Timeline



Jul 25, 2014:

10:59 PM Changeset in webkit [171644] by fpizlo@apple.com
  • 2 edits in trunk/Source/WTF

Attempt to fix Windows.

  • wtf/text/WTFString.h:
10:44 PM Changeset in webkit [171643] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Attempt to fix non-Xcode platforms.

10:37 PM Changeset in webkit [171642] by fpizlo@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

Fix cloop.

  • bytecode/CodeBlock.cpp:

(JSC::dumpChain):
(JSC::CodeBlock::printPutByIdCacheStatus):

  • bytecode/StructureSet.cpp:
  • bytecode/StructureSet.h:
10:18 PM Changeset in webkit [171641] by fpizlo@apple.com
  • 86 edits
    53 adds
    3 deletes in trunk

Merge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376, r170382, r170383, r170399, r170436, r170489, r170490, r170556 from ftlopt.

Source/JavaScriptCore:

2014-06-27 Michael Saboff <msaboff@apple.com>


Unreviewed build fix after r169795.


Fixed ASSERT for 32 bit build.


  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):


2014-06-24 Saam Barati <sbarati@apple.com>


Web Inspector: debugger should be able to show variable types
https://bugs.webkit.org/show_bug.cgi?id=133395


Reviewed by Filip Pizlo.


Increase the amount of type information the VM gathers when directed
to do so. This initial commit is working towards the goal of
capturing, and then showing (via the Web Inspector) type information for all
assignment and load operations. This patch doesn't have the feature fully
implemented, but it ensures the VM has no performance regressions
unless the feature is specifically turned on.


  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::finalizeUnconditionally):
  • bytecode/CodeBlock.h:
  • bytecode/Instruction.h:
  • bytecode/TypeLocation.h: Added. (JSC::TypeLocation::TypeLocation):
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitMove): (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): (JSC::BytecodeGenerator::emitPutToScope): (JSC::BytecodeGenerator::emitPutById): (JSC::BytecodeGenerator::emitPutByVal):
  • bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity):
  • bytecompiler/NodesCodegen.cpp: (JSC::PostfixNode::emitResolve): (JSC::PrefixNode::emitResolve): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::ConstDeclNode::emitCodeSingle): (JSC::ForInNode::emitBytecode):
  • heap/Heap.cpp: (JSC::Heap::collect):
  • inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange):
  • inspector/agents/InspectorRuntimeAgent.h:
  • inspector/protocol/Runtime.json:
  • jsc.cpp: (GlobalObject::finishCreation): (functionDumpTypesForAllVariables):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::putToScopeCommon):
  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • runtime/HighFidelityLog.cpp: Added. (JSC::HighFidelityLog::initializeHighFidelityLog): (JSC::HighFidelityLog::~HighFidelityLog): (JSC::HighFidelityLog::recordTypeInformationForLocation): (JSC::HighFidelityLog::processHighFidelityLog): (JSC::HighFidelityLog::actuallyProcessLogThreadFunction):
  • runtime/HighFidelityLog.h: Added. (JSC::HighFidelityLog::HighFidelityLog):
  • runtime/HighFidelityTypeProfiler.cpp: Added. (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::insertNewLocation): (JSC::HighFidelityTypeProfiler::getLocationBasedHash):
  • runtime/HighFidelityTypeProfiler.h: Added.
  • runtime/Options.h:
  • runtime/Structure.cpp: (JSC::Structure::toStructureShape):
  • runtime/Structure.h:
  • runtime/SymbolTable.cpp: (JSC::SymbolTable::SymbolTable): (JSC::SymbolTable::cloneCapturedNames): (JSC::SymbolTable::uniqueIDForVariable): (JSC::SymbolTable::uniqueIDForRegister): (JSC::SymbolTable::globalTypeSetForRegister): (JSC::SymbolTable::globalTypeSetForVariable):
  • runtime/SymbolTable.h: (JSC::SymbolTable::add): (JSC::SymbolTable::set):
  • runtime/TypeSet.cpp: Added. (JSC::TypeSet::TypeSet): (JSC::TypeSet::getRuntimeTypeForValue): (JSC::TypeSet::addTypeForValue): (JSC::TypeSet::removeDuplicatesInStructureHistory): (JSC::TypeSet::seenTypes): (JSC::TypeSet::dumpSeenTypes): (JSC::StructureShape::StructureShape): (JSC::StructureShape::markAsFinal): (JSC::StructureShape::addProperty): (JSC::StructureShape::propertyHash): (JSC::StructureShape::leastUpperBound): (JSC::StructureShape::stringRepresentation):
  • runtime/TypeSet.h: Added. (JSC::StructureShape::create): (JSC::TypeSet::create):
  • runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::getTypesForVariableInRange): (JSC::VM::updateHighFidelityTypeProfileState): (JSC::VM::dumpHighFidelityProfilingTypes):
  • runtime/VM.h: (JSC::VM::isProfilingTypesWithHighFidelity): (JSC::VM::highFidelityLog): (JSC::VM::highFidelityTypeProfiler): (JSC::VM::nextLocation): (JSC::VM::getNextUniqueVariableID):


2014-06-26 Mark Lam <mark.lam@apple.com>


Remove unused instantiation of the WithScope structure.
<https://webkit.org/b/134331>


Reviewed by Oliver Hunt.


The WithScope structure instance is the VM is unused, and is now removed.


  • runtime/VM.cpp: (JSC::VM::VM):
  • runtime/VM.h:


2014-06-25 Mark Hahnenberg <mhahnenberg@apple.com>


Structure bit fields should have a consistent format
https://bugs.webkit.org/show_bug.cgi?id=134307


Reviewed by Filip Pizlo.


Currently we use C-style bit fields for a number of member variables in Structure to save space.
This makes it difficult to load these fields in the JIT. We should instead use our own bitfield
format to make it easy to load and test these variables in JIT code.


  • runtime/JSObject.cpp: (JSC::JSObject::putDirectNonIndexAccessor): (JSC::JSObject::reifyStaticFunctionsForDelete):
  • runtime/Structure.cpp: (JSC::StructureTransitionTable::contains): (JSC::StructureTransitionTable::get): (JSC::StructureTransitionTable::add): (JSC::Structure::Structure): (JSC::Structure::materializePropertyMap): (JSC::Structure::addPropertyTransition): (JSC::Structure::despecifyFunctionTransition): (JSC::Structure::toDictionaryTransition): (JSC::Structure::freezeTransition): (JSC::Structure::preventExtensionsTransition): (JSC::Structure::takePropertyTableOrCloneIfPinned): (JSC::Structure::nonPropertyTransition): (JSC::Structure::flattenDictionaryStructure): (JSC::Structure::addPropertyWithoutTransition): (JSC::Structure::pin): (JSC::Structure::allocateRareData): (JSC::Structure::cloneRareDataFrom): (JSC::Structure::getConcurrently): (JSC::Structure::putSpecificValue): (JSC::Structure::getPropertyNamesFromStructure): (JSC::Structure::visitChildren): (JSC::Structure::checkConsistency):
  • runtime/Structure.h: (JSC::Structure::isExtensible): (JSC::Structure::isDictionary): (JSC::Structure::isUncacheableDictionary): (JSC::Structure::propertyAccessesAreCacheable): (JSC::Structure::previousID): (JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck): (JSC::Structure::setContainsReadOnlyProperties): (JSC::Structure::disableSpecificFunctionTracking): (JSC::Structure::objectToStringValue): (JSC::Structure::setObjectToStringValue): (JSC::Structure::setPreviousID): (JSC::Structure::clearPreviousID): (JSC::Structure::previous): (JSC::Structure::rareData): (JSC::Structure::didTransition): Deleted. (JSC::Structure::hasGetterSetterProperties): Deleted. (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): Deleted. (JSC::Structure::setHasGetterSetterProperties): Deleted. (JSC::Structure::hasNonEnumerableProperties): Deleted. (JSC::Structure::staticFunctionsReified): Deleted. (JSC::Structure::setStaticFunctionsReified): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::setEnumerationCache): (JSC::Structure::enumerationCache): (JSC::Structure::checkOffsetConsistency):


2014-06-24 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • debugger/DebuggerActivation.cpp: Removed.
  • debugger/DebuggerActivation.h: Removed.
  • debugger/DebuggerScope.cpp: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.cpp. (JSC::DebuggerScope::DebuggerScope): (JSC::DebuggerScope::finishCreation): (JSC::DebuggerScope::visitChildren): (JSC::DebuggerScope::className): (JSC::DebuggerScope::getOwnPropertySlot): (JSC::DebuggerScope::put): (JSC::DebuggerScope::deleteProperty): (JSC::DebuggerScope::getOwnPropertyNames): (JSC::DebuggerScope::defineOwnProperty): (JSC::DebuggerActivation::DebuggerActivation): Deleted. (JSC::DebuggerActivation::finishCreation): Deleted. (JSC::DebuggerActivation::visitChildren): Deleted. (JSC::DebuggerActivation::className): Deleted. (JSC::DebuggerActivation::getOwnPropertySlot): Deleted. (JSC::DebuggerActivation::put): Deleted. (JSC::DebuggerActivation::deleteProperty): Deleted. (JSC::DebuggerActivation::getOwnPropertyNames): Deleted. (JSC::DebuggerActivation::defineOwnProperty): Deleted.
  • debugger/DebuggerScope.h: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.h. (JSC::DebuggerScope::create): (JSC::DebuggerActivation::create): Deleted.
  • runtime/VM.cpp: (JSC::VM::VM):
  • runtime/VM.h:


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] PutByIdFlush can also be converted to a PutByOffset so don't assert otherwise
https://bugs.webkit.org/show_bug.cgi?id=134265


Reviewed by Geoffrey Garen.


More assertion fallout from the PutById folding work.


  • dfg/DFGNode.h: (JSC::DFG::Node::convertToPutByOffset):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] GC should notify us if it resets to_this
https://bugs.webkit.org/show_bug.cgi?id=128231


Reviewed by Geoffrey Garen.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::finalizeUnconditionally):
  • bytecode/Instruction.h:
  • bytecode/ToThisStatus.cpp: Added. (JSC::merge): (WTF::printInternal):
  • bytecode/ToThisStatus.h: Added.
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] StructureAbstractValue::onlyStructure() should return nullptr if isClobbered()
https://bugs.webkit.org/show_bug.cgi?id=134256


Reviewed by Michael Saboff.


This isn't testable right now (i.e. it's benign) but we should get it right anyway. The
point is to be able to precisely model what goes on in the snippets of code between a
side-effect and an InvalidationPoint.


This patch also cleans up onlyStructure() by delegating more work to
StructureSet::onlyStructure().


  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::onlyStructure):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt][REGRESSION] PutById AI is introducing watchable structures without watching them
https://bugs.webkit.org/show_bug.cgi?id=134260


Reviewed by Geoffrey Garen.


This was causing loads of assertion failures in debug builds.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):


2014-06-21 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
https://bugs.webkit.org/show_bug.cgi?id=134090


Reviewed by Oliver Hunt.


This pretty much finishes off the work to eliminate the special-casing of singleton
structure sets by making it possible to fold GetById and PutById to various polymorphic
forms of the ByOffset nodes.


  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo): (JSC::GetByIdStatus::computeFor):
  • bytecode/GetByIdStatus.h:
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFor):
  • bytecode/PutByIdStatus.h:
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::constantChecks):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addChecks):
  • dfg/DFGNode.h: (JSC::DFG::Node::convertToMultiGetByOffset): (JSC::DFG::Node::convertToMultiPutByOffset):
  • dfg/DFGSpeculativeJIT64.cpp: Also convert all release assertions to DFG assertions in this file, because I was hitting some of them while debugging. (JSC::DFG::SpeculativeJIT::fillJSValue): (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): (JSC::DFG::SpeculativeJIT::emitCall): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict): (JSC::DFG::SpeculativeJIT::fillSpeculateInt52): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compileLogicalNot): (JSC::DFG::SpeculativeJIT::emitBranch): (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::set):


2014-06-19 Filip Pizlo <fpizlo@apple.com>


[ftlopt] StructureSet::onlyStructure() should return nullptr if it's not a singleton (instead of asserting)
https://bugs.webkit.org/show_bug.cgi?id=134077


Reviewed by Sam Weinig.


This makes StructureSet and StructureAbstractValue more consistent and fixes a debug assert
in the abstract interpreter.


  • bytecode/StructureSet.h: (JSC::StructureSet::onlyStructure):


2014-06-18 Filip Pizlo <fpizlo@apple.com>


DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
https://bugs.webkit.org/show_bug.cgi?id=133918


Reviewed by Mark Hahnenberg.


This also adds pruning of PutStructure, since I basically had no choice but
to implement such logic within MultiPutByOffset.


Also adds a bunch of PutById cache status dumping to bytecode dumping.


  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::dumpInContext):
  • bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::structureSet):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::oldStructure):
  • bytecode/StructureSet.cpp: (JSC::StructureSet::filter): (JSC::StructureSet::filterArrayModes):
  • bytecode/StructureSet.h:
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::changeStructure): (JSC::DFG::AbstractValue::contains):
  • dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::couldBeType): (JSC::DFG::AbstractValue::isType):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitGetByOffset): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::freezeStrong):
  • dfg/DFGGraph.h:
  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::operator=):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
  • tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):
  • tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):
  • tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):


2014-06-18 Mark Hahnenberg <mhahnenberg@apple.com>


Remove CompoundType and LeafType
https://bugs.webkit.org/show_bug.cgi?id=134037


Reviewed by Filip Pizlo.


We don't use them for anything. We'll replace them with a generic CellType type for all
the objects that are JSCells, aren't JSObjects, and for which we generally don't care about
their JSType at runtime.


  • llint/LLIntData.cpp: (JSC::LLInt::Data::performAssertions):
  • runtime/ArrayBufferNeuteringWatchpoint.cpp: (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
  • runtime/Executable.h: (JSC::ExecutableBase::createStructure): (JSC::NativeExecutable::createStructure):
  • runtime/JSPromiseDeferred.h: (JSC::JSPromiseDeferred::createStructure):
  • runtime/JSPromiseReaction.h: (JSC::JSPromiseReaction::createStructure):
  • runtime/JSPropertyNameIterator.h: (JSC::JSPropertyNameIterator::createStructure):
  • runtime/JSType.h:
  • runtime/JSTypeInfo.h: (JSC::TypeInfo::TypeInfo):
  • runtime/MapData.h: (JSC::MapData::createStructure):
  • runtime/PropertyMapHashTable.h: (JSC::PropertyTable::createStructure):
  • runtime/RegExp.h: (JSC::RegExp::createStructure):
  • runtime/SparseArrayValueMap.cpp: (JSC::SparseArrayValueMap::createStructure):
  • runtime/Structure.cpp: (JSC::Structure::Structure):
  • runtime/StructureChain.h: (JSC::StructureChain::createStructure):
  • runtime/StructureRareData.cpp: (JSC::StructureRareData::createStructure):
  • runtime/SymbolTable.h: (JSC::SymbolTable::createStructure):
  • runtime/WeakMapData.h: (JSC::WeakMapData::createStructure):


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] PutStructure and PhantomPutStructure shouldn't leave the world in a clobbered state
https://bugs.webkit.org/show_bug.cgi?id=134002


Reviewed by Mark Hahnenberg.


The effect of this bug was that if we had a PutStructure or PhantomPutStructure then any
JSConstants would be in a Clobbered state, so we wouldn't take advantage of our knowledge
of the structure if that structure was watchable.


Also kill PhantomPutStructure.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize):
  • dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::visitChildren):
  • dfg/DFGNode.h: (JSC::DFG::Node::hasTransition):
  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStructureAbstractValue.cpp: (JSC::DFG::StructureAbstractValue::observeTransition): (JSC::DFG::StructureAbstractValue::observeTransitions):
  • dfg/DFGValidate.cpp: (JSC::DFG::Validate::validate):
  • dfg/DFGWatchableStructureWatchingPhase.cpp: (JSC::DFG::WatchableStructureWatchingPhase::run):
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure): Deleted.


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
https://bugs.webkit.org/show_bug.cgi?id=133964


Reviewed by Mark Hahnenberg.


  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::appendVariant): (JSC::PutByIdStatus::computeForStubInfo):
  • bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::oldStructureForTransition): (JSC::PutByIdVariant::writesStructures): (JSC::PutByIdVariant::reallocatesStorage): (JSC::PutByIdVariant::attemptToMerge): (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace): (JSC::PutByIdVariant::dumpInContext):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::replace): (JSC::PutByIdVariant::transition): (JSC::PutByIdVariant::structure): (JSC::PutByIdVariant::oldStructure):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::visitChildren):
  • dfg/DFGNode.cpp: (JSC::DFG::MultiPutByOffsetData::writesStructures): (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
  • ftl/FTLAbbreviations.h: (JSC::FTL::getLinkage):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset): (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):

Source/WebCore:

2014-07-25 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


No new tests.


  • ForwardingHeaders/debugger/DebuggerActivation.h: Removed.
  • Removed because this is not used.

Source/WebKit/mac:

2014-07-25 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


  • WebView/WebScriptDebugDelegate.mm:
  • Removed unneeded #include.

LayoutTests:

2014-07-25 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
https://bugs.webkit.org/show_bug.cgi?id=134090


Reviewed by Oliver Hunt.


  • js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset.html: Added.
  • js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Added.
  • js/regress/fold-put-by-id-to-multi-put-by-offset.html: Added.
  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Added. (foo): (fu): (bar): (.bar): (Number):
  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Added. (foo): (fu): (bar): (.bar): (Number):
  • js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Added. (foo): (fu): (bar): (.bar):


2014-06-19 Filip Pizlo <fpizlo@apple.com>


[ftlopt] LICM should be able to hoist CheckStructure even if the loop clobbers structures so long as the structures being checked are watchable
https://bugs.webkit.org/show_bug.cgi?id=134056


Unreviewed, just landing the test cases for this attempted optimization. The test cases
will still be valid once we find a smart way of doing this optimization.


  • js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Added.
  • js/regress/hoist-poly-check-structure-effectful-loop.html: Added.
  • js/regress/hoist-poly-check-structure-expected.txt: Added.
  • js/regress/hoist-poly-check-structure.html: Added.
  • js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Added. (foo): (test):
  • js/regress/script-tests/hoist-poly-check-structure.js: Added. (foo): (test):


2014-06-18 Filip Pizlo <fpizlo@apple.com>


DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
https://bugs.webkit.org/show_bug.cgi?id=133918


Reviewed by Mark Hahnenberg.


  • js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Added.
  • js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Added.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Added.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Added.
  • js/regress/fold-put-structure-expected.txt: Added.
  • js/regress/fold-put-structure.html: Added.
  • js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Added. (foo): (fu): (bar): (.bar):
  • js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Added. (foo): (fu): (bar): (.bar):
  • js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Added. (foo): (fu): (bar): (.bar):
  • js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Added. (foo): (fu): (bar): (.bar):
  • js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Added. (foo): (fu): (bar): (.bar):
  • js/regress/script-tests/fold-put-structure.js: Added. (foo): (fu): (bar): (.bar):


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
https://bugs.webkit.org/show_bug.cgi?id=133964


Reviewed by Mark Hahnenberg.


  • js/regress/put-by-id-replace-and-transition-expected.txt: Added.
  • js/regress/put-by-id-replace-and-transition.html: Added.
  • js/regress/put-by-id-slightly-polymorphic-expected.txt: Added.
  • js/regress/put-by-id-slightly-polymorphic.html: Added.
  • js/regress/script-tests/put-by-id-replace-and-transition.js: Added.
  • js/regress/script-tests/put-by-id-slightly-polymorphic.js: Added.
9:37 PM Changeset in webkit [171640] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Subpixel rendering: Rounded rect gets non-renderable at certain subpixel size.
https://bugs.webkit.org/show_bug.cgi?id=135314
<rdar://problem/17812921>

Reviewed by Tim Horton.

While calculating the rounded rect for painting, the radius is adjusted to compensate
for the pixel snapped size. However while scaling the radius, certain values overflow
(float) mantissa and it produces a non-renderable rounded rect where the radius becomes bigger
than the rectangle dimensions. In such cases, we need to shrink the radius to make it
renderable again.

Source/WebCore:
Test: transitions/rounded-rect-becomes-non-renderable-while-transitioning.html

  • platform/graphics/RoundedRect.cpp:

(WebCore::RoundedRect::pixelSnappedRoundedRectForPainting): shrink the radius by
one device pixel. It is as good as any other small value.

LayoutTests:

  • transitions/rounded-rect-becomes-non-renderable-while-transitioning-expected.txt: Added.
  • transitions/rounded-rect-becomes-non-renderable-while-transitioning.html: Added.
6:31 PM Changeset in webkit [171639] by fpizlo@apple.com
  • 1 edit in trunk/Source/JavaScriptCore/ChangeLog

Unmessup the JavaScriptCore ChangeLog

6:08 PM Changeset in webkit [171638] by matthew_hanson@apple.com
  • 18 edits
    2 copies in tags/Safari-600.1.3/Source/WebKit2

Rollout r171622. <rdar://problem/15917314>

5:50 PM Changeset in webkit [171637] by matthew_hanson@apple.com
  • 18 edits
    2 deletes in branches/safari-600.1-branch/Source/WebKit2

Merge r171622. <rdar://problem/15917314>

5:46 PM Changeset in webkit [171636] by matthew_hanson@apple.com
  • 18 edits
    2 deletes in tags/Safari-600.1.3/Source/WebKit2

Merge r171622. <rdar://problem/15917314>

5:43 PM Changeset in webkit [171635] by commit-queue@webkit.org
  • 5 edits in trunk/Source

Parent fullscreen from window instead of view
https://bugs.webkit.org/show_bug.cgi?id=135310

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-07-25
Reviewed by Jer Noble.

Parenting in the view causes an incorrect animation to fullscreen, and can cause
fullscreen to only expand to the size of the view instead of the whole window.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _enterFullscreenForNode:]): Pass window instead of view.

Source/WebKit2:

  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID): pass view's window.

  • WebProcess/ios/WebVideoFullscreenManager.mm: screenRect instead of clientRect

(WebKit::screenRectForNode): was clientRectForNode
(WebKit::WebVideoFullscreenManager::enterFullscreenForNode): use screenRectForNode
(WebKit::WebVideoFullscreenManager::exitFullscreenForNode): ditto
(WebKit::clientRectForNode): Deleted.

4:55 PM Changeset in webkit [171634] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171632. <rdar://problem/17817223>

4:53 PM Changeset in webkit [171633] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.3/Source/WebCore

Merge r171632. <rdar://problem/17817223>

4:37 PM Changeset in webkit [171632] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[EME][Mac] CDM error messages not piped through to MediaKeySession correctly; clients don't receive error events
https://bugs.webkit.org/show_bug.cgi?id=135312
<rdar://problem/17817223>

Reviewed by Brent Fulgham.

Set (and clear) the client interface so that errors can be piped from the CDMSession up to the MediaKeySession.

  • Modules/encryptedmedia/MediaKeySession.cpp:

(WebCore::MediaKeySession::MediaKeySession):
(WebCore::MediaKeySession::close):

4:36 PM Changeset in webkit [171631] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171629. <rdar://problem/17654369>

4:26 PM Changeset in webkit [171630] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.3/Source/WebKit2

Merge r171629. <rdar://problem/17654369>

4:17 PM Changeset in webkit [171629] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Creating incorrect sandbox extension for hsts plist due to missing /
https://bugs.webkit.org/show_bug.cgi?id=135309

Reviewed by Sam Weinig.

So it turns out that you do actually need /'s in paths...
Now we actually create the correct extension.

  • UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath):

4:02 PM Changeset in webkit [171628] by dino@apple.com
  • 4 edits in branches/safari-600.1-branch/Source

Revert back to the Safari behavior from Mavericks and Mountain Lion
on this branch.
<rdar://problem/17800530>

Follow-up comment from Dan Bernstein.

WebKit:

  • WebView/WebPreferences.mm: (+[WebPreferences initialize]): Make sure this only applies to Mavericks and Mountain Lion.

WebKit2:

  • Shared/WebPreferencesDefinitions.h: Make sure this only applies to Mavericks and Mountain Lion.
3:57 PM Changeset in webkit [171627] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Add an option to disable native call inlining. Disable it for now to see how it
affects the bots.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleCall):

  • runtime/Options.h:
3:52 PM Changeset in webkit [171626] by andersca@apple.com
  • 9 edits
    1 copy in trunk

WKNavigation's properties are either always nil or don't behave as documented
https://bugs.webkit.org/show_bug.cgi?id=135267
<rdar://problem/17730536>

Reviewed by Andreas Kling.

Source/WebKit2:
Remove the properties from WKNavigation and introduce -[WKNavigation _request] as SPI for now.

  • Shared/API/Cocoa/WebKitPrivate.h:
  • UIProcess/API/Cocoa/WKNavigation.h:
  • UIProcess/API/Cocoa/WKNavigation.mm:

(-[WKNavigation _request]):
(-[WKNavigation initialRequest]): Deleted.
(-[WKNavigation request]): Deleted.
(-[WKNavigation setRequest:]): Deleted.
(-[WKNavigation response]): Deleted.
(-[WKNavigation error]): Deleted.

  • UIProcess/API/Cocoa/WKNavigationInternal.h:
  • UIProcess/API/Cocoa/WKNavigationPrivate.h: Copied from Source/WebKit2/UIProcess/API/Cocoa/WKNavigationInternal.h.
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::createLoadRequestNavigation):

  • WebKit2.xcodeproj/project.pbxproj:

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/Navigation.mm:

(-[NavigationDelegate webView:didStartProvisionalNavigation:]):
(TEST):
(-[DidFailProvisionalNavigationDelegate webView:didStartProvisionalNavigation:]):
(-[DidFailProvisionalNavigationDelegate webView:didFailProvisionalNavigation:withError:]):

3:43 PM Changeset in webkit [171625] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix cloop.

  • dfg/DFGMayExit.cpp:
3:39 PM Changeset in webkit [171624] by jer.noble@apple.com
  • 8 edits
    2 adds in trunk

[MSE] Playback stalls & readyState drops to HAVE_CURRENT_DATA at end of stream with unbalanced buffered SourceBuffers
https://bugs.webkit.org/show_bug.cgi?id=135291
<rdar://problem/17715503>

Reviewed by Sam Weinig.

Source/WebCore:
Test: media/media-source/media-source-end-of-stream-buffered.html

When determining the correct ReadyState for the MediaSource in monitorSourceBuffers(), use the same
definition of "buffered" as is used in the calculation of HTMLMediaElement.buffered and in the
Stream Ended algorithm. Namely, when the stream has ended, treat each SourceBuffer as if its last
buffered range extends to the duration of the stream. This allows playback to continue through to
the duration without stalling due to monitorSourceBuffers().

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::bufferedAccountingForEndOfStream): Added; extends the last range in buffered

to MediaSource::duration() if the MediaSource is ended.

(WebCore::SourceBuffer::hasCurrentTime): Uses bufferedAccountingForEndOfStream().
(WebCore::SourceBuffer::hasFutureTime): Ditto.
(WebCore::SourceBuffer::canPlayThrough): Ditto.

  • Modules/mediasource/SourceBuffer.h:

Add a convenience method for determining whether the MediaSource has ended:

  • Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::isEnded):

  • Modules/mediasource/MediaSource.h:

Add start() and end() methods that don't take a (usually ignored) isValid inout parameter. Add duration()
and maximumBufferedTime() convenience methods:

  • platform/graphics/PlatformTimeRanges.cpp:

(WebCore::PlatformTimeRanges::start):
(WebCore::PlatformTimeRanges::end):
(WebCore::PlatformTimeRanges::duration):
(WebCore::PlatformTimeRanges::maximumBufferedTime):

  • platform/graphics/PlatformTimeRanges.h:

LayoutTests:

  • media/media-source/media-source-end-of-stream-buffered-expected.txt: Added.
  • media/media-source/media-source-end-of-stream-buffered.html: Added.
3:38 PM Changeset in webkit [171623] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[GTK] install-dependencies needs to install perl-CGI on Fedora
https://bugs.webkit.org/show_bug.cgi?id=135302

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-07-25
Reviewed by Martin Robinson.

  • gtk/install-dependencies:

Add perl-CGI to yum dependencies needed for tests

3:34 PM Changeset in webkit [171622] by beidson@apple.com
  • 18 edits
    2 deletes in trunk/Source/WebKit2

Clean up WKOriginDataManager and get it messaging to the DatabaseProcess
https://bugs.webkit.org/show_bug.cgi?id=135035

Reviewed by Sam Weinig.

  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::DatabaseProcess): Instantiate the WebOriginDataManager, installing its message handler.
(WebKit::DatabaseProcess::didReceiveMessage): Try the message receiver map, which will try the WebOriginDataManager.

  • DatabaseProcess/DatabaseProcess.h:
  • DatabaseProcess/DatabaseProcess.messages.in:
  • UIProcess/API/C/WKOriginDataManager.cpp:

(WKOriginDataManagerDeleteEntriesForOrigin): Updated to also take a callback.
(WKOriginDataManagerDeleteEntriesModifiedBetweenDates): Added.
(WKOriginDataManagerDeleteAllEntries): Updated to also take a callback.
(WKOriginDataManagerStartObservingChanges): Deleted.
(WKOriginDataManagerStopObservingChanges): Deleted.
(WKOriginDataManagerSetChangeClient): Deleted.

  • UIProcess/API/C/WKOriginDataManager.h:
  • UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::didReceiveMessage): Send messages to the WebOriginDataManagerProxy supplement if appropriate.

  • UIProcess/Databases/DatabaseProcessProxy.h:
  • UIProcess/Databases/DatabaseProcessProxy.messages.in:
  • UIProcess/WebContext.cpp:

(WebKit::WebContext::WebContext): Instantiate the WebOriginDataManagerProxy supplement.

  • UIProcess/WebContext.h:

(WebKit::WebContext::sendToDatabaseProcessRelaunchingIfNecessary):

  • UIProcess/WebOriginDataManagerProxy.cpp:

(WebKit::WebOriginDataManagerProxy::contextDestroyed):
(WebKit::WebOriginDataManagerProxy::processDidClose):
(WebKit::WebOriginDataManagerProxy::getOrigins):
(WebKit::WebOriginDataManagerProxy::deleteEntriesForOrigin): Setup a callback with the message.
(WebKit::WebOriginDataManagerProxy::deleteEntriesModifiedBetweenDates): Added
(WebKit::WebOriginDataManagerProxy::didDeleteEntries): Call the callback.
(WebKit::WebOriginDataManagerProxy::deleteAllEntries): Setup a callback with the message.
(WebKit::WebOriginDataManagerProxy::didDeleteAllEntries): Call the callback.
(WebKit::WebOriginDataManagerProxy::startObservingChanges): Deleted.
(WebKit::WebOriginDataManagerProxy::stopObservingChanges): Deleted.
(WebKit::WebOriginDataManagerProxy::setChangeClient): Deleted.
(WebKit::WebOriginDataManagerProxy::didChange): Deleted.

  • UIProcess/WebOriginDataManagerProxy.h:
  • UIProcess/WebOriginDataManagerProxy.messages.in:
  • UIProcess/WebOriginDataManagerProxyChangeClient.cpp: Removed.
  • UIProcess/WebOriginDataManagerProxyChangeClient.h: Removed.
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/OriginData/WebOriginDataManager.cpp:

(WebKit::WebOriginDataManager::deleteEntriesForOrigin): Send the callback reply.
(WebKit::WebOriginDataManager::deleteEntriesModifiedBetweenDates): Added.
(WebKit::WebOriginDataManager::deleteAllEntries): Send the callback reply.
(WebKit::WebOriginDataManager::startObservingChanges): Deleted.
(WebKit::WebOriginDataManager::stopObservingChanges): Deleted.

  • WebProcess/OriginData/WebOriginDataManager.h:
  • WebProcess/OriginData/WebOriginDataManager.messages.in:
3:08 PM Changeset in webkit [171621] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.3/Source/WebCore

Merge r171619. <rdar://problem/17811922>

3:05 PM Changeset in webkit [171620] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171619. <rdar://problem/17811922>

2:53 PM Changeset in webkit [171619] by psolanki@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] REGRESSION(r171526): Images fail to load sometimes
https://bugs.webkit.org/show_bug.cgi?id=135304
<rdar://problem/17811922>

Reviewed by Alexey Proskuryakov.

SharedBuffer::createCFData() calls data() as a way to coalesce the data array elements and
segments into m_buffer. However, data() has an optimization where if we had a single element
in the data array, it would just return that and not do coalescing. So when we passed
m_buffer to WebCoreSharedData, we passed a buffer with no data in it.

Fix this by bringing the optimization to createCFData() and return the CFDataRef from the
data array if we just have a single element.

No new tests. Should be covered by existing tests.

  • platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createCFData):

2:49 PM Changeset in webkit [171618] by bshafiei@apple.com
  • 5 edits in tags/Safari-600.1.2.2/Source

Versioning.

2:47 PM Changeset in webkit [171617] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.1.2.2

New tag.

2:35 PM Changeset in webkit [171616] by jer.noble@apple.com
  • 4 edits in trunk/Source/WebCore

[MSE] High CPU usage in SampleMap::findSamplesWithinPresentationRange() with a large number of buffered samples.
https://bugs.webkit.org/show_bug.cgi?id=135247

Reviewed by Geoffrey Garen.

Anchor our search for overlapping frames to the end of the search range when the overlap range is sufficiently
close to the end of the search range. The common case for this search is when a sample is about to be appended
to the end of the sample queue, so this should turn most searches into no-ops.

  • Modules/mediasource/SampleMap.cpp:

(WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRangeFromEnd):

  • Modules/mediasource/SampleMap.h:
  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2:31 PM Changeset in webkit [171615] by barraclough@apple.com
  • 14 edits in trunk/Source

Yosemite version number is 101000
https://bugs.webkit.org/show_bug.cgi?id=135301

Reviewed by Sam Weinig.

Source/WebCore:

  • WebCore.exp.in:
  • platform/ContentFilter.h:
  • platform/mac/ScrollViewMac.mm:

(WebCore::ScrollView::platformVisibleContentRect):

  • platform/mac/ThemeMac.mm:

(WebCore::updateStates):
(WebCore::paintToggleButton):

  • platform/network/cf/CookieJarCFNet.cpp:

(WebCore::copyCookiesForURLWithFirstPartyURL):

  • platform/network/cf/ResourceRequest.h:

(WebCore::ResourceRequest::resourcePrioritiesEnabled):

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::search):

Source/WebKit2:

  • UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService):

  • WebProcess/com.apple.WebProcess.sb.in:

Source/WTF:

  • wtf/FeatureDefines.h:
  • wtf/Platform.h:
2:26 PM Changeset in webkit [171614] by mhahnenberg@apple.com
  • 35 edits
    2 deletes in branches/ftlopt/Source/JavaScriptCore

Remove JSPropertyNameIterator
https://bugs.webkit.org/show_bug.cgi?id=135066

Reviewed by Geoffrey Garen.

It has been replaced by JSPropertyNameEnumerator.

(JSC::isBranch):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecode/PreciseJumpTargets.cpp:

(JSC::getJumpTargetsForBytecodeOffset):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetPropertyNames): Deleted.
(JSC::BytecodeGenerator::emitNextPropertyName): Deleted.

  • bytecompiler/BytecodeGenerator.h:
  • interpreter/Interpreter.cpp:
  • interpreter/Register.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_pnames): Deleted.
(JSC::JIT::emit_op_next_pname): Deleted.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_get_pnames): Deleted.
(JSC::JIT::emit_op_next_pname): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_get_by_pname): Deleted.
(JSC::JIT::emitSlow_op_get_by_pname): Deleted.

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_by_pname): Deleted.
(JSC::JIT::emitSlow_op_get_by_pname): Deleted.

  • llint/LLIntOffsetsExtractor.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL): Deleted.

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp:
  • runtime/JSPropertyNameIterator.cpp:

(JSC::JSPropertyNameIterator::JSPropertyNameIterator): Deleted.
(JSC::JSPropertyNameIterator::create): Deleted.
(JSC::JSPropertyNameIterator::destroy): Deleted.
(JSC::JSPropertyNameIterator::get): Deleted.
(JSC::JSPropertyNameIterator::visitChildren): Deleted.

  • runtime/JSPropertyNameIterator.h:

(JSC::JSPropertyNameIterator::createStructure): Deleted.
(JSC::JSPropertyNameIterator::size): Deleted.
(JSC::JSPropertyNameIterator::setCachedStructure): Deleted.
(JSC::JSPropertyNameIterator::cachedStructure): Deleted.
(JSC::JSPropertyNameIterator::setCachedPrototypeChain): Deleted.
(JSC::JSPropertyNameIterator::cachedPrototypeChain): Deleted.
(JSC::JSPropertyNameIterator::finishCreation): Deleted.
(JSC::Register::propertyNameIterator): Deleted.
(JSC::StructureRareData::enumerationCache): Deleted.
(JSC::StructureRareData::setEnumerationCache): Deleted.

  • runtime/Structure.cpp:

(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):

  • runtime/Structure.h:
  • runtime/StructureInlines.h:

(JSC::Structure::setEnumerationCache): Deleted.
(JSC::Structure::enumerationCache): Deleted.

  • runtime/StructureRareData.cpp:

(JSC::StructureRareData::visitChildren):

  • runtime/StructureRareData.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

1:55 PM Changeset in webkit [171613] by fpizlo@apple.com
  • 77 edits
    20 adds
    2 deletes in trunk

Merge r169795, r169819, r169864, r169902, r169949, r169950, r170016, r170017, r170060, r170064 from ftlopt.

2014-06-17 Filip Pizlo <fpizlo@apple.com>


Source/JavaScriptCore:

[ftlopt] Fold constant Phis
https://bugs.webkit.org/show_bug.cgi?id=133967


Reviewed by Mark Hahnenberg.


It's surprising but we didn't really do this before. Or, rather, we only did it
incidentally when we would likely crash if it ever happened.


Making this work required cleaning up the validater a bit, so I did that too. I also added
mayExit() validation for nodes that didn't have origin.forExit (i.e. nodes that end up in
the Phi header of basic blocks). But this required beefing up mayExit() a bit.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGAdjacencyList.h: (JSC::DFG::AdjacencyList::isEmpty):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::run): (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::fixUpsilons):
  • dfg/DFGInPlaceAbstractState.h:
  • dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::run): (JSC::DFG::LICMPhase::attemptHoist):
  • dfg/DFGMayExit.cpp: (JSC::DFG::mayExit):
  • dfg/DFGValidate.cpp: (JSC::DFG::Validate::validate): (JSC::DFG::Validate::validateSSA):


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Get rid of NodeDoesNotExit and also get rid of StoreEliminationPhase
https://bugs.webkit.org/show_bug.cgi?id=133985


Reviewed by Michael Saboff and Mark Hahnenberg.


Store elimination phase has never been very profitable, and now that LLVM can do dead
store elimination for us, this phase is just completely pointless.


This phase is also the primary user of NodeDoesNotExit, which is a flag that the CFA
computes. It computes it poorly and we often get bugs in it. It's also a lot of code to
maintain.


This patch does introduce a new mayExit() calculator that is independent of the CFA and
should be enough for most of the previous NodeDoesNotExit users. Currently it's only used
for assertions in the DFG backend, but we could use it if we ever brought back any of the
other optimizations that previously relied upon NodeDoesNotExit.


This is performance-neutral, except for SunSpider, where it's a speed-up.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractInterpreter.h: (JSC::DFG::AbstractInterpreter::filterEdgeByUse): (JSC::DFG::AbstractInterpreter::filterByType):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::startExecuting): (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::CSEPhase): (JSC::DFG::CSEPhase::invalidationPointElimination): (JSC::DFG::CSEPhase::setLocalStoreElimination): (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::performBlockCSE): (JSC::DFG::performCSE): (JSC::DFG::CSEPhase::globalVarStoreElimination): Deleted. (JSC::DFG::CSEPhase::scopedVarStoreElimination): Deleted. (JSC::DFG::CSEPhase::putStructureStoreElimination): Deleted. (JSC::DFG::CSEPhase::putByOffsetStoreElimination): Deleted. (JSC::DFG::CSEPhase::SetLocalStoreEliminationResult::SetLocalStoreEliminationResult): Deleted. (JSC::DFG::performStoreElimination): Deleted.
  • dfg/DFGCSEPhase.h:
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::resetExitStates): Deleted.
  • dfg/DFGGraph.h:
  • dfg/DFGMayExit.cpp: Added. (JSC::DFG::mayExit):
  • dfg/DFGMayExit.h: Added.
  • dfg/DFGNode.h: (JSC::DFG::Node::mergeFlags): (JSC::DFG::Node::filterFlags): (JSC::DFG::Node::setCanExit): Deleted. (JSC::DFG::Node::canExit): Deleted.
  • dfg/DFGNodeFlags.cpp: (JSC::DFG::dumpNodeFlags):
  • dfg/DFGNodeFlags.h:
  • dfg/DFGNodeType.h:
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): (JSC::DFG::SpeculativeJIT::bail): (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):


2014-06-15 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Remove the DFG optimization fixpoint and remove some obvious reasons why we previously benefited from it
https://bugs.webkit.org/show_bug.cgi?id=133931


Reviewed by Oliver Hunt.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Trigger constant-folding for GetMyArgumentByVal (which means turning it into GetLocalUnlinked) and correct the handling of Upsilon so we don't fold them away.
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): Implement constant-folding for GetMyArgumentByVal.
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl): Remove the fixpoint.


2014-06-15 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG OSR entry should have a crystal-clear story for when it's safe to enter at a block with a set of values
https://bugs.webkit.org/show_bug.cgi?id=133935


Reviewed by Oliver Hunt.


  • bytecode/Operands.h: (JSC::Operands::Operands): (JSC::Operands::ensureLocals):
  • dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::filter): Now we can compute intersections of abstract values!
  • dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::makeFullTop): Completeness. (JSC::DFG::AbstractValue::bytecodeTop): Completeness. (JSC::DFG::AbstractValue::fullTop): Completeness. We end up using this one.
  • dfg/DFGBasicBlock.cpp: (JSC::DFG::BasicBlock::BasicBlock): (JSC::DFG::BasicBlock::ensureLocals):
  • dfg/DFGBasicBlock.h: Remember the intersection of all things ever proven.
  • dfg/DFGCFAPhase.cpp: (JSC::DFG::CFAPhase::run): Compute the intersection.
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): No need for the weirdo merge check since this fixes the root of the problem.
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::dumpBlockHeader): Better dumping. (JSC::DFG::Graph::dump): Better dumping.
  • dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::noticeOSREntry): Use the intersected abstract value.
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileCurrentBlock): Assert if the intersected state indicates the block shouldn't execute.


2014-06-12 Filip Pizlo <fpizlo@apple.com>


[ftlopt] A DFG inlined ById access variant should not speak of a chain, but only of what structures to test the base for, whether to use a constant as an alternate base for the actual access, and what structures to check on what additional cell constants
https://bugs.webkit.org/show_bug.cgi?id=133821


Reviewed by Mark Hahnenberg.


This allows us to efficiently cache accesses that differ only in the prototypes on the path
from the base to the prototype that has the field.


It also simplifies a bunch of code - IntendedStructureChain is now just an intermediate
data structure.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/ConstantStructureCheck.cpp: Added. (JSC::ConstantStructureCheck::dumpInContext): (JSC::ConstantStructureCheck::dump): (JSC::structureFor): (JSC::areCompatible): (JSC::mergeInto):
  • bytecode/ConstantStructureCheck.h: Added. (JSC::ConstantStructureCheck::ConstantStructureCheck): (JSC::ConstantStructureCheck::operator!): (JSC::ConstantStructureCheck::constant): (JSC::ConstantStructureCheck::structure):
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo):
  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::GetByIdVariant): (JSC::GetByIdVariant::operator=): (JSC::GetByIdVariant::attemptToMerge): (JSC::GetByIdVariant::dumpInContext):
  • bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::constantChecks): (JSC::GetByIdVariant::alternateBase): (JSC::GetByIdVariant::GetByIdVariant): Deleted. (JSC::GetByIdVariant::chain): Deleted.
  • bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::dumpInContext):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::transition): (JSC::PutByIdVariant::constantChecks): (JSC::PutByIdVariant::structureChain): Deleted.
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::emitChecks): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck): Deleted. (JSC::DFG::ByteCodeParser::structureChainIsStillValid): Deleted. (JSC::DFG::ByteCodeParser::emitPrototypeChecks): Deleted.
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitGetByOffset): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
  • dfg/DFGDesiredStructureChains.cpp: Removed.
  • dfg/DFGDesiredStructureChains.h: Removed.
  • dfg/DFGGraph.h: (JSC::DFG::Graph::watchpoints): (JSC::DFG::Graph::chains): Deleted.
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::isStillValid): (JSC::DFG::Plan::checkLivenessAndVisitChildren): (JSC::DFG::Plan::cancel):
  • dfg/DFGPlan.h:
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
  • runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::gatherChecks):
  • runtime/IntendedStructureChain.h: (JSC::IntendedStructureChain::at): (JSC::IntendedStructureChain::operator[]):


2014-06-12 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Constant folding and strength reduction should work in SSA
https://bugs.webkit.org/show_bug.cgi?id=133839


Reviewed by Oliver Hunt.


  • dfg/DFGAtTailAbstractState.cpp: (JSC::DFG::AtTailAbstractState::AtTailAbstractState): (JSC::DFG::AtTailAbstractState::forNode):
  • dfg/DFGAtTailAbstractState.h:
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::convertToConstant):
  • dfg/DFGIntegerCheckCombiningPhase.cpp: (JSC::DFG::IntegerCheckCombiningPhase::rangeKeyAndAddend): Fix an unrelated regression that this uncovered.
  • dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::LICMPhase):
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):


2014-06-11 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG get_by_id should inline chain accesses with a slightly polymorphic base
https://bugs.webkit.org/show_bug.cgi?id=133751


Reviewed by Mark Hahnenberg.


  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::appendVariant): (JSC::GetByIdStatus::computeForStubInfo):
  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::attemptToMerge):
  • bytecode/GetByIdVariant.h:
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFor):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::emitPrototypeChecks): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById):
  • runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::IntendedStructureChain): (JSC::IntendedStructureChain::isStillValid): (JSC::IntendedStructureChain::isNormalized): (JSC::IntendedStructureChain::terminalPrototype): (JSC::IntendedStructureChain::operator==): (JSC::IntendedStructureChain::visitChildren): (JSC::IntendedStructureChain::dumpInContext): (JSC::IntendedStructureChain::chain): Deleted.
  • runtime/IntendedStructureChain.h: (JSC::IntendedStructureChain::prototype): (JSC::IntendedStructureChain::operator!=): (JSC::IntendedStructureChain::head): Deleted.


2014-06-11 Matthew Mirman <mmirman@apple.com>


Readded native calling to the FTL and Split the DFG nodes
Call and Construct into NativeCall and NativeConstruct
to better represent their semantics.
https://bugs.webkit.org/show_bug.cgi?id=133660


Reviewed by Filip Pizlo.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Added NativeCall and NativeConstruct case
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::addCall): added NativeCall case. (JSC::DFG::ByteCodeParser::handleCall): set to return NativeCall or NativeConstruct instead of Call or Construct in the presence of a native function.
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize): added NativeCall and NativeConstruct case.
  • dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC): added NativeCall and NativeConstruct case.
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): added NativeCall and NativeConstruct case.
  • dfg/DFGNode.h: (JSC::DFG::Node::hasHeapPrediction): added NativeCall and NativeConstruct case. (JSC::DFG::Node::canBeKnownFunction): changed to NativeCall and NativeConstruct. (JSC::DFG::Node::hasKnownFunction): changed to NativeCall and NativeConstruct.
  • dfg/DFGNodeType.h: added NativeCall and NativeConstruct.
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): added NativeCall and NativeConstruct case.
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): added NativeCall and NativeConstruct case.
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): ditto (JSC::DFG::SpeculativeJIT::compile): ditto
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): ditto (JSC::DFG::SpeculativeJIT::compile): ditto
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile): ditto
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::lower): ditto (JSC::FTL::LowerDFGToLLVM::compileNode): ditto. (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct): Added. (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): removed NativeCall and NativeConstruct functionality. (JSC::FTL::LowerDFGToLLVM::didOverflowStack): added NativeCall and NativeConstruct case.
  • runtime/JSCJSValue.h: added JS_EXPORT_PRIVATE to toInteger as it is apparently needed.


2014-06-11 Matthew Mirman <mmirman@apple.com>


Ensured Native Calls and Construct and associated checks
are only emitted during ftl mode.
https://bugs.webkit.org/show_bug.cgi?id=133718


Reviewed by Filip Pizlo.


  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): Added check for ftl mode before attaching the native function to Call or Construct.


2014-06-10 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG should use its own notion of JSValue, which we should call FrozenValue, that will carry around a copy of its structure
https://bugs.webkit.org/show_bug.cgi?id=133426


Reviewed by Geoffrey Garen.


The impetus for this was to provide some sense and reason to race conditions arising from
cell constants having their structure changed on the main thread - this is harmess because
we defend against it, but when it goes wrong, it can be difficult to reproduce because it
requires a race. Giving the DFG the ability to "freeze" a cell's structure fixes this.


But this patch goes quite a bit further, and completely rationalizes how the DFG reasons
about constants. It no longer relies on the CodeBlock constant pool at all, which allows
for a more object-oriented approach: for example a Node that has a constant can tell you
what constant it has without needing a CodeBlock.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeExitSiteData):
  • bytecode/ExitKind.cpp: (JSC::exitKindToString): (JSC::exitKindIsCountable):
  • bytecode/ExitKind.h: (JSC::isWatchpoint): Deleted.
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::hasExitSite):
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::hasExitSite):
  • dfg/DFGAbstractInterpreter.h: (JSC::DFG::AbstractInterpreter::filterByValue): (JSC::DFG::AbstractInterpreter::setBuiltInConstant): (JSC::DFG::AbstractInterpreter::setConstant):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): (JSC::DFG::AbstractInterpreter<AbstractStateType>::filterByValue):
  • dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::setOSREntryValue): (JSC::DFG::AbstractValue::set): (JSC::DFG::AbstractValue::filterByValue): (JSC::DFG::AbstractValue::setMostSpecific): Deleted.
  • dfg/DFGAbstractValue.h:
  • dfg/DFGArgumentsSimplificationPhase.cpp: (JSC::DFG::ArgumentsSimplificationPhase::run):
  • dfg/DFGBackwardsPropagationPhase.cpp: (JSC::DFG::BackwardsPropagationPhase::isNotNegZero): (JSC::DFG::BackwardsPropagationPhase::isNotPosZero): (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoForConstant): (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::ByteCodeParser): (JSC::DFG::ByteCodeParser::getDirect): (JSC::DFG::ByteCodeParser::get): (JSC::DFG::ByteCodeParser::getLocal): (JSC::DFG::ByteCodeParser::setLocal): (JSC::DFG::ByteCodeParser::setArgument): (JSC::DFG::ByteCodeParser::jsConstant): (JSC::DFG::ByteCodeParser::weakJSConstant): (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck): (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::emitFunctionChecks): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::handleMinMax): (JSC::DFG::ByteCodeParser::handleIntrinsic): (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::prepareToParseBlock): (JSC::DFG::ByteCodeParser::parseBlock): (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): (JSC::DFG::ByteCodeParser::parseCodeBlock): (JSC::DFG::ByteCodeParser::addConstant): Deleted. (JSC::DFG::ByteCodeParser::getJSConstantForValue): Deleted. (JSC::DFG::ByteCodeParser::getJSConstant): Deleted. (JSC::DFG::ByteCodeParser::isJSConstant): Deleted. (JSC::DFG::ByteCodeParser::isInt32Constant): Deleted. (JSC::DFG::ByteCodeParser::valueOfJSConstant): Deleted. (JSC::DFG::ByteCodeParser::valueOfInt32Constant): Deleted. (JSC::DFG::ByteCodeParser::constantUndefined): Deleted. (JSC::DFG::ByteCodeParser::constantNull): Deleted. (JSC::DFG::ByteCodeParser::one): Deleted. (JSC::DFG::ByteCodeParser::constantNaN): Deleted. (JSC::DFG::ByteCodeParser::cellConstant): Deleted. (JSC::DFG::ByteCodeParser::inferredConstant): Deleted. (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord): Deleted.
  • dfg/DFGCFGSimplificationPhase.cpp: (JSC::DFG::CFGSimplificationPhase::run):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::constantCSE): (JSC::DFG::CSEPhase::checkFunctionElimination): (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::weakConstantCSE): Deleted.
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize):
  • dfg/DFGCommon.h:
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitGetByOffset): (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
  • dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (JSC::DFG::FixupPhase::fixupMakeRope): (JSC::DFG::FixupPhase::truncateConstantToInt32): (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength): (JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
  • dfg/DFGFrozenValue.cpp: Added. (JSC::DFG::FrozenValue::emptySingleton): (JSC::DFG::FrozenValue::dumpInContext): (JSC::DFG::FrozenValue::dump):
  • dfg/DFGFrozenValue.h: Added. (JSC::DFG::FrozenValue::FrozenValue): (JSC::DFG::FrozenValue::operator!): (JSC::DFG::FrozenValue::value): (JSC::DFG::FrozenValue::structure): (JSC::DFG::FrozenValue::strengthenTo): (JSC::DFG::FrozenValue::strength): (JSC::DFG::FrozenValue::freeze):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::Graph): (JSC::DFG::Graph::dump): (JSC::DFG::Graph::tryGetActivation): (JSC::DFG::Graph::tryGetFoldableView): (JSC::DFG::Graph::registerFrozenValues): (JSC::DFG::Graph::visitChildren): (JSC::DFG::Graph::freezeFragile): (JSC::DFG::Graph::freeze): (JSC::DFG::Graph::freezeStrong): (JSC::DFG::Graph::convertToConstant): (JSC::DFG::Graph::convertToStrongConstant): (JSC::DFG::Graph::assertIsWatched):
  • dfg/DFGGraph.h: (JSC::DFG::Graph::addImmediateShouldSpeculateInt32): (JSC::DFG::Graph::convertToConstant): Deleted. (JSC::DFG::Graph::constantRegisterForConstant): Deleted. (JSC::DFG::Graph::getJSConstantSpeculation): Deleted. (JSC::DFG::Graph::isConstant): Deleted. (JSC::DFG::Graph::isJSConstant): Deleted. (JSC::DFG::Graph::isInt32Constant): Deleted. (JSC::DFG::Graph::isDoubleConstant): Deleted. (JSC::DFG::Graph::isNumberConstant): Deleted. (JSC::DFG::Graph::isBooleanConstant): Deleted. (JSC::DFG::Graph::isCellConstant): Deleted. (JSC::DFG::Graph::isFunctionConstant): Deleted. (JSC::DFG::Graph::isInternalFunctionConstant): Deleted. (JSC::DFG::Graph::valueOfJSConstant): Deleted. (JSC::DFG::Graph::valueOfInt32Constant): Deleted. (JSC::DFG::Graph::valueOfNumberConstant): Deleted. (JSC::DFG::Graph::valueOfBooleanConstant): Deleted. (JSC::DFG::Graph::valueOfFunctionConstant): Deleted. (JSC::DFG::Graph::mulImmediateShouldSpeculateInt32): Deleted.
  • dfg/DFGInPlaceAbstractState.cpp: (JSC::DFG::InPlaceAbstractState::initialize):
  • dfg/DFGInsertionSet.h: (JSC::DFG::InsertionSet::insertConstant): (JSC::DFG::InsertionSet::insertConstantForUse):
  • dfg/DFGIntegerCheckCombiningPhase.cpp: (JSC::DFG::IntegerCheckCombiningPhase::rangeKeyAndAddend):
  • dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link):
  • dfg/DFGLazyJSValue.cpp: (JSC::DFG::LazyJSValue::getValue): (JSC::DFG::LazyJSValue::strictEqual): (JSC::DFG::LazyJSValue::dumpInContext):
  • dfg/DFGLazyJSValue.h: (JSC::DFG::LazyJSValue::LazyJSValue): (JSC::DFG::LazyJSValue::tryGetValue): (JSC::DFG::LazyJSValue::value): (JSC::DFG::LazyJSValue::switchLookupValue):
  • dfg/DFGMinifiedNode.cpp: (JSC::DFG::MinifiedNode::fromNode):
  • dfg/DFGMinifiedNode.h: (JSC::DFG::belongsInMinifiedGraph): (JSC::DFG::MinifiedNode::hasConstant): (JSC::DFG::MinifiedNode::constant): (JSC::DFG::MinifiedNode::hasConstantNumber): Deleted. (JSC::DFG::MinifiedNode::constantNumber): Deleted. (JSC::DFG::MinifiedNode::hasWeakConstant): Deleted. (JSC::DFG::MinifiedNode::weakConstant): Deleted.
  • dfg/DFGNode.h: (JSC::DFG::Node::hasConstant): (JSC::DFG::Node::constant): (JSC::DFG::Node::convertToConstant): (JSC::DFG::Node::asJSValue): (JSC::DFG::Node::isInt32Constant): (JSC::DFG::Node::asInt32): (JSC::DFG::Node::asUInt32): (JSC::DFG::Node::isDoubleConstant): (JSC::DFG::Node::isNumberConstant): (JSC::DFG::Node::asNumber): (JSC::DFG::Node::isMachineIntConstant): (JSC::DFG::Node::asMachineInt): (JSC::DFG::Node::isBooleanConstant): (JSC::DFG::Node::asBoolean): (JSC::DFG::Node::isCellConstant): (JSC::DFG::Node::asCell): (JSC::DFG::Node::dynamicCastConstant): (JSC::DFG::Node::function): (JSC::DFG::Node::isWeakConstant): Deleted. (JSC::DFG::Node::constantNumber): Deleted. (JSC::DFG::Node::convertToWeakConstant): Deleted. (JSC::DFG::Node::weakConstant): Deleted. (JSC::DFG::Node::valueOfJSConstant): Deleted.
  • dfg/DFGNodeType.h:
  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR): (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR): (JSC::DFG::SpeculativeJIT::silentFill): (JSC::DFG::SpeculativeJIT::compileIn): (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): (JSC::DFG::SpeculativeJIT::compilePeepHoleInt32Branch): (JSC::DFG::SpeculativeJIT::compileCurrentBlock): (JSC::DFG::SpeculativeJIT::compileDoubleRep): (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileAdd): (JSC::DFG::SpeculativeJIT::compileArithSub): (JSC::DFG::SpeculativeJIT::compileArithMod):
  • dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64): (JSC::DFG::SpeculativeJIT::initConstantInfo): (JSC::DFG::SpeculativeJIT::isConstant): Deleted. (JSC::DFG::SpeculativeJIT::isJSConstant): Deleted. (JSC::DFG::SpeculativeJIT::isInt32Constant): Deleted. (JSC::DFG::SpeculativeJIT::isDoubleConstant): Deleted. (JSC::DFG::SpeculativeJIT::isNumberConstant): Deleted. (JSC::DFG::SpeculativeJIT::isBooleanConstant): Deleted. (JSC::DFG::SpeculativeJIT::isFunctionConstant): Deleted. (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): Deleted. (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): Deleted. (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant): Deleted. (JSC::DFG::SpeculativeJIT::valueOfJSConstant): Deleted. (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): Deleted. (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): Deleted. (JSC::DFG::SpeculativeJIT::isNullConstant): Deleted. (JSC::DFG::SpeculativeJIT::isInteger): Deleted.
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::fillJSValue): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::fillJSValue): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): (JSC::DFG::SpeculativeJIT::fillSpeculateInt52): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode):
  • dfg/DFGValidate.cpp: (JSC::DFG::Validate::validate):
  • dfg/DFGValueStrength.cpp: Added. (WTF::printInternal):
  • dfg/DFGValueStrength.h: Added. (JSC::DFG::merge):
  • dfg/DFGVariableEventStream.cpp: (JSC::DFG::VariableEventStream::tryToSetConstantRecovery): (JSC::DFG::VariableEventStream::reconstruct):
  • dfg/DFGVariableEventStream.h:
  • dfg/DFGWatchableStructureWatchingPhase.cpp: (JSC::DFG::WatchableStructureWatchingPhase::run): (JSC::DFG::WatchableStructureWatchingPhase::tryWatch):
  • dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle):
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
  • ftl/FTLLink.cpp: (JSC::FTL::link):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileDoubleConstant): (JSC::FTL::LowerDFGToLLVM::compileInt52Constant): (JSC::FTL::LowerDFGToLLVM::compileCheckStructure): (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): (JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant): (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant): (JSC::FTL::LowerDFGToLLVM::lowInt32): (JSC::FTL::LowerDFGToLLVM::lowCell): (JSC::FTL::LowerDFGToLLVM::lowBoolean): (JSC::FTL::LowerDFGToLLVM::lowJSValue): (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): (JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant): Deleted.
  • ftl/FTLOSRExitCompiler.cpp: (JSC::FTL::compileStub):
  • runtime/JSCJSValue.cpp: (JSC::JSValue::dumpInContext): (JSC::JSValue::dumpInContextAssumingStructure):
  • runtime/JSCJSValue.h:

LayoutTests:

[ftlopt] A DFG inlined ById access variant should not speak of a chain, but only of what structures to test the base for, whether to use a constant as an alternate base for the actual access, and what structures to check on what additional cell constants
https://bugs.webkit.org/show_bug.cgi?id=133821


Reviewed by Mark Hahnenberg.


  • js/regress/poly-chain-access-different-prototypes-expected.txt: Added.
  • js/regress/poly-chain-access-different-prototypes-simple-expected.txt: Added.
  • js/regress/poly-chain-access-different-prototypes-simple.html: Added.
  • js/regress/poly-chain-access-different-prototypes.html: Added.
  • js/regress/script-tests/poly-chain-access-different-prototypes-simple.js: Added.
  • js/regress/script-tests/poly-chain-access-different-prototypes.js: Added.


2014-06-11 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG get_by_id should inline chain accesses with a slightly polymorphic base
https://bugs.webkit.org/show_bug.cgi?id=133751


Reviewed by Mark Hahnenberg.


  • js/regress/poly-chain-access-expected.txt: Added.
  • js/regress/poly-chain-access-simpler-expected.txt: Added.
  • js/regress/poly-chain-access-simpler.html: Added.
  • js/regress/poly-chain-access.html: Added.
  • js/regress/script-tests/poly-chain-access-simpler.js: Added.
  • js/regress/script-tests/poly-chain-access.js: Added.
1:37 PM Changeset in webkit [171612] by dino@apple.com
  • 4 edits in branches/safari-600.1-branch/Source

Revert back to the Safari behavior from Mavericks and Mountain Lion
on this branch.
<rdar://problem/17800530>

Reviewed by Ricky Mondello.

WebKit:

  • WebView/WebPreferences.mm: (+[WebPreferences initialize]): Set WebGL preference default to off.

WebKit2:

  • Shared/WebPreferencesDefinitions.h: Set WebGL preference default to off.
1:26 PM Changeset in webkit [171611] by mhahnenberg@apple.com
  • 8 edits in branches/ftlopt/Source/JavaScriptCore

Fix 32-bit build breakage for type profiling
https://bugs.webkit.org/process_bug.cgi

Patch by Saam Barati <sbarati@apple.com> on 2014-07-25
Reviewed by Mark Hahnenberg.

32-bit builds currently break because global variable IDs for high
fidelity type profiling are int64_t. Change this to intptr_t so that
it's 32 bits on 32-bit platforms and 64 bits on 64-bit platforms.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::scopeDependentProfile):

  • bytecode/TypeLocation.h:
  • runtime/SymbolTable.cpp:

(JSC::SymbolTable::uniqueIDForVariable):
(JSC::SymbolTable::uniqueIDForRegister):

  • runtime/SymbolTable.h:
  • runtime/TypeLocationCache.cpp:

(JSC::TypeLocationCache::getTypeLocation):

  • runtime/TypeLocationCache.h:
  • runtime/VM.h:

(JSC::VM::getNextUniqueVariableID):

1:07 PM Changeset in webkit [171610] by commit-queue@webkit.org
  • 6 edits in trunk/Source/ThirdParty/ANGLE

[Win][ANGLE] Enable D3D11.
https://bugs.webkit.org/show_bug.cgi?id=135296

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-25
Reviewed by Alex Christensen.

Direct3D 11 is not enabled on Windows.

  • ANGLE.vcxproj/libGLESv2.vcxproj: Added files.
  • ANGLE.vcxproj/libGLESv2.vcxproj.filters: Ditto.
  • ANGLE.vcxproj/libGLESv2Common.props: Enable D3D11.
  • src/libGLESv2/precompiled.h: Header file does not exist, avoid include.
  • changes.diff: Updated diff.
12:39 PM Changeset in webkit [171609] by hyatt@apple.com
  • 3 edits
    3 adds in trunk

[New Multicolumn] RenderViews paginated as RL or LR don't handle percentage widths correctly.
REGRESSION: Images don’t scale to fit in page in vertical text books

https://bugs.webkit.org/show_bug.cgi?id=135204

Source/WebCore:
<rdar://problem/17043792>

Reviewed by Simon Fraser.

Added fast/multicol/pagination/RightToLeft-max-width.html

  • rendering/RenderView.cpp:

(WebCore::RenderView::availableLogicalHeight):
Put back in the same code that used to exist for the old columns (but ported to the new
columns).

LayoutTests:
<rdar://problem/17043792>

Reviewed by Simon Fraser.

  • fast/multicol/newmulticol/compare-with-old-impl/overflow-content-expected.html: Removed.
  • fast/multicol/newmulticol/compare-with-old-impl/overflow-content.html: Removed.
  • fast/multicol/pagination/RightToLeft-max-width.html: Added.
  • platform/mac/fast/multicol/pagination/RightToLeft-max-width-expected.png: Added.
  • platform/mac/fast/multicol/pagination/RightToLeft-max-width-expected.txt: Added.
12:08 PM Changeset in webkit [171608] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac] Unneeded MobileMe workaround in ResourceHandle::receivedCredential
https://bugs.webkit.org/show_bug.cgi?id=135297

Reviewed by Alexey Proskuryakov.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::receivedCredential): Removed the site-specific behavior for
gallery.me.com.

12:07 PM Changeset in webkit [171607] by commit-queue@webkit.org
  • 4 edits
    8 deletes in trunk

Unreviewed, rolling out r171480.
https://bugs.webkit.org/show_bug.cgi?id=135300

it broke replaced elements in pagination (Requested by dhyatt_
on #webkit).

Reverted changeset:

"Ensure we compute the min and max height of replaced elements
to 'none' or 0 when appropriate."
https://bugs.webkit.org/show_bug.cgi?id=135181
http://trac.webkit.org/changeset/171480

12:04 PM Changeset in webkit [171606] by mhahnenberg@apple.com
  • 2 edits in branches/ftlopt/Source/JavaScriptCore

Reindent PropertyNameArray.h
https://bugs.webkit.org/show_bug.cgi?id=135067

Reviewed by Geoffrey Garen.

  • runtime/PropertyNameArray.h:

(JSC::RefCountedIdentifierSet::contains):
(JSC::RefCountedIdentifierSet::size):
(JSC::RefCountedIdentifierSet::add):
(JSC::PropertyNameArrayData::create):
(JSC::PropertyNameArrayData::propertyNameVector):
(JSC::PropertyNameArrayData::PropertyNameArrayData):
(JSC::PropertyNameArray::PropertyNameArray):
(JSC::PropertyNameArray::vm):
(JSC::PropertyNameArray::add):
(JSC::PropertyNameArray::addKnownUnique):
(JSC::PropertyNameArray::operator[]):
(JSC::PropertyNameArray::setData):
(JSC::PropertyNameArray::data):
(JSC::PropertyNameArray::releaseData):
(JSC::PropertyNameArray::identifierSet):
(JSC::PropertyNameArray::canAddKnownUniqueForStructure):
(JSC::PropertyNameArray::size):
(JSC::PropertyNameArray::begin):
(JSC::PropertyNameArray::end):
(JSC::PropertyNameArray::numCacheableSlots):
(JSC::PropertyNameArray::setNumCacheableSlotsForObject):
(JSC::PropertyNameArray::setBaseObject):
(JSC::PropertyNameArray::setPreviouslyEnumeratedLength):

11:46 AM Changeset in webkit [171605] by mhahnenberg@apple.com
  • 71 edits
    12 adds in branches/ftlopt/Source

Refactor our current implementation of for-in
https://bugs.webkit.org/show_bug.cgi?id=134142

Reviewed by Filip Pizlo.

Source/JavaScriptCore:
This patch splits for-in loops into three distinct parts:

  • Iterating over the indexed properties in the base object.
  • Iterating over the Structure properties in the base object.
  • Iterating over any other enumerable properties for that object and any objects in the prototype chain.


It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
support the various operations required for each loop.

  • API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkStatus.h:

(JSC::CallLinkStatus::CallLinkStatus):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::emitGetEnumerableLength):
(JSC::BytecodeGenerator::emitHasGenericProperty):
(JSC::BytecodeGenerator::emitHasIndexedProperty):
(JSC::BytecodeGenerator::emitHasStructureProperty):
(JSC::BytecodeGenerator::emitGetStructurePropertyEnumerator):
(JSC::BytecodeGenerator::emitGetGenericPropertyEnumerator):
(JSC::BytecodeGenerator::emitNextEnumeratorPropertyName):
(JSC::BytecodeGenerator::emitToIndexString):
(JSC::BytecodeGenerator::pushIndexedForInScope):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::pushStructureForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):

  • bytecompiler/BytecodeGenerator.h:

(JSC::ForInContext::ForInContext):
(JSC::ForInContext::~ForInContext):
(JSC::ForInContext::isValid):
(JSC::ForInContext::invalidate):
(JSC::ForInContext::local):
(JSC::StructureForInContext::StructureForInContext):
(JSC::StructureForInContext::type):
(JSC::StructureForInContext::index):
(JSC::StructureForInContext::property):
(JSC::StructureForInContext::enumerator):
(JSC::IndexedForInContext::IndexedForInContext):
(JSC::IndexedForInContext::type):
(JSC::IndexedForInContext::index):
(JSC::BytecodeGenerator::pushOptimisedForIn): Deleted.
(JSC::BytecodeGenerator::popOptimisedForIn): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ForInNode::tryGetBoundLocal):
(JSC::ForInNode::emitLoopHeader):
(JSC::ForInNode::emitMultiLoopBytecode):
(JSC::ForInNode::emitBytecode):

  • debugger/DebuggerScope.h:
  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNode.h:

(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArrayMode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:

(JSC::JIT::compileHasIndexedProperty):
(JSC::JIT::emitInt32Load):

  • jit/JITInlines.h:

(JSC::JIT::emitDoubleGetByVal):
(JSC::JIT::emitLoadForArrayMode):
(JSC::JIT::emitContiguousGetByVal):
(JSC::JIT::emitArrayStorageGetByVal):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_enumerable_length):
(JSC::JIT::emit_op_has_structure_property):
(JSC::JIT::emitSlow_op_has_structure_property):
(JSC::JIT::emit_op_has_generic_property):
(JSC::JIT::privateCompileHasIndexedProperty):
(JSC::JIT::emit_op_has_indexed_property):
(JSC::JIT::emitSlow_op_has_indexed_property):
(JSC::JIT::emit_op_get_direct_pname):
(JSC::JIT::emitSlow_op_get_direct_pname):
(JSC::JIT::emit_op_get_structure_property_enumerator):
(JSC::JIT::emit_op_get_generic_property_enumerator):
(JSC::JIT::emit_op_next_enumerator_pname):
(JSC::JIT::emit_op_to_index_string):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_get_enumerable_length):
(JSC::JIT::emit_op_has_structure_property):
(JSC::JIT::emitSlow_op_has_structure_property):
(JSC::JIT::emit_op_has_generic_property):
(JSC::JIT::privateCompileHasIndexedProperty):
(JSC::JIT::emit_op_has_indexed_property):
(JSC::JIT::emitSlow_op_has_indexed_property):
(JSC::JIT::emit_op_get_direct_pname):
(JSC::JIT::emitSlow_op_get_direct_pname):
(JSC::JIT::emit_op_get_structure_property_enumerator):
(JSC::JIT::emit_op_get_generic_property_enumerator):
(JSC::JIT::emit_op_next_enumerator_pname):
(JSC::JIT::emit_op_to_index_string):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitDoubleLoad):
(JSC::JIT::emitContiguousLoad):
(JSC::JIT::emitArrayStorageLoad):
(JSC::JIT::emitDoubleGetByVal): Deleted.
(JSC::JIT::emitContiguousGetByVal): Deleted.
(JSC::JIT::emitArrayStorageGetByVal): Deleted.

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitContiguousLoad):
(JSC::JIT::emitDoubleLoad):
(JSC::JIT::emitArrayStorageLoad):
(JSC::JIT::emitContiguousGetByVal): Deleted.
(JSC::JIT::emitDoubleGetByVal): Deleted.
(JSC::JIT::emitArrayStorageGetByVal): Deleted.

  • llint/LowLevelInterpreter.asm:
  • parser/Nodes.h:
  • runtime/Arguments.cpp:

(JSC::Arguments::getOwnPropertyNames):

  • runtime/ClassInfo.h:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:
  • runtime/EnumerationMode.h: Added.

(JSC::shouldIncludeDontEnumProperties):
(JSC::shouldExcludeDontEnumProperties):
(JSC::shouldIncludeJSObjectPropertyNames):
(JSC::modeThatSkipsJSObject):

  • runtime/JSActivation.cpp:

(JSC::JSActivation::getOwnNonIndexPropertyNames):

  • runtime/JSArray.cpp:

(JSC::JSArray::getOwnNonIndexPropertyNames):

  • runtime/JSArrayBuffer.cpp:

(JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):

  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):

  • runtime/JSCell.cpp:

(JSC::JSCell::getEnumerableLength):
(JSC::JSCell::getStructurePropertyNames):
(JSC::JSCell::getGenericPropertyNames):

  • runtime/JSCell.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::getOwnNonIndexPropertyNames):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::getOwnNonIndexPropertyNames):

  • runtime/JSObject.cpp:

(JSC::getClassPropertyNames):
(JSC::JSObject::hasOwnProperty):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::getOwnNonIndexPropertyNames):
(JSC::JSObject::getEnumerableLength):
(JSC::JSObject::getStructurePropertyNames):
(JSC::JSObject::getGenericPropertyNames):

  • runtime/JSObject.h:
  • runtime/JSPropertyNameEnumerator.cpp: Added.

(JSC::JSPropertyNameEnumerator::create):
(JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
(JSC::JSPropertyNameEnumerator::finishCreation):
(JSC::JSPropertyNameEnumerator::destroy):
(JSC::JSPropertyNameEnumerator::visitChildren):

  • runtime/JSPropertyNameEnumerator.h: Added.

(JSC::JSPropertyNameEnumerator::createStructure):
(JSC::JSPropertyNameEnumerator::propertyNameAtIndex):
(JSC::JSPropertyNameEnumerator::identifierSet):
(JSC::JSPropertyNameEnumerator::cachedPrototypeChain):
(JSC::JSPropertyNameEnumerator::setCachedPrototypeChain):
(JSC::JSPropertyNameEnumerator::cachedStructure):
(JSC::JSPropertyNameEnumerator::cachedStructureID):
(JSC::JSPropertyNameEnumerator::cachedInlineCapacity):
(JSC::JSPropertyNameEnumerator::cachedStructureIDOffset):
(JSC::JSPropertyNameEnumerator::cachedInlineCapacityOffset):
(JSC::JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset):
(JSC::JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset):
(JSC::structurePropertyNameEnumerator):
(JSC::genericPropertyNameEnumerator):

  • runtime/JSProxy.cpp:

(JSC::JSProxy::getEnumerableLength):
(JSC::JSProxy::getStructurePropertyNames):
(JSC::JSProxy::getGenericPropertyNames):

  • runtime/JSProxy.h:
  • runtime/JSSymbolTableObject.cpp:

(JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):

  • runtime/PropertyNameArray.cpp:

(JSC::PropertyNameArray::add):
(JSC::PropertyNameArray::setPreviouslyEnumeratedProperties):

  • runtime/PropertyNameArray.h:

(JSC::RefCountedIdentifierSet::contains):
(JSC::RefCountedIdentifierSet::size):
(JSC::RefCountedIdentifierSet::add):
(JSC::PropertyNameArray::PropertyNameArray):
(JSC::PropertyNameArray::add):
(JSC::PropertyNameArray::addKnownUnique):
(JSC::PropertyNameArray::identifierSet):
(JSC::PropertyNameArray::canAddKnownUniqueForStructure):
(JSC::PropertyNameArray::setPreviouslyEnumeratedLength):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::getOwnNonIndexPropertyNames):
(JSC::RegExpObject::getPropertyNames):
(JSC::RegExpObject::getGenericPropertyNames):

  • runtime/RegExpObject.h:
  • runtime/StringObject.cpp:

(JSC::StringObject::getOwnPropertyNames):

  • runtime/Structure.cpp:

(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::setCachedStructurePropertyNameEnumerator):
(JSC::Structure::cachedStructurePropertyNameEnumerator):
(JSC::Structure::setCachedGenericPropertyNameEnumerator):
(JSC::Structure::cachedGenericPropertyNameEnumerator):
(JSC::Structure::canCacheStructurePropertyNameEnumerator):
(JSC::Structure::canCacheGenericPropertyNameEnumerator):
(JSC::Structure::canAccessPropertiesQuickly):

  • runtime/Structure.h:
  • runtime/StructureRareData.cpp:

(JSC::StructureRareData::visitChildren):
(JSC::StructureRareData::cachedStructurePropertyNameEnumerator):
(JSC::StructureRareData::setCachedStructurePropertyNameEnumerator):
(JSC::StructureRareData::cachedGenericPropertyNameEnumerator):
(JSC::StructureRareData::setCachedGenericPropertyNameEnumerator):

  • runtime/StructureRareData.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

Source/WebCore:
No new tests.

This patch splits for-in loops into three distinct parts:

  • Iterating over the indexed properties in the base object.
  • Iterating over the Structure properties in the base object.
  • Iterating over any other enumerable properties for that object and any objects in the prototype chain.


It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
support the various operations required for each loop.

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getEnumerableLength):
(WebCore::JSDOMWindow::getStructurePropertyNames):
(WebCore::JSDOMWindow::getGenericPropertyNames):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):

  • bridge/runtime_array.cpp:

(JSC::RuntimeArray::getOwnPropertyNames):

Source/WebKit2:

  • WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::invalidate): Fixed an invalid ASSERT that was crashing in debug builds.

10:53 AM Changeset in webkit [171604] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171578. <rdar://problem/17811466>

10:52 AM Changeset in webkit [171603] by Lucas Forschler
  • 2 edits in tags/Safari-600.1.3/Source/JavaScriptCore

Merged r171578. <rdar://problem/17811466>

10:50 AM Changeset in webkit [171602] by Lucas Forschler
  • 2 edits in tags/Safari-600.1.2.1/Source/JavaScriptCore

Merged r171578. <rdar://problem/17805592>

10:39 AM Changeset in webkit [171601] by commit-queue@webkit.org
  • 8 edits
    2 deletes in trunk

Unreviewed, rolling out r171587.
https://bugs.webkit.org/show_bug.cgi?id=135294

Made fast/dom/HTMLObjectElement/beforeload-set-text-
crash.xhtml crash again (Requested by ap on #webkit).

Reverted changeset:

"REGRESSION (r169105): Crash in selection"
https://bugs.webkit.org/show_bug.cgi?id=134303
http://trac.webkit.org/changeset/171587

9:41 AM Changeset in webkit [171600] by mitz@apple.com
  • 4 edits in trunk/Source/WebCore

ResourceErrorBase::compare doesn’t call the right platformCompare override
https://bugs.webkit.org/show_bug.cgi?id=135240

Reviewed by Alexey Proskuryakov.

  • platform/network/ResourceErrorBase.cpp:

(WebCore::ResourceErrorBase::compare): Changed to call ResourceError::platformCompare.

  • platform/network/cf/ResourceError.h: Made platformCompare public.
  • platform/network/soup/ResourceError.h: Ditto.
9:39 AM Changeset in webkit [171599] by mitz@apple.com
  • 4 edits in trunk/Source/WebCore

[Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases
https://bugs.webkit.org/show_bug.cgi?id=135241

Reviewed by Alexey Proskuryakov.

  • WebCore.exp.in: Export ProtectionSpace::receivesCredentialSecurely.
  • platform/network/cocoa/ProtectionSpaceCocoa.h: Declare override of receivesCredentialSecurely.
  • platform/network/cocoa/ProtectionSpaceCocoa.mm:

(WebCore::ProtectionSpace::receivesCredentialSecurely): Use -[NSURLProtectionSpace receivesCredentialSecurely].

9:18 AM Changeset in webkit [171598] by commit-queue@webkit.org
  • 3 edits in trunk

[GTK] CMake tries to install JavaScriptCore-3.0.gir outside of install prefix
https://bugs.webkit.org/show_bug.cgi?id=135288

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-07-25
Reviewed by Martin Robinson.

  • Source/cmake/FindGObjectIntrospection.cmake: pass correct libdir and

datadir to pkgconfig

  • Source/cmake/OptionsGTK.cmake: define install directories early

enough to be used in FindGObjectIntrospection.cmake

8:33 AM Changeset in webkit [171597] by Lucas Forschler
  • 14 edits in tags/Safari-600.1.3

Merged r171593. <rdar://problem/16878037>

8:32 AM Changeset in webkit [171596] by Lucas Forschler
  • 14 edits in branches/safari-600.1-branch

Merged r171593. <rdar://problem/16878037>

8:21 AM Changeset in webkit [171595] by Alan Bujtas
  • 2 edits in trunk/LayoutTests

Unreviewed media test gardening after r171593.

  • platform/mac/http/tests/media/hls/video-controls-live-stream-expected.txt:
8:08 AM Changeset in webkit [171594] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Add --dry-run option to sort-export-file
https://bugs.webkit.org/show_bug.cgi?id=135048

Patch by Renato Nagy <nagy.renato@stud.u-szeged.hu> on 2014-07-25
Reviewed by Csaba Osztrogonác.

Added --dry-run option to sort-export-file. Running the script with --dry-run
option does not sort the export files but creates a list of the files that
need to be sorted.

  • Scripts/sort-export-file:

(sawError):

7:47 AM Changeset in webkit [171593] by Alan Bujtas
  • 14 edits in trunk

Subpixel rendering: iOS video playback controls look blurry.
https://bugs.webkit.org/show_bug.cgi?id=135245
<rdar://problem/16878037>

Reviewed by Simon Fraser.

This patch introduces a compositing parent of the overlay control panel so that
the transformed overlay panel becomes sharp. This is a workaround for webkit.org/b/135246.

Can't find a way to test it yet.

Source/WebCore:

  • Modules/mediacontrols/mediaControlsApple.css:

(video::-webkit-media-controls-panel-composited-parent):

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls):
(Controller.prototype.addControls):

  • Modules/mediacontrols/mediaControlsiOS.css:

(video::-webkit-media-controls-panel-composited-parent):

  • Modules/mediacontrols/mediaControlsiOS.js: This is a workaround for webkit.org/b/135248

It pushes the overlay panel down to close the gap with the video element. Since the
panel's size in css pixels is scale dependent, the gap needs to be scale dependent too.
(ControllerIOS.prototype.set pageScaleFactor):

LayoutTests:

  • platform/mac/fast/hidpi/video-controls-in-hidpi-expected.txt:
  • platform/mac/fast/layers/video-layer-expected.txt:
  • platform/mac/media/audio-controls-rendering-expected.txt:
  • platform/mac/media/controls-after-reload-expected.txt:
  • platform/mac/media/controls-strict-expected.txt:
  • platform/mac/media/controls-without-preload-expected.txt:
  • platform/mac/media/media-controls-clone-expected.txt:
  • platform/mac/media/video-no-audio-expected.txt:
4:01 AM Changeset in webkit [171592] by krit@webkit.org
  • 2 edits in trunk/LayoutTests

Unreviewed rebaseline of test. Uploaded wrong result.

Patch by Dirk Schulze <krit@webkit.org> on 2014-07-25

  • svg/css/parse-length-expected.txt:
2:52 AM Changeset in webkit [171591] by krit@webkit.org
  • 29 edits
    1 move
    3 adds
    1 delete in trunk

Turn x/y to presentation attributes
https://bugs.webkit.org/show_bug.cgi?id=135215

Source/WebCore:
Patch by Dirk Schulze <krit@webkit.org> on 2014-07-24
Reviewed by Dean Jackson.

This follows the patch for width and height presentation attributes and
turns x and y to presentation attributes as well:

http://trac.webkit.org/changeset/171341

Tests: svg/css/parse-length.html

transitions/svg-layout-transition.html

Added copyright where I forgot it in previous patch.

  • css/CSSComputedStyleDeclaration.cpp: Computed style of x and y.

(WebCore::ComputedStyleExtractor::propertyValue):

  • css/CSSParser.cpp:

(WebCore::isSimpleLengthPropertyID): Add x and y to list.

  • css/DeprecatedStyleBuilder.cpp:

(WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder): Resolve x and y.

  • css/SVGCSSParser.cpp:

(WebCore::CSSParser::parseSVGValue): Parse x and y property.

  • css/SVGCSSPropertyNames.in: Add x and y to list of names.
  • css/StyleResolver.h:
  • page/animation/CSSPropertyAnimation.cpp: Animate x and y as Length.

(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):

  • rendering/style/RenderStyle.h: Add x and y setters and getters.
  • rendering/style/SVGRenderStyle.cpp: Add x and y setters for StyleLayoutData.

(WebCore::SVGRenderStyle::SVGRenderStyle):
(WebCore::SVGRenderStyle::operator==):
(WebCore::SVGRenderStyle::copyNonInheritedFrom):
(WebCore::SVGRenderStyle::diff):

  • rendering/style/SVGRenderStyle.h:

(WebCore::SVGRenderStyle::setX):
(WebCore::SVGRenderStyle::setY):
(WebCore::SVGRenderStyle::x):
(WebCore::SVGRenderStyle::y):

  • rendering/style/SVGRenderStyleDefs.cpp: Add StyleLayoutData for style storing.

(WebCore::StyleLayoutData::StyleLayoutData):
(WebCore::StyleLayoutData::copy):
(WebCore::StyleLayoutData::operator==):

  • rendering/style/SVGRenderStyleDefs.h:

(WebCore::StyleLayoutData::create):
(WebCore::StyleLayoutData::operator!=):

  • rendering/svg/RenderSVGRect.cpp:

(WebCore::RenderSVGRect::updateShapeFromElement):

  • rendering/svg/SVGPathData.cpp: Use RenderStyle values rather than attribute values.

(WebCore::updatePathFromRectElement):

  • svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::isTargetAttributeCSSProperty): Fix text detection.

  • svg/SVGElement.cpp: Add x and y to the relevant property lists.

(WebCore::populateAttributeNameToCSSPropertyIDMap):
(WebCore::populateCSSPropertyWithSVGDOMNameToAnimatedPropertyTypeMap):

  • svg/SVGFilterElement.cpp: Style update on change of x and y.

(WebCore::SVGFilterElement::svgAttributeChanged):

  • svg/SVGMaskElement.cpp: Ditto.

(WebCore::SVGMaskElement::svgAttributeChanged):

  • svg/SVGPatternElement.cpp: Ditto.

(WebCore::SVGPatternElement::svgAttributeChanged):

  • svg/SVGRectElement.cpp: Ditto.

(WebCore::SVGRectElement::svgAttributeChanged):

  • svg/SVGTextPositioningElement.cpp: Exclude x and y of text elements since they

are lists instead of individual values. Solution about to be discussed
in the WG. Keep current behavior for now.

(WebCore::SVGTextPositioningElement::collectStyleForPresentationAttribute):
(WebCore::SVGTextPositioningElement::isPresentationAttribute):

  • svg/SVGTextPositioningElement.h:

LayoutTests:
Test parsing of x and y attributes. Rendering and SVG animation
covered by existing tests.
CSS Transition test, test transition from specified attribute value
to new property value.

Patch by Dirk Schulze <krit@webkit.org> on 2014-07-24
Reviewed by Dean Jackson.

  • svg/css/parse-length-expected.txt: Added.
  • svg/css/parse-length.html: Renamed from LayoutTests/svg/css/parse-width.html.
  • svg/css/parse-width-expected.txt: Removed.
  • transitions/svg-layout-transition-expected.txt: Added.
  • transitions/svg-layout-transition.html: Added.
12:17 AM Changeset in webkit [171590] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source

Versioning.

12:12 AM Changeset in webkit [171589] by Lucas Forschler
  • 1 copy in tags/Safari-600.1.3

New Tag.

Jul 24, 2014:

11:58 PM Changeset in webkit [171588] by Yusuke Suzuki
  • 8 edits
    8 adds in trunk

CSS JIT: Implement Pseudo Element
https://bugs.webkit.org/show_bug.cgi?id=134835

Reviewed by Benjamin Poulain.

Implement Pseudo Element handling for CSS JIT SelectorCompiler.
At first, we start with the simple implementation. We handle limited number of pseudo element,
before, after, first-line, first-letter.

Source/WebCore:
Tests: fast/selectors/pseudo-element-inside-any.html

fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any.html
fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not.html
fast/selectors/querySelector-pseudo-element.html

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ruleMatches):

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
(WebCore::SelectorCompiler::constructFragments):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::loadCheckingContext):
(WebCore::SelectorCompiler::SelectorCodeGenerator::branchOnResolvingModeWithCheckingContext):
(WebCore::SelectorCompiler::SelectorCodeGenerator::branchOnResolvingMode):
(WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNotResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasPseudoElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateRequestedPseudoElementEqualsToSelectorPseudoElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateMarkPseudoStyleForPseudoElement):

  • cssjit/SelectorCompiler.h:
  • rendering/style/RenderStyle.h:
  • rendering/style/RenderStyleConstants.h:

LayoutTests:

  • fast/selectors/pseudo-element-inside-any-expected.html: Added.
  • fast/selectors/pseudo-element-inside-any.html: Added.

Inside functional pseudo classes such as ":-webkit-any", when pseudo element comes (e.g. ":-webkit-any(::first-letter)"),
it produces a local failure. So if the other selectors are matched against the element, whole ":-webkit-any" succeeds.
For example, a selector ":-webkit-any(::first-letter, p)" matches against p elements.

  • fast/selectors/querySelector-pseudo-element-expected.txt: Added.
  • fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any-expected.txt: Added.
  • fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any.html: Added.
  • fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not-expected.txt: Added.
  • fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not.html: Added.
  • fast/selectors/querySelector-pseudo-element.html: Added.
11:24 PM Changeset in webkit [171587] by abucur@adobe.com
  • 8 edits
    2 adds in trunk

REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Patch by Radu Stavila <stavila@adobe.com> on 2014-07-24
Reviewed by David Hyatt.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Test: fast/regions/selection/crash-deselect.html

  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderSelectionInfo.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::setSelection):
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::setSubtreeSelection): Deleted.

  • rendering/RenderView.h:
  • rendering/SelectionSubtreeRoot.cpp:

(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):

  • rendering/SelectionSubtreeRoot.h:

(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

  • fast/regions/selection/crash-deselect-expected.txt: Added.
  • fast/regions/selection/crash-deselect.html: Added.
11:13 PM Changeset in webkit [171586] by Lucas Forschler
  • 7 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171471. <rdar://problem/17764847>

11:10 PM Changeset in webkit [171585] by Lucas Forschler
  • 7 edits in branches/safari-600.1-branch/Source

Merged r171203. <rdar://problem/17617282>

11:06 PM Changeset in webkit [171584] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171580. <rdar://problem/17748416>

11:04 PM Changeset in webkit [171583] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171577. <rdar://problem/17803347>

11:02 PM Changeset in webkit [171582] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171576. <rdar://problem/17804891>

11:00 PM Changeset in webkit [171581] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source/WebKit/mac

Merged r171575. <rdar://problem/17784826>

9:51 PM Changeset in webkit [171580] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

REGRESSION(r164401): Placing a caret doesn't bring up autocorrection panel
https://bugs.webkit.org/show_bug.cgi?id=135278

Reviewed by Tim Horton.

The bug was caused by editorUIUpdateTimerFired calling respondToChangedSelection only if the selection was
triggered by dictation instead of only if it was NOT triggered by dictation.

Prior to r164401, AlternativeTextController::respondToMarkerAtEndOfWord exited early when SetSelectionOptions
had DictationTriggered set. r164401 intended to move this check to editorUIUpdateTimerFired to avoid passing
options around but the boolean condition was erroneously flipped.

Fixed the bug by negating the condition in editorUIUpdateTimerFired.

No new tests for now since autocorrection panel cannot be tested automatically. (We should really automate this!)

  • editing/Editor.cpp:

(WebCore::Editor::editorUIUpdateTimerFired):

9:27 PM Changeset in webkit [171579] by psolanki@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION(r171526): [GTK] Massive crashes.
https://bugs.webkit.org/show_bug.cgi?id=135283

Unreviewed. GTK build fix after r171526. Initialize m_buffer in SharedBuffer constructor.

  • platform/soup/SharedBufferSoup.cpp:

(WebCore::SharedBuffer::SharedBuffer):

8:12 PM Changeset in webkit [171578] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

[Win] Correct build order in JavaScriptCore.submit.sln
https://bugs.webkit.org/show_bug.cgi?id=135282
<rdar://problem/17805592>

Unreviewed build fix.

  • JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Correct build order

such that LLIntDesiredOffset is built prior to the rest of JSC.

8:12 PM Changeset in webkit [171577] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Crashes under scanSelectionForTelephoneNumbers in Range::text() on some sites
https://bugs.webkit.org/show_bug.cgi?id=135281
<rdar://problem/17803347>

Reviewed by Ryosuke Niwa.

  • editing/Editor.cpp:

(WebCore::Editor::scanSelectionForTelephoneNumbers):
toNormalizedRange is not guaranteed to return a non-null range.
If it returns null, pass the empty markedRanges down to the client as our new set.

8:00 PM Changeset in webkit [171576] by benjamin@webkit.org
  • 2 edits in trunk/Source/WebKit2

[iOS][WK2] Do not try to hit test a null mainFrameRenderView on dynamicViewportSizeUpdate()
https://bugs.webkit.org/show_bug.cgi?id=135277
<rdar://problem/17804891>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-24
Reviewed by Tim Horton.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::dynamicViewportSizeUpdate):
There is no guarantee that the main frame have its root view when performing a dynamicViewportSizeUpdate(),
we should not attempt to use the layer without null checking it first.

The odd part for me is <rdar://problem/17804891> is a little too frequent. In the vast majority of cases,
there is a RenderView, it seems actually pretty hard not to have one on dynamicViewportSizeUpdate().

Skipping hit testing is safe because it is a completely optional part of this algorithm.
When the hit test is not done, the new position is computed based on the relative position prior to
the size change.

7:26 PM Changeset in webkit [171575] by psolanki@apple.com
  • 5 edits in trunk/Source/WebKit/mac

[iOS] Remove prefs to tweak cache values
https://bugs.webkit.org/show_bug.cgi?id=135274
<rdar://problem/17784826>

Reviewed by Alexey Proskuryakov.

Remove iOS specific code that used to look up user defaults to see if any cache values were
overridden. This was added for testing, is not used any more and is actually harmful now. It
can cause unnecessary memory churn when under memory pressure since we call [WebView _setCacheModel]
as a means to clear out memory cache.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences _setNSURLMemoryCacheSize:]): Deleted.
(-[WebPreferences _NSURLMemoryCacheSize]): Deleted.
(-[WebPreferences _setNSURLDiskCacheSize:]): Deleted.
(-[WebPreferences _NSURLDiskCacheSize]): Deleted.

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(+[WebView _setCacheModel:]):

6:31 PM Changeset in webkit [171574] by mitz@apple.com
  • 6 edits in trunk/Source

Source/WebCore: WebCore part of <rdar://problem/17593701> Assertion failure in WebPage::reload (!m_pendingNavigationID) when reloading after a same-document back navigation
https://bugs.webkit.org/show_bug.cgi?id=135129

Reviewed by Darin Adler.

  • WebCore.exp.in: Exported equalIgnoringFragmentIdentifier(const URL&, const URL&).

Source/WebKit2: WebKit2 part of <rdar://problem/17593701> Assertion failure in WebPage::reload (!m_pendingNavigationID) when reloading after a same-document back navigation
https://bugs.webkit.org/show_bug.cgi?id=135129

Reviewed by Darin Adler.

  • Shared/WebBackForwardListItem.cpp:

(WebKit::childItemWithDocumentSequenceNumber): New helper function based on
WebCore::HistoryItem::childItemWithDocumentSequenceNumber.
(WebKit::documentTreesAreEqual): New helper function based on
WebCore::HistoryItem::hasSameDocumentTree.
(WebKit::WebBackForwardListItem::itemIsInSameDocument): Added. Based on
WebCore::HistoryItem::shouldDoSameDocumentNavigationTo.

  • Shared/WebBackForwardListItem.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::goForward): Don’t assign a new navigation ID if the back-forward
navigation is a same-document navigation.
(WebKit::WebPageProxy::goBack): Ditto.
(WebKit::WebPageProxy::goToBackForwardItem): Ditto.

6:18 PM Changeset in webkit [171573] by Lucas Forschler
  • 3 edits
    2 copies in branches/safari-600.1-branch

Merged r171567. <rdar://problem/17781423>

6:16 PM Changeset in webkit [171572] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171570. <rdar://problem/17803170>

6:12 PM Changeset in webkit [171571] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171564. <rdar://problem/17757800>

6:11 PM Changeset in webkit [171570] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Sometimes WKWebView is blank after resuming the app, until you scroll
https://bugs.webkit.org/show_bug.cgi?id=135275
<rdar://problem/17803170>

Reviewed by Benjamin Poulain.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::dispatchViewStateChange):
If the UI process is waiting for a didUpdateViewState, we need to *always*
get a reply from the Web Process, so dispatchViewStateChange should *always*
send SetViewState even if nothing changed (so that we get the reply).

6:08 PM Changeset in webkit [171569] by Lucas Forschler
  • 4 edits
    2 copies in branches/safari-600.1-branch

Merged r171561. <rdar://problem/16591706>

6:05 PM Changeset in webkit [171568] by Lucas Forschler
  • 6 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171560. <rdar://problem/17542454>

6:05 PM Changeset in webkit [171567] by Simon Fraser
  • 3 edits
    2 adds in trunk

[iOS WK1] CSS viewport units use the wrong viewport size in WebKit1
https://bugs.webkit.org/show_bug.cgi?id=135254
<rdar://problem/17781423>

Reviewed by Tim Horton.

Source/WebCore:

Test: fast/css/viewport-units-dynamic.html

In WebKit1 on iOS, we want to resolve viewport units against the visible
viewport, not the legacy WK1 notion of the "viewport" which is the entire document.

Fixes rendering of medium.com articles in WK1 views on iPad.

  • page/FrameView.cpp:

(WebCore::FrameView::viewportSizeForCSSViewportUnits):

LayoutTests:

New test that ensures that viewport units are resolved against the correct
viewport size after the first style recalc.

  • fast/css/viewport-units-dynamic.html: Added.
  • platform/mac/fast/css/viewport-units-dynamic-expected.txt: Added.
6:03 PM Changeset in webkit [171566] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171559. <rdar://problem/17598815>

5:59 PM Changeset in webkit [171565] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171558. <rdar://problem/17041912>

5:59 PM Changeset in webkit [171564] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

JSWrapperMap's jsWrapperForObject() needs to keep weak prototype and constructors from being GCed.
<https://webkit.org/b/135258>

Reviewed by Mark Hahnenberg.

Where needed, we cache the prototype object pointer in a stack local var.
This allows it to be scanned by the GC, and hence be kept alive until
we use it. The constructor object will in turn be kept alive by the
prototype object.

Also added some comments to warn against future code additions that could
regress this issue.

  • API/JSWrapperMap.mm:

(-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
(-[JSObjCClassInfo reallocateConstructorAndOrPrototype]):
(-[JSObjCClassInfo wrapperForObject:]):
(-[JSObjCClassInfo constructor]):

5:57 PM Changeset in webkit [171563] by Lucas Forschler
  • 4 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171505. <rdar://problem/17713033>

5:53 PM Changeset in webkit [171562] by Lucas Forschler
  • 7 edits
    2 copies in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171543. <rdar://problem/17706699>

5:27 PM Changeset in webkit [171561] by mmaxfield@apple.com
  • 4 edits
    2 adds in trunk

Crash when measuring a glyphs from a fallback SVG font
https://bugs.webkit.org/show_bug.cgi?id=135264

Reviewed by Simon Fraser.

Source/WebCore:
We can't realize font data for all fallback fonts ahead
of time, but we don't have all the necessary context to
realize SVG fallback data when it's needed. For now, we
can just bail; however, a larger, more invasive fix is
in order.

Test: svg/text/svg-fallback-font-crash.html

  • platform/graphics/WidthIterator.cpp:

(WebCore::applyFontTransforms):

LayoutTests:
Render some text with a fallback SVG Font including a glyph which
only exists in that fallback font. Make sure there is no crash.

  • svg/text/resources/Litherum.svg:
  • svg/text/svg-fallback-font-crash-expected.txt: Added.
  • svg/text/svg-fallback-font-crash.html: Added.
5:24 PM Changeset in webkit [171560] by Simon Fraser
  • 6 edits in trunk/Source/WebKit2

[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
https://bugs.webkit.org/show_bug.cgi?id=135221
<rdar://problem/17542454>

Reviewed by Benjamin Poulain.

The call to didCommitLayerTree() can cause one or two visible rect updates,
via changes to the UIScrollView contentSize and contentOffset. As a result, we
would notify the scrolling tree about a viewport change, but using the old
scrolling tree rather than the new one, so we could move layers around for
nodes which are about to be removed from the tree.

However, we also have to ensure that programmatic scrolls are applied after
didCommitLayerTree() has updated the view size, so have RemoteScrollingCoordinatorProxy
store data about programmatic scrolls and return them to the caller, which
can apply them after didCommitLayerTree().

  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp: Store a pointer to a RequestedScrollInfo

for the duration of the tree update, so that we can store requested scroll info in it.
(WebKit::RemoteScrollingCoordinatorProxy::RemoteScrollingCoordinatorProxy):
(WebKit::RemoteScrollingCoordinatorProxy::updateScrollingTree):
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll):

  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didCommitLayerTree): Give Mac a stub implementation.

  • UIProcess/WebPageProxy.h: Group some editing-related functions together.

(WebKit::WebPageProxy::editorState):
(WebKit::WebPageProxy::canDelete):
(WebKit::WebPageProxy::hasSelectedRange):
(WebKit::WebPageProxy::isContentEditable):
(WebKit::WebPageProxy::maintainsInactiveSelection):

  • UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree): Ordering change: update
the layer tree, then call didCommitLayerTree(), then do the viewport update, followed
by any programmatic scroll.

5:15 PM Changeset in webkit [171559] by dbates@webkit.org
  • 2 edits in trunk/Source/WebCore

And Alexey Proskuryakov <ap@apple.com>

[iOS] REGRESSION (WebKit2): Can't login to Wordpress.com, facebook.com when always allowing cookies
https://bugs.webkit.org/show_bug.cgi?id=135273
<rdar://problem/17598815>

Reviewed by Alexey Proskuryakov.

Fixes an issue where cookies may be created in the wrong cookie store.

Currently, when we update the CFURLRequest object associated with a ResourceRequest object
we explicitly set a cookie storage, cookie accept policy, and SSL properties based on the
corresponding values in the old CFURLRequest object (if we have one). This ultimately leads
to CFNetwork associating the cookies for the request with a different cookie store when we
handle the request in the NetworkProcess. Instead, we shouldn't set these properties
explicitly as we already copy them implicitly earlier (via CFURLRequestCreateMutableCopy()).

  • platform/network/cf/ResourceRequestCFNet.cpp:

(WebCore::ResourceRequest::doUpdatePlatformRequest):

4:56 PM Changeset in webkit [171558] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

JSLock release should only modify the AtomicStringTable if it modified in acquire
https://bugs.webkit.org/show_bug.cgi?id=135143

Reviewed by Darin Adler.

  • runtime/JSLock.cpp:

(JSC::JSLock::JSLock):
Initialize the member variable to nullptr.

(JSC::JSLock::willDestroyVM):
Update style to use nullptr instead of 0.

(JSC::JSLock::willReleaseLock):
We should only reset the thread data's atomic string table if
didAcquireLock changed it. m_entryAtomicStringTable will have
been set by didAcquireLock if it changed, or nullptr if it didn't.
This way we are sure we are balanced, regardless of m_vm changes.

4:50 PM Changeset in webkit [171557] by commit-queue@webkit.org
  • 8 edits in trunk/Source

Rename feature flag for long-press gesture on Mac.

Source/JavaScriptCore:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

  • Configurations/FeatureDefines.xcconfig:

Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebCore:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

  • Configurations/FeatureDefines.xcconfig:

Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebKit/mac:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

  • Configurations/FeatureDefines.xcconfig:

Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebKit2:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

  • Configurations/FeatureDefines.xcconfig:

Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

4:38 PM Changeset in webkit [171556] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171554. <rdar://problem/17766348>

4:35 PM Changeset in webkit [171555] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

GTK jhbuild modules needs to build xserver with --disable-local-transport
https://bugs.webkit.org/show_bug.cgi?id=135262

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-07-24
Reviewed by Martin Robinson.

  • gtk/jhbuild.modules:

Build X server with --disable-local-transport, since local transport
is only supported on Solaris, SCO, and System V. Fixes build on
Fedora.

4:34 PM Changeset in webkit [171554] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

Fixed Windows build fix.

  • platform/network/cf/AuthenticationCF.cpp:
4:30 PM Changeset in webkit [171553] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r171527.
https://bugs.webkit.org/show_bug.cgi?id=135265

Breaks JSC API tests (Requested by mlam on #webkit).

Reverted changeset:

"JSWrapperMap's jsWrapperForObject() needs to defer GC."
https://bugs.webkit.org/show_bug.cgi?id=135258
http://trac.webkit.org/changeset/171527

4:29 PM Changeset in webkit [171552] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[GTK] build-webkit script fails under jhbuild if ACLOCAL_FLAGS is unset
https://bugs.webkit.org/show_bug.cgi?id=135065

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-07-24
Reviewed by Martin Robinson.

  • jhbuild/jhbuild-wrapper:

(ensure_jhbuild): do not assume jhbuild sets ACLOCAL_FLAGS

4:28 PM Changeset in webkit [171551] by Lucas Forschler
  • 4 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171545. <rdar://problem/17766348>

4:27 PM Changeset in webkit [171550] by Lucas Forschler
  • 28 edits
    6 copies
    1 delete in branches/safari-600.1-branch/Source

Merged r171540. <rdar://problem/17766348>

4:21 PM Changeset in webkit [171549] by Lucas Forschler
  • 10 edits in branches/safari-600.1-branch/Source

Merged r171532. <rdar://problem/17279500>

4:17 PM Changeset in webkit [171548] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171519. <rdar://problem/17798346>

4:16 PM Changeset in webkit [171547] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171518. <rdar://problem/17797103>

4:11 PM Changeset in webkit [171546] by Lucas Forschler
  • 6 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171526. <rdar://problem/17470655>

4:01 PM Changeset in webkit [171545] by mitz@apple.com
  • 4 edits in trunk/Source/WebCore

Attempted Windows build fix.

  • platform/network/cf/AuthenticationCF.cpp:

(WebCore::AuthenticationChallenge::AuthenticationChallenge):

  • platform/network/cf/CredentialStorageCFNet.cpp:

(WebCore::CredentialStorage::getFromPersistentStorage):

  • platform/network/cf/ProtectionSpaceCFNet.cpp:

(WebCore::ProtectionSpace::receivesCredentialSecurely):
(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Deleted.

4:01 PM Changeset in webkit [171544] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171497. <rdar://problem/17470655>

3:56 PM Changeset in webkit [171543] by mhahnenberg@apple.com
  • 7 edits
    2 adds in trunk/Source/JavaScriptCore

Creating a JSGlobalObject with a custom JSClassRef results in a JSProxy with the wrong prototype
https://bugs.webkit.org/show_bug.cgi?id=135250

Reviewed by Geoffrey Garen.

JSGlobalObject::resetPrototype (which is called from JSGlobalContextCreateInGroup) doesn't change its
JSProxy's prototype as well. This results in a JSProxy where no properties in the original prototype
chain (as created from the JSClassRef hierarchy) are accessible. Changing resetPrototype to also change
the JSProxy's prototype fixes the issue.

  • API/JSValueRef.cpp:

(JSValueIsObjectOfClass): Also fixed a bug where a JSProxy for a JSGlobalObject with a custom JSClassRef
would claim it wasn't of the specified class, even if the target was of the specified class.

  • API/tests/CustomGlobalObjectClassTest.c: Added.

(jsDoSomething):
(customGlobalObjectClassTest):

  • API/tests/CustomGlobalObjectClassTest.h: Added.
  • API/tests/testapi.c:

(assertTrue):
(main):

(JSC::JSGlobalObject::resetPrototype):

3:55 PM Changeset in webkit [171542] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171485. <rdar://problem/17782623>

3:54 PM Changeset in webkit [171541] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171201. <rdar://problem/17082607>

3:51 PM Changeset in webkit [171540] by mitz@apple.com
  • 28 edits
    2 copies
    1 move
    3 adds in trunk/Source

Source/WebCore: <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

  • CMakeLists.txt: Updated for rename of a source file.
  • WebCore.exp.in: Updated.
  • WebCore.vcxproj/WebCore.vcxproj: Updated for rename of source files, added

ProtectionSpaceCFNet.{cpp,h}.

  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Updated for rename of source files, added

ProtectionSpaceCococa.{h.mm}.

  • platform/network/ProtectionSpace.cpp: Renamed to ProtectionSpaceBase.cpp.
  • platform/network/ProtectionSpace.h: This file was renamed to ProtectionSpaceBase.h, and

in its place added a generic ProtectionSpace class that just derives from
ProtectionSpaceBase. For Cocoa and CFNetwork, ProtectionSpace{Cocoa,CFNet}.h is included
instead of the generic class.

  • platform/network/ProtectionSpaceBase.cpp: Renamed ProtectionSpace.cpp to this.

(WebCore::ProtectionSpaceBase::ProtectionSpaceBase): Updated for rename.
(WebCore::ProtectionSpaceBase::host): Ditto.
(WebCore::ProtectionSpaceBase::port): Ditto.
(WebCore::ProtectionSpaceBase::serverType): Ditto.
(WebCore::ProtectionSpaceBase::isProxy): Ditto.
(WebCore::ProtectionSpaceBase::realm): Ditto.
(WebCore::ProtectionSpaceBase::authenticationScheme): Ditto.
(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Removed CFNetwork-specific part,
which is now implemented in ProtectionSpaceCFNet.cpp.
(WebCore::ProtectionSpaceBase::compare): Replaced operator== with this, and made it call
ProtectionSpace::platformCompare at the end if needed.

  • platform/network/ProtectionSpaceBase.h: Renamed ProtectionSpace.h to this.

(WebCore::ProtectionSpaceBase::encodingRequiresPlatformData): Added with a default
implementation that returns false, for ProtectionSpace implementations to override.
(WebCore::ProtectionSpaceBase::platformCompare): Added with a default implementation that
returns true, for ProtectionSpace implementations to override.
(WebCore::operator==): Changed to call compare.

  • platform/network/cf/AuthenticationCF.cpp:

(WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
ProtectionSpace constructor that takes a CFURLProtectionSpaceRef.
(WebCore::createCF): Changed to use ProtectionSpace::cfSpace.

  • platform/network/cf/AuthenticationCF.h: Guarded a couple of functiosn that aren’t used in

Cocoa with #if PLATFORM(WIN).

  • platform/network/cf/CredentialStorageCFNet.cpp:

(WebCore::CredentialStorage::getFromPersistentStorage): Changed to use
ProtectionSpace::cfSpace.
(WebCore::CredentialStorage::saveToPersistentStorage): Ditto.

  • platform/network/cf/ProtectionSpaceCFNet.cpp: Added.

(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Override with the
CFNetwork-specific test that was previously in ProtectionSpace.cpp.

  • platform/network/cf/ProtectionSpaceCFNet.h: Copied from Source/WebCore/platform/network/ProtectionSpace.h.

Declare ProtectionSpace and override receivesCredentialSecurely.

  • platform/network/mac/AuthenticationMac.h: Deleted the ProtectionSpace core() and mac().
  • platform/network/mac/AuthenticationMac.mm:

(WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
ProtectionSpace constructor that takes an NSURLProtectionSpace.
(WebCore::mac): Changed to use ProtectionSpace::nsSpace.

  • platform/network/mac/CredentialStorageMac.mm:

(WebCore::CredentialStorage::getFromPersistentStorage): Ditto.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::receivedCredential): Changed to use the ProtectionSpace
constructor that takes an NSURLProtectionSpace.

  • platform/network/mac/WebCoreResourceHandleAsDelegate.mm:

(-[WebCoreResourceHandleAsDelegate connection:canAuthenticateAgainstProtectionSpace:]):
Ditto.

  • platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:

(-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
Ditto.

Source/WebKit/mac: WebKit part of <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

  • Misc/WebDownload.mm:

(-[WebDownloadInternal download:didReceiveAuthenticationChallenge:]): Chanegd to use the
ProtectionSpace constructor that takes an NSURLProtectionSpace.

  • Plugins/WebBaseNetscapePluginView.mm:

(WebKit::getAuthenticationInfo): Ditto.

  • WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::canAuthenticateAgainstProtectionSpace): Changed to use
ProtectionSpace::nsSpace.

Source/WebKit2: WebKit2 part of <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

  • Shared/Cocoa/WKNSURLProtectionSpace.mm: Changed to use ProtectionSpace::nsSpace.
  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<ProtectionSpace>::encode): If encoding the space requires encoding the
platform data, do that.
(IPC::ArgumentCoder<ProtectionSpace>::decode): If platform data was encoded, decode it.

  • Shared/WebCoreArgumentCoders.h:
  • Shared/mac/WebCoreArgumentCodersMac.mm:

(IPC::ArgumentCoder<ProtectionSpace>::encodePlatformData): Archive the NSURLProtectionSpace.
(IPC::ArgumentCoder<ProtectionSpace>::decodePlatformData): Unarchive it.

  • Shared/soup/WebCoreArgumentCodersSoup.cpp:

(IPC::ArgumentCoder<ProtectionSpace>::encodePlatformData): Added.
(IPC::ArgumentCoder<ProtectionSpace>::decodePlatformData): Added.

3:42 PM Changeset in webkit [171539] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171509. <rdar://problem/17790792>

3:40 PM Changeset in webkit [171538] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171507. <rdar://problem/17738186>

3:39 PM Changeset in webkit [171537] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171506. <rdar://problem/17796052>

3:37 PM Changeset in webkit [171536] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171493. <rdar://problem/17785560>

3:34 PM Changeset in webkit [171535] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Tools

Merged r171487. <rdar://problem/17735912>

3:29 PM Changeset in webkit [171534] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171481. <rdar://problem/17713033>

3:27 PM Changeset in webkit [171533] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171478. <rdar://problem/17736503>

3:25 PM Changeset in webkit [171532] by benjamin@webkit.org
  • 10 edits in trunk/Source

[WK2] Fixed/Sticky layers can get mispositioned when the layer tree commit change their position or size
https://bugs.webkit.org/show_bug.cgi?id=135227
<rdar://problem/17279500>

Reviewed by Simon Fraser.

Source/WebCore:
Keep track of the creation/destruction of Fixed and Sticky nodes in the ScrollingTree.

  • page/scrolling/ScrollingTree.cpp:

(WebCore::ScrollingTree::ScrollingTree):

  • page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::hasFixedOrSticky):
(WebCore::ScrollingTree::fixedOrStickyNodeAdded):
(WebCore::ScrollingTree::fixedOrStickyNodeRemoved):

  • page/scrolling/mac/ScrollingTreeFixedNode.mm:

(WebCore::ScrollingTreeFixedNode::ScrollingTreeFixedNode):
(WebCore::ScrollingTreeFixedNode::~ScrollingTreeFixedNode):

  • page/scrolling/mac/ScrollingTreeStickyNode.mm:

(WebCore::ScrollingTreeStickyNode::ScrollingTreeStickyNode):
(WebCore::ScrollingTreeStickyNode::~ScrollingTreeStickyNode):

Source/WebKit2:
In some cases, a fixed or sticky positioned layer would end up at its position corresponding to the WebProcess
instead of sticking the to real viewport in the UIProcess.

The sequence of event is:
1) A layer becomes fixed in some ScrollingTree transaction.
2) Later, some change in the WebProcess causes a LayerTree update for that exact same layer, but no corresponding

ScrollingTree update is made.

3) In the UIProcess, the position of the fixed layer is changed due to the LayerTree update.

But! There is no ScrollingTree change, updateScrollingTree() never sets fixedOrStickyLayerChanged to true,
and the position is not corrected.

-> The layer is now at the wrong position until the next VisibleContentRectUpdate.

Ideally, we should have fixedOrStickyLayerChanged track if either the position or size of a fixed layer changed
in the layer tree. This is tricky since the layer tree does not keep track of the fixed nodes of the scrolling tree.

Since this complexity seems risky at this point, I went for something simpler but with more overhead:
any time the scrolling tree contains either a fixed or sticky layer, viewportChangedViaDelegatedScrolling()
is called to "fix" the position.

  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:

(WebKit::RemoteScrollingCoordinatorProxy::updateScrollingTree):
(WebKit::RemoteScrollingCoordinatorProxy::connectStateNodeLayers):

  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:

(WebKit::RemoteScrollingCoordinatorProxy::hasFixedOrSticky):

  • UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::connectStateNodeLayers):

  • UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

3:17 PM Changeset in webkit [171531] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Let WheelEvent wrap a PlatformWheelEvent
https://bugs.webkit.org/show_bug.cgi?id=135244

When WheelEvent is initialized with a PlatformWheelEvent, store that PlatformWheelEvent for future use.

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

No new tests because behavior should not have changed.

  • dom/WheelEvent.cpp: Added method to access the PlatformWheelEvent.

(WebCore::WheelEvent::WheelEvent):

  • dom/WheelEvent.h: Added field to store PlatformWheelEvent, if initialized via PlatformWheelEvent.

(WebCore::WheelEvent::wheelEvent):

3:15 PM Changeset in webkit [171530] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-537.78.1

New Tag.

3:11 PM Changeset in webkit [171529] by bshafiei@apple.com
  • 3 edits in tags/Safari-600.1.2.1/Source/WebKit2

Merged r171201. <rdar://problem/17082607>

3:11 PM Changeset in webkit [171528] by Brian Burg
  • 8 edits in trunk/Source

Web Replay: don't encode/decode primitive types that lack explicit sizes
https://bugs.webkit.org/show_bug.cgi?id=133430

Reviewed by Anders Carlsson.

Source/JavaScriptCore:
Don't support encode/decode of unsigned long, since its size is compiler-dependent.

  • replay/EncodedValue.cpp:

(JSC::EncodedValue::convertTo<unsigned long>):
(JSC::unsigned long>::encodeValue): Deleted.

  • replay/EncodedValue.h:

Source/WebCore:
Remove uses of unsigned long in encode/decode methods because the type lacks an
explicit size. Move frame index serialization away from using unsigned long.

  • replay/ReplayController.cpp:

(WebCore::logDispatchedDOMEvent): Fix the format string.

  • replay/SerializationMethods.cpp:

(WebCore::frameIndexFromDocument):
(WebCore::frameIndexFromFrame):
(WebCore::documentFromFrameIndex):
(WebCore::frameFromFrameIndex):
(JSC::EncodingTraits<PluginData>::encodeValue):
(JSC::EncodingTraits<PluginData>::decodeValue):

  • replay/SerializationMethods.h:
  • replay/WebInputs.json: Remove primitive types without explicit sizes.
3:01 PM Changeset in webkit [171527] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

JSWrapperMap's jsWrapperForObject() needs to defer GC.
<https://webkit.org/b/135258>

Reviewed by Oliver Hunt.

In the process of creating a JS wrapper, jsWrapperForObject() will create
the prototype and constructor of the corresponding ObjC class, as well as
for classes in its inheritance chain. These prototypes and constructors
are stored in Weak references in the JSObjCClassInfo objects. During all
the allocation that is being done to create all the prototypes and
constructors as well as the wrapper objects, a GC may occur thereby
collecting one or more of these newly created prototype and constructor
objects.

One example of where this problem can manifest is in wrapperForObject()
which is called from jsWrapperForObject(). In wrapperFoObject(), we do
the following steps:

  1. reallocateConstructorAndOrPrototype() which creates the prototype object and store it in JSObjCClassInfo's m_prototype which is a Weak ref.
  2. makeWrapper() to create the wrapper object, which may trigger a GC. GC will collect the prototype object and nullify the corresponding JSObjCClassInfo's m_prototype Weak ref.
  3. call JSObjectSetPrototype() to set the JSObjCClassInfo's m_prototype in the newly created wrapper. This results in the wrapper getting a jsNull as a prototype instead of the expected prototype object.

To ensure that the prototype and constructor objects are retained until
they can be referenced properly from the wrapper object,
jsWrapperForObject() should defer GC until it's done with its work.

  • API/JSWrapperMap.mm:

(-[JSWrapperMap jsWrapperForObject:]):

2:37 PM Changeset in webkit [171526] by psolanki@apple.com
  • 6 edits in trunk/Source/WebCore

Sharing SharedBuffer between WebCore and ImageIO is racy and crash prone
https://bugs.webkit.org/show_bug.cgi?id=135069
<rdar://problem/17470655>

Reviewed by Simon Fraser.

When passing image data to ImageIO for decoding, we pass an NSData subclass that is a wraper
around SharedBuffer. This can be a problem when ImageIO tries to access the data on the CA
thread. End result is data corruption on large image loads and potential crashes. The fix is
to have SharedBuffer create a copy of its data if the data has been passed to ImageIO and
might be accessed concurrently.

Since Vector is not refcounted, we do this by having a new refcounted object in SharedBuffer
that contains the buffer and we pass that in our NSData subclass WebCoreSharedBufferData.
Code that would result in the Vector memory moving e.g. append(), resize(), now checks to
see if the buffer was shared and if so, will create a new copy of the vector. This ensures
that the main thread does not end up invalidating the vector memory that we have passed it
to ImageIO.

No new tests because no functional changes.

  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::makePurgeable):

Remove early return - createPurgeableMemory() has the correct check now.

  • platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::adoptVector):
(WebCore::SharedBuffer::createPurgeableBuffer):

Don't create purgeable buffer if we are sharing the buffer.

(WebCore::SharedBuffer::append):
(WebCore::SharedBuffer::clear):
(WebCore::SharedBuffer::copy):
(WebCore::SharedBuffer::duplicateDataBufferIfNecessary): Added.

Create a new copy of the data if we have shared the buffer and if appending to it would
exceed the capacity of the vector resulting in memmove.

(WebCore::SharedBuffer::appendToInternalBuffer): Added.
(WebCore::SharedBuffer::clearInternalBuffer): Added.
(WebCore::SharedBuffer::buffer):

Create a new copy of the buffer if we have shared it.

(WebCore::SharedBuffer::getSomeData):

  • platform/SharedBuffer.h:
  • platform/cf/SharedBufferCF.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::singleDataArrayBuffer):
(WebCore::SharedBuffer::maybeAppendDataArray):

  • platform/mac/SharedBufferMac.mm:

Pass the InternalBuffer object to WebCoreSharedBufferData

(-[WebCoreSharedBufferData dealloc]):
(-[WebCoreSharedBufferData initWithSharedBufferInternalBuffer:]):
(-[WebCoreSharedBufferData length]):
(-[WebCoreSharedBufferData bytes]):
(WebCore::SharedBuffer::createNSData):

Call createCFData() instead of duplicating code.

(WebCore::SharedBuffer::createCFData):

If the data is in purgeable memory, make a copy of it since m_buffer was cleared when
creating the purgeable buffer.

(-[WebCoreSharedBufferData initWithSharedBuffer:]): Deleted.

2:12 PM Changeset in webkit [171525] by Bem Jones-Bey
  • 2 edits in trunk/Websites/webkit.org

Committers should mail webkit-committers not webkit-reviewers for reactivation
https://bugs.webkit.org/show_bug.cgi?id=135203

Reviewed by Ryosuke Niwa.

Only reviewers can send mail to webkit-reviewers. Amend the policy so that committers should
send mail to webkit-committers instead of webkit-reviewers.

  • coding/commit-review-policy.html:
2:00 PM Changeset in webkit [171524] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171395. <rdar://problem/17544620>

1:58 PM Changeset in webkit [171523] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171393. <rdar://problem/17544620>

1:56 PM Changeset in webkit [171522] by Lucas Forschler
  • 3 edits
    2 copies in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171390. <rdar://problem/17544620>

1:53 PM Changeset in webkit [171521] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171328. <rdar://problem/17544620>

1:47 PM Changeset in webkit [171520] by bshafiei@apple.com
  • 2 edits in tags/Safari-600.1.2.1/Source/WebKit2

Merged r171518. <rdar://problem/17797103>

1:18 PM Changeset in webkit [171519] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Need to explicitly support location services in webcontent profile
https://bugs.webkit.org/show_bug.cgi?id=135251
<rdar://17798346>

Reviewed by Dan Bernstein.

Switching to uikit-app means that we remove the implicit support
for location services. This makes us explicitly opt-in.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
1:13 PM Changeset in webkit [171518] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Crash at [WKContentView _applicationWillEnterForeground:] + 28
<rdar://problem/17797103>

Reviewed by Sam Weinig.

  • UIProcess/ios/WKContentView.mm:

(-[WKContentView _applicationWillEnterForeground:]):
Drawing area can be null; null check it!
It's ok if we don't hide the content in this case, because if the drawing area is null,
it doesn't have any layers in the tree anyway.

1:00 PM Changeset in webkit [171517] by bshafiei@apple.com
  • 2 edits in tags/Safari-600.1.2.1/Source/WebKit2

Merged r171509. <rdar://problem/17790792>

12:57 PM Changeset in webkit [171516] by bshafiei@apple.com
  • 2 edits in tags/Safari-600.1.2.1/Tools

Merged r171487. <rdar://problem/17735912>

12:52 PM Changeset in webkit [171515] by bshafiei@apple.com
  • 5 edits in tags/Safari-600.1.2.1/Source

Versioning.

12:49 PM Changeset in webkit [171514] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.1.2.1

New tag.

12:23 PM Changeset in webkit [171513] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

[Curl] Enable file logging.
https://bugs.webkit.org/show_bug.cgi?id=135202

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-24
Reviewed by Alex Christensen.

The Curl api offers the possibility to write log messages to file. Enable this for debugging purposes.

  • platform/network/curl/ResourceHandleManager.cpp:

(WebCore::ResourceHandleManager::ResourceHandleManager):
(WebCore::ResourceHandleManager::~ResourceHandleManager):
(WebCore::ResourceHandleManager::initializeHandle):

  • platform/network/curl/ResourceHandleManager.h:
9:20 AM Changeset in webkit [171512] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Sort WebCore.exp.in after r171252
https://bugs.webkit.org/show_bug.cgi?id=135239

Patch by Tibor Meszaros <tmeszaros.u-szeged@partner.samsung.com> on 2014-07-24
Reviewed by Csaba Osztrogonác.

  • WebCore.exp.in:
5:23 AM Changeset in webkit [171511] by mihnea@adobe.com
  • 3 edits
    2 adds in trunk

[New Multicolumn] Assertion failure when an input element has multicolumn style
https://bugs.webkit.org/show_bug.cgi?id=135234

Reviewed by Andrei Bucur.

Source/WebCore:
Restrict the assertion in RenderBlock::canComputeRegionRangeForBox
only to RenderNamedFlowThread objects since for RenderMultiColumnFlowThread
objects we can compute a range of regions during their parent block layout.

Test: fast/multicol/newmulticol/input-as-multicol.html

  • rendering/RenderBlock.cpp:

(WebCore::canComputeRegionRangeForBox):

LayoutTests:

  • fast/multicol/newmulticol/input-as-multicol-expected.txt: Added.
  • fast/multicol/newmulticol/input-as-multicol.html: Added.

Jul 23, 2014:

10:30 PM Changeset in webkit [171510] by fpizlo@apple.com
  • 25 edits
    4 adds in branches/ftlopt/Source/JavaScriptCore

Make improvements to Type Profiling
https://bugs.webkit.org/show_bug.cgi?id=134860

Patch by Saam Barati <sbarati@apple.com> on 2014-07-23
Reviewed by Filip Pizlo.

I improved the API between the inspector and JSC. We no longer send one huge
string to the inspector. We now send structured data that represents the type
information that JSC has collected. I've also created a beginning implementation
of a type lattice that allows us to resolve a display name for a type that
consists of a single word.

I created a data structure that knows which functions have executed. This
solves the bug where types inside an un-executed function will resolve
to the type of the enclosing expression of that function. This data
structure may also be useful later if the inspector chooses to create a UI
around showing which functions have executed.

Better type information is gathered for objects. StructureShape now
represents an object's prototype chain. StructureShape also collects
the constructor name for an object.

Expression ranges are now zero indexed.

Removed some extraneous methods.

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::scopeDependentProfile):

  • bytecode/CodeBlock.h:
  • bytecode/TypeLocation.h:

(JSC::TypeLocation::TypeLocation):

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset):
(JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.

  • heap/Heap.cpp:

(JSC::Heap::collect):

  • inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
(Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset): Deleted.

  • inspector/agents/InspectorRuntimeAgent.h:
  • inspector/protocol/Runtime.json:
  • runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::ProgramExecutable::initializeGlobalProperties):

  • runtime/Executable.h:

(JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset):
(JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset):

  • runtime/FunctionHasExecutedCache.cpp: Added.

(JSC::FunctionHasExecutedCache::hasExecutedAtOffset):
(JSC::FunctionHasExecutedCache::insertUnexecutedRange):
(JSC::FunctionHasExecutedCache::removeUnexecutedRange):

  • runtime/FunctionHasExecutedCache.h: Added.

(JSC::FunctionHasExecutedCache::FunctionRange::FunctionRange):
(JSC::FunctionHasExecutedCache::FunctionRange::operator==):
(JSC::FunctionHasExecutedCache::FunctionRange::hash):

  • runtime/HighFidelityLog.cpp:

(JSC::HighFidelityLog::processHighFidelityLog):
(JSC::HighFidelityLog::actuallyProcessLogThreadFunction): Deleted.

  • runtime/HighFidelityLog.h:

(JSC::HighFidelityLog::recordTypeInformationForLocation):

  • runtime/HighFidelityTypeProfiler.cpp:

(JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
(JSC::HighFidelityTypeProfiler::insertNewLocation):
(JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
(JSC::descriptorMatchesTypeLocation):
(JSC::HighFidelityTypeProfiler::findLocation):
(JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset): Deleted.
(JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset): Deleted.
(JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset): Deleted.

  • runtime/HighFidelityTypeProfiler.h:

(JSC::QueryKey::QueryKey):
(JSC::QueryKey::isHashTableDeletedValue):
(JSC::QueryKey::operator==):
(JSC::QueryKey::hash):
(JSC::QueryKeyHash::hash):
(JSC::QueryKeyHash::equal):
(JSC::HighFidelityTypeProfiler::functionHasExecutedCache):
(JSC::HighFidelityTypeProfiler::typeLocationCache):

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):

  • runtime/Structure.h:
  • runtime/TypeLocationCache.cpp: Added.

(JSC::TypeLocationCache::getTypeLocation):

  • runtime/TypeLocationCache.h: Added.

(JSC::TypeLocationCache::LocationKey::LocationKey):
(JSC::TypeLocationCache::LocationKey::operator==):
(JSC::TypeLocationCache::LocationKey::hash):

  • runtime/TypeSet.cpp:

(JSC::TypeSet::getRuntimeTypeForValue):
(JSC::TypeSet::addTypeForValue):
(JSC::TypeSet::seenTypes):
(JSC::TypeSet::doesTypeConformTo):
(JSC::TypeSet::displayName):
(JSC::TypeSet::allPrimitiveTypeNames):
(JSC::TypeSet::allStructureRepresentations):
(JSC::TypeSet::leastCommonAncestor):
(JSC::StructureShape::StructureShape):
(JSC::StructureShape::addProperty):
(JSC::StructureShape::propertyHash):
(JSC::StructureShape::leastCommonAncestor):
(JSC::StructureShape::stringRepresentation):
(JSC::StructureShape::inspectorRepresentation):
(JSC::StructureShape::leastUpperBound): Deleted.

  • runtime/TypeSet.h:

(JSC::StructureShape::setConstructorName):
(JSC::StructureShape::constructorName):
(JSC::StructureShape::setProto):

  • runtime/VM.cpp:

(JSC::VM::dumpHighFidelityProfilingTypes):
(JSC::VM::getTypesForVariableAtOffset): Deleted.
(JSC::VM::updateHighFidelityTypeProfileState): Deleted.

  • runtime/VM.h:

(JSC::VM::isProfilingTypesWithHighFidelity):
(JSC::VM::highFidelityTypeProfiler):

10:17 PM Changeset in webkit [171509] by Simon Fraser
  • 2 edits in trunk/Source/WebKit2

[iOS WK2] Some help.apple.com pages not scrollable
https://bugs.webkit.org/show_bug.cgi?id=135228
<rdar://problem/17790792>

Reviewed by Benjamin Poulain.

On pages which size their document to the device size, the WKContentView size
never changes after it's created. In this situation, we never set a bounds
on the _rootContentView, so it remains zero-sized which breaks hit testing
on all enclosed UIScrollViews for overflow:scroll.

Fix by making the _rootContentView and the _inspectorIndicationView use autosizing
so they are always the size of their parent view, and remove the explicit setting
of their bounds.

  • UIProcess/ios/WKContentView.mm:

(-[WKContentView initWithFrame:context:configuration:webView:]):
(-[WKContentView setShowingInspectorIndication:]):
(-[WKContentView _didCommitLayerTree:]):

10:16 PM Changeset in webkit [171508] by fpizlo@apple.com
  • 2 edits in branches/ftlopt/Source/JavaScriptCore

Fix debug build.

  • bytecode/CallLinkStatus.h:

(JSC::CallLinkStatus::CallLinkStatus):

10:02 PM Changeset in webkit [171507] by benjamin@webkit.org
  • 2 edits in trunk/Source/WebKit2

[iOS][WK2] r171124 is incorrect when the virtual keyboard is up
https://bugs.webkit.org/show_bug.cgi?id=135187

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-23
Reviewed by Simon Fraser.

Unfortunately, restricting the input into the document rect does not work.
When the keyboard is up, the keyboard bounds can overlap the WKWebView, and
the valid range should account for that.

Instead of playing with the keyboard rect, we can limit the scroll position
inside the valid range of UIScrollView. The keyboard always adjusts the UIScrollView
range as needed to give access to the content. Using that range is a bit more permissive
because the page could scroll to reveal content in the content inset defined by the client
of the API (this could actually be quite useful for hybrid apps).

There was already a function to change the content offset in the valid scrollview
range: changeContentOffsetBoundedInValidRange(), I extracted the range check
to contentOffsetBoundedInValidRange() for the needs of -[WKWebView _scrollToContentOffset:].

So...contentOffsetBoundedInValidRange() is cool, but it is not in the right coordinate
system. The scroll position we get from the WebProcess is in document coordinates, while
contentOffsetBoundedInValidRange() works with the UIScrollView coordinates.
To fix that, we scale the input position to get to the same scale as UIScrollView, then
apply the insets with the weirdly named [WKWebView _adjustedContentOffset:].

  • UIProcess/API/Cocoa/WKWebView.mm:

(contentOffsetBoundedInValidRange):
(changeContentOffsetBoundedInValidRange):
(-[WKWebView _scrollToContentOffset:]):

9:38 PM Changeset in webkit [171506] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Transparent fullscreen background when video is not present.
https://bugs.webkit.org/show_bug.cgi?id=135226

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-07-23
Reviewed by Simon Fraser.

Set background to black just before beginning the animation to fullscreen.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::enterFullscreen): set background color black.

7:39 PM Changeset in webkit [171505] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

ScriptController::updateDocument ASSERT mutating map while iterating map
https://bugs.webkit.org/show_bug.cgi?id=135211

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2014-07-23
Reviewed by Oliver Hunt.

Avoid iterating over m_windowShells in more places. This prevents
the possibility of a collection during JSC allocation which might
cause a mutation to m_windowShells (HTMLMediaElement destruction).

Have ScriptController defriend ScriptCachedFrameData by providing
a getter for the list of window shells.

  • bindings/js/ScriptCachedFrameData.cpp:

(WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
(WebCore::ScriptCachedFrameData::restore):

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::windowShells):
(WebCore::ScriptController::clearWindowShell):
(WebCore::ScriptController::attachDebugger):
(WebCore::ScriptController::updateDocument):

  • bindings/js/ScriptController.h:
6:13 PM Changeset in webkit [171504] by commit-queue@webkit.org
  • 8 edits in trunk/Source

Unreviewed, rolling out r171498.
https://bugs.webkit.org/show_bug.cgi?id=135223

It will regress some scroll position restoration on navigation
(r167916). (Requested by smfr on #webkit).

Reverted changeset:

"[iOS WK2] Header bar on nytimes articles lands in the wrong
place after rubberbanding"
https://bugs.webkit.org/show_bug.cgi?id=135221
http://trac.webkit.org/changeset/171498

6:00 PM Changeset in webkit [171503] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171474. <rdar://problem/17041912>

5:57 PM Changeset in webkit [171502] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171490. <rdar://problem/17739108>

5:54 PM Changeset in webkit [171501] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171499. <rdar://problem/17783423>

5:52 PM Changeset in webkit [171500] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.2/Source/WebCore

Merge r171499. <rdar://problem/17783423>

5:24 PM Changeset in webkit [171499] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r171376): Sometimes we detect less than the whole phone number
https://bugs.webkit.org/show_bug.cgi?id=135220
<rdar://problem/17783423>

Reviewed by Brady Eidson.

  • editing/Editor.cpp:

(WebCore::Editor::scanSelectionForTelephoneNumbers):
Use the visible selection's start and end instead of base and extent, because they'll
always be in the right order in the case of a directional selection (base can be *after* extent
if you select from right to left). This fixes the code that expands the selection.

Pass the *entire* expanded selection to DataDetectors, instead of using TextIterator.
This way, we will find each number only once, and will never get part of a phone number once
and then the whole phone number later.

5:23 PM Changeset in webkit [171498] by Simon Fraser
  • 8 edits in trunk/Source

[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
https://bugs.webkit.org/show_bug.cgi?id=135221

Reviewed by Tim Horton.

Source/WebCore:

Add a function on GraphicsLayer to force a flush of the layer position
to the underlying graphics system, so that when layers cease being
scroll-coordinated, we can ensure that their layers are repositioned
in the correct location.

  • WebCore.exp.in:
  • platform/graphics/GraphicsLayer.h:

(WebCore::GraphicsLayer::forcePositionUpdate):

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::forcePositionUpdate):

  • platform/graphics/ca/GraphicsLayerCA.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):

Source/WebKit2:

The call to didCommitLayerTree() can cause one or two visible rect updates,
via changes to the UIScrollView contentSize and contentOffset. As a result, we
would notify the scrolling tree about a viewport change, but using the old
scrolling tree rather than the new one, so we could move layers around for
nodes which are about to be removed from the tree.

Fix by m_webPageProxy->didCommitLayerTree() after the scrolling tree has been
committed.

  • UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

5:08 PM Changeset in webkit [171497] by psolanki@apple.com
  • 5 edits in trunk/Source/WebCore

Get rid of SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator
https://bugs.webkit.org/show_bug.cgi?id=135219

Reviewed by Anders Carlsson.

No new tests because no functional changes.

  • loader/ResourceBuffer.h:
  • loader/mac/ResourceBuffer.mm:

(WebCore::ResourceBuffer::createNSData):

  • platform/SharedBuffer.h:

(WebCore::SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator::NSDataRetainPtrWithoutImplicitConversionOperator): Deleted.

  • platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createNSData):

4:20 PM Changeset in webkit [171496] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Build fix after r171361.

  • public/js/helper-classes.js:

(.this.formattedBuildTime):

4:06 PM Changeset in webkit [171495] by fpizlo@apple.com
  • 18 edits
    2 adds in branches/ftlopt/Source/JavaScriptCore

[ftlopt] Phantoms in SSA form should be aggressively hoisted
https://bugs.webkit.org/show_bug.cgi?id=135111

Reviewed by Oliver Hunt.

In CPS form, Phantom means three things: (1) that the children should be kept alive so long
as they are relevant to OSR (due to a MovHint), (2) that the children are live-in-bytecode
at the point of the Phantom, and (3) that some checks should be performed. In SSA, the
second meaning is not used but the other two stay.

The fact that a Phantom that is used to keep a node alive could be anywhere in the graph,
even in a totally different basic block, complicates some SSA transformations. It's not
possible to just jettison some successor, since tha successor could have a Phantom that we
care about.

This change rationalizes how Phantoms work so that:

1) Phantoms keep children alive so long as those children are relevant to OSR. This is true

in both CPS and SSA. This was true before and it's true now.


2) Phantoms are used for live-in-bytecode only in CPS. This was true before and it's true

now, except that now we also don't bother preserving the live-in-bytecode information
that Phantoms convey, when we are in SSA.


3) Phantoms may incidentally have checks, but in cases where we only want checks, we now

use Check instead of Phantom. Notably, DCE phase has dead nodes decay to Check, not
Phantom.


The biggest part of this change is that in SSA, we canonicalize Phantoms:

  • All Phantoms are replaced with Check nodes that include only those edges that have checks.


  • Nodes that were the children of any Phantoms have a Phantom right after them.


For example, the following code:

5: ArithAdd(@1, @2)
6: ArithSub(@5, @3)
7: Phantom(Int32:@5)


would be turned into the following:

5: ArithAdd(@1, @2)
8: Phantom(@5) @5 was the child of a Phantom, so we create a new Phantom right after

@5. This is the only Phantom we will have for @5.

6: ArithSub(@5, @3)
7: Check(Int32:@5) We replace the Phantom with a Check; in this case since Int32: is

a checking edge, we leave it.


This is a slight speed-up across the board, presumably because we now do a better job of
reducing the size of the graph during compilation. It could also be a fluke, though. The
main purpose of this is to unlock some other work (like CFG simplification in SSA). It will
become a requirement to run phantom canonicalization prior to some SSA phases. None of the
current phases need it, but future phases probably will.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGDCEPhase.cpp:

(JSC::DFG::DCEPhase::run):
(JSC::DFG::DCEPhase::findTypeCheckRoot):
(JSC::DFG::DCEPhase::countEdge):
(JSC::DFG::DCEPhase::fixupBlock):
(JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):

  • dfg/DFGEdge.cpp:

(JSC::DFG::Edge::dump):

  • dfg/DFGEdge.h:

(JSC::DFG::Edge::isProved):
(JSC::DFG::Edge::needsCheck): Deleted.

  • dfg/DFGNodeFlags.h:
  • dfg/DFGPhantomCanonicalizationPhase.cpp: Added.

(JSC::DFG::PhantomCanonicalizationPhase::PhantomCanonicalizationPhase):
(JSC::DFG::PhantomCanonicalizationPhase::run):
(JSC::DFG::performPhantomCanonicalization):

  • dfg/DFGPhantomCanonicalizationPhase.h: Added.
  • dfg/DFGPhantomRemovalPhase.cpp:

(JSC::DFG::PhantomRemovalPhase::run):

  • dfg/DFGPhantomRemovalPhase.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::lowJSValue):
(JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):

3:55 PM Changeset in webkit [171494] by Alan Bujtas
  • 3 edits in trunk/Source/WebCore

Subpixel rendering: Cleanup RenderLayerCompositor::deviceScaleFactor()
https://bugs.webkit.org/show_bug.cgi?id=135208

Reviewed by Simon Fraser.

Use m_renderView.document() to retrieve device scale factor value. m_renderView.document()
is always available while this->page() is not.

No change in behavior.

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateTransform):
(WebCore::RenderLayerBacking::computeTransformOriginForPainting):

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::deviceScaleFactor):

3:03 PM Changeset in webkit [171493] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Add a pseudo target to create sandbox override roots
https://bugs.webkit.org/show_bug.cgi?id=135216
<rdar://17785560>

Reviewed by Alexey Proskuryakov.

Just a duplicate of the standard ios sandbox target, targetting
the profile overrides directory. This means we can make roots
that "Just Work".

  • WebKit2.xcodeproj/project.pbxproj:
2:56 PM Changeset in webkit [171492] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[WinCairo] Gstreamer rendering is not working.
https://bugs.webkit.org/show_bug.cgi?id=135201

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-23
Reviewed by Alex Christensen.

WinCairo does not support accelerated rendering yet.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

(WebCore::MediaPlayerPrivateGStreamerBase::supportsAcceleratedRendering):

2:51 PM Changeset in webkit [171491] by Lucas Forschler
  • 2 edits in tags/Safari-600.1.2/Source/WebKit2

Merged r171490. <rdar://problem/17739108>

2:43 PM Changeset in webkit [171490] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Incorrect commit for sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=135214
<rdar://17739108>

Reviewed by Anders Carlsson.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
2:16 PM Changeset in webkit [171489] by Brian Burg
  • 7 edits in trunk

Web Inspector: InspectorBackend's promise-based agent API does not support multiple return values
https://bugs.webkit.org/show_bug.cgi?id=135207

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:
The promise wrapper implementation assumed that the protocol callback supplies a single 'payload'
return value, but InspectorBackend will actually unpack multiple return values as multiple
callback arguments. Set a special flag so it will not try to apply multiple return values.

It would read better if multiple return values could be spread to the resolve callback, but
multiple argument support are not required by the Promises specification, so we won't use them.

  • UserInterface/Controllers/ReplayManager.js: Fix uses of promise return values.

(WebInspector.ReplayManager):

  • UserInterface/Models/ReplaySession.js:
  • UserInterface/Models/ReplaySessionSegment.js:

(WebInspector.ReplaySessionSegment):

  • UserInterface/Protocol/InspectorBackend.js:

(InspectorBackend.Command.prototype.promise):

LayoutTests:

  • http/tests/inspector/replay/replay-test.js: fix uses of promise API return values.
1:59 PM Changeset in webkit [171488] by commit-queue@webkit.org
  • 9 edits
    2 deletes in trunk

Unreviewed, rolling out r171455.
https://bugs.webkit.org/show_bug.cgi?id=135209

completely broke selection highlight invalidation (Requested
by thorton on #webkit).

Reverted changeset:

"REGRESSION (r169105): Crash in selection"
https://bugs.webkit.org/show_bug.cgi?id=134303
http://trac.webkit.org/changeset/171455

1:34 PM Changeset in webkit [171487] by Joseph Pecoraro
  • 2 edits in trunk/Tools

Unreviewed iOS build fix after r171355.

  • TestWebKitAPI/Configurations/Base.xcconfig:

Since all the Tests/WebKit2Cocoa tests are already explicitly skipped on iOS,
simplify to skipping all the tests in the directory. PlatformUtilities are not
building on iOS, which means we are missing necessary Util functions.

1:19 PM Changeset in webkit [171486] by achristensen@apple.com
  • 4 edits in trunk/Source/WebCore

Compile window-inactive and fullscreen pseudoclasses in css selectors.
https://bugs.webkit.org/show_bug.cgi?id=135200

Reviewed by Benjamin Poulain.

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne):
Removed the check of context.hasSelectionPseudo for a window-inactive pseudoclass.
Moved logic to SelectorCheckerTestFunctions.h to share with the selector compiler.

  • css/SelectorCheckerTestFunctions.h:

(WebCore::isWindowInactive):
(WebCore::matchesFullScreenAnimatingFullScreenTransitionPseudoClass):
(WebCore::matchesFullScreenAncestorPseudoClass):
(WebCore::matchesFullScreenDocumentPseudoClass):
Added from SelectorChecker.cpp.

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::addPseudoClassType):
Added unoptimized pseudoclass cases for window-inactive and fullscreen pseudoclasses.
Explicitly listed uncompiled pseudoclasses for future work instead of using a default.

1:18 PM Changeset in webkit [171485] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

<rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
https://bugs.webkit.org/show_bug.cgi?id=135206

Reviewed by Anders Carlsson.

  • Shared/cf/ArgumentCodersCF.cpp:

(IPC::copyPersistentRef): Added this helper function. It differs from
SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
ensures that we get a reference to the copy that is in the keychain access group that the
Networking process can use.
(IPC::encode): Use copyPersistentRef.

12:49 PM Changeset in webkit [171484] by Lucas Forschler
  • 2 edits in tags/Safari-600.1.2/Source/JavaScriptCore

Merged r171474. <rdar://problem/17041912>

11:39 AM Changeset in webkit [171483] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

Build fix after r171482.

Rubberstamped by Joe Pecoraro.

  • runtime/Identifier.h: Make header declarations match

implementation file.

11:18 AM Changeset in webkit [171482] by Brent Fulgham
  • 8 edits in trunk/Source

../JavaScriptCore: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows
https://bugs.webkit.org/show_bug.cgi?id=135199

Reviewed by Mark Lam.

  • jsc.cpp:

(WTF::RuntimeArray::deleteProperty): Stop using ugly
compiler work-around on Windows; use NO_RETURN_DUE_TO_CRASH
codepath instead.

  • runtime/Identifier.h: Add NO_RETURN_DUE_TO_CRASH

to header so function declaration matches implementation.

../WebCore: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows.
https://bugs.webkit.org/show_bug.cgi?id=13519

Reviewed by Mark Lam.

  • svg/SVGZoomAndPan.h: Add NO_RETURN_DUE_TO_CRASH to

header so function declarations match implementation.

../WTF: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows.
https://bugs.webkit.org/show_bug.cgi?id=13519

Reviewed by Mark Lam.

  • wtf/Assertions.h: Add MSVC to list of compilers supporting this macro.
  • wtf/FastMalloc.cpp: Correct function declaration for NO_RETURN_DUE_TO_CRASH.
10:57 AM Changeset in webkit [171481] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

JSDOMWindowShell leaks on pages with media elements
https://bugs.webkit.org/show_bug.cgi?id=135178

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2014-07-23
Reviewed by Oliver Hunt.

The DOMWindowWorld for HTMLMediaElements with MEDIA_CONTROLS_SCRIPT
was not getting cleared and removed.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::clearWindowShell):
Iterate over a copy of the values. A sweep / garbage collection caused by
any JSC allocation during iteration could trigger a mutation of the m_windowShells
table that was being iterating. So instead iterate a list that won't mutate.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::~HTMLMediaElement):
If we had an isolated world, release as much memory as possible.

10:56 AM Changeset in webkit [171480] by Bem Jones-Bey
  • 4 edits
    8 adds in trunk

Ensure we compute the min and max height of replaced elements to 'none' or 0 when appropriate.
https://bugs.webkit.org/show_bug.cgi?id=135181

Reviewed by David Hyatt.

Source/WebCore:
If a replaced element has a percentage min or max height specified then that height value should
compute to 'none' for max-height and 0 for min-height when its containing block
does not have a height 'specified explicitly'.

This is based on a Blink patch by Robert Hogan.

Tests: css2.1/20110323/max-height-percentage-003.html

fast/replaced/max-height-percentage-quirks.html
fast/replaced/min-height-percentage-quirks.html
fast/replaced/min-height-percentage.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::logicalHeightComputesAsNone):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):

  • rendering/RenderBox.h:

LayoutTests:

  • css2.1/20110323/max-height-percentage-003-expected.html: Added.
  • css2.1/20110323/max-height-percentage-003.html: Added.
  • fast/replaced/max-height-percentage-quirks-expected.html: Added.
  • fast/replaced/max-height-percentage-quirks.html: Added.
  • fast/replaced/min-height-percentage-expected.html: Added.
  • fast/replaced/min-height-percentage-quirks-expected.html: Added.
  • fast/replaced/min-height-percentage-quirks.html: Added.
  • fast/replaced/min-height-percentage.html: Added.
10:35 AM Changeset in webkit [171479] by Bem Jones-Bey
  • 19 edits in trunk

Remove CSS_EXCLUSIONS compile flag and leftover code
https://bugs.webkit.org/show_bug.cgi?id=135175

Reviewed by Zoltan Horvath.

At this point, the CSS_EXCLUSIONS flag guards nothing but some useless
stubs. This removes the flag and the useless code.

.:

  • Source/cmake/WebKitFeatures.cmake:
  • Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:
No new tests, just removing code.

  • Configurations/FeatureDefines.xcconfig:
  • bindings/generic/RuntimeEnabledFeatures.cpp:

(WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):

  • bindings/generic/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::setCSSExclusionsEnabled): Deleted.
(WebCore::RuntimeEnabledFeatures::cssExclusionsEnabled): Deleted.

  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setCSSExclusionsEnabled): Deleted.

  • testing/InternalSettings.h:
  • testing/InternalSettings.idl:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

WebKitLibraries:

  • win/tools/vsprops/FeatureDefines.props:
  • win/tools/vsprops/FeatureDefinesCairo.props:
9:20 AM Changeset in webkit [171478] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE][Mac] Support abort() in SourceBufferPrivateAVFObjC.
https://bugs.webkit.org/show_bug.cgi?id=135163

Reviewed by Brent Fulgham.

Recreate the parser when asked to abort().

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::abort):

7:57 AM Changeset in webkit [171477] by mmaxfield@apple.com
  • 30 edits in trunk/Source/WebCore

Migrate accessibility/ to using nullptr instead of 0
https://bugs.webkit.org/show_bug.cgi?id=135185

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::focusedImageMapUIElement):
(WebCore::AXObjectCache::focusedUIElementForPage):
(WebCore::AXObjectCache::get):
(WebCore::AXObjectCache::getOrCreate):
(WebCore::AXObjectCache::rootObject):
(WebCore::AXObjectCache::rootObjectForFrame):

  • accessibility/AXObjectCache.h:

(WebCore::AXObjectCache::focusedUIElementForPage):
(WebCore::AXObjectCache::get):
(WebCore::AXObjectCache::getOrCreate):
(WebCore::AXObjectCache::rootObject):
(WebCore::AXObjectCache::rootObjectForFrame):
(WebCore::AXObjectCache::rootAXEditableElement):

  • accessibility/AccessibilityARIAGridRow.cpp:

(WebCore::AccessibilityARIAGridRow::disclosedByRow):

  • accessibility/AccessibilityImageMapLink.cpp:

(WebCore::AccessibilityImageMapLink::AccessibilityImageMapLink):
(WebCore::AccessibilityImageMapLink::parentObject):

  • accessibility/AccessibilityListBox.cpp:

(WebCore::AccessibilityListBox::listBoxOptionAccessibilityObject):
(WebCore::AccessibilityListBox::elementAccessibilityHitTest):

  • accessibility/AccessibilityListBoxOption.cpp:

(WebCore::AccessibilityListBoxOption::AccessibilityListBoxOption):
(WebCore::AccessibilityListBoxOption::parentObject):
(WebCore::AccessibilityListBoxOption::listBoxOptionParentNode):

  • accessibility/AccessibilityMenuListPopup.cpp:

(WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject):

  • accessibility/AccessibilityMockObject.cpp:

(WebCore::AccessibilityMockObject::AccessibilityMockObject):

  • accessibility/AccessibilityMockObject.h:
  • accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::detach):
(WebCore::AccessibilityNodeObject::firstChild):
(WebCore::AccessibilityNodeObject::lastChild):
(WebCore::AccessibilityNodeObject::previousSibling):
(WebCore::AccessibilityNodeObject::nextSibling):
(WebCore::AccessibilityNodeObject::parentObject):
(WebCore::AccessibilityNodeObject::document):
(WebCore::AccessibilityNodeObject::anchorElement):
(WebCore::nativeActionElement):
(WebCore::AccessibilityNodeObject::actionElement):
(WebCore::AccessibilityNodeObject::mouseButtonListener):
(WebCore::AccessibilityNodeObject::labelForElement):
(WebCore::AccessibilityNodeObject::menuItemElementForMenu):
(WebCore::AccessibilityNodeObject::menuButtonForMenu):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::AccessibilityObject):
(WebCore::AccessibilityObject::detach):
(WebCore::AccessibilityObject::firstAccessibleObjectFromNode):
(WebCore::AccessibilityObject::findMatchingObjects):
(WebCore::renderListItemContainerForNode):
(WebCore::AccessibilityObject::accessibilityObjectForPosition):
(WebCore::AccessibilityObject::document):
(WebCore::AccessibilityObject::page):
(WebCore::AccessibilityObject::documentFrameView):
(WebCore::AccessibilityObject::anchorElementForNode):
(WebCore::AccessibilityObject::headingElementForNode):
(WebCore::AccessibilityObject::firstAnonymousBlockChild):
(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::focusedUIElement):
(WebCore::AccessibilityObject::scrollToMakeVisibleWithSubFocus):

  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::node):
(WebCore::AccessibilityObject::renderer):
(WebCore::AccessibilityObject::selectedRadioButton):
(WebCore::AccessibilityObject::selectedTabItem):
(WebCore::AccessibilityObject::accessibilityHitTest):
(WebCore::AccessibilityObject::firstChild):
(WebCore::AccessibilityObject::lastChild):
(WebCore::AccessibilityObject::previousSibling):
(WebCore::AccessibilityObject::nextSibling):
(WebCore::AccessibilityObject::parentObjectIfExists):
(WebCore::AccessibilityObject::observableObject):
(WebCore::AccessibilityObject::titleUIElement):
(WebCore::AccessibilityObject::correspondingLabelForControlElement):
(WebCore::AccessibilityObject::correspondingControlForLabelElement):
(WebCore::AccessibilityObject::scrollBar):
(WebCore::AccessibilityObject::anchorElement):
(WebCore::AccessibilityObject::actionElement):
(WebCore::AccessibilityObject::widget):
(WebCore::AccessibilityObject::widgetForAttachmentView):
(WebCore::AccessibilityObject::activeDescendant):
(WebCore::AccessibilityObject::mathRadicandObject):
(WebCore::AccessibilityObject::mathRootIndexObject):
(WebCore::AccessibilityObject::mathUnderObject):
(WebCore::AccessibilityObject::mathOverObject):
(WebCore::AccessibilityObject::mathNumeratorObject):
(WebCore::AccessibilityObject::mathDenominatorObject):
(WebCore::AccessibilityObject::mathBaseObject):
(WebCore::AccessibilityObject::mathSubscriptObject):
(WebCore::AccessibilityObject::mathSuperscriptObject):
(WebCore::AccessibilityObject::getScrollableAreaIfScrollable):

  • accessibility/AccessibilityProgressIndicator.cpp:

(WebCore::AccessibilityProgressIndicator::progressElement):
(WebCore::AccessibilityProgressIndicator::meterElement):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::detach):
(WebCore::AccessibilityRenderObject::renderBoxModelObject):
(WebCore::AccessibilityRenderObject::firstChild):
(WebCore::AccessibilityRenderObject::lastChild):
(WebCore::startOfContinuations):
(WebCore::childBeforeConsideringContinuations):
(WebCore::AccessibilityRenderObject::previousSibling):
(WebCore::AccessibilityRenderObject::nextSibling):
(WebCore::nextContinuation):
(WebCore::AccessibilityRenderObject::renderParentObject):
(WebCore::AccessibilityRenderObject::parentObject):
(WebCore::AccessibilityRenderObject::anchorElement):
(WebCore::AccessibilityRenderObject::textUnderElement):
(WebCore::AccessibilityRenderObject::node):
(WebCore::AccessibilityRenderObject::labelElementContainer):
(WebCore::AccessibilityRenderObject::internalLinkElement):
(WebCore::AccessibilityRenderObject::titleUIElement):
(WebCore::AccessibilityRenderObject::setFocused):
(WebCore::AccessibilityRenderObject::topRenderer):
(WebCore::AccessibilityRenderObject::document):
(WebCore::AccessibilityRenderObject::widget):
(WebCore::AccessibilityRenderObject::accessibilityParentForImageMap):
(WebCore::AccessibilityRenderObject::documentFrameView):
(WebCore::AccessibilityRenderObject::widgetForAttachmentView):
(WebCore::AccessibilityRenderObject::rootEditableElementForPosition):
(WebCore::AccessibilityRenderObject::visiblePositionForPoint):
(WebCore::AccessibilityRenderObject::accessibilityImageMapHitTest):
(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::accessibilityHitTest):
(WebCore::AccessibilityRenderObject::correspondingControlForLabelElement):
(WebCore::AccessibilityRenderObject::correspondingLabelForControlElement):
(WebCore::AccessibilityRenderObject::observableObject):
(WebCore::AccessibilityRenderObject::inheritsPresentationalRole):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::addHiddenChildren):
(WebCore::AccessibilityRenderObject::setAccessibleName):
(WebCore::AccessibilityRenderObject::getScrollableAreaIfScrollable):
(WebCore::AccessibilityRenderObject::mathRadicandObject):
(WebCore::AccessibilityRenderObject::mathRootIndexObject):
(WebCore::AccessibilityRenderObject::mathNumeratorObject):
(WebCore::AccessibilityRenderObject::mathDenominatorObject):
(WebCore::AccessibilityRenderObject::mathUnderObject):
(WebCore::AccessibilityRenderObject::mathOverObject):
(WebCore::AccessibilityRenderObject::mathBaseObject):
(WebCore::AccessibilityRenderObject::mathSubscriptObject):
(WebCore::AccessibilityRenderObject::mathSuperscriptObject):

  • accessibility/AccessibilitySVGRoot.cpp:

(WebCore::AccessibilitySVGRoot::AccessibilitySVGRoot):

  • accessibility/AccessibilityScrollView.cpp:

(WebCore::AccessibilityScrollView::detach):
(WebCore::AccessibilityScrollView::scrollBar):
(WebCore::AccessibilityScrollView::updateScrollbars):
(WebCore::AccessibilityScrollView::addChildScrollbar):
(WebCore::AccessibilityScrollView::clearChildren):
(WebCore::AccessibilityScrollView::webAreaObject):
(WebCore::AccessibilityScrollView::accessibilityHitTest):
(WebCore::AccessibilityScrollView::documentFrameView):
(WebCore::AccessibilityScrollView::parentObject):
(WebCore::AccessibilityScrollView::parentObjectIfExists):

  • accessibility/AccessibilityScrollbar.cpp:

(WebCore::AccessibilityScrollbar::document):

  • accessibility/AccessibilitySpinButton.cpp:

(WebCore::AccessibilitySpinButton::AccessibilitySpinButton):

  • accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::AccessibilityTable):
(WebCore::AccessibilityTable::clearChildren):
(WebCore::AccessibilityTable::cellForColumnAndRow):

  • accessibility/AccessibilityTableCell.cpp:

(WebCore::AccessibilityTableCell::parentTable):
(WebCore::AccessibilityTableCell::titleUIElement):

  • accessibility/AccessibilityTableColumn.cpp:

(WebCore::AccessibilityTableColumn::headerObject):
(WebCore::AccessibilityTableColumn::headerObjectForSection):

  • accessibility/AccessibilityTableRow.cpp:

(WebCore::AccessibilityTableRow::parentTable):
(WebCore::AccessibilityTableRow::headerObject):

  • accessibility/ios/AXObjectCacheIOS.mm:

(WebCore::AXObjectCache::detachWrapper):

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper detach]):
(-[WebAccessibilityObjectWrapper tableCellParent]):
(-[WebAccessibilityObjectWrapper tableParent]):
(-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
(-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):
(rendererForView):
(-[WebAccessibilityObjectWrapper _convertToDOMRange:]):

  • accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::detachWrapper):

  • accessibility/mac/AccessibilityObjectMac.mm:

(WebCore::AccessibilityObject::detachFromParent):
(WebCore::AccessibilityObject::accessibilityIgnoreAttachment):

  • accessibility/mac/WebAccessibilityObjectWrapperBase.mm:

(-[WebAccessibilityObjectWrapperBase detach]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(CreateCGColorIfDifferent):
(-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
(rendererForView):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

  • accessibility/win/AccessibilityObjectWrapperWin.h:

(WebCore::AccessibilityObjectWrapper::AccessibilityObjectWrapper):

5:12 AM Changeset in webkit [171476] by mihnea@adobe.com
  • 3 edits
    2 adds in trunk

ASSERTION FAILED: generatingElement() in WebCore::RenderNamedFlowFragment::regionOversetState
https://bugs.webkit.org/show_bug.cgi?id=135153

Reviewed by David Hyatt.

Source/WebCore:
Even though the CSSRegions spec defines the behaviour of a multicolumn region,
we currently do not support this functionality. This patch ensures that a multicolumn
element does not become a region. In the future, when we will implement the multicolumn
as region functionality, http://dev.w3.org/csswg/css-regions/#multi-column-regions, we
will remove this restriction.

Test: fast/regions/multicol-as-region-prevented.html

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::createRenderNamedFlowFragmentIfNeeded):

LayoutTests:

  • fast/regions/multicol-as-region-prevented-expected.html: Added.
  • fast/regions/multicol-as-region-prevented.html: Added.
4:30 AM Changeset in webkit [171475] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

[CMake] Avoid building WebCore with ANGLE's OpenGL/EGL headers
https://bugs.webkit.org/show_bug.cgi?id=135167

Reviewed by Martin Robinson.

  • CMakeLists.txt: Don't add ANGLE/include to the WebCore_INCLUDE_DIRECTORIES list

as this results in ANGLE's OpenGL and EGL headers being included, instead of the
headers that are provided by the system. Only the ANGLESupport library should be built
with that specific header inclusion path.

3:31 AM Changeset in webkit [171474] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r171367.
https://bugs.webkit.org/show_bug.cgi?id=135192

broke three API tests (Requested by thorton on #webkit).

Reverted changeset:

"JSLock release should only modify the AtomicStringTable if it
modified in acquire"
https://bugs.webkit.org/show_bug.cgi?id=135143
http://trac.webkit.org/changeset/171367

3:27 AM Changeset in webkit [171473] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source

Versioning.

3:25 AM Changeset in webkit [171472] by Lucas Forschler
  • 1 copy in tags/Safari-600.1.2

New Tag.

3:24 AM Changeset in webkit [171471] by timothy_horton@apple.com
  • 7 edits in trunk/Source/WebKit2

REGRESSION (r171239): Much more time spent taking snapshots during the PLT
https://bugs.webkit.org/show_bug.cgi?id=135177
<rdar://problem/17764847>

Reviewed by Dan Bernstein.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPageProxy::willChangeCurrentHistoryItem): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::willChangeCurrentHistoryItem):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPage::willChangeCurrentHistoryItem): Deleted.

  • WebProcess/WebPage/WebPage.h:

Rename WillChangeCurrentHistoryItem to WillChangeCurrentHistoryItemForMainFrame.
Only send it when the current history item for the main frame changes.

2:59 AM Changeset in webkit [171470] by Michał Pakuła vel Rutka
  • 2 edits in trunk/Tools

[EFL] Fix build after r171454
https://bugs.webkit.org/show_bug.cgi?id=135191

Reviewed by Csaba Osztrogonác.

  • MiniBrowser/efl/CMakeLists.txt: Add path to new EWebKit2.h location .
1:47 AM Changeset in webkit [171469] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171384. <rdar://problem/17739108>

1:44 AM Changeset in webkit [171468] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit/win

Merged r171403. <rdar://problem/16721055>

1:42 AM Changeset in webkit [171467] by Lucas Forschler
  • 24 edits in branches/safari-600.1-branch/Source

Merged r171370. <rdar://problem/16721055>

1:36 AM Changeset in webkit [171466] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171368. <rdar://problem/17740149>

1:32 AM Changeset in webkit [171465] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171367. <rdar://problem/17041912>

1:29 AM Changeset in webkit [171464] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171363. <rdar://problem/17755931>

1:26 AM Changeset in webkit [171463] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171373. <rdar://problem/17654369>

1:23 AM Changeset in webkit [171462] by Lucas Forschler
  • 9 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171356. <rdar://problem/17654369>

1:20 AM Changeset in webkit [171461] by Lucas Forschler
  • 7 edits
    1 copy in branches/safari-600.1-branch

Merged r171355. <rdar://problem/17735912>

1:10 AM Changeset in webkit [171460] by Lucas Forschler
  • 2 edits
    1 copy in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171354. <rdar://problem/17763909>

1:07 AM Changeset in webkit [171459] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171353. <rdar://problem/17770227>

1:03 AM Changeset in webkit [171458] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171352. <rdar://problem/17754921>

12:58 AM Changeset in webkit [171457] by Lucas Forschler
  • 3 edits
    2 copies in branches/safari-600.1-branch

Merged r171347. <rdar://problem/16826229>

12:54 AM Changeset in webkit [171456] by Lucas Forschler
  • 11 edits in branches/safari-600.1-branch/Source

Merged r171345. <rdar://problem/17001716>

12:52 AM Changeset in webkit [171455] by abucur@adobe.com
  • 9 edits
    2 adds in trunk

REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Reviewed by David Hyatt.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Also, the selectionStart/End members in RenderView have been renamed to fix problems caused by the fact that
RenderView inherits SelectionSubtreeRoot, which also has the same selectionStart/End members.

Test: fast/regions/selection/crash-deselect.html

  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::isSelectionRoot):

  • rendering/RenderSelectionInfo.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):
(WebCore::RenderView::setSelection): Renamed m_selectionStart/End to m_unsplitSelectionStart/End
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::getSelection): Renamed m_selectionStart/End to m_unsplitSelectionStart/End
(WebCore::RenderView::setSubtreeSelection): Deleted.

  • rendering/RenderView.h:
  • rendering/SelectionSubtreeRoot.cpp:

(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):

  • rendering/SelectionSubtreeRoot.h:

(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

  • fast/regions/selection/crash-deselect-expected.txt: Added.
  • fast/regions/selection/crash-deselect.html: Added.
12:21 AM Changeset in webkit [171454] by ryuan.choi@samsung.com
  • 2 edits
    1 move in trunk/Source/WebKit2

[EFL] EWebKit2.h should contain version information
https://bugs.webkit.org/show_bug.cgi?id=135189

Reviewed by Gyuyoung Kim.

Generate EWebKit2.h to contain the version information.

  • PlatformEfl.cmake:
  • UIProcess/API/efl/EWebKit2.h.in: Renamed from Source/WebKit2/UIProcess/API/efl/EWebKit2.h.
12:19 AM Changeset in webkit [171453] by ryuan.choi@samsung.com
  • 8 edits in trunk

[EFL] Do not generate forwarding header for ewk headers
https://bugs.webkit.org/show_bug.cgi?id=135147

Reviewed by Gyuyoung Kim.

Source/WebKit2:
Only EWebKit2.h and ewk_text_checker.h are generated as forwarding header.
This is unnecessary.

  • UIProcess/API/efl/tests/UnitTestUtils/EWK2UnitTestBase.h:
  • UIProcess/API/efl/tests/test_ewk2_application_cache_manager.cpp:
  • UIProcess/API/efl/tests/test_ewk2_context_menu.cpp:
  • UIProcess/API/efl/tests/test_ewk2_window_features.cpp:
  • UIProcess/efl/TextCheckerClientEfl.h:

Tools:

  • WebKitTestRunner/EventSenderProxy.h:
12:16 AM Changeset in webkit [171452] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit/mac

Merge r171338

12:14 AM Changeset in webkit [171451] by dburkart@apple.com
  • 13 edits in branches/safari-600.1-branch/Source

Merge r171336

12:12 AM Changeset in webkit [171450] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171332

12:10 AM Changeset in webkit [171449] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171329

12:08 AM Changeset in webkit [171448] by dburkart@apple.com
  • 4 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171326

12:08 AM Changeset in webkit [171447] by llango.u-szeged@partner.samsung.com
  • 3 edits in trunk/Source/JavaScriptCore

[EFL] Build fix after the [ftlopt] branch merge.

Reviewed by Csaba Osztrogonác.

  • dfg/DFGBranchDirection.h:

(JSC::DFG::branchDirectionToString):

  • dfg/DFGStructureClobberState.h:

(JSC::DFG::merge):

12:06 AM Changeset in webkit [171446] by dburkart@apple.com
  • 5 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171322

12:03 AM Changeset in webkit [171445] by dburkart@apple.com
  • 8 edits in branches/safari-600.1-branch/Source

Merge r171321

Jul 22, 2014:

11:59 PM Changeset in webkit [171444] by dburkart@apple.com
  • 11 edits in branches/safari-600.1-branch/Source

Merge r171320

11:56 PM Changeset in webkit [171443] by dburkart@apple.com
  • 6 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171317

11:54 PM Changeset in webkit [171442] by dburkart@apple.com
  • 5 edits
    2 copies in branches/safari-600.1-branch

Merge r171316

11:51 PM Changeset in webkit [171441] by dburkart@apple.com
  • 6 edits in branches/safari-600.1-branch/Source

Merge r171314

11:49 PM Changeset in webkit [171440] by dburkart@apple.com
  • 7 edits
    1 copy in branches/safari-600.1-branch/Source/WebInspectorUI

Merge r171312

11:46 PM Changeset in webkit [171439] by dburkart@apple.com
  • 7 edits in branches/safari-600.1-branch/Source

Merge r171308

11:43 PM Changeset in webkit [171438] by dburkart@apple.com
  • 3 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171306

11:39 PM Changeset in webkit [171437] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/WebKitLibraries

Merge r171305

11:37 PM Changeset in webkit [171436] by dburkart@apple.com
  • 5 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171303

11:35 PM Changeset in webkit [171435] by dburkart@apple.com
  • 4 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171299

11:33 PM Changeset in webkit [171434] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171289

11:31 PM Changeset in webkit [171433] by dburkart@apple.com
  • 17 edits in branches/safari-600.1-branch/Source

Merge r171288

11:29 PM Changeset in webkit [171432] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171287

11:27 PM Changeset in webkit [171431] by dburkart@apple.com
  • 10 edits in branches/safari-600.1-branch/Source

Merge r171286

11:24 PM Changeset in webkit [171430] by dburkart@apple.com
  • 4 edits
    1 copy in branches/safari-600.1-branch

Merge r171284

11:24 PM Changeset in webkit [171429] by fpizlo@apple.com
  • 2 edits in trunk/LayoutTests

This test is slow so we shouldn't run it in the slower variants (like ftl-eager/dfg-eager).

  • js/regress/script-tests/getter-richards.js:
11:22 PM Changeset in webkit [171428] by dburkart@apple.com
  • 4 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171283

11:20 PM Changeset in webkit [171427] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171280

11:18 PM Changeset in webkit [171426] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171257

11:16 PM Changeset in webkit [171425] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171256

11:14 PM Changeset in webkit [171424] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171253

11:12 PM Changeset in webkit [171423] by dburkart@apple.com
  • 25 edits in branches/safari-600.1-branch/Source

Merge r171252

11:09 PM Changeset in webkit [171422] by dburkart@apple.com
  • 5 edits
    3 copies in branches/safari-600.1-branch

Merge r171250

11:05 PM Changeset in webkit [171421] by dburkart@apple.com
  • 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171246

11:02 PM Changeset in webkit [171420] by commit-queue@webkit.org
  • 7 edits in trunk/Source/WebKit2

Unreviewed, rolling out r171366.
https://bugs.webkit.org/show_bug.cgi?id=135190

Broke three API tests (Requested by ap on #webkit).

Reverted changeset:

"REGRESSION (r171239): Much more time spent taking snapshots
during the PLT"
https://bugs.webkit.org/show_bug.cgi?id=135177
http://trac.webkit.org/changeset/171366

11:02 PM Changeset in webkit [171419] by dburkart@apple.com
  • 15 edits in branches/safari-600.1-branch/Source

Merge r171239

10:59 PM Changeset in webkit [171418] by dburkart@apple.com
  • 4 edits in branches/safari-600.1-branch

Merge r171228

10:56 PM Changeset in webkit [171417] by dburkart@apple.com
  • 3 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merge r171227

10:53 PM Changeset in webkit [171416] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171225

10:52 PM Changeset in webkit [171415] by dburkart@apple.com
  • 6 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171219

10:50 PM Changeset in webkit [171414] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Tools

Merge r171217

10:48 PM Changeset in webkit [171413] by dburkart@apple.com
  • 3 edits in branches/safari-600.1-branch/Tools

Merge r171216

10:46 PM Changeset in webkit [171412] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171215

10:44 PM Changeset in webkit [171411] by dburkart@apple.com
  • 18 edits
    3 copies in branches/safari-600.1-branch

Merge r171213

10:41 PM Changeset in webkit [171410] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171211

10:39 PM Changeset in webkit [171409] by dburkart@apple.com
  • 6 edits in branches/safari-600.1-branch

Merge r171167

10:33 PM Changeset in webkit [171408] by dburkart@apple.com
  • 4 edits
    2 copies in branches/safari-600.1-branch

Merge r171210

10:31 PM Changeset in webkit [171407] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171197

10:28 PM Changeset in webkit [171406] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merge r171204

10:27 PM Changeset in webkit [171405] by dburkart@apple.com
  • 27 edits
    1 copy
    1 delete in branches/safari-600.1-branch

Merge r171195

10:18 PM Changeset in webkit [171404] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Build fix for bot.

  • platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:

(WebCore::createLegibleOutputSubtypes): Declare 'wvtt' locally, rather
than relying on potentially unavailable declaration.

10:16 PM Changeset in webkit [171403] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit/win

[Win] Build fix after r171370.

  • WebCoreSupport/WebEditorClient.h: Add override

for new 'overflowScrollPositionChanged'.

10:15 PM Changeset in webkit [171402] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171194

10:13 PM Changeset in webkit [171401] by dburkart@apple.com
  • 9 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171191

10:11 PM Changeset in webkit [171400] by dburkart@apple.com
  • 3 edits
    2 copies in branches/safari-600.1-branch/Source/JavaScriptCore

Merge r171190

10:09 PM Changeset in webkit [171399] by dburkart@apple.com
  • 3 edits in branches/safari-600.1-branch/Tools

Merge r171199

10:07 PM Changeset in webkit [171398] by dburkart@apple.com
  • 6 edits
    1 copy in branches/safari-600.1-branch/Source/WebCore

Merge r171188

10:05 PM Changeset in webkit [171397] by dburkart@apple.com
  • 7 edits in branches/safari-600.1-branch

Merge r171184

9:58 PM Changeset in webkit [171396] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merge r171365

9:58 PM Changeset in webkit [171395] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

Build fix for non-clang compile.

  • jsc.cpp:

(WTF::RuntimeArray::put): Remove incorrect return statement
I added.

9:54 PM Changeset in webkit [171394] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r171376

9:53 PM Changeset in webkit [171393] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

Build fix for non-clang compile.

  • jsc.cpp:

(WTF::RuntimeArray::deleteProperty): Need (fake) return
value when NO_RETURN_DUE_TO_CRASH is not defined.

9:40 PM Changeset in webkit [171392] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Build fix for Windows bots

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp: Provide missing

structure definition when needed by bot.

9:33 PM Changeset in webkit [171391] by fpizlo@apple.com
  • 29 edits
    4 adds
    1 delete in trunk/Source/JavaScriptCore

Merge r169628 from ftlopt.

2014-06-04 Matthew Mirman <mmirman@apple.com>


Added system for inlining native functions via the FTL.
https://bugs.webkit.org/show_bug.cgi?id=131515


Reviewed by Filip Pizlo.


Also fixed the build to not compress the bitcode and to
include all of the relevant runtime. With GCC_GENERATE_DEBUGGING_SYMBOLS = NO,
the produced bitcode files are a 100th the size they were before.
Now we can include all of the relevant runtime files with only a 3mb overhead.
This is the same overhead as for two compressed files before,
but done more efficiently (on both ends) and with less code.


Deciding whether to inline native functions is left up to LLVM.
The entire module containing the function is linked into the current
compiled JS so that inlining the native functions shouldn't make them smaller.


Rather than loading Runtime.symtbl at runtime FTLState.cpp now generates a file
InlineRuntimeSymbolTable.h which statically builds the symbol table hash table.


  • JavaScriptCore.xcodeproj/project.pbxproj: Added back runtime files to compile.
  • build-symbol-table-index.py: Changed bitcode suffix. Added inclusion of only tested symbols. Added output to InlineRuntimeSymbolTable.h.
  • build-symbol-table-index.sh: Changed bitcode suffix.
  • copy-llvm-ir-to-derived-sources.sh: Removed gzip compression.
  • tested-symbols.symlst: Added.
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): Now sets the knownFunction of the call node if such a function exists and emits a check that during runtime the callee is in fact known.
  • dfg/DFGNode.h: Added functions to set the known function of a call node. (JSC::DFG::Node::canBeKnownFunction): Added. (JSC::DFG::Node::hasKnownFunction): Added. (JSC::DFG::Node::knownFunction): Added. (JSC::DFG::Node::giveKnownFunction): Added.
  • ftl/FTLAbbreviatedTypes.h: Added a typedef for LLVMMemoryBufferRef
  • ftl/FTLAbbreviations.h: Added some abbreviations.
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Added. Hardcoded threshold to 275. (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Added. (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Added. (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Added. (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): Added call to possiblyCompileInlineableNativeCall
  • ftl/FTLOutput.h: (JSC::FTL::Output::allocaName): Added. Useful for debugging.
  • ftl/FTLState.cpp: (JSC::FTL::State::State): Added an include for InlineRuntimeSymbolTable.h
  • ftl/FTLState.h: Added symbol table hash table.
  • ftl/FTLCompile.cpp: (JSC::FTL::compile): Added inlining and dead function elimination passes.
  • heap/HandleStack.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
  • llvm/InitializeLLVMMac.mm: Deleted.
  • llvm/InitializeLLVMMac.cpp: Added.
  • llvm/LLVMAPIFunctions.h: Added macros to include Bitcode parsing and linking functions.
  • llvm/LLVMHeaders.h: Added includes for Bitcode parsing and linking.
  • runtime/BundlePath.h: Added.
  • runtime/BundlePath.mm: Added.
  • runtime/DateInstance.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
  • runtime/DateInstance.h: ditto.
  • runtime/DateConversion.h: ditto.
  • runtime/ExceptionHelpers.h: ditto.
  • runtime/JSCJSValue.h: ditto.
  • runtime/JSArray.h: ditto.
  • runtime/JSDateMath.h: ditto.
  • runtime/JSObject.h: ditto.
  • runtime/JSObject.h: ditto.
  • runtime/RegExp.h: ditto.
  • runtime/Structure.h: ditto.
  • runtime/Options.h: Added maximumLLVMInstructionCountForNativeInlining.
9:18 PM Changeset in webkit [171390] by mark.lam@apple.com
  • 3 edits
    2 adds in trunk/Source/JavaScriptCore

Array.concat() should work on runtime arrays too.
<https://webkit.org/b/135179>

Reviewed by Geoffrey Garen.

  • jsc.cpp:

(WTF::RuntimeArray::create):
(WTF::RuntimeArray::~RuntimeArray):
(WTF::RuntimeArray::destroy):
(WTF::RuntimeArray::getOwnPropertySlot):
(WTF::RuntimeArray::getOwnPropertySlotByIndex):
(WTF::RuntimeArray::put):
(WTF::RuntimeArray::deleteProperty):
(WTF::RuntimeArray::getLength):
(WTF::RuntimeArray::createPrototype):
(WTF::RuntimeArray::createStructure):
(WTF::RuntimeArray::finishCreation):
(WTF::RuntimeArray::RuntimeArray):
(WTF::RuntimeArray::lengthGetter):
(GlobalObject::finishCreation):
(functionCreateRuntimeArray):

  • Added support to create a runtime array for testing purpose.
  • runtime/ArrayPrototype.cpp:

(JSC::getLength):

  • Added fast case for when the array object is a JSArray.

(JSC::arrayProtoFuncJoin):

  • Added a needed but missing exception check.

(JSC::arrayProtoFuncConcat):

  • Use getLength() to compute the array length instead of assuming that the array is a JSArray instance.
  • tests/stress/regexp-matches-array.js: Added.

(testArrayConcat):

  • tests/stress/runtime-array.js: Added.

(testArrayConcat):

9:04 PM Changeset in webkit [171389] by fpizlo@apple.com
  • 23 edits in branches/ftlopt/Source/JavaScriptCore

[ftlopt] Get rid of structure checks as a way of checking if a function is in fact a function
https://bugs.webkit.org/show_bug.cgi?id=135146

Reviewed by Oliver Hunt.

This greatly simplifies our closure call optimizations by taking advantage of the type
bits available in the cell header.

  • bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::visitWeak):

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::CallLinkStatus):
(JSC::CallLinkStatus::computeFor):
(JSC::CallLinkStatus::dump):

  • bytecode/CallLinkStatus.h:

(JSC::CallLinkStatus::CallLinkStatus):
(JSC::CallLinkStatus::executable):
(JSC::CallLinkStatus::structure): Deleted.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::emitFunctionChecks):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::observeUseKindOnNode):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::speculateCellTypeWithoutTypeFiltering):
(JSC::DFG::SpeculativeJIT::speculateCellType):
(JSC::DFG::SpeculativeJIT::speculateFunction):
(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCheckExecutable):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::isFunction):
(JSC::FTL::LowerDFGToLLVM::isNotFunction):
(JSC::FTL::LowerDFGToLLVM::speculateFunction):

  • jit/ClosureCallStubRoutine.cpp:

(JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
(JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):

  • jit/ClosureCallStubRoutine.h:

(JSC::ClosureCallStubRoutine::structure): Deleted.

  • jit/JIT.h:

(JSC::JIT::compileClosureCall): Deleted.

  • jit/JITCall.cpp:

(JSC::JIT::privateCompileClosureCall): Deleted.

  • jit/JITCall32_64.cpp:

(JSC::JIT::privateCompileClosureCall): Deleted.

  • jit/JITOperations.cpp:
  • jit/Repatch.cpp:

(JSC::linkClosureCall):

  • jit/Repatch.h:
8:52 PM Changeset in webkit [171388] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Build fix for EWS bots.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp: Forward declare

structure definition.

8:39 PM Changeset in webkit [171387] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

Fix Windows (return a value!)

  • jsc.cpp:

(functionQuit): Satisfy compiler's need for
a return value.

8:29 PM Changeset in webkit [171386] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

Fix Windows (sleep -> Sleep)

  • jsc.cpp:

(WTF::jscExit):

8:19 PM Changeset in webkit [171385] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

[Win] Fix Crash when handling Legible Output callbacks
https://bugs.webkit.org/show_bug.cgi?id=134946

Reviewed by Dean Jackson.

Relanding after adding fixes to support build bots.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

(WebCore::InbandTextTrackPrivateAVF::processNativeSamples): Remove
Windows-specific 'ASSERT_NOT_REACHED' code path.

  • platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:

(WebCore::createLegibleOutputSubtypes): Added.
(WebCore::AVFWrapper::createPlayerItem): Updated to request native
samples from AVFoundationCF.

7:37 PM Changeset in webkit [171384] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Reduce the size of the root WebContent sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=135182
<rdar://problem/17739108>

Reviewed by Alexey Proskuryakov.

Switch from apple-ui-app to uikit-app as the root of the webcontent
profile.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
7:19 PM Changeset in webkit [171383] by mmaxfield@apple.com
  • 4 edits
    2 adds in trunk

Copying and pasting trivial H2 content causes a crash in firstPositionInNode
https://bugs.webkit.org/show_bug.cgi?id=134897

Reviewed by Ryosuke Niwa.

Source/WebCore:
ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder() attempts
to move pasted headings out of existed headings, with out regard to if the existing
heading is the contenteditable root.

Test: editing/pasteboard/heading-crash.html

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):

LayoutTests:
Copy and paste text from one heading to another. Make sure there is no crash.

  • editing/pasteboard/heading-crash-expected.txt: Added.
  • editing/pasteboard/heading-crash.html: Added.
7:19 PM Changeset in webkit [171382] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix Windows.

  • jsc.cpp:

(WTF::jscExit):

6:43 PM Changeset in webkit [171381] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix 32-bit.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

6:19 PM Changeset in webkit [171380] by fpizlo@apple.com
  • 57 edits
    42 adds in trunk

Merge r169148, r169185, r169188, r169578, r169582, r169584, r169588, r169753 from ftlopt.

Source/JavaScriptCore:

Note that r169753 is merged out of order because it fixes a bug in r169588.

2014-06-10 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Structure::dfgShouldWatchIfPossible() is unsound
https://bugs.webkit.org/show_bug.cgi?id=133624


Reviewed by Mark Hahnenberg.


  • runtime/Structure.h: (JSC::Structure::dfgShouldWatchIfPossible): Make it sound and add some verbiage.


2014-06-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt] AI should be able track structure sets larger than 1
https://bugs.webkit.org/show_bug.cgi?id=128073


Reviewed by Oliver Hunt.


This makes two major changes to how AI (abstract interpreter) proves that a value has
some structure:


  • StructureAbstractValue can now track an arbitrary number of structures. A set whose size is greater than one means that the value may have any of the structures, and we don't know which - but we do know that it cannot be any structure not in the set. The structure abstract value can still be TOP, which means the set of all structures. We artificially limit the set size to StructureAbstractValue::polymorphismLimit to guard memory explosion on pathological programs. This limit is big enough that it wouldn't kick in for normal code, since we have other heuristics that limit the number of structures that we would allow an inline cache to know about.


  • We eagerly set watchpoints on all watchable structures and then we assume that watchable structures are being watched, and that the watchpoint will jettison the code. This allows tracking of watchable structures to be far simpler than before. Previously, a structure being tracked as "future possible" was predicated on it being watchable but we might not actually watch it. This makes algebra over sets of future possible structures quite weird. But watching all watchable structures means that we simple say that a structure set can be in the following states: unclobbered, which means it's just a set of structures and it doesn't matter what is watchable or what isn't because we've proven that the value must have one of these structures right now; and clobbered, which means that we have a set of structures, plus all possible structures temporarily, with invalidation removing the "plus all possible structures". Clobbering a set means that if any of its structures are unwatchable, the set just becomes TOP; but if all structures in the set are watchable then we just set the clobbered bit to add the "plus all possible structures temporarily" thing. This precisely tracks the exact meaning of watchability and invalidation points.


Slight SunSpider slow-down, neutral on Octane, slight AsmBench speed-up. I believe that
we will ultimately undo the SunSpider slow-down by making further improvements to the set
representation. I believe that Octane perfromance will ultimately improve once we remove
remaining singleton special-cases. The ultimate goal of this is to remove the need to
try quite so desperately hard to make everything monomorphic as we do currently.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/StructureSet.cpp: (JSC::StructureSet::clear): (JSC::StructureSet::remove): (JSC::StructureSet::filter): (JSC::StructureSet::copyFromOutOfLine): (JSC::StructureSet::StructureSet): Deleted. (JSC::StructureSet::operator=): Deleted. (JSC::StructureSet::copyFrom): Deleted.
  • bytecode/StructureSet.h: (JSC::StructureSet::StructureSet): (JSC::StructureSet::operator=): (JSC::StructureSet::isEmpty): (JSC::StructureSet::genericFilter): (JSC::StructureSet::ContainsOutOfLine::ContainsOutOfLine): (JSC::StructureSet::ContainsOutOfLine::operator()): (JSC::StructureSet::copyFrom): (JSC::StructureSet::deleteStructureListIfNecessary): (JSC::StructureSet::setEmpty): (JSC::StructureSet::getReservedFlag): (JSC::StructureSet::setReservedFlag):
  • dfg/DFGAbstractInterpreter.h: (JSC::DFG::AbstractInterpreter::setBuiltInConstant):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult): (JSC::DFG::AbstractInterpreter<AbstractStateType>::verifyEdge): (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberCapturedVars): (JSC::DFG::AbstractInterpreter<AbstractStateType>::forAllValues): (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberStructures): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions): (JSC::DFG::AbstractInterpreter<AbstractStateType>::setDidClobber): (JSC::DFG::AbstractInterpreter<AbstractStateType>::dump):
  • dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::observeTransitions): (JSC::DFG::AbstractValue::setMostSpecific): (JSC::DFG::AbstractValue::set): (JSC::DFG::AbstractValue::filter): (JSC::DFG::AbstractValue::shouldBeClear): (JSC::DFG::AbstractValue::normalizeClarity): (JSC::DFG::AbstractValue::checkConsistency): (JSC::DFG::AbstractValue::assertIsWatched): (JSC::DFG::AbstractValue::dumpInContext): (JSC::DFG::AbstractValue::setFuturePossibleStructure): Deleted.
  • dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::clear): (JSC::DFG::AbstractValue::clobberStructures): (JSC::DFG::AbstractValue::clobberStructuresFor): (JSC::DFG::AbstractValue::observeInvalidationPoint): (JSC::DFG::AbstractValue::observeInvalidationPointFor): (JSC::DFG::AbstractValue::observeTransition): (JSC::DFG::AbstractValue::TransitionObserver::TransitionObserver): (JSC::DFG::AbstractValue::TransitionObserver::operator()): (JSC::DFG::AbstractValue::TransitionsObserver::TransitionsObserver): (JSC::DFG::AbstractValue::TransitionsObserver::operator()): (JSC::DFG::AbstractValue::isHeapTop): (JSC::DFG::AbstractValue::setType): (JSC::DFG::AbstractValue::operator==): (JSC::DFG::AbstractValue::merge): (JSC::DFG::AbstractValue::validate): (JSC::DFG::AbstractValue::hasClobberableState): (JSC::DFG::AbstractValue::assertIsWatched): (JSC::DFG::AbstractValue::observeIndexingTypeTransition): (JSC::DFG::AbstractValue::makeTop): (JSC::DFG::AbstractValue::bestProvenStructure): Deleted.
  • dfg/DFGAllocator.h:
  • dfg/DFGArgumentsSimplificationPhase.cpp: (JSC::DFG::ArgumentsSimplificationPhase::run):
  • dfg/DFGArrayMode.cpp: (JSC::DFG::ArrayMode::alreadyChecked):
  • dfg/DFGAtTailAbstractState.h: (JSC::DFG::AtTailAbstractState::structureClobberState): (JSC::DFG::AtTailAbstractState::setStructureClobberState): (JSC::DFG::AtTailAbstractState::setFoundConstants): (JSC::DFG::AtTailAbstractState::haveStructures): Deleted. (JSC::DFG::AtTailAbstractState::setHaveStructures): Deleted.
  • dfg/DFGBasicBlock.cpp: (JSC::DFG::BasicBlock::BasicBlock):
  • dfg/DFGBasicBlock.h:
  • dfg/DFGBranchDirection.h: (JSC::DFG::branchDirectionToString): (WTF::printInternal):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handlePutById):
  • dfg/DFGCFAPhase.cpp: (JSC::DFG::CFAPhase::performBlockCFA):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::checkStructureElimination): (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): (JSC::DFG::CSEPhase::performNodeCSE):
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize):
  • dfg/DFGCommon.cpp: (JSC::DFG::startCrashing): (JSC::DFG::isCrashing):
  • dfg/DFGCommon.h:
  • dfg/DFGCommonData.cpp: (JSC::DFG::CommonData::notifyCompilingStructureTransition):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitGetByOffset): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
  • dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::DesiredWatchpoints::consider): (JSC::DFG::DesiredWatchpoints::addLazily): Deleted.
  • dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isWatched): (JSC::DFG::DesiredWatchpoints::isWatched): (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet): Deleted. (JSC::DFG::GenericDesiredWatchpoints::addLazily): Deleted. (JSC::DFG::GenericDesiredWatchpoints::isStillValid): Deleted. (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): Deleted. (JSC::DFG::GenericDesiredWatchpoints::isValidOrMixed): Deleted. (JSC::DFG::DesiredWatchpoints::isStillValid): Deleted. (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): Deleted. (JSC::DFG::DesiredWatchpoints::isValidOrMixed): Deleted.
  • dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess): (JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::~Graph): (JSC::DFG::Graph::dump): (JSC::DFG::Graph::dumpBlockHeader): (JSC::DFG::Graph::tryGetFoldableView): (JSC::DFG::Graph::visitChildren): (JSC::DFG::Graph::assertIsWatched): (JSC::DFG::Graph::handleAssertionFailure):
  • dfg/DFGGraph.h: (JSC::DFG::Graph::convertToConstant): (JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid): (JSC::DFG::Graph::addStructureTransitionData): Deleted.
  • dfg/DFGInPlaceAbstractState.cpp: (JSC::DFG::InPlaceAbstractState::beginBasicBlock): (JSC::DFG::InPlaceAbstractState::initialize): (JSC::DFG::InPlaceAbstractState::endBasicBlock): (JSC::DFG::InPlaceAbstractState::reset): (JSC::DFG::InPlaceAbstractState::merge):
  • dfg/DFGInPlaceAbstractState.h: (JSC::DFG::InPlaceAbstractState::structureClobberState): (JSC::DFG::InPlaceAbstractState::setStructureClobberState): (JSC::DFG::InPlaceAbstractState::setFoundConstants): (JSC::DFG::InPlaceAbstractState::haveStructures): Deleted. (JSC::DFG::InPlaceAbstractState::setHaveStructures): Deleted.
  • dfg/DFGLivenessAnalysisPhase.cpp: (JSC::DFG::LivenessAnalysisPhase::run):
  • dfg/DFGNode.h: (JSC::DFG::Node::hasTransition): (JSC::DFG::Node::transition): (JSC::DFG::Node::hasStructure): (JSC::DFG::StructureTransitionData::StructureTransitionData): Deleted. (JSC::DFG::Node::convertToStructureTransitionWatchpoint): Deleted. (JSC::DFG::Node::hasStructureTransitionData): Deleted. (JSC::DFG::Node::structureTransitionData): Deleted.
  • dfg/DFGNodeType.h:
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage): (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
  • dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStructureAbstractValue.cpp: Added. (JSC::DFG::StructureAbstractValue::assertIsWatched): (JSC::DFG::StructureAbstractValue::clobber): (JSC::DFG::StructureAbstractValue::observeTransition): (JSC::DFG::StructureAbstractValue::observeTransitions): (JSC::DFG::StructureAbstractValue::add): (JSC::DFG::StructureAbstractValue::merge): (JSC::DFG::StructureAbstractValue::mergeSlow): (JSC::DFG::StructureAbstractValue::mergeNotTop): (JSC::DFG::StructureAbstractValue::filter): (JSC::DFG::StructureAbstractValue::filterSlow): (JSC::DFG::StructureAbstractValue::contains): (JSC::DFG::StructureAbstractValue::isSubsetOf): (JSC::DFG::StructureAbstractValue::isSupersetOf): (JSC::DFG::StructureAbstractValue::overlaps): (JSC::DFG::StructureAbstractValue::equalsSlow): (JSC::DFG::StructureAbstractValue::dumpInContext): (JSC::DFG::StructureAbstractValue::dump):
  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::StructureAbstractValue): (JSC::DFG::StructureAbstractValue::operator=): (JSC::DFG::StructureAbstractValue::clear): (JSC::DFG::StructureAbstractValue::makeTop): (JSC::DFG::StructureAbstractValue::assertIsWatched): (JSC::DFG::StructureAbstractValue::observeInvalidationPoint): (JSC::DFG::StructureAbstractValue::top): (JSC::DFG::StructureAbstractValue::isClear): (JSC::DFG::StructureAbstractValue::isTop): (JSC::DFG::StructureAbstractValue::isNeitherClearNorTop): (JSC::DFG::StructureAbstractValue::isClobbered): (JSC::DFG::StructureAbstractValue::merge): (JSC::DFG::StructureAbstractValue::filter): (JSC::DFG::StructureAbstractValue::operator==): (JSC::DFG::StructureAbstractValue::size): (JSC::DFG::StructureAbstractValue::at): (JSC::DFG::StructureAbstractValue::operator[]): (JSC::DFG::StructureAbstractValue::onlyStructure): (JSC::DFG::StructureAbstractValue::isSupersetOf): (JSC::DFG::StructureAbstractValue::makeTopWhenThin): (JSC::DFG::StructureAbstractValue::setClobbered): (JSC::DFG::StructureAbstractValue::add): Deleted. (JSC::DFG::StructureAbstractValue::addAll): Deleted. (JSC::DFG::StructureAbstractValue::contains): Deleted. (JSC::DFG::StructureAbstractValue::isSubsetOf): Deleted. (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan): Deleted. (JSC::DFG::StructureAbstractValue::isClearOrTop): Deleted. (JSC::DFG::StructureAbstractValue::last): Deleted. (JSC::DFG::StructureAbstractValue::speculationFromStructures): Deleted. (JSC::DFG::StructureAbstractValue::isValidOffset): Deleted. (JSC::DFG::StructureAbstractValue::hasSingleton): Deleted. (JSC::DFG::StructureAbstractValue::singleton): Deleted. (JSC::DFG::StructureAbstractValue::dumpInContext): Deleted. (JSC::DFG::StructureAbstractValue::dump): Deleted. (JSC::DFG::StructureAbstractValue::topValue): Deleted.
  • dfg/DFGStructureClobberState.h: Added. (JSC::DFG::merge): (WTF::printInternal):
  • dfg/DFGTransition.cpp: Added. (JSC::DFG::Transition::dumpInContext): (JSC::DFG::Transition::dump):
  • dfg/DFGTransition.h: Added. (JSC::DFG::Transition::Transition):
  • dfg/DFGTypeCheckHoistingPhase.cpp: (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks): (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
  • dfg/DFGWatchableStructureWatchingPhase.cpp: Added. (JSC::DFG::WatchableStructureWatchingPhase::WatchableStructureWatchingPhase): (JSC::DFG::WatchableStructureWatchingPhase::run): (JSC::DFG::WatchableStructureWatchingPhase::tryWatch): (JSC::DFG::performWatchableStructureWatching):
  • dfg/DFGWatchableStructureWatchingPhase.h: Added.
  • dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::handleEdge): Deleted.
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::ftlUnreachable): (JSC::FTL::LowerDFGToLLVM::createPhiVariables): (JSC::FTL::LowerDFGToLLVM::compileBlock): (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileUpsilon): (JSC::FTL::LowerDFGToLLVM::compilePhi): (JSC::FTL::LowerDFGToLLVM::compileDoubleRep): (JSC::FTL::LowerDFGToLLVM::compileValueRep): (JSC::FTL::LowerDFGToLLVM::compileValueToInt32): (JSC::FTL::LowerDFGToLLVM::compileGetArgument): (JSC::FTL::LowerDFGToLLVM::compileGetLocal): (JSC::FTL::LowerDFGToLLVM::compileSetLocal): (JSC::FTL::LowerDFGToLLVM::compileArithAddOrSub): (JSC::FTL::LowerDFGToLLVM::compileArithMul): (JSC::FTL::LowerDFGToLLVM::compileArithDiv): (JSC::FTL::LowerDFGToLLVM::compileArithMod): (JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax): (JSC::FTL::LowerDFGToLLVM::compileArithAbs): (JSC::FTL::LowerDFGToLLVM::compileArithNegate): (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure): (JSC::FTL::LowerDFGToLLVM::compilePutStructure): (JSC::FTL::LowerDFGToLLVM::compileGetById): (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength): (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal): (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::compileArrayPush): (JSC::FTL::LowerDFGToLLVM::compileArrayPop): (JSC::FTL::LowerDFGToLLVM::compileNewArray): (JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer): (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileToString): (JSC::FTL::LowerDFGToLLVM::compileMakeRope): (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset): (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset): (JSC::FTL::LowerDFGToLLVM::compileCompareEq): (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq): (JSC::FTL::LowerDFGToLLVM::compileSwitch): (JSC::FTL::LowerDFGToLLVM::compare): (JSC::FTL::LowerDFGToLLVM::boolify): (JSC::FTL::LowerDFGToLLVM::terminate): (JSC::FTL::LowerDFGToLLVM::lowInt32): (JSC::FTL::LowerDFGToLLVM::lowInt52): (JSC::FTL::LowerDFGToLLVM::opposite): (JSC::FTL::LowerDFGToLLVM::lowCell): (JSC::FTL::LowerDFGToLLVM::lowBoolean): (JSC::FTL::LowerDFGToLLVM::lowDouble): (JSC::FTL::LowerDFGToLLVM::lowJSValue): (JSC::FTL::LowerDFGToLLVM::speculate): (JSC::FTL::LowerDFGToLLVM::isArrayType): (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID): (JSC::FTL::LowerDFGToLLVM::callCheck): (JSC::FTL::LowerDFGToLLVM::buildExitArguments): (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): (JSC::FTL::LowerDFGToLLVM::setInt52): (JSC::FTL::LowerDFGToLLVM::crash): (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint): Deleted.
  • ftl/FTLOutput.cpp: (JSC::FTL::Output::crashNonTerminal): Deleted.
  • ftl/FTLOutput.h: (JSC::FTL::Output::crash): Deleted.
  • jit/JITOperations.h:
  • jsc.cpp: (WTF::jscExit): (functionQuit): (main): (printUsageStatement): (CommandLine::parseArguments):
  • runtime/Structure.h: (JSC::Structure::dfgShouldWatchIfPossible): (JSC::Structure::dfgShouldWatch):
  • tests/stress/arrayify-to-structure-contradiction.js: Added. (foo):
  • tests/stress/ftl-getmyargumentslength-inline.js: Added. (foo):
  • tests/stress/multi-put-by-offset-multiple-transitions.js: Added. (foo): (Foo):
  • tests/stress/throw-from-ftl-in-loop.js: Added.
  • tests/stress/throw-from-ftl.js: Added. (foo):


2014-06-03 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Unreviewed, roll out r169578. The build system needs some more love.


  • InlineRuntimeSymbolTable.h: Removed.
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • build-symbol-table-index.py:
  • build-symbol-table-index.sh:
  • copy-llvm-ir-to-derived-sources.sh:
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall):
  • dfg/DFGNode.h: (JSC::DFG::Node::canBeKnownFunction): Deleted. (JSC::DFG::Node::hasKnownFunction): Deleted. (JSC::DFG::Node::knownFunction): Deleted. (JSC::DFG::Node::giveKnownFunction): Deleted.
  • ftl/FTLAbbreviatedTypes.h:
  • ftl/FTLCompile.cpp: (JSC::FTL::compile):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM): (JSC::FTL::LowerDFGToLLVM::lower): (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Deleted. (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Deleted. (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted. (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Deleted.
  • ftl/FTLState.cpp: (JSC::FTL::State::State):
  • ftl/FTLState.h:
  • heap/HandleStack.h:
  • llvm/InitializeLLVM.h:
  • llvm/InitializeLLVMMac.cpp: Removed.
  • llvm/InitializeLLVMMac.mm: Added. (JSC::initializeLLVMImpl):
  • llvm/LLVMAPIFunctions.h:
  • llvm/LLVMHeaders.h:
  • runtime/BundlePath.h: Removed.
  • runtime/BundlePath.mm: Removed.
  • runtime/DateConversion.h:
  • runtime/DateInstance.h:
  • runtime/ExceptionHelpers.h:
  • runtime/JSArray.h:
  • runtime/JSCJSValue.h: (JSC::JSValue::toFloat):
  • runtime/JSDateMath.h:
  • runtime/JSObject.h:
  • runtime/JSWrapperObject.h:
  • runtime/Options.h:
  • runtime/RegExp.h:
  • runtime/StringObject.h:
  • runtime/Structure.h:
  • tested-symbols.symlst: Removed.


2014-06-03 Filip Pizlo <fpizlo@apple.com>


[ftlopt] FTL native inlining tests take far too long
https://bugs.webkit.org/show_bug.cgi?id=133498


Unreviewed test gardening.


Added a new exceptions test since the other one appears to not work.


  • tests/stress/ftl-library-exception.js:
  • tests/stress/ftl-library-inline-gettimezoneoffset.js: Added. (foo):
  • tests/stress/ftl-library-inlining-exceptions-dataview.js: Added. (foo):
  • tests/stress/ftl-library-inlining-exceptions.js: Copied from LayoutTests/js/regress/script-tests/ftl-library-inlining-exceptions.js.
  • tests/stress/ftl-library-inlining-loops.js: Copied from LayoutTests/js/regress/script-tests/ftl-library-inlining-loops.js.
  • tests/stress/ftl-library-inlining-random.js:
  • tests/stress/ftl-library-substring.js:


2014-06-03 Matthew Mirman <mmirman@apple.com>


[ftlopt] Added system for inlining native functions via the FTL.
https://bugs.webkit.org/show_bug.cgi?id=131515


Reviewed by Filip Pizlo.


Also fixed the build to not compress the bitcode and to
include all of the relevant runtime. With GCC_GENERATE_DEBUGGING_SYMBOLS = NO,
the produced bitcode files are a 100th the size they were before.
Now we can include all of the relevant runtime files with only a 3mb overhead.
This is the same overhead as for two compressed files before,
but done more efficiently (on both ends) and with less code.


Deciding whether to inline native functions is left up to LLVM.
The entire module containing the function is linked into the current
compiled JS so that inlining the native functions shouldn't make them smaller.


Rather than loading Runtime.symtbl at runtime FTLState.cpp now includes a file
InlineRuntimeSymbolTable.h which statically builds the symbol table hash table.
Currently build-symbol-table-index.py updates this file from the
contents of tested-symbols.symlst when done building as a matter of convenience.
However, in order to include the new contents of the file in the build
you'd need to build twice. This will be fixed in future versions.


  • JavaScriptCore.xcodeproj/project.pbxproj: Added back runtime files to compile.
  • build-symbol-table-index.py: Changed bitcode suffix. Added inclusion of only tested symbols. Added output to InlineRuntimeSymbolTable.h.
  • build-symbol-table-index.sh: Changed bitcode suffix.
  • copy-llvm-ir-to-derived-sources.sh: Removed gzip compression.
  • tested-symbols.symlst: Added.
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): Now sets the knownFunction of the call node if such a function exists and emits a check that during runtime the callee is in fact known.
  • dfg/DFGNode.h: Added functions to set the known function of a call node. (JSC::DFG::Node::canBeKnownFunction): Added. (JSC::DFG::Node::hasKnownFunction): Added. (JSC::DFG::Node::knownFunction): Added. (JSC::DFG::Node::giveKnownFunction): Added.
  • ftl/FTLAbbreviatedTypes.h: Added a typedef for LLVMMemoryBufferRef
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Added. Hardcoded threshold to 275. (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Added. (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Added. (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Added. (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): Added call to possiblyCompileInlineableNativeCall
  • ftl/FTLOutput.h: (JSC::FTL::Output::allocaName): Added. Useful for debugging.
  • ftl/FTLState.cpp: (JSC::FTL::State::State): Added an include for InlineRuntimeSymbolTable.h
  • ftl/FTLState.h: Added symbol table hash table.
  • ftl/FTLCompile.cpp: (JSC::FTL::compile): Added inlining and dead function elimination passes.
  • heap/HandleStack.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
  • InlineRuntimeSymbolTable.h: Added.
  • llvm/InitializeLLVMMac.mm: Deleted.
  • llvm/InitializeLLVMMac.cpp: Added.
  • llvm/LLVMAPIFunctions.h: Added macros to include Bitcode parsing and linking functions.
  • llvm/LLVMHeaders.h: Added includes for Bitcode parsing and linking.
  • runtime/BundlePath.h: Added.
  • runtime/BundlePath.mm: Added.
  • runtime/DateInstance.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
  • runtime/DateInstance.h: ditto.
  • runtime/DateConversion.h: ditto.
  • runtime/ExceptionHelpers.h: ditto.
  • runtime/JSCJSValue.h: ditto.
  • runtime/JSArray.h: ditto.
  • runtime/JSDateMath.h: ditto.
  • runtime/JSObject.h: ditto.
  • runtime/JSObject.h: ditto.
  • runtime/RegExp.h: ditto.
  • runtime/Structure.h: ditto.
  • runtime/Options.h: Added maximumLLVMInstructionCountForNativeInlining.
  • tests/stress/ftl-library-inlining-random.js: Added.
  • tests/stress/ftl-library-substring.js: Added.


2014-05-21 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG::clobberize should be blind to the effects of GC
https://bugs.webkit.org/show_bug.cgi?id=133166


Reviewed by Goeffrey Garen.


Move the computation of where GCs happen to DFG::doesGC().


Large (>5x) speed-up on programs that do loop-invariant string concatenations.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractHeap.h:
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize): (JSC::DFG::clobberizeForAllocation): Deleted.
  • dfg/DFGDoesGC.cpp: Added. (JSC::DFG::doesGC):
  • dfg/DFGDoesGC.h: Added.
  • dfg/DFGStoreBarrierElisionPhase.cpp: (JSC::DFG::StoreBarrierElisionPhase::handleNode): (JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Deleted.


2014-05-16 Filip Pizlo <fpizlo@apple.com>


[ftlopt] A StructureSet with one element should only require one word and no allocation
https://bugs.webkit.org/show_bug.cgi?id=133014


Reviewed by Oliver Hunt.


This makes it more efficient to use StructureSet in situations where the common case is
just one structure.


I also took the opportunity to use the same set terminology we use in BitVector: merge,
filter, exclude, contains, etc.


Eventually, this will be used to implement StructureAbstractValue as well.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/StructureSet.cpp: Added. (JSC::StructureSet::StructureSet): (JSC::StructureSet::operator=): (JSC::StructureSet::clear): (JSC::StructureSet::add): (JSC::StructureSet::remove): (JSC::StructureSet::contains): (JSC::StructureSet::merge): (JSC::StructureSet::filter): (JSC::StructureSet::exclude): (JSC::StructureSet::isSubsetOf): (JSC::StructureSet::overlaps): (JSC::StructureSet::operator==): (JSC::StructureSet::speculationFromStructures): (JSC::StructureSet::arrayModesFromStructures): (JSC::StructureSet::dumpInContext): (JSC::StructureSet::dump): (JSC::StructureSet::addOutOfLine): (JSC::StructureSet::containsOutOfLine): (JSC::StructureSet::copyFrom): (JSC::StructureSet::OutOfLineList::create): (JSC::StructureSet::OutOfLineList::destroy):
  • bytecode/StructureSet.h: (JSC::StructureSet::StructureSet): (JSC::StructureSet::~StructureSet): (JSC::StructureSet::onlyStructure): (JSC::StructureSet::isEmpty): (JSC::StructureSet::size): (JSC::StructureSet::at): (JSC::StructureSet::operator[]): (JSC::StructureSet::last): (JSC::StructureSet::OutOfLineList::list): (JSC::StructureSet::OutOfLineList::OutOfLineList): (JSC::StructureSet::deleteStructureListIfNecessary): (JSC::StructureSet::isThin): (JSC::StructureSet::pointer): (JSC::StructureSet::singleStructure): (JSC::StructureSet::structureList): (JSC::StructureSet::set): (JSC::StructureSet::clear): Deleted. (JSC::StructureSet::add): Deleted. (JSC::StructureSet::addAll): Deleted. (JSC::StructureSet::remove): Deleted. (JSC::StructureSet::contains): Deleted. (JSC::StructureSet::containsOnly): Deleted. (JSC::StructureSet::isSubsetOf): Deleted. (JSC::StructureSet::overlaps): Deleted. (JSC::StructureSet::singletonStructure): Deleted. (JSC::StructureSet::speculationFromStructures): Deleted. (JSC::StructureSet::arrayModesFromStructures): Deleted. (JSC::StructureSet::operator==): Deleted. (JSC::StructureSet::dumpInContext): Deleted. (JSC::StructureSet::dump): Deleted.
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::emitPrototypeChecks): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
  • dfg/DFGNode.h: (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
  • dfg/DFGTypeCheckHoistingPhase.cpp: (JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheck):

Source/WTF:

2014-06-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt] AI should be able track structure sets larger than 1
https://bugs.webkit.org/show_bug.cgi?id=128073


Reviewed by Oliver Hunt.


  • wtf/Bag.h: (WTF::Bag::Node::Node): (WTF::Bag::add):

LayoutTests:

2014-06-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt] AI should be able track structure sets larger than 1
https://bugs.webkit.org/show_bug.cgi?id=128073


Reviewed by Oliver Hunt.


  • js/regress/get-by-id-bimorphic-check-structure-elimination-expected.txt: Added.
  • js/regress/get-by-id-bimorphic-check-structure-elimination-simple-expected.txt: Added.
  • js/regress/get-by-id-bimorphic-check-structure-elimination-simple.html: Added.
  • js/regress/get-by-id-bimorphic-check-structure-elimination.html: Added.
  • js/regress/get-by-id-check-structure-elimination-expected.txt: Added.
  • js/regress/get-by-id-check-structure-elimination.html: Added.
  • js/regress/get-by-id-quadmorphic-check-structure-elimination-simple-expected.txt: Added.
  • js/regress/get-by-id-quadmorphic-check-structure-elimination-simple.html: Added.
  • js/regress/script-tests/get-by-id-bimorphic-check-structure-elimination-simple.js: Added.
  • js/regress/script-tests/get-by-id-bimorphic-check-structure-elimination.js: Added.
  • js/regress/script-tests/get-by-id-check-structure-elimination.js: Added.
  • js/regress/script-tests/get-by-id-quadmorphic-check-structure-elimination-simple.js: Added.


2014-06-03 Filip Pizlo <fpizlo@apple.com>


[ftlopt] FTL native inlining tests take far too long
https://bugs.webkit.org/show_bug.cgi?id=133498


Unreviewed test gardening.


Move long-running tests that focus on correctness into JSC/tests/stress.
Speed up the performance tests by reducing allocation and call overhead.


  • js/regress/ftl-library-inlining-exceptions-expected.txt: Removed.
  • js/regress/ftl-library-inlining-exceptions.html: Removed.
  • js/regress/ftl-library-inlining-folding-expected.txt: Removed.
  • js/regress/ftl-library-inlining-folding.html: Removed.
  • js/regress/ftl-library-inlining-loops-expected.txt: Removed.
  • js/regress/ftl-library-inlining-loops.html: Removed.
  • js/regress/script-tests/ftl-library-inlining-dataview.js: (foo): Deleted.
  • js/regress/script-tests/ftl-library-inlining-exceptions.js: Removed.
  • js/regress/script-tests/ftl-library-inlining-folding.js: Removed.
  • js/regress/script-tests/ftl-library-inlining-loops.js: Removed.
  • js/regress/script-tests/ftl-library-inlining.js: (foo): Deleted.


2014-06-03 Matthew Mirman <mmirman@apple.com>


[ftlopt] Added system for inlining native functions via the FTL.
https://bugs.webkit.org/show_bug.cgi?id=131515


Reviewed by Filip Pizlo.


Adds microbenchmarks.


  • js/regress/script-tests/ftl-library-inlining.js: Added.
  • js/regress/ftl-library-inlining-expected.txt: Added.
  • js/regress/ftl-library-inlining.html: Added.
  • js/regress/script-tests/ftl-library-inlining-dataview.js: Added.
  • js/regress/ftl-library-inlining-dataview-expected.txt: Added.
  • js/regress/ftl-library-inlining-dataview.html: Added.
  • js/regress/script-tests/ftl-library-inlining-exceptions.js: Added.
  • js/regress/ftl-library-inlining-exceptions-expected.txt: Added.
  • js/regress/ftl-library-inlining-exceptions.html: Added.
  • js/regress/script-tests/ftl-library-inlining-folding.js: Added.
  • js/regress/ftl-library-inlining-folding-expected.txt: Added.
  • js/regress/ftl-library-inlining-folding-expected.html: Added.
  • js/regress/script-tests/ftl-library-inlining-loops.js: Added.
  • js/regress/ftl-library-inlining-loops-expected.txt: Added.
  • js/regress/ftl-library-inlining-loops.html: Added.


2014-05-21 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG::clobberize should be blind to the effects of GC
https://bugs.webkit.org/show_bug.cgi?id=133166


Reviewed by Geoffrey Garen.


  • js/regress/hoist-make-rope-expected.txt: Added.
  • js/regress/hoist-make-rope.html: Added.
  • js/regress/script-tests/hoist-make-rope.js: Added. (foo):
6:12 PM Changeset in webkit [171379] by ryuan.choi@samsung.com
  • 3 edits in trunk/Source/WebCore

Remove dead APIs from TiledBackingStore
https://bugs.webkit.org/show_bug.cgi?id=135158

Reviewed by Gyuyoung Kim.

setContentsFrozen and related code of TiledBackingStore are not used since Qt port is removed.

  • platform/graphics/TiledBackingStore.cpp:

(WebCore::TiledBackingStore::TiledBackingStore):
(WebCore::TiledBackingStore::updateTileBuffers):
(WebCore::TiledBackingStore::setContentsScale):
(WebCore::TiledBackingStore::createTiles):
(WebCore::TiledBackingStore::startTileBufferUpdateTimer):
(WebCore::TiledBackingStore::startBackingStoreUpdateTimer):
(WebCore::TiledBackingStore::commitScaleChange): Deleted.
(WebCore::TiledBackingStore::isBackingStoreUpdatesSuspended): Deleted.
(WebCore::TiledBackingStore::isTileBufferUpdatesSuspended): Deleted.
(WebCore::TiledBackingStore::setContentsFrozen): Deleted.

  • platform/graphics/TiledBackingStore.h:

(WebCore::TiledBackingStore::contentsFrozen): Deleted.

6:01 PM Changeset in webkit [171378] by commit-queue@webkit.org
  • 4 edits
    2 adds in trunk

Fix window-inactive css selectors when using querySelector.
https://bugs.webkit.org/show_bug.cgi?id=135149

Patch by Alex Christensen <achristensen@webkit.org> on 2014-07-22
Reviewed by Tim Horton.

Source/WebCore:
Test: fast/selectors/querySelector-window-inactive.html

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne):
Removed default and implemented case PseudoClassWindowInactive.

LayoutTests:

  • fast/selectors/querySelector-window-inactive-expected.txt: Added.
  • fast/selectors/querySelector-window-inactive.html: Added.
  • platform/wk2/TestExpectations:

Added querySelector-window-inactive.html to list of tests that do not work in WK2 because of setWindowIsKey.

5:41 PM Changeset in webkit [171377] by dburkart@apple.com
  • 34 edits in branches/safari-537.78-branch

Merge r169475

5:36 PM Changeset in webkit [171376] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r171016): Reproducible infinite spin selecting phone number
https://bugs.webkit.org/show_bug.cgi?id=135183
<rdar://problem/17727342>

Reviewed by Ryosuke Niwa.

  • editing/Editor.cpp:

(WebCore::Editor::scanRangeForTelephoneNumbers):
Make use of TextIterator::subrange, which knows how to make a subrange from character positions,
instead of assuming that our character positions translate directly to positions in the incoming range.
Make use of DocumentMarkerController::addMarker, which takes a range and applies the marker to
all text nodes inside the range as appropriate.
Fix naming of the shadowed 'length' local.
Fix a typo in the comment.

5:35 PM Changeset in webkit [171375] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] [OSX] Don't transcode WOFF on platforms that support it natively
https://bugs.webkit.org/show_bug.cgi?id=134904

Reviewed by Andreas Kling.

No new tests because there is no behavior change.

  • loader/cache/CachedFont.cpp:

(WebCore::CachedFont::ensureCustomFontData):

5:27 PM Changeset in webkit [171374] by dburkart@apple.com
  • 11 edits in branches/safari-537.78-branch/Source

Merge r152704

5:14 PM Changeset in webkit [171373] by jinwoo7.song@samsung.com
  • 2 edits in trunk/Source/WebKit2

Unreviewed build fix on EFL port after r171356.

Implement a dummy platformMediaCacheDirectory() to avoid undefined reference error.

  • UIProcess/efl/WebContextEfl.cpp:

(WebKit::WebContext::platformMediaCacheDirectory):

4:52 PM Changeset in webkit [171372] by ryuan.choi@samsung.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed build fix attempt on the EFL port after r171362.

Build break because of -Werror=return-type

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::makesCalls):

4:33 PM Changeset in webkit [171371] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[Win] Crash after plugin is unloaded.
https://bugs.webkit.org/show_bug.cgi?id=119044

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-22
Reviewed by Darin Adler.

We need to invalidate all runtime objects when a plugin view is destroyed, in case the plugin is unloaded,
and one of these runtime objects accesses the plugin function table upon destruction afterwards, which will cause a crash.
If we use the weak pointer to the runtime object when invalidating, it will be null if it's in the WeakImpl::Dead state.
This means the runtime object will not be invalidated, possibly causing a crash if the plugin is unloaded.
It should be safe to use the raw pointer to the runtime object when invalidating, since finalized runtime objects
will be removed from the set of runtime objects in the method RootObject::finalize().

  • bridge/runtime_root.cpp:

(JSC::Bindings::RootObject::invalidate): Make sure all runtime objects are invalidated by getting the raw runtime object pointer from the hash key.

4:28 PM Changeset in webkit [171370] by enrica@apple.com
  • 24 edits in trunk/Source

REGRESSION (WebKit2): Selection inside accelerated overflow:scroll doesn't track scrolling.
https://bugs.webkit.org/show_bug.cgi?id=135180
<rdar://problem/16721055>

Reviewed by Simon Fraser.

Source/WebCore:
AsyncScrollingCoordinator will force a selection update on iOS
when scrolling terminates in an overflow scroll.

  • loader/EmptyClients.h:
  • page/EditorClient.h:
  • page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):

  • page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::scrollingTreeNodeWillStartScroll):
(WebCore::ScrollingTree::scrollingTreeNodeDidEndScroll):

Source/WebKit/mac:

  • WebCoreSupport/WebEditorClient.h:

Source/WebKit2:
Adds notifications to the WKContentView to know when scrolling starts and ends
in an overflow scroll. When scrolling starts, we hide the selection and we restore
it when scrolling ends, though not before the selection information in the editor
state has been updated.
It also adds a new method to the EditorClient class to force the
selection update when scrolling is completed.

  • UIProcess/PageClient.h:
  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
  • UIProcess/Scrolling/RemoteScrollingTree.cpp:

(WebKit::RemoteScrollingTree::scrollingTreeNodeWillStartScroll):
(WebKit::RemoteScrollingTree::scrollingTreeNodeDidEndScroll):

  • UIProcess/Scrolling/RemoteScrollingTree.h:
  • UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.h:
  • UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:

(-[WKOverflowScrollViewDelegate scrollViewWillBeginDragging:]):
(-[WKOverflowScrollViewDelegate scrollViewDidEndDragging:willDecelerate:]):
(-[WKOverflowScrollViewDelegate scrollViewDidEndDecelerating:]):
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::overflowScrollWillStart):
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::overflowScrollDidEnd):

  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/PageClientImplIOS.h:
  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::overflowScrollWillStartScroll):
(WebKit::PageClientImpl::overflowScrollDidEndScroll):

  • UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeWillStartScroll):
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeDidEndScroll):

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _overflowScrollingWillBegin]):
(-[WKContentView _overflowScrollingDidEnd]):
(-[WKContentView _updateChangedSelection]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::overflowScrollWillStartScroll):
(WebKit::WebPageProxy::overflowScrollDidEndScroll):

  • WebProcess/WebCoreSupport/WebEditorClient.h:
  • WebProcess/WebCoreSupport/WebEditorClient.cpp:
  • WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm:

(WebKit::WebEditorClient::updateSelection):

4:25 PM Changeset in webkit [171369] by dburkart@apple.com
  • 11 edits
    2 copies in branches/safari-537.78-branch/Source/WebKit2

Merge r169457

3:32 PM Changeset in webkit [171368] by benjamin@webkit.org
  • 2 edits in trunk/Source/WebKit2

[iOS][WK2] WebPageProxy should not do anything when responding to an animated resize is the page is not in a valid state
https://bugs.webkit.org/show_bug.cgi?id=135169
<rdar://problem/17740149>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-22
Reviewed by Tim Horton.

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::dynamicViewportSizeUpdate):
Neither m_dynamicViewportSizeUpdateWaitingForTarget nor m_dynamicViewportSizeUpdateWaitingForLayerTreeCommit should
be modified if there is not WebProcess to respond to DynamicViewportSizeUpdate.

(WebKit::WebPageProxy::synchronizeDynamicViewportUpdate):
We should not attempt to synchronize anything if the page was closed before the end of the dynamic viewport
update.

3:09 PM Changeset in webkit [171367] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

JSLock release should only modify the AtomicStringTable if it modified in acquire
https://bugs.webkit.org/show_bug.cgi?id=135143

Reviewed by Pratik Solanki.

  • runtime/JSLock.cpp:

(JSC::JSLock::willDestroyVM):
(JSC::JSLock::willReleaseLock):
Only set the AtomicStringTable when there was a VM, to balance JSLock::didAcquireLock.

2:46 PM Changeset in webkit [171366] by timothy_horton@apple.com
  • 7 edits in trunk/Source/WebKit2

REGRESSION (r171239): Much more time spent taking snapshots during the PLT
https://bugs.webkit.org/show_bug.cgi?id=135177
<rdar://problem/17764847>

Reviewed by Dan Bernstein.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPageProxy::willChangeCurrentHistoryItem): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::willChangeCurrentHistoryItem):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPage::willChangeCurrentHistoryItem): Deleted.

  • WebProcess/WebPage/WebPage.h:

Rename WillChangeCurrentHistoryItem to WillChangeCurrentHistoryItemForMainFrame.
Only send it when the current history item for the main frame changes.

2:32 PM Changeset in webkit [171365] by oliver@apple.com
  • 2 edits in trunk/Source/WebKit2

Add accountsd access to network sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=135176
<rdar://17656487>

Reviewed by Anders Carlsson.

This is available to the webcontent process already, but is also
needed for the networking process.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
2:30 PM Changeset in webkit [171364] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix cloop build.

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeExitSiteData):

2:25 PM Changeset in webkit [171363] by oliver@apple.com
  • 3 edits in trunk/Source/WebKit2

Remove unused com.apple.webkit.* rules from profiles
https://bugs.webkit.org/show_bug.cgi?id=135174
<rdar://17755931>

Reviewed by Anders Carlsson.

We never send these rules so we should just remove use of them
from the profiles.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
2:08 PM Changeset in webkit [171362] by fpizlo@apple.com
  • 51 edits
    24 adds in trunk

Merge r168635, r168780, r169005, r169014, and r169143 from ftlopt.

2014-05-20 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG bytecode parser should turn GetById with nothing but a Getter stub as stuff+handleCall, and handleCall should be allowed to inline if it wants to
https://bugs.webkit.org/show_bug.cgi?id=133105


Reviewed by Michael Saboff.

Source/JavaScriptCore:

  • GetByIdStatus now knows about getters and can report intelligent things about them. As is usually the case with how we do these things, GetByIdStatus knows more about getters than the DFG can actually handle: it'll report details about polymorphic getter calls even though the DFG won't be able to handle those. This is fine; the DFG will see those statuses and bail to a generic slow path.


  • The DFG::ByteCodeParser now knows how to set up and do handleCall() for a getter call. This can, and usually does, result in inlining of getters!


  • CodeOrigin and OSR exit know about inlined getter calls. When you OSR out of an inlined getter, we set the return PC to a getter return thunk that fixes up the stack. We use the usual offset-true-return-PC trick, where OSR exit places the true return PC of the getter's caller as a phony argument that only the thunk knows how to find.


  • Removed a bunch of dead monomorphic chain support from StructureStubInfo.


  • A large chunk of this change is dragging GetGetterSetterByOffset, GetGetter, and GetSetter through the DFG and FTL. GetGetterSetterByOffset is like GetByOffset except that we know that we're returning a GetterSetter cell. GetGetter and GetSetter extract the getter, or setter, from the GetterSetter.


This is a ~2.5x speed-up on the getter microbenchmarks that we already had. So far none
of the "real" benchmarks exercise getters enough for this to matter. But I noticed that
some of the variants of the Richards benchmark in other languages - for example
Wolczko's Java translation of a C++ translation of Deutsch's Smalltalk version - use
getters and setters extensively. So, I created a getter/setter JavaScript version of
Richards and put it in regress/script-tests/getter-richards.js. That sees about a 2.4x
speed-up from this patch, which is very reassuring.


  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::printGetByIdCacheStatus): (JSC::CodeBlock::findStubInfo):
  • bytecode/CodeBlock.h:
  • bytecode/CodeOrigin.cpp: (WTF::printInternal):
  • bytecode/CodeOrigin.h: (JSC::InlineCallFrame::specializationKindFor):
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFor): (JSC::GetByIdStatus::computeForStubInfo): (JSC::GetByIdStatus::makesCalls): (JSC::GetByIdStatus::computeForChain): Deleted.
  • bytecode/GetByIdStatus.h: (JSC::GetByIdStatus::makesCalls): Deleted.
  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::~GetByIdVariant): (JSC::GetByIdVariant::GetByIdVariant): (JSC::GetByIdVariant::operator=): (JSC::GetByIdVariant::dumpInContext):
  • bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::GetByIdVariant): (JSC::GetByIdVariant::callLinkStatus):
  • bytecode/PolymorphicGetByIdList.cpp: (JSC::GetByIdAccess::fromStructureStubInfo): (JSC::PolymorphicGetByIdList::from):
  • bytecode/SpeculatedType.h:
  • bytecode/StructureStubInfo.cpp: (JSC::StructureStubInfo::deref): (JSC::StructureStubInfo::visitWeakReferences):
  • bytecode/StructureStubInfo.h: (JSC::isGetByIdAccess): (JSC::StructureStubInfo::initGetByIdChain): Deleted.
  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::addCall): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::handleGetByOffset): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): (JSC::DFG::ByteCodeParser::parse):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::getGetterSetterByOffsetLoadElimination): (JSC::DFG::CSEPhase::getInternalFieldLoadElimination): (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::getTypedArrayByteOffsetLoadElimination): Deleted.
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
  • dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::linkFunction):
  • dfg/DFGNode.h: (JSC::DFG::Node::hasStorageAccessData):
  • dfg/DFGNodeType.h:
  • dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::reifyInlinedCallFrames):
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • ftl/FTLAbstractHeapRepository.cpp:
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
  • ftl/FTLLink.cpp: (JSC::FTL::link):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileGetGetter): (JSC::FTL::LowerDFGToLLVM::compileGetSetter):
  • jit/AccessorCallJITStubRoutine.h:
  • jit/JIT.cpp: (JSC::JIT::assertStackPointerOffset): (JSC::JIT::privateCompile):
  • jit/JIT.h:
  • jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_get_by_id):
  • jit/ThunkGenerators.cpp: (JSC::arityFixupGenerator): (JSC::baselineGetterReturnThunkGenerator): (JSC::baselineSetterReturnThunkGenerator): (JSC::arityFixup): Deleted.
  • jit/ThunkGenerators.h:
  • runtime/CommonSlowPaths.cpp: (JSC::setupArityCheckData):
  • tests/stress/exit-from-getter.js: Added.
  • tests/stress/poly-chain-getter.js: Added. (Cons): (foo): (test):
  • tests/stress/poly-chain-then-getter.js: Added. (Cons1): (Cons2): (foo): (test):
  • tests/stress/poly-getter-combo.js: Added. (Cons1): (Cons2): (foo): (test): (.test):
  • tests/stress/poly-getter-then-chain.js: Added. (Cons1): (Cons2): (foo): (test):
  • tests/stress/poly-getter-then-self.js: Added. (foo): (test): (.test):
  • tests/stress/poly-self-getter.js: Added. (foo): (test): (getter):
  • tests/stress/poly-self-then-getter.js: Added. (foo): (test):
  • tests/stress/weird-getter-counter.js: Added. (foo): (test):


2014-05-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Factor out how CallLinkStatus uses exit site data
https://bugs.webkit.org/show_bug.cgi?id=133042


Reviewed by Anders Carlsson.


This makes it easier to use CallLinkStatus from clients that are calling into after
already holding some of the relevant locks. This is necessary because we use a "one lock
at a time" policy for CodeBlock locks: if you hold one then you're not allowed to acquire
any of the others. So, any code that needs to lock multiple CodeBlock locks needs to sort
of lock one, do some stuff, release it, then lock another, and then do more stuff. The
exit site data corresponds to the stuff you do while holding the baseline lock, while the
CallLinkInfo method corresponds to the stuff you do while holding the CallLinkInfo owner's
lock.


  • bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFor): (JSC::CallLinkStatus::computeExitSiteData): (JSC::CallLinkStatus::computeDFGStatuses):
  • bytecode/CallLinkStatus.h: (JSC::CallLinkStatus::ExitSiteData::ExitSiteData):


2014-05-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] InlineCallFrame::isCall should be an enumeration
https://bugs.webkit.org/show_bug.cgi?id=133034


Reviewed by Sam Weinig.


Once we start inlining getters and setters, we'll want InlineCallFrame to be able to tell
us that the inlined call was a getter call or a setter call. Initially I thought I would
have a new field called "kind" that would have components NormalCall, GetterCall, and
SetterCall. But that doesn't make sense, because for GetterCall and SetterCall, isCall
would have to be true. Hence, It makes more sense to have one enumeration that is Call,
Construct, GetterCall, or SetterCall. This patch is a first step towards this.


It's interesting that isClosureCall should probably still be separate, since getter and
setter inlining could inline closure calls.


  • bytecode/CodeBlock.h: (JSC::baselineCodeBlockForInlineCallFrame):
  • bytecode/CodeOrigin.cpp: (JSC::InlineCallFrame::dumpInContext): (WTF::printInternal):
  • bytecode/CodeOrigin.h: (JSC::InlineCallFrame::kindFor): (JSC::InlineCallFrame::specializationKindFor): (JSC::InlineCallFrame::InlineCallFrame): (JSC::InlineCallFrame::specializationKind):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
  • dfg/DFGOSRExitPreparation.cpp: (JSC::DFG::prepareCodeOriginForOSRExit):
  • runtime/Arguments.h: (JSC::Arguments::finishCreation):


2014-05-13 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG should not exit due to inadequate profiling coverage when it can trivially fill in the profiling coverage due to variable constant inference and the better prediction modeling of typed array GetByVals
https://bugs.webkit.org/show_bug.cgi?id=132896


Reviewed by Geoffrey Garen.


This is a slight win on SunSpider, but it's meant to ultimately help us on
embenchen/lua. We already do well on that benchmark but our convergence is slower than
I'd like.


  • dfg/DFGArrayMode.cpp: (JSC::DFG::ArrayMode::refine):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):


2014-05-08 Filip Pizlo <fpizlo@apple.com>


jsSubstring() should be lazy
https://bugs.webkit.org/show_bug.cgi?id=132556


Reviewed by Andreas Kling.


jsSubstring() is now lazy by using a special rope that is a substring instead of a
concatenation. To make this patch super simple, we require that a substring's base is
never a rope. Hence, when resolving a rope, we either go down a non-recursive substring
path, or we go down a concatenation path which may see exactly one level of substrings in
its fibers.


This is up to a 50% speed-up on microbenchmarks and a 10% speed-up on Octane/regexp.


Relanding this with assertion fixes.


  • heap/MarkedBlock.cpp: (JSC::MarkedBlock::specializedSweep):
  • runtime/JSString.cpp: (JSC::JSRopeString::visitFibers): (JSC::JSRopeString::resolveRopeInternal8): (JSC::JSRopeString::resolveRopeInternal16): (JSC::JSRopeString::clearFibers): (JSC::JSRopeString::resolveRope): (JSC::JSRopeString::resolveRopeSlowCase8): (JSC::JSRopeString::resolveRopeSlowCase):
  • runtime/JSString.h: (JSC::JSRopeString::finishCreation): (JSC::JSRopeString::append): (JSC::JSRopeString::create): (JSC::JSRopeString::offsetOfFibers): (JSC::JSRopeString::fiber): (JSC::JSRopeString::substringBase): (JSC::JSRopeString::substringOffset): (JSC::JSRopeString::notSubstringSentinel): (JSC::JSRopeString::substringSentinel): (JSC::JSRopeString::isSubstring): (JSC::JSRopeString::setIsSubstring): (JSC::jsSubstring):
  • runtime/RegExpMatchesArray.cpp: (JSC::RegExpMatchesArray::reifyAllProperties):
  • runtime/StringPrototype.cpp: (JSC::stringProtoFuncSubstring):

Source/WTF:

  • wtf/Bag.h: (WTF::Bag::iterator::operator!=):

LayoutTests:

  • js/regress/getter-no-activation-expected.txt: Added.
  • js/regress/getter-no-activation.html: Added.
  • js/regress/script-tests/getter-no-activation.js: Added.
  • js/regress/getter-richards-expected.txt: Added.
  • js/regress/getter-richards.html: Added.
  • js/regress/script-tests/getter-richards.js: Added.


2014-05-08 Filip Pizlo <fpizlo@apple.com>


jsSubstring() should be lazy
https://bugs.webkit.org/show_bug.cgi?id=132556


Reviewed by Andreas Kling.


These tests get 35-50% faster.


  • js/regress/script-tests/substring-concat-weird.js: Added. (foo):
  • js/regress/script-tests/substring-concat.js: Added. (foo):
  • js/regress/script-tests/substring.js: Added. (foo):
  • js/regress/substring-concat-expected.txt: Added.
  • js/regress/substring-concat-weird-expected.txt: Added.
  • js/regress/substring-concat-weird.html: Added.
  • js/regress/substring-concat.html: Added.
  • js/regress/substring-expected.txt: Added.
  • js/regress/substring.html: Added.
1:57 PM Changeset in webkit [171361] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

Perf dashboard spends 2s processing JSON data during the page loads
https://bugs.webkit.org/show_bug.cgi?id=135152

Reviewed by Andreas Kling.

In the Apple internal dashboard, we were spending as much as 2 seconds
converting raw JSON data into proper JS objects while loading the dashboard.

This caused the apparent unresponsiveness of the dashboard despite of the fact
charts themselves updated almost instantaneously.

  • public/index.html:
  • public/js/helper-classes.js:

(TestBuild): Compute the return values of formattedTime and formattedBuildTime
lazily as creating new Date objects and running string replace is expensive.
(TestBuild.formattedTime):
(TestBuild.formattedBuildTime):
(PerfTestRuns.setResults): Added. Pushing each result was the biggest bottle neck.
(PerfTestRuns.addResult): Deleted.

1:51 PM Changeset in webkit [171360] by mmaxfield@apple.com
  • 23 edits in trunk

[Mac] Cocoa throws exception when the return type of NSAccessibilityLinkedUIElementsAttribute is not an array
https://bugs.webkit.org/show_bug.cgi?id=135165

Reviewed by Simon Fraser.

Source/WebCore:
Return an empty array instead of nil.

Updated tests.

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:
Updating tests.

  • accessibility/parent-delete-expected.txt:
  • accessibility/transformed-element-expected.txt:
  • platform/mac/accessibility/aria-columnrowheaders-expected.txt:
  • platform/mac/accessibility/bounds-for-range-expected.txt:
  • platform/mac/accessibility/document-attributes-expected.txt:
  • platform/mac/accessibility/document-links-expected.txt:
  • platform/mac/accessibility/image-link-expected.txt:
  • platform/mac/accessibility/image-map2-expected.txt:
  • platform/mac/accessibility/internal-link-anchors-expected.txt:
  • platform/mac/accessibility/internal-link-anchors2-expected.txt:
  • platform/mac/accessibility/lists-expected.txt:
  • platform/mac/accessibility/plugin-expected.txt:
  • platform/mac/accessibility/table-attributes-expected.txt:
  • platform/mac/accessibility/table-cell-spans-expected.txt:
  • platform/mac/accessibility/table-cells-expected.txt:
  • platform/mac/accessibility/table-detection-expected.txt:
  • platform/mac/accessibility/table-one-cell-expected.txt:
  • platform/mac/accessibility/table-sections-expected.txt:
  • platform/mac/accessibility/table-with-rules-expected.txt:
  • platform/mac-mountainlion/accessibility/lists-expected.txt:
1:28 PM Changeset in webkit [171359] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r171357.
https://bugs.webkit.org/show_bug.cgi?id=135173

broke Windows build. (Requested by bfulgham on #webkit).

Reverted changeset:

"[Win] Fix Crash when handling Legible Output callbacks"
https://bugs.webkit.org/show_bug.cgi?id=134946
http://trac.webkit.org/changeset/171357

1:22 PM Changeset in webkit [171358] by mmaxfield@apple.com
  • 3 edits in trunk/LayoutTests

[Mac] accessibility/aria-columnrowheaders.html doesn't test lengths of arrays
https://bugs.webkit.org/show_bug.cgi?id=135166

Reviewed by Chris Fleizach.

Using debug() interprets strings like "<array of size 0>" as markup, thereby not
showing it in the expected output. Instead, we should use innerText (which is
what all the other accessibility tests use).

  • platform/mac/accessibility/aria-columnrowheaders-expected.txt:
  • platform/mac/accessibility/aria-columnrowheaders.html:
1:00 PM Changeset in webkit [171357] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

[Win] Fix Crash when handling Legible Output callbacks
https://bugs.webkit.org/show_bug.cgi?id=134946

Reviewed by Dean Jackson.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

(WebCore::InbandTextTrackPrivateAVF::processNativeSamples): Remove
Windows-specific 'ASSERT_NOT_REACHED' code path.

  • platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:

(WebCore::createLegibleOutputSubtypes): Added.
(WebCore::AVFWrapper::createPlayerItem): Updated to request native
samples from AVFoundationCF.

12:58 PM Changeset in webkit [171356] by oliver@apple.com
  • 9 edits in trunk/Source/WebKit2

Provide networking process with access to its HSTS db
https://bugs.webkit.org/show_bug.cgi?id=135121
<rdar://17654369>

Reviewed by Alexey Proskuryakov.

Add an extension parameter to pass the hsts database file.
This requires us to create the Caches/com.apple.WebKit.Networking
directory in the UI process, as the network sandbox
does not allow it to create the containing directory.

  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

  • Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

  • Shared/Network/NetworkProcessCreationParameters.h:
  • UIProcess/WebContext.cpp:

(WebKit::WebContext::ensureNetworkProcess):
(WebKit::WebContext::networkingHSTSDatabasePath):

  • UIProcess/WebContext.h:
  • UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath):

12:48 PM Changeset in webkit [171355] by weinig@apple.com
  • 7 edits
    1 add in trunk

[Cocoa] WKScriptMessageHandlers don't seem to function properly after navigating
https://bugs.webkit.org/show_bug.cgi?id=135148

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

  • runtime/CommonIdentifiers.h:

Add a common identifier for the string "webkit".

Source/WebCore:
The "webkit" property on the window was not getting installed for subsequent
loads due to intricate dance playing setting the JSDOMWindow where the DOMWindow
object is not yet in a Frame when the JSDOMWindow is created. Since we were
adding the "webkit" property on construction, the property was returning null
thinking it had no Frame and was in a bad state. We can fix this by making the
"webkit" property behave like all the other window properties moving its getting
to JSDOMWindow::getOwnPropertySlot.

Added API test (WebKit2Cocoa/UserContentController).

  • bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::finishCreation):

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowWebKit):
(WebCore::JSDOMWindow::getOwnPropertySlot):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm: Added.

(-[SimpleNavigationDelegate webView:didFinishNavigation:]):
(-[ScriptMessageHandler userContentController:didReceiveScriptMessage:]):

12:46 PM Changeset in webkit [171354] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

ASSERTION FAILED: info.spillFormat() & DataFormatJS in JSC::DFG::SpeculativeJIT::fillSpeculateCell
https://bugs.webkit.org/show_bug.cgi?id=135155
<rdar://problem/17763909>

Reviewed by Oliver Hunt.

The DFG fillSpeculate code paths all need to be mindful of the fact that they may be stumbling upon a
contradiction, and that this is OK. In this case, we were speculating cell on an int.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateCell):

  • tests/stress/regress-135155.js: Added.

(run.t.length):
(run):

12:36 PM Changeset in webkit [171353] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Fix Leak in WebCore::createGlobalImageFileDescriptor
https://bugs.webkit.org/show_bug.cgi?id=134423
<rdar://problem/17492758>

Reviewed by Geoffrey Garen.

  • platform/win/PasteboardWin.cpp:

(WebCore::createGlobalImageFileDescriptor): Unlock and release the
HGLOBAL when exiting early.

12:25 PM Changeset in webkit [171352] by benjamin@webkit.org
  • 3 edits in trunk/Source/WebKit2

[iOS][WK2] UI helpers that zoom on an element ignore the viewport's allowsUserScaling
https://bugs.webkit.org/show_bug.cgi?id=135140
<rdar://problem/17754921>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-22
Reviewed by Tim Horton.

UIScrollView makes a difference between min/max zoom and allowUserScaling. To express that,
everything is set up on the LayerTransaction.

For zooming related helpers (find on page, double tap to zoom, etc), the min and max zoom
should be the actual min/max for the current page state.

This patch split the two explicitely.
For layer transactions, the values are taken from the viewport configuration directly.
For everything else, we should use minimumPageScaleFactor/maximumPageScaleFactor. Those two methods
have been updated to take into account allowsUserScaling.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::willCommitLayerTree):

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::minimumPageScaleFactor):
(WebKit::WebPage::maximumPageScaleFactor):
(WebKit::WebPage::getAssistedNodeInformation):

11:35 AM Changeset in webkit [171351] by Brent Fulgham
  • 4 edits in trunk

Correct handling of VERSION_TEXT for 4+-tuple versions
https://bugs.webkit.org/show_bug.cgi?id=135161
<rdar://problem/17763546>

Reviewed by David Kilzer.

Tools:

  • Scripts/webkitperl/auto-version_unittest/autoVersionTests.pl:

Add additional test cases to catch errors in multiple-tuple
version string handling.

WebKitLibraries:
Revise the auto-version.pl script to properly handle version
strings with 4 (or more) version tuples. Previously these were
being truncated from the version.

  • win/tools/scripts/auto-version.pl:

(splitVersion): Return truncated version of
overall version string.

11:27 AM Changeset in webkit [171350] by fpizlo@apple.com
  • 9 edits
    2 adds in trunk

Extend exception fuzzing to the LLInt
https://bugs.webkit.org/show_bug.cgi?id=135076

Reviewed by Oliver Hunt.

Source/JavaScriptCore:

(JSC::numberOfExceptionFuzzChecks): Deleted.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setUpCall):

  • runtime/CommonSlowPaths.cpp:
  • runtime/ExceptionFuzz.cpp: Added.

(JSC::numberOfExceptionFuzzChecks):
(JSC::doExceptionFuzzing):

  • runtime/ExceptionFuzz.h: Added.

(JSC::doExceptionFuzzingIfEnabled):

Tools:

  • Scripts/jsc-stress-test-helpers/js-exception-fuzz:
11:13 AM Changeset in webkit [171349] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Web Inspector: Fix unused parameter build warning
https://bugs.webkit.org/show_bug.cgi?id=135151

Patch by Shivakumar JM <shiva.jm@samsung.com> on 2014-07-22
Reviewed by Joseph Pecoraro.

Fix unused parameter build warning by removing the parameter name

  • WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::setJavaScriptProfilingEnabled):

11:03 AM FeatureFlags edited by Bem Jones-Bey
(diff)
11:01 AM Changeset in webkit [171348] by ap@apple.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Mac] [WK2] selection-gap-fixed-child.html and selection-gap-flipped-fixed-child.html
have been failing since they were added in r148258
https://bugs.webkit.org/show_bug.cgi?id=114573

Landing actual results as expected for WK2. This test isn't meaningful for WK2, because of layers.

  • platform/mac-wk2/TestExpectations:
  • platform/mac-wk2/fast/repaint/selection-gap-fixed-child-expected.txt: Added.
  • platform/mac-wk2/fast/repaint/selection-gap-flipped-fixed-child-expected.txt: Added.
11:00 AM FeatureFlags edited by Bem Jones-Bey
(diff)
10:50 AM Changeset in webkit [171347] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

Source/WebCore: Clicking on links while accessibility is enabled sometimes crashes
https://bugs.webkit.org/show_bug.cgi?id=135074

Reviewed by Chris Fleizach.

When an accessibility request comes in from the system, we call updateBackingStore() on the
relevant AccessibilityObject, which triggers a relayout of the entire document. This relayout
might delete that accessibility node and its parent, which would cause the node to be deleted.
After the stack unwinds, we then call a member function on the node without checking for this
condition.

Test: accessibility/parent-delete.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::updateBackingStore): Retain the node for the duration of the
function.

LayoutTests: Clicking on links while accessibility is enabled does not render as expected
https://bugs.webkit.org/show_bug.cgi?id=135074

Reviewed by Chris Fleizach.

Delete a node and its parent, then call allAttributes() on the accessibility representation of
the deleted child and make sure there is no crash.

  • accessibility/parent-delete-expected.txt: Added
  • accessibility/parent-delete.html: Added
10:32 AM Changeset in webkit [171346] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Fix unused parameter build warning in UIProcess module
https://bugs.webkit.org/show_bug.cgi?id=135154

Patch by Shivakumar JM <shiva.jm@samsung.com> on 2014-07-22
Reviewed by Alexey Proskuryakov.

Fix unused parameter build warning in UIProcess module by using UNUSED_PARAM macro.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::viewStateDidChange):

10:19 AM Changeset in webkit [171345] by commit-queue@webkit.org
  • 11 edits in trunk/Source

Don't create new UIWindow for video fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=135038

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-07-22
Reviewed by Darin Adler.

Source/WebCore:

  • WebCore.exp.in:
  • platform/ios/WebVideoFullscreenControllerAVKit.h: use UIView instead of UIScreen.
  • platform/ios/WebVideoFullscreenControllerAVKit.mm:

(-[WebVideoFullscreenController enterFullscreen:]): provide parent UIView.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.h: remove UIWindow.
  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::setupFullscreen): ditto
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): ditto
(WebVideoFullscreenInterfaceAVKit::invalidate): ditto
(WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): ditto

Source/WebKit/mac:
Provide UIView to WebVideoFullscreenController

  • WebView/WebView.mm:

(-[WebView _enterFullscreenForNode:]): pass UIView instead of nil

Source/WebKit2:
Use root UIView to parent fullscreen interface.

  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID): pass parent UIView

  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::screenRectForNode): Use client rect instead of screen rect.

9:38 AM Changeset in webkit [171344] by ap@apple.com
  • 3 edits in trunk/LayoutTests

media/track/track-in-band-subtitles-too-large.html and
media/track/track-long-word-container-sizing.html fail on Mac (dependent on other tests?)
https://bugs.webkit.org/show_bug.cgi?id=135160

Correcting test expectations - the failures are not WK1 only.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
8:02 AM Changeset in webkit [171343] by clopez@igalia.com
  • 2 edits in trunk/Source/WebCore

[GTK] Rollout r170529 due to ~10% performance regression on the
perf test Animation/balls.
https://bugs.webkit.org/show_bug.cgi?id=134972

Reviewed by Martin Robinson.

Reverted changeset:
"Increase priority on SharedTimer source."
https://trac.webkit.org/r170529

6:47 AM Changeset in webkit [171342] by Michał Pakuła vel Rutka
  • 2 edits in trunk/LayoutTests

Unreviewed EFL gardening

  • platform/efl/TestExpectations: Update incorrect test expectations for passing and crashing tests.
6:27 AM Changeset in webkit [171341] by krit@webkit.org
  • 39 edits
    6 adds in trunk

Turn width/height to presentation attributes
https://bugs.webkit.org/show_bug.cgi?id=135046

Patch by Dirk Schulze <krit@webkit.org> on 2014-07-18
Reviewed by Dean Jackson.

Source/WebCore:
The elements <svg>, <image>, <pattern>, <mask> and <foreignObject> have the
'width' and 'height' attributes. So far they can just be set by SVG DOM or
setAttribute. Furthermore, animations just work with SVG Animation - No support
for CSS Animations and CSS Transitions. We started to turn the width and height
attributes on SVG roots to presentation attributes already. A presentation
attribute is a CSS property that can also be set by DOM (or now by SVG DOM).

This patch turns all width and height attributes to presentation attributes. It
basically allows authors to style width and height with CSS as well. Width and
height can now be set with CSS style sheets and can be animated with CSS.

To some degree it made it possible to remove code duplication. However, since
SVG DOM requires us to use SVGLength types and since we did not turn all
SVG attributes to the CSS length values (and our internal Length struct) yet,
we still need a hybrid - a bridge between SVGLength (for SVG DOM) and Length (for
RenderStyle). Once we move all attributes to use the Length struct, we can make SVGLength
a wrapper for Length and can move more code to the render tree.

The current challenge is to synchronize SVG DOM, normal DOM and RenderStyle.
With this patch we handle most part in RenderStyle. SVG DOM changes are
synchronized to DOM and RenderStyle will call needsStyleRecalc. Furthermore,
SVG Animations will continue to animate the SVG DOM (and synchronize the changes
back to RenderStyle) if the element has a JS property for the currently animated
attribute.

Short example:

<rect>

<animate attributeName="width">

</rect>

The <rect> element has the SVG DOM property 'width'. Therefore, we animate the SVG DOM
property and synchronize RenderStyle.

<ellipse>

<animate attributeName="width">

</ellipse>

The <ellipse> element does NOT have the SVG DOM property 'width'. Therefore, we
animate the CSS property directly. With synchronizing RenderStyle in all cases, we
make sure that the CSS cascade works even on animating on multiple SVG hierarchy
levels (animation of 'width' on <g> and inheriting the property value on a child
<rect>).

With using presentation attributes, we also inherit the CSS property parsing for
SVG attributes. <rect width=" 100px "> is possible now. (Note the trailing whitespaces.)
This follows a recent resolution of the SVG WG.

Since we turned width and height to presentation attributes, the layout optimization
selfHasRelativeLengths() in the DOM can't be used anymore. selfHasRelativeLengths() was
intended to solve a problem where we did not layout relatively position/sized elements
when the parent changes its size. However, as a side effect it did not call layout
for absolutely positioned/sized elements since the layout does not change. I run
all performance tests that we have and even wrote a test with hundreds of elements
that would be affected by this optimization. The differences were inside the sigma
of a normal test run. (Means I couldn't measure a performance difference.)
Therefore, it is not worth it to keep the "optimization" around and I will probably
remove it entirely for all basic shapes but <path> and <polygon> in future patches.

Tests: svg/css/parse-height.html

svg/css/parse-width.html
svg/css/width-height-presentation-attribute-expected.svg
svg/css/width-height-presentation-attribute.svg

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue): We never calculated the computed

value of width/height for SVG elements and returned auto instead. This is based
on a rule of CSS 2 and needs to be fixed in CSS3.

  • css/DeprecatedStyleBuilder.cpp:

(WebCore::ApplyPropertyLength::applyValue): Length always incorporates the zoom level.

In SVG we still apply the zoom after all operations by scaling the context. We need
to take this in account for Length and don't apply zoom on SVG inline elements.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::useSVGZoomRulesForLength):

See above.

  • css/StyleResolver.h:
  • rendering/svg/RenderSVGRect.cpp:

(WebCore::RenderSVGRect::updateShapeFromElement): Do not call width() and height() on

SVG DOM but use the values of RenderStyle instead.

  • rendering/svg/SVGPathData.cpp:

(WebCore::updatePathFromRectElement): Ditto.

  • svg/SVGAnimateElement.cpp:

(WebCore::SVGAnimateElement::resetAnimatedType): We need to differ between CSS properties

with and without SVG DOM on the current element. In the later case we animate the
SVG DOM and need to synch RenderStyle.

(WebCore::SVGAnimateElement::clearAnimatedType): Ditto.
(WebCore::SVGAnimateElement::applyResultsToTarget): Ditto.

  • svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::isTargetAttributeCSSProperty): This checks if the CSS property

has to be synched with SVG DOM.

(WebCore::SVGAnimationElement::shouldApplyAnimation): Ditto.

  • svg/SVGAnimationElement.h:
  • svg/SVGElement.cpp:

(WebCore::populateAttributeNameToCSSPropertyIDMap): Add width and heigth to the CSS property

list for presentation attributes.

(WebCore::populateCSSPropertyWithSVGDOMNameToAnimatedPropertyTypeMap): CSS properties with

SVG DOM synchronization need to be treated differently. Collect them in a separate map.

(WebCore::cssPropertyWithSVGDOMNameToAnimatedPropertyTypeMap): Caller for the map.
(WebCore::SVGElement::animatedPropertyTypeForAttribute): We need to check both maps here:

CSS properties and CSS properties with SVG DOM synch.

(WebCore::SVGElement::isAnimatableCSSProperty): Ditto.
(WebCore::SVGElement::isPresentationAttributeWithSVGDOM): Just return true if the property name

is in the map of properties with SVG DOM for the current element.

  • svg/SVGElement.h:

(WebCore::SVGElement::invalidateSVGPresentationAttributeStyle): Call needsStyleRecalc.

  • svg/SVGFilterElement.cpp: Make width/height presentation attribute.

(WebCore::SVGFilterElement::svgAttributeChanged):
(WebCore::SVGFilterElement::selfHasRelativeLengths): Deleted.

  • svg/SVGFilterElement.h: Ditto.
  • svg/SVGForeignObjectElement.cpp:

(WebCore::SVGForeignObjectElement::svgAttributeChanged):
(WebCore::SVGForeignObjectElement::selfHasRelativeLengths): Deleted.

  • svg/SVGForeignObjectElement.h:
  • svg/SVGImageElement.cpp: Ditto.

(WebCore::SVGImageElement::svgAttributeChanged):
(WebCore::SVGImageElement::isPresentationAttribute): Deleted.
(WebCore::SVGImageElement::collectStyleForPresentationAttribute): Deleted.
(WebCore::SVGImageElement::selfHasRelativeLengths): Deleted.

  • svg/SVGImageElement.h:
  • svg/SVGLength.h: Transform an Length value to an absolute value by taking the SVG viewport

into account. (An SVG viewport is not the same as the CSS viewport.)

  • svg/SVGLengthContext.cpp: Ditto.

(WebCore::SVGLengthContext::valueForLength):

  • svg/SVGLengthContext.h:
  • svg/SVGMaskElement.cpp: Make width/height presentation attribute.

(WebCore::SVGMaskElement::svgAttributeChanged):
(WebCore::SVGMaskElement::selfHasRelativeLengths): Deleted.

  • svg/SVGMaskElement.h:
  • svg/SVGPatternElement.cpp: Ditto.

(WebCore::SVGPatternElement::svgAttributeChanged):
(WebCore::SVGPatternElement::selfHasRelativeLengths): Deleted.

  • svg/SVGPatternElement.h:
  • svg/SVGRectElement.cpp: Ditto.

(WebCore::SVGRectElement::svgAttributeChanged):
(WebCore::SVGRectElement::selfHasRelativeLengths): Deleted.

  • svg/SVGRectElement.h:
  • svg/SVGSVGElement.cpp: Ditto.

(WebCore::SVGSVGElement::svgAttributeChanged): Clean up redundant layout calls.
(WebCore::SVGSVGElement::isPresentationAttribute): Deleted.
(WebCore::SVGSVGElement::collectStyleForPresentationAttribute): Deleted.

  • svg/SVGSVGElement.h:
  • svg/properties/SVGAnimatedProperty.cpp: Synchronize SVG DOM with DOM.

(WebCore::SVGAnimatedProperty::commitChange):

LayoutTests:
We already had a lot of tests for animating width/height as property.
So far they assumed that this is not possible. They simply needed to
be updated.

Furthermore, I added reference tests to test different inheritance
scenarios of CSS properties and setting them to elements.

A parsing test makes sure that the global property values inherit is
supported as well as CSS parsing rules for SVG attributes.
Negative tests test not-allowed behavior.

  • platform/mac/svg/W3C-SVG-1.1/coords-units-03-b-expected.txt:
  • svg/animations/attributeTypes-expected.txt:
  • svg/animations/resources/attributeTypes.svg:
  • svg/animations/script-tests/attributeTypes.js:

(sample1):
(sample2):
(sample3):

  • svg/css/getComputedStyle-basic-expected.txt:
  • svg/css/parse-height-expected.txt: Added.
  • svg/css/parse-height.html: Added.
  • svg/css/parse-width-expected.txt: Added.
  • svg/css/parse-width.html: Added.
  • svg/css/width-height-presentation-attribute-expected.svg: Added.
  • svg/css/width-height-presentation-attribute.svg: Added.
  • svg/custom/mask-excessive-malloc-expected.txt:
  • svg/hixie/error/015-expected.txt:
2:48 AM Changeset in webkit [171340] by jochen@chromium.org
  • 2 edits in trunk/Tools

Fix my email address in contributors.json
https://bugs.webkit.org/show_bug.cgi?id=135156

Reviewed by Gyuyoung Kim.

  • Scripts/webkitpy/common/config/contributors.json:
1:50 AM Changeset in webkit [171339] by commit-queue@webkit.org
  • 5 edits in trunk

[GStreamer] [GTK] WebKit does not build with GStreamer 1.4
https://bugs.webkit.org/show_bug.cgi?id=135114

.:
Fix build with GStreamer 1.4

Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2014-07-22
Reviewed by Philippe Normand.

  • Source/cmake/FindGStreamer.cmake: Check version 1.4.0 for the

gst-mpegts component instead of the unstable 1.3.x verstions.

Source/WebCore:
Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2014-07-22
Reviewed by Philippe Normand.

Fix build with GStreamer 1.4

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

Change GstMpegTs-prefixed types to use the GstMpegts prefix.
(WebCore::MediaPlayerPrivateGStreamer::handleMessage):
(WebCore::MediaPlayerPrivateGStreamer::processMpegTsSection):

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

Ditto.

Jul 21, 2014:

11:12 PM Changeset in webkit [171338] by psolanki@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Unreviewed iOS build fix after r171321.

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

9:35 PM Changeset in webkit [171337] by ryuan.choi@samsung.com
  • 4 edits in trunk/Source/WebKit2

[EFL] Add Ewk prefix to enums of ewk_navigation_policy
https://bugs.webkit.org/show_bug.cgi?id=135144

Reviewed by Gyuyoung Kim.

All public enums of ewebkit should start with Ewk prefix.
This patch added Ewk prefix to Ewk_Event_Mouse_Button and Ewk_Event_Modifiers.
In addition, added missing description and default value for Ewk_Event_Modifier.

  • UIProcess/API/efl/ewk_navigation_policy_decision.cpp:

(toEwkEventMouseButton):
(toEwkEventModifiers):
(EwkNavigationPolicyDecision::mouseButton):
(EwkNavigationPolicyDecision::modifiers):
(ewk_navigation_policy_mouse_button_get):
(ewk_navigation_policy_modifiers_get):
(toEventMouseButton): Deleted.
(toEventModifierKeys): Deleted.

  • UIProcess/API/efl/ewk_navigation_policy_decision.h:
  • UIProcess/API/efl/ewk_navigation_policy_decision_private.h:
8:59 PM Changeset in webkit [171336] by benjamin@webkit.org
  • 13 edits in trunk/Source

[iOS][WK2] Improve event throttling for Scroll Events
https://bugs.webkit.org/show_bug.cgi?id=135082
<rdar://problem/17445266>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-21
Reviewed by Simon Fraser.

Source/WebCore:
This patch is composed of two parts. The first part in the WebKit layer
track an approximate measurement of the main thread responsiveness.
The second part in WebCore use that information to avoid sending events
if a page is unresponsive.

In WebCore, this patch only consider scroll events so far. Hopefully the concept
should be easy to generalize.

  • loader/EmptyClients.h:
  • page/ChromeClient.h:

Chrome client provides us with one information: how long an incoming event should be delayed.
Every port is free to implement whatever logic is suitable for them.

  • page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::reset):
(WebCore::FrameView::delayedScrollEventTimerFired):
(WebCore::FrameView::scrollPositionChanged):
(WebCore::FrameView::sendScrollEvent):

  • page/FrameView.h:

Scroll events do not have any associated information so they can be coalesced by just skipping
all input hapenning during the throttling delay.

The implementation is done by using a timer to delay the events.

Source/WebKit2:
In the WebKit layer, we want a measure that is representative of the responsiveness.

In this patch, I use the total delay between a VisibleContentRectUpdate being dispatched
by the UIProcess, and the time RemoteLayerTreeDrawingArea flushes the layer tree.

The value used for eventThrottlingDelay() is computed by averaging the new value with
the old values with a 80/20 split, favoring the old data. Favoring historical data
over the last timing avoid excessively throttling for a single slow frame.

The computation of m_estimatedMainThreadLatency can be improved in the future, this is
a first cut keeping things simple.

With m_estimatedMainThreadLatency in our hands, we can compute our eventThrottlingDelay().
If m_estimatedMainThreadLatency is smaller than a single frame timespan, we have a fast page
and nothing is throttled.

If is it more than a frame, we throttle such that we can at least render two frames
per event dispatch based on the historical data.

The exact values will need some tweaking, but this set ensures well written pages get
60 events per seconds, while slow pages do not waste too much time on events.

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm:

(WebKit::WebChromeClient::eventThrottlingDelay):

  • WebProcess/WebPage/ViewUpdateDispatcher.cpp:

(WebKit::ViewUpdateDispatcher::visibleContentRectUpdate):
(WebKit::ViewUpdateDispatcher::dispatchVisibleContentRectUpdate):

  • WebProcess/WebPage/ViewUpdateDispatcher.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::didFlushLayerTreeAtTime):
(WebKit::WebPage::didCommitLoad):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::eventThrottlingDelay):
(WebKit::WebPage::updateVisibleContentRects):

  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::flushLayers):

8:32 PM Changeset in webkit [171335] by Brent Fulgham
  • 2 edits in trunk/Tools

Unreviewed test fix.

  • Scripts/webkitperl/auto-version_unittest/autoVersionTests.pl: Revert

to older Perl 5.8 syntax for iterating over hashes to allow tests to
run on Mountain Lion bots.

7:36 PM Changeset in webkit [171334] by commit-queue@webkit.org
  • 2 edits
    2 adds in trunk/Source/WebInspectorUI

Web Inspector: Add esprima to the WebInspector.
https://bugs.webkit.org/show_bug.cgi?id=135098

Patch by Saam Barati <sbarati@apple.com> on 2014-07-21
Reviewed by Joseph Pecoraro.

This patch includes Esprima into the WebInspector and attaches its
exported function onto the WebInspector namespace object.

  • UserInterface/External/Esprima: Added.
  • UserInterface/External/Esprima/esprima.js: Added.

(.):

  • UserInterface/Main.html:
7:15 PM Changeset in webkit [171333] by ap@apple.com
  • 2 edits in trunk/Tools

https://bugs.webkit.org/show_bug.cgi?id=135137
build.webkit.org/dashboard: webkitperl failures show up as yellow, not red

Reviewed by Darin Adler.

webkitperl results are binary, handle them the same way we handle bindings test results.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype.update.appendBuilderQueueStatus):
(BuildbotTesterQueueView.prototype._presentPopoverForMultipleFailureKinds):

6:26 PM Changeset in webkit [171332] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Avoid putting empty-sized surfaces into IOSurfacePool
https://bugs.webkit.org/show_bug.cgi?id=135136
<rdar://problem/17478407>

Reviewed by Simon Fraser.

  • platform/graphics/cg/IOSurfacePool.cpp:

(WebCore::IOSurfacePool::addSurface):
Avoid adding 0x0 surfaces to the pool, because they will wreak havoc
when their size is used as the key in the CachedSurfaceMap.
Additionally, avoid any empty sizes, because they're just pointless.

6:14 PM Changeset in webkit [171331] by bshafiei@apple.com
  • 2 edits in tags/Safari-600.1.1.1/Tools

Merged r171324. <rdar://problem/17750334>

6:05 PM Changeset in webkit [171330] by bshafiei@apple.com
  • 3 edits
    1 copy in tags/Safari-600.1.1.1

Merged r171319. <rdar://problem/17750334>

5:58 PM Changeset in webkit [171329] by Simon Fraser
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r170361): In landscape with UI hidden, fixed position elements at top of screen are too low
https://bugs.webkit.org/show_bug.cgi?id=135141
<rdar://problem/17627525>

Reviewed by Benjamin Poulain.

We can't use the WKWebView's UIScrollView contentInsets to determine the unobscured rect
in MobileSafari, because contentInsets can't be changed dynamically while scrolling.
To get around this, MobileSafari sets obscured insets instead (but also sets a fixed
contentInset).

So if the client calls _setObscuredInsets:, always use _obscuredInsets to compute the
content insets.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _computedContentInset]):
(-[WKWebView _setObscuredInsets:]):

5:58 PM Changeset in webkit [171328] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Refactor ArrayPrototype to use getLength() and putLength() utility functions.
https://bugs.webkit.org/show_bug.cgi?id=135139.

Reviewed by Oliver Hunt.

  • Specialize putProperty() to putLength() because it is only used for setting the length property.
  • Added a getLength() utility function to get the value of the length property.
  • Use these getLength() and putLength() functions instead of the existing code to get and put the length property. Less code to read, easier to understand.
  • runtime/ArrayPrototype.cpp:

(JSC::getLength):
(JSC::putLength):
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::putProperty): Deleted.

5:56 PM Changeset in webkit [171327] by bshafiei@apple.com
  • 2 edits in tags/Safari-600.1.1.1/WebKitLibraries

Merged r171305. <rdar://problem/17743959>

5:38 PM Changeset in webkit [171326] by oliver@apple.com
  • 4 edits in trunk/Source/WebKit2

Remove global cookie workaround from sandbox profiles
https://bugs.webkit.org/show_bug.cgi?id=135138
<rdar://17513375>

Reviewed by Alexey Proskuryakov.

Remove the workaround needed for global cookie access, and silencing
of the associated sandbox violation.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
  • UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::platformDefaultCookieStorageDirectory):

5:37 PM Changeset in webkit [171325] by Brent Fulgham
  • 2 edits in trunk/Tools

[Win] Follow-up for r171324.

  • Scripts/webkitperl/auto-version_unittest/autoVersionTests.pl: Cygwin

perl reports itself as 'cygwin'; native Windows Perl reports as
'MSWin32'. We need to handle both cases.

5:29 PM Changeset in webkit [171324] by Brent Fulgham
  • 2 edits in trunk/Tools

Unreviewed build fix after r171319.

  • Scripts/webkitperl/auto-version_unittest/autoVersionTests.pl: This test should

only execute on Windows. It will fail on other platforms, so give it a way to
successfully exit.

5:26 PM Changeset in webkit [171323] by commit-queue@webkit.org
  • 9 edits in trunk

new Int32Array(new ArrayBuffer(100), 1, 1) shouldn't throw an error that says "RangeError: Byte offset and length out of range of buffer"
https://bugs.webkit.org/show_bug.cgi?id=125391

Patch by Diego Pino Garcia <Diego Pino Garcia> on 2014-07-21
Reviewed by Darin Adler.

Source/JavaScriptCore:
Create own method for verifying byte offset alignment.

  • runtime/ArrayBufferView.h:

(JSC::ArrayBufferView::verifyByteOffsetAlignment):
(JSC::ArrayBufferView::verifySubRangeLength):
(JSC::ArrayBufferView::verifySubRange): Deleted.

  • runtime/GenericTypedArrayViewInlines.h:

(JSC::GenericTypedArrayView<Adaptor>::create):

  • runtime/JSDataView.cpp:

(JSC::JSDataView::create):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::create):

LayoutTests:

  • fast/canvas/webgl/data-view-crash-expected.txt:
  • fast/canvas/webgl/data-view-test-expected.txt:
  • fast/canvas/webgl/data-view-test.html:
5:10 PM Changeset in webkit [171322] by oliver@apple.com
  • 5 edits in trunk/Source/WebKit2

Correct sandbox profiles to fix some excess privileges
https://bugs.webkit.org/show_bug.cgi?id=135134
<rdar://problem/17741886>
<rdar://problem/17739080>

Reviewed by Alexey Proskuryakov.

This cleans up our sandbox profiles to fix a few issues - the profiles
no longer allow us to issue file extension we have the ability to consume,
and tightens some of the other file access rules.

This means we have to addd some rules to allow us to access things
that we previously had access to due to lax file system restrictions.

Some of the features were fixable simply by using entitlements on the
process rather than custom rules.

  • Configurations/WebContent-iOS.entitlements:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
5:09 PM Changeset in webkit [171321] by Beth Dakin
  • 8 edits in trunk/Source

WK1 should always setAcceleratedCompositingForFixedPositionEnabled(true) on
Yosemite
https://bugs.webkit.org/show_bug.cgi?id=135135

Reviewed by Darin Adler.

Source/WebCore:
This patch gets rid of the ChromeClient function that was introduced with
http://trac.webkit.org/changeset/171308 We’ll just enable the Setting instead.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle):
(WebCore::fixedPositionCreatesStackingContext): Deleted.

  • page/ChromeClient.h:

(WebCore::ChromeClient::requiresAcceleratedCompositingForViewportConstrainedPosition): Deleted.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForPosition):

Source/WebKit/mac:
Get rid of the ChromeClient function, and enable the Setting instead.

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::requiresAcceleratedCompositingForViewportConstrainedPosition): Deleted.

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

4:44 PM Changeset in webkit [171320] by Simon Fraser
  • 11 edits in trunk/Source

[iOS WK2] Turn off position:fixed behavior when the keyboard is up
https://bugs.webkit.org/show_bug.cgi?id=132537

Reviewed by Benjamin Poulain.

Source/WebCore:

Export RenderObject::localToContainerPoint().

  • WebCore.exp.in:

Source/WebKit2:

Make interaction with form elements inside position:fixed less terrible by re-laying out
fixed elements relative to the document while we have an assisted node. This ensures
that all parts of a position:fixed are accessible (e.g. inputs on the right side
of a fixed-width top bar).

  • Shared/AssistedNodeInformation.cpp: Add a flag for being inside postion:fixed,

and encode/decode it.
(WebKit::AssistedNodeInformation::encode):
(WebKit::AssistedNodeInformation::decode):

  • Shared/AssistedNodeInformation.h:

(WebKit::AssistedNodeInformation::AssistedNodeInformation):

  • UIProcess/PageClient.h: Add isAssistingNode().
  • UIProcess/ios/PageClientImplIOS.h:
  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::isAssistingNode):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::computeCustomFixedPositionRect): If we have an assisted
node, just use the document rect as the custom fixed position rect.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getAssistedNodeInformation): Get the selection rect first,
since we have to fix it up for position:fixed. If the element is inside fixed
position in the main frame, re-set the fixed position rect to the document rect
(which forces a layout), re-fetch elementRect, then set it back. This ensures
that the UI process gets an elementRect which it can zoom to correctly.

4:10 PM Changeset in webkit [171319] by Brent Fulgham
  • 3 edits
    2 adds in trunk

Tools: [Win] Extend auto-version.pl to support 5-tuple versions
https://bugs.webkit.org/show_bug.cgi?id=135124
<rdar://problem/17750334>

Reviewed by David Kilzer.

Add test cases for auto-version.pl.

  • Scripts/webkitperl/auto-version_unittest: Added.
  • Scripts/webkitperl/auto-version_unittest/autoVersionTests.pl: Added.

WebKitLibraries: [Win] Extend auto-version.pl to handle 5-tuple versions
https://bugs.webkit.org/show_bug.cgi?id=135124
<rdar://problem/17750334>

Reviewed by David Kilzer.

Extend tuple parsing to handle up to five tuples, and as
few as a single tuple. On Windows, the two additional
tuples are unused.

Also corrected regular expression capture logic to use local
blocks, preventing later capture expressions from reusing
previous capture results when the current expression failed
to find a match (GRRR, Perl!).

Clean up code by putting logic into a couple of subroutines.

  • win/tools/scripts/auto-version.pl:
4:07 PM Changeset in webkit [171318] by ap@apple.com
  • 2 edits in trunk/LayoutTests

REGRESSION: fast/layers/no-clipping-overflow-hidden-added-after-transform.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=135133

  • platform/mac/TestExpectations: Marked it as such.
3:17 PM Changeset in webkit [171317] by timothy_horton@apple.com
  • 6 edits in trunk/Source/WebKit2

Random crashes on the Web Thread due to Timers firing on the wrong thread in the UI process
https://bugs.webkit.org/show_bug.cgi?id=135132
<rdar://problem/17719832>

Reviewed by Simon Fraser.

  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler):
(WebKit::ProcessThrottler::suspendTimerFired):

  • UIProcess/ProcessThrottler.h:
  • UIProcess/ios/ViewGestureControllerIOS.mm:

(WebKit::ViewGestureController::ViewGestureController):
(WebKit::ViewGestureController::swipeSnapshotWatchdogTimerFired):

  • UIProcess/mac/ViewGestureController.h:
  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::ViewGestureController):
(WebKit::ViewGestureController::swipeSnapshotWatchdogTimerFired):
We can't use WebCore timers in the UI process because of coexistence concerns
(they fire on the Web Thread if there is one!), so use RunLoop::Timer instead.

1:47 PM Changeset in webkit [171316] by jer.noble@apple.com
  • 5 edits
    2 adds in trunk

[MSE] YouTube video decode error when variant-switching
https://bugs.webkit.org/show_bug.cgi?id=135128

Reviewed by Brent Fulgham.

Source/WebCore:
Test: media/media-source/media-source-overlapping-decodetime.html

When variant-switching, the situation can arise where an existing sample with a presentation
timestamp of N and a decode timestamp of M, and a new sample with a presentation timestamp > N
and the same decode timestamp of M, will keep the new sample from being added to the SampleMap.
This can result in a decode error when samples depending on that new, missing sample are enqueued.

The MSE spec is silent on the issue of overlapping decode timestamps. However, it guarantees that
presentation timestamps are non-overlapping. So instead of using just the decode timestamp as a key
for storing the samples in decode order, use both the decode timestamp and the presentation timestamp.
That ensures that samples with different presentation times but equal decode times are both inserted
into the decode queue, and in the correct order.

  • Modules/mediasource/SampleMap.cpp:

(WebCore::SampleIsRandomAccess::operator()): Update the parameter type to match the new KeyType.
(WebCore::SampleMap::addSample): Pass both decodeTime and presentationTime as the key to decodeOrder.
(WebCore::SampleMap::removeSample): Ditto.
(WebCore::DecodeOrderSampleMap::findSampleWithDecodeKey): Renamed from findSampleWithDecodeTime.
(WebCore::DecodeOrderSampleMap::reverseFindSampleWithDecodeKey): renamed from reverseFindSampleWithDecodeTime.
(WebCore::DecodeOrderSampleMap::findSyncSamplePriorToPresentationTime): Use renamed version of above.
(WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime): Ditto.
(WebCore::DecodeOrderSampleMap::findDependentSamples): Ditto.
(WebCore::DecodeOrderSampleMap::findSampleWithDecodeTime): Deleted.
(WebCore::DecodeOrderSampleMap::reverseFindSampleWithDecodeTime): Deleted.

  • Modules/mediasource/SampleMap.h:
  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::removeCodedFrames): Ditto.
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Ditto.
(WebCore::SourceBuffer::reenqueueMediaForTime): Ditto.

LayoutTests:

  • media/media-source/media-source-overlapping-decodetime-expected.txt: Added.
  • media/media-source/media-source-overlapping-decodetime.html: Added.
12:26 PM Changeset in webkit [171315] by dino@apple.com
  • 2 edits in trunk/Tools

Allow MiniBrowser WK1 to do element fullscreen
https://bugs.webkit.org/show_bug.cgi?id=135125

Reviewed by Simon Fraser.

Allow WK1 windows to go fullscreen using the DOM API.

  • MiniBrowser/mac/WK1BrowserWindowController.m:

(-[WK1BrowserWindowController awakeFromNib]): Enable the preference for
fullscreen.

12:20 PM Changeset in webkit [171314] by aestes@apple.com
  • 6 edits in trunk/Source

[iOS] Handle QuickLook ResourceLoaders in the web process
https://bugs.webkit.org/show_bug.cgi?id=135113

Reviewed by David Kilzer.

Source/WebCore:
No new tests. QuickLook is not testable from WebKit.

  • WebCore.exp.in:
  • loader/ResourceLoadScheduler.cpp:

(WebCore::ResourceLoadScheduler::maybeLoadQuickLookResource): Start loading the ResourceLoader if it is for a QuickLook resource.

  • loader/ResourceLoadScheduler.h:

Source/WebKit2:
The QuickLook framework registers a NSURLProtocol to handle loading subresources of the HTML documents it
generates. In order for these loads to succeed, we need to start them in the same process in which QuickLook
generated the main resource.

  • WebProcess/Network/WebResourceLoadScheduler.cpp:

(WebKit::WebResourceLoadScheduler::scheduleLoad):

12:20 PM Changeset in webkit [171313] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/canvas/canvas-putImageData-zero-alpha.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=131787

  • platform/mac/TestExpectations: Mark it as such.
12:16 PM Changeset in webkit [171312] by jonowells@apple.com
  • 7 edits
    1 add in trunk/Source/WebInspectorUI

Back/Forward arrows (modern) are too large.
https://bugs.webkit.org/show_bug.cgi?id=135073

Reviewed by Joseph Pecoraro.

Changes to adjust new forward and back arrow sizes to be more consistent with the
universal design language. Moved WebInspector.Platform definition to its own file.
Refactored handling of image versions inside ImageUtilities.js.

  • UserInterface/Base/ImageUtilities.js:

(.restoreImage):
(.generateImage):
(generateColoredImagesForCSS):
Make the default image versioning smarter.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
(WebInspector.contentLoaded.WebInspector.Platform.version.toString): Deleted.
(WebInspector.contentLoaded.WebInspector.Platform.toString): Deleted.

  • UserInterface/Base/Platform.js: Added.

Move platform information definition into Platform.js.

  • UserInterface/Main.html: Include Platform.js.
  • UserInterface/Views/ContentBrowser.js:

(WebInspector.ContentBrowser):

  • UserInterface/Views/FindBanner.css:

(.find-banner > button > .glyph):
(body.mac-platform.legacy .find-banner > button > .glyph):
(.find-banner > button.segmented.left > .glyph):
(body.mac-platform.legacy .find-banner > button.segmented.left > .glyph):
(.find-banner > button.segmented.right > .glyph):
(body.mac-platform.legacy .find-banner > button.segmented.right > .glyph):
(.find-banner > button.segmented):
(body.mac-platform.legacy .find-banner > button.segmented):

  • UserInterface/Views/FindBanner.js:

(WebInspector.FindBanner.prototype._generateButtonsGlyphsIfNeeded):
Size of forward and back arrows adjusted.

12:15 PM Changeset in webkit [171311] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Case sensitive file system build fix.

  • page/scrolling/ScrollingStateTree.cpp:
12:04 PM Changeset in webkit [171310] by Beth Dakin
  • 2 edits in trunk/Source/WebKit/mac

Build fix.

  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::requiresAcceleratedCompositingForViewportConstrainedPosition):

11:34 AM Changeset in webkit [171309] by Alan Bujtas
  • 3 edits in trunk/LayoutTests

Unreviewed hidpi test gardening.

Use Ahem font to ensure font size predictability.

  • fast/forms/hidpi-fieldset-on-subpixel-position-when-legend-is-present-expected.html:
  • fast/forms/hidpi-fieldset-on-subpixel-position-when-legend-is-present.html:
11:31 AM Changeset in webkit [171308] by Beth Dakin
  • 7 edits in trunk/Source

Put position:fixed elements into layers when a WK1 view is layer-backed
https://bugs.webkit.org/show_bug.cgi?id=135075

Reviewed by Darin Adler.

Source/WebCore:
This patch adds a new ChromeClient function called
requiresAcceleratedCompositingForViewportConstrainedPosition(). Since a view can
go in and out of layer backing, we need a ChromeClient method that can be
dynamically re-evaluated rather than using the existing settings for enabling
accelerated fixed and fixed that creates a stacking context.

Ensure that fixed elements create a stacking context when
requiresAcceleratedCompositingForViewportConstrainedPosition is true.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle):

New ChromeClient function.

  • page/ChromeClient.h:

Source/WebKit/mac:
Returns true when the WebHTMLView has a layer.

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::requiresAcceleratedCompositingForViewportConstrainedPosition):

11:26 AM Changeset in webkit [171307] by Simon Fraser
  • 3 edits in trunk/Source/WebCore

Add helper functions to dump the scrolling state tree from the debugger
https://bugs.webkit.org/show_bug.cgi?id=135101

Reviewed by Darin Adler.

Add debug-only showScrollingStateTree() functions that take a ScrollingStateTree* and ScrollingStateNode*
for use while debugging.

  • page/scrolling/ScrollingStateTree.cpp:

(showScrollingStateTree):

  • page/scrolling/ScrollingStateTree.h:
11:26 AM Changeset in webkit [171306] by Simon Fraser
  • 3 edits in trunk/Source/WebCore

[iOS WK1] Single touch div scrolling doesn't work in framesets (breaks Word previews)
https://bugs.webkit.org/show_bug.cgi?id=135103
<rdar://problem/11830219>

Reviewed by Darin Adler.

After r166117 all layer flushing starts on the root frame; we no longer flush layers
for each frame during painting. However, flushing GraphicsLayers can set some state
on a subframe RenderLayerCompositor that is now never processed, which breaks scroll
layer registration.

Fix by doing a walk of the Frame tree, and calling didFlushLayers() on subframe RenderLayerCompositors
before calling didFlushLayers() on self.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::flushPendingLayerChanges):
(WebCore::RenderLayerCompositor::didFlushLayers):
(WebCore::RenderLayerCompositor::notifySubframesAfterLayerFlush):
(WebCore::RenderLayerCompositor::enclosingCompositorFlushingLayers): Drive-by nullptr.

  • rendering/RenderLayerCompositor.h:
10:44 AM Changeset in webkit [171305] by Brent Fulgham
  • 2 edits in trunk/WebKitLibraries

[Win] Correct auto-version.pl script for two-digit version numbers
https://bugs.webkit.org/show_bug.cgi?id=135119
<rdar://problem/17743959>

Reviewed by David Kilzer.

The $MAJOR_VERSION must be the first digit of $BUILD_MAJOR_VERSION,
and $MINOR_VERSION must be the remaining digits.

Also correct regexp (line 90) that was allowing version numbers
larger than three digits to be processed.

  • win/tools/scripts/auto-version.pl: Correct regular expression.
10:30 AM Changeset in webkit [171304] by Alan Bujtas
  • 5 edits in trunk/LayoutTests

Unreviewed hidpi test gardening.

  • fast/inline/hidpi-selection-gap-on-subpixel-position-expected.html:
  • fast/inline/hidpi-selection-gap-on-subpixel-position.html: Speculative fix.
  • fast/inline/hidpi-selection-gap-overlaps-inline-selection-expected.html:
  • fast/inline/hidpi-selection-gap-overlaps-inline-selection.html: Use Ahem.
10:14 AM Changeset in webkit [171303] by beidson@apple.com
  • 5 edits in trunk/Source/WebKit2

DatabaseProcess doesn't relaunch after crashing.
<rdar://problem/17717343> and https://bugs.webkit.org/show_bug.cgi?id=135117

Reviewed by Alexey Proskuryakov.

  • UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::didClose): Tell the WebContext.

  • UIProcess/WebContext.cpp:

(WebKit::WebContext::databaseProcessCrashed): Notify supplements, then clear the DatabaseProcessProxy pointer.

  • UIProcess/WebContext.h:
  • UIProcess/WebContextSupplement.h:

(WebKit::WebContextSupplement::processDidClose): Added. No users right now, but the patch in bug 135035 will need this.

9:50 AM Changeset in webkit [171302] by ap@apple.com
  • 3 edits in trunk/LayoutTests

REGRESSION(r150169): http/tests/cache/willsendrequest-returns-null-for-memory-cache-load.html fails
https://bugs.webkit.org/show_bug.cgi?id=116259

Updating expectations to acknowledge that the test is flaky on WK1 too (it depends
on preceding tests).

  • platform/mac-wk2/TestExpectations:
  • platform/mac/TestExpectations:
9:41 AM Changeset in webkit [171301] by Alan Bujtas
  • 3 edits in trunk/LayoutTests

Unreviewed hidpi test gardening.

Use Ahem font to ensure font size predictability.

  • fast/inline/hidpi-selection-gap-and-inline-selection-have-gap-rtl-expected.html:
  • fast/inline/hidpi-selection-gap-and-inline-selection-have-gap-rtl.html:
8:14 AM Changeset in webkit [171300] by Michał Pakuła vel Rutka
  • 2 edits in trunk/LayoutTests

Unreviewed EFL gardening

Remove passing tests from TestExpectations file.

  • platform/efl/TestExpectations:
8:03 AM Changeset in webkit [171299] by eric.carlson@apple.com
  • 4 edits in trunk/Source/WebCore

[iOS] a Paused media session is not active
https://bugs.webkit.org/show_bug.cgi?id=135108

Reviewed by Darin Adler.

Activating the shared AudioSession will pause audio playing in another application,
so only report a Playing media sessions as active.

  • platform/audio/MediaSessionManager.cpp:
  • platform/audio/MediaSessionManager.h:

(WebCore::MediaSessionManager::activeAudioSessionRequired): Renamed from hasActive to make
clear what it does. Only return true for a session that is Playing.

  • platform/audio/mac/MediaSessionManagerMac.cpp:

(MediaSessionManager::updateSessionState): hasActive renamed to activeAudioSessionRequired.

7:46 AM EFLWebKit edited by ryuan.choi@samsung.com
Update few information as the latest (diff)
2:38 AM Changeset in webkit [171298] by Carlos Garcia Campos
  • 2 edits in trunk/Tools

[GTK] Documentation files are added twice to the tarball
https://bugs.webkit.org/show_bug.cgi?id=135115

Reviewed by Sergio Villar Senin.

  • gtk/manifest.txt: Remove duplicated rules.
2:04 AM Changeset in webkit [171297] by Carlos Garcia Campos
  • 4 edits in trunk

[GTK] Simplify make-dist command line arguments
https://bugs.webkit.org/show_bug.cgi?id=134832

Reviewed by Martin Robinson.

.:

  • Source/PlatformGTK.cmake: Use --version instead of

--tarball-root when running make-dist.py.

Tools:
Remove --tarball-root and -o command line options and add
--version, since the version can be used to build both, the
tarball root and the output filename. When the version it's not
provided, the pkg-config file is used to get the version. Also
change the default value of build-dir to the current directory,
since it's very common to call make-dist.py from the build dir.

  • gtk/make-dist.py:

(get_tarball_root_and_output_filename_from_arguments):

1:30 AM Changeset in webkit [171296] by Carlos Garcia Campos
  • 2 edits in trunk/Tools

[GTK] Reduce the size of the tarball generated by distcheck
https://bugs.webkit.org/show_bug.cgi?id=134802

Reviewed by Martin Robinson.

Add more rules to the manifest to decide what files to add:

  • Do not include platform specific directories of other ports.
  • Do not include port specific cmake files.
  • Do not include Objective-C sources.
  • Do not include .orig and .rej files.
  • Do not include mac specific sandbox files.
  • Only include the resources we actually build.
  • gtk/manifest.txt:
1:26 AM Changeset in webkit [171295] by Ion Rosca
  • 112 edits
    1 add in trunk/LayoutTests

[CSS Blending] Cleanup tests in css3/blending
https://bugs.webkit.org/show_bug.cgi?id=132600

Reviewed by Mihnea Ovidenie.

Summary of changes:

  • move common stylesheet classes to blending-style.css.
  • remove trailing white spaces.
  • replace tabs with spaces.
  • remove the 'html' tags for consistency with the most of blending tests.

This patch does not change the txt and png test expectations.

  • css3/blending/background-blend-mode-background-attachement-fixed-expected.html:
  • css3/blending/background-blend-mode-background-attachement-fixed.html:
  • css3/blending/background-blend-mode-background-clip-content-box-expected.html:
  • css3/blending/background-blend-mode-background-clip-content-box.html:
  • css3/blending/background-blend-mode-background-clip-padding-box-expected.html:
  • css3/blending/background-blend-mode-background-clip-padding-box.html:
  • css3/blending/background-blend-mode-background-origin-border-box-expected.html:
  • css3/blending/background-blend-mode-background-origin-border-box.html:
  • css3/blending/background-blend-mode-background-position-percentage-expected.html:
  • css3/blending/background-blend-mode-background-position-percentage.html:
  • css3/blending/background-blend-mode-background-repeat-no-repeat-expected.html:
  • css3/blending/background-blend-mode-background-repeat-no-repeat.html:
  • css3/blending/background-blend-mode-background-size-contain-expected.html:
  • css3/blending/background-blend-mode-background-size-contain.html:
  • css3/blending/background-blend-mode-background-size-cover-expected.html:
  • css3/blending/background-blend-mode-background-size-cover.html:
  • css3/blending/background-blend-mode-body-image-expected.html:
  • css3/blending/background-blend-mode-body-image.html:
  • css3/blending/background-blend-mode-body-transparent-color-and-image-expected.html:
  • css3/blending/background-blend-mode-body-transparent-color-and-image.html:
  • css3/blending/background-blend-mode-body-transparent-image-expected.html:
  • css3/blending/background-blend-mode-body-transparent-image.html:
  • css3/blending/background-blend-mode-crossfade-image-expected.html:
  • css3/blending/background-blend-mode-crossfade-image.html:
  • css3/blending/background-blend-mode-data-uri-svg-image-expected.html:
  • css3/blending/background-blend-mode-data-uri-svg-image.html:
  • css3/blending/background-blend-mode-default-value.html:
  • css3/blending/background-blend-mode-different-image-formats.html:
  • css3/blending/background-blend-mode-gif-color-2.html:
  • css3/blending/background-blend-mode-gif-color.html:
  • css3/blending/background-blend-mode-gradient-color.html:
  • css3/blending/background-blend-mode-gradient-gradient.html:
  • css3/blending/background-blend-mode-gradient-image.html:
  • css3/blending/background-blend-mode-image-color-dynamic-expected.html:
  • css3/blending/background-blend-mode-image-color-dynamic.html:
  • css3/blending/background-blend-mode-image-color.html:
  • css3/blending/background-blend-mode-image-image.html:
  • css3/blending/background-blend-mode-image-svg.html:
  • css3/blending/background-blend-mode-multiple-background-layers.html:
  • css3/blending/background-blend-mode-separate-layer-declaration-expected.html:
  • css3/blending/background-blend-mode-separate-layer-declaration.html:
  • css3/blending/background-blend-mode-single-layer-no-blending.html:
  • css3/blending/background-blend-mode-svg-color.html:
  • css3/blending/background-blend-mode-svg-expected.html:
  • css3/blending/background-blend-mode-svg.html:
  • css3/blending/background-blend-mode-tiled-layers.html:
  • css3/blending/blend-mode-accelerated-parent-overflow-hidden-expected.html:
  • css3/blending/blend-mode-accelerated-parent-overflow-hidden.html:
  • css3/blending/blend-mode-accelerated-with-multiple-stacking-contexts.html:
  • css3/blending/blend-mode-ancestor-clipping-layer.html:
  • css3/blending/blend-mode-background.html:
  • css3/blending/blend-mode-blended-element-overlapping-composited-sibling-should-have-compositing-layer.html:
  • css3/blending/blend-mode-body-child-background-color-expected.html:
  • css3/blending/blend-mode-body-child-background-color.html:
  • css3/blending/blend-mode-body-child-isolate-background-color-expected.html:
  • css3/blending/blend-mode-body-child-isolate-background-color.html:
  • css3/blending/blend-mode-body-child-isolate-html-background-color-expected.html:
  • css3/blending/blend-mode-body-child-isolate-html-background-color.html:
  • css3/blending/blend-mode-body-child.html:
  • css3/blending/blend-mode-body-element-expected.html:
  • css3/blending/blend-mode-body-element.html:
  • css3/blending/blend-mode-clip-accelerated-blending-canvas.html:
  • css3/blending/blend-mode-clip-accelerated-blending-child-expected.html:
  • css3/blending/blend-mode-clip-accelerated-blending-child.html:
  • css3/blending/blend-mode-clip-accelerated-blending-double-expected.html:
  • css3/blending/blend-mode-clip-accelerated-blending-double.html:
  • css3/blending/blend-mode-clip-accelerated-blending-with-siblings-expected.html:
  • css3/blending/blend-mode-clip-accelerated-blending-with-siblings.html:
  • css3/blending/blend-mode-clip-accelerated-transformed-blending-expected.html:
  • css3/blending/blend-mode-clip-accelerated-transformed-blending.html:
  • css3/blending/blend-mode-clip-rect-accelerated-blending-expected.html:
  • css3/blending/blend-mode-clip-rect-accelerated-blending.html:
  • css3/blending/blend-mode-html-element-screen.html:
  • css3/blending/blend-mode-isolated-group-1.html:
  • css3/blending/blend-mode-isolated-group-2.html:
  • css3/blending/blend-mode-isolated-group-3.html:
  • css3/blending/blend-mode-isolation-accelerated-overflow-hidden.html:
  • css3/blending/blend-mode-isolation-flags-append-non-stacking-context-blending.html:
  • css3/blending/blend-mode-isolation-flags-append-stacking-context-blending.html:
  • css3/blending/blend-mode-isolation-flags-remove-non-stacking-context-blending.html:
  • css3/blending/blend-mode-isolation-flags-remove-stacking-context-blending.html:
  • css3/blending/blend-mode-isolation-flags-turn-off-blending-no-isolation.html:
  • css3/blending/blend-mode-isolation-flags-turn-off-blending.html:
  • css3/blending/blend-mode-isolation-flags-turn-off-stacking-context.html:
  • css3/blending/blend-mode-isolation-flags-turn-on-blending.html:
  • css3/blending/blend-mode-isolation-flags-turn-on-stacking-context.html:
  • css3/blending/blend-mode-isolation-overflow-hidden-expected.html:
  • css3/blending/blend-mode-isolation-overflow-hidden.html:
  • css3/blending/blend-mode-isolation-turn-off-self-painting-layer.html:
  • css3/blending/blend-mode-isolation-turn-off-self-painting-layer1.html:
  • css3/blending/blend-mode-isolation-turn-off-self-painting-layer2.html:
  • css3/blending/blend-mode-isolation-turn-on-self-painting-layer.html:
  • css3/blending/blend-mode-layers.html:
  • css3/blending/blend-mode-overflow.html:
  • css3/blending/blend-mode-parent-of-composited-blended-has-layer.html:
  • css3/blending/blend-mode-reflection.html:
  • css3/blending/blend-mode-simple-composited.html:
  • css3/blending/blend-mode-transform-style.html:
  • css3/blending/blend-mode-with-accelerated-sibling.html:
  • css3/blending/blend-mode-with-body-expected.html:
  • css3/blending/blend-mode-with-body.html:
  • css3/blending/blend-mode-with-composited-descendant-should-have-layer.html:
  • css3/blending/effect-background-blend-mode-stacking.html:
  • css3/blending/isolation-isolate-blended-child-expected.html:
  • css3/blending/isolation-isolate-blended-child.html:
  • css3/blending/repaint/blend-mode-isolate-stacking-context.html:
  • css3/blending/repaint/blend-mode-turn-off-isolation-no-effect.html:
  • css3/blending/repaint/blend-mode-turn-off-isolation.html:
  • css3/blending/resources/blending-style.css: Added.

This file contains classes shared by multiple blending tests.

  • css3/blending/resources/dump-layer-tree.js: Added.
  • css3/blending/script-tests/background-blend-mode-property-parsing.js:
  • css3/blending/script-tests/blend-mode-property-parsing-invalid.js:
  • css3/blending/script-tests/blend-mode-property-parsing.js:
1:18 AM Changeset in webkit [171294] by Carlos Garcia Campos
  • 19 edits in trunk/Source/WebCore

Unreviewed. Update GObject DOM bindings test results after r171285.

  • bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestCustomNamedGetter.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestException.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestGenerateIsReachable.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestMediaQueryListListener.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestNamedConstructor.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestNondeterministic.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestOverloadedConstructors.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestTypedefs.cpp:
  • bindings/scripts/test/GObject/WebKitDOMattribute.cpp:
  • bindings/scripts/test/GObject/WebKitDOMreadonly.cpp:
12:46 AM Changeset in webkit [171293] by Manuel Rego Casasnovas
  • 12 edits in trunk/LayoutTests

[CSS Grid Layout] Rename gridAutoFlow[Row|Column] to gridAutoFlow[Row|Column]Sparse
https://bugs.webkit.org/show_bug.cgi?id=135013

Rename CSS styles in grid layout tests to make the name more explicit.
As the default mode for auto-placement algorithm is "sparse".

Reviewed by Darin Adler.

  • fast/css-grid-layout/grid-auto-columns-rows-auto-flow-resolution.html:
  • fast/css-grid-layout/grid-auto-flow-get-set-expected.txt:
  • fast/css-grid-layout/grid-auto-flow-get-set.html:
  • fast/css-grid-layout/grid-auto-flow-resolution.html:
  • fast/css-grid-layout/grid-auto-flow-sparse.html:
  • fast/css-grid-layout/grid-item-addition-auto-placement-update.html:
  • fast/css-grid-layout/grid-item-auto-placement-automatic-span.html:
  • fast/css-grid-layout/grid-item-auto-placement-definite-span.html:
  • fast/css-grid-layout/grid-item-order-auto-flow-resolution.html:
  • fast/css-grid-layout/grid-item-removal-auto-placement-update.html:
  • fast/css-grid-layout/resources/grid.css:

(.gridAutoFlowColumnSparse):
(.gridAutoFlowRowSparse):
(.gridAutoFlowColumn): Deleted.
(.gridAutoFlowRow): Deleted.

Note: See TracTimeline for information about the timeline view.