCore::sockoptfunction):
(WebCore::headerCallback):
(WebCore::ResourceHandleManager::downloadTimerCallback):
(WebCore::ResourceHandleManager::dispatchSynchronousJob):
(WebCore::ResourceHandleManager::initializeHandle):

12:37 PM Changeset in webkit [167376] by zoltan@webkit.org

2 edits in trunk/Source/WebCore

Cleanup header includes in ShapeOutsideInfo.h
https://bugs.webkit.org/show_bug.cgi?id=131750

Reviewed by Antti Koivisto.

Make the build faster by removing unnecessary header includes.

No new tests, no behavior change.

rendering/shapes/ShapeOutsideInfo.h:

12:12 PM Changeset in webkit [167375] by Simon Fraser

2 edits in trunk/Source/WebCore

Fix the iOS build.

platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::BitmapImage::draw):

12:01 PM Changeset in webkit [167374] by ddkilzer@apple.com

1 edit
12 deletes in trunk/LayoutTests

Remove test results that match platform/mac results

Found using this shell script:

$ for F in find LayoutTests/platform/ios-sim -name \*-expected.txt; do \
T=echo $F | sed -e 's#platform/ios-sim/##'; \
M=echo $F | sed -e 's#platform/ios-sim/#platform/mac/#'; \
ML=echo $F | sed -e 's#platform/ios-sim/#platform/mac-mountainlion/#'; \
if [ -f $M -a ! -f $ML -a -z "diff -u $F $M 2> /dev/null" ]; then echo $F; fi; \
done

platform/ios-sim/fast/block/positioning/016-expected.txt: Removed.
platform/ios-sim/fast/block/positioning/025-expected.txt: Removed.
platform/ios-sim/fast/dom/icon-url-property-expected.txt: Removed.
platform/ios-sim/fast/hidpi/focus-rings-expected.txt: Removed.
platform/ios-sim/fast/multicol/shrink-to-column-height-for-pagination-expected.txt: Removed.
platform/ios-sim/fast/preloader/document-write-2-expected.txt: Removed.
platform/ios-sim/fast/preloader/script-expected.txt: Removed.
platform/ios-sim/fast/writing-mode/broken-ideograph-small-caps-expected.txt: Removed.
platform/ios-sim/fast/xsl/sort-locale-expected.txt: Removed.
platform/ios-sim/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_320/S7.6_A2.2_T2-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_320/S7.6_A5.2_T8-expected.txt: Removed.
platform/ios-sim/webarchive/loading/mainresource-null-mimetype-crash-expected.txt: Removed.

12:00 PM Changeset in webkit [167373] by ddkilzer@apple.com

1 edit
91 deletes in trunk/LayoutTests

Remove test results that match top-level results

Found using this shell script:

$ for F in find LayoutTests/platform/ios-sim -name \*-expected.txt; do \
T=echo $F | sed -e 's#platform/ios-sim/##'; \
M=echo $F | sed -e 's#platform/ios-sim/#platform/mac/#'; \
ML=echo $F | sed -e 's#platform/ios-sim/#platform/mac-mountainlion/#'; \
if [ ! -f $M -a ! -f $ML -a -f $T -a -z "diff -u $F $T 2> /dev/null" ]; then echo $F; fi; \
done

platform/ios-sim/compositing/layer-creation/no-compositing-for-sticky-expected.txt: Removed.
platform/ios-sim/editing/inserting/insert-3786362-fix-expected.txt: Removed.
platform/ios-sim/editing/inserting/insert-3907422-fix-expected.txt: Removed.
platform/ios-sim/editing/unsupported-content/table-delete-001-expected.txt: Removed.
platform/ios-sim/editing/unsupported-content/table-delete-003-expected.txt: Removed.
platform/ios-sim/fast/block/positioning/move-with-auto-width-expected.txt: Removed.
platform/ios-sim/fast/canvas/2d.backingStorePixelRatio-expected.txt: Removed.
platform/ios-sim/fast/canvas/2d.imageDataHD-expected.txt: Removed.
platform/ios-sim/fast/canvas/canvas-fillPath-shadow-expected.txt: Removed.
platform/ios-sim/fast/canvas/webgl/texture-npot-expected.txt: Removed.
platform/ios-sim/fast/css/MarqueeLayoutTest-expected.txt: Removed.
platform/ios-sim/fast/css/color-leakage-expected.txt: Removed.
platform/ios-sim/fast/css/font-face-multiple-remote-sources-expected.txt: Removed.
platform/ios-sim/fast/css/font-face-remote-expected.txt: Removed.
platform/ios-sim/fast/css/getComputedStyle/computed-style-expected.txt: Removed.
platform/ios-sim/fast/css/getComputedStyle/computed-style-without-renderer-expected.txt: Removed.
platform/ios-sim/fast/css/nested-layers-with-hover-expected.txt: Removed.
platform/ios-sim/fast/dom/HTMLFormElement/associated-elements-after-index-assertion-fail1-expected.txt: Removed.
platform/ios-sim/fast/dom/Window/window-postmessage-arrays-expected.txt: Removed.
platform/ios-sim/fast/dom/constructed-objects-prototypes-expected.txt: Removed.
platform/ios-sim/fast/dom/gc-10-expected.txt: Removed.
platform/ios-sim/fast/dom/tabindex-clamp-expected.txt: Removed.
platform/ios-sim/fast/dynamic/dirty-float-in-clean-line-expected.txt: Removed.
platform/ios-sim/fast/events/pageshow-pagehide-on-back-cached-with-frames-expected.txt: Removed.
platform/ios-sim/fast/forms/mailto/advanced-get-expected.txt: Removed.
platform/ios-sim/fast/forms/mailto/advanced-put-expected.txt: Removed.
platform/ios-sim/fast/forms/radio/indeterminate-radio-expected.txt: Removed.
platform/ios-sim/fast/forms/select-script-onchange-expected.txt: Removed.
platform/ios-sim/fast/forms/suggested-value-expected.txt: Removed.
platform/ios-sim/fast/history/timed-refresh-in-cached-frame-expected.txt: Removed.
platform/ios-sim/fast/lists/inline-before-content-after-list-marker-expected.txt: Removed.
platform/ios-sim/fast/media/media-query-list-07-expected.txt: Removed.
platform/ios-sim/fast/media/print-restores-previous-mediatype-expected.txt: Removed.
platform/ios-sim/fast/multicol/span/before-child-anonymous-column-block-expected.txt: Removed.
platform/ios-sim/fast/overflow/horizontal-scroll-after-back-expected.txt: Removed.
platform/ios-sim/fast/overflow/scrollbar-restored-expected.txt: Removed.
platform/ios-sim/fast/repaint/table-hover-on-link-expected.txt: Removed.
platform/ios-sim/fast/repaint/table-section-repaint-expected.txt: Removed.
platform/ios-sim/fast/ruby/floating-ruby-text-expected.txt: Removed.
platform/ios-sim/fast/ruby/overhang-horizontal-expected.txt: Removed.
platform/ios-sim/fast/ruby/overhang-horizontal-no-overlap1-expected.txt: Removed.
platform/ios-sim/fast/ruby/overhang-horizontal-no-overlap2-expected.txt: Removed.
platform/ios-sim/fast/ruby/positioned-ruby-text-expected.txt: Removed.
platform/ios-sim/fast/ruby/ruby-text-before-child-split-expected.txt: Removed.
platform/ios-sim/fast/table/empty-row-crash-expected.txt: Removed.
platform/ios-sim/fast/table/empty-section-crash-expected.txt: Removed.
platform/ios-sim/fast/table/inline-form-assert-expected.txt: Removed.
platform/ios-sim/fast/table/max-width-integer-overflow-expected.txt: Removed.
platform/ios-sim/fast/table/table-row-split2-expected.txt: Removed.
platform/ios-sim/fast/table/table-section-split2-expected.txt: Removed.
platform/ios-sim/fast/table/table-split-expected.txt: Removed.
platform/ios-sim/fast/table/table-split2-expected.txt: Removed.
platform/ios-sim/fast/text/apply-start-width-after-skipped-text-expected.txt: Removed.
platform/ios-sim/fast/text/justify-padding-distribution-expected.txt: Removed.
platform/ios-sim/fast/text/selection-painted-separately-expected.txt: Removed.
platform/ios-sim/fast/text/setData-dirty-lines-expected.txt: Removed.
platform/ios-sim/fast/text/soft-hyphen-2-expected.txt: Removed.
platform/ios-sim/fast/text/splitText-dirty-lines-expected.txt: Removed.
platform/ios-sim/fast/transforms/shadows-expected.txt: Removed.
platform/ios-sim/fast/workers/worker-close-more-expected.txt: Removed.
platform/ios-sim/fast/writing-mode/table-percent-width-quirk-expected.txt: Removed.
platform/ios-sim/fast/xmlhttprequest/xmlhttprequest-recursive-sync-event-expected.txt: Removed.
platform/ios-sim/http/tests/appcache/abort-cache-onchecking-manifest-404-expected.txt: Removed.
platform/ios-sim/http/tests/cookies/simple-cookies-expired-expected.txt: Removed.
platform/ios-sim/http/tests/cookies/simple-cookies-max-age-expected.txt: Removed.
platform/ios-sim/http/tests/cookies/single-quoted-value-expected.txt: Removed.
platform/ios-sim/http/tests/misc/empty-urls-expected.txt: Removed.
platform/ios-sim/http/tests/multipart/load-last-non-html-frame-expected.txt: Removed.
platform/ios-sim/http/tests/navigation/post-goback1-expected.txt: Removed.
platform/ios-sim/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked-expected.txt: Removed.
platform/ios-sim/http/tests/security/contentSecurityPolicy/media-src-blocked-expected.txt: Removed.
platform/ios-sim/http/tests/security/local-video-poster-from-remote-expected.txt: Removed.
platform/ios-sim/http/tests/security/sandboxed-iframe-modify-self-expected.txt: Removed.
platform/ios-sim/http/tests/security/video-poster-cross-origin-crash-expected.txt: Removed.
platform/ios-sim/http/tests/xmlhttprequest/chunked-progress-event-expectedLength-expected.txt: Removed.
platform/ios-sim/http/tests/xmlhttprequest/request-encoding2-expected.txt: Removed.
platform/ios-sim/http/tests/xmlhttprequest/upload-onloadend-event-after-load-expected.txt: Removed.
platform/ios-sim/http/tests/xmlhttprequest/upload-onprogress-event-expected.txt: Removed.
platform/ios-sim/http/tests/xmlhttprequest/upload-progress-events-expected.txt: Removed.
platform/ios-sim/media/csp-blocks-video-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_510/S7.6_A3.1-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_510/S7.6_A3.2-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_510/S7.6_A5.3_T1-expected.txt: Removed.
platform/ios-sim/sputnik/Unicode/Unicode_510/S7.6_A5.3_T2-expected.txt: Removed.
platform/ios-sim/svg/as-image/image-respects-pageScaleFactor-change-expected.txt: Removed.
platform/ios-sim/svg/css/getComputedStyle-basic-expected.txt: Removed.
platform/ios-sim/svg/custom/baseval-animval-equality-expected.txt: Removed.
platform/ios-sim/svg/custom/dasharrayOrigin-expected.txt: Removed.
platform/ios-sim/svg/custom/getSubStringLength-expected.txt: Removed.
platform/ios-sim/svg/custom/pattern-scaling-expected.txt: Removed.
platform/ios-sim/svg/custom/svg-features-expected.txt: Removed.
platform/ios-sim/svg/dom/altGlyph-dom-expected.txt: Removed.
platform/ios-sim/svg/foreignObject/fO-parent-display-none-expected.txt: Removed.
platform/ios-sim/svg/foreignObject/fO-parent-display-none-with-relative-pos-content-expected.txt: Removed.
platform/ios-sim/svg/foreignObject/fO-parent-of-parent-display-none-expected.txt: Removed.
platform/ios-sim/svg/foreignObject/fO-parent-of-parent-display-none-with-relative-pos-content-expected.txt: Removed.
platform/ios-sim/svg/hittest/svg-ellipse-non-scale-stroke-expected.txt: Removed.

12:00 PM Changeset in webkit [167372] by ddkilzer@apple.com

2166 edits
1 copy
1126 adds
2 deletes in trunk/LayoutTests

<http://webkit.org/b/129171> Rebaseline LayoutTests for iOS

3206 files changed, 65535 insertions(+), 39972 deletions(-)

platform/ios-sim/Skipped: Clean up old items. Skip tests that

time out due to notifyDone() not being called.

11:59 AM Faster Build edited by Simon Fraser

(diff)

11:58 AM Faster Build created by Simon Fraser

11:57 AM April 2014 Meeting edited by Simon Fraser

(diff)

11:56 AM Changeset in webkit [167371] by ddkilzer@apple.com

1 edit
7742 adds in trunk/LayoutTests

Upstream iOS layout test results

7354 files changed, 367781 insertions(+)

platform/ios-sim: Add.

11:51 AM Changeset in webkit [167370] by Andres Gomez

3 edits in trunk/Tools

[Win] Pass default parameters to cygwin setup wizard
https://bugs.webkit.org/show_bug.cgi?id=131361

Reviewed by Brent Fulgham.

Added some parameters to the cygwin setup wizard so the user
doesn't really have to do any interaction.

CygwinDownloader/cygwin-downloader.py:
CygwinDownloader/cygwin-downloader.zip:

11:51 AM Changeset in webkit [167369] by ddkilzer@apple.com

1 edit
101 copies
5 adds
1 delete in trunk/LayoutTests

Rename LayoutTests/platformm/iphone-simulator => ios-sim

platform/ios-sim: Renamed from LayoutTests/platform/iphone-simulator.

11:49 AM Changeset in webkit [167368] by ap@apple.com

8 edits
2 adds in trunk

DataTransfer should cache its FileList
https://bugs.webkit.org/show_bug.cgi?id=131694

Reviewed by Darin Adler.

Source/WebCore:
Test: fast/events/data-transfer-files-attribute-identity.html

bindings/js/SerializedScriptValue.cpp: (WebCore::CloneDeserializer::readTerminal):

Switched to a new FileList constructor, CloneDeserializer doesn't really need to modify
the FileList with append().

dom/DataTransfer.h:
dom/DataTransfer.cpp:

(WebCore::DataTransfer::types): Added a FIXME.
(WebCore::DataTransfer::files): Changed to reuse a cached FileList. It's currently
easy, because we don't support DataTransferItemList. Once we do, making any changes
through it will also require updating the FileList in a way that doesn't replace
File objects for unchanged files.

fileapi/FileList.h:

(WebCore::FileList::create):
(WebCore::FileList::isEmpty):
(WebCore::FileList::FileList):
(WebCore::FileList::append):
(WebCore::FileList::clear):
Made non-const functions private, because neither DataTransfer nor FileInputType
expect the list to be modified without their knowledge. Added a new Vector based
constructor so that a FileList could be created without the use of append().

html/FileInputType.cpp: (WebCore::FileInputType::createFileList): Simplified

the code a little bit. FileInputType still needs to modify the list for clear(),
but doesn't need to add to it dynamically - unlike with DataTransfer, it's expected
to create a new FileList when it's modified.

LayoutTests:

fast/events/data-transfer-files-attribute-identity-expected.txt: Added.
fast/events/data-transfer-files-attribute-identity.html: Added.

platform/wk2/TestExpectations: Skipped the test, because WKTR doesn't support

file dragging yet.

11:32 AM Changeset in webkit [167367] by zoltan@webkit.org

2 edits in trunk/LayoutTests

Remove fast/parser/parser-yield-timing.html from skipped list
https://bugs.webkit.org/show_bug.cgi?id=131749

Reviewed by Darin Adler.

The test was originally skipped in Bug 89812 due to flakiness on Chromium
debug bots. I run the tests with huge iterations and I don't see
flakiness on Mavericks release/debug. Let's remove from skipped for now.

platform/mac/TestExpectations:

11:16 AM Changeset in webkit [167366] by Bem Jones-Bey

3 edits in trunk/LayoutTests

Remove references to Leopard and Snow Leopard from Windows TestExpectations

Filed new bugs to track each of these tests, so someone with a windows
build can try and see if the tests still fail.

Unreviewed.

platform/win/TestExpectations:
platform/wincairo/TestExpectations:

11:15 AM Changeset in webkit [167365] by Brent Fulgham

8 edits in trunk

[Win] Eliminate use of deleteAllValues in Windows Files
https://bugs.webkit.org/show_bug.cgi?id=131631

Reviewed by Darin Adler.

Source/WebCore:
Update to use std::unique_ptr for object lifetime. Get rid of
deleteAllValues now that it is no loner needed. Use ranged for
loops where possible.

platform/win/WCDataObject.cpp:

(WebCore::WCEnumFormatEtc::WCEnumFormatEtc):
(WebCore::WCDataObject::~WCDataObject):
(WebCore::WCDataObject::GetData):
(WebCore::WCDataObject::QueryGetData):
(WebCore::WCDataObject::SetData):
(WebCore::WCDataObject::clearData):

platform/win/WCDataObject.h:

Tools:
Switch to std::unique_ptr for memory lifetime. Get rid of
deleteAllValues now that it is no longer needed. Use ranged
for loops where possible.

DumpRenderTree/win/DRTDataObject.cpp:

(WCEnumFormatEtc::WCEnumFormatEtc):
(DRTDataObject::~DRTDataObject):
(DRTDataObject::GetData):
(DRTDataObject::QueryGetData):
(DRTDataObject::SetData):
(DRTDataObject::clearData):

DumpRenderTree/win/DRTDataObject.h:
DumpRenderTree/win/UIDelegate.cpp:

(DRTUndoObject::DRTUndoObject):
(DRTUndoObject::~DRTUndoObject):
(DRTUndoStack::~DRTUndoStack):
(DRTUndoStack::clear):
(DRTUndoStack::pop):
(DRTUndoManager::DRTUndoManager):
(DRTUndoManager::redo):
(DRTUndoManager::undo):
(UIDelegate::UIDelegate):
(UIDelegate::resetUndoManager):

DumpRenderTree/win/UIDelegate.h:

11:09 AM Changeset in webkit [167364] by mhahnenberg@apple.com

2 edits in trunk/Source/JavaScriptCore

[WebKit] Cleanup the build from uninitialized variable in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=131728

Reviewed by Darin Adler.

runtime/JSObject.cpp:

(JSC::JSObject::genericConvertDoubleToContiguous): Add a RELEASE_ASSERT on the
path we expect to never take. Also shut up confused compilers about uninitialized things.

11:08 AM April 2014 Meeting edited by rniwa@webkit.org

Add Web Components slides (diff)

11:06 AM Changeset in webkit [167363] by Simon Fraser

2 edits in trunk/Source/WebKit

Make Windows fail with a link error so I know what the new symbol is.

WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

11:05 AM Changeset in webkit [167362] by abucur@adobe.com

1 edit in trunk/LayoutTests/platform/mac-wk2/TestExpectations

[mac][wk2] REGRESSION (Tiled Drawing): fast/layers/no-clipping-overflow-hidden-added-after-transform.html fails with tiled drawing
https://bugs.webkit.org/show_bug.cgi?id=122238

Unreviewed. The test passes now.

11:04 AM Changeset in webkit [167361] by Chris Fleizach

2 edits
2 adds in trunk

AX: Accessing a table cell with an invalid column header crashes
https://bugs.webkit.org/show_bug.cgi?id=131719

Reviewed by Darin Adler.

If no tableCell is available as a column/row header, then do not continue processing.

Test: accessibility/table-missing-column-header-crash.html

accessibility/AccessibilityTableCell.cpp:

(WebCore::AccessibilityTableCell::columnHeaders):
(WebCore::AccessibilityTableCell::rowHeaders):

11:00 AM Changeset in webkit [167360] by b.long@cablelabs.com

7 edits in trunk/Source

[GTK] Fix unused parameter warnings
https://bugs.webkit.org/show_bug.cgi?id=131721

Reviewed by Darin Adler.

Source/WebCore:

bindings/js/JSMediaStreamCapabilitiesCustom.cpp:

(WebCore::toJS): Remove unused 'exec' parameter.

Source/WebKit2:

Scripts/webkit2/messages.py:

(generate_message_handler): Add UNUSED_PARAM() for a couple parameters which aren't always used.

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<LinearTimingFunction>::decode): Remove unused parameters.

WebProcess/InjectedBundle/APIInjectedBundleFormClient.h:

(API::InjectedBundle::FormClient::textDidChangeInTextField): Same.
(API::InjectedBundle::FormClient::willSubmitForm): Same.
(API::InjectedBundle::FormClient::willSendSubmitEvent): Same.

WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::didReceiveSyncMessage): Same.

10:58 AM Changeset in webkit [167359] by commit-queue@webkit.org

2 edits in trunk/Tools

[GTK] Unreviewed GTK gardening.

Update list of skipped unit tests:

Skip test: WebKit2Gtk/TestWebKitWebView:/webkit2/WebKitWebView/page-visibility

Unskip tests: WebKit2/TestWebKit2:WebKit2.ResizeReversePaginatedWebView
and WebKit2/TestWebKit2:WebKit2.ScrollPinningBehaviors

Patch by Carlos Alberto Lopez Perez <clopez@igalia.com> on 2014-04-16

Scripts/run-gtk-tests:

(TestRunner):

10:58 AM Changeset in webkit [167358] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit2

Accidentally included some style-checker-testing changes in the last commit.

WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::attemptToUnlockPDF):
(WebKit::PDFPlugin::updatePageAndDeviceScaleFactors):

10:54 AM Changeset in webkit [167357] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit2

Fix some style checker complaints in PDFPlugin
https://bugs.webkit.org/show_bug.cgi?id=131706

Reviewed by Darin Adler.

WebProcess/Plugins/PDF/PDFPlugin.mm:

(-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:]):
(-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:forParameter:]):
(-[WKPDFPluginAccessibilityObject accessibilityAttributeNames]):
(WebKit::PDFPlugin::attemptToUnlockPDF):
(WebKit::PDFPlugin::updatePageAndDeviceScaleFactors):
(WebKit::PDFPlugin::isEditingCommandEnabled):
(WebKit::PDFPlugin::nextMatchForString):
(WebKit::PDFPlugin::handleWheelEvent):
(WebKit::PDFPlugin::liveData):

10:50 AM Changeset in webkit [167356] by Simon Fraser

7 edits in trunk/Source/WebCore

Convert the boolean param of Image::startAnimation() to an enum
https://bugs.webkit.org/show_bug.cgi?id=131742

Reviewed by Tim Horton.

Use an enum to make the code more readable.

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::startAnimation):

platform/graphics/BitmapImage.h:
platform/graphics/Image.cpp:

(WebCore::Image::drawTiled):

platform/graphics/Image.h:

(WebCore::Image::startAnimation):

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::startAnimation):

svg/graphics/SVGImage.h:

10:48 AM Changeset in webkit [167355] by ggaren@apple.com

2 edits
2 adds in trunk/Source/WTF

WTF should have an optional mbmalloc target so we can benchmark FastMalloc
https://bugs.webkit.org/show_bug.cgi?id=131662

Reviewed by Darin Adler.

WTF.xcodeproj/project.pbxproj: Added the target.
wtf/mbmalloc.cpp: Added. Implements the libmbmalloc.dylib API required

by MallocBench.

10:48 AM Changeset in webkit [167354] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, ARMv7 build fix after r167336.

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::branchAdd32):

10:36 AM Changeset in webkit [167353] by hyatt@apple.com

3 edits
2 adds in trunk

Make sure to skip the RenderMultiColumnFlowThread when resolving percentage heights inside columns against
containing blocks. The flow thread's auto height should not interfere if a fixed height is specified on
an ancestor.

https://bugs.webkit.org/show_bug.cgi?id=131741

Reviewed by Simon Fraser.

Source/WebCore:
Added fast/multicol/percent-height.html.

rendering/RenderBox.cpp:

(WebCore::RenderBox::skipContainingBlockForPercentHeightCalculation):
Add an isInFlowRenderFlowThread check so that we skip those blocks and don't consider them at all
when resolving percentage heights.

LayoutTests:

fast/multicol/percent-height-expected.html: Added.
fast/multicol/percent-height.html: Added.

10:33 AM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com

(diff)

10:24 AM Changeset in webkit [167352] by commit-queue@webkit.org

5 edits in trunk/Source/WebCore

[WinCairo][cURL] Build fix for WinCairo build with USE(CURL).
https://bugs.webkit.org/show_bug.cgi?id=131614

Patch by Daewoong Jang <daewoong.jang@navercorp.com> on 2014-04-16
Reviewed by Brent Fulgham.

Build fix, no new tests needed.

platform/network/curl/CurlCacheEntry.cpp:

(WebCore::CurlCacheEntry::loadResponseHeaders):

platform/network/curl/CurlCacheManager.cpp:

(WebCore::CurlCacheManager::loadIndex):

platform/network/soup/ResourceError.h:
platform/network/soup/SocketStreamHandle.h:

10:19 AM Changeset in webkit [167351] by commit-queue@webkit.org

3 edits
2 adds in trunk

ASSERTION FAILED: x2 >= x1 in WebCore::RenderObject::drawLineForBoxSide
https://bugs.webkit.org/show_bug.cgi?id=127835

Source/WebCore:
In some cases when a negative margin and a positive padding are applied
together to the right and/or left side of the box, the logical width of
the borders can be set to a negative value, making the assertion fire.
The fix checks if the width or height of the box is negative, and if so,
it will not display the borders and shadows of the box.

Patch by Martin Hodovan <mhodovan@inf.u-szeged.hu> on 2014-04-16
Reviewed by Darin Adler.

Test: fast/css/padding-margin-negative-border.html

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintBorder):

LayoutTests:
Added test demonstrates four cases:
Test #1: Negative upper margin + positive upper padding
Test #2: Negative right margin + positive right padding (used to fail)
Test #3: Negative bottom margin + positive bottom padding
Test #4: Negative left margin + positive left padding (used to fail)

Patch by Martin Hodovan <mhodovan@inf.u-szeged.hu> on 2014-04-16
Reviewed by Darin Adler.

fast/css/padding-margin-negative-border-expected.html: Added.
fast/css/padding-margin-negative-border.html: Added.

10:17 AM Changeset in webkit [167350] by timothy_horton@apple.com

4 edits in trunk/Tools

check-webkit-style doesn't check code style in .mm or .m files
https://bugs.webkit.org/show_bug.cgi?id=131708

Reviewed by Darin Adler.

Scripts/webkitpy/style/checker.py:
Scripts/webkitpy/style/checker_unittest.py:

(CheckerDispatcherDispatchTest.test_cpp_paths):
(CheckerDispatcherDispatchTest.test_text_paths):
Check .mm and .m files as C++.

Scripts/webkitpy/style/checkers/cpp.py:

(check_spacing):
Add an override for our ordinary "missing spaces around =" for @synthesize,
which should look like "@synthesize propertyName=_varName;"

Add an override for "missing space before {" for blocks' "^{".

Don't follow the "extra space before [" rule for Objective-C, because
it breaks this rule in a multitude of ways because of method calls.

(check_braces):
Don't complain about { not being on the end of the previous line if
the previous line starts with "- (" or "+ (", which would indicate a
Objective-C method definition.

10:07 AM Apr2014WebKitMeetingGrp-small-2.jpg attached to April 2014 Meeting by zoltan@webkit.org

10:04 AM April 2014 Meeting edited by zoltan@webkit.org

(diff)

10:03 AM Apr2014WebKitMeetingGrp-2.jpg attached to April 2014 Meeting by zoltan@webkit.org

9:52 AM Changeset in webkit [167349] by jer.noble@apple.com

3 edits
2 adds in trunk

[MSE] Seeks into buffered ranges will never complete.
https://bugs.webkit.org/show_bug.cgi?id=131717

Reviewed by Eric Carlson.

Source/WebCore:
Test: media/media-source/media-source-seek-complete.html

Run the SourceBuffer Monitoring step after initiating a seek.

Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateSeekToTime):

LayoutTests:

media/media-source/media-source-seek-complete-expected.txt: Added.
media/media-source/media-source-seek-complete.html: Added.

9:51 AM Changeset in webkit [167348] by Darin Adler

4 edits in trunk

Make Vector::takeLast work with move-only types (and optimize for types where move is faster)
https://bugs.webkit.org/show_bug.cgi?id=131735

Reviewed by Alexey Proskuryakov.

Source/WTF:

wtf/Vector.h:

(WTF::Vector::takeLast): Added a missing std::move. All the other take functions have it.

Tools:

TestWebKitAPI/Tests/WTF/Vector.cpp: Added a test for Vector::takeLast with move only types.

Fixed invocations of EXPECT macros so the expected value is on the left, and the test result
is on the right. This can be confusing since our JavaScript test framework does it the opposite
way, but gtest works better this way.

8:38 AM April 2014 Meeting edited by dino@apple.com

(diff)

8:37 AM April 2014 Meeting edited by dino@apple.com

(diff)

8:35 AM WebGL.pdf attached to April 2014 Meeting by dino@apple.com

WebGL Slides

8:33 AM April 2014 Meeting edited by dino@apple.com

(diff)

7:24 AM Changeset in webkit [167347] by rgabor@webkit.org

2 edits in trunk/Source/JavaScriptCore

Unreviewed, ARM64 buildfix after r167336.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchAdd32): Add missing function.

5:25 AM Changeset in webkit [167346] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit/efl

[EFL] Cleanup the build from unused parameters in WebKit-efl.
https://bugs.webkit.org/show_bug.cgi?id=131677.

Patch by Jeongeun Kim <je_julie.kim@samsung.com> on 2014-04-16
Reviewed by Gyuyoung Kim.

Changed ASSERT to ASSERT_UNUSED if it's just used for ASSERT.

ewk/ewk_view.cpp:

(ewk_view_scroll):

4:27 AM WebKitGTK edited by Andres Gomez

Updated the introduction text (diff)

4:26 AM Changeset in webkit [167345] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed EFL gardening. Some test modules come to crash since buildbot uses
Ubuntu 13.10. Skip those crash modules for now.

platform/efl-wk2/TestExpectations:

4:25 AM WebKitGTK/StartHacking edited by Andres Gomez

Correcting typos (diff)

4:18 AM WebKitGTK/StartHacking edited by Andres Gomez

Removed specific information for stable and unstable branches and … (diff)

3:19 AM Changeset in webkit [167344] by Carlos Garcia Campos

2 edits in trunk

REGRESSION(r166779): [GTK] Printing doesn't work since r166779
https://bugs.webkit.org/show_bug.cgi?id=131725

Reviewed by Philippe Normand.

Source/cmake/OptionsGTK.cmake: Check GTK_UNIX_PRINT_FOUND

instead of GTK_UNIX_PRINTING_FOUND and set the macro
HAVE_GTK_UNIX_PRINTING to 1 when found.

Apr 15, 2014:

10:16 PM Changeset in webkit [167343] by mitz@apple.com

5 edits in trunk/Source/WebKit2

[Cocoa] Add a form delegate method corresponding to willSubmitForm
https://bugs.webkit.org/show_bug.cgi?id=131718

Reviewed by Tim Horton.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setFormDelegate:]): Changed to define and create a FormClient (which derives
from API::FormClient and messages a delegate), and set it as the form client.

UIProcess/API/Cocoa/_WKFormDelegate.h: Declared new delegate method.

WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFormDelegatePrivate.h: Added a

variant of willSubmitForm that returs a user object to pass to the delegate in the UI
process, giving it a temporary name with “new”.

WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): Changed willSubmitForm()
to check for the new bundle delegate method first and encode the user object as user data.
Moved the encoding of an NSObject <NSSecureCoding> as user data into a helper function.

8:45 PM Changeset in webkit [167342] by commit-queue@webkit.org

14 edits in trunk

[EFL] Fix problems with the pixel dump.
https://bugs.webkit.org/show_bug.cgi?id=131265

Patch by Hyowon Kim <hw1008.kim@samsung.com> on 2014-04-15
Reviewed by Gyuyoung Kim.

Painting and compositing paths of WebKit-EFL were totally modified from r166768.
However pixel dump codes still call deprecated functions like ewk_view_paint(),
which causes that nothing is drawn.

This patch adds new member functions to AcceleratedCompositingContext to support pixel dump.
One of new functions is AcceleratedCompositingContext::extractImageData(),
which replaces deprecated function calls. Besides the extractImageData() is invoked by
ewk_view_screenshot_contents_get() in order to take the visible content displayed on the EFL webview.

Source/WebCore:

platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::flipImageSurfaceVertically): Flip pixel data of given cairo_surface_t vertically up/down.
Whereas Cairo uses the top-left corner as being 0,0 of the coordinate system,
OpenGL uses the bottom-left corner being 0,0.
So we need to vertically flip resultant images taken by glReadPixels().

platform/graphics/cairo/CairoUtilities.h:

Source/WebKit/efl:

WebCoreSupport/AcceleratedCompositingContextEfl.cpp:

(WebCore::AcceleratedCompositingContext::AcceleratedCompositingContext):
Create TextureMapper with a proper backend.
(WebCore::AcceleratedCompositingContext::flushPendingLayerChanges):
Revise a null check for m_rootLayer.
(WebCore::AcceleratedCompositingContext::paintToGraphicsContext):
Remove a creation check for TextureMapperGL.
(WebCore::AcceleratedCompositingContext::paintToCurrentGLContext):
Ditto.
(WebCore::AcceleratedCompositingContext::extractImageData):
Extract image data from the view and copy it to given Evas_Object.
(WebCore::AcceleratedCompositingContext::getImageData):
Get image data from the view and return it as cairo_surface_t on software mode.
(WebCore::AcceleratedCompositingContext::getImageDataGL):
Get image data from the view and return it as cairo_surface_t on GL mode.

WebCoreSupport/AcceleratedCompositingContextEfl.h:
WebCoreSupport/DumpRenderTreeSupportEfl.cpp:

(DumpRenderTreeSupportEfl::forcePaint): Repaint the entire webview before pixel dump.

WebCoreSupport/DumpRenderTreeSupportEfl.h:
ewk/ewk_view.cpp:

(ewk_view_mark_for_sync): Remove an unnecessary line.
(ewk_view_force_paint): Call flushAndRenderLayers().
(ewk_view_screenshot_contents_get): Remove 'scale' parameter and replace ewk_view_paint()
with AcceleratedCompositingContext::extractImageData().

ewk/ewk_view.h:
ewk/ewk_view_private.h:
tests/test_ewk_view.cpp:

(TEST_F):

Tools:

DumpRenderTree/efl/PixelDumpSupportEfl.cpp:

(createBitmapContextFromWebView): Add to call DumpRenderTreeSupportEfl::forcePaint().

7:42 PM Changeset in webkit [167341] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, add the obvious thing that marks MakeRope as exiting since it can exit.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

7:04 PM Changeset in webkit [167340] by commit-queue@webkit.org

9 edits in trunk/Source

Make page overlay functionality working on coordinated graphics.
https://bugs.webkit.org/show_bug.cgi?id=131425

Patch by Hyowon Kim <hw1008.kim@samsung.com> on 2014-04-15
Reviewed by Darin Adler.

Page overlay functionality did not work on coordinated graphics since r166975.
This patch removes deprecated code related to the PageOverlay GraphicsLayer management.
and makes CoordinatedLayerTreeHost use PageOverlayController.

Source/WebCore:

platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:

(WebCore::CompositingCoordinator::setRootCompositingLayer):
(WebCore::CompositingCoordinator::flushPendingLayerChanges):

platform/graphics/texmap/coordinated/CompositingCoordinator.h:

Source/WebKit2:

WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:

(WebKit::CoordinatedDrawingArea::mainFrameContentSizeChanged):
(WebKit::CoordinatedDrawingArea::didInstallPageOverlay): Deleted.
(WebKit::CoordinatedDrawingArea::didUninstallPageOverlay): Deleted.
(WebKit::CoordinatedDrawingArea::setPageOverlayNeedsDisplay): Deleted.
(WebKit::CoordinatedDrawingArea::setPageOverlayOpacity): Deleted.

WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.h:
WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:

(WebKit::CoordinatedLayerTreeHost::setRootCompositingLayer):
(WebKit::CoordinatedLayerTreeHost::didFlushRootLayer):
(WebKit::CoordinatedLayerTreeHost::deviceOrPageScaleFactorChanged):
(WebKit::CoordinatedLayerTreeHost::didInstallPageOverlay): Deleted.
(WebKit::CoordinatedLayerTreeHost::didUninstallPageOverlay): Deleted.
(WebKit::CoordinatedLayerTreeHost::setPageOverlayNeedsDisplay): Deleted.
(WebKit::CoordinatedLayerTreeHost::setPageOverlayOpacity): Deleted.
(WebKit::CoordinatedLayerTreeHost::createPageOverlayLayer): Deleted.
(WebKit::CoordinatedLayerTreeHost::destroyPageOverlayLayer): Deleted.

WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.h:
WebProcess/WebPage/LayerTreeHost.h:

(WebKit::LayerTreeHost::didInstallPageOverlay):
(WebKit::LayerTreeHost::didUninstallPageOverlay):
(WebKit::LayerTreeHost::setPageOverlayNeedsDisplay):

5:58 PM More Awesome created by dino@apple.com

5:57 PM April 2014 Meeting edited by dino@apple.com

(diff)

5:26 PM Changeset in webkit [167339] by roger_fong@apple.com

4 edits
2 adds in trunk

Snapshotted plugins may need to be restarted if style properties are changed after initial load of plugin.
https://bugs.webkit.org/show_bug.cgi?id=131553.
<rdar://problem/15443375>

Reviewed by Timothy Horton.

Test: plugins/snapshotting/set-plugin-size-to-tiny.html

When updating embedded objects during our post layout checks, check for certain style changes
that may result in the plugin needing to be restarted.

html/HTMLPlugInImageElement.h:

Add m_plugInDimensionsSpecified field to keep track of whether or not dimensions on the plugin’s renderer have been specified.

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement):
Initialize m_plugInDimensionsSpecified.
(WebCore::isSmallerThanTinySizingThreshold):
Refactoring, move check for whether or not plugin is smaller than the tiny plugin size threshold to this method.
(WebCore::HTMLPlugInImageElement::isTopLevelFullPage):
Refactoring, move check for whether or not plugin is top level full page to this method.
(WebCore::HTMLPlugInImageElement::checkSnapshotStatus):
Use refactored checks here as well to determine whether or not we need to restart the snapshotted plugin.
(WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Use refactored checks.
If plugin dimensions were specified, set m_plugInDimensionsSpecified to true.

platform/mac-wk2/plugins/snapshotting/set-plugin-size-to-tiny-expected.txt: Added.
plugins/snapshotting/set-plugin-size-to-tiny.html: Added.

5:01 PM Changeset in webkit [167338] by akling@apple.com

3 edits in trunk/Source/WebCore

[iOS WebKit2] Listen for system memory pressure notifications.
<https://webkit.org/b/131653>
<rdar://problem/16208123>

Reviewed by Antti Koivisto.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::install):

Use the right invocation to summon the memory pressure handler.

(WebCore::MemoryPressureHandler::install):
(WebCore::MemoryPressureHandler::uninstall):
(WebCore::MemoryPressureHandler::holdOff):
(WebCore::MemoryPressureHandler::respondToMemoryPressure):

Make stubbed out functions !PLATFORM(COCOA)

5:01 PM Changeset in webkit [167337] by fpizlo@apple.com

3 edits in trunk/WebKitLibraries

Update LLVM binary drops for Mountain Lion to LLVM r206312.

Rubber stamped by Geoffrey Garen.

LLVMIncludesMountainLion.tar.bz2:
LLVMLibrariesMountainLion.tar.bz2:

4:33 PM Changeset in webkit [167336] by fpizlo@apple.com

8 edits
4 adds in trunk/Source/JavaScriptCore

compileMakeRope does not emit necessary bounds checks
https://bugs.webkit.org/show_bug.cgi?id=130684
<rdar://problem/16398388>

Reviewed by Oliver Hunt.

Add string length bounds checks in a bunch of places. We should never allow a string
to have a length greater than 2^{31-1 because it's not clear that the language has

semantics for it and because there is code that assumes that this cannot happen.

Also add a bunch of tests to that effect to cover the various ways in which this was

previously allowed to happen.}

dfg/DFGOperations.cpp:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileMakeRope):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileMakeRope):

runtime/JSString.cpp:

(JSC::JSRopeString::RopeBuilder::expand):

runtime/JSString.h:

(JSC::JSString::create):
(JSC::JSRopeString::RopeBuilder::append):
(JSC::JSRopeString::RopeBuilder::release):
(JSC::JSRopeString::append):

runtime/Operations.h:

(JSC::jsString):
(JSC::jsStringFromRegisterArray):
(JSC::jsStringFromArguments):

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):

tests/stress/make-large-string-jit-strcat.js: Added.

(foo):

tests/stress/make-large-string-jit.js: Added.

(foo):

tests/stress/make-large-string-strcat.js: Added.
tests/stress/make-large-string.js: Added.

4:25 PM Changeset in webkit [167335] by hyatt@apple.com

22 edits
201 adds in trunk

[New Multicolumn] Add support for column-span:all
https://bugs.webkit.org/show_bug.cgi?id=129330

Patch by Morten Stenshorne <mstensho@opera.com> on 2014-04-14
Reviewed by Dave Hyatt.

Source/WebCore:
Column spanners are implemented as siblings of RenderMultiColumnSet
objects (i.e. the regions for the column rows). This means that they
are pulled out from the flow thread tree where they would otherwise
live. This causes some complexity, most of which is contained within
the multicol code.

A placeholder is put in the flow thread tree where the spanner's
renderer would otherwise live. This is needed in order make sure that
we interrupt line layout before after the spanner. We also need this
to be able to switch from one multicol set to the next.

Some extra logic is required when dynamically inserting and removing
flow thread descendants now, because we need to figure out if the
renderer added should trigger creation of new multi column sets. If
a spanner is inserted in the middle of a multi column set, we need to
detect this, split the set and put the spanner in the middle.

Wrote a bunch of tests. A few of the tests were copied from existing
(old-impl) tests and put in a separate directory. That directory can
be wiped when we turn on the new multicol implementation by default.

Tests: fast/multicol/newmulticol/adjacent-spanners.html

fast/multicol/newmulticol/block-becomes-spanner.html
fast/multicol/newmulticol/change-spanner-display.html
fast/multicol/newmulticol/change-spanner-parent-display.html
fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash.html
fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block.html
fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash.html
fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash.html
fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox.html
fast/multicol/newmulticol/compare-with-old-impl/clone-summary.html
fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box.html
fast/multicol/newmulticol/compare-with-old-impl/continuation-crash.html
fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash.html
fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash.html
fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash.html
fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash.html
fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash.html
fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash.html
fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash.html
fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash.html
fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash.html
fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash.html
fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting.html
fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child.html
fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash.html
fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash.html
fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash.html
fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash.html
fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash.html
fast/multicol/newmulticol/insert-row-content1.html
fast/multicol/newmulticol/insert-row-content2.html
fast/multicol/newmulticol/insert-row-content3.html
fast/multicol/newmulticol/insert-row-content4.html
fast/multicol/newmulticol/insert-row-content5.html
fast/multicol/newmulticol/insert-row-content6.html
fast/multicol/newmulticol/insert-row-content7.html
fast/multicol/newmulticol/insert-row-content8.html
fast/multicol/newmulticol/insert-row-content9.html
fast/multicol/newmulticol/insert-spanner-child1.html
fast/multicol/newmulticol/insert-spanner-child2.html
fast/multicol/newmulticol/insert-spanner-child3.html
fast/multicol/newmulticol/insert-spanner1.html
fast/multicol/newmulticol/insert-spanner2.html
fast/multicol/newmulticol/insert-spanner3.html
fast/multicol/newmulticol/insert-spanner4.html
fast/multicol/newmulticol/insert-spanner5.html
fast/multicol/newmulticol/insert-spanner6.html
fast/multicol/newmulticol/insert-spanner7.html
fast/multicol/newmulticol/insert-spanner8.html
fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block.html
fast/multicol/newmulticol/remove-row-content1.html
fast/multicol/newmulticol/remove-row-content2.html
fast/multicol/newmulticol/remove-row-content3.html
fast/multicol/newmulticol/remove-row-content4.html
fast/multicol/newmulticol/remove-row-content5.html
fast/multicol/newmulticol/remove-row-content6.html
fast/multicol/newmulticol/remove-row-content7.html
fast/multicol/newmulticol/remove-row-content8.html
fast/multicol/newmulticol/remove-row-content9.html
fast/multicol/newmulticol/remove-spanner1.html
fast/multicol/newmulticol/remove-spanner2.html
fast/multicol/newmulticol/remove-spanner3.html
fast/multicol/newmulticol/remove-spanner4.html
fast/multicol/newmulticol/remove-spanner5.html
fast/multicol/newmulticol/remove-spanner6.html
fast/multicol/newmulticol/sole-spanner.html
fast/multicol/newmulticol/span-between-text.html
fast/multicol/newmulticol/spanner-becomes-regular-block.html
fast/multicol/newmulticol/spanner-first.html
fast/multicol/newmulticol/spanner-img.html
fast/multicol/newmulticol/spanner-inline-block.html
fast/multicol/newmulticol/spanner-last.html
fast/multicol/newmulticol/spanner-nested-dynamic.html
fast/multicol/newmulticol/spanner-nested.html
fast/multicol/newmulticol/spanner-pseudo-after1.html
fast/multicol/newmulticol/spanner-pseudo-after2.html
fast/multicol/newmulticol/spanner-pseudo-after3.html
fast/multicol/newmulticol/spanner-pseudo-after4.html
fast/multicol/newmulticol/spanner-pseudo-before-after1.html
fast/multicol/newmulticol/spanner-pseudo-before-after2.html
fast/multicol/newmulticol/spanner-pseudo-before-after3.html
fast/multicol/newmulticol/spanner-pseudo-before-after4.html
fast/multicol/newmulticol/spanner-pseudo-before1.html
fast/multicol/newmulticol/spanner-pseudo-before2.html
fast/multicol/newmulticol/spanner-pseudo-before3.html
fast/multicol/newmulticol/spanner-pseudo-before4.html
fast/multicol/newmulticol/spanner-table.html
fast/multicol/newmulticol/spanner-with-margin.html
fast/multicol/newmulticol/spanner1.html
fast/multicol/newmulticol/spanner2.html
fast/multicol/newmulticol/spanner3.html
fast/multicol/newmulticol/spanner4.html
fast/multicol/newmulticol/spanner5.html
fast/multicol/newmulticol/spanner6.html
fast/multicol/newmulticol/spanner7.html
fast/multicol/newmulticol/spanner8.html
fast/multicol/newmulticol/spanner9.html
fast/multicol/newmulticol/trailing-margin-with-spanner.html
fast/multicol/newmulticol/trailing-margin-with-spanner2.html

CMakeLists.txt:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
rendering/RenderBlock.cpp:

(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks):
Disable the old anonymous multicol container and spanner anonymous
block generation machinery when the new multicol implementation is
enabled.

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::createMultiColumnFlowThread):
(WebCore::RenderBlockFlow::destroyMultiColumnFlowThread):
(WebCore::RenderBlockFlow::layoutBlockChild): Need to notify the
flow thread when a descendant's final position is known. Spanner
placeholders need to know where to terminate the column set that
it follows.
(WebCore::RenderBlockFlow::styleDidChange): Remove old code that
isn't needed anymore. The renderers in question (flow thread and
column sets) set display:block on themselves already. This code
caused problems for spanners, which got all their style wiped.
(WebCore::RenderBlockFlow::setMultiColumnFlowThread): If setting
the flow thread to nullptr, there's no need to create the "rare
data" structure.
(WebCore::RenderBlockFlow::relayoutForPagination):
(WebCore::RenderBlockFlow::layoutSpecialExcludedChild):
(WebCore::RenderBlockFlow::addChild): beforeChild is retrieved via
the DOM. If it is a spanner, we need to locate the placeholder
here, because that's the correct location to insert siblings,
DOM-wise.
(WebCore::RenderBlockFlow::removeChild): The multicol flow thread
needs to know when children disappear.
(WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
Don't modify the height back and forth when calculating the
multicol container's final height, as that messes up balancing.
(WebCore::RenderBlockFlow::insertedIntoTree): Deleted.
(WebCore::RenderBlockFlow::willBeDestroyed): Deleted.
(WebCore::RenderBlockFlow::styleWillChange): Deleted.
(WebCore::RenderBlockFlow::lineAtIndex): Deleted.

rendering/RenderBlockFlow.h:
rendering/RenderElement.cpp:

(WebCore::RenderElement::insertedIntoTree): Set up an element's
layer before notifying the flow thread. The multicol flow thread
may decide to move the element (if it's a spanner), which may
involve re-insertion of layers. Calling
RenderObject::insertedIntoTree() last instead of first also better
matches the order we used to have prior to the introduction of
RenderElement, FWIW.

rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::layout):
(WebCore::RenderFlowThread::removeRegionFromThread): Deleted.
(WebCore::RenderFlowThread::invalidateRegions): Deleted.

rendering/RenderFlowThread.h:
rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::RenderMultiColumnFlowThread::RenderMultiColumnFlowThread):
(WebCore::RenderMultiColumnFlowThread::removeFlowChildInfo): When
a flow thread descendant is inserted, the multicol flow thread
needs to be notified.
(WebCore::RenderMultiColumnFlowThread::firstMultiColumnSet):
(WebCore::RenderMultiColumnFlowThread::lastMultiColumnSet):
(WebCore::RenderMultiColumnFlowThread::firstColumnSetOrSpanner):
(WebCore::RenderMultiColumnFlowThread::nextColumnSetOrSpannerSiblingOf):
(WebCore::RenderMultiColumnFlowThread::previousColumnSetOrSpannerSiblingOf):
(WebCore::RenderMultiColumnFlowThread::layout):
(WebCore::RenderMultiColumnFlowThread::findSetRendering):
(WebCore::RenderMultiColumnFlowThread::populate):
(WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):
(WebCore::RenderMultiColumnFlowThread::addRegionToThread):
(WebCore::RenderMultiColumnFlowThread::willBeRemovedFromTree):
Need to detach column sets here, since they have pointers to their
flow thread.
(WebCore::RenderMultiColumnFlowThread::resolveMovedChild):
(WebCore::isValidColumnSpanner):
(WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
(WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
(WebCore::RenderMultiColumnFlowThread::flowThreadDescendantBoxLaidOut):
(WebCore::RenderMultiColumnFlowThread::autoGenerateRegionsToBlockOffset):
Nothing to be done here for the time being. Column sets are now
created during box creation. We are going to need to add some code
here again once multicol properly supports nested fragmentation
contexts (and you get adjacent column rows because of that).
(WebCore::RenderMultiColumnFlowThread::regionAtBlockOffset):
During layout, don't trust the region interval tree, as that one
depends on the resulting layout.
(WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox): With
a convenience method to get the last column set, and column sets
now being created during normal box creation, this young method
needs an overhaul.
(WebCore::RenderMultiColumnFlowThread::setRegionRangeForBox):
(WebCore::RenderMultiColumnFlowThread::isPageLogicalHeightKnown):

rendering/RenderMultiColumnFlowThread.h:
rendering/RenderMultiColumnSet.cpp:

(WebCore::RenderMultiColumnSet::nextSiblingMultiColumnSet):
(WebCore::RenderMultiColumnSet::previousSiblingMultiColumnSet):
(WebCore::RenderMultiColumnSet::firstRendererInFlowThread):
(WebCore::RenderMultiColumnSet::lastRendererInFlowThread):
(WebCore::precedesRenderer):
(WebCore::RenderMultiColumnSet::containsRendererInFlowThread):
(WebCore::RenderMultiColumnSet::setLogicalTopInFlowThread):
(WebCore::RenderMultiColumnSet::setLogicalBottomInFlowThread):
(WebCore::RenderMultiColumnSet::pageLogicalTopForOffset):
(WebCore::RenderMultiColumnSet::distributeImplicitBreaks):
(WebCore::RenderMultiColumnSet::calculateBalancedHeight):
(WebCore::RenderMultiColumnSet::addForcedBreak):
(WebCore::RenderMultiColumnSet::recalculateColumnHeight):
Previously only needed if columns were to be balanced, now it's
also needed when not balancing.
(WebCore::RenderMultiColumnSet::recordSpaceShortage): Some layout
elements actually have 0 height. Skip them, since they're not
taking us anywhere.
(WebCore::RenderMultiColumnSet::updateLogicalWidth):
(WebCore::RenderMultiColumnSet::requiresBalancing): Column sets
now have individual balancing needs. If they precede a spanner,
they must always be balanced. For the last column set, see if
height is unspecified or column-fill is 'balance' (like before).
(WebCore::RenderMultiColumnSet::prepareForLayout):
(WebCore::RenderMultiColumnSet::beginFlow):
(WebCore::RenderMultiColumnSet::endFlow):
(WebCore::RenderMultiColumnSet::layout):
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
(WebCore::RenderMultiColumnSet::columnRectAt):
(WebCore::RenderMultiColumnSet::flowThreadPortionOverflowRect):
(WebCore::RenderMultiColumnSet::paintColumnRules):
(WebCore::RenderMultiColumnSet::initialBlockOffsetForPainting):
(WebCore::RenderMultiColumnSet::collectLayerFragments):
(WebCore::RenderMultiColumnSet::columnTranslationForOffset):
(WebCore::RenderMultiColumnSet::setAndConstrainColumnHeight): Deleted.
(WebCore::RenderMultiColumnSet::findRunWithTallestColumns): Deleted.
(WebCore::RenderMultiColumnSet::clearForcedBreaks): Deleted.
(WebCore::RenderMultiColumnSet::repaintFlowThreadContent): Deleted.

rendering/RenderMultiColumnSet.h:
rendering/RenderMultiColumnSpannerPlaceholder.cpp: Added.

(WebCore::RenderMultiColumnSpannerPlaceholder::createAnonymous):
(WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
(WebCore::RenderMultiColumnSpannerPlaceholder::renderName):

rendering/RenderMultiColumnSpannerPlaceholder.h: Added.
rendering/RenderObject.cpp:

(WebCore::RenderObject::insertedIntoTree): Need to notify the
multicol flow thread when descendants are inserted. That may
trigger insertion of column sets, or, in the case of spanners,
they need to be moved out from the flow thread.

rendering/RenderObject.h:

(WebCore::RenderObject::isRenderMultiColumnSpannerPlaceholder):
(WebCore::RenderObject::isAnonymousBlock): Exclude column sets
here, so that they don't get involved in anonymous block merging
and other kinds of fun.

rendering/RenderRegion.h:
rendering/RenderRegionSet.h:

LayoutTests:
Wrote a bunch of tests. A few of the tests were copied from existing
(old-impl) tests and put in a separate directory. That directory can
be wiped when we turn on the new multicol implementation by default.

fast/multicol/newmulticol/adjacent-spanners-expected.html: Added.
fast/multicol/newmulticol/adjacent-spanners.html: Added.
fast/multicol/newmulticol/block-becomes-spanner-expected.html: Added.
fast/multicol/newmulticol/block-becomes-spanner.html: Added.
fast/multicol/newmulticol/change-spanner-display-expected.html: Added.
fast/multicol/newmulticol/change-spanner-display.html: Added.
fast/multicol/newmulticol/change-spanner-parent-display-expected.html: Added.
fast/multicol/newmulticol/change-spanner-parent-display.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/anonymous-block-split-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block-expected.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/before-child-anonymous-column-block.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-before-after-content-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-block-children-inline-mismatch-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-flexbox.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-summary-expected.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/clone-summary.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/column-span-inside-multicol-webkit-box.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/continuation-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/continuation-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/double-merge-anonymous-block-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/empty-anonymous-block-split-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/float-not-removed-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/list-multi-column-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/positioned-child-not-removed-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/positioned-objects-not-removed-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/recursive-split-flow-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/removal-of-multicol-span-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/remove-child-split-flow-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/runin-continuation-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting-expected.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/span-as-immediate-child-complex-splitting.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child-expected.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/span-as-nested-inline-block-child.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/split-flow-anonymous-wrapper-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/split-inline-wrong-post-block-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/table-multi-column-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/textbox-not-removed-crash.html: Added.
fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash-expected.txt: Added.
fast/multicol/newmulticol/compare-with-old-impl/update-after-content-before-child-crash.html: Added.
fast/multicol/newmulticol/insert-row-content1-expected.html: Added.
fast/multicol/newmulticol/insert-row-content1.html: Added.
fast/multicol/newmulticol/insert-row-content2-expected.html: Added.
fast/multicol/newmulticol/insert-row-content2.html: Added.
fast/multicol/newmulticol/insert-row-content3-expected.html: Added.
fast/multicol/newmulticol/insert-row-content3.html: Added.
fast/multicol/newmulticol/insert-row-content4-expected.html: Added.
fast/multicol/newmulticol/insert-row-content4.html: Added.
fast/multicol/newmulticol/insert-row-content5-expected.html: Added.
fast/multicol/newmulticol/insert-row-content5.html: Added.
fast/multicol/newmulticol/insert-row-content6-expected.html: Added.
fast/multicol/newmulticol/insert-row-content6.html: Added.
fast/multicol/newmulticol/insert-row-content7-expected.html: Added.
fast/multicol/newmulticol/insert-row-content7.html: Added.
fast/multicol/newmulticol/insert-row-content8-expected.html: Added.
fast/multicol/newmulticol/insert-row-content8.html: Added.
fast/multicol/newmulticol/insert-row-content9-expected.html: Added.
fast/multicol/newmulticol/insert-row-content9.html: Added.
fast/multicol/newmulticol/insert-spanner-child1-expected.html: Added.
fast/multicol/newmulticol/insert-spanner-child1.html: Added.
fast/multicol/newmulticol/insert-spanner-child2-expected.html: Added.
fast/multicol/newmulticol/insert-spanner-child2.html: Added.
fast/multicol/newmulticol/insert-spanner-child3-expected.html: Added.
fast/multicol/newmulticol/insert-spanner-child3.html: Added.
fast/multicol/newmulticol/insert-spanner1-expected.html: Added.
fast/multicol/newmulticol/insert-spanner1.html: Added.
fast/multicol/newmulticol/insert-spanner2-expected.html: Added.
fast/multicol/newmulticol/insert-spanner2.html: Added.
fast/multicol/newmulticol/insert-spanner3-expected.html: Added.
fast/multicol/newmulticol/insert-spanner3.html: Added.
fast/multicol/newmulticol/insert-spanner4-expected.html: Added.
fast/multicol/newmulticol/insert-spanner4.html: Added.
fast/multicol/newmulticol/insert-spanner5-expected.html: Added.
fast/multicol/newmulticol/insert-spanner5.html: Added.
fast/multicol/newmulticol/insert-spanner6-expected.html: Added.
fast/multicol/newmulticol/insert-spanner6.html: Added.
fast/multicol/newmulticol/insert-spanner7-expected.html: Added.
fast/multicol/newmulticol/insert-spanner7.html: Added.
fast/multicol/newmulticol/insert-spanner8-expected.html: Added.
fast/multicol/newmulticol/insert-spanner8.html: Added.
fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block-expected.html: Added.
fast/multicol/newmulticol/multicol-with-spanner-becomes-regular-block.html: Added.
fast/multicol/newmulticol/remove-row-content1-expected.html: Added.
fast/multicol/newmulticol/remove-row-content1.html: Added.
fast/multicol/newmulticol/remove-row-content2-expected.html: Added.
fast/multicol/newmulticol/remove-row-content2.html: Added.
fast/multicol/newmulticol/remove-row-content3-expected.html: Added.
fast/multicol/newmulticol/remove-row-content3.html: Added.
fast/multicol/newmulticol/remove-row-content4-expected.html: Added.
fast/multicol/newmulticol/remove-row-content4.html: Added.
fast/multicol/newmulticol/remove-row-content5-expected.html: Added.
fast/multicol/newmulticol/remove-row-content5.html: Added.
fast/multicol/newmulticol/remove-row-content6-expected.html: Added.
fast/multicol/newmulticol/remove-row-content6.html: Added.
fast/multicol/newmulticol/remove-row-content7-expected.html: Added.
fast/multicol/newmulticol/remove-row-content7.html: Added.
fast/multicol/newmulticol/remove-row-content8-expected.html: Added.
fast/multicol/newmulticol/remove-row-content8.html: Added.
fast/multicol/newmulticol/remove-row-content9-expected.html: Added.
fast/multicol/newmulticol/remove-row-content9.html: Added.
fast/multicol/newmulticol/remove-spanner1-expected.html: Added.
fast/multicol/newmulticol/remove-spanner1.html: Added.
fast/multicol/newmulticol/remove-spanner2-expected.html: Added.
fast/multicol/newmulticol/remove-spanner2.html: Added.
fast/multicol/newmulticol/remove-spanner3-expected.html: Added.
fast/multicol/newmulticol/remove-spanner3.html: Added.
fast/multicol/newmulticol/remove-spanner4-expected.html: Added.
fast/multicol/newmulticol/remove-spanner4.html: Added.
fast/multicol/newmulticol/remove-spanner5-expected.html: Added.
fast/multicol/newmulticol/remove-spanner5.html: Added.
fast/multicol/newmulticol/remove-spanner6-expected.html: Added.
fast/multicol/newmulticol/remove-spanner6.html: Added.
fast/multicol/newmulticol/sole-spanner-expected.html: Added.
fast/multicol/newmulticol/sole-spanner.html: Added.
fast/multicol/newmulticol/span-between-text-expected.html: Added.
fast/multicol/newmulticol/span-between-text.html: Added.
fast/multicol/newmulticol/spanner-becomes-regular-block-expected.html: Added.
fast/multicol/newmulticol/spanner-becomes-regular-block.html: Added.
fast/multicol/newmulticol/spanner-first-expected.html: Added.
fast/multicol/newmulticol/spanner-first.html: Added.
fast/multicol/newmulticol/spanner-img-expected.html: Added.
fast/multicol/newmulticol/spanner-img.html: Added.
fast/multicol/newmulticol/spanner-inline-block-expected.html: Added.
fast/multicol/newmulticol/spanner-inline-block.html: Added.
fast/multicol/newmulticol/spanner-last-expected.html: Added.
fast/multicol/newmulticol/spanner-last.html: Added.
fast/multicol/newmulticol/spanner-nested-dynamic-expected.html: Added.
fast/multicol/newmulticol/spanner-nested-dynamic.html: Added.
fast/multicol/newmulticol/spanner-nested-expected.html: Added.
fast/multicol/newmulticol/spanner-nested.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after1-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after1.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after2-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after2.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after3-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after3.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after4-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-after4.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after1-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after1.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after2-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after2.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after3-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after3.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after4-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before-after4.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before1-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before1.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before2-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before2.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before3-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before3.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before4-expected.html: Added.
fast/multicol/newmulticol/spanner-pseudo-before4.html: Added.
fast/multicol/newmulticol/spanner-table-expected.html: Added.
fast/multicol/newmulticol/spanner-table.html: Added.
fast/multicol/newmulticol/spanner-with-margin-expected.html: Added.
fast/multicol/newmulticol/spanner-with-margin.html: Added.
fast/multicol/newmulticol/spanner1-expected.html: Added.
fast/multicol/newmulticol/spanner1.html: Added.
fast/multicol/newmulticol/spanner2-expected.html: Added.
fast/multicol/newmulticol/spanner2.html: Added.
fast/multicol/newmulticol/spanner3-expected.html: Added.
fast/multicol/newmulticol/spanner3.html: Added.
fast/multicol/newmulticol/spanner4-expected.html: Added.
fast/multicol/newmulticol/spanner4.html: Added.
fast/multicol/newmulticol/spanner5-expected.html: Added.
fast/multicol/newmulticol/spanner5.html: Added.
fast/multicol/newmulticol/spanner6-expected.html: Added.
fast/multicol/newmulticol/spanner6.html: Added.
fast/multicol/newmulticol/spanner7-expected.html: Added.
fast/multicol/newmulticol/spanner7.html: Added.
fast/multicol/newmulticol/spanner8-expected.html: Added.
fast/multicol/newmulticol/spanner8.html: Added.
fast/multicol/newmulticol/spanner9-expected.html: Added.
fast/multicol/newmulticol/spanner9.html: Added.
fast/multicol/newmulticol/trailing-margin-with-spanner-expected.html: Added.
fast/multicol/newmulticol/trailing-margin-with-spanner.html: Added.
fast/multicol/newmulticol/trailing-margin-with-spanner2-expected.html: Added.
fast/multicol/newmulticol/trailing-margin-with-spanner2.html: Added.
platform/gtk/fast/multicol/newmulticol/client-rects-expected.txt: Added.

4:25 PM Changeset in webkit [167334] by fpizlo@apple.com

3 edits
2 adds in trunk

Tools: Update LLVM export scrpt to handle the build directory being different from the
source directory.

Rubber stamped by Geoffrey Garen.

Scripts/export-llvm-build:

WebKitLibraries: Add LLVM binary drops for Mavericks using LLVM r206312.

Rubber stamped by Geoffrey Garen.

LLVMIncludesMavericks.tar.bz2: Added.
LLVMLibrariesMavericks.tar.bz2: Added.

4:21 PM Changeset in webkit [167333] by ap@apple.com

1 edit in trunk/LayoutTests/platform/mac/TestExpectations

Update bug number in TestExpectations file.

4:19 PM Changeset in webkit [167332] by ap@apple.com

2 edits in trunk/LayoutTests

http/tests/websocket/tests/hybi/workers/close.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=131716

platform/mac/TestExpectations: Marking as such.

4:15 PM Changeset in webkit [167331] by ap@apple.com

2 edits in trunk/LayoutTests

transitions/cancel-transition.html is very flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=131715

platform/mac/TestExpectations: Marking as such.

4:14 PM April 2014 Meeting edited by ryuan.choi@samsung.com

Tried to fix broken image (diff)

4:11 PM April 2014 Meeting edited by ryuan.choi@samsung.com

(diff)

4:10 PM Apr2014WebKitMeetingGrp-small.jpg attached to April 2014 Meeting by ryuan.choi@samsung.com

4:05 PM Apr2014WebKitMeetingGrp.jpg attached to April 2014 Meeting by ryuan.choi@samsung.com

Lager image

4:05 PM Changeset in webkit [167330] by mitz@apple.com

7 edits
1 add in trunk/Source/WebKit2

Introduce API::FormClient
https://bugs.webkit.org/show_bug.cgi?id=131714

Reviewed by Tim Horton.

UIProcess/API/APIFormClient.h: Added.

(API::FormClient::~FormClient):
(API::FormClient::willSubmitForm):

UIProcess/API/C/WKPage.cpp:

(WKPageSetPageFormClient): Changed to create a WebFormClient and call
WebPageProxy::setFormClient.

UIProcess/WebFormClient.cpp:

(WebKit::WebFormClient::WebFormClient): Added a constructor from WKPageFormClientBase.

UIProcess/WebFormClient.h: Added inheritance from API::FormClient, marked overrides as

such.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy): Initialize m_formClient member.
(WebKit::WebPageProxy::setFormClient): Added. Updates m_formClient.
(WebKit::WebPageProxy::close): Updated code to clear m_formClient.
(WebKit::WebPageProxy::willSubmitForm): Updated for type change.
(WebKit::WebPageProxy::initializeFormClient): Deleted.

UIProcess/WebPageProxy.h:

WebKit2.xcodeproj/project.pbxproj: Added reference to new file.

3:57 PM April 2014 Meeting edited by ryuan.choi@samsung.com

Added picture (diff)

3:56 PM webkit_contributors_meeting_2014.jpg attached to April 2014 Meeting by ryuan.choi@samsung.com

3:36 PM Changeset in webkit [167329] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Remove invalid sh4 specific code in JITInlines header.
https://bugs.webkit.org/show_bug.cgi?id=131692

Patch by Julien Brianceau <jbriance@cisco.com> on 2014-04-15
Reviewed by Geoffrey Garen.

jit/JITInlines.h:

(JSC::JIT::callOperation): Prototype is not F_JITOperation_EJJZ
anymore since r160244, so the sh4 specific code is invalid now
and has to be removed.

2:50 PM Changeset in webkit [167328] by mhahnenberg@apple.com

2 edits in trunk/Source/JavaScriptCore

Fix precedence issue in JSCell:setRemembered

Rubber stamped by Filip Pizlo.

runtime/JSCell.h:

(JSC::JSCell::setRemembered):

2:37 PM Changeset in webkit [167327] by rniwa@webkit.org

2 edits in trunk/Tools

Update the hyperlink to waterfall views of perf bots on build.webkit.org
https://bugs.webkit.org/show_bug.cgi?id=131695

Reviewed by Antti Koivisto.

Updated.

BuildSlaveSupport/build.webkit.org-config/templates/root.html:

2:05 PM Changeset in webkit [167326] by mhahnenberg@apple.com

9 edits in trunk/Source/JavaScriptCore

Objective-C API external object graphs don't handle generational collection properly
https://bugs.webkit.org/show_bug.cgi?id=131634

Reviewed by Geoffrey Garen.

If the set of Objective-C objects transitively reachable through an object changes, we
need to update the set of opaque roots accordingly. If we don't, the next EdenCollection
won't rescan the external object graph, which would lead us to consider a newly allocated
JSManagedValue to be dead.

API/JSBase.cpp:

(JSSynchronousEdenCollectForDebugging):

API/JSVirtualMachine.mm:

(-[JSVirtualMachine initWithContextGroupRef:]):
(-[JSVirtualMachine dealloc]):
(-[JSVirtualMachine isOldExternalObject:]):
(-[JSVirtualMachine addExternalRememberedObject:]):
(-[JSVirtualMachine addManagedReference:withOwner:]):
(-[JSVirtualMachine removeManagedReference:withOwner:]):
(-[JSVirtualMachine externalRememberedSet]):
(scanExternalObjectGraph):
(scanExternalRememberedSet):

API/JSVirtualMachineInternal.h:
API/tests/testapi.mm:
heap/Heap.cpp:

(JSC::Heap::markRoots):

heap/Heap.h:

(JSC::Heap::slotVisitor):

heap/SlotVisitor.h:
heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::containsOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRootTriState):

1:26 PM Changeset in webkit [167325] by fpizlo@apple.com

50 edits
1 delete in trunk/Source/JavaScriptCore

DFG IR should keep the data flow of doubles and int52's separate from the data flow of JSValue's
https://bugs.webkit.org/show_bug.cgi?id=131423

Reviewed by Geoffrey Garen.

This introduces more static typing into DFG IR. Previously we just had the notion of
JSValues and Storage. This was weird because doubles weren't always convertible to
JSValues, and Int52s weren't always convertible to either doubles or JSValues. We would
sort of insert explicit conversion nodes just for the places where we knew that an
implicit conversion wouldn't have been possible -- but there was no hard and fast rule so
we'd get bugs from forgetting to do the right conversion.

This patch introduces a hard and fast rule: doubles can never be implicitly converted to
anything but doubles, and likewise Int52's can never be implicitly converted. Conversion
nodes are used for all of the conversions. Int52Rep, DoubleRep, and ValueRep are the
conversions. They are like Identity but return the same value using a different
representation. Likewise, constants may now be represented using either JSConstant,
Int52Constant, or DoubleConstant. UseKinds have been adjusted accordingly, as well.
Int52RepUse and DoubleRepUse are node uses that mean "the node must be of Int52 (or
Double) type". They don't imply checks. There is also DoubleRepRealUse, which means that
we speculate DoubleReal and expect Double representation.

In addition to simplifying a bunch of rules in the IR and making the IR more verifiable,
this also makes it easier to introduce optimizations in the future. It's now possible for
AI to model when/how conversion take place. For example if doing a conversion results in
NaN sanitization, then AI can model this and can allow us to sink sanitizations. That's
what https://bugs.webkit.org/show_bug.cgi?id=131419 will be all about.

This was a big change, so I had to do some interesting things, like finally get rid of
the DFG's weird variadic template macro hacks and use real C++11 variadic templates. Also
the ByteCodeParser no longer emits Identity nodes since that was always pointless.

No performance change because this mostly just rationalizes preexisting behavior.

JavaScriptCore.xcodeproj/project.pbxproj:
assembler/MacroAssemblerX86.h:
bytecode/CodeBlock.cpp:
bytecode/CodeBlock.h:
dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::setBuiltInConstant):
(JSC::DFG::AbstractInterpreter::setConstant):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::fixTypeForRepresentation):
(JSC::DFG::AbstractValue::checkConsistency):

dfg/DFGAbstractValue.h:
dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::BackwardsPropagationPhase::propagate):

dfg/DFGBasicBlock.h:
dfg/DFGBasicBlockInlines.h:

(JSC::DFG::BasicBlock::appendNode):
(JSC::DFG::BasicBlock::appendNonTerminal):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::constantCSE):
(JSC::DFG::CSEPhase::performNodeCSE):
(JSC::DFG::CSEPhase::int32ToDoubleCSE): Deleted.

dfg/DFGCapabilities.h:
dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

dfg/DFGDCEPhase.cpp:

(JSC::DFG::DCEPhase::fixupBlock):

dfg/DFGEdge.h:

(JSC::DFG::Edge::willNotHaveCheck):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::run):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupGetAndSetLocalsInBlock):
(JSC::DFG::FixupPhase::observeUseKindOnNode):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
(JSC::DFG::FixupPhase::injectTypeConversionsInBlock):
(JSC::DFG::FixupPhase::tryToRelaxRepresentation):
(JSC::DFG::FixupPhase::fixEdgeRepresentation):
(JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
(JSC::DFG::FixupPhase::addRequiredPhantom):
(JSC::DFG::FixupPhase::addPhantomsIfNecessary):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):
(JSC::DFG::FixupPhase::fixupSetLocalsInBlock): Deleted.

dfg/DFGFlushFormat.h:

(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

dfg/DFGGraph.h:

(JSC::DFG::Graph::addNode):

dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

dfg/DFGInsertionSet.h:

(JSC::DFG::InsertionSet::insertNode):
(JSC::DFG::InsertionSet::insertConstant):
(JSC::DFG::InsertionSet::insertConstantForUse):

dfg/DFGIntegerCheckCombiningPhase.cpp:

(JSC::DFG::IntegerCheckCombiningPhase::insertAdd):
(JSC::DFG::IntegerCheckCombiningPhase::insertMustAdd):

dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentity):
(WTF::printInternal):

dfg/DFGNode.h:

(JSC::DFG::Node::Node):
(JSC::DFG::Node::setResult):
(JSC::DFG::Node::result):
(JSC::DFG::Node::isConstant):
(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::valueOfJSConstant):
(JSC::DFG::Node::hasResult):
(JSC::DFG::Node::hasInt32Result):
(JSC::DFG::Node::hasInt52Result):
(JSC::DFG::Node::hasNumberResult):
(JSC::DFG::Node::hasDoubleResult):
(JSC::DFG::Node::hasJSResult):
(JSC::DFG::Node::hasBooleanResult):
(JSC::DFG::Node::hasStorageResult):
(JSC::DFG::Node::defaultUseKind):
(JSC::DFG::Node::defaultEdge):
(JSC::DFG::Node::convertToIdentity): Deleted.

dfg/DFGNodeFlags.cpp:

(JSC::DFG::dumpNodeFlags):

dfg/DFGNodeFlags.h:

(JSC::DFG::canonicalResultRepresentation):

dfg/DFGNodeType.h:
dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGResurrectionForValidationPhase.cpp:

(JSC::DFG::ResurrectionForValidationPhase::run):

dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
(JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::JSValueRegsTemporary::JSValueRegsTemporary):
(JSC::DFG::JSValueRegsTemporary::~JSValueRegsTemporary):
(JSC::DFG::JSValueRegsTemporary::regs):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compileDoubleRep):
(JSC::DFG::SpeculativeJIT::compileValueRep):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::speculateNumber):
(JSC::DFG::SpeculativeJIT::speculateDoubleReal):
(JSC::DFG::SpeculativeJIT::speculate):
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble): Deleted.
(JSC::DFG::SpeculativeJIT::speculateMachineInt): Deleted.
(JSC::DFG::SpeculativeJIT::speculateRealNumber): Deleted.

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::allocate):
(JSC::DFG::SpeculativeJIT::use):
(JSC::DFG::SpeculativeJIT::boxDouble):
(JSC::DFG::SpeculativeJIT::spill):
(JSC::DFG::SpeculativeJIT::jsValueResult):
(JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
(JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
(JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
(JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::convertToDouble): Deleted.

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::convertToDouble): Deleted.

dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::shouldNotHaveTypeCheck):
(JSC::DFG::mayHaveTypeCheck):
(JSC::DFG::isNumerical):
(JSC::DFG::isDouble):
(JSC::DFG::isCell):
(JSC::DFG::usesStructure):
(JSC::DFG::useKindForResult):

dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):

dfg/DFGVariadicFunction.h: Removed.
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::createPhiVariables):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileUpsilon):
(JSC::FTL::LowerDFGToLLVM::compilePhi):
(JSC::FTL::LowerDFGToLLVM::compileDoubleConstant):
(JSC::FTL::LowerDFGToLLVM::compileInt52Constant):
(JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant):
(JSC::FTL::LowerDFGToLLVM::compileDoubleRep):
(JSC::FTL::LowerDFGToLLVM::compileValueRep):
(JSC::FTL::LowerDFGToLLVM::compileInt52Rep):
(JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
(JSC::FTL::LowerDFGToLLVM::compileArithAddOrSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDiv):
(JSC::FTL::LowerDFGToLLVM::compileArithMod):
(JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
(JSC::FTL::LowerDFGToLLVM::compileArithAbs):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compare):
(JSC::FTL::LowerDFGToLLVM::boolify):
(JSC::FTL::LowerDFGToLLVM::lowInt52):
(JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
(JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
(JSC::FTL::LowerDFGToLLVM::lowDouble):
(JSC::FTL::LowerDFGToLLVM::lowJSValue):
(JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
(JSC::FTL::LowerDFGToLLVM::jsValueToDouble):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateNumber):
(JSC::FTL::LowerDFGToLLVM::speculateDoubleReal):
(JSC::FTL::LowerDFGToLLVM::compileInt52ToValue): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble): Deleted.
(JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue): Deleted.
(JSC::FTL::LowerDFGToLLVM::speculateRealNumber): Deleted.
(JSC::FTL::LowerDFGToLLVM::speculateMachineInt): Deleted.

ftl/FTLValueFormat.cpp:

(JSC::FTL::reboxAccordingToFormat):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::sanitizeDouble):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::boxDouble):

1:23 PM Changeset in webkit [167324] by Lucas Forschler

5 edits in tags/Safari-538.29/Source/WebKit2

Merged r167273.

12:58 PM Changeset in webkit [167323] by Lucas Forschler

2 edits in tags/Safari-538.29/Source/WebCore

Merged r167316.

12:49 PM Changeset in webkit [167322] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

Unreviewed gardening.

Patch by Lorenzo Tilve <ltilve@igalia.com> on 2014-04-15

TestExpectations:

Corrected wrong js/regress/ path for js/slow-stress/emscripten-memops.html

platform/gtk/TestExpectations:

Updated expectation for passing on Release plugins/unavailable-plugin-indicator-obscurity.html

12:39 PM Changeset in webkit [167321] by Lucas Forschler

10 edits in tags/Safari-538.29/Source

Merged r167298.

12:35 PM Changeset in webkit [167320] by Lucas Forschler

3 edits in tags/Safari-538.29/Source/WebKit2

Merged r167274.

12:20 PM WebKitGTK/KeepingTheTreeGreen edited by ltilve@igalia.com

(diff)

11:53 AM Changeset in webkit [167319] by Simon Fraser

3 edits in trunk/Source/WebCore

LayerTreeAsTextBehavior should be in the WebCore namespace
https://bugs.webkit.org/show_bug.cgi?id=131683

Reviewed by Andrei Bucur.

Move LayerTreeAsTextBehavior and the bit flags into the WebCore namespace.

platform/graphics/GraphicsLayer.cpp:

(showGraphicsLayerTree):

platform/graphics/GraphicsLayer.h:

11:51 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:47 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:42 AM Changeset in webkit [167318] by benjamin@webkit.org

2 edits in trunk/Source/WebCore

ViewportConfiguration handles userZoom incorrectly
https://bugs.webkit.org/show_bug.cgi?id=131657

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-15
Reviewed by Darin Adler.

page/ViewportConfiguration.cpp:

(WebCore::viewportArgumentUserZoomIsSet):
(WebCore::ViewportConfiguration::updateConfiguration):
The other viewport values must be strictly positive, userZoom is always either zero, one or minus one.
As a result, the value zero was never set.

11:41 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:37 AM April 2014 Meeting edited by rniwa@webkit.org

Add a hyperlink to custom properties wiki (diff)

11:36 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:34 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:34 AM Cleanroom implement CSS Custom Properties edited by rniwa@webkit.org

(diff)

11:30 AM Cleanroom implement CSS Custom Properties created by rniwa@webkit.org

10:54 AM Changeset in webkit [167317] by Lucas Forschler

5 edits in tags/Safari-538.26.6/Source/JavaScriptCore

Merged r166948.

10:53 AM Changeset in webkit [167316] by Simon Fraser

10 edits in trunk/Source

[iOS WK2] Pages often blank on first load if page loaded by typing the URL
https://bugs.webkit.org/show_bug.cgi?id=131665

Reviewed by Tim Horton.

The document overlay-related code in RemoteLayerTreeDrawingArea::setRootCompositingLayer()
was triggering a compositing layer flush when called with a null rootLayer, which happens
for pages going into the page cache. This would trigger a layer flush that would clobber
the root layer for the visible page, resulting in missing content.

Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
was being added to (and then removed from) every single compositing layers.

Fix both these by changing to a pull model, where RenderLayerCompositor requests
the overlay layer via ChromeClient, and gets it at the end of every flush,
adding to the children of the root layer.

Source/WebCore:

WebCore.exp.in:
page/ChromeClient.h:

(WebCore::ChromeClient::documentOverlayLayerForFrame):

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::flushPendingLayerChanges): Put visibleRect
into a variable for ease of debugging.
(WebCore::RenderLayerCompositor::updateCompositingLayers): Asser
that we're not in the page cache (this would have caught the bug).
(WebCore::RenderLayerCompositor::appendOverlayLayers):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer): Deleted.

rendering/RenderLayerCompositor.h:

Source/WebKit2:

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::documentOverlayLayerForFrame):

WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):

10:52 AM Changeset in webkit [167315] by zoltan@webkit.org

6 edits
1 delete in trunk/PerformanceTests

[CSS Shapes] Linking stylesheet instead of inline style definition has ruined ShapesRegions test
https://bugs.webkit.org/show_bug.cgi?id=131572

Reviewed by Rob Buis.

In r167022 I moved the common CSS selectors into RegionsShapes.css, then I linked it into the perf test
files, but the measurement results dropped down from about 400ms to 10ms. I realized it's caused by the
linked css rule, so I've put the selectors back into every test case, which fixes the test measurements.

Layout/Shapes/resources/RegionsShapes.css: Removed.
Layout/Shapes/resources/RegionsShapesContent.html:
Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth400.html:
Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth600.html:
Layout/Shapes/resources/RegionsShapesContentNoRegionsWidth800.html:
Layout/Shapes/resources/RegionsShapesContentNoShapes.html:

10:51 AM Changeset in webkit [167314] by Lucas Forschler

5 edits in tags/Safari-538.26.6/Source

Versioning.

10:46 AM Changeset in webkit [167313] by commit-queue@webkit.org

71 edits
2 adds
3 deletes in trunk

Unreviewed, rolling out r167199 and r167251.
https://bugs.webkit.org/show_bug.cgi?id=131678

Caused a DYEBench regression and does not seem to improve perf
on relevant websites (Requested by rniwa on #webkit).

Reverted changesets:

"Rewrite Function.bind as a builtin"
https://bugs.webkit.org/show_bug.cgi?id=131083
http://trac.webkit.org/changeset/167199

"Update test result"
http://trac.webkit.org/changeset/167251

10:45 AM Changeset in webkit [167312] by Lucas Forschler

1 copy in tags/Safari-538.26.6

New Tag.

9:51 AM WebKitGTK/KeepingTheTreeGreen edited by Adrian Perez de Castro

(diff)

9:44 AM April 2014 Meeting edited by sam@webkit.org

(diff)

9:40 AM Changeset in webkit [167311] by ap@apple.com

2 edits in trunk/LayoutTests

inspector/dom/content-flow-list.html and inspector/dom/content-flow-content-removal.html
flakily fail and assert
https://bugs.webkit.org/show_bug.cgi?id=131679

TestExpectations: This one, too.

9:37 AM April 2014 Meeting edited by sam@webkit.org

(diff)

9:37 AM Changeset in webkit [167310] by ap@apple.com

2 edits in trunk/LayoutTests

inspector/dom/content-flow-list.html is flakily failing and asserting
https://bugs.webkit.org/show_bug.cgi?id=131679

TestExpectations: Skip the test, it fails or asserts most of the time.

9:29 AM Changeset in webkit [167309] by ap@apple.com

2 edits in trunk/LayoutTests

ScriptProcessorNode is garbage collected while still active if unreachable (breaks multiple webaudio test)
https://bugs.webkit.org/show_bug.cgi?id=112521

TestExpectations: Updated bug number, added webaudio/audioprocessingevent.html,

and removed a spurious additional webaudio/javascriptaudionode-downmix8-2channel-input.html line.

9:20 AM April 2014 Meeting edited by ddkilzer@webkit.org

(diff)

9:19 AM Changeset in webkit [167308] by gyuyoung.kim@samsung.com

2 edits in trunk/Source/WebCore

Remove unnecessary null checking in NavigatorContentUtils
https://bugs.webkit.org/show_bug.cgi?id=131652

Reviewed by Darin Adler.

Some functions have checked if document is null. However, document is always not
null when frame is existed.

No new tests, no behavior changes.

Modules/navigatorcontentutils/NavigatorContentUtils.cpp:

(WebCore::NavigatorContentUtils::registerProtocolHandler):
(WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):
(WebCore::NavigatorContentUtils::unregisterProtocolHandler):

9:16 AM Changeset in webkit [167307] by timothy@apple.com

2 edits in trunk/Source/WebInspectorUI

Web Inspector: CodeMirror LICENSE is not properly added to combined files
https://bugs.webkit.org/show_bug.cgi?id=131674

Reviewed by Darin Adler.

Scripts/copy-user-interface-resources.pl: Use $CODE_MIRROR_LICENSE instead

for CodeMirror.css and CodeMirror.js.

6:13 AM Changeset in webkit [167306] by Carlos Garcia Campos

2 edits in trunk/Tools

[GTK] Reduce the binary size by compressing the text based web inspector resources
https://bugs.webkit.org/show_bug.cgi?id=121545

Reviewed by Gustavo Noronha Silva.

Compress text based files when compiling inspector resources. It
reduces the binary size in 3MB.

gtk/generate-inspector-gresource-manifest.py:

(find_all_files_in_directory):
(is_compressible):

6:01 AM Changeset in webkit [167305] by jinwoo7.song@samsung.com

2 edits in trunk/Source/WebKit2

[EFL][WK2] Pass Mouse movement data to WebMouseEvent
https://bugs.webkit.org/show_bug.cgi?id=131663

Reviewed by Gyuyoung Kim.

Currently mouse movement data are not passed to WebMouseEvent. Instead, they are set to 0 as default.
EFL port needs to send the deltaX and deltaY for PointerLock API which will be implemented later.

Shared/efl/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebMouseEvent):

4:00 AM WebKitGTK/KeepingTheTreeGreen edited by Diego Pino Garcia

(diff)

12:40 AM Changeset in webkit [167304] by ap@apple.com

3 edits in trunk/LayoutTests

[Mac] compositing/repaint/positioned-movement.html flaky, missing repaint
https://bugs.webkit.org/show_bug.cgi?id=118153

platform/mac-wk2/TestExpectations:
platform/mac/TestExpectations:

Moved the flaky expectation to also apply to WebKit1.

12:32 AM Changeset in webkit [167303] by commit-queue@webkit.org

10 edits in trunk/Source

Unreviewed, rolling out r167298.
https://bugs.webkit.org/show_bug.cgi?id=131670

Broke CSS filters (17 test crashes) (Requested by ap on
#webkit).

Reverted changeset:

"[iOS WK2] Pages often blank on first load if page loaded by
typing the URL"
https://bugs.webkit.org/show_bug.cgi?id=131665
http://trac.webkit.org/changeset/167298

Apr 14, 2014:

11:57 PM Changeset in webkit [167302] by psolanki@apple.com

2 edits in trunk/Source/WebCore

Unreviewed. Attempt to fix Windows build after r167277.

page/FrameView.cpp:

(WebCore::FrameView::willPaintContents):

11:51 PM Changeset in webkit [167301] by ap@apple.com

2 edits in trunk/Tools

Remove Gtk WebKit1 tester.

Gtk WebKit1 port no longer exists, and dashboard was trying to load its tester
results over and over as fast as it could.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:

(WebKitBuildbot):

11:40 PM Changeset in webkit [167300] by ap@apple.com

2 edits in trunk/Tools

Wrong link for webkitpy tests results in dashboard popover
https://bugs.webkit.org/show_bug.cgi?id=131664

Reviewed by Timothy Hatcher.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype._presentPopoverForMultipleFailureKinds):
Use a correct link.

11:24 PM Changeset in webkit [167299] by commit-queue@webkit.org

4 edits
1 delete in trunk

Unreviewed, rolling out r167261.
https://bugs.webkit.org/show_bug.cgi?id=131667

broke many navigation tests (Requested by ap on #webkit).

Reverted changeset:

"Web Replay: memoize fallback time values for
document.lastModified"
https://bugs.webkit.org/show_bug.cgi?id=131318
http://trac.webkit.org/changeset/167261

11:13 PM Changeset in webkit [167298] by Simon Fraser

10 edits in trunk/Source

[iOS WK2] Pages often blank on first load if page loaded by typing the URL
https://bugs.webkit.org/show_bug.cgi?id=131665

Reviewed by Tim Horton.

Also, rebuildCompositingLayerTree() is called recursively and the m_documentOverlayRootLayer
was being added to (and then removed from) every single compositing layers.

Fix both these by changing to a pull model, where RenderLayerCompositor requests
the overlay layer via ChromeClient, and gets it at the end of every flush,
adding to the children of the root layer.

Source/WebCore:

WebCore.exp.in:
page/ChromeClient.h:

(WebCore::ChromeClient::documentOverlayLayerForFrame):

rendering/RenderLayerCompositor.cpp:

rendering/RenderLayerCompositor.h:

Source/WebKit2:

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::documentOverlayLayerForFrame):

WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::setRootCompositingLayer):

11:13 PM Changeset in webkit [167297] by commit-queue@webkit.org

5 edits
3 deletes in trunk

Unreviewed, rolling out r167272.
https://bugs.webkit.org/show_bug.cgi?id=131666

Broke multiple tests (Requested by ap on #webkit).

Reverted changeset:

"Function.bind itself is too slow"
https://bugs.webkit.org/show_bug.cgi?id=131636
http://trac.webkit.org/changeset/167272

10:47 PM Changeset in webkit [167296] by ap@apple.com

2 edits in trunk/Tools

Update webkitpy regression test result that started to fail after http://trac.webkit.org/r167243

I'm not sure whether the changes are desirable, but am not suspicious enough to roll out.

Scripts/webkitpy/common/checkout/checkout_unittest.py:

(CommitMessageForThisCommitTest):

10:23 PM Changeset in webkit [167295] by jhoneycutt@apple.com

7 edits
2 adds in trunk

Assertion failure under FEImage::determineAbsolutePaintRect()

<https://bugs.webkit.org/show_bug.cgi?id=131660>
<rdar://problem/15669294>

Source/WebCore:
This patch merges Chromium r149536 (see
<https://chromiumcodereview.appspot.com/14701012>), which moves
m_absoluteTransform out of SVGFilter and into the base Filter class, so
that it isn't necessary to cast a Filter to SVGFilter to get the
absolute transform.

Reviewed by Geoffrey Garen.

Test: svg/filters/feImage-filter-assertion.html

platform/graphics/filters/Filter.h:

(WebCore::Filter::Filter):
Changed to take the absolute transform.
(WebCore::Filter::absoluteTransform):
Moved from SVGFilter.
(WebCore::Filter::mapAbsolutePointToLocalPoint):
Ditto.

rendering/FilterEffectRenderer.cpp:

(WebCore::FilterEffectRenderer::FilterEffectRenderer):
Pass a default AffineTransform() to the Filter base class.

svg/graphics/filters/SVGFEImage.cpp:

(WebCore::FEImage::determineAbsolutePaintRect):
Use the Filter without casting it to SVGFilter.
(WebCore::FEImage::platformApplySoftware):
Ditto.

svg/graphics/filters/SVGFilter.cpp:

(WebCore::SVGFilter::SVGFilter):
Pass the transform to the base class, and remove initialization of a
removed member var.

svg/graphics/filters/SVGFilter.h:

Member var moved to Filter.h.

LayoutTests:
Reviewed by Geoffrey Garen.

svg/filters/feImage-filter-assertion-expected.txt: Added.
svg/filters/feImage-filter-assertion.html: Added.

10:01 PM April 2014 Meeting edited by simon.pena@samsung.com

(diff)

9:31 PM Changeset in webkit [167294] by commit-queue@webkit.org

29 edits in trunk/Source/WebInspectorUI

Update to CodeMirror 4.0.
https://bugs.webkit.org/show_bug.cgi?id=130019

The CodeMirror 4.0 library adds multiple selections and the ability to
undo/redo selections. Selections are made by holding the Command (Cmd) key
and clicking into an editor, or by holding Option (Alt) and making a block
selection followed by entering a character or moving the cursor.

Patch by Jono Wells <jonowells@apple.com> on 2014-04-14
Reviewed by Timothy Hatcher.

Scripts/update-codemirror-resources.rb:
Scripts/update-pretty-printer.rb:

Update scripts to reflect updated locations for CodeMirror files.
No longer copies LESS mode file as this has been integrated into CSS mode
in CodeMirror 4.0.

Tools/PrettyPrinting/codemirror.css:
Tools/PrettyPrinting/codemirror.js:
Tools/PrettyPrinting/css.js:
Tools/PrettyPrinting/javascript.js:
UserInterface/External/CodeMirror/clojure.js:
UserInterface/External/CodeMirror/closebrackets.js:
UserInterface/External/CodeMirror/codemirror.css:
UserInterface/External/CodeMirror/codemirror.js:
UserInterface/External/CodeMirror/coffeescript.js:
UserInterface/External/CodeMirror/comment.js:
UserInterface/External/CodeMirror/css.js:
UserInterface/External/CodeMirror/htmlmixed.js:
UserInterface/External/CodeMirror/javascript.js:
UserInterface/External/CodeMirror/livescript.js:
UserInterface/External/CodeMirror/matchbrackets.js:
UserInterface/External/CodeMirror/overlay.js:
UserInterface/External/CodeMirror/placeholder.js:
UserInterface/External/CodeMirror/runmode.js:
UserInterface/External/CodeMirror/sass.js:
UserInterface/External/CodeMirror/searchcursor.js:
UserInterface/External/CodeMirror/sql.js:
UserInterface/External/CodeMirror/xml.js:

Update to CodeMirror 4.0.

UserInterface/Main.html: Remove less.js which is now part of css.js.

UserInterface/Views/CSSStyleDeclarationTextEditor.css:
UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype.):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._createColorSwatches):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._updateJumpToSymbolTrackingMode):

UserInterface/Views/SyntaxHighlightingDefaultTheme.css:

Update styles to match CodeMirror changes. Update CSSStyleDeclarationTextEditor.js
to match CodeMirror API updates (doc.removeLine() has been removed, so
replaceRange() is used instead). Also the tokenTrackingController is now enabled in the
CSSStyleDeclarationTextEditor and SourceCodeTextEditor when the Option (Alt) key
is pressed instead of the Command (Cmd) key so as not to conflict with multiple
cursor placement in the CodeMirror update.

8:53 PM Changeset in webkit [167293] by ggaren@apple.com

2 edits in trunk/Source/JavaScriptCore

ASSERT when firing low memory warning
https://bugs.webkit.org/show_bug.cgi?id=131659

Reviewed by Mark Hahnenberg.

heap/Heap.cpp:

(JSC::Heap::deleteAllCompiledCode): Allow deleteAllCompiledCode to be
called when no GC is happening because that is what we do when a low
memory warning fires, and it is harmless.

8:52 PM Changeset in webkit [167292] by ggaren@apple.com

16 edits in trunk

MallocBench should scavenge explicitly instead of waiting
https://bugs.webkit.org/show_bug.cgi?id=131661

Reviewed by Andreas Kling.

PerformanceTests:

MallocBench/MallocBench.xcodeproj/project.pbxproj: Don't build mbmalloc

by default because it will overwrite any other mbmalloc you're working
with in the WebKitBuild directory.

MallocBench/MallocBench/Benchmark.cpp:

(Benchmark::run): Scavenge explicitly instead of waiting. This is faster,
and it's the only way to get FastMalloc to scavenge. (That's a bug in
FastMalloc, but we don't want it to interfere with broader testing.)

MallocBench/MallocBench/mbmalloc.cpp:
MallocBench/MallocBench/mbmalloc.h: Added a scavenge implementation

for system malloc.

Source/bmalloc:
Added explicit scavenge support to bmalloc. This isn't a memory win,
since bmalloc's per-thread cache is so small. But it makes testing
simpler.

bmalloc/Allocator.cpp:

(bmalloc::Allocator::~Allocator):
(bmalloc::Allocator::scavenge):

bmalloc/Allocator.h:
bmalloc/Cache.cpp:

(bmalloc::Cache::operator new):
(bmalloc::Cache::operator delete):
(bmalloc::Cache::Cache):
(bmalloc::Cache::scavenge):

bmalloc/Cache.h:
bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::~Deallocator):
(bmalloc::Deallocator::scavenge):

bmalloc/Deallocator.h: Factored existing scavenging code into helper

functions, for reuse.

bmalloc/Heap.cpp:

(bmalloc::sleep):
(bmalloc::Heap::concurrentScavenge):
(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeMediumPages):
(bmalloc::Heap::scavengeLargeRanges):

bmalloc/Heap.h: Made scavenge sleep duration a parameter. Forced

scavenging -- in response to a benchmark or a low memory warning --
wants to complete as soon as possible, so its sleep duration is 0.

bmalloc/bmalloc.h:

(bmalloc::api::scavenge):

bmalloc/mbmalloc.cpp: Exported the scavenge API for MallocBench's use.

8:06 PM Changeset in webkit [167291] by Darin Adler

2 edits in trunk/Source/WebCore

REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
https://bugs.webkit.org/show_bug.cgi?id=126322

Reviewed by Ryosuke Niwa.

One additional tweak to the fix for the bug above.
Fixes crash in editing/editability/ignored-content.html test.

html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to
HTMLElement::canContainRangeEndPoint, bypassing HTMLPlugInElement override
that always returns false. Without this change, this function was always
returning false.

7:54 PM Changeset in webkit [167290] by Simon Fraser

4 edits in trunk/Source/WebCore

Crash in TileController::tileRevalidationTimerFired
https://bugs.webkit.org/show_bug.cgi?id=131656
<rdar://problem/16583166>

Reviewed by Sam Weinig.

It's possible for the TileController revalidation timer to fire after
the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
has an owningGraphicsLayer.

Bail from the timer callback if owningGraphicsLayer() is null.

Also some drive-by 0 -> nullptr changes.

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::willBeDestroyed):

platform/graphics/ca/PlatformCALayer.cpp:

(WebCore::PlatformCALayer::~PlatformCALayer):

platform/graphics/ca/mac/TileController.mm:

(WebCore::TileController::tileRevalidationTimerFired):

7:44 PM Changeset in webkit [167289] by ggaren@apple.com

3 edits
1 add in trunk/Source/bmalloc

Use 4kB pages on Mac
https://bugs.webkit.org/show_bug.cgi?id=131658

Reviewed by Sam Weinig.

This reduces memory use a lot on Membuster:

base patch Δ

Execution Time:

reddit_memory_warning 18ms 17ms ^{1.06x faster

flickr_memory_warning 34ms 36ms ! 1.06x slower

theverge_memory_warning 39ms 41ms ! 1.05x slower}

<geometric mean> 29ms 29ms ! 1.02x slower
<arithmetic mean> 30ms 31ms ! 1.03x slower
<harmonic mean> 27ms 27ms ^{1.0x faster}

Peak Memory:

reddit_memory_warning 16,412kB 16,436kB ! 1.0x bigger
flickr_memory_warning 30,120kB 30,184kB ! 1.0x bigger
theverge_memory_warning 33,408kB 33,420kB ! 1.0x bigger

<geometric mean> 25,466kB 25,499kB ! 1.0x bigger
<arithmetic mean> 26,647kB 26,680kB ! 1.0x bigger
<harmonic mean> 24,181kB 24,214kB ! 1.0x bigger

Memory at End:

reddit_memory_warning 2,404kB 1,920kB ^{1.25x smaller

flickr_memory_warning 3,764kB 3,072kB} 1.23x smaller
theverge_memory_warning 3,648kB 3,132kB ^{1.16x smaller}

<geometric mean> 3,208kB 2,644kB ^{1.21x smaller

<arithmetic mean> 3,272kB 2,708kB} 1.21x smaller
<harmonic mean> 3,139kB 2,574kB ^{1.22x smaller}

bmalloc.xcodeproj/project.pbxproj:
bmalloc/BPlatform.h: Added.
bmalloc/VMAllocate.h: Only use 16kB pages on iOS because the page size

is 4kB on Mac.

7:32 PM April 2014 Meeting edited by Simon Fraser

(diff)

7:20 PM Changeset in webkit [167288] by mhahnenberg@apple.com

3 edits in trunk/Source/JavaScriptCore

emit_op_put_by_id should not emit a write barrier that filters on value
https://bugs.webkit.org/show_bug.cgi?id=131654

Reviewed by Filip Pizlo.

The 32-bit implementation does this, and it can cause crashes if we later repatch the
code to allocate and store new Butterflies.

jit/JITPropertyAccess.cpp:

(JSC::JIT::emitWriteBarrier): We also weren't verifying that the base was a cell on
32-bit if we were passed ShouldFilterBase. I also took the liberty of sinking the tag
load down into the if statement so that we don't do it if we're not filtering on the value.

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id):

7:03 PM April 2014 Meeting edited by sam@webkit.org

(diff)

7:02 PM April 2014 Meeting edited by sam@webkit.org

(diff)

7:00 PM April 2014 Meeting edited by sam@webkit.org

(diff)

5:55 PM Changeset in webkit [167287] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit2

Fix the 32-bit build.

UIProcess/mac/ViewGestureControllerMac.mm:

5:47 PM Changeset in webkit [167286] by Simon Fraser

2 edits in trunk/Source/WebKit2

REGRESSION (WebKit2): Programmatic scrolls in overflow-scrolling:touch don't work
https://bugs.webkit.org/show_bug.cgi?id=131649

Reviewed by Tim Horton.

Update the UIScrollView's contentOffset when we're told that the scroll position
changed.

Also refactor slightly to have a single exception-protected block.

UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:

(WebKit::ScrollingTreeOverflowScrollingNodeIOS::updateAfterChildren):

5:47 PM Changeset in webkit [167285] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit2

Fix the 32-bit build.

UIProcess/mac/ViewGestureControllerMac.mm:

5:41 PM Changeset in webkit [167284] by timothy_horton@apple.com

3 edits in trunk/Source/WebKit2

Sometimes-crash under handleSwipeGesture after closing a window or quitting
https://bugs.webkit.org/show_bug.cgi?id=131648
<rdar://problem/15966106>

Reviewed by Simon Fraser.

UIProcess/mac/ViewGestureController.h:
UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::~ViewGestureController):
(WebKit::ViewGestureController::trackSwipeGesture):
Keep a Objective C object with a single boolean property, isCancelled, on
the ViewGestureController, and also retained by the swipe-tracking block.
When the ViewGestureController is destroyed, we set isCancelled to YES,
and the next time the block is invoked, we will cancel the swipe without
touching the destroyed ViewGestureController.

(WebKit::ViewGestureController::handleSwipeGesture):
Don't try to handle a swipe gesture if the drawing area is missing.

(WebKit::ViewGestureController::endSwipeGesture):
Clear the swipe cancellation tracker when the gesture completes.

5:27 PM Changeset in webkit [167283] by Bem Jones-Bey

5 edits in trunk/Source/WebCore

[CSS Shapes] Remove some leftover shape-inside code
https://bugs.webkit.org/show_bug.cgi?id=131641

Reviewed by Dean Jackson.

I discovered that some code had been leftover from the shape-inside
removal. This removes that leftover code.

No new tests, no behavior change.

platform/text/BidiResolver.h:
rendering/BidiRun.cpp:

(WebCore::BidiRun::BidiRun):

rendering/RenderBlockFlow.h:
rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::createLineBoxes):
(WebCore::RenderBlockFlow::constructLine):
(WebCore::computeExpansionForJustifiedText):
(WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

5:14 PM Changeset in webkit [167282] by jer.noble@apple.com

2 edits in trunk/Source/WebCore

[MSE][Mac] video.currentTime is sometimes negative.
https://bugs.webkit.org/show_bug.cgi?id=131644

Reviewed by Eric Carlson.

AVSampleBufferRenderSynchronizer will occasionally return slightly negative values
when beginning playback. Clamp the return value to 0.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::currentTimeDouble):

5:07 PM Changeset in webkit [167281] by Bem Jones-Bey

2 edits in trunk/Source/WebCore

[CSSExclusions] Remove FIXME referencing closed bug
https://bugs.webkit.org/show_bug.cgi?id=131645

Reviewed by Dean Jackson.

This is silly, but the comment is really confusing as it's entirely
wrong now.

No new tests, no behavior change.

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeRequiresRepaint):

5:06 PM April 2014 Meeting edited by akling@apple.com

(diff)

4:47 PM Changeset in webkit [167280] by enrica@apple.com

3 edits in trunk/Source/WebKit2

REGRESSION(r166027) Menu is shown and immediately hidden after doubletap gesture.
https://bugs.webkit.org/show_bug.cgi?id=131646
<rdar://problem/16614374>

Reviewed by Benjamin Poulain.

This is a problem with every gesture that changes the selection
We don't need to delay updating the selection if the selection is
being changed with a gesture.

UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _didUpdateBlockSelectionWithTouch:withFlags:growThreshold:shrinkThreshold:]):
(-[WKContentView changeSelectionWithGestureAt:withGesture:withState:]):
(-[WKContentView changeSelectionWithTouchAt:withSelectionTouch:baseIsStart:]):
(-[WKContentView changeSelectionWithTouchesFrom:to:withGesture:withState:]):
(-[WKContentView changeBlockSelectionWithTouchAt:withSelectionTouch:forHandle:]):
(-[WKContentView _selectionChanged]):

4:38 PM April 2014 Meeting edited by abucur@adobe.com

(diff)

4:22 PM Changeset in webkit [167279] by akling@apple.com

2 edits in trunk/Source/WebCore

Build fixage.

page/FrameView.cpp:

4:14 PM April 2014 Meeting edited by rniwa@webkit.org

(diff)

4:08 PM Changeset in webkit [167278] by jhoneycutt@apple.com

3 edits in trunk/Source/WebCore

Assertion failure !node

node->isElementNode() in

WebCore::RenderBlock::inlineElementContinuation

https://bugs.webkit.org/show_bug.cgi?id=108829
<rdar://problem/13666405>

I can't reproduce this assertion failure, but there seems to be an
invalid assumption in RenderBlock::inlineElementContinuation() that
anything with the "isInline()" bit set is a RenderInline.

No new test because the test case in the bug does not repro for me.

Reviewed by Brent Fulgham.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::inlineElementContinuation):
Dave Hyatt says that this function should only return RenderInline
objects (not non-RenderInline inline objects), so update the checks
from isInline() to isRenderInline() before casting with
toRenderInline().

rendering/RenderInline.cpp:

(WebCore::RenderInline::inlineElementContinuation):
Ditto.

4:08 PM April 2014 Meeting edited by rniwa@webkit.org

(diff)

4:03 PM Changeset in webkit [167277] by akling@apple.com

14 edits in trunk/Source

Do more things under memory pressure on non-iOS platforms.
<https://webkit.org/b/131625>

Reviewed by Antti Koivisto.

Rename hasReceivedMemoryPressure() to isUnderMemoryPressure() and
make it use std::atomic<bool> instead of OSAtomic primitives.

Unmask most of the PLATFORM(IOS) blocks so all platforms can take
advantage of optimizations done while under pressure. Note that
isUnderMemoryPressure() will still always return false on platforms
other than iOS/WK1, but this will change soon.

history/PageCache.cpp:

(WebCore::PageCache::canCache):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

page/FrameView.cpp:

(WebCore::FrameView::willPaintContents):
(WebCore::FrameView::didPaintContents):

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::MemoryPressureHandler):

platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::isUnderMemoryPressure):

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::clearMemoryPressure):
(WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):
(WebCore::MemoryPressureHandler::hasReceivedMemoryPressure): Deleted.

platform/graphics/FontCache.cpp:

(WebCore::FontCache::purgeInactiveFontDataIfNeeded):

platform/ios/LegacyTileCache.mm:

(WebCore::LegacyTileCache::createTilesInActiveGrid):

platform/ios/LegacyTileGrid.mm:

(WebCore::LegacyTileGrid::shouldUseMinimalTileCoverage):

platform/ios/LegacyTileLayerPool.mm:

(WebCore::LegacyTileLayerPool::addLayer):

platform/ios/TileControllerMemoryHandlerIOS.cpp:

(WebCore::TileControllerMemoryHandler::tileControllerGainedUnparentedTiles):

3:52 PM April 2014 Meeting edited by Simon Fraser

(diff)

3:46 PM Changeset in webkit [167276] by mitz@apple.com

7 edits in trunk/Source/WebKit2

Let the bundle form client know whether a change in a text field was initiated by user typing
https://bugs.webkit.org/show_bug.cgi?id=131643

Reviewed by Sam Weinig.

WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFormDelegatePrivate.h: Added

initiatedByUserTyping parameter to the delegate method.

WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): Updated overload of
textDidChangeInTextField to take the initiatedByUserTyping parameter and pass it along to
the delegate.

WebProcess/InjectedBundle/APIInjectedBundleFormClient.h:

(API::InjectedBundle::FormClient::textDidChangeInTextField): Added initiatedByUserTyping
parameter.

WebProcess/InjectedBundle/InjectedBundlePageFormClient.cpp:

(WebKit::InjectedBundlePageFormClient::textDidChangeInTextField): Maintained the existing
behavior of not calling the C SPI client if the change was not initiated by user typing.

WebProcess/InjectedBundle/InjectedBundlePageFormClient.h: Updated for added parameter.

WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::textDidChangeInTextField): Changed to call the bundle client
function unconditionally, but pass along whether the change was initiated by user typing.

3:44 PM Changeset in webkit [167275] by mitz@apple.com

3 edits in trunk/Source/WebKit2

[Cocoa] Add a WKWebProcessPlugInFormDelegate method corresponding to willSendSubmitEvent
https://bugs.webkit.org/show_bug.cgi?id=131639

Reviewed by Tim Horton.

WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFormDelegatePrivate.h: Declared

new delegate method.

WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): Added an override
of API::InjectedBundle::FormClient::willSendSubmitEvent which calls the new delegate
method.

3:39 PM Changeset in webkit [167274] by benjamin@webkit.org

3 edits in trunk/Source/WebKit2

[iOS][WK2] Change the SPI used when starting the rotation animation
https://bugs.webkit.org/show_bug.cgi?id=131638

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-04-14
Reviewed by Tim Horton.

Having an update block where all the properties are changed is more convenient for Safari.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _beginAnimatedResizeWithUpdates:]):
(-[WKWebView _beginAnimatedResizeToSize:obscuredInsets:minimumLayoutSizeOverride:]): Deleted.

UIProcess/API/Cocoa/WKWebViewPrivate.h:

3:37 PM Changeset in webkit [167273] by Simon Fraser

5 edits in trunk/Source/WebKit2

[iOS WK2] Hash table assertion closing a tab
https://bugs.webkit.org/show_bug.cgi?id=131640

Reviewed by Tim Horton.

Have RemoteLayerTreeContext keep track of all PlatformCALayerRemotes,
and clear their context pointer when it is being destroyed to avoid
calling into a deleted object later.

WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::~PlatformCALayerRemote):
(WebKit::PlatformCALayerRemote::addAnimationForKey):

WebProcess/WebPage/mac/PlatformCALayerRemote.h:

(WebKit::PlatformCALayerRemote::clearContext):

WebProcess/WebPage/mac/RemoteLayerTreeContext.h:
WebProcess/WebPage/mac/RemoteLayerTreeContext.mm:

(WebKit::RemoteLayerTreeContext::~RemoteLayerTreeContext):
(WebKit::RemoteLayerTreeContext::layerWasCreated):
(WebKit::RemoteLayerTreeContext::layerWillBeDestroyed):

3:05 PM Changeset in webkit [167272] by oliver@apple.com

5 edits
3 adds in trunk

Function.bind itself is too slow
https://bugs.webkit.org/show_bug.cgi?id=131636

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:
Rather than forcing creation of an activation, we now store
bound function properties directly on the returned closure.
This is necessary to deal with code that creates many function
bindings, but does not call them very often.

This is a 60% speed up in the included js/regress test.

builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createBuiltinExecutable):

builtins/Function.prototype.js:

(bind.bindingFunction):
(bind.else.switch.case.1.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.1.bindingFunction):
(bind.else.switch.case.2.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.2.bindingFunction):
(bind.else.switch.case.3.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk):
(bind.else.switch.case.3.bindingFunction):
(bind.else.switch.bindingFunction):
(bind):
(bind.else.switch.case.1.bindingFunction.oversizedCall): Deleted.
(bind.else.switch.case.2.bindingFunction.oversizedCall): Deleted.
(bind.else.switch.case.3.bindingFunction.oversizedCall): Deleted.

runtime/CommonIdentifiers.h:

LayoutTests:
New test, and fix bogus log in old one

js/regress/function-bind-create-expected.html: Added.
js/regress/function-bind-create.html: Added.
js/regress/script-tests/function-bind-create.js: Added.

(test):

js/regress/script-tests/function-bind.js:

2:51 PM Changeset in webkit [167271] by timothy_horton@apple.com

3 edits in trunk/Source/WebKit2

Allow dynamic changes of WKThumbnailView snapshot scale
https://bugs.webkit.org/show_bug.cgi?id=131628
<rdar://problem/16584156>

Reviewed by Beth Dakin.

UIProcess/API/Cocoa/_WKThumbnailView.mm:

(-[_WKThumbnailView _requestSnapshotIfNeeded]):
Don't bail from requesting a snapshot just because we already had one; we want to resnapshot.
Keep track of when we bail from requesting a snapshot because we have one in-flight, so we can request it later.

(-[_WKThumbnailView _didTakeSnapshot:]):
Apply the scale to the bitmap size (whoops!).
Make CA always resize the content to fill the thumbnail view's layer, respecting aspect ratio.
Re-snapshot if we previously deferred a snapshot.

(-[_WKThumbnailView setScale:]):
If we get a scale change, request a new snapshot.

(-[_WKThumbnailView setUsesSnapshot:]):
Never apply thumbnail scale to the page if we're using snapshots. It's unnecessary,
because scale will be applied simply when painting the software snapshot.
Apply the thumbnail scale if we're going from usesSnapshot -> !usesSnapshot.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::snapshotAtSize):
Snapshots should use the greater of the two scales, so as to never leave a portion of the snapshot unpainted.

2:48 PM Changeset in webkit [167270] by Beth Dakin

2 edits in trunk/Source/WebCore

RenderLayerCompositor's m_layerForOverhangAreas should be offset by the
topContentInset
https://bugs.webkit.org/show_bug.cgi?id=131632
-and corresponding-
<rdar://problem/16609602>

Reviewed by Tim Horton.

Offset m_layerForOverhangAreas by the topContentInset.

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateOverflowControlsLayers):

2:46 PM Changeset in webkit [167269] by Julien Brianceau

3 edits in trunk/Source/JavaScriptCore

[sh4] Allow use of SubImmediates in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=131608

Reviewed by Mark Lam.

Allow use of SubImmediates with const pool so the sh4 architecture can
share the arm path for setEntryAddress macro. It reduces architecture
specific code and lead to a more optimal generated code for sh4.

llint/LowLevelInterpreter.asm:
offlineasm/sh4.rb:

2:38 PM Changeset in webkit [167268] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit2

REGRESSION (WebKit2 View Gestures): Double-tap doesn't work properly when there's no element underneath the cursor
https://bugs.webkit.org/show_bug.cgi?id=131629
<rdar://problem/16192821>

Reviewed by Dan Bernstein.

UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::didCollectGeometryForSmartMagnificationGesture):
If there's nothing under the cursor, zoom towards the cursor instead of towards 0,0.

2:24 PM Changeset in webkit [167267] by ap@apple.com

5 edits in trunk/Source/WebCore

Eliminate CachedFrame::m_mousePressNode
https://bugs.webkit.org/show_bug.cgi?id=131626

Reviewed by Brady Eidson.

I couldn't find any observable effect of this change.

history/CachedFrame.cpp:

(WebCore::CachedFrameBase::CachedFrameBase):
(WebCore::CachedFrameBase::restore):
(WebCore::CachedFrame::clear):

history/CachedFrame.h:

(WebCore::CachedFrame::documentLoader):
(WebCore::CachedFrame::mousePressNode): Deleted.
Eliminated m_mousePressNode, accessor, and code that reached out to EventHandler.

page/EventHandler.cpp:

(WebCore::EventHandler::mousePressNode): Deleted.
(WebCore::EventHandler::setMousePressNode): Deleted.

page/EventHandler.h:

(WebCore::EventHandler::setMousePressed): Deleted. This function was already unused.

1:46 PM Changeset in webkit [167266] by Simon Fraser

11 edits in trunk/Source

Run filter animations in the UI process with UI-side compositing
https://bugs.webkit.org/show_bug.cgi?id=131199
<rdar://problem/16479487>

Source/WebCore:

Reviewed by Sam Weinig.

Add FilterOperation::clone() which is used during decoding.
Export some things.

WebCore.exp.in:
platform/graphics/filters/FilterOperation.h:

Source/WebKit2:

Reviewed by Sam Weinig.

Shared/WebCoreArgumentCoders.cpp: Removed lots of WebCore::

(IPC::ArgumentCoder<SelectionRect>::decode):
(IPC::ArgumentCoder<PasteboardWebContent>::encode):
(IPC::ArgumentCoder<PasteboardWebContent>::decode):
(IPC::ArgumentCoder<PasteboardImage>::encode):
(IPC::ArgumentCoder<PasteboardImage>::decode):
(IPC::ArgumentCoder<URL>::decode):
(IPC::ArgumentCoder<UserStyleSheet>::encode):
(IPC::ArgumentCoder<UserStyleSheet>::decode):
(IPC::ArgumentCoder<UserScript>::encode):
(IPC::ArgumentCoder<UserScript>::decode):
(IPC::ArgumentCoder<ScrollableAreaParameters>::encode):
(IPC::ArgumentCoder<ScrollableAreaParameters>::decode):
(IPC::ArgumentCoder<FixedPositionViewportConstraints>::encode):
(IPC::ArgumentCoder<FixedPositionViewportConstraints>::decode):
(IPC::ArgumentCoder<StickyPositionViewportConstraints>::encode):
(IPC::ArgumentCoder<StickyPositionViewportConstraints>::decode):
(IPC::ArgumentCoder<FilterOperation>::encode):
(IPC::decodeFilterOperation):
(IPC::ArgumentCoder<FilterOperations>::encode):
(IPC::ArgumentCoder<WebCore::UserStyleSheet>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::UserStyleSheet>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::UserScript>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::UserScript>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::ScrollableAreaParameters>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::ScrollableAreaParameters>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::FixedPositionViewportConstraints>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::FixedPositionViewportConstraints>::decode): Deleted.
(IPC::ArgumentCoder<WebCore::StickyPositionViewportConstraints>::encode): Deleted.
(IPC::ArgumentCoder<WebCore::StickyPositionViewportConstraints>::decode): Deleted.
(IPC::encodeFilterOperation): Deleted.
Add encoding/decoding support for FilterOperation.
decodeFilterOperation() has to be a bare function because of the RefPtr
out parameter.
REFERENCE filters should never be encoded, since they have CachedSVGDocumentReferences.

Shared/WebCoreArgumentCoders.h:

Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTextStream::operator<<):
Add logging for filter animations to the RemoteLayerTree log output.

WebProcess/WebPage/mac/GraphicsLayerCARemote.h:
WebProcess/WebPage/mac/GraphicsLayerCARemote.cpp:

(WebKit::GraphicsLayerCARemote::addAnimation): Deleted. We can run
filter animations now.

WebProcess/WebPage/mac/PlatformCAAnimationRemote.h:

KeyValues have a RefPtr<WebCore::FilterOperation> now (which can't be part of
the union because we need its constructor to get called).

WebProcess/WebPage/mac/PlatformCAAnimationRemote.mm:

(WebKit::PlatformCAAnimationRemote::KeyframeValue::encode): Encode the filter.
(WebKit::PlatformCAAnimationRemote::KeyframeValue::decode): Decode the filter.
(WebKit::PlatformCAAnimationRemote::setFromValue): Implement.
(WebKit::PlatformCAAnimationRemote::setToValue): Implement.
(WebKit::PlatformCAAnimationRemote::setValues): Implement.
(WebKit::animationValueFromKeyframeValue): Handle filters.

1:38 PM Changeset in webkit [167265] by Simon Fraser

2 edits in trunk/Source/WebKit2

Fix the build.

UIProcess/mac/PageClientImpl.h:

1:37 PM Changeset in webkit [167264] by jer.noble@apple.com

4 edits in trunk/Source/WebCore

Use after free in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase / WebCore::removeDetachedChildrenInContainer
https://bugs.webkit.org/show_bug.cgi?id=131169

Reviewed by Eric Carlson.

Invalidate the WebCoreAVFResourceLoader owned by MediaPlayerPrivateAVFoundationObjC
in its destructor, to prevent a private function being called in response to the
WebCoreAVFResourceLoader being stopped.

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):

platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:

(WebCore::WebCoreAVFResourceLoader::invalidate):

1:31 PM Changeset in webkit [167263] by mark.lam@apple.com

2 edits in trunk/Source/WTF

monotonicallyIncreasingTime() should only initialize its static timebaseInfo once.
<https://webkit.org/b/131630>

Reviewed by Filip Pizlo.

The current initialization of the static field is not thread safe.

wtf/CurrentTime.cpp:

(WTF::monotonicallyIncreasingTime):

12:49 PM Changeset in webkit [167262] by Simon Fraser

21 edits in trunk/Source

[WK2 iOS] Scrolling to anchor links is broken
https://bugs.webkit.org/show_bug.cgi?id=131618
<rdar://problem/16599144>

Source/WebCore:

Reviewed by Tim Horton.

Have ScrollingTreeScrollingNode pass RequestedScrollPosition updates
to the scrolling tree, so that the scrolling tree can have custom behavior
for them if necessary.

page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::scrollingTreeNodeRequestsScroll):

page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::updateAfterChildren):

page/scrolling/ScrollingTreeScrollingNode.h:

Source/WebKit2:

Reviewed by Tim Horton.

The RemoteScrollingTree implements scrollingTreeNodeRequestsScroll
to get informed about requested scroll position updates, and passes
them along via the RemoteScrollingCoordinatorProxy, WebPageProxy and PageClient
to the WKWebView, which performs a scroll.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _scrollToContentOffset:WebCore::]): Scroll to content offset,
taking page scale and insets into account.

UIProcess/API/Cocoa/WKWebViewInternal.h:
UIProcess/CoordinatedGraphics/WebView.cpp:

(WebKit::WebView::requestScroll):

UIProcess/CoordinatedGraphics/WebView.h:
UIProcess/PageClient.h:
UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:

(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll):
Pass scrolls along to the WebPageProxy for the root node. We will also need
to handle programmatic scrolls for overflow soon.

UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
UIProcess/Scrolling/RemoteScrollingTree.cpp:

(WebKit::RemoteScrollingTree::scrollingTreeNodeRequestsScroll):

UIProcess/Scrolling/RemoteScrollingTree.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::requestScroll):

UIProcess/WebPageProxy.h:
UIProcess/ios/PageClientImplIOS.h:
UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::canScrollView):
(WebKit::PageClientImpl::requestScroll):

UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::requestScroll):

12:45 PM Changeset in webkit [167261] by Brian Burg

4 edits
1 add in trunk

Web Replay: memoize fallback time values for document.lastModified
https://bugs.webkit.org/show_bug.cgi?id=131318

Reviewed by Joseph Pecoraro.

It's better to handle this inside Document::lastModified rather than using
MemoizedDOMResult, because only the fallback case is nondeterministic.

Test: http/tests/inspector/replay/document-last-modified-fallback-value.html

dom/Document.cpp:

(WebCore::Document::lastModified): Save or reuse memoized fallback value.

replay/WebInputs.json: Add input DocumentLastModifiedDate.

LayoutTests:

http/tests/inspector/replay/document-last-modified-fallback-value.html: Added.

12:11 PM Changeset in webkit [167260] by ggaren@apple.com

8 edits in trunk/PerformanceTests

A few MallocBench record/replay fixes
https://bugs.webkit.org/show_bug.cgi?id=131627

Reviewed by Andreas Kling.

MallocBench/MallocBench/Interpreter.cpp:

(Interpreter::run): Accept 0-sized allocations without asserting because
WebKit does that sometimes.

MallocBench/MallocBench/flickr.ops:
MallocBench/MallocBench/flickr_memory_warning.ops:
MallocBench/MallocBench/reddit.ops:
MallocBench/MallocBench/reddit_memory_warning.ops:
MallocBench/MallocBench/theverge.ops:
MallocBench/MallocBench/theverge_memory_warning.ops: Updated these

recordings because a bug in the recording mechanism caused one out of
every few thousand slot values to be bogus.

12:02 PM Changeset in webkit [167259] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

[GTK] Unreviewed GTK gardening.

Patch by Eduardo Lima Mitev <elima@igalia.com> on 2014-04-14

platform/gtk/TestExpectations: Update test expectations for new failing test 'editing/editability/ignored-content.html'.
platform/gtk/inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: Rebaselined.

12:00 PM Changeset in webkit [167258] by bshafiei@apple.com

5 edits in trunk/Source

Versioning.

11:57 AM Changeset in webkit [167257] by bshafiei@apple.com

1 copy in tags/Safari-538.29

New tag.

11:40 AM Changeset in webkit [167256] by Antti Koivisto

9 edits in trunk/Source

Keep secondary tile grid for zoomed-out scale
https://bugs.webkit.org/show_bug.cgi?id=131586

Reviewed by Darin Adler.

Source/WebCore:

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::updateContentsScale):

Don't repaint tiled backing with setNeedsDisplay, it invalidates itself correctly in setContentsScale.
Update custom child layers when tiled backing scale changes.

platform/graphics/ca/mac/TileController.h:
platform/graphics/ca/mac/TileController.mm:

(WebCore::TileController::TileController):
(WebCore::TileController::setNeedsDisplay):

Drop the whole zoomed-out grid on full repaint.

(WebCore::TileController::setNeedsDisplayInRect):

Drop changed zoomed-out tiles. A more sophisticated strategy is possible.

(WebCore::TileController::setContentsScale):

Swap the zoomed-out grid in and out as needed.
Repaint the active grid after scale change so the client does not have to.

(WebCore::TileController::contentsScale):

Get the content scale from the tile grid so it is not kept in two places.

(WebCore::TileController::zoomedOutContentsScale):
(WebCore::TileController::setZoomedOutContentsScale):

Drop the zoomed-out grid if it no longer matches the zoomed-out scale.

(WebCore::TileController::tileRevalidationTimerFired):
(WebCore::TileController::retainedTileBackingStoreMemory):
(WebCore::TileController::containerLayers):

Return both zoomed-out tiles and the active tiles. Active tiles are on top.

(WebCore::TileController::numberOfUnparentedTiles):
(WebCore::TileController::removeUnparentedTilesNow):

platform/graphics/ca/mac/TileGrid.h:
platform/graphics/ca/mac/TileGrid.mm:

(WebCore::TileGrid::dropTilesInRect):

Add a function for dropping tiles.

(WebCore::TileGrid::revalidateTiles):

Source/WebKit2:

WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.cpp:

(WebKit::PlatformCALayerRemoteTiledBacking::PlatformCALayerRemoteTiledBacking):
(WebKit::PlatformCALayerRemoteTiledBacking::customSublayers):

Always request new sublayer list from tile controller.

WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.h:

11:33 AM WebKitGTK/KeepingTheTreeGreen edited by elima@igalia.com

(diff)

11:17 AM WebKitGTK/KeepingTheTreeGreen edited by elima@igalia.com

(diff)

11:05 AM April 2014 Meeting edited by zoltan@webkit.org

(diff)

11:04 AM Changeset in webkit [167255] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

Mark getProperty() with ALWAYS_INLINE.

Use JSArray::length() instead of taking the generic property lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Oliver & Darin.

runtime/ArrayPrototype.cpp:

(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

11:02 AM April 2014 Meeting edited by betravis@adobe.com

(diff)

11:00 AM April 2014 Meeting edited by Bem Jones-Bey

(diff)

10:51 AM April 2014 Meeting edited by ddkilzer@webkit.org

(diff)

10:49 AM April 2014 Meeting edited by Bem Jones-Bey

(diff)

10:33 AM Changeset in webkit [167254] by ap@apple.com

2 edits in trunk/Source/bmalloc

Fixed svn:ignore on bmalloc.xcodeproj, it had erroneous leading spaces.

bmalloc.xcodeproj: Modified property svn:ignore.

10:27 AM Changeset in webkit [167253] by timothy_horton@apple.com

7 edits in trunk/Source/WebKit2

Make WK(Web)View magnification setters actually use view-relative positions
https://bugs.webkit.org/show_bug.cgi?id=131611
<rdar://problem/15965239>

Reviewed by Darin Adler.

UIProcess/API/mac/WKView.mm:

(-[WKView setMagnification:centeredAtPoint:]):
(-[WKView setMagnification:]):
Use scalePageInViewCoordinates instead.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::scalePageInViewCoordinates):

UIProcess/WebPageProxy.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

Add scalePageInViewCoordinates, which turns the scale centerpoint within the view
into what scalePage expects: a post-scale scroll offset.

10:26 AM Changeset in webkit [167252] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r167249.
https://bugs.webkit.org/show_bug.cgi?id=131621

broke 3 tests on cloop (Requested by kling on #webkit).

Reverted changeset:

"Array.prototype.concat should allocate output storage only
once."
https://bugs.webkit.org/show_bug.cgi?id=131609
http://trac.webkit.org/changeset/167249

Patch by Commit Queue <commit-queue@webkit.org> on 2014-04-14

10:20 AM WebKitGTK/KeepingTheTreeGreen edited by elima@igalia.com

(diff)

10:17 AM Changeset in webkit [167251] by oliver@apple.com

2 edits in trunk/Source/WebCore

Update test result

9:52 AM WebKitGTK/KeepingTheTreeGreen edited by elima@igalia.com

(diff)

9:31 AM Changeset in webkit [167250] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Fixed potential integer truncation.
https://bugs.webkit.org/show_bug.cgi?id=131615

Patch by Alex Christensen <achristensen@webkit.org> on 2014-04-14
Reviewed by Darin Adler.

assembler/X86Assembler.h:

(JSC::X86Assembler::fillNops):
Truncate the size_t to an unsigned after it is limited to 15 instead of before.

9:19 AM Changeset in webkit [167249] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

Array.prototype.concat should allocate output storage only once.
<https://webkit.org/b/131609>

Do a first pass across 'this' and any arguments to compute the
final size of the resulting array from Array.prototype.concat.
This avoids having to grow the output incrementally as we go.

This also includes two other micro-optimizations:

Mark getProperty() with ALWAYS_INLINE.

Use JSArray::length() instead of taking the generic property lookup path when we know an argument is an Array.

My MBP says ~3% progression on Dromaeo/jslib-traverse-jquery.

Reviewed by Darin Adler.

runtime/ArrayPrototype.cpp:

(JSC::getProperty):
(JSC::arrayProtoFuncConcat):

9:02 AM Changeset in webkit [167248] by krit@webkit.org

5 edits in trunk

Optimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and DestinationAtop using transparencyLayer.
https://bugs.webkit.org/show_bug.cgi?id=79659

Reviewed by Darin Adler.

Source/WebCore:
Optimize fill() and fillRect() operations in Canvas on composited contexts by
10 to 20 times on CG.

Replacing the ImageBuffer code by transparency layers allows the
graphics library to optimize the drawing.

Doing the same for drawImage() would give performance regressions.

An inline function will create a transparency layer for CG. Cairo graphics
does not composite correctly when a transparency layer gets created.
The inline function is just a NOOP for Cairo.

This fixes bug 131303 as well.

Added performance tests with r167124 already.

html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::fillInternal):
(WebCore::CanvasRenderingContext2D::strokeInternal):
(WebCore::CanvasRenderingContext2D::beginCompositeLayer):
(WebCore::CanvasRenderingContext2D::endCompositeLayer):
(WebCore::CanvasRenderingContext2D::fillRect):
(WebCore::CanvasRenderingContext2D::strokeRect):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::fullCanvasCompositedFill): Deleted.

html/canvas/CanvasRenderingContext2D.h:

LayoutTests:
Unskip previously failing tests.

platform/gtk/TestExpectations:

8:48 AM Changeset in webkit [167247] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.4.1

Tagging the WebKitGTK+ 2.4.1 release

8:42 AM Changeset in webkit [167246] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

Lots of compositing test failures after r167152
https://bugs.webkit.org/show_bug.cgi?id=131574

Reviewed by Darin Adler.

platform/graphics/GraphicsLayer.cpp:

(WebCore::dumpChildren):
(WebCore::GraphicsLayer::dumpProperties):
Make child-dumping recursive so that we can easily skip layers up to any depth.

8:35 AM Changeset in webkit [167245] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4

Unreviewed. Update NEWS and Versions.m4 for 2.4.1 release.

Source/autotools/Versions.m4: Bump version numbers.

Source/WebKit/gtk:

NEWS: Added release notes for 2.4.1.

5:45 AM Changeset in webkit [167244] by pmolnar.u-szeged@partner.samsung.com

3 edits in trunk/Source/WebCore

Fix incorrect indentations in CodeGeneratorJS.pm introduced in r165521
https://bugs.webkit.org/show_bug.cgi?id=131613

Reviewed by Csaba Osztrogonác.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):
Fixed 5-space indentation.

bindings/scripts/test/JS/JSTestNondeterministic.cpp:

Updated the tests accordingly.

5:24 AM Changeset in webkit [167243] by commit-queue@webkit.org

2 edits in trunk/Tools

Fix commit-log-editor bug revealed by r165447
https://bugs.webkit.org/show_bug.cgi?id=130676

Patch by Jozsef Berta <jberta.u-szeged@partner.samsung.com> on 2014-04-14
Reviewed by Csaba Osztrogonác.

Scripts/commit-log-editor:

(createCommitMessage): Omitting empty Source/JavaScriptCore:... blocks.
Add \n before the first block too, because the longest common prefix now ends with only one newline.
(removeLongestCommonPrefixEndingInNewline): The longest common prefix ends with only one newline,
now the last block of the common prefix isn't duplicated below. Changing the function name accordingly.

4:41 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

4:40 AM Changeset in webkit [167242] by Carlos Garcia Campos

9 edits
4 adds in releases/WebKitGTK/webkit-2.4

Merge r167193 - [GStreamer] No CORS support for media elements
https://bugs.webkit.org/show_bug.cgi?id=99037

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-13
Reviewed by Philippe Normand.

Source/WebCore:

Added CORS access control check to media sources when crossorigin attribute is set.

Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.

Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.

Tests: http/tests/security/video-cross-origin-accessfailure.html

http/tests/security/video-cross-origin-accesssameorigin.html

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcStart): Passed CORS mode parameter to the streaming client. In case of CORS check failure, stop the resource loading.
(webKitSrcPassedCORSAccessCheck): Return whether CORS access control check was done and successful.
(StreamingClient::handleResponseReceived): Take a parameter to assign the CORS access control check result.
(CachedResourceStreamingClient::CachedResourceStreamingClient): Updated setting of the ResourceLoaderOptions according CORS mode.
(CachedResourceStreamingClient::responseReceived): Check CORS and pass result to handleResponseReceived.
(ResourceHandleStreamingClient::didReceiveResponse): No CORS check.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

LayoutTests:

http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.

http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams

are played when crossorigin attribute is set.

http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
http/tests/security/video-cross-origin-accessfailure.html: Added.
http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
http/tests/security/video-cross-origin-accesssameorigin.html: Added.
platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
platform/gtk/TestExpectations: Ditto.
platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.

4:25 AM Changeset in webkit [167241] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r166304 - REGRESSION(r162679): Poster image visible under the video
https://bugs.webkit.org/show_bug.cgi?id=130783

Reviewed by Simon Fraser.

In the listed revision, we started checking for isRenderImage()
instead of isImage(). RenderMedias return 'true' for the first
but 'false' for the second. Change the if() statement to check
for isRenderMedia() in addition to !isRenderImage().

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::isDirectlyCompositedImage):

4:21 AM Changeset in webkit [167240] by Manuel Rego Casasnovas

3 edits
2 adds in trunk

[JSC] CSSStyleDeclaration report incorrect descriptor
https://bugs.webkit.org/show_bug.cgi?id=89697

Reviewed by Benjamin Poulain.

Source/WebCore:

Change descriptor of CSSStyleDeclaration properties in order to have
writable and enumerable attributes set to true. Configurable is kept to
false since the property is not deleteable.

Test: fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html

bindings/js/JSCSSStyleDeclarationCustom.cpp:

(WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate): Only set
DontDelete attribute when creating the descriptor for
CSSStyleDeclaration properties.

LayoutTests:

Add new test to check the descriptor of CSSStyleDeclaration properties.

fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor-expected.txt: Added.
fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html: Added.

4:20 AM Changeset in webkit [167239] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r166090 - Source/WebCore: Fix a crash when assigning an object to document.location
https://bugs.webkit.org/show_bug.cgi?id=130213

Reviewed by Geoffrey Garen.

Convert location to string before we make use the document.
This prevents us from attempting to navigate a frame that
has already been removed.

Test: fast/dom/navigation-with-sideeffects-crash.html

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::location):
(WebCore::JSDocument::setLocation):

LayoutTests: Fix semantics of JS execution when assigning an object to document.location
https://bugs.webkit.org/show_bug.cgi?id=130213

Reviewed by Geoffrey Garen.

fast/dom/navigation-with-sideeffects-expected.txt: Added.
fast/dom/navigation-with-sideeffects.html: Added.

4:12 AM Changeset in webkit [167238] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source/WebKit2

Merge r166026 - Generalize WebInspector check in maybeInitializeSandboxExtensionHandle().
https://bugs.webkit.org/show_bug.cgi?id=130079
<rdar://problem/16286683>

Reviewed by Anders Carlsson.

UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):

Perform an early return for all paths that don't need a sandbox extension due to
access being assumed, not only for WebInspector pages.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::hasAssumedReadAccessToURL):
(WebKit::WebProcessProxy::checkURLReceivedFromWebProcess):

UIProcess/WebProcessProxy.h:

Factored out m_localPathsWithAssumedReadAccess iteration to a public function.

4:04 AM Changeset in webkit [167237] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r165921 - Crash with long selector list
https://bugs.webkit.org/show_bug.cgi?id=123006

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/css/long-selector-list-crash.html

css/CSSSelectorList.cpp:

(WebCore::CSSSelectorList::CSSSelectorList):
(WebCore::CSSSelectorList::adoptSelectorVector):
(WebCore::CSSSelectorList::operator=):

css/StyleRule.cpp:

(WebCore::StyleRule::create):

Add a bunch of asserts.

(WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):

This could produce a zero-length selector list.

LayoutTests:

fast/css/long-selector-list-crash-expected.txt: Added.
fast/css/long-selector-list-crash.html: Added.

3:53 AM Changeset in webkit [167236] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r165902 - Update type of local vars to match the type of String length.
<https://webkit.org/b/130077>

Reviewed by Geoffrey Garen.

runtime/JSStringJoiner.cpp:

(JSC::JSStringJoiner::join):

3:47 AM Changeset in webkit [167235] by Carlos Garcia Campos

5 edits
4 adds in releases/WebKitGTK/webkit-2.4

Merge r165821 - Mutating rules returned by getMatchedCSSRules can result in crash
https://bugs.webkit.org/show_bug.cgi?id=130209

Source/WebCore:

Reviewed by Andreas Kling.

The non-standard getMatchedCSSRules API returns CSSStyleRule objects that don't
have parent stylesheet pointer (as we don't know which sheet the rule originated from).
Mutating the rule via such wrapper can lead to crashes later as we fail to invalidate
the underlying stylesheet.

Fix by disallowing mutation of style rules that don't have parent sheet pointer. CSSStyleRule
has two mutable properties selectorText and style. The latter gives back CSSStyleDeclaration.
This patch disallows mutations in both cases for CSSStyleRules that don't have parent stylesheet
pointer.

While it is technically possible to have CSSRules that are legitimately disconnected
from stylesheet (by removing rule from sheet while holding a reference to it) it never
makes sense to mutate such rule as there is no way to do anything with it afterwards.

Tests: fast/css/getMatchedCSSProperties-rule-mutation.html

fast/css/getMatchedCSSRules-crash.html

css/CSSStyleRule.cpp:

(WebCore::CSSStyleRule::setSelectorText):

Bail out if parent stylesheet is null.

css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::setCssText):
(WebCore::PropertySetCSSStyleDeclaration::setProperty):
(WebCore::PropertySetCSSStyleDeclaration::removeProperty):
(WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal):

Allow StyleRuleCSSStyleDeclaration subclass cancel the mutation via
boolean return value from willMutate.

(WebCore::StyleRuleCSSStyleDeclaration::willMutate):

Disallow mutation if the owning CSSStyleRule is null or has null stylesheet.

(WebCore::StyleRuleCSSStyleDeclaration::didMutate):

We never get here with null rule or stylesheet anymore.

css/PropertySetCSSStyleDeclaration.h:

(WebCore::PropertySetCSSStyleDeclaration::willMutate):

LayoutTests:

Reviewed by Andreas Kling.

fast/css/getMatchedCSSProperties-rule-mutation-expected.txt: Added.
fast/css/getMatchedCSSProperties-rule-mutation.html: Added.
fast/css/getMatchedCSSRules-crash-expected.txt: Added.
fast/css/getMatchedCSSRules-crash.html: Added.

3:38 AM Changeset in webkit [167234] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r165548 - Don't send synchronous resize events when FrameView has auto-sizing enabled.
<https://webkit.org/b/130198>
<rdar://problem/15991333>

Reviewed by Dan Bernstein.

page/FrameView.cpp:

(WebCore::FrameView::sendResizeEventIfNeeded):

3:26 AM Changeset in webkit [167233] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

Merge r165425 - Improve WeakPtr operators.
https://bugs.webkit.org/show_bug.cgi?id=130053

Reviewed by Andreas Kling.

Replace the "operator!()" with an explicit bool operator. Add an "operator->()".

wtf/WeakPtr.h:

(WTF::WeakPtr::operator bool):
(WTF::WeakPtr::operator->):

3:05 AM Changeset in webkit [167232] by Carlos Garcia Campos

5 edits
3 adds in releases/WebKitGTK/webkit-2.4

Merge r165339 - SerializedScriptValue may move Identifiers between worlds
https://bugs.webkit.org/show_bug.cgi?id=129979

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/workers/worker-copy-shared-blob-url.html

Don't use Strings to store blob URLs as String's may be Identifiers
and they can only exist in one world/thread at a time.

Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::put):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::deserializeString):
(WebCore::SerializedScriptValue::addBlobURL):
(WebCore::SerializedScriptValue::SerializedScriptValue):

bindings/js/SerializedScriptValue.h:

LayoutTests:

Add test cases

fast/workers/resources/worker-copy-shared-blob-url-worker.js: Added.

(count.0.onmessage):

fast/workers/worker-copy-shared-blob-url-expected.txt: Added.
fast/workers/worker-copy-shared-blob-url.html: Added.

2:47 AM Changeset in webkit [167231] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r165145 - ASSERT(newestManifest) fails in WebCore::ApplicationCacheGroup::didFinishLoadingManifest()
https://bugs.webkit.org/show_bug.cgi?id=129753
<rdar://problem/12069835>

Reviewed by Alexey Proskuryakov.

Fixes an issue where an assertion failure would occur when visiting a web site whose on-disk
app cache doesn't contain a manifest resource.

For some reason an app cache for a web site may be partially written to disk. In particular, the
app cache may only contain a CacheGroups entry. That is, the manifest resource and origin records
may not be persisted to disk. From looking over the code, we're unclear how such a situation can occur
and hence have been unable to create such an app cache. We were able to reproduce this issue using
an app cache database file that was provided by a person that was affected by this issue.

No test included because it's not straightforward to write a test for this change.

loader/appcache/ApplicationCacheGroup.cpp:

(WebCore::ApplicationCacheGroup::checkIfLoadIsComplete): Assert that m_cacheBeingUpdated->manifestResource()
is non-null. Currently we only document this assumption in a code comment. Also separated a single assertion
expression into two assertion expressions to make it straightforward to identify the failing sub-expression
on failure.

loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::store): Modified to call ApplicationCacheStorage::deleteCacheGroupRecord()
to remove a cache group and associated cache records (if applicable) before inserting a cache group entry.
This replacement approach will ultimately repair incomplete app cache data for people affected by this bug.
(WebCore::ApplicationCacheStorage::loadCache): Log an error and return nullptr if the cache we loaded doesn't
have a manifest resource.
(WebCore::ApplicationCacheStorage::deleteCacheGroupRecord): Added.
(WebCore::ApplicationCacheStorage::deleteCacheGroup): Extracted deletion logic for cache group record into
ApplicationCacheStorage::deleteCacheGroupRecord().

loader/appcache/ApplicationCacheStorage.h:

2:43 AM Changeset in webkit [167230] by Carlos Garcia Campos

4 edits
3 adds in releases/WebKitGTK/webkit-2.4

Merge r165138 - Fix crash in CompositeEditCommand::cloneParagraphUnderNewElement()
<http://webkit.org/b/129751>
<rdar://problem/16237965>

Reviewed by Jon Honeycutt.

Merged from Blink (patch by Yuta Kitamura):
https://src.chromium.org/viewvc/blink?revision=168160&view=revision
http://crbug.com/345005

The root cause is CompositeEditCommand::moveParagraphWithClones() passing
two positions |start| and |end| which do not follow the document order,
i.e. in some situations |start| is located after |end| because of
the difference in affinity.

This patch fixes this crash by normalizing |end| to |start| in such situations.
It also adds an ASSERT that checks the relationship between |start| and |end|.

Source/WebCore:

Test: editing/execCommand/format-block-crash.html

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::cloneParagraphUnderNewElement):
(WebCore::CompositeEditCommand::moveParagraphWithClones):

editing/CompositeEditCommand.h:

LayoutTests:

editing/execCommand/format-block-crash-expected.txt: Added.
editing/execCommand/format-block-crash.html: Added.
editing/execCommand/resources/format-block-crash-iframe.html: Added.

2:37 AM Changeset in webkit [167229] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r164933 - Ensure keySplines is valid in SMIL animations
<http://webkit.org/b/129547>
<rdar://problem/15676128>

Reviewed by Darin Adler.

Merged from Blink (patch by Philip Rogers):
https://src.chromium.org/viewvc/blink?revision=156452&view=revision
http://crbug.com/276111

This patch fixes a crash in SMIL animations when keySplines are not
specified. The SMIL spec is clear on this:
http://www.w3.org/TR/2001/REC-smil-animation-20010904/#AnimFuncCalcMode
"If there are any errors in the keyTimes specification (bad values,
too many or too few values), the animation will have no effect."

This patch simply checks that keyTimes is not empty. Previously,
splinesCount was set to be m_keySplines.size() + 1 in
SVGAnimationElement.cpp; this patch changes splinesCount to be equal
to m_keySplines.size() to make the logic easier to follow and to
match other checks in SVGAnimationElement::startedActiveInterval.

Source/WebCore:

Test: svg/animations/animate-keysplines-crash.html

svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::startedActiveInterval):

LayoutTests:

svg/animations/animate-keysplines-crash-expected.txt: Added.
svg/animations/animate-keysplines-crash.html: Added.

2:34 AM Changeset in webkit [167228] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r164876 - Properly clear m_logicallyLastRun to remove use-after-free possibility
https://bugs.webkit.org/show_bug.cgi?id=129489

Reviewed by David Hyatt.

A use-after-free issue was caught in Blink because m_logicallyLastRun
is not cleared when the item it points to is deleted. Clearing it
turns the use-after-free into a segfault, and prevents any future
use-after-frees from happening.

platform/text/BidiRunList.h:

(WebCore::BidiRunList<Run>::deleteRuns):

2:31 AM Changeset in webkit [167227] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

Merge r164408 - Crash in WTF::StringBuilder::append()

https://bugs.webkit.org/show_bug.cgi?id=125817
<rdar://problem/15671883>

Reviewed by Oliver Hunt.

wtf/text/StringBuilder.cpp:

(WTF::expandedCapacity):
Ensure that we return a new capacity of at least 'requiredLength' in
the case where requiredLength is large. Also, use unsigned rather than
size_t for the parameters and the return value, as callers pass
unsigned arguments and treat the result as an unsigned int.

2:24 AM Changeset in webkit [167226] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r164367 - Do not dispatch change event twice in single step action
https://bugs.webkit.org/show_bug.cgi?id=116936
<rdar://problem/16086828>

Reviewed by Ryosuke Niwa.

Merged from Blink (patch by Kent Tamura):
https://src.chromium.org/viewvc/blink?view=rev&revision=151175

Source/WebCore:

Test: fast/forms/number/number-type-update-by-change-event.html

html/InputType.cpp:

(WebCore::InputType::stepUpFromRenderer):

LayoutTests:

fast/forms/number/number-type-update-by-change-event-expected.txt: Added.
fast/forms/number/number-type-update-by-change-event.html: Added.

2:17 AM Changeset in webkit [167225] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r164249 - AX: Invalid cast in WebCore::AccessibilityTable::isDataTable (CRBug 280352)
<https://webkit.org/b/128925>
<rdar://problem/16087351>

Merged from Blink (patch by Dominic Mazzoni):
https://src.chromium.org/viewvc/blink?revision=159711&view=revision

Reviewed by Oliver Hunt.

Source/WebCore:

Don't cast to a table cell element unless we are sure it is one.

Test: accessibility/display-table-cell-causes-crash.html

accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::isDataTable):

LayoutTests:

accessibility/display-table-cell-causes-crash-expected.txt: Added.
accessibility/display-table-cell-causes-crash.html: Added.

2:11 AM Changeset in webkit [167224] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r164204 - Ensure that removing an iframe from the DOM tree disconnects its Frame.
<https://webkit.org/b/128889>
<rdar://problem/15671221>

Merged from Blink (patch by Adam Klein):
https://src.chromium.org/viewvc/blink?revision=156174&view=revision

Source/WebCore:

SubframeLoadingDisabler wasn't catching the case when an <iframe> was,
in its unload handler, removed and re-added to the same parent.
Fix this by using a count of SubframeLoadingDisablers that are on the
stack for a given root, rather than a simple boolean.

Test: fast/frames/reattach-in-unload.html

html/HTMLFrameOwnerElement.h:

(WebCore::SubframeLoadingDisabler::disabledSubtreeRoots):

LayoutTests:

fast/frames/reattach-in-unload-expected.txt: Added.
fast/frames/reattach-in-unload.html: Added.

2:00 AM Changeset in webkit [167223] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r164170 - ASSERT_WITH_SECURITY_IMPLICATION in WebCore::toElement
https://bugs.webkit.org/show_bug.cgi?id=128810

Patch by Renata Hodovan <rhodovan.u-szeged@partner.samsung.com> on 2014-02-15
Reviewed by Ryosuke Niwa.

Source/WebCore:

Make CompositeEditCommand::cloneParagraphUnderNewElement() to work when |outerNode|
doesn't contain |start|.

Merged from Blink https://src.chromium.org/viewvc/blink?revision=161762&view=revision by yosin@chromium.org.

Test: editing/execCommand/indent-with-uneditable-crash.html

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::cloneParagraphUnderNewElement):

LayoutTests:

editing/execCommand/indent-with-uneditable-crash-expected.txt: Added.
editing/execCommand/indent-with-uneditable-crash.html: Added.

1:53 AM Changeset in webkit [167222] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4

Merge r163599 - loadSubframe can return null in SubframeLoader::loadOrRedirectSubframe
https://bugs.webkit.org/show_bug.cgi?id=128344

Reviewed by Ryosuke Niwa.

Source/WebCore:

loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadOrRedirectSubframe):

LayoutTests:

TestExpectations: Unskipped tests that were previously crashing

1:47 AM Changeset in webkit [167221] by Carlos Garcia Campos

6 edits
6 adds in releases/WebKitGTK/webkit-2.4

Merge r163579 - Make adoption agency use the task queue
https://bugs.webkit.org/show_bug.cgi?id=109445

Reviewed by Ryosuke Niwa.

Source/WebCore:

Tests: fast/parser/adoption-agency-crash-01.html

fast/parser/adoption-agency-crash-02.html
fast/parser/adoption-agency-crash-03.html

html/parser/HTMLConstructionSite.cpp:

(WebCore::insert):
(WebCore::executeInsertTask):
(WebCore::executeReparentTask):
(WebCore::executeInsertAlreadyParsedChildTask):
(WebCore::executeTakeAllChildrenTask):
(WebCore::executeTask):
(WebCore::HTMLConstructionSite::attachLater):
(WebCore::HTMLConstructionSite::executeQueuedTasks):
(WebCore::HTMLConstructionSite::insertTextNode):
(WebCore::HTMLConstructionSite::reparent):
(WebCore::HTMLConstructionSite::insertAlreadyParsedChild):
(WebCore::HTMLConstructionSite::takeAllChildren):
(WebCore::HTMLConstructionSite::fosterParent):

html/parser/HTMLConstructionSite.h:

(WebCore::HTMLConstructionSiteTask::HTMLConstructionSiteTask):
(WebCore::HTMLConstructionSiteTask::oldParent):

html/parser/HTMLTreeBuilder.cpp:

(WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

LayoutTests:

TestExpectations:
fast/parser/adoption-agency-crash-01-expected.txt: Added.
fast/parser/adoption-agency-crash-01.html: Added.
fast/parser/adoption-agency-crash-02-expected.txt: Added.
fast/parser/adoption-agency-crash-02.html: Added.
fast/parser/adoption-agency-crash-03-expected.txt: Added.
fast/parser/adoption-agency-crash-03.html: Added.

1:46 AM Changeset in webkit [167220] by benjamin@webkit.org

7 edits in trunk/Source

[JSC] Improve the call site of string comparison in some hot path
https://bugs.webkit.org/show_bug.cgi?id=131605

Reviewed by Darin Adler.

Source/JavaScriptCore:

When resolved, the String of a JSString is never null. It can be empty but not null.
The null value is reserved for ropes but those would be resolved when getting the value.

Consequently, we should use the equal() operation that do not handle null values.
Using the StringImpl directly is already common in StringPrototype but it was not used here for some reason.

jit/JITOperations.cpp:
runtime/JSCJSValueInlines.h:

(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
(JSC::JSValue::pureStrictEqual):

Source/WebCore:

dom/NodeRareData.h:

(WebCore::NodeListsNodeData::NodeListCacheMapEntryHash::equal):
We should use the right comparison operation depending on the Hash Traits.

Source/WTF:

wtf/text/StringImpl.cpp:

(WTF::stringImplContentEqual):
Inline that function to reduce the call overhead for JSC.
This is only inlined twice, it is not catastrophic for our binary.

1:45 AM Changeset in webkit [167219] by akling@apple.com

2 edits
1 move
1 delete in trunk/Source/WebCore

Merge MemoryPressureHandler{Mac,IOS}.mm
<https://webkit.org/b/131603>

Join the iOS and Mac platform implementations of MemoryPressureHandler
under the shared Cocoa banner. Each platform still has its own quirky
behavior, but this puts them in the same file so we can start sharing.

Reviewed by Darin Adler.

WebCore.xcodeproj/project.pbxproj:
platform/cocoa/MemoryPressureHandlerCocoa.mm: Renamed from Source/WebCore/platform/mac/MemoryPressureHandlerMac.mm.

(WebCore::MemoryPressureHandler::platformReleaseMemory):
(WebCore::MemoryPressureHandler::install):
(WebCore::MemoryPressureHandler::uninstall):
(WebCore::MemoryPressureHandler::holdOff):
(WebCore::MemoryPressureHandler::respondToMemoryPressure):
(WebCore::respondToMemoryPressureCallback):
(WebCore::MemoryPressureHandler::installMemoryReleaseBlock):
(WebCore::MemoryPressureHandler::setReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::hasReceivedMemoryPressure):
(WebCore::MemoryPressureHandler::clearMemoryPressure):
(WebCore::MemoryPressureHandler::shouldWaitForMemoryClearMessage):
(WebCore::MemoryPressureHandler::respondToMemoryPressureIfNeeded):

platform/ios/MemoryPressureHandlerIOS.mm: Removed.

1:42 AM Changeset in webkit [167218] by benjamin@webkit.org

10 edits
4 adds in trunk

CSS JIT: compile the :nth-child() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=131602

Reviewed by Andreas Kling.

Source/WebCore:

Tests: fast/selectors/nth-child-bounds.html

fast/selectors/nth-child-with-backtracking.html

Compile the :nth-child() pseudo class function + some related clean up.

css/CSSSelector.cpp:

(WebCore::CSSSelector::nthA):
(WebCore::CSSSelector::nthB):
Expose the parsed value of an+b filters. Those values are used to compile
the selector.

(WebCore::CSSSelector::RareData::parseNth):
While working on the patch, I discovered some severe issues with the parsing of large
values of a and/or b. The problem comes from the way the CSS parser handle the values:
the values are parsed as a double then converted to an AtomicString for CSSSelector.

There are many problems related to large values but we never got bug reports because
they are very uncommon. Fixing those problem would require changing the parser.

Here, CSSSelector::RareData::parseNth() is hardened a little bit to avoid absurd values
of a and b.

css/CSSSelector.h:
cssjit/RegisterAllocator.h:

It looks like I forgot RDX in the list of register. Add it now since it is required
for SelectorCodeGenerator::modulo().

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::addPseudoType):
(WebCore::SelectorCompiler::SelectorCodeGenerator::SelectorCodeGenerator):
(WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):
(WebCore::SelectorCompiler::SelectorCodeGenerator::moduloIsZero):
There is no modulo() operation exposed on the macro assemblers. This is a basic
implementation on top of idiv for x86_64.

Since idiv works exclusively with RAX and RDX, most of the code is about getting
those registers efficiently.

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::setElementChildIndex):
(WebCore::SelectorCompiler::setElementChildIndexAndUpdateStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
This is pretty much a straightforward implementation of :nth-child().
The first part counts the number of previous elements.
The second part updates the tree if this is style resolution.
The last part compares the number of previous siblings to an+b to find if the filter matches.

The only part that diverges from SelectorChecker is how childIndex is used. Instead of testing it
at every iteration, only the first iteration handle the cache.

dom/ElementRareData.h:

(WebCore::ElementRareData::childIndexMemoryOffset):

dom/Node.h:

(WebCore::Node::rareDataMemoryOffset):
(WebCore::Node::flagHasRareData):

rendering/style/RenderStyle.h:

LayoutTests:

Add a couple of test for the new code:
-nth-child-with-backtracking tests the register pressure with backtracking.
-nth-child-bounds tests invalid selectors do not cause problems.

fast/selectors/nth-child-bounds-expected.txt: Added.
fast/selectors/nth-child-bounds.html: Added.
fast/selectors/nth-child-with-backtracking-expected.txt: Added.
fast/selectors/nth-child-with-backtracking.html: Added.

http/tests/security/video-poster-cross-origin-crash.html:

Now that CSSSelector filters out ridiculously bad values, the pseudo class in this test
was no longer executed.
The particular value of nth-child is irrelevant for this test, all it needs it the tree marking
while not matching.

1:29 AM Changeset in webkit [167217] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.4

Merge r163465 - Move characterAt index checks from InlineIterator to RenderText
https://bugs.webkit.org/show_bug.cgi?id=128224

Source/WebCore:

Reviewed by Simon Fraser.

Move characterAt index checks from InlineIterator to RenderText
so that all RenderText calls are covered. Few safe instances are
now covered with uncheckedCharacterAt.

Merged from Blink:
http://src.chromium.org/viewvc/blink?view=revision&revision=150830

Test: fast/text/character-at-crash.html

rendering/InlineIterator.h:

(WebCore::InlineIterator::characterAt):

rendering/RenderText.cpp:

(WebCore::RenderText::computePreferredLogicalWidths):

rendering/RenderText.h:

(WebCore::RenderText::operator[]):
(WebCore::RenderText::uncheckedCharacterAt):
(WebCore::RenderText::characterAt):

LayoutTests:

Move characterAt index checks from InlineIterator to RenderText
so that all RenderText calls are covered. Few safe instances are
now covered with uncheckedCharacterAt.

Merged from Blink:
http://src.chromium.org/viewvc/blink?view=revision&revision=150830

Reviewed by Simon Fraser.

fast/text/character-at-crash-expected.txt: Added.
fast/text/character-at-crash.html: Added.

1:10 AM Changeset in webkit [167216] by timothy_horton@apple.com

8 edits in trunk/Source

Support setting a background color on page overlays
https://bugs.webkit.org/show_bug.cgi?id=131600

Reviewed by Darin Adler.

WebProcess/WebPage/PageOverlay.cpp:

(WebKit::PageOverlay::PageOverlay):
(WebKit::PageOverlay::bounds):
(WebKit::PageOverlay::startFadeInAnimation):
(WebKit::PageOverlay::startFadeOutAnimation):
(WebKit::PageOverlay::startFadeAnimation):
(WebKit::PageOverlay::fadeAnimationTimerFired):
Minor style adjustments.
Use more references everywhere.

(WebKit::PageOverlay::setBackgroundColor):
(WebKit::PageOverlay::setNeedsDisplay):

WebProcess/WebPage/PageOverlay.h:

(WebKit::PageOverlay::backgroundColor):
Keep track of our background color, and push it down to the page overlay controller if we have one.

WebProcess/WebPage/PageOverlayController.cpp:

(WebKit::updateOverlayGeometry):
(WebKit::PageOverlayController::clearPageOverlay):
Page overlays will always have the right size, and just use drawsContents to determine
whether or not they should tile/have backing store/etc.

(WebKit::PageOverlayController::installPageOverlay):
(WebKit::PageOverlayController::didChangeOverlayBackgroundColor):
Set the background color of the layer.

WebProcess/WebPage/PageOverlayController.h:

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
References!

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::setDocumentOverlayRootLayer):
Mark the compositing tree as needing a rebuild when we get a new document-relative
overlay layer; otherwise we were depending on something else coming along and
requiring a rebuild, which didn't always happen.

12:50 AM Changeset in webkit [167215] by mihnea@adobe.com

4 edits
2 adds in trunk

[CSS Regions] Hit testing doesn't work in video
https://bugs.webkit.org/show_bug.cgi?id=131485

Reviewed by Andrei Bucur.

Source/WebCore:

When hit testing flow thread layer through the region layer,
we have to pass the depth sorting information and take that
into account for the situation in which an ancestor of the region
has preserve-3d transform style.

Test: fast/regions/hit-test-region-preserve3d-container.html

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::hitTestFlowThreadIfRegionForFragments):

rendering/RenderLayer.h:

LayoutTests:

fast/regions/hit-test-region-preserve3d-container-expected.txt: Added.
fast/regions/hit-test-region-preserve3d-container.html: Added.

12:28 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

12:28 AM Changeset in webkit [167214] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebKit2

Merge r167128 - wk2-gtk does not display anything
https://bugs.webkit.org/show_bug.cgi?id=125558

Reviewed by Martin Robinson.

Remove fcntl call to set access mode flags on the duplicated files
descriptor. Those flags are ignored in Linux and make fcntl to
fail in FreeBSD. We should handle the case where the passed
protection is ReadOnly.
Thanks to Raphael Kubo da Costa who proposed the solution.

Platform/unix/SharedMemoryUnix.cpp:

(WebKit::SharedMemory::createHandle):
(WebKit::accessModeFile): Deleted.

12:19 AM Changeset in webkit [167213] by commit-queue@webkit.org

51 edits
9 adds in trunk/LayoutTests

Update html5lib test data to latest version
https://bugs.webkit.org/show_bug.cgi?id=131588

Patch by Koji Ishii <kojishi@gmail.com> on 2014-04-14
Reviewed by Darin Adler.

This patch imports the latest version of the "dat" files from
https://github.com/html5lib/html5lib-tests
Also updated expected files for failures of new tests.

html5lib/generated/run-adoption01-data-expected.txt: Passes now as a bug in the test was fixed.
html5lib/generated/run-adoption01-write-expected.txt: Supressed new failures.
html5lib/generated/run-inbody01-data-expected.txt: Added.
html5lib/generated/run-inbody01-data.html: Added.
html5lib/generated/run-inbody01-write-expected.txt: Added.
html5lib/generated/run-inbody01-write.html: Added.
html5lib/generated/run-main-element-data-expected.txt: Added.
html5lib/generated/run-main-element-data.html: Added.
html5lib/generated/run-main-element-write-expected.txt: Added.
html5lib/generated/run-main-element-write.html: Added.
html5lib/generated/run-template-data-expected.txt: Supressed new failures.
html5lib/generated/run-template-write-expected.txt: Supressed new failures.
html5lib/generated/run-tests21-data-expected.txt: Supressed new failures.
html5lib/generated/run-tests21-write-expected.txt: Supressed new failures.
html5lib/generated/run-tests25-data-expected.txt: Supressed new failures.
html5lib/generated/run-tests25-write-expected.txt: Supressed new failures.
html5lib/resources/adoption01.dat:
html5lib/resources/adoption02.dat:
html5lib/resources/comments01.dat:
html5lib/resources/doctype01.dat:
html5lib/resources/domjs-unsafe.dat:
html5lib/resources/entities01.dat:
html5lib/resources/entities02.dat:
html5lib/resources/html5test-com.dat:
html5lib/resources/inbody01.dat:
html5lib/resources/isindex.dat:
html5lib/resources/main-element.dat: Added.
html5lib/resources/pending-spec-changes-plain-text-unsafe.dat:
html5lib/resources/pending-spec-changes.dat:
html5lib/resources/plain-text-unsafe.dat:
html5lib/resources/scriptdata01.dat:
html5lib/resources/tables01.dat:
html5lib/resources/template.dat:
html5lib/resources/tests1.dat:
html5lib/resources/tests10.dat:
html5lib/resources/tests14.dat:
html5lib/resources/tests15.dat:
html5lib/resources/tests16.dat:
html5lib/resources/tests17.dat:
html5lib/resources/tests18.dat:
html5lib/resources/tests19.dat:
html5lib/resources/tests2.dat:
html5lib/resources/tests20.dat:
html5lib/resources/tests21.dat:
html5lib/resources/tests22.dat:
html5lib/resources/tests23.dat:
html5lib/resources/tests25.dat:
html5lib/resources/tests26.dat:
html5lib/resources/tests3.dat:
html5lib/resources/tests4.dat:
html5lib/resources/tests5.dat:
html5lib/resources/tests6.dat:
html5lib/resources/tests7.dat:
html5lib/resources/tests8.dat:
html5lib/resources/tests9.dat:
html5lib/resources/tests_innerHTML_1.dat:
html5lib/resources/tricky01.dat:
html5lib/resources/webkit01.dat:
html5lib/resources/webkit02.dat:

12:17 AM Changeset in webkit [167212] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.4

Merge r167185 - [SOUP] Libsoup internal credential setting should be controlled by loader decision
https://bugs.webkit.org/show_bug.cgi?id=130963

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-12
Reviewed by Darin Adler.

Source/WebCore:

Disabled libsoup internal authentication manager for messages for which no credential is available and no stored credentials should be used.
Updated synchronous loader to return whether using credentials or not according StoredCredential loader option parameter.
Unskipped test http/tests/xmlhttprequest/cross-origin-no-authorization.html covers the patch.

platform/network/ResourceHandleInternal.h:

(WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader): Added m_storedCredentials member.
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage): Return true if stored credentials are allowed.
(WebCore::applyAuthenticationToRequest): Set m_useAuthenticationManager value to disable authentication manager if cannot use stored credentials and ResourceHandleInternal has no username and password.
(WebCore::createSoupMessageForHandleAndRequest): Disable authentication mananger according m_useAuthenticationManager value.
(WebCore::ResourceHandle::platformLoadResourceSynchronously): Added StoredCredentials loader option to the sync loader constructor.

Source/WebKit/efl:

WebCoreSupport/FrameLoaderClientEfl.cpp:

(WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true

LayoutTests:

platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
platform/gtk/TestExpectations: Ditto.

Apr 13, 2014:

11:58 PM Changeset in webkit [167211] by Darin Adler

6 edits
1 add in trunk

userVisibleString should not try to "encode" host names
https://bugs.webkit.org/show_bug.cgi?id=131587
rdar://problem/14686849

Reviewed by Alexey Proskuryakov.

Source/WebCore:

WebCore.exp.in: Updated for WebCoreNSURLExtras argument type changes.

platform/mac/WebCoreNSURLExtras.h: Removed unneeded code to make this

Objective-C++ header compile in plain C++ files, which we never need to do.
Added missing argument name, baseURL, and changed mysterious CFIndex arguments
to the correct type, CFURLComponentType.

platform/mac/WebCoreNSURLExtras.mm:

(WebCore::isLookalikeCharacter): Removed the inline keyword from this, and added
more lookalike characters from the Mozilla list referenced here.
(WebCore::URLByTruncatingOneCharacterBeforeComponent): Updated argument type.
(WebCore::dataForURLComponentType): Ditto.
(WebCore::userVisibleString): Only call mapHostNames if host name decoding is
needed; no encoding here.

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Added URLExtras.mm.

TestWebKitAPI/Tests/mac/URLExtras.mm: Added. A few tests for WebCoreNSURLExtras.

Coverage is tiny at this point; we could add a lot more cases!

11:55 PM Changeset in webkit [167210] by Darin Adler

14 edits
2 adds in trunk

REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
https://bugs.webkit.org/show_bug.cgi?id=126322

Reviewed by Ryosuke Niwa.

Source/WebCore:

dom/Element.cpp:

(WebCore::Element::canContainRangeEndPoint): Now returns false when the role of the element
is "img". This is the same rule that's hard-coded in isRenderReplacedElement for the same
reason. Need more test coverage to make sure this role feature works consistently.

dom/Element.h: Made canContainRangeEndPoint no longer inline since it's not just a

return statement any more.

dom/Position.cpp:

(WebCore::Position::isCandidate): Took out code that calls isRendererReplacedElement
that was added in r158617; not needed now that we updated canContainRangeEndPoint.

dom/Range.cpp:

(WebCore::Range::firstNode): Removed code here that called isRendererReplacedElement.
This was the wrong level to be adding editing logic, and there's a FIXME here to that
effect, which we are now deleting. This was the change that broke Find.

editing/TextIterator.cpp: Added a comment about the redundancy between the

isRendererReplacedElement and editingIgnoresContent functions.

html/HTMLHRElement.cpp:

(WebCore::HTMLHRElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have child nodes. Lets Element::canContainRangeEndPoint
do its thing.

html/HTMLHRElement.h: Ditto.

html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::canContainRangeEndPoint): Call through to base class instead
of just returning true when we have fallback content. Lets Element::canContainRangeEndPoint
do its thing.

html/HTMLObjectElement.h: Ditto.

testing/Internals.cpp:

(WebCore::Internals::countMatchesForText): Set the limit to 1000 instead of infinite.

LayoutTests:

editing/text-iterator/count-matches-in-form-expected.txt: Added.
editing/text-iterator/count-matches-in-form.html: Added.

fast/text/window-find.html: Tweaked the test a bit, making it a little easier to

see if the test hasn't even run.

11:55 PM WebKitGTK/2.4.x edited by Philippe Normand

(diff)

10:35 PM April 2014 Meeting edited by rniwa@webkit.org

Add my intentions to attend talks/hackathons (diff)

10:29 PM Changeset in webkit [167209] by ljaehun.lim@samsung.com

2 edits in trunk/Tools

Use #include instead of #import
https://bugs.webkit.org/show_bug.cgi?id=131604

Reviewed by Darin Adler.

Fix "warning: #import is a deprecated GCC extension [-Wdeprecated]".

TestWebKitAPI/Tests/WTF/StringView.cpp:

9:28 PM Changeset in webkit [167208] by Darin Adler

6 edits in trunk/Source/WebCore

Use unique_ptr for FillLayer::m_next
https://bugs.webkit.org/show_bug.cgi?id=75222

Reviewed by Dan Bernstein.

css/DeprecatedStyleBuilder.cpp:

(WebCore::ApplyPropertyFillLayer::applyInheritValue):
Renamed currChild to just child and prevChild to previousChild.
Changed code to pass ownership of the new FillLayer immediately.
Changed some loops to be for loops.
(WebCore::ApplyPropertyFillLayer::applyInitialValue): Ditto.
(WebCore::ApplyPropertyFillLayer::applyValue): Ditto.

rendering/RenderBox.cpp:

(WebCore::RenderBox::backgroundHasOpaqueTopLayer): Use reference
instead of pointer.
(WebCore::RenderBox::paintFillLayers): Ditto.

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintFillLayerExtended): Ditto.

rendering/style/FillLayer.cpp:

(WebCore::FillLayer::FillLayer): Removed m_next initializer since it is now an
OwnPtr and initializes automatically. In a couple other places, changed m_next
initializer to use make_unique.
(WebCore::FillLayer::~FillLayer): Wrote loop for deletion of m_next.
(WebCore::FillLayer::operator=): Removed unneeded explicit deletion of m_next.
(WebCore::FillLayer::cullEmptyLayers): Ditto.
(WebCore::clipMax): Marked inline.
(WebCore::FillLayer::computeClipMax): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::containsImage): Ditto.
(WebCore::FillLayer::imagesAreLoaded): Ditto.
(WebCore::FillLayer::hasOpaqueImage): Rewrote to use && instead of multiple if.
(WebCore::FillLayer::hasImage): Rewrote to use a loop instead of recursion.
(WebCore::FillLayer::hasFixedImage): Ditto.

rendering/style/FillLayer.h: Changed m_next to be a unique_ptr.

7:57 PM Changeset in webkit [167207] by aestes@apple.com

15 edits
1 add in trunk/Source

[QuickLook] Move file system-related code into WebKit
https://bugs.webkit.org/show_bug.cgi?id=131597

Reviewed by Dan Bernstein.

Source/WebCore:

QuickLookHandle should not be responsible for saving a copy of the
original document to disk as it might be running in a process that
either can't write to disk or can only write into a sandboxed
container. To account for this, we need to separate the concern of
quick look conversion from that of original document saving so that
each activity can run in the appropriate process.

Created a new interface between WebCore and WebKit by adding a client
(QuickLookHandleClient) to QuickLookHandle which is notified of incoming
bytes. A new function on FrameLoaderClient tells WebKit when a new
QuickLookHandle is created, giving WebKit the opportunity to register a
handle client. Moved the existing file system-related code as well as
code only needed by WebKit1 in QuickLookHandle into a new WebKit1
QuickLookHandleClient subclass.

WebCore.exp.in:
WebCore.xcodeproj/project.pbxproj: Made QuickLookHandleClient.h Private.
loader/FrameLoaderClient.h:

(WebCore::FrameLoaderClient::didCreateQuickLookHandle): Added.

loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didCreateQuickLookHandle): Called FrameLoaderClient::didCreateQuickLookHandle().

loader/ResourceLoader.h:
platform/network/ResourceHandle.h: Made m_quickLook a unique_ptr.

(WebCore::ResourceHandle::setQuickLookHandle): Changed to take a unique_ptr.

platform/network/ResourceHandleClient.h:

(WebCore::ResourceHandleClient::didCreateQuickLookHandle): Added.

platform/network/ios/QuickLook.h: Added m_client, gave m_converter a stronger type, and made m_nsResponse a RetainPtr.

(WebCore::QuickLookHandle::setClient): Added.
(WebCore::QuickLookHandle::firstRequestURL): Added.
(WebCore::QuickLookHandle::converter): Added.

platform/network/ios/QuickLook.mm:

(WebCore::registerQLPreviewConverterIfNeeded):
(WebCore::createTemporaryFileForQuickLook): Made non-static.
(WebCore::emptyClient): Returned a shared empty QuickLookHandleClient.
(WebCore::QuickLookHandle::QuickLookHandle): Removed file system and WebKit1-only code.
(WebCore::QuickLookHandle::create): Changed to return a unique_ptr.
(WebCore::QuickLookHandle::nsResponse):
(WebCore::QuickLookHandle::didReceiveDataArray): Removed file system code and called QuickLookHandleClient::didReceiveDataArray() instead.
(WebCore::QuickLookHandle::didReceiveData): Removed file system code and called QuickLookHandleClient::didReceiveData() instead.
(WebCore::QuickLookHandle::didFinishLoading): Removed file system code and called QuickLookHandleClient::didFinishLoading() instead.
(WebCore::QuickLookHandle::didFail): Removed file system and WebKit1-only code, calling QuickLookHandleClient::didFail() instead.
(WebCore::QuickLookHandle::~QuickLookHandle): Removed file system and WebKit1-only code. Cleared our reference to m_client.
(WebCore::QuickLookHandle::previewFileName): Retrieved from m_converter.
(WebCore::QuickLookHandle::previewRequestURL): Ditto.

platform/network/ios/QuickLookHandleClient.h: Added.

(WebCore::QuickLookHandleClient::~QuickLookHandleClient):
(WebCore::QuickLookHandleClient::didReceiveDataArray):
(WebCore::QuickLookHandleClient::didReceiveData):
(WebCore::QuickLookHandleClient::didFinishLoading):
(WebCore::QuickLookHandleClient::didFail):

Source/WebKit/mac:

Moved file system and WebKit1-only code from QuickLookHandle into a new
QuickLookHandleClient subclass.

WebCoreSupport/WebFrameLoaderClient.h:
WebCoreSupport/WebFrameLoaderClient.mm:

Source/WebKit2:

WebProcess/Network/WebResourceLoader.h: Made m_quickLookHandle a unique_ptr.
WebProcess/ios/WebResourceLoaderIOS.mm:

(WebKit::WebResourceLoader::setUpQuickLookHandleIfNeeded):

6:35 PM Changeset in webkit [167206] by aestes@apple.com

2 edits in trunk/Source/WTF

Relax adoption requirements of RefCounted objects that are NeverDestroyed
https://bugs.webkit.org/show_bug.cgi?id=131593

Reviewed by Dan Bernstein.

RefCounted objects that are created by NeverDestroyed<> won't have a
RefPtr adopting them, so call relaxAdoptionRequirements().

wtf/NeverDestroyed.h:

(WTF::NeverDestroyed::NeverDestroyed):
(WTF::NeverDestroyed::MaybeRelax::MaybeRelax):

5:02 PM Changeset in webkit [167205] by ggaren@apple.com

3 edits
12 adds in trunk/PerformanceTests

Added some website recordings to MallocBench -- taken from Membuster
https://bugs.webkit.org/show_bug.cgi?id=131601

Reviewed by Ryosuke Niwa.

Added flickr, reddit, and theverge -- each recorded from Membuster's
cache, with and without sending Safari a low memory warning.

MallocBench/MallocBench.xcodeproj/project.pbxproj:
MallocBench/MallocBench/Benchmark.cpp:
MallocBench/MallocBench/flickr.cpp: Added.

(benchmark_flickr):
(benchmark_flickr_memory_warning):

MallocBench/MallocBench/flickr.h: Added.
MallocBench/MallocBench/flickr.ops: Added.
MallocBench/MallocBench/flickr_memory_warning.ops: Added.
MallocBench/MallocBench/reddit.cpp: Added.

(benchmark_reddit):
(benchmark_reddit_memory_warning):

MallocBench/MallocBench/reddit.h: Added.
MallocBench/MallocBench/reddit.ops: Added.
MallocBench/MallocBench/reddit_memory_warning.ops: Added.
MallocBench/MallocBench/theverge.cpp: Added.

(benchmark_theverge):
(benchmark_theverge_memory_warning):

MallocBench/MallocBench/theverge.h: Added.
MallocBench/MallocBench/theverge.ops: Added.
MallocBench/MallocBench/theverge_memory_warning.ops: Added.

4:28 PM Changeset in webkit [167204] by ggaren@apple.com

3 edits in trunk/Source/bmalloc

Fixed some mbmalloc exports
https://bugs.webkit.org/show_bug.cgi?id=131599

Reviewed by Ryosuke Niwa.

bmalloc.xcodeproj/project.pbxproj: Made some headers a private part

of the project, so we can call them from API.

bmalloc/mbmalloc.cpp: Marked the mbmalloc functions with default

visibility, so they show up as exported in the .dylib.

4:21 PM Changeset in webkit [167203] by ggaren@apple.com

4 edits in trunk/PerformanceTests

MallocBench record/replay should support realloc
https://bugs.webkit.org/show_bug.cgi?id=131598

Reviewed by Ryosuke Niwa.

MallocBench/MallocBench.xcodeproj/project.pbxproj: Fixed some linkage

issues that caused us not to fully link to system malloc in the default
case. Also marked mbmalloc.dylib as required so the error message will
be clearer if we mess up.

MallocBench/MallocBench/Interpreter.cpp:

(Interpreter::run):

MallocBench/MallocBench/Interpreter.h: Added the realloc case, and

upgraded one-letter names to full words.

4:03 PM April 2014 Meeting edited by rniwa@webkit.org

Add a hackathon to import more w3c tests (diff)

1:02 PM Changeset in webkit [167202] by aestes@apple.com

2 edits in trunk/Source/WebKit2

REGRESSION (r167164): -[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:] _block_invoke can access a deallocated completionHandler
https://bugs.webkit.org/show_bug.cgi?id=131595

Reviewed by Dan Bernstein.

Make a copy of completionHandler and release it after we're done with it.

Shared/mac/CookieStorageShim.mm:

(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

12:23 PM Changeset in webkit [167201] by psolanki@apple.com

5 edits in trunk/Source/WebKit2

Don't use ImportanceAssertion on iOS
https://bugs.webkit.org/show_bug.cgi?id=131481
<rdar://problem/16575830>

Reviewed by Darin Adler.

We have other API to mark processes as being in use on iOS. No need to use ImportanceAssertion.

Platform/IPC/MessageDecoder.cpp:
Platform/IPC/MessageDecoder.h:
Platform/IPC/mac/ConnectionMac.cpp:

(IPC::Connection::receiveSourceEventHandler):

Platform/IPC/mac/ImportanceAssertion.h:

12:20 PM Changeset in webkit [167200] by psolanki@apple.com

3 edits in trunk/Source/WebCore

Move early return out of dispatch_async() block so we can return from willSendRequest quickly
https://bugs.webkit.org/show_bug.cgi?id=131478
<rdar://problem/16575535>

Reviewed by Alexey Proskuryakov.

Do a quick check to see if we need to synthesize the redirect response on the dispatch queue
and return from willSendRequest callback quickly instead of always doing an effectively synchronous
call to the main thread. We can't call synthesizeRedirectResponseIfNecessary on the dispatch
queue since that accesses the ResourceRequest.

No new tests because no change in functionality.

platform/network/cf/ResourceHandleCFURLConnectionDelegate.h:
platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:

(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::setupRequest): Save the
request scheme to use later for early return from willSendRequest.
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):

11:01 AM Changeset in webkit [167199] by oliver@apple.com

70 edits
3 adds
2 deletes in trunk

Rewrite Function.bind as a builtin
https://bugs.webkit.org/show_bug.cgi?id=131083

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This change removes the existing function.bind implementation
entirely so JSBoundFunction is no more.

Instead we just return a regular JS closure with a few
private properties hanging off it that allow us to perform
the necessary bound function fakery. While most of this is
simple, a couple of key changes:

The parser and lexer now directly track whether they're parsing code for call or construct and convert the private name @IsConstructor into TRUETOK or FALSETOK as appropriate. This automatically gives us the ability to vary behaviour from within the builtin. It also leaves a lot of headroom for trivial future improvements.
The instanceof operator now uses the prototypeForHasInstance private name, and we have a helper function to ensure that all objects that need to can update their magical 'prototype' property pair correctly.

API/JSScriptRef.cpp:

(parseScript):

JavaScriptCore.xcodeproj/project.pbxproj:
builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createBuiltinExecutable):

builtins/Function.prototype.js:

(bind.bindingFunction):
(bind.else.bindingFunction):
(bind):

bytecode/UnlinkedCodeBlock.cpp:

(JSC::generateFunctionCodeBlock):

bytecompiler/NodesCodegen.cpp:

(JSC::InstanceOfNode::emitBytecode):

interpreter/Interpreter.cpp:
parser/Lexer.cpp:

(JSC::Lexer<T>::Lexer):
(JSC::Lexer<LChar>::parseIdentifier):
(JSC::Lexer<UChar>::parseIdentifier):

parser/Lexer.h:
parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):

parser/Parser.h:

(JSC::parse):

parser/ParserModes.h:
runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

runtime/CommonIdentifiers.h:
runtime/Completion.cpp:

(JSC::checkSyntax):

runtime/Executable.cpp:

(JSC::ProgramExecutable::checkSyntax):

runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::addFunctionProperties):
(JSC::functionProtoFuncBind): Deleted.

runtime/JSBoundFunction.cpp: Removed.
runtime/JSBoundFunction.h: Removed.
runtime/JSFunction.cpp:

(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::defineOwnProperty):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::reset):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncSetTypeErrorAccessor):

runtime/JSGlobalObjectFunctions.h:
runtime/JSObject.h:

(JSC::JSObject::inlineGetOwnPropertySlot):

Source/WebCore:

Switch WebCore to use the helper functions when defining the
prototype properties on DOM constructors, and update bindings
tests accordingly.

bindings/js/JSImageConstructor.cpp:

(WebCore::JSImageConstructor::finishCreation):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorHelperMethods):

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObjectConstructor::finishCreation):

bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::JSTestCustomNamedGetterConstructor::finishCreation):

bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::finishCreation):

bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTargetConstructor::finishCreation):

bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::JSTestExceptionConstructor::finishCreation):

bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::JSTestGenerateIsReachableConstructor::finishCreation):

bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceConstructor::finishCreation):

bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):

bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorConstructor::finishCreation):
(WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):

bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::JSTestNodeConstructor::finishCreation):

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::JSTestObjConstructor::finishCreation):

bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):

bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):

bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsConstructor::finishCreation):

bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::JSattributeConstructor::finishCreation):

bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::JSreadonlyConstructor::finishCreation):

LayoutTests:

Testing.

js/dom/function-bind-expected.txt:
js/regress/function-bind-expected.txt: Added.
js/regress/function-bind.html: Added.
js/regress/script-tests/function-bind.js: Added.

(foo):

9:41 AM Changeset in webkit [167198] by Simon Fraser

2 edits in trunk/Source/WebCore

[iOS WK2] Hook up scrolling tree nodes when coming out of the page cache
https://bugs.webkit.org/show_bug.cgi?id=131577

Reviewed by Tim Horton.

The call to scrollingCoordinator->frameViewRootLayerDidChange() was inside
a #if !PLATFORM(IOS) block, but now that we use the ScrollingCoordinator
for WK2 we want to call this.

loader/HistoryController.cpp:

(WebCore::HistoryController::restoreScrollPositionAndViewState):

7:59 AM Changeset in webkit [167197] by zandobersek@gmail.com

2 edits in trunk/Source/WebCore

Unreviewed build fix after r167196.

platform/RemoteCommandListener.cpp:

(WebCore::RemoteCommandListener::create): Fall back to using the new operator
for allocating RemoteCommandListener object. Using std::make_unique() requires
for the operator to be public, which doesn't work well with the static create()
method.

7:18 AM Changeset in webkit [167196] by zandobersek@gmail.com

10 edits in trunk/Source/WebCore

Remove unnecessary uses of std::move() in return statements
https://bugs.webkit.org/show_bug.cgi?id=131457

Reviewed by Darin Adler.

Don't use std::move() in return statements unless necessary as it inhibits
named return value optimizations as performed by compilers.

Modules/battery/BatteryManager.cpp:

(WebCore::BatteryManager::create):

html/FormController.cpp:

(WebCore::FormController::createSavedFormStateMap):

html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::create):

platform/RemoteCommandListener.cpp:

(WebCore::RemoteCommandListener::create):

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayer::create):

platform/ios/RemoteCommandListenerIOS.mm:

(WebCore::RemoteCommandListener::create):

rendering/RenderGrid.cpp:

(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::setupFilters):

rendering/style/CounterDirectives.cpp:

(WebCore::clone):

4:23 AM Changeset in webkit [167195] by commit-queue@webkit.org

11 edits in trunk/Source

Unreviewed, rolling out r167168 and r167194.
https://bugs.webkit.org/show_bug.cgi?id=131589

Caused massive ASSERTION failures on the GTK Debug bot
(Requested by philn on #webkit).

Reverted changesets:

"[GTK] Add HighDPI support for non-accelerated compositing
contents"
https://bugs.webkit.org/show_bug.cgi?id=131562
http://trac.webkit.org/changeset/167168

Source/WebCore:

"Unreviewed. Fix GTK+ build with recent cairo and GTK+ after
r167168."
http://trac.webkit.org/changeset/167194

Source/WebKit2:

"Unreviewed. Fix GTK+ build with recent cairo and GTK+ after
r167168."
http://trac.webkit.org/changeset/167194

2:46 AM Changeset in webkit [167194] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ build with recent cairo and GTK+ after r167168.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseCreateWebPage):

2:33 AM Changeset in webkit [167193] by commit-queue@webkit.org

9 edits
4 adds in trunk

[GStreamer] No CORS support for media elements
https://bugs.webkit.org/show_bug.cgi?id=99037

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-13
Reviewed by Philippe Normand.

Source/WebCore:

Added CORS access control check to media sources when crossorigin attribute is set.

Added getter to CORS access control check status (used to compute whether the stream is tainted or not).
Related test is http/tests/security/video-cross-origin-readback.html.

Disabled access to cross-origin streams that fail CORS check when crossorigin attribute is set.
Related test is http/tests/security/video-cross-origin-accessfailure.html.

Tests: http/tests/security/video-cross-origin-accessfailure.html

http/tests/security/video-cross-origin-accesssameorigin.html

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck): Return whether media is cross-origin (tainted) or not by querying the gstreamer source layer.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Added MediaPlayerPrivateGStreamer::didPassCORSAccessCheck declaration.
platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Added webKitSrcPassedCORSAccessCheck declaration.

LayoutTests:

http/tests/security/video-cross-origin-accessfailure.html verifies that cross-origin streams that fail CORS check
are not played when crossorigin attribute is set.

http/tests/security/video-cross-origin-accesssameorigin.html verifies that access to same-origin streams

are played when crossorigin attribute is set.

http/tests/security/video-cross-origin-accessfailure-expected.txt: Added.
http/tests/security/video-cross-origin-accessfailure.html: Added.
http/tests/security/video-cross-origin-accesssameorigin-expected.txt: Added.
http/tests/security/video-cross-origin-accesssameorigin.html: Added.
platform/efl/TestExpectations: Enabled http/tests/security/video-cross-origin-readback.html.
platform/gtk/TestExpectations: Ditto.
platform/mac/TestExpectations: Disabled http/tests/security/video-cross-origin-accessfailure.html.

1:05 AM Changeset in webkit [167192] by Darin Adler

5 edits in trunk

REGRESSION (r166860): ASSERTION FAILED: !isCalculated() on fast/css/image-set-value-not-removed-crash.html
https://bugs.webkit.org/show_bug.cgi?id=131480

Reviewed by Andreas Kling.

Source/WebCore:

Fixes intermittent assertion failure in fast/css/image-set-value-not-removed-crash.html.

css/CSSComputedStyleDeclaration.cpp:

(WebCore::valueForImageSliceSide): Added. Helper used below in valueForNinePieceImageSlice.
Handles calculated values by returning 0; incorrect but predictable.
(WebCore::valueForNinePieceImageSlice): Updated to call valueForImageSliceSide.
(WebCore::positionOffsetValue): Use nullptr.
(WebCore::ComputedStyleExtractor::propertyValue): Updated to call positionOffsetValue
by its new name. Removed "get" from the name.
(WebCore::positionOffsetValue): Renamed from getPositionOffsetValue.

platform/Length.h: Made isCalculated public.

LayoutTests:

platform/mac/TestExpectations: Unskip the test now that the assertion is fixed.

Apr 12, 2014:

6:50 PM Changeset in webkit [167191] by fpizlo@apple.com

5 edits in trunk

Make slow-stress tests run faster by running fewer VM variants.

Rubber stamped by Geoffrey Garen.

Tools:

Scripts/run-javascriptcore-tests:
Scripts/run-jsc-stress-tests:

LayoutTests:

jsc-layout-tests.yaml:

4:59 PM Changeset in webkit [167190] by aestes@apple.com

3 edits in trunk/Source/WebCore

Fix the iOS build after r167183.

platform/network/ResourceHandle.h:
platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::schedule):
(WebCore::ResourceHandle::unschedule):

4:01 PM Changeset in webkit [167189] by fpizlo@apple.com

16 edits
3 adds in trunk

Math.fround() should be an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=131583

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Makes programs that use Math.fround() run up to 6x faster.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsic):

dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::performNodeCSE):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArithFRound):

runtime/Intrinsic.h:
runtime/MathObject.cpp:

(JSC::MathObject::finishCreation):

LayoutTests:

Reviewed by Geoffrey Garen.

This test runs 4.4635x faster with the intrinsic.

js/regress/fround-expected.txt: Added.
js/regress/fround.html: Added.
js/regress/script-tests/fround.js: Added.

2:06 PM Changeset in webkit [167188] by aestes@apple.com

6 edits in trunk/Source

[iOS] Move QuickLookHandle from ResourceLoader to WebResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=131580

Reviewed by Darin Adler.

There's no need to bloat WebKit1's ResourceLoader with a pointer that
only WebKit2's WebResourceLoader cares about.

Source/WebCore:

loader/ResourceLoader.h:

(WebCore::ResourceLoader::quickLookHandle): Deleted.
(WebCore::ResourceLoader::setQuickLookHandle): Deleted.

Source/WebKit2:

WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):

WebProcess/Network/WebResourceLoader.h:
WebProcess/ios/WebResourceLoaderIOS.mm:

(WebKit::WebResourceLoader::setUpQuickLookHandleIfNeeded):

1:41 PM Changeset in webkit [167187] by fpizlo@apple.com

4 edits
1 add in trunk/Source/JavaScriptCore

FTL should use stackmap register liveness
https://bugs.webkit.org/show_bug.cgi?id=130791

Reviewed by Goeffrey Garen.

Enable the stackmap register liveness support by fixing the two last bugs:

If everything is dead after the patchpoint - a good possibility for a put_by_id - then we shouldn't crash due to a null scratch buffer.

Always consider callee-saves as if they were live. More precisely, we should consider those callee-saves that are not saved by the enclosing function to be live. For now we do the much simpler thing and consider callee-saves to be always live since it has minimal impact on the scratch register allocator. It will know not to preserve those for calls, anyway.

I tried writing a test for the null scratch buffer thing, but failed. I will land the
test anyway since it seems useful.

ftl/FTLCompile.cpp:

(JSC::FTL::usedRegistersFor):

jit/ScratchRegisterAllocator.cpp:

(JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBufferForCall):
(JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBufferForCall):

runtime/Options.h:
tests/stress/repeated-put-by-id-reallocating-transition.js: Added.

(foo):

1:06 PM Changeset in webkit [167186] by Chris Fleizach

2 edits in trunk/Source/WebCore

AX: Cleanup AccessibilityObject::getAttribute
https://bugs.webkit.org/show_bug.cgi?id=131555

Reviewed by Darin Adler.

No new functionality.

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::getAttribute):

1:01 PM Changeset in webkit [167185] by commit-queue@webkit.org

8 edits in trunk

[SOUP] Libsoup internal credential setting should be controlled by loader decision
https://bugs.webkit.org/show_bug.cgi?id=130963

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-04-12
Reviewed by Darin Adler.

Source/WebCore:

platform/network/ResourceHandleInternal.h:

(WebCore::ResourceHandleInternal::ResourceHandleInternal): Added m_useAuthenticationManager boolean to control whether disable authentication manager or not.

platform/network/soup/ResourceHandleSoup.cpp:

Source/WebKit/efl:

WebCoreSupport/FrameLoaderClientEfl.cpp:

(WebCore::FrameLoaderClientEfl::shouldUseCredentialStorage): Similarly to GTK, let soup/loader layer handle when to use credential storage. Return always true

LayoutTests:

platform/efl/TestExpectations: Unskipped http/tests/xmlhttprequest/cross-origin-no-authorization.html.
platform/gtk/TestExpectations: Ditto.

12:34 PM Changeset in webkit [167184] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

(before-mar-1-1000) In correct date creation prior to 1 Mar 1000
https://bugs.webkit.org/show_bug.cgi?id=129308

Patch by Tibor Meszaros <tmeszaros.u-szeged@partner.samsung.com> on 2014-04-12
Reviewed by Darin Adler.

js/date-constructor-expected.txt:
js/script-tests/date-constructor.js:

12:10 PM Changeset in webkit [167183] by Darin Adler

9 edits in trunk/Source/WebCore

Some small loader refinements and refactoring
https://bugs.webkit.org/show_bug.cgi?id=131541

Reviewed by Alexey Proskuryakov.

Cut down on use of ResourceLoader::handle, which always returns null when
using a network process. Also streamlined conditionals and did some other
small refactoring.

loader/DocumentLoader.h: Use references rather than pointers for SchedulePair.

loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didChangePriority): Use m_handle instead of handle(),
since we'd like to delete handle() entirely soon.
(WebCore::ResourceLoader::didReceiveAuthenticationChallenge): Ditto.
(WebCore::ResourceLoader::schedule): Added.
(WebCore::ResourceLoader::unschedule): Ditto.

loader/ResourceLoader.h: Rearranged header to eliminate nested conditionals.

Added schedule and unschedule functions for Mac.

loader/mac/DocumentLoaderMac.cpp:

(WebCore::scheduleAll): Changed to take a reference and call ResourceLoader::schedule.
(WebCore::unscheduleAll): Ditto.
(WebCore::DocumentLoader::schedule): Ditto.
(WebCore::DocumentLoader::unschedule): Ditto.

page/mac/PageMac.cpp:

(WebCore::Page::addSchedulePair): Pass a reference rather than a pointer to schedule.
(WebCore::Page::removeSchedulePair): Ditto.

platform/network/ResourceHandle.h: Did a bit of reformatting and reorganizing of

conditionals.

platform/network/ResourceHandleInternal.h: Removed a tiny bit of unneeded declaration.

platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::schedule): Updated to take a reference rather than a pointer.
(WebCore::ResourceHandle::unschedule): Ditto.

11:22 AM Changeset in webkit [167182] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

DFG::FixupPhase should insert conversion nodes after the rest of fixup so that we know how the types settled
https://bugs.webkit.org/show_bug.cgi?id=131424

Reviewed by Geoffrey Garen.

This defers type conversion injection until we've decided on types. This makes the
process of deciding types a bit more flexible - for example we can naturally fixpoint
and change our minds. Only when things are settled do we actually insert conversions.

This is a necessary prerequisite for keeping double, int52, and JSValue data flow
separate. A SetLocal/GetLocal will appear to be JSValue until we fixpoint and realize
that there are typed uses. If we were eagerly inserting type conversions then we would
first insert a to/from-JSValue conversion in some cases only to then replace it by
the other conversions. It's probably trivial to remove those redundant conversions later
but I think it's better if we don't insert them to begin with.

bytecode/CodeOrigin.h:

(JSC::CodeOrigin::operator!):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::run):
(JSC::DFG::FixupPhase::fixupBlock):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
(JSC::DFG::FixupPhase::fixEdge):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::injectTypeConversionsInBlock):
(JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
(JSC::DFG::FixupPhase::addRequiredPhantom):
(JSC::DFG::FixupPhase::addPhantomsIfNecessary):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):
(JSC::DFG::FixupPhase::observeUntypedEdge): Deleted.
(JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock): Deleted.
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode): Deleted.

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed