Timeline

View changes from
going back days
by author

Repository changesets Wiki changes

Aug 6, 2014:

11:23 PM Changeset in webkit [172204] by Brian Burg

• 8 edits in trunk/Source/WebInspectorUI

Web Inspector: breakpoint resolved state should not depend on all breakpoints being enabled
​https://bugs.webkit.org/show_bug.cgi?id=135517

Reviewed by Joseph Pecoraro.

Previously, Breakpoint.resolved returned false if all breakpoints were disabled, even if
the breakpoint had an associated SourceCode. This was a weird hack to make it easier to
style breakpoint widgets. This made it hard for other code to deal with resolved
breakpoints that were also disabled, or SourceCodeLocations that resolve and unresolve.
This patch removes that consideration and fixes style update code to manually check if all
breakpoints are being suppressed.

The code now enforces that a Breakpoint must have a SourceCode before it can be resolved.
(As a performance optimization when loading the initial frame tree, we sometimes we give
Breakpoints a SourceCode before the debugger officially says that the breakpoint has been
resolved. Thus, it's possible to be unresolved with a SourceCode, but not vice-versa.)

This patch also adds a few guards where we assumed a SourceCodeLocation had a SourceCode.

• UserInterface/Controllers/DebuggerManager.js:

(WebInspector.DebuggerManager.prototype.set breakpointsEnabled): Remove spurious
ResolvedStateDidChange events.

(WebInspector.DebuggerManager.prototype.breakpointResolved): Set the breakpoint's SourceCode
if it has not been set already by DebuggerManager.associateBreakpointsWithSourceCode.

• UserInterface/Models/Breakpoint.js:

(WebInspector.Breakpoint.prototype.get resolved):
(WebInspector.Breakpoint.prototype.set resolved.isSpecialBreakpoint):
(WebInspector.Breakpoint.prototype.set resolved): Add an assertion.

• UserInterface/Models/SourceCodeLocation.js: Add guards for SourceCode.

(WebInspector.SourceCodeLocation.prototype.populateLiveDisplayLocationTooltip):

• UserInterface/Views/BreakpointTreeElement.js: Account for DebuggerManager.breakpointsEnabled.

(WebInspector.BreakpointTreeElement):
(WebInspector.BreakpointTreeElement.prototype._updateStatus):

• UserInterface/Views/ProbeSetDetailsSection.js:

(WebInspector.ProbeSetDetailsSection.prototype._updateLinkElement): Loosen the assertion.

• UserInterface/Views/SourceCodeTextEditor.js: Account for DebuggerManager.breakpointsEnabled.

(WebInspector.SourceCodeTextEditor):
(WebInspector.SourceCodeTextEditor.prototype.close):
(WebInspector.SourceCodeTextEditor.prototype._breakpointStatusDidChange):
(WebInspector.SourceCodeTextEditor.prototype._breakpointsEnabledDidChange):
(WebInspector.SourceCodeTextEditor.prototype._updateBreakpointStatus):

• UserInterface/Views/TextEditor.js: Account for DebuggerManager.breakpointsEnabled.

11:14 PM Changeset in webkit [172203] by Brian Burg

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: ReplayManager should unpause and suppress breakpoints before capturing/replaying
​https://bugs.webkit.org/show_bug.cgi?id=135608

Reviewed by Timothy Hatcher.

It is jarring when the debugger pauses during capturing or replaying. For now, we should suppress
all breakpoints during capturing or replaying, and restore breakpoint enabled state when
capturing finishes, when replaying finishes, or during temporary replay pauses.

In the future, the debugger will be selectively enabled during playback to seek to specific
breakpoint hits. This is tracked in ​https://bugs.webkit.org/show_bug.cgi?id=135663.

• UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.prototype.startCapturing.result):
(WebInspector.ReplayManager.prototype.replayToPosition.result):
(WebInspector.ReplayManager.prototype.replayToCompletion.result):
(WebInspector.ReplayManager.prototype.captureStopped):
(WebInspector.ReplayManager.prototype.playbackPaused):
(WebInspector.ReplayManager.prototype.playbackFinished):
(WebInspector.ReplayManager.prototype._changeSegmentState):
(WebInspector.ReplayManager.prototype._suppressBreakpointsAndResumeIfNeeded):

10:12 PM Changeset in webkit [172202] by Brent Fulgham

• 8 edits in trunk/Source

Source/WebCore:

[Win] Correct build errors when WebGL Disabled
​https://bugs.webkit.org/show_bug.cgi?id=135687

Unreviewed build fix.

• WebCore.vcxproj/WebCore.vcxproj: Don't build Cairo files

when building CG.

• platform/graphics/GLContext.cpp: Correct use of 3D_GRAPHICS macro.
• platform/graphics/GraphicsContext3DPrivate.cpp: Ditto.
• platform/graphics/opengl/GLPlatformContext.cpp: Ditto.
• platform/graphics/opengl/GLPlatformSurface.cpp: Ditto.

Source/WebInspectorUI:

[Win] Build fix.

• WebInspectorUI.vcxproj/WebInspectorUI.vcxproj: DebugSuffix target was missing

proper path settings for final output.

9:19 PM Changeset in webkit [172201] by ryuan.choi@samsung.com

• 3 edits in trunk/Source/WebCore

Unreviewed build fix on non Cocoa port since r172172

• platform/text/TextEncodingRegistry.cpp:

(WebCore::defaultTextEncodingNameForSystemLanguage):

• platform/text/TextEncodingRegistry.h:

7:58 PM Changeset in webkit [172200] by timothy_horton@apple.com

• 3 edits in trunk/Source/WebKit2

Services overlay flashes a lot; should have some hysteresis before showing overlay
​https://bugs.webkit.org/show_bug.cgi?id=135683
<rdar://problem/16878039>

Reviewed by Simon Fraser.

Don't show the highlight until it's been 200ms since the last change
in selection or change in which highlight is hovered, whichever was more recent.

• WebProcess/WebPage/ServicesOverlayController.h:
• WebProcess/WebPage/mac/ServicesOverlayController.mm:

(WebKit::ServicesOverlayController::ServicesOverlayController):
(WebKit::ServicesOverlayController::selectionRectsDidChange):
Keep track of when the selection last changed.

(WebKit::ServicesOverlayController::drawTelephoneNumberHighlightIfVisible):
Make establishHoveredTelephoneHighlight take a bool instead of Boolean.

(WebKit::ServicesOverlayController::mouseIsOverHighlight):
Factor mouseIsOverHighlight out of establishHoveredTelephoneHighlight and drawHighlight.

(WebKit::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
Return the amount of time until the highlight should be shown; this is
the maximum of (the difference between the last selection change and the timeout)
and (the difference between the last change in which highlight is hovered and the timeout).

Telephone number highlights are shown immediately, because they are already stable
by virtue of being expanded to include the entire telephone number.

(WebKit::ServicesOverlayController::repaintHighlightTimerFired):
(WebKit::ServicesOverlayController::drawHighlight):
If the highlight shouldn't be shown yet (because we haven't hit the two timeouts),
schedule a timer to repaint us around when we will hit the timeouts.

(WebKit::ServicesOverlayController::establishHoveredTelephoneHighlight):
(WebKit::ServicesOverlayController::mouseEvent):
Don't allow mouseUp to trigger the menu if we shouldn't be showing the overlay yet.

7:43 PM Changeset in webkit [172199] by Simon Fraser

• 2 edits in trunk/Source/WebKit2

[iOS WK2] www.france24.com doesn't always load the page, sections stay white
​https://bugs.webkit.org/show_bug.cgi?id=135684
<rdar://problem/17931712>

Reviewed by Tim Horton.

It's possible for a UIScrollView for overflow to move between one scrolling tree node
and another. When this happens, we need to avoid unconditionally clearing the delegate
on the node that's being destroyed, because the new node will already have set the
UIScrollView delegate to its own delegate.

• UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:

(WebKit::ScrollingTreeOverflowScrollingNodeIOS::~ScrollingTreeOverflowScrollingNodeIOS):

5:59 PM Changeset in webkit [172198] by mark.lam@apple.com

• 2 edits in trunk/LayoutTests

Gardening: adding failed tests to TestExpectations.
<​https://webkit.org/b/135681>

Not reviewed.

• TestExpectations:

5:58 PM Changeset in webkit [172197] by mmaxfield@apple.com

• 3 edits
  1 add in trunk/Source/WebCore

[iOS] Make document marker assets not specific to particular scale factors
​https://bugs.webkit.org/show_bug.cgi?id=135671

Reviewed by Simon Fraser.

No new tests.

• WebCore.xcodeproj/project.pbxproj:
• platform/ios/wak/WKGraphics.mm:

(imageResourcePath):
(WKGraphicsCreateImageFromBundleWithName):

5:48 PM Changeset in webkit [172196] by mark.lam@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Gardening: fix for build failure on EFL bots.

Not reviewed.

• runtime/EnumerationMode.h:

(JSC::shouldIncludeJSObjectPropertyNames):
(JSC::modeThatSkipsJSObject):

• runtime/JSCell.cpp:

(JSC::JSCell::getEnumerableLength):

• runtime/JSCell.h:

5:45 PM Changeset in webkit [172195] by enrica@apple.com

• 2 edits in trunk/Source/WebCore

Services menu doesn't show up after you defocus/refocus the Safari window.
​https://bugs.webkit.org/show_bug.cgi?id=135678
<rdar://problem/17929247>

Reviewed by Tim Horton.

In setSelection we create a SelectionRectGatherer::Notifier object that will notify
SelectionOverlayController about changes to the selection rects.
Upon creation, the list of selections rects is cleared, since it is populated by
the code that collects the selection rects. That code is never called
when setSelection won't change the selection, which the case when the window is
activated. The fix consists in postponing the SelectionRectGatherer::Notifier object
creation until we know for sure that the selection is indeed going to change.

• rendering/RenderView.cpp:

(WebCore::RenderView::setSelection):

5:40 PM Changeset in webkit [172194] by dino@apple.com

• 17 edits in trunk

ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED is not used anywhere. Remove it.
​https://bugs.webkit.org/show_bug.cgi?id=135675

Reviewed by Sam Weinig.

.:

• Source/cmake/OptionsGTK.cmake:
• Source/cmake/OptionsMac.cmake:
• Source/cmake/WebKitFeatures.cmake:
• Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

• Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

• Configurations/FeatureDefines.xcconfig:

Source/WTF:

• wtf/FeatureDefines.h:

Tools:

• Scripts/webkitperl/FeatureList.pm:

5:32 PM Changeset in webkit [172193] by beidson@apple.com

• 14 edits in trunk/Source

IDB transactions never reset if the Web Process ends before cleaning up
​https://bugs.webkit.org/show_bug.cgi?id=135218

Source/WebCore:

Reviewed by David Kilzer.

No new tests (Covered by existing tests).

• Modules/indexeddb/IDBServerConnection.h: Add sync versions of reset/rollback.

• Modules/indexeddb/IDBTransactionBackend.cpp:

(WebCore::IDBTransactionBackend::abort): Call the sync versions.

Source/WebKit2:

Reviewed by Darin Adler and David Kilzer.

• DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveMessage):
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage): Added.
(WebKit::DatabaseToWebProcessConnection::didClose):

• DatabaseProcess/DatabaseToWebProcessConnection.h:

• DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp:

(WebKit::DatabaseProcessIDBConnection::resetTransactionSync): Added

Wait until the reset is complete before sending the sync reply.

(WebKit::DatabaseProcessIDBConnection::rollbackTransactionSync): Added.

Ditto.

• DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h:
• DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.messages.in:

Keep track of all in progress transactions and make sure they’re cleaned up
whenever a connection to a WebProcess is broken:

• DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:

(WebKit::UniqueIDBDatabase::unregisterConnection):
(WebKit::UniqueIDBDatabase::didCompleteTransactionOperation):
(WebKit::UniqueIDBDatabase::openBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::resetBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::didEstablishTransaction):
(WebKit::UniqueIDBDatabase::didResetTransaction):
(WebKit::UniqueIDBDatabase::resetAllTransactions):
(WebKit::UniqueIDBDatabase::finalizeRollback):

• DatabaseProcess/IndexedDB/UniqueIDBDatabase.h:

• DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:

(WebKit::UniqueIDBDatabaseBackingStoreSQLite::rollbackTransaction):

Add sync versions of reset/rollback:

• WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp:

(WebKit::WebIDBServerConnection::resetTransactionSync):
(WebKit::WebIDBServerConnection::rollbackTransactionSync):

• WebProcess/Databases/IndexedDB/WebIDBServerConnection.h:

5:19 PM Changeset in webkit [172192] by commit-queue@webkit.org

• 34 edits
  10 adds in trunk

Implement parsing for CSS scroll snap points
​https://bugs.webkit.org/show_bug.cgi?id=134301

Source/JavaScriptCore:

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

• Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

Source/WebCore:

Provided support for parsing -webkit-scroll-snap-* properties, i.e. type, points-x, points-y, destination, and coordinates.
The exact syntax of the scroll snap CSS properties follow the W3C spec at ​http://dev.w3.org/csswg/css-snappoints/

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

Tests: css3/scroll-snap/scroll-snap-property-parsing.html,

css3/scroll-snap/scroll-snap-property-computed-style.html

• CMakeLists.txt: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
• Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP
• WebCore.vcxproj/WebCore.vcxproj: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
• WebCore.vcxproj/WebCore.vcxproj.filters: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
• WebCore.xcodeproj/project.pbxproj: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp, LengthRepeat.h
• css/CSSCalculationValue.cpp: Support for LengthRepeat

(WebCore::hasDoubleValue):

• css/CSSComputedStyleDeclaration.cpp: Support for showing computed style for snap point properties.

(WebCore::scrollSnapDestination):
(WebCore::scrollSnapPoints):
(WebCore::scrollSnapCoordinates):
(WebCore::ComputedStyleExtractor::propertyValue):

• css/CSSParser.cpp: Support for parsing snap point properties.

(WebCore::isValidKeywordPropertyAndValue): handle snap point type
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue): Added support for parsing snap points.
(WebCore::CSSParser::parseNonElementSnapPoints): Helper for parsing snap points-x/y.
(WebCore::CSSParser::parseScrollSnapDestination): Helper for parsing snap point destinations.
(WebCore::CSSParser::parseScrollSnapCoordinate): Helper for parsing snap point coordinates.

• css/CSSParser.h: Support for parsing snap point properties.
• css/CSSParserValues.cpp:

(WebCore::CSSParserValue::createCSSValue):

• css/CSSPrimitiveValue.cpp:

(WebCore::isValidCSSUnitTypeForDoubleConversion):
(WebCore::CSSPrimitiveValue::init):
(WebCore::CSSPrimitiveValue::cleanup):
(WebCore::CSSPrimitiveValue::getLengthRepeatValue):
(WebCore::CSSPrimitiveValue::formatNumberForcustomCSSText):
(WebCore::CSSPrimitiveValue::cloneForCSSOM):
(WebCore::CSSPrimitiveValue::equals):

• css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isLengthRepeat):
(WebCore::CSSPrimitiveValue::getLengthRepeatValue):

• css/CSSPrimitiveValueMappings.h: Added converters for snap point type properties.

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator ScrollSnapType):

• css/CSSPropertyNames.in: Added relevant snap point property names.
• css/CSSValueKeywords.in: Added "proximity", "mandatory" and "elements".
• css/LengthRepeat.h: Added to represent values of repeat(<length>)

(WebCore::LengthRepeat::create):
(WebCore::LengthRepeat::cloneForCSSOM):
(WebCore::LengthRepeat::interval):
(WebCore::LengthRepeat::setInterval):
(WebCore::LengthRepeat::equals):
(WebCore::LengthRepeat::cssText):
(WebCore::LengthRepeat::LengthRepeat):

• css/StyleResolver.cpp: Support for handling snap point properties

(WebCore::StyleResolver::applyProperty):Updated switch case to build snap-point-related style data

• rendering/style/RenderStyle.h: Added methods to access and modify snap point data
• rendering/style/RenderStyleConstants.h: Added scroll snap type flags.
• rendering/style/StyleAllInOne.cpp: Added StyleScrollSnapPoints.cpp
• rendering/style/StyleRareNonInheritedData.cpp: Added initiazing for m_scrollSnapPoints, updated equality check

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):

• rendering/style/StyleRareNonInheritedData.h: Added field for StyleScrollSnapPoints
• rendering/style/StyleScrollSnapPoints.cpp: Added. Wrapper for basic snap point data structures.

(WebCore::StyleScrollSnapPoints::StyleScrollSnapPoints):
(WebCore::StyleScrollSnapPoints::copy):
(WebCore::StyleScrollSnapPoints::operator==):

• rendering/style/StyleScrollSnapPoints.h: Added.

(WebCore::StyleScrollSnapPoints::create):
(WebCore::StyleScrollSnapPoints::defaultRepeatOffset): Creates a new Length representing the default repeat value of repeat(100%)
(WebCore::StyleScrollSnapPoints::defaultDestinationOffset): Creates a new Length representing a default destination value (0px)
(WebCore::StyleScrollSnapPoints::operator!=):

Source/WebInspectorUI:

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

• UserInterface/Models/CSSKeywordCompletions.js: Added snap point property keywords, such as mandatory, proximity, elements, and repeat.

Source/WebKit/mac:

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

• Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

Source/WebKit2:

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

• Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

LayoutTests:

Patch by Wenson Hsieh <Wenson Hsieh> on 2014-08-06
Reviewed by Dean Jackson.

Tests that parsing -webkit-scroll-snap-* properties behaves as expected.

• css3/scroll-snap/scroll-snap-property-computed-style-expected.txt: Expected text output of below test.
• css3/scroll-snap/scroll-snap-property-computed-style.html: Tests that scroll snap properties are correctly displayed via getComputedStyle.
• css3/scroll-snap/scroll-snap-property-computed-style.js: Script for above test.

(testComputedScrollSnapRule):

• css3/scroll-snap/scroll-snap-property-parsing-expected.txt: Expected text output of below test.
• css3/scroll-snap/scroll-snap-property-parsing.html: Tests that scroll snap properties are correctly parsed.
• css3/scroll-snap/scroll-snap-property-parsing.js: Script for above test.

(testScrollSnapRule):

5:16 PM Changeset in webkit [172191] by aestes@apple.com

• 5 edits in trunk/Source

[iOS] Subresources referenced in converted QuickLook documents sometimes fail to load
​https://bugs.webkit.org/show_bug.cgi?id=135676

Reviewed by David Kilzer.

Source/WebCore:

• loader/DocumentLoader.h:

(WebCore::DocumentLoader::setQuickLookHandle):
(WebCore::DocumentLoader::quickLookHandle):

Source/WebKit2:

QuickLookHandle needs to stay alive in order for its NSURLProtocol to service subresource loads originating
from the converted HTML document. Some of these loads happen dynamically after the main resource finishes
loading, so we cannot tie the lifetime of the QuickLookHandle to that of the main resource's ResourceLoader.
Instead, give ownership of the QuickLookHandle to DocumentLoader.

• WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo): Stored the created QuickLookHandle in DocumentLoader.
(WebKit::WebResourceLoader::didReceiveData): Accessed DocumentLoader's QuickLookHandle.
(WebKit::WebResourceLoader::didFinishResourceLoad): Ditto.
(WebKit::WebResourceLoader::didFailResourceLoad): Ditto.
(WebKit::WebResourceLoader::didReceiveResource): Ditto.

• WebProcess/Network/WebResourceLoader.h: Removed m_quickLookHandle.

5:15 PM Changeset in webkit [172190] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Gardening: fix for build failure on GTK bots.

Not reviewed.

• runtime/FunctionHasExecutedCache.cpp:
• #include <limits.h> for UINT_MAX's definition.

5:09 PM Changeset in webkit [172189] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Gardening: fix for build failure on EFL bots.

Not reviewed.

• jit/JITInlines.h:

(JSC::JIT::emitLoadForArrayMode):

4:54 PM Changeset in webkit [172188] by mark.lam@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Gardening: adding missing build file changes from the FTLOPT merge at r172176.

Not reviewed.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

4:49 PM Changeset in webkit [172187] by ryuan.choi@samsung.com

• 2 edits in trunk/Source/JavaScriptCore

Unreviewed build fix attempt since r172184

• CMakeLists.txt: Removed TypeLocation.cpp

4:33 PM Changeset in webkit [172186] by dfarler@apple.com

• 2 edits in trunk

Unreviewed build fix: Make includes semicolon in assignment.

• Makefile.shared: Remove a ;

4:22 PM Changeset in webkit [172185] by mark.lam@apple.com

• 4 edits in trunk/Source/JavaScriptCore

Gardening: adding missing build file changes from r171510.
<​https://webkit.org/b/134860>

Not reviewed.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

4:11 PM Changeset in webkit [172184] by mark.lam@apple.com

• 3 edits in trunk/Source/JavaScriptCore

Gardening: adding missing build file changes from r170490.
<​https://webkit.org/b/133395>

Not reviewed.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

4:05 PM Changeset in webkit [172183] by Simon Fraser

• 3 edits
  2 adds in trunk

REGRESSION (r168119): Album flipping animation doesn’t work
​https://bugs.webkit.org/show_bug.cgi?id=132801
Source/WebCore:

<rdar://problem/16878497>, <rdar://problem/17908085>

Reviewed by Dean Jackson.

In r168119 I avoided creating backing store for backface-visibility:hidden unless
some ancestor was 3d-transformed. However, when starting transitions or animations
that apply transforms, we don't do a layout, and therefore don't update the RenderLayer
flags that mark an ancestor as having a transform. This broke various content which
used backface-visibility:hidden for "flip" animations.

Make a low-risk fix that looks for the pattern of CSS properties used for flipping,
making a compositing layer for backface-visibility:hidden if the stacking context element
has transform-style: preserve-3d.

Test: compositing/backing/backface-visibility-flip.html

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForBackfaceVisibility):

LayoutTests:

Reviewed by Dean Jackson.

Test that starts a transform animation and dumps layers.

• compositing/backing/backface-visibility-flip-expected.txt: Added.
• compositing/backing/backface-visibility-flip.html: Added.

4:04 PM Changeset in webkit [172182] by Brent Fulgham

• 6 edits in trunk/Source/WebCore

Consolidate logic for calculating scrollbar page step size
​https://bugs.webkit.org/show_bug.cgi?id=135670

Reviewed by Simon Fraser.

Consolidate the calculation of the scroll step size into a single place.
Improve the handling of sub-pixel layout behavior by performing proper
rounding on the fractional scroll ranges.

• editing/EditorCommand.cpp:

(WebCore::verticalScrollDistance): Switch to Scrollbar::pageStep method.

• platform/ScrollAnimator.cpp:

(WebCore::ScrollAnimator::handleWheelEvent): Ditto.

• platform/ScrollView.cpp:

(WebCore::ScrollView::updateScrollbars): Ditto.

• platform/Scrollbar.h:

(WebCore::Scrollbar::pageStep): Added.
(WebCore::Scrollbar::pageStepDelta): Added.

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::updateScrollbarsAfterLayout): Switch to Scrollbar method.

3:52 PM Changeset in webkit [172181] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Silence a debug assertion.

Reviewed by Mark Hahnenberg.

• runtime/JSPropertyNameEnumerator.h:

(JSC::JSPropertyNameEnumerator::cachedStructure):

2:53 PM Changeset in webkit [172180] by Brian Burg

• 14 edits in trunk/Source/WebCore

Web Replay: dispatch timing information should be stored out-of-line in a replay segment
​https://bugs.webkit.org/show_bug.cgi?id=135295

Reviewed by Timothy Hatcher.

We need to save a timestamp for each event loop input so that replay can
simulate the original user and network delays. Currently that timestamp
is stored on each EventLoopInput instance.

This patch stores timestamp data in a separate vector attached to the segment.
The event loop input class is now immutable, and new auxiliary data can be added
without adding members to the EventLoopInput class.

As part of the refactoring, InputCursors now keep a reference to the relevant
session segment instead of a reference to their input storage. InputCursors can
be created directly, instead of through ReplaySessionSegment.

No new tests. No behavior was changed.

• inspector/InspectorReplayAgent.cpp:

(WebCore::buildInspectorObjectForInput): Don't send the timestamp with the input.
(WebCore::buildInspectorObjectForSegment):

• inspector/protocol/Replay.json: Remove optional timestamp field for ReplayInput.
• replay/CapturingInputCursor.cpp:

(WebCore::CapturingInputCursor::CapturingInputCursor):
(WebCore::CapturingInputCursor::create):
(WebCore::CapturingInputCursor::storeInput): Save event loop input timings here.

• replay/CapturingInputCursor.h:
• replay/EventLoopInput.h:

(WebCore::EventLoopInputBase::EventLoopInputBase): Deleted.
(WebCore::EventLoopInputBase::timestamp): Deleted.
(WebCore::EventLoopInputBase::setTimestamp): Deleted.

• replay/EventLoopInputDispatcher.cpp: Use a struct for dispatch information.

(WebCore::EventLoopInputDispatcher::EventLoopInputDispatcher):
(WebCore::EventLoopInputDispatcher::dispatchInputSoon):
(WebCore::EventLoopInputDispatcher::dispatchInput):

• replay/EventLoopInputDispatcher.h:
• replay/FunctorInputCursor.h:

(WebCore::FunctorInputCursor::forEachInputInQueue):
(WebCore::FunctorInputCursor::FunctorInputCursor):

• replay/ReplayController.cpp:

(WebCore::ReplayController::createSegment):
(WebCore::ReplayController::loadSegmentAtIndex):
(WebCore::ReplayController::unloadSegment): Deleted.
(WebCore::ReplayController::startPlayback): Deleted.

• replay/ReplaySessionSegment.cpp:

(WebCore::ReplaySessionSegment::createCapturingCursor): Deleted.
(WebCore::ReplaySessionSegment::createReplayingCursor): Deleted.
(WebCore::ReplaySessionSegment::createFunctorCursor): Deleted.

• replay/ReplaySessionSegment.h:

(WebCore::ReplaySessionSegment::storage):
(WebCore::ReplaySessionSegment::eventLoopTimings):

• replay/ReplayingInputCursor.cpp:

(WebCore::ReplayingInputCursor::ReplayingInputCursor):
(WebCore::ReplayingInputCursor::create):
(WebCore::ReplayingInputCursor::uncheckedLoadInput):
(WebCore::ReplayingInputCursor::loadEventLoopInput): Added. This method collates
and returns the next event loop input with its associated dispatch information.

• replay/ReplayingInputCursor.h:

2:51 PM Changeset in webkit [172179] by timothy_horton@apple.com

• 2 edits in trunk/Source/WebCore

Document-relative overlays disappear after doing page-cache navigations
​https://bugs.webkit.org/show_bug.cgi?id=135669
<rdar://problem/17929171>

Reviewed by Simon Fraser.

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::rootLayerAttachmentChanged):
When navigating from one page to another, the document-relative overlay
layer is moved from the layer tree of the RenderLayerCompositor of the
first RenderView to the layer tree of the RenderLayerCompositor of the
new RenderView, upon layer tree construction.
When going "back" via a page cache navigation, we don't rebuild the
layer tree, and just assume that it is in a valid state.
However, the document-relative overlay layer was *moved*, and as such,
needs to be moved back. To do this, reattach the document-relative
overlay layer whenever the root layer attachment of a RenderLayerCompositor
changes, which will happen in the right order when going back to a cached page.

2:48 PM Changeset in webkit [172178] by matthew_hanson@apple.com

• 1 copy in tags/Safari-600.1.4.7

New Tag.

2:43 PM Changeset in webkit [172177] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Fix 32-bit build.

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileHasIndexedProperty):

2:32 PM Changeset in webkit [172176] by fpizlo@apple.com

• 130 edits
  18 adds
  2 deletes in trunk/Source

Merge r171389, r171495, r171508, r171510, r171605, r171606, r171611, r171614, r171763 from ftlopt.

Source/JavaScriptCore:

2014-07-28 Mark Hahnenberg <​mhahnenberg@apple.com>

Support for-in in the FTL
​https://bugs.webkit.org/show_bug.cgi?id=134140

Reviewed by Filip Pizlo.

• dfg/DFGSSALoweringPhase.cpp: (JSC::DFG::SSALoweringPhase::handleNode):
• ftl/FTLAbstractHeapRepository.cpp:
• ftl/FTLAbstractHeapRepository.h:
• ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
• ftl/FTLIntrinsicRepository.h:
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileHasIndexedProperty): (JSC::FTL::LowerDFGToLLVM::compileHasGenericProperty): (JSC::FTL::LowerDFGToLLVM::compileHasStructureProperty): (JSC::FTL::LowerDFGToLLVM::compileGetDirectPname): (JSC::FTL::LowerDFGToLLVM::compileGetEnumerableLength): (JSC::FTL::LowerDFGToLLVM::compileGetStructurePropertyEnumerator): (JSC::FTL::LowerDFGToLLVM::compileGetGenericPropertyEnumerator): (JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname): (JSC::FTL::LowerDFGToLLVM::compileToIndexString):

2014-07-25 Mark Hahnenberg <​mhahnenberg@apple.com>

Remove JSPropertyNameIterator
​https://bugs.webkit.org/show_bug.cgi?id=135066

Reviewed by Geoffrey Garen.

It has been replaced by JSPropertyNameEnumerator.

• JavaScriptCore.order:
• bytecode/BytecodeBasicBlock.cpp: (JSC::isBranch):
• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode):
• bytecode/PreciseJumpTargets.cpp: (JSC::getJumpTargetsForBytecodeOffset):
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitGetPropertyNames): Deleted. (JSC::BytecodeGenerator::emitNextPropertyName): Deleted.
• bytecompiler/BytecodeGenerator.h:
• interpreter/Interpreter.cpp:
• interpreter/Register.h:
• jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
• jit/JIT.h:
• jit/JITOpcodes.cpp: (JSC::JIT::emit_op_get_pnames): Deleted. (JSC::JIT::emit_op_next_pname): Deleted.
• jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_get_pnames): Deleted. (JSC::JIT::emit_op_next_pname): Deleted.
• jit/JITOperations.cpp:
• jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_get_by_pname): Deleted. (JSC::JIT::emitSlow_op_get_by_pname): Deleted.
• jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emit_op_get_by_pname): Deleted. (JSC::JIT::emitSlow_op_get_by_pname): Deleted.
• llint/LLIntOffsetsExtractor.cpp:
• llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): Deleted.
• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/CommonSlowPaths.cpp:
• runtime/JSPropertyNameIterator.cpp: (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Deleted. (JSC::JSPropertyNameIterator::create): Deleted. (JSC::JSPropertyNameIterator::destroy): Deleted. (JSC::JSPropertyNameIterator::get): Deleted. (JSC::JSPropertyNameIterator::visitChildren): Deleted.
• runtime/JSPropertyNameIterator.h: (JSC::JSPropertyNameIterator::createStructure): Deleted. (JSC::JSPropertyNameIterator::size): Deleted. (JSC::JSPropertyNameIterator::setCachedStructure): Deleted. (JSC::JSPropertyNameIterator::cachedStructure): Deleted. (JSC::JSPropertyNameIterator::setCachedPrototypeChain): Deleted. (JSC::JSPropertyNameIterator::cachedPrototypeChain): Deleted. (JSC::JSPropertyNameIterator::finishCreation): Deleted. (JSC::Register::propertyNameIterator): Deleted. (JSC::StructureRareData::enumerationCache): Deleted. (JSC::StructureRareData::setEnumerationCache): Deleted.
• runtime/Structure.cpp: (JSC::Structure::addPropertyWithoutTransition): (JSC::Structure::removePropertyWithoutTransition):
• runtime/Structure.h:
• runtime/StructureInlines.h: (JSC::Structure::setEnumerationCache): Deleted. (JSC::Structure::enumerationCache): Deleted.
• runtime/StructureRareData.cpp: (JSC::StructureRareData::visitChildren):
• runtime/StructureRareData.h:
• runtime/VM.cpp: (JSC::VM::VM):

2014-07-25 Saam Barati <​sbarati@apple.com>

Fix 32-bit build breakage for type profiling
​https://bugs.webkit.org/process_bug.cgi

Reviewed by Mark Hahnenberg.

32-bit builds currently break because global variable IDs for high
fidelity type profiling are int64_t. Change this to intptr_t so that
it's 32 bits on 32-bit platforms and 64 bits on 64-bit platforms.

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::scopeDependentProfile):
• bytecode/TypeLocation.h:
• runtime/SymbolTable.cpp: (JSC::SymbolTable::uniqueIDForVariable): (JSC::SymbolTable::uniqueIDForRegister):
• runtime/SymbolTable.h:
• runtime/TypeLocationCache.cpp: (JSC::TypeLocationCache::getTypeLocation):
• runtime/TypeLocationCache.h:
• runtime/VM.h: (JSC::VM::getNextUniqueVariableID):

2014-07-25 Mark Hahnenberg <​mhahnenberg@apple.com>

Reindent PropertyNameArray.h
​https://bugs.webkit.org/show_bug.cgi?id=135067

Reviewed by Geoffrey Garen.

• runtime/PropertyNameArray.h: (JSC::RefCountedIdentifierSet::contains): (JSC::RefCountedIdentifierSet::size): (JSC::RefCountedIdentifierSet::add): (JSC::PropertyNameArrayData::create): (JSC::PropertyNameArrayData::propertyNameVector): (JSC::PropertyNameArrayData::PropertyNameArrayData): (JSC::PropertyNameArray::PropertyNameArray): (JSC::PropertyNameArray::vm): (JSC::PropertyNameArray::add): (JSC::PropertyNameArray::addKnownUnique): (JSC::PropertyNameArray::operator[]): (JSC::PropertyNameArray::setData): (JSC::PropertyNameArray::data): (JSC::PropertyNameArray::releaseData): (JSC::PropertyNameArray::identifierSet): (JSC::PropertyNameArray::canAddKnownUniqueForStructure): (JSC::PropertyNameArray::size): (JSC::PropertyNameArray::begin): (JSC::PropertyNameArray::end): (JSC::PropertyNameArray::numCacheableSlots): (JSC::PropertyNameArray::setNumCacheableSlotsForObject): (JSC::PropertyNameArray::setBaseObject): (JSC::PropertyNameArray::setPreviouslyEnumeratedLength):

2014-07-23 Mark Hahnenberg <​mhahnenberg@apple.com>

Refactor our current implementation of for-in
​https://bugs.webkit.org/show_bug.cgi?id=134142

Reviewed by Filip Pizlo.

This patch splits for-in loops into three distinct parts:

• Iterating over the indexed properties in the base object.
• Iterating over the Structure properties in the base object.
• Iterating over any other enumerable properties for that object and any objects in the prototype chain.

It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
support the various operations required for each loop.

• API/JSCallbackObjectFunctions.h: (JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
• bytecode/CallLinkStatus.h: (JSC::CallLinkStatus::CallLinkStatus):
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::CodeBlock):
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitGetByVal): (JSC::BytecodeGenerator::emitComplexPopScopes): (JSC::BytecodeGenerator::emitGetEnumerableLength): (JSC::BytecodeGenerator::emitHasGenericProperty): (JSC::BytecodeGenerator::emitHasIndexedProperty): (JSC::BytecodeGenerator::emitHasStructureProperty): (JSC::BytecodeGenerator::emitGetStructurePropertyEnumerator): (JSC::BytecodeGenerator::emitGetGenericPropertyEnumerator): (JSC::BytecodeGenerator::emitNextEnumeratorPropertyName): (JSC::BytecodeGenerator::emitToIndexString): (JSC::BytecodeGenerator::pushIndexedForInScope): (JSC::BytecodeGenerator::popIndexedForInScope): (JSC::BytecodeGenerator::pushStructureForInScope): (JSC::BytecodeGenerator::popStructureForInScope): (JSC::BytecodeGenerator::invalidateForInContextForLocal):
• bytecompiler/BytecodeGenerator.h: (JSC::ForInContext::ForInContext): (JSC::ForInContext::~ForInContext): (JSC::ForInContext::isValid): (JSC::ForInContext::invalidate): (JSC::ForInContext::local): (JSC::StructureForInContext::StructureForInContext): (JSC::StructureForInContext::type): (JSC::StructureForInContext::index): (JSC::StructureForInContext::property): (JSC::StructureForInContext::enumerator): (JSC::IndexedForInContext::IndexedForInContext): (JSC::IndexedForInContext::type): (JSC::IndexedForInContext::index): (JSC::BytecodeGenerator::pushOptimisedForIn): Deleted. (JSC::BytecodeGenerator::popOptimisedForIn): Deleted.
• bytecompiler/NodesCodegen.cpp: (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::ForInNode::tryGetBoundLocal): (JSC::ForInNode::emitLoopHeader): (JSC::ForInNode::emitMultiLoopBytecode): (JSC::ForInNode::emitBytecode):
• debugger/DebuggerScope.h:
• dfg/DFGAbstractHeap.h:
• dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
• dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
• dfg/DFGCapabilities.cpp: (JSC::DFG::capabilityLevel):
• dfg/DFGClobberize.h: (JSC::DFG::clobberize):
• dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC):
• dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
• dfg/DFGHeapLocation.cpp: (WTF::printInternal):
• dfg/DFGHeapLocation.h:
• dfg/DFGNode.h: (JSC::DFG::Node::hasHeapPrediction): (JSC::DFG::Node::hasArrayMode):
• dfg/DFGNodeType.h:
• dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
• dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
• dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation):
• dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
• dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
• jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
• jit/JIT.h: (JSC::JIT::compileHasIndexedProperty): (JSC::JIT::emitInt32Load):
• jit/JITInlines.h: (JSC::JIT::emitDoubleGetByVal): (JSC::JIT::emitLoadForArrayMode): (JSC::JIT::emitContiguousGetByVal): (JSC::JIT::emitArrayStorageGetByVal):
• jit/JITOpcodes.cpp: (JSC::JIT::emit_op_get_enumerable_length): (JSC::JIT::emit_op_has_structure_property): (JSC::JIT::emitSlow_op_has_structure_property): (JSC::JIT::emit_op_has_generic_property): (JSC::JIT::privateCompileHasIndexedProperty): (JSC::JIT::emit_op_has_indexed_property): (JSC::JIT::emitSlow_op_has_indexed_property): (JSC::JIT::emit_op_get_direct_pname): (JSC::JIT::emitSlow_op_get_direct_pname): (JSC::JIT::emit_op_get_structure_property_enumerator): (JSC::JIT::emit_op_get_generic_property_enumerator): (JSC::JIT::emit_op_next_enumerator_pname): (JSC::JIT::emit_op_to_index_string):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_get_enumerable_length): (JSC::JIT::emit_op_has_structure_property): (JSC::JIT::emitSlow_op_has_structure_property): (JSC::JIT::emit_op_has_generic_property): (JSC::JIT::privateCompileHasIndexedProperty): (JSC::JIT::emit_op_has_indexed_property): (JSC::JIT::emitSlow_op_has_indexed_property): (JSC::JIT::emit_op_get_direct_pname): (JSC::JIT::emitSlow_op_get_direct_pname): (JSC::JIT::emit_op_get_structure_property_enumerator): (JSC::JIT::emit_op_get_generic_property_enumerator): (JSC::JIT::emit_op_next_enumerator_pname): (JSC::JIT::emit_op_to_index_string):
• jit/JITOperations.cpp:
• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp: (JSC::JIT::emitDoubleLoad): (JSC::JIT::emitContiguousLoad): (JSC::JIT::emitArrayStorageLoad): (JSC::JIT::emitDoubleGetByVal): Deleted. (JSC::JIT::emitContiguousGetByVal): Deleted. (JSC::JIT::emitArrayStorageGetByVal): Deleted.
• jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emitContiguousLoad): (JSC::JIT::emitDoubleLoad): (JSC::JIT::emitArrayStorageLoad): (JSC::JIT::emitContiguousGetByVal): Deleted. (JSC::JIT::emitDoubleGetByVal): Deleted. (JSC::JIT::emitArrayStorageGetByVal): Deleted.
• llint/LowLevelInterpreter.asm:
• parser/Nodes.h:
• runtime/Arguments.cpp: (JSC::Arguments::getOwnPropertyNames):
• runtime/ClassInfo.h:
• runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL):
• runtime/CommonSlowPaths.h:
• runtime/EnumerationMode.h: Added. (JSC::shouldIncludeDontEnumProperties): (JSC::shouldExcludeDontEnumProperties): (JSC::shouldIncludeJSObjectPropertyNames): (JSC::modeThatSkipsJSObject):
• runtime/JSActivation.cpp: (JSC::JSActivation::getOwnNonIndexPropertyNames):
• runtime/JSArray.cpp: (JSC::JSArray::getOwnNonIndexPropertyNames):
• runtime/JSArrayBuffer.cpp: (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
• runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
• runtime/JSCell.cpp: (JSC::JSCell::getEnumerableLength): (JSC::JSCell::getStructurePropertyNames): (JSC::JSCell::getGenericPropertyNames):
• runtime/JSCell.h:
• runtime/JSFunction.cpp: (JSC::JSFunction::getOwnNonIndexPropertyNames):
• runtime/JSGenericTypedArrayViewInlines.h: (JSC::JSGenericTypedArrayView<Adaptor>::getOwnNonIndexPropertyNames):
• runtime/JSObject.cpp: (JSC::getClassPropertyNames): (JSC::JSObject::hasOwnProperty): (JSC::JSObject::getOwnPropertyNames): (JSC::JSObject::getOwnNonIndexPropertyNames): (JSC::JSObject::getEnumerableLength): (JSC::JSObject::getStructurePropertyNames): (JSC::JSObject::getGenericPropertyNames):
• runtime/JSObject.h:
• runtime/JSPropertyNameEnumerator.cpp: Added. (JSC::JSPropertyNameEnumerator::create): (JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator): (JSC::JSPropertyNameEnumerator::finishCreation): (JSC::JSPropertyNameEnumerator::destroy): (JSC::JSPropertyNameEnumerator::visitChildren):
• runtime/JSPropertyNameEnumerator.h: Added. (JSC::JSPropertyNameEnumerator::createStructure): (JSC::JSPropertyNameEnumerator::propertyNameAtIndex): (JSC::JSPropertyNameEnumerator::identifierSet): (JSC::JSPropertyNameEnumerator::cachedPrototypeChain): (JSC::JSPropertyNameEnumerator::setCachedPrototypeChain): (JSC::JSPropertyNameEnumerator::cachedStructure): (JSC::JSPropertyNameEnumerator::cachedStructureID): (JSC::JSPropertyNameEnumerator::cachedInlineCapacity): (JSC::JSPropertyNameEnumerator::cachedStructureIDOffset): (JSC::JSPropertyNameEnumerator::cachedInlineCapacityOffset): (JSC::JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset): (JSC::JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset): (JSC::structurePropertyNameEnumerator): (JSC::genericPropertyNameEnumerator):
• runtime/JSProxy.cpp: (JSC::JSProxy::getEnumerableLength): (JSC::JSProxy::getStructurePropertyNames): (JSC::JSProxy::getGenericPropertyNames):
• runtime/JSProxy.h:
• runtime/JSSymbolTableObject.cpp: (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
• runtime/PropertyNameArray.cpp: (JSC::PropertyNameArray::add): (JSC::PropertyNameArray::setPreviouslyEnumeratedProperties):
• runtime/PropertyNameArray.h: (JSC::RefCountedIdentifierSet::contains): (JSC::RefCountedIdentifierSet::size): (JSC::RefCountedIdentifierSet::add): (JSC::PropertyNameArray::PropertyNameArray): (JSC::PropertyNameArray::add): (JSC::PropertyNameArray::addKnownUnique): (JSC::PropertyNameArray::identifierSet): (JSC::PropertyNameArray::canAddKnownUniqueForStructure): (JSC::PropertyNameArray::setPreviouslyEnumeratedLength):
• runtime/RegExpObject.cpp: (JSC::RegExpObject::getOwnNonIndexPropertyNames): (JSC::RegExpObject::getPropertyNames): (JSC::RegExpObject::getGenericPropertyNames):
• runtime/RegExpObject.h:
• runtime/StringObject.cpp: (JSC::StringObject::getOwnPropertyNames):
• runtime/Structure.cpp: (JSC::Structure::getPropertyNamesFromStructure): (JSC::Structure::setCachedStructurePropertyNameEnumerator): (JSC::Structure::cachedStructurePropertyNameEnumerator): (JSC::Structure::setCachedGenericPropertyNameEnumerator): (JSC::Structure::cachedGenericPropertyNameEnumerator): (JSC::Structure::canCacheStructurePropertyNameEnumerator): (JSC::Structure::canCacheGenericPropertyNameEnumerator): (JSC::Structure::canAccessPropertiesQuickly):
• runtime/Structure.h:
• runtime/StructureRareData.cpp: (JSC::StructureRareData::visitChildren): (JSC::StructureRareData::cachedStructurePropertyNameEnumerator): (JSC::StructureRareData::setCachedStructurePropertyNameEnumerator): (JSC::StructureRareData::cachedGenericPropertyNameEnumerator): (JSC::StructureRareData::setCachedGenericPropertyNameEnumerator):
• runtime/StructureRareData.h:
• runtime/VM.cpp: (JSC::VM::VM):
• runtime/VM.h:

2014-07-23 Saam Barati <​sbarati@apple.com>

Make improvements to Type Profiling
​https://bugs.webkit.org/show_bug.cgi?id=134860

Reviewed by Filip Pizlo.

I improved the API between the inspector and JSC. We no longer send one huge
string to the inspector. We now send structured data that represents the type
information that JSC has collected. I've also created a beginning implementation
of a type lattice that allows us to resolve a display name for a type that
consists of a single word.

I created a data structure that knows which functions have executed. This
solves the bug where types inside an un-executed function will resolve
to the type of the enclosing expression of that function. This data
structure may also be useful later if the inspector chooses to create a UI
around showing which functions have executed.

Better type information is gathered for objects. StructureShape now
represents an object's prototype chain. StructureShape also collects
the constructor name for an object.

Expression ranges are now zero indexed.

Removed some extraneous methods.

• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::scopeDependentProfile):
• bytecode/CodeBlock.h:
• bytecode/TypeLocation.h: (JSC::TypeLocation::TypeLocation):
• bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
• bytecode/UnlinkedCodeBlock.h: (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset): (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset):
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):
• bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.
• heap/Heap.cpp: (JSC::Heap::collect):
• inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets): (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset): Deleted.
• inspector/agents/InspectorRuntimeAgent.h:
• inspector/protocol/Runtime.json:
• runtime/Executable.cpp: (JSC::ScriptExecutable::ScriptExecutable): (JSC::ProgramExecutable::ProgramExecutable): (JSC::FunctionExecutable::FunctionExecutable): (JSC::ProgramExecutable::initializeGlobalProperties):
• runtime/Executable.h: (JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset): (JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset):
• runtime/FunctionHasExecutedCache.cpp: Added. (JSC::FunctionHasExecutedCache::hasExecutedAtOffset): (JSC::FunctionHasExecutedCache::insertUnexecutedRange): (JSC::FunctionHasExecutedCache::removeUnexecutedRange):
• runtime/FunctionHasExecutedCache.h: Added. (JSC::FunctionHasExecutedCache::FunctionRange::FunctionRange): (JSC::FunctionHasExecutedCache::FunctionRange::operator==): (JSC::FunctionHasExecutedCache::FunctionRange::hash):
• runtime/HighFidelityLog.cpp: (JSC::HighFidelityLog::processHighFidelityLog): (JSC::HighFidelityLog::actuallyProcessLogThreadFunction): Deleted.
• runtime/HighFidelityLog.h: (JSC::HighFidelityLog::recordTypeInformationForLocation):
• runtime/HighFidelityTypeProfiler.cpp: (JSC::HighFidelityTypeProfiler::logTypesForTypeLocation): (JSC::HighFidelityTypeProfiler::insertNewLocation): (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector): (JSC::descriptorMatchesTypeLocation): (JSC::HighFidelityTypeProfiler::findLocation): (JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset): Deleted. (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset): Deleted. (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset): Deleted.
• runtime/HighFidelityTypeProfiler.h: (JSC::QueryKey::QueryKey): (JSC::QueryKey::isHashTableDeletedValue): (JSC::QueryKey::operator==): (JSC::QueryKey::hash): (JSC::QueryKeyHash::hash): (JSC::QueryKeyHash::equal): (JSC::HighFidelityTypeProfiler::functionHasExecutedCache): (JSC::HighFidelityTypeProfiler::typeLocationCache):
• runtime/Structure.cpp: (JSC::Structure::toStructureShape):
• runtime/Structure.h:
• runtime/TypeLocationCache.cpp: Added. (JSC::TypeLocationCache::getTypeLocation):
• runtime/TypeLocationCache.h: Added. (JSC::TypeLocationCache::LocationKey::LocationKey): (JSC::TypeLocationCache::LocationKey::operator==): (JSC::TypeLocationCache::LocationKey::hash):
• runtime/TypeSet.cpp: (JSC::TypeSet::getRuntimeTypeForValue): (JSC::TypeSet::addTypeForValue): (JSC::TypeSet::seenTypes): (JSC::TypeSet::doesTypeConformTo): (JSC::TypeSet::displayName): (JSC::TypeSet::allPrimitiveTypeNames): (JSC::TypeSet::allStructureRepresentations): (JSC::TypeSet::leastCommonAncestor): (JSC::StructureShape::StructureShape): (JSC::StructureShape::addProperty): (JSC::StructureShape::propertyHash): (JSC::StructureShape::leastCommonAncestor): (JSC::StructureShape::stringRepresentation): (JSC::StructureShape::inspectorRepresentation): (JSC::StructureShape::leastUpperBound): Deleted.
• runtime/TypeSet.h: (JSC::StructureShape::setConstructorName): (JSC::StructureShape::constructorName): (JSC::StructureShape::setProto):
• runtime/VM.cpp: (JSC::VM::dumpHighFidelityProfilingTypes): (JSC::VM::getTypesForVariableAtOffset): Deleted. (JSC::VM::updateHighFidelityTypeProfileState): Deleted.
• runtime/VM.h: (JSC::VM::isProfilingTypesWithHighFidelity): (JSC::VM::highFidelityTypeProfiler):

2014-07-23 Filip Pizlo <​fpizlo@apple.com>

Fix debug build.

• bytecode/CallLinkStatus.h: (JSC::CallLinkStatus::CallLinkStatus):

2014-07-20 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Phantoms in SSA form should be aggressively hoisted
​https://bugs.webkit.org/show_bug.cgi?id=135111

Reviewed by Oliver Hunt.

In CPS form, Phantom means three things: (1) that the children should be kept alive so long
as they are relevant to OSR (due to a MovHint), (2) that the children are live-in-bytecode
at the point of the Phantom, and (3) that some checks should be performed. In SSA, the
second meaning is not used but the other two stay.

The fact that a Phantom that is used to keep a node alive could be anywhere in the graph,
even in a totally different basic block, complicates some SSA transformations. It's not
possible to just jettison some successor, since tha successor could have a Phantom that we
care about.

This change rationalizes how Phantoms work so that:

1) Phantoms keep children alive so long as those children are relevant to OSR. This is true

in both CPS and SSA. This was true before and it's true now.

2) Phantoms are used for live-in-bytecode only in CPS. This was true before and it's true

now, except that now we also don't bother preserving the live-in-bytecode information
that Phantoms convey, when we are in SSA.

3) Phantoms may incidentally have checks, but in cases where we only want checks, we now

use Check instead of Phantom. Notably, DCE phase has dead nodes decay to Check, not
Phantom.

The biggest part of this change is that in SSA, we canonicalize Phantoms:

• All Phantoms are replaced with Check nodes that include only those edges that have checks.

• Nodes that were the children of any Phantoms have a Phantom right after them.

For example, the following code:

5: ArithAdd(@1, @2)
6: ArithSub(@5, @3)
7: Phantom(Int32:@5)

would be turned into the following:

5: ArithAdd(@1, @2)
8: Phantom(@5) @5 was the child of a Phantom, so we create a new Phantom right after

@5. This is the only Phantom we will have for @5.

6: ArithSub(@5, @3)
7: Check(Int32:@5) We replace the Phantom with a Check; in this case since Int32: is

a checking edge, we leave it.

This is a slight speed-up across the board, presumably because we now do a better job of
reducing the size of the graph during compilation. It could also be a fluke, though. The
main purpose of this is to unlock some other work (like CFG simplification in SSA). It will
become a requirement to run phantom canonicalization prior to some SSA phases. None of the
current phases need it, but future phases probably will.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
• dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants):
• dfg/DFGDCEPhase.cpp: (JSC::DFG::DCEPhase::run): (JSC::DFG::DCEPhase::findTypeCheckRoot): (JSC::DFG::DCEPhase::countEdge): (JSC::DFG::DCEPhase::fixupBlock): (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
• dfg/DFGEdge.cpp: (JSC::DFG::Edge::dump):
• dfg/DFGEdge.h: (JSC::DFG::Edge::isProved): (JSC::DFG::Edge::needsCheck): Deleted.
• dfg/DFGNodeFlags.h:
• dfg/DFGPhantomCanonicalizationPhase.cpp: Added. (JSC::DFG::PhantomCanonicalizationPhase::PhantomCanonicalizationPhase): (JSC::DFG::PhantomCanonicalizationPhase::run): (JSC::DFG::performPhantomCanonicalization):
• dfg/DFGPhantomCanonicalizationPhase.h: Added.
• dfg/DFGPhantomRemovalPhase.cpp: (JSC::DFG::PhantomRemovalPhase::run):
• dfg/DFGPhantomRemovalPhase.h:
• dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::lowJSValue): (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):

2014-07-22 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Get rid of structure checks as a way of checking if a function is in fact a function
​https://bugs.webkit.org/show_bug.cgi?id=135146

Reviewed by Oliver Hunt.

This greatly simplifies our closure call optimizations by taking advantage of the type
bits available in the cell header.

• bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::visitWeak):
• bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::CallLinkStatus): (JSC::CallLinkStatus::computeFor): (JSC::CallLinkStatus::dump):
• bytecode/CallLinkStatus.h: (JSC::CallLinkStatus::CallLinkStatus): (JSC::CallLinkStatus::executable): (JSC::CallLinkStatus::structure): Deleted.
• dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::emitFunctionChecks):
• dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (JSC::DFG::FixupPhase::observeUseKindOnNode):
• dfg/DFGSafeToExecute.h: (JSC::DFG::SafeToExecuteEdge::operator()):
• dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::speculateCellTypeWithoutTypeFiltering): (JSC::DFG::SpeculativeJIT::speculateCellType): (JSC::DFG::SpeculativeJIT::speculateFunction): (JSC::DFG::SpeculativeJIT::speculateFinalObject): (JSC::DFG::SpeculativeJIT::speculate):
• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
• dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
• dfg/DFGUseKind.cpp: (WTF::printInternal):
• dfg/DFGUseKind.h: (JSC::DFG::typeFilterFor): (JSC::DFG::isCell):
• ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): (JSC::FTL::LowerDFGToLLVM::speculate): (JSC::FTL::LowerDFGToLLVM::isFunction): (JSC::FTL::LowerDFGToLLVM::isNotFunction): (JSC::FTL::LowerDFGToLLVM::speculateFunction):
• jit/ClosureCallStubRoutine.cpp: (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine): (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
• jit/ClosureCallStubRoutine.h: (JSC::ClosureCallStubRoutine::structure): Deleted.
• jit/JIT.h: (JSC::JIT::compileClosureCall): Deleted.
• jit/JITCall.cpp: (JSC::JIT::privateCompileClosureCall): Deleted.
• jit/JITCall32_64.cpp: (JSC::JIT::privateCompileClosureCall): Deleted.
• jit/JITOperations.cpp:
• jit/Repatch.cpp: (JSC::linkClosureCall):
• jit/Repatch.h:

Source/WebCore:

2014-08-06 Mark Hahnenberg <​mhahnenberg@apple.com>

Refactor our current implementation of for-in
​https://bugs.webkit.org/show_bug.cgi?id=134142

Reviewed by Filip Pizlo.

No new tests.

This patch splits for-in loops into three distinct parts:

• Iterating over the indexed properties in the base object.
• Iterating over the Structure properties in the base object.
• Iterating over any other enumerable properties for that object and any objects in the prototype chain.

It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
support the various operations required for each loop.

• bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::getEnumerableLength): (WebCore::JSDOMWindow::getStructurePropertyNames): (WebCore::JSDOMWindow::getGenericPropertyNames):
• bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader):
• bridge/runtime_array.cpp: (JSC::RuntimeArray::getOwnPropertyNames):

Source/WebKit2:

2014-08-06 Mark Hahnenberg <​mhahnenberg@apple.com>

Refactor our current implementation of for-in
​https://bugs.webkit.org/show_bug.cgi?id=134142

Reviewed by Filip Pizlo.

• WebProcess/Plugins/Netscape/JSNPObject.cpp: (WebKit::JSNPObject::invalidate): Fixed an invalid ASSERT that was crashing in debug builds.

2:09 PM Changeset in webkit [172175] by matthew_hanson@apple.com

• 15 edits in branches/safari-600.1.4-branch/Source

Merge r172172. <rdar://problem/17862892>

1:38 PM Changeset in webkit [172174] by dfarler@apple.com

• 4 edits in trunk

Set DSYMUTIL_NUM_THREADS to the number of logical cores
​https://bugs.webkit.org/show_bug.cgi?id=135655

Reviewed by Mark Rowe.

.:

• Makefile.shared: Export DSYMUTIL_NUM_THREADS.

Tools:

• Scripts/webkitdirs.pm:

(buildXCodeProject): Set before calling xcodebuild.

1:25 PM Changeset in webkit [172173] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r172025. <rdar://problem/17715503>

1:25 PM Changeset in webkit [172172] by ap@apple.com

• 15 edits in trunk/Source

REGRESSION (WebKit2): iOS Safari default encoding doesn't follow system language
​https://bugs.webkit.org/show_bug.cgi?id=135667
<rdar://problem/17862892>

Reviewed by Anders Carlsson.

Source/WebCore:
Moved a function that computes default encoding from WebKit to WebCore, so that
it could be shared with WebKit2.

• WebCore.exp.in:
• platform/ios/WebCoreSystemInterfaceIOS.mm:
• platform/mac/WebCoreSystemInterface.h:
• platform/mac/WebCoreSystemInterface.mm:
• platform/text/TextEncodingRegistry.cpp:

(WebCore::defaultTextEncodingNameForSystemLanguage):

• platform/text/TextEncodingRegistry.h:

Source/WebKit/mac:

• WebView/WebPreferences.mm: (+[WebPreferences _setInitialDefaultTextEncodingToSystemEncoding]):

Moved implementation to WebCore, so that it can be shared with WebKit2.

• WebCoreSupport/WebSystemInterface.mm: (InitWebCoreSystemInterface):

We now use WKGetWebDefaultCFStringEncoding in WebCore, so it needs to be initialized.

Source/WebKit2:

• Shared/WebPreferencesDefinitions.h: Compute the actual proper default, don't

hardcode it to ISO-8859-1 hoping that someone else will correct it later.

• Shared/WebPreferencesStore.cpp: Added an include for WebPreferencesDefinitions.h

macro expansion to compile.

• UIProcess/WebPreferences.cpp: (WebKit::WebPreferences::createWithLegacyDefaults):

Added a FIXME.

• WebProcess/WebCoreSupport/mac/WebSystemInterface.mm: (InitWebCoreSystemInterface):

We now use WKGetWebDefaultCFStringEncoding in WebCore, so it needs to be initialized.

1:23 PM Changeset in webkit [172171] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172159. <rdar://problem/17869353>

1:19 PM Changeset in webkit [172170] by dburkart@apple.com

• 1 edit in branches/safari-537.78-branch/Source/WebCore/ChangeLog

Fixup ChangeLog from merge r169475 -> 171377

1:15 PM Changeset in webkit [172169] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172151. <rdar://problem/17869353>

1:12 PM Changeset in webkit [172168] by matthew_hanson@apple.com

• 4 edits in branches/safari-600.1.4-branch/Source

Merge r172035. <rdar://problem/17869353>

1:12 PM Changeset in webkit [172167] by benjamin@webkit.org

• 2 edits in trunk/Source/WTF

HashTable based classes leak a lot
​https://bugs.webkit.org/show_bug.cgi?id=135638

Reviewed by Darin Adler.

• wtf/HashTable.h:

The operator= taking a rvalue reference was never freeing the memory allocated
for the table of the left hand side object.

This patch fixes the leaks by doing an alloc+swap with a new object.
The object temp gets the reference to m_table, and destroys it in the regular destructor
when going out of scope.

Kudos to Pratik Solanki for finding the leaks.

1:09 PM Changeset in webkit [172166] by matthew_hanson@apple.com

• 3 edits
  4 copies in branches/safari-600.1.4-branch

Merge r172112. <rdar://problem/17802174>

12:21 PM Changeset in webkit [172165] by akling@apple.com

• 3 edits in trunk/Source/WebCore

Remove unused RenderBox::reflectionBox().
<​https://webkit.org/b/135661>

Reviewed by Antti Koivisto.

• rendering/RenderBox.cpp:

(WebCore::RenderBox::reflectionBox): Deleted.

• rendering/RenderBox.h:

11:54 AM Changeset in webkit [172164] by matthew_hanson@apple.com

• 2 edits in tags/Safari-600.1.7/Source/WebCore

Merge r172025. <rdar://problem/17715503>

11:48 AM Changeset in webkit [172163] by commit-queue@webkit.org

• 2 edits in trunk/Websites/webkit.org

[Win] Build error when OFFICIAL_BUILD != 1.
​https://bugs.webkit.org/show_bug.cgi?id=135613

Patch by ​peavo@outlook.com <​peavo@outlook.com> on 2014-08-06
Reviewed by Alex Christensen.

Added python installation as a required step before building on Windows.

• building/tools.html:

11:32 AM Changeset in webkit [172162] by Brian Burg

• 2 edits in trunk/Source/WebInspectorUI

REGRESSION(r172094): tests fail because Inspector test harness does not include UIString
​https://bugs.webkit.org/show_bug.cgi?id=135658

Reviewed by Joseph Pecoraro.

• UserInterface/Base/Test.js:

(WebInspector.contentLoaded): Fix brace placement.
(WebInspector.UIString): Added. This is the identity function during testing.

11:30 AM Changeset in webkit [172161] by Brian Burg

• 4 edits in trunk/Source

Web Inspector: convert ReplayManager to a promise-based API
​https://bugs.webkit.org/show_bug.cgi?id=135249

Reviewed by Timothy Hatcher.

Source/WebCore:

Fix some assertions to match ReplayController's preconditions.

• inspector/InspectorReplayAgent.cpp:

(WebCore::InspectorReplayAgent::replayToPosition):
(WebCore::InspectorReplayAgent::replayToCompletion):

Source/WebInspectorUI:

Convert replay commands to an asynchronous, promise-based API. This addresses
two problems with a synchronous replay API: clients can only use the synchronous
API if session and segment state are exactly correct, and trying to change state
to match this requirement requires chaining multiple commands and events.

The asynchronous API allows clients to issue replay commands with impunity,
as long as they can be unambiguously handled. For example, issuing
pausePlayback() while capturing is not allowed, but issuing startCapturing()
while replaying is allowed. The API also hides implementation details that
are not important, such as steps to unpause or temporarily disable the debugger.

This patch also cleans up uses of promises, such as adding error re-throwing.
It adds return type annotations to public ReplayManager asynchronous methods.

• UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.catch):
(WebInspector.ReplayManager):
(WebInspector.ReplayManager.prototype.createSession):
(WebInspector.ReplayManager.prototype.switchSession):
(WebInspector.ReplayManager.prototype.startCapturing):
(WebInspector.ReplayManager.prototype.stopCapturing):
(WebInspector.ReplayManager.prototype.replayToPosition):
(WebInspector.ReplayManager.prototype.replayToCompletion):
(WebInspector.ReplayManager.prototype.sessionCreated.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentCompleted.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentCompleted.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentUnloaded.catch): re-throw.
(WebInspector.ReplayManager.prototype.sessionCreated.catech): re-throw.

11:25 AM Changeset in webkit [172160] by Brent Fulgham

• 3 edits
  2 adds in trunk

[Mac] Unable to scroll to bottom of nested scrollable areas
​https://bugs.webkit.org/show_bug.cgi?id=135637
<rdar://problem/17910241>

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: platform/mac/fast/scrolling/scroll-latched-nested-div.html

Avoid truncating the fractional portion of scroll ranges.

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::updateScrollbarsAfterLayout): Round
the LayoutUnit values for scroll width and height rather than
truncating.

LayoutTests:

• platform/mac/fast/scrolling/scroll-latched-nested-div-expected.txt: Added.
• platform/mac/fast/scrolling/scroll-latched-nested-div.html: Added.

11:18 AM Changeset in webkit [172159] by aestes@apple.com

• 2 edits in trunk/Source/WebCore

[iOS] QuickLook returns an invalid MIME type for some documents
​https://bugs.webkit.org/show_bug.cgi?id=135651

Reviewed by David Kilzer.

r172151 ensured that we ignore QuickLook delegate messages after an error, but neglected to do so for
connectionDidFinishLoading:. Do not call ResourceLoader::didFinishLoading() if an error has occurred.

• platform/network/ios/QuickLook.mm:

(-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]):

10:59 AM Changeset in webkit [172158] by Brian Burg

• 5 edits
  2 adds in trunk

Web Inspector: protocol command invocations should return a promise if no callback is supplied
​https://bugs.webkit.org/show_bug.cgi?id=130702

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

This allows the trailing Agent.command.promise(args) to be dropped in favor of just
Agent.command(args). It should make it a bit easier to convert code to use promises.

Test: LayoutTests/inspector/protocol-promise-result.html

• UserInterface/Controllers/ReplayManager.js: Drop use of .promise().
• UserInterface/Controllers/TimelineManager.js: Drop use of .promise().

(WebInspector.TimelineManager.prototype.startCapturing):

• UserInterface/Protocol/InspectorBackend.js:

(.callable): Redirect to the promise entry point if the last argument isn't a function.
(InspectorBackend.Command.create):

LayoutTests:

Addd a test for recieving protocol command results through an explicit callback,
via the .promise() entry point, and via an implicitly created promise.

• inspector/protocol-promise-result-expected.txt: Added.
• inspector/protocol-promise-result.html: Added.

10:57 AM Changeset in webkit [172157] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r172155.
​https://bugs.webkit.org/show_bug.cgi?id=135659

ChangeLog and commit message are wrong (Requested by estes on
#webkit).

Reverted changeset:

"Unreviewed, rolling out r172145."
​https://bugs.webkit.org/show_bug.cgi?id=135657
​http://trac.webkit.org/changeset/172155

10:53 AM Changeset in webkit [172156] by mmaxfield@apple.com

• 2 edits in trunk/Source/WebCore

Unreviewed build fix

• rendering/TextPainter.cpp: Used incorrect variable name

10:46 AM Changeset in webkit [172155] by aestes@apple.com

• 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r172145.
​https://bugs.webkit.org/show_bug.cgi?id=135657

caused 1 API test to fail (Requested by zalan on #webkit).

Reverted changeset:

"Cleanup InlineTextBox::paintSelection and
::localSelectionRect."
​https://bugs.webkit.org/show_bug.cgi?id=135631
​http://trac.webkit.org/changeset/172145

Patch by Commit Queue <​commit-queue@webkit.org> on 2014-08-06

10:44 AM Changeset in webkit [172154] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r172145.
​https://bugs.webkit.org/show_bug.cgi?id=135657

caused 1 API test to fail (Requested by zalan on #webkit).

Reverted changeset:

"Cleanup InlineTextBox::paintSelection and
::localSelectionRect."
​https://bugs.webkit.org/show_bug.cgi?id=135631
​http://trac.webkit.org/changeset/172145

10:35 AM Changeset in webkit [172153] by mmaxfield@apple.com

• 3 edits
  2 adds in trunk

Text-shadow with (0, 0) offset and radius = 0 is ugly
​https://bugs.webkit.org/show_bug.cgi?id=135357

Reviewed by Darin Adler.

Source/WebCore:

Instead, check for this kind of shadow and don't draw it.

Test: fast/text/empty-shadow.html

• rendering/TextPainter.cpp:

(WebCore::isEmptyShadow): Does a shadow match these criteria?
(WebCore::paintTextWithShadows): If so, don't draw it.

LayoutTests:

Check that this kind of shadow ends up invisible.

• fast/text/empty-shadow-expected.html: Added
• fast/text/empty-shadow.html: Added

10:27 AM Changeset in webkit [172152] by Dániel Bátyai

• 2 edits in trunk/Source/JavaScriptCore

[ARM] Incorrect handling of Unicode characters
​https://bugs.webkit.org/show_bug.cgi?id=135380

Reviewed by Darin Adler.

Removed erroneous fast case from stringFromUTF(), since it assumed that
char is always implemented as signed.

• jsc.cpp:

(stringFromUTF):

10:23 AM Changeset in webkit [172151] by aestes@apple.com

• 2 edits in trunk/Source/WebCore

[iOS] QuickLook returns an invalid MIME type for some documents
​https://bugs.webkit.org/show_bug.cgi?id=135651

Reviewed by David Kilzer.

In some cases QuickLook indicates a failure by returning a nil MIME type in -[QLPreviewConverter previewResponse]
rather than calling connection:didFailWithError:. Calling ResourceLoader::didReceiveResponse() with a response
containing a nil MIME type leads to a crash.

Stop loading the resource and display an error page if QuickLook cannot provide a MIME type for the converted response.

No new tests. QuickLook is not testable from WebKit.

• platform/network/ios/QuickLook.mm:

(-[WebResourceLoaderQuickLookDelegate _sendDidReceiveResponseIfNecessary]): Called ResourceLoader::didFail() if
MIME type was nil. Called ResourceLoader::didReceiveResponse() otherwise.
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): Called -_sendDidReceiveResponseIfNecessary.
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.

9:02 AM Changeset in webkit [172150] by mihnea@adobe.com

• 1 edit
  4 moves
  1 add in trunk/LayoutTests

[CSSRegions] Move full screen tests into fast/regions/fullscreen
​https://bugs.webkit.org/show_bug.cgi?id=135650

Reviewed by Andrei Bucur.

Move files and adjust paths accordingly.

• fast/regions/fullscreen/full-screen-video-from-region-expected.txt: Renamed from LayoutTests/fast/regions/full-screen-video-from-region-expected.txt.
• fast/regions/fullscreen/full-screen-video-from-region.html: Renamed from LayoutTests/fast/regions/full-screen-video-from-region.html.
• fast/regions/fullscreen/full-screen-video-in-region-crash-expected.txt: Renamed from LayoutTests/fast/regions/full-screen-video-in-region-crash-expected.txt.
• fast/regions/fullscreen/full-screen-video-in-region-crash.html: Renamed from LayoutTests/fast/regions/full-screen-video-in-region-crash.html.

8:44 AM Changeset in webkit [172149] by Dániel Bátyai

• 7 edits in trunk/Source

[JSC] Build fix for FTL on EFL after ftlopt merge
​https://bugs.webkit.org/show_bug.cgi?id=135565

Reviewed by Mark Lam.

Source/JavaScriptCore:

Adding an enable guard for native inlining, since it now requires the bitcode
emitted from Clang, and we don't have a good way of creating it from other compilers.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleCall):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):

• ftl/FTLState.cpp:

(JSC::FTL::State::State):

• ftl/FTLState.h:

Source/WTF:

Added ENABLE(FTL_NATIVE_CALL_INLINING).

• wtf/Platform.h:

8:09 AM Changeset in webkit [172148] by mihnea@adobe.com

• 1 edit
  4 moves
  3 adds
  2 deletes in trunk/LayoutTests

[CSSRegions] Move parsing tests into fast/regions/parsing
​https://bugs.webkit.org/show_bug.cgi?id=135649

Reviewed by Andrei Bucur.

Move files and adjust file paths.

• fast/regions/parsing/webkit-flow-from-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-flow-from-parsing-expected.txt.
• fast/regions/parsing/webkit-flow-from-parsing.html: Added.
• fast/regions/parsing/webkit-flow-into-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-flow-into-parsing-expected.txt.
• fast/regions/parsing/webkit-flow-into-parsing.html: Renamed from LayoutTests/fast/regions/webkit-flow-into-parsing.html.
• fast/regions/parsing/webkit-region-fragment-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-region-fragment-parsing-expected.txt.
• fast/regions/parsing/webkit-region-fragment-parsing.html: Added.
• fast/regions/webkit-flow-from-parsing.html: Removed.
• fast/regions/webkit-region-fragment-parsing.html: Removed.

8:07 AM Changeset in webkit [172147] by commit-queue@webkit.org

• 9 edits in trunk

[GTK] Add support for user scripts to WebKitUserContentManager
​https://bugs.webkit.org/show_bug.cgi?id=134738

Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2014-08-06
Reviewed by Carlos Garcia Campos.

Add support for user scripts, to complement the user style sheet
support already present in WebKitUserContentManager. Most of the
moving parts are already present, so this just adds a boxed type
for user scripts (WebKitUserScript) and the corresponding methods
to add and remove scripts from the WebKitUserContentManager.

Source/WebKit2:

• UIProcess/API/gtk/WebKitUserContent.cpp: Add a WebKitUserScript

boxed type and its corresponding methods and enums.
(toUserScriptInjectionTime): Needed to convert
WebKitUserScriptInjectionTime values into its WebCore counterparts.
(_WebKitUserScript::_WebKitUserScript): Added.
(_WebKitUserScript::referenceCount): Ditto.
(webkit_user_script_ref):
(webkit_user_script_unref):
(webkit_user_script_new):
(webkitUserScriptGetUserScript): Internal method to obtain the
boxed WebCore::UserScript value.

• UIProcess/API/gtk/WebKitUserContent.h: Add the new public API

methods.

• UIProcess/API/gtk/WebKitUserContentManager.cpp: Implement the

methods for adding and removing user scripts.
(webkit_user_content_manager_add_script):
(webkit_user_content_manager_remove_all_scripts):

• UIProcess/API/gtk/WebKitUserContentManager.h: Add the new public

API methods.

• UIProcess/API/gtk/WebKitUserContentPrivate.h: Add the definition

for the new private function.

• UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Include the

new public methods in the API documentation.

Tools:

• TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitUserContentManager.cpp:

Add test case for injected user scripts.
(isScriptInjectedForURLAtPath):
(removeOldInjectedContentAndResetLists):
(testUserContentManagerInjectedStyleSheet):
(testUserContentManagerInjectedScript):
(beforeAll):
(removeOldInjectedStyleSheetsAndResetLists): Deleted.

8:06 AM Changeset in webkit [172146] by stavila@adobe.com

• 3 edits
  2 adds in trunk

REGRESSION (r163382): Overflow hidden for inner elements breaks blurring
​https://bugs.webkit.org/show_bug.cgi?id=135318

Reviewed by Zalan Bujtas.

Source/WebCore:

For elements with border radius, clipping must be applied using clipRoundedRect.
This regressed in r163382, when normal clipping started being applied also
for elements having border radius.

Test: fast/filter-image/clipped-filter.html

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::clipToRect):
(WebCore::RenderLayer::restoreClip):

LayoutTests:

Added test for filter applied on an element overflowing its parent, which has overflow:hidden.

• fast/filter-image/clipped-filter-expected.html: Added.
• fast/filter-image/clipped-filter.html: Added.

8:04 AM Changeset in webkit [172145] by Alan Bujtas

• 3 edits in trunk/Source/WebCore

Cleanup InlineTextBox::paintSelection and ::localSelectionRect.
​https://bugs.webkit.org/show_bug.cgi?id=135631

Reviewed by Darin Adler.

Covered by existing tests.

• rendering/InlineTextBox.cpp: Ideally these 2 functions should share some more code.

(WebCore::InlineTextBox::localSelectionRect): Local coordinates should not be snapped/enclosed.
This change could potentially break some selections. Should that be the case, they need to be addressed
separately.
(WebCore::InlineTextBox::paint):
(WebCore::InlineTextBox::paintSelection): Minor cleanup.

• rendering/InlineTextBox.h:

8:01 AM Changeset in webkit [172144] by Carlos Garcia Campos

• 7 edits in trunk

[GTK] Be able to disable gtk2 dependency
​https://bugs.webkit.org/show_bug.cgi?id=135505

Reviewed by Gustavo Noronha Silva.

.:

Add ENABLE_PLUGIN_PROCESS_GTK2 compile option. GTK+2 is only
required when it's enabled. It's enabled by default.

• Source/cmake/OptionsGTK.cmake:

Source/WebCore:

Do not build WebCorePlatformGTK2 when ENABLE_PLUGIN_PROCESS_GTK2
is OFF.

• PlatformGTK.cmake:

Source/WebKit2:

• PlatformGTK.cmake: Only build WebKitPluginProcess2 when

ENABLE_PLUGIN_PROCESS_GTK2 is ON.

• UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess): Do not try to launch
WebKitPluginProcess2 executable when ENABLE_PLUGIN_PROCESS_GTK2 is OFF.

6:45 AM Changeset in webkit [172143] by mark.lam@apple.com

• 2 edits in trunk/Source/WebCore

Gardening: fix bindings test breakage for for r170564 merged in r172129.
<​https://webkit.org/b/134333>

Not reviewed.

No new tests.

• bindings/scripts/test/JS/JSTestEventTarget.h:

(WebCore::JSTestEventTarget::create):

6:36 AM Changeset in webkit [172142] by berto@igalia.com

• 2 edits in trunk/Source/WebCore/platform/gtk/po

[GTK] Rename translation domain to WebKit2GTK-4.0
​https://bugs.webkit.org/show_bug.cgi?id=135646

Reviewed by Carlos Garcia Campos.

• CMakeLists.txt:

4:13 AM Changeset in webkit [172141] by mihnea@adobe.com

• 1 edit
  8 moves in trunk/LayoutTests

[CSSRegions] Move selection tests under fast/regions/selection
​https://bugs.webkit.org/show_bug.cgi?id=135641

Reviewed by Andrei Bucur.

Move selection related tests under fast/regions/selection.

• fast/regions/selection/selection-gaps-paint-crash-expected.txt: Renamed from LayoutTests/fast/regions/selection-gaps-paint-crash-expected.txt.
• fast/regions/selection/selection-gaps-paint-crash.html: Renamed from LayoutTests/fast/regions/selection-gaps-paint-crash.html.
• fast/regions/selection/selection-in-overflow-expected.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-expected.html.
• fast/regions/selection/selection-in-overflow-hit-testing-expected.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-hit-testing-expected.html.
• fast/regions/selection/selection-in-overflow-hit-testing.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-hit-testing.html.
• fast/regions/selection/selection-in-overflow.html: Renamed from LayoutTests/fast/regions/selection-in-overflow.html.
• fast/regions/selection/selection-in-text-after-overflow-hit-testing-expected.html: Renamed from LayoutTests/fast/regions/selection-in-text-after-overflow-hit-testing-expected.html.
• fast/regions/selection/selection-in-text-after-overflow-hit-testing.html: Renamed from LayoutTests/fast/regions/selection-in-text-after-overflow-hit-testing.html.

4:00 AM Changeset in webkit [172140] by mihnea@adobe.com

• 1 edit
  4 moves in trunk/LayoutTests

[CSSRegions] Move auto-height tests into fast/regions/auto-size
​https://bugs.webkit.org/show_bug.cgi?id=135645

Reviewed by Andrei Bucur.

• fast/regions/auto-size/region-height-auto-to-defined-expected.txt: Renamed from LayoutTests/fast/regions/region-height-auto-to-defined-expected.txt.
• fast/regions/auto-size/region-height-auto-to-defined.html: Renamed from LayoutTests/fast/regions/region-height-auto-to-defined.html.
• fast/regions/auto-size/region-height-defined-to-auto-expected.txt: Renamed from LayoutTests/fast/regions/region-height-defined-to-auto-expected.txt.
• fast/regions/auto-size/region-height-defined-to-auto.html: Renamed from LayoutTests/fast/regions/region-height-defined-to-auto.html.

3:50 AM Changeset in webkit [172139] by commit-queue@webkit.org

• 2 edits in trunk/Tools

[GTK] run-launcher --gtk still fails
​https://bugs.webkit.org/show_bug.cgi?id=135642

Patch by Philippe Normand <​pnormand@igalia.com> on 2014-08-06
Reviewed by Carlos Garcia Campos.

The perl interpreter is confused by the combination of string
concatenation and a ternary in the same line. Using a separate
variable to determine the library file extension fixes this issue.

• Scripts/webkitdirs.pm:

(builtDylibPathForName): Use an intermediate variable, it's more
readable and unambiguous.

3:10 AM Changeset in webkit [172138] by ryuan.choi@samsung.com

• 2 edits in trunk/Source/WebCore

Unreviewed typo correction.

• bindings/scripts/CodeGeneratorJS.pm: removed unnecessary space.

(GenerateImplementation):

Aug 5, 2014:

11:53 PM Changeset in webkit [172137] by Csaba Osztrogonác

• 2 edits in trunk/Source/JavaScriptCore

URTBF after r172129. (ftlopt branch merge)

Remove the duplicated friend declaration to fix this build failure:
"error: ‘JSC::Structure’ is already a friend of ‘JSC::StructureRareData’ [-Werror]"

• runtime/StructureRareData.h:

11:21 PM Changeset in webkit [172136] by jcraig@apple.com

• 8 edits in trunk

Web Inspector: AXI: Add label string once AccessibilityObject::computedLabel() is available
​https://bugs.webkit.org/show_bug.cgi?id=129940

Reviewed by Chris Fleizach.

Source/WebCore:

Test: inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt

• accessibility/AccessibilityObject.cpp: Fixed crash.

(WebCore::AccessibilityObject::accessibilityComputedLabel):

• accessibility/AccessibilityObject.h: Method name update.
• inspector/InspectorDOMAgent.cpp: New support for getting Node label from AccessibilityObject.

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

Source/WebInspectorUI:

• UserInterface/Views/DOMNodeDetailsSidebarPanel.js: UI update for label field in Node Inspector.

(WebInspector.DOMNodeDetailsSidebarPanel.prototype._refreshAccessibility):

LayoutTests:

• inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: LayoutTest expectation update.

11:14 PM Changeset in webkit [172135] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds, part 3.

• CMakeLists.txt:

11:09 PM Changeset in webkit [172134] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds, part 2.

• CMakeLists.txt:

11:06 PM Changeset in webkit [172133] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Attempt to fix Windows build, part 2.

• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:

11:03 PM Changeset in webkit [172132] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds.

• CMakeLists.txt:

11:02 PM Changeset in webkit [172131] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Attempt to fix Windows build.

• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:

10:55 PM Changeset in webkit [172130] by fpizlo@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Fix cloop build.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

10:27 PM Changeset in webkit [172129] by fpizlo@apple.com

• 145 edits
  42 adds
  5 deletes in trunk

Merge r170564, r170571, r170604, r170628, r170672, r170680, r170724, r170728, r170729, r170819, r170821, r170836, r170855, r170860, r170890, r170907, r170929, r171052, r171106, r171152, r171153, r171214 from ftlopt.

Source/JavaScriptCore:

This part of the merge delivers roughly a 2% across-the-board performance
improvement, mostly due to immutable property inference and DFG-side GCSE. It also
almost completely resolves accessor performance issues; in the common case the DFG
will compile a getter/setter access into code that is just as efficient as a normal
property access.

Another major highlight of this part of the merge is the work to add a type profiler
to the inspector. This work is still on-going but this greatly increases coverage.

Note that this merge fixes a minor bug in the GetterSetter refactoring from
​http://trac.webkit.org/changeset/170729 (​https://bugs.webkit.org/show_bug.cgi?id=134518).
It also adds a new tests to tests/stress to cover that bug. That bug was previously only
covered by layout tests.

2014-07-17 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] DFG Flush(SetLocal) store elimination is overzealous for captured variables in the presence of nodes that have no effects but may throw (merge trunk r171190)
​https://bugs.webkit.org/show_bug.cgi?id=135019

Reviewed by Oliver Hunt.

Behaviorally, this is just a merge of trunk r171190, except that the relevant functionality
has moved to StrengthReductionPhase and is written in a different style. Same algorithm,
different code.

• dfg/DFGNodeType.h:
• dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode):
• tests/stress/capture-escape-and-throw.js: Added. (foo.f): (foo):
• tests/stress/new-array-with-size-throw-exception-and-tear-off-arguments.js: Added. (foo): (bar):

2014-07-15 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Constant fold GetGetter and GetSetter if the GetterSetter is a constant
​https://bugs.webkit.org/show_bug.cgi?id=134962

Reviewed by Oliver Hunt.

This removes yet another steady-state-throughput implication of using getters and setters:
if your accessor call is monomorphic then you'll just get a structure check, nothing more.
No more loads to get to the GetterSetter object or the accessor function object.

• dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
• runtime/GetterSetter.h: (JSC::GetterSetter::getterConcurrently): (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setterConcurrently): (JSC::GetterSetter::setSetter):

2014-07-15 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Identity replacement in CSE shouldn't create a Phantom over the Identity's children
​https://bugs.webkit.org/show_bug.cgi?id=134893

Reviewed by Oliver Hunt.

Replace Identity with Check instead of Phantom. Phantom means that the child of the
Identity should be unconditionally live. The liveness semantics of Identity are such that
if the parents of Identity are live then the child is live. Removing the Identity entirely
preserves such liveness semantics. So, the only thing that should be left behind is the
type check on the child, which is what Check means: do the check but don't keep the child
alive if the check isn't needed.

• dfg/DFGCSEPhase.cpp:
• dfg/DFGNode.h: (JSC::DFG::Node::convertToCheck):

2014-07-13 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
​https://bugs.webkit.org/show_bug.cgi?id=134677

Reviewed by Sam Weinig.

This removes the old local CSE phase, which was based on manually written backward-search
rules for all of the different kinds of things we cared about, and adds a new local/global
CSE (local for CPS and global for SSA) that leaves the node semantics almost entirely up to
clobberize(). Thus, the CSE phase itself just worries about the algorithms and data
structures used for storing sets of available values. This results in a large reduction in
code size in CSEPhase.cpp while greatly increasing the phase's power (since it now does
global CSE) and reducing compile time (since local CSE is now rewritten to use smarter data
structures). Even though LLVM was already running GVN, the extra GCSE at DFG IR level means
that this is a significant (~0.7%) throughput improvement.

This work is based on the concept of "def" to clobberize(). If clobberize() calls def(), it
means that the node being analyzed makes available some value in some DFG node, and that
future attempts to compute that value can simply use that node. In other words, it
establishes an available value mapping of the form value=>node. There are two kinds of
values that can be passed to def():

PureValue. This captures everything needed to determine whether two pure nodes - nodes that

neither read nor write, and produce a value that is a CSE candidate - are identical. It
carries the NodeType, an AdjacencyList, and one word of meta-data. The meta-data is
usually used for things like the arithmetic mode or constant pointer. Passing a
PureValue to def() means that the node produces a value that is valid anywhere that the
node dominates.

HeapLocation. This describes a location in the heap that could be written to or read from.

Both stores and loads can def() a HeapLocation. HeapLocation carries around an abstract
heap that both serves as part of the "name" of the heap location (together with the
other fields of HeapLocation) and also tells us what write()'s to watch for. If someone
write()'s to an abstract heap that overlaps the heap associated with the HeapLocation,
then it means that the values for that location are no longer available.

This approach is sufficiently clever that the CSEPhase itself can focus on the mechanism of
tracking the PureValue=>node and HeapLocation=>node maps, without having to worry about
interpreting the semantics of different DFG node types - that is now almost entirely in
clobberize(). The only things we special-case inside CSEPhase are the Identity node, which
CSE is traditionally responsible for eliminating even though it has nothing to do with CSE,
and the LocalCSE rule for turning PutByVal into PutByValAlias.

This is a slight Octane, SunSpider, and Kraken speed-up - all somewhere arond 0.7% . It's
not a bigger win because LLVM was already giving us most of what we needed in its GVN.
Also, the SunSpider speed-up isn't from GCSE as much as it's a clean-up of local CSE - that
is no longer O(n^{2). Basically this is purely good: it reduces the amount of LLVM IR we
generate, it removes the old CSE's heap modeling (which was a constant source of bugs), and
it improves both the quality of the code we generate and the speed with which we generate
it. Also, any future optimizations that depend on GCSE will now be easier to implement.}

During the development of this patch I also rationalized some other stuff, like Graph's
ordered traversals - we now have preorder and postorder rather than just "depth first".

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGAbstractHeap.h:
• dfg/DFGAdjacencyList.h: (JSC::DFG::AdjacencyList::hash): (JSC::DFG::AdjacencyList::operator==):
• dfg/DFGBasicBlock.h:
• dfg/DFGCSEPhase.cpp: (JSC::DFG::performLocalCSE): (JSC::DFG::performGlobalCSE): (JSC::DFG::CSEPhase::CSEPhase): Deleted. (JSC::DFG::CSEPhase::run): Deleted. (JSC::DFG::CSEPhase::endIndexForPureCSE): Deleted. (JSC::DFG::CSEPhase::pureCSE): Deleted. (JSC::DFG::CSEPhase::constantCSE): Deleted. (JSC::DFG::CSEPhase::constantStoragePointerCSE): Deleted. (JSC::DFG::CSEPhase::getCalleeLoadElimination): Deleted. (JSC::DFG::CSEPhase::getArrayLengthElimination): Deleted. (JSC::DFG::CSEPhase::globalVarLoadElimination): Deleted. (JSC::DFG::CSEPhase::scopedVarLoadElimination): Deleted. (JSC::DFG::CSEPhase::varInjectionWatchpointElimination): Deleted. (JSC::DFG::CSEPhase::getByValLoadElimination): Deleted. (JSC::DFG::CSEPhase::checkFunctionElimination): Deleted. (JSC::DFG::CSEPhase::checkExecutableElimination): Deleted. (JSC::DFG::CSEPhase::checkStructureElimination): Deleted. (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): Deleted. (JSC::DFG::CSEPhase::getByOffsetLoadElimination): Deleted. (JSC::DFG::CSEPhase::getGetterSetterByOffsetLoadElimination): Deleted. (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): Deleted. (JSC::DFG::CSEPhase::checkArrayElimination): Deleted. (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): Deleted. (JSC::DFG::CSEPhase::getInternalFieldLoadElimination): Deleted. (JSC::DFG::CSEPhase::getMyScopeLoadElimination): Deleted. (JSC::DFG::CSEPhase::getLocalLoadElimination): Deleted. (JSC::DFG::CSEPhase::invalidationPointElimination): Deleted. (JSC::DFG::CSEPhase::setReplacement): Deleted. (JSC::DFG::CSEPhase::eliminate): Deleted. (JSC::DFG::CSEPhase::performNodeCSE): Deleted. (JSC::DFG::CSEPhase::performBlockCSE): Deleted. (JSC::DFG::performCSE): Deleted.
• dfg/DFGCSEPhase.h:
• dfg/DFGClobberSet.cpp: (JSC::DFG::addReads): (JSC::DFG::addWrites): (JSC::DFG::addReadsAndWrites): (JSC::DFG::readsOverlap): (JSC::DFG::writesOverlap):
• dfg/DFGClobberize.cpp: (JSC::DFG::doesWrites): (JSC::DFG::accessesOverlap): (JSC::DFG::writesOverlap):
• dfg/DFGClobberize.h: (JSC::DFG::clobberize): (JSC::DFG::NoOpClobberize::operator()): (JSC::DFG::CheckClobberize::operator()): (JSC::DFG::ReadMethodClobberize::ReadMethodClobberize): (JSC::DFG::ReadMethodClobberize::operator()): (JSC::DFG::WriteMethodClobberize::WriteMethodClobberize): (JSC::DFG::WriteMethodClobberize::operator()): (JSC::DFG::DefMethodClobberize::DefMethodClobberize): (JSC::DFG::DefMethodClobberize::operator()):
• dfg/DFGDCEPhase.cpp: (JSC::DFG::DCEPhase::run): (JSC::DFG::DCEPhase::fixupBlock):
• dfg/DFGGraph.cpp: (JSC::DFG::Graph::getBlocksInPreOrder): (JSC::DFG::Graph::getBlocksInPostOrder): (JSC::DFG::Graph::addForDepthFirstSort): Deleted. (JSC::DFG::Graph::getBlocksInDepthFirstOrder): Deleted.
• dfg/DFGGraph.h:
• dfg/DFGHeapLocation.cpp: Added. (JSC::DFG::HeapLocation::dump): (WTF::printInternal):
• dfg/DFGHeapLocation.h: Added. (JSC::DFG::HeapLocation::HeapLocation): (JSC::DFG::HeapLocation::operator!): (JSC::DFG::HeapLocation::kind): (JSC::DFG::HeapLocation::heap): (JSC::DFG::HeapLocation::base): (JSC::DFG::HeapLocation::index): (JSC::DFG::HeapLocation::hash): (JSC::DFG::HeapLocation::operator==): (JSC::DFG::HeapLocation::isHashTableDeletedValue): (JSC::DFG::HeapLocationHash::hash): (JSC::DFG::HeapLocationHash::equal):
• dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::run):
• dfg/DFGNode.h: (JSC::DFG::Node::replaceWith): (JSC::DFG::Node::convertToPhantomUnchecked): Deleted.
• dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):
• dfg/DFGPureValue.cpp: Added. (JSC::DFG::PureValue::dump):
• dfg/DFGPureValue.h: Added. (JSC::DFG::PureValue::PureValue): (JSC::DFG::PureValue::operator!): (JSC::DFG::PureValue::op): (JSC::DFG::PureValue::children): (JSC::DFG::PureValue::info): (JSC::DFG::PureValue::hash): (JSC::DFG::PureValue::operator==): (JSC::DFG::PureValue::isHashTableDeletedValue): (JSC::DFG::PureValueHash::hash): (JSC::DFG::PureValueHash::equal):
• dfg/DFGSSAConversionPhase.cpp: (JSC::DFG::SSAConversionPhase::run):
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::lower):

2014-07-13 Filip Pizlo <​fpizlo@apple.com>

Unreviewed, revert unintended change in r171051.

• dfg/DFGCSEPhase.cpp:

2014-07-08 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Move Flush(SetLocal) store elimination to StrengthReductionPhase
​https://bugs.webkit.org/show_bug.cgi?id=134739

Reviewed by Mark Hahnenberg.

I'm going to streamline CSE around clobberize() as part of
​https://bugs.webkit.org/show_bug.cgi?id=134677, and so Flush(SetLocal) store
elimination wouldn't belong in CSE anymore. It doesn't quite belong anywhere, which
means that it belongs in StrengthReductionPhase, since that's intended to be our
dumping ground.

To do this I had to add some missing smarts to clobberize(). Previously clobberize()
could play a bit loose with reads of Variables because it wasn't used for store
elimination. The main client of read() was LICM, but it would only use it to
determine hoistability and anything that did a write() was not hoistable - so, we had
benign (but still wrong) missing read() calls in places that did write()s. This fixes
a bunch of those cases.

• dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::setLocalStoreElimination): Deleted.
• dfg/DFGClobberize.cpp: (JSC::DFG::accessesOverlap):
• dfg/DFGClobberize.h: (JSC::DFG::clobberize): Make clobberize() smart enough for detecting when this store elimination would be sound.
• dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode): Implement the store elimination in terms of clobberize().

2014-07-08 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Phantom simplification should be in its own phase
​https://bugs.webkit.org/show_bug.cgi?id=134742

Reviewed by Geoffrey Garen.

This moves Phantom simplification out of CSE, which greatly simplifies CSE and gives it
more focus. Also this finally adds a phase that removes empty Phantoms. We sort of had
this in CPSRethreading, but that phase runs too infrequently and doesn't run at all for
SSA.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGAdjacencyList.h:
• dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::run): (JSC::DFG::CSEPhase::setReplacement): (JSC::DFG::CSEPhase::eliminate): (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren): Deleted.
• dfg/DFGPhantomRemovalPhase.cpp: Added. (JSC::DFG::PhantomRemovalPhase::PhantomRemovalPhase): (JSC::DFG::PhantomRemovalPhase::run): (JSC::DFG::performCleanUp):
• dfg/DFGPhantomRemovalPhase.h: Added.
• dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):

2014-07-08 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Get rid of Node::misc by moving the fields out of the union so that you can use replacement and owner simultaneously
​https://bugs.webkit.org/show_bug.cgi?id=134730

Reviewed by Mark Lam.

This will allow for a better GCSE implementation.

• dfg/DFGCPSRethreadingPhase.cpp: (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
• dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::setReplacement):
• dfg/DFGEdgeDominates.h: (JSC::DFG::EdgeDominates::operator()):
• dfg/DFGGraph.cpp: (JSC::DFG::Graph::clearReplacements): (JSC::DFG::Graph::initializeNodeOwners):
• dfg/DFGGraph.h: (JSC::DFG::Graph::performSubstitutionForEdge):
• dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::attemptHoist):
• dfg/DFGNode.h: (JSC::DFG::Node::Node):
• dfg/DFGSSAConversionPhase.cpp: (JSC::DFG::SSAConversionPhase::run):

2014-07-04 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Infer immutable object properties
​https://bugs.webkit.org/show_bug.cgi?id=134567

Reviewed by Mark Hahnenberg.

This introduces a new way of inferring immutable object properties. A property is said to
be immutable if after its creation (i.e. the transition that creates it), we never
overwrite it (i.e. replace it) or delete it. Immutability is a property of an "own
property" - so if we say that "f" is immutable at "o" then we are implying that "o" has "f"
directly and not on a prototype. More specifically, the immutability inference will prove
that a property on some structure is immutable. This means that, for example, we may have a
structure S1 with property "f" where we claim that "f" at S1 is immutable, but S1 has a
transition to S2 that adds a new property "g" and we may claim that "f" at S2 is actually
mutable. This is mainly for convenience; it allows us to decouple immutability logic from
transition logic. Immutability can be used to constant-fold accesses to objects at
DFG-time. The DFG needs to prove the following to constant-fold the access:

• The base of the access must be a constant object pointer. We prove that a property at a structure is immutable, but that says nothing of its value; each actual instance of that property may have a different value. So, a constant object pointer is needed to get an actual constant instance of the immutable value.

• A check (or watchpoint) must have been emitted proving that the object has a structure that allows loading the property in question.

• The replacement watchpoint set of the property in the structure that we've proven the object to have is still valid and we add a watchpoint to it lazily. The replacement watchpoint set is the key new mechanism that this change adds. It's possible that we have proven that the object has one of many structures, in which case each of those structures needs a valid replacement watchpoint set.

The replacement watchpoint set is created the first time that any access to the property is
cached. A put replace cache will create, and immediately invalidate, the watchpoint set. A
get cache will create the watchpoint set and make it start watching. Any non-cached put
access will invalidate the watchpoint set if one had been created; the underlying algorithm
ensures that checking for the existence of a replacement watchpoint set is very fast in the
common case. This algorithm ensures that no cached access needs to ever do any work to
invalidate, or check the validity of, any replacement watchpoint sets. It also has some
other nice properties:

• It's very robust in its definition of immutability. The strictest that it will ever be is that for any instance of the object, the property must be written to only once, specifically at the time that the property is created. But it's looser than this in practice. For example, the property may be written to any number of times before we add the final property that the object will have before anyone reads the property; this works since for optimization purposes we only care if we detect immutability on the structure that the object will have when it is most frequently read from, not any previous structure that the object had. Also, we may write to the property any number of times before anyone caches accesses to it.

• It is mostly orthogonal to structure transitions. No new structures need to be created to track the immutability of a property. Hence, there is no risk from this feature causing more polymorphism. This is different from the previous "specificValue" constant inference, which did cause additional structures to be created and sometimes those structures led to fake polymorphism. This feature does leverage existing transitions to do some of the watchpointing: property deletions don't fire the replacement watchpoint set because that would cause a new structure and so the mandatory structure check would fail. Also, this feature is guaranteed to never kick in for uncacheable dictionaries because those wouldn't allow for cacheable accesses - and it takes a cacheable access for this feature to be enabled.

• No memory overhead is incurred except when accesses to the property are cached. Dictionary properties will typically have no meta-data for immutability. The number of replacement watchpoint sets we allocate is proportional to the number of inline caches in the program, which is typically must smaller than the number of structures or even the number of objects.

This inference is far more powerful than the previous "specificValue" inference, so this
change also removes all of that code. It's interesting that the amount of code that is
changed to remove that feature is almost as big as the amount of code added to support the
new inference - and that's if you include the new tests in the tally. Without new tests,
it appears that the new feature actually touches less code!

There is one corner case where the previous "specificValue" inference was more powerful.
You can imagine someone creating objects with functions as self properties on those
objects, such that each object instance had the same function pointers - essentially,
someone might be trying to create a vtable but failing at the whole "one vtable for many
instances" concept. The "specificValue" inference would do very well for such programs,
because a structure check would be sufficient to prove a constant value for all of the
function properties. This new inference will fail because it doesn't track the constant
values of constant properties; instead it detects the immutability of otherwise variable
properties (in the sense that each instance of the property may have a different value).
So, the new inference requires having a particular object instance to actually get the
constant value. I think it's OK to lose this antifeature. It took a lot of code to support
and was a constant source of grief in our transition logic, and there doesn't appear to be
any real evidence that programs benefited from that particular kind of inference since
usually it's the singleton prototype instance that has all of the functions.

This change is a speed-up on everything. date-format-xparb and both SunSpider/raytrace and
V8/raytrace seem to be the biggest winners among the macrobenchmarks; they see >5%
speed-ups. Many of our microbenchmarks see very large performance improvements, even 80% in
one case.

• bytecode/ComplexGetStatus.cpp: (JSC::ComplexGetStatus::computeFor):
• bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFromLLInt): (JSC::GetByIdStatus::computeForStubInfo): (JSC::GetByIdStatus::computeFor):
• bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::GetByIdVariant): (JSC::GetByIdVariant::operator=): (JSC::GetByIdVariant::attemptToMerge): (JSC::GetByIdVariant::dumpInContext):
• bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::alternateBase): (JSC::GetByIdVariant::specificValue): Deleted.
• bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeForStubInfo): (JSC::PutByIdStatus::computeFor):
• bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::operator=): (JSC::PutByIdVariant::setter): (JSC::PutByIdVariant::dumpInContext):
• bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::specificValue): Deleted.
• bytecode/Watchpoint.cpp: (JSC::WatchpointSet::fireAllSlow): (JSC::WatchpointSet::fireAll): Deleted.
• bytecode/Watchpoint.h: (JSC::WatchpointSet::fireAll):
• dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
• dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleGetByOffset): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
• dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
• dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::isStringPrototypeMethodSane): (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
• dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetConstantProperty): (JSC::DFG::Graph::visitChildren):
• dfg/DFGGraph.h:
• dfg/DFGWatchableStructureWatchingPhase.cpp: (JSC::DFG::WatchableStructureWatchingPhase::run):
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
• jit/JITOperations.cpp:
• jit/Repatch.cpp: (JSC::repatchByIdSelfAccess): (JSC::generateByIdStub): (JSC::tryCacheGetByID): (JSC::tryCachePutByID): (JSC::tryBuildPutByIdList):
• llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::putToScopeCommon):
• runtime/CommonSlowPaths.h: (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
• runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::mayInterceptStoreTo):
• runtime/JSCJSValue.cpp: (JSC::JSValue::putToPrimitive):
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset):
• runtime/JSObject.cpp: (JSC::JSObject::put): (JSC::JSObject::putDirectNonIndexAccessor): (JSC::JSObject::deleteProperty): (JSC::JSObject::defaultValue): (JSC::getCallableObjectSlow): Deleted. (JSC::JSObject::getPropertySpecificValue): Deleted.
• runtime/JSObject.h: (JSC::JSObject::getDirect): (JSC::JSObject::getDirectOffset): (JSC::JSObject::inlineGetOwnPropertySlot): (JSC::JSObject::putDirectInternal): (JSC::JSObject::putOwnDataProperty): (JSC::JSObject::putDirect): (JSC::JSObject::putDirectWithoutTransition): (JSC::getCallableObject): Deleted.
• runtime/JSScope.cpp: (JSC::abstractAccess):
• runtime/PropertyMapHashTable.h: (JSC::PropertyMapEntry::PropertyMapEntry): (JSC::PropertyTable::copy):
• runtime/PropertyTable.cpp: (JSC::PropertyTable::clone): (JSC::PropertyTable::PropertyTable): (JSC::PropertyTable::visitChildren): Deleted.
• runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::materializePropertyMap): (JSC::Structure::addPropertyTransitionToExistingStructureImpl): (JSC::Structure::addPropertyTransitionToExistingStructure): (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently): (JSC::Structure::addPropertyTransition): (JSC::Structure::changePrototypeTransition): (JSC::Structure::attributeChangeTransition): (JSC::Structure::toDictionaryTransition): (JSC::Structure::preventExtensionsTransition): (JSC::Structure::takePropertyTableOrCloneIfPinned): (JSC::Structure::nonPropertyTransition): (JSC::Structure::addPropertyWithoutTransition): (JSC::Structure::allocateRareData): (JSC::Structure::ensurePropertyReplacementWatchpointSet): (JSC::Structure::startWatchingPropertyForReplacements): (JSC::Structure::didCachePropertyReplacement): (JSC::Structure::startWatchingInternalProperties): (JSC::Structure::copyPropertyTable): (JSC::Structure::copyPropertyTableForPinning): (JSC::Structure::getConcurrently): (JSC::Structure::get): (JSC::Structure::add): (JSC::Structure::visitChildren): (JSC::Structure::prototypeChainMayInterceptStoreTo): (JSC::Structure::dump): (JSC::Structure::despecifyDictionaryFunction): Deleted. (JSC::Structure::despecifyFunctionTransition): Deleted. (JSC::Structure::despecifyFunction): Deleted. (JSC::Structure::despecifyAllFunctions): Deleted. (JSC::Structure::putSpecificValue): Deleted.
• runtime/Structure.h: (JSC::Structure::startWatchingPropertyForReplacements): (JSC::Structure::startWatchingInternalPropertiesIfNecessary): (JSC::Structure::startWatchingInternalPropertiesIfNecessaryForEntireChain): (JSC::Structure::transitionDidInvolveSpecificValue): Deleted. (JSC::Structure::disableSpecificFunctionTracking): Deleted.
• runtime/StructureInlines.h: (JSC::Structure::getConcurrently): (JSC::Structure::didReplaceProperty): (JSC::Structure::propertyReplacementWatchpointSet):
• runtime/StructureRareData.cpp: (JSC::StructureRareData::destroy):
• runtime/StructureRareData.h:
• tests/stress/infer-constant-global-property.js: Added. (foo.Math.sin): (foo):
• tests/stress/infer-constant-property.js: Added. (foo):
• tests/stress/jit-cache-poly-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
• tests/stress/jit-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
• tests/stress/jit-put-to-scope-global-cache-watchpoint-invalidate.js: Added. (foo): (bar):
• tests/stress/llint-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
• tests/stress/llint-put-to-scope-global-cache-watchpoint-invalidate.js: Added. (foo): (bar):
• tests/stress/repeat-put-to-scope-global-with-same-value-watchpoint-invalidate.js: Added. (foo): (bar):

2014-07-03 Saam Barati <​sbarati@apple.com>

Add more coverage for the profile_types_with_high_fidelity op code.
​https://bugs.webkit.org/show_bug.cgi?id=134616

Reviewed by Filip Pizlo.

More operations are now being recorded by the profile_types_with_high_fidelity
opcode. Specifically: function parameters, function return values,
function 'this' value, get_by_id, get_by_value, resolve nodes, function return
values at the call site. Added more flags to the profile_types_with_high_fidelity
opcode so more focused tasks can take place when the instruction is
being linked in CodeBlock. Re-worked the type profiler to search
through character offset ranges when asked for the type of an expression
at a given offset. Removed redundant calls to Structure::toStructureShape
in HighFidelityLog and TypeSet by caching calls based on StructureID.

• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::finalizeUnconditionally): (JSC::CodeBlock::scopeDependentProfile):
• bytecode/CodeBlock.h: (JSC::CodeBlock::returnStatementTypeSet):
• bytecode/TypeLocation.h:
• bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset): (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo):
• bytecode/UnlinkedCodeBlock.h:
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitMove): (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): (JSC::BytecodeGenerator::emitGetFromScopeWithProfile): (JSC::BytecodeGenerator::emitPutToScope): (JSC::BytecodeGenerator::emitPutToScopeWithProfile): (JSC::BytecodeGenerator::emitPutById): (JSC::BytecodeGenerator::emitPutByVal):
• bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):
• bytecompiler/NodesCodegen.cpp: (JSC::ResolveNode::emitBytecode): (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::FunctionCallValueNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): (JSC::FunctionCallBracketNode::emitBytecode): (JSC::FunctionCallDotNode::emitBytecode): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::PostfixNode::emitResolve): (JSC::PostfixNode::emitBracket): (JSC::PostfixNode::emitDot): (JSC::PrefixNode::emitResolve): (JSC::PrefixNode::emitBracket): (JSC::PrefixNode::emitDot): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::AssignDotNode::emitBytecode): (JSC::ReadModifyDotNode::emitBytecode): (JSC::AssignBracketNode::emitBytecode): (JSC::ReadModifyBracketNode::emitBytecode): (JSC::ReturnNode::emitBytecode): (JSC::FunctionBodyNode::emitBytecode):
• inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset): (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange): Deleted.
• inspector/agents/InspectorRuntimeAgent.h:
• inspector/protocol/Runtime.json:
• llint/LLIntSlowPaths.cpp: (JSC::LLInt::getFromScopeCommon): (JSC::LLInt::LLINT_SLOW_PATH_DECL):
• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• runtime/HighFidelityLog.cpp: (JSC::HighFidelityLog::processHighFidelityLog): (JSC::HighFidelityLog::actuallyProcessLogThreadFunction): (JSC::HighFidelityLog::recordTypeInformationForLocation): Deleted.
• runtime/HighFidelityLog.h: (JSC::HighFidelityLog::recordTypeInformationForLocation):
• runtime/HighFidelityTypeProfiler.cpp: (JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset): (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset): (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset): (JSC::HighFidelityTypeProfiler::insertNewLocation): (JSC::HighFidelityTypeProfiler::findLocation): (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getLocationBasedHash): Deleted.
• runtime/HighFidelityTypeProfiler.h: (JSC::LocationKey::LocationKey): Deleted. (JSC::LocationKey::hash): Deleted. (JSC::LocationKey::operator==): Deleted.
• runtime/Structure.cpp: (JSC::Structure::toStructureShape):
• runtime/Structure.h:
• runtime/TypeSet.cpp: (JSC::TypeSet::TypeSet): (JSC::TypeSet::addTypeForValue): (JSC::TypeSet::seenTypes): (JSC::TypeSet::removeDuplicatesInStructureHistory): Deleted.
• runtime/TypeSet.h: (JSC::StructureShape::setConstructorName):
• runtime/VM.cpp: (JSC::VM::getTypesForVariableAtOffset): (JSC::VM::dumpHighFidelityProfilingTypes): (JSC::VM::getTypesForVariableInRange): Deleted.
• runtime/VM.h:

2014-07-04 Filip Pizlo <​fpizlo@apple.com>

[ftlopt][REGRESSION] debug tests fail because PutByIdDirect is now implemented in terms of In
​https://bugs.webkit.org/show_bug.cgi?id=134642

Rubber stamped by Andreas Kling.

• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode):

2014-07-01 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Allocate a new GetterSetter if we change the value of any of its entries other than when they were previously null, so that if we constant-infer an accessor slot then we immediately get the function constant for free
​https://bugs.webkit.org/show_bug.cgi?id=134518

Reviewed by Mark Hahnenberg.

This has no real effect right now, particularly since almost all uses of
setSetter/setGetter were already allocating a branch new GetterSetter. But once we start
doing more aggressive constant property inference, this change will allow us to remove
all runtime checks from getter/setter calls.

• runtime/GetterSetter.cpp: (JSC::GetterSetter::withGetter): (JSC::GetterSetter::withSetter):
• runtime/GetterSetter.h: (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setSetter):
• runtime/JSObject.cpp: (JSC::JSObject::defineOwnNonIndexProperty):

2014-07-02 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Rename notifyTransitionFromThisStructure to didTransitionFromThisStructure

Rubber stamped by Mark Hahnenberg.

• runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::nonPropertyTransition): (JSC::Structure::didTransitionFromThisStructure): (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
• runtime/Structure.h:

2014-07-02 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Remove the functionality for cloning StructureRareData since we never do that anymore.

Rubber stamped by Mark Hahnenberg.

• runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::cloneRareDataFrom): Deleted.
• runtime/Structure.h:
• runtime/StructureRareData.cpp: (JSC::StructureRareData::clone): Deleted. (JSC::StructureRareData::StructureRareData): Deleted.
• runtime/StructureRareData.h: (JSC::StructureRareData::needsCloning): Deleted.

2014-07-01 Mark Lam <​mark.lam@apple.com>

[ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
<​https://webkit.org/b/134420>

Reviewed by Geoffrey Garen.

Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
peers) which the WebInspector will use to introspect CallFrame variables.
Instead, we should be returning a DebuggerScope as an abstraction layer that
provides the introspection functionality that the WebInspector needs. This
is the first step towards not forcing every frame to have a JSActivation
object just because the debugger is enabled.

1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject instead of the VM. This allows JSObject::globalObject() to be able to return the global object for the DebuggerScope.

2. On the DebuggerScope's life-cycle management:

The DebuggerCallFrame is designed to be "valid" only during a debugging session
(while the debugger is broken) through the use of a DebuggerCallFrameScope in
Debugger::pauseIfNeeded(). Once the debugger resumes from the break, the
DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
We can't guarantee (from this code alone) that the Inspector code isn't still
holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
the frame will be invalidated, and any attempt to query it will return null values.
This is pre-existing behavior.

Now, we're adding the DebuggerScope into the picture. While a single debugger
pause session is in progress, the Inspector may request the scope from the
DebuggerCallFrame. While the DebuggerCallFrame is still valid, we want
DebuggerCallFrame::scope() to always return the same DebuggerScope object.
This is why we hold on to the DebuggerScope with a strong ref.

If we use a weak ref instead, the following cooky behavior can manifest:

1. The Inspector calls Debugger::scope() to get the top scope.
2. The Inspector iterates down the scope chain and is now only holding a reference to a parent scope. It is no longer referencing the top scope.
3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope gets cleared.
4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets a different DebuggerScope instance.
5. The Inspector iterates down the scope chain but never sees the parent scope instance that retained a ref to in step 2 above. This is because when iterating this new DebuggerScope instance (which has no knowledge of the previous parent DebuggerScope instance), a new DebuggerScope instance will get created for the same parent scope.

Since the DebuggerScope is a JSObject, it's liveness is determined by its reachability.
However, it's "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
instantiated) will also get invalidated. This is why we need the
DebuggerScope::invalidateChain() method. The Inspector should not be using the
DebuggerScope instance after its owner DebuggerCallFrame is invalidated. If it does,
those methods will do nothing or returned a failed status.

• debugger/Debugger.h:
• debugger/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::scope): (JSC::DebuggerCallFrame::evaluate): (JSC::DebuggerCallFrame::invalidate): (JSC::DebuggerCallFrame::vm): (JSC::DebuggerCallFrame::lexicalGlobalObject):
• debugger/DebuggerCallFrame.h:
• debugger/DebuggerScope.cpp: (JSC::DebuggerScope::DebuggerScope): (JSC::DebuggerScope::finishCreation): (JSC::DebuggerScope::visitChildren): (JSC::DebuggerScope::className): (JSC::DebuggerScope::getOwnPropertySlot): (JSC::DebuggerScope::put): (JSC::DebuggerScope::deleteProperty): (JSC::DebuggerScope::getOwnPropertyNames): (JSC::DebuggerScope::defineOwnProperty): (JSC::DebuggerScope::next): (JSC::DebuggerScope::invalidateChain): (JSC::DebuggerScope::isWithScope): (JSC::DebuggerScope::isGlobalScope): (JSC::DebuggerScope::isFunctionScope):
• debugger/DebuggerScope.h: (JSC::DebuggerScope::create): (JSC::DebuggerScope::Iterator::Iterator): (JSC::DebuggerScope::Iterator::get): (JSC::DebuggerScope::Iterator::operator++): (JSC::DebuggerScope::Iterator::operator==): (JSC::DebuggerScope::Iterator::operator!=): (JSC::DebuggerScope::isValid): (JSC::DebuggerScope::jsScope): (JSC::DebuggerScope::begin): (JSC::DebuggerScope::end):
• inspector/JSJavaScriptCallFrame.cpp: (Inspector::JSJavaScriptCallFrame::scopeType): (Inspector::JSJavaScriptCallFrame::scopeChain):
• inspector/JavaScriptCallFrame.h: (Inspector::JavaScriptCallFrame::scopeChain):
• inspector/ScriptDebugServer.cpp:
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::debuggerScopeStructure):
• runtime/JSObject.h: (JSC::JSObject::isWithScope):
• runtime/JSScope.h:
• runtime/VM.cpp: (JSC::VM::VM):
• runtime/VM.h:

2014-07-01 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] DFG bytecode parser should turn PutById with nothing but a Setter stub as stuff+handleCall, and handleCall should be allowed to inline if it wants to
​https://bugs.webkit.org/show_bug.cgi?id=130756

Reviewed by Oliver Hunt.

The enables exposing the call to setters in the DFG, and then inlining it. Previously we
already supproted inlined-cached calls to setters from within put_by_id inline caches,
and the DFG could certainly emit such IC's. Now, if an IC had a setter call, then the DFG
will either emit the GetGetterSetterByOffset/GetSetter/Call combo, or it will do one
better and inline the call.

A lot of the core functionality was already available from the previous work to inline
getters. So, there are some refactorings in this patch that move preexisting
functionality around. For example, the work to figure out how the DFG should go about
getting to what we call the "loaded value" - i.e. the GetterSetter object reference in
the case of accessors - is now shared in ComplexGetStatus, and both GetByIdStatus and
PutByIdStatus use it. This means that we can keep the safety checks common. This patch
also does additional refactorings in DFG::ByteCodeParser so that we can continue to reuse
handleCall() for all of the various kinds of calls we can now emit.

83% speed-up on getter-richards, 2% speed-up on box2d.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/ComplexGetStatus.cpp: Added. (JSC::ComplexGetStatus::computeFor):
• bytecode/ComplexGetStatus.h: Added. (JSC::ComplexGetStatus::ComplexGetStatus): (JSC::ComplexGetStatus::skip): (JSC::ComplexGetStatus::takesSlowPath): (JSC::ComplexGetStatus::kind): (JSC::ComplexGetStatus::attributes): (JSC::ComplexGetStatus::specificValue): (JSC::ComplexGetStatus::offset): (JSC::ComplexGetStatus::chain):
• bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo):
• bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::GetByIdVariant):
• bytecode/PolymorphicPutByIdList.h: (JSC::PutByIdAccess::PutByIdAccess): (JSC::PutByIdAccess::setter): (JSC::PutByIdAccess::structure): (JSC::PutByIdAccess::chainCount):
• bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFromLLInt): (JSC::PutByIdStatus::computeFor): (JSC::PutByIdStatus::computeForStubInfo): (JSC::PutByIdStatus::makesCalls):
• bytecode/PutByIdStatus.h: (JSC::PutByIdStatus::makesCalls): Deleted.
• bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::operator=): (JSC::PutByIdVariant::replace): (JSC::PutByIdVariant::transition): (JSC::PutByIdVariant::setter): (JSC::PutByIdVariant::writesStructures): (JSC::PutByIdVariant::reallocatesStorage): (JSC::PutByIdVariant::makesCalls): (JSC::PutByIdVariant::dumpInContext):
• bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::structure): (JSC::PutByIdVariant::oldStructure): (JSC::PutByIdVariant::alternateBase): (JSC::PutByIdVariant::specificValue): (JSC::PutByIdVariant::callLinkStatus): (JSC::PutByIdVariant::replace): Deleted. (JSC::PutByIdVariant::transition): Deleted.
• dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult): (JSC::DFG::ByteCodeParser::addCall): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
• jit/Repatch.cpp: (JSC::tryCachePutByID): (JSC::tryBuildPutByIdList):
• runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::takesSlowPathInDFGForImpureProperty):
• runtime/IntendedStructureChain.h:
• tests/stress/exit-from-setter.js: Added.
• tests/stress/poly-chain-setter.js: Added. (Cons): (foo): (test):
• tests/stress/poly-chain-then-setter.js: Added. (Cons1): (Cons2): (foo): (test):
• tests/stress/poly-setter-combo.js: Added. (Cons1): (Cons2): (foo): (test): (.test):
• tests/stress/poly-setter-then-self.js: Added. (foo): (test): (.test):
• tests/stress/weird-setter-counter.js: Added. (foo): (test):
• tests/stress/weird-setter-counter-syntactic.js: Added. (foo): (test):

2014-07-01 Matthew Mirman <​mmirman@apple.com>

Added an implementation of the "in" check to FTL.
​https://bugs.webkit.org/show_bug.cgi?id=134508

Reviewed by Filip Pizlo.

• ftl/FTLCapabilities.cpp: enabled compilation for "in" (JSC::FTL::canCompile): ditto
• ftl/FTLCompile.cpp: (JSC::FTL::generateCheckInICFastPath): added. (JSC::FTL::fixFunctionBasedOnStackMaps): added case for CheckIn descriptors.
• ftl/FTLInlineCacheDescriptor.h: (JSC::FTL::CheckInGenerator::CheckInGenerator): added. (JSC::FTL::CheckInDescriptor::CheckInDescriptor): added.
• ftl/FTLInlineCacheSize.cpp: (JSC::FTL::sizeOfCheckIn): added. Currently larger than necessary.
• ftl/FTLInlineCacheSize.h: ditto
• ftl/FTLIntrinsicRepository.h: Added function type for operationInGeneric
• ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): added case for In. (JSC::FTL::LowerDFGToLLVM::compileIn): added.
• ftl/FTLSlowPathCall.cpp: Added a callOperation for operationIn (JSC::FTL::callOperation): ditto
• ftl/FTLSlowPathCall.h: ditto
• ftl/FTLState.h: Added a vector to hold CheckIn descriptors.
• jit/JITOperations.h: made operationIns internal.
• tests/stress/ftl-checkin.js: Added.
• tests/stress/ftl-checkin-variable.js: Added.

2014-06-30 Mark Hahnenberg <​mhahnenberg@apple.com>

CodeBlock::stronglyVisitWeakReferences should mark DFG::CommonData::weakStructureReferences
​https://bugs.webkit.org/show_bug.cgi?id=134455

Reviewed by Geoffrey Garen.

Otherwise we get hanging pointers which can cause us to die later.

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::stronglyVisitWeakReferences):

2014-06-27 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Reduce the GC's influence on optimization decisions
​https://bugs.webkit.org/show_bug.cgi?id=134427

Reviewed by Oliver Hunt.

This is a slight speed-up on some platforms, that arises from a bunch of fixes that I made
while trying to make the GC keep more structures alive
(​https://bugs.webkit.org/show_bug.cgi?id=128072).

The fixes are, roughly:

• If the GC clears an inline cache, then this no longer causes the IC to be forever polymorphic.

• If we exit in inlined code into a function that tries to OSR enter, then we jettison sooner.

• Some variables being uninitialized led to rage-recompilations.

This is a pretty strong step in the direction of keeping more Structures alive and not
blowing away code just because a Structure died. But, it seems like there is still a slight
speed-up to be had from blowing away code that references dead Structures.

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpAssumingJITType): (JSC::shouldMarkTransition): (JSC::CodeBlock::propagateTransitions): (JSC::CodeBlock::determineLiveness):
• bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo):
• bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeForStubInfo):
• dfg/DFGCapabilities.cpp: (JSC::DFG::isSupportedForInlining): (JSC::DFG::mightInlineFunctionForCall): (JSC::DFG::mightInlineFunctionForClosureCall): (JSC::DFG::mightInlineFunctionForConstruct):
• dfg/DFGCapabilities.h:
• dfg/DFGCommonData.h:
• dfg/DFGDesiredWeakReferences.cpp: (JSC::DFG::DesiredWeakReferences::reallyAdd):
• dfg/DFGOSREntry.cpp: (JSC::DFG::prepareOSREntry):
• dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::handleExitCounts):
• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• ftl/FTLForOSREntryJITCode.cpp: (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode): These variables being uninitialized is benign in terms of correctness but can sometimes cause rage-recompilations. For some reason it took this patch to reveal this.
• ftl/FTLOSREntry.cpp: (JSC::FTL::prepareOSREntry):
• runtime/Executable.cpp: (JSC::ExecutableBase::destroy): (JSC::NativeExecutable::destroy): (JSC::ScriptExecutable::ScriptExecutable): (JSC::ScriptExecutable::destroy): (JSC::ScriptExecutable::installCode): (JSC::EvalExecutable::EvalExecutable): (JSC::ProgramExecutable::ProgramExecutable):
• runtime/Executable.h: (JSC::ScriptExecutable::setDidTryToEnterInLoop): (JSC::ScriptExecutable::didTryToEnterInLoop): (JSC::ScriptExecutable::addressOfDidTryToEnterInLoop): (JSC::ScriptExecutable::ScriptExecutable): Deleted.
• runtime/StructureInlines.h: (JSC::Structure::storedPrototypeObject): (JSC::Structure::storedPrototypeStructure):

2014-06-25 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
​https://bugs.webkit.org/show_bug.cgi?id=134333

Reviewed by Geoffrey Garen.

This is engineered to provide loads of information to the profiler without incurring any
costs when the profiler is disabled. It's the oldest trick in the book: the thing that
fires the watchpoint doesn't actually create anything to describe the reason why it was
fired; instead it creates a stack-allocated FireDetail subclass instance. Only if the
FireDetail::dump() virtual method is called does anything happen.

Currently we use this to produce very fine-grained data for Structure watchpoints and
some cases of variable watchpoints. For all other situations, the given reason is just a
string constant, by using StringFireDetail. If we find a situation where that string
constant is insufficient to diagnose an issue then we can change it to provide more
fine-grained information.

• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::jettison):
• bytecode/CodeBlock.h:
• bytecode/CodeBlockJettisoningWatchpoint.cpp: (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
• bytecode/CodeBlockJettisoningWatchpoint.h:
• bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Removed.
• bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Removed.
• bytecode/StructureStubClearingWatchpoint.cpp: (JSC::StructureStubClearingWatchpoint::fireInternal):
• bytecode/StructureStubClearingWatchpoint.h:
• bytecode/VariableWatchpointSet.h: (JSC::VariableWatchpointSet::invalidate): (JSC::VariableWatchpointSet::finalizeUnconditionally):
• bytecode/VariableWatchpointSetInlines.h: (JSC::VariableWatchpointSet::notifyWrite):
• bytecode/Watchpoint.cpp: (JSC::StringFireDetail::dump): (JSC::WatchpointSet::fireAll): (JSC::WatchpointSet::fireAllSlow): (JSC::WatchpointSet::fireAllWatchpoints): (JSC::InlineWatchpointSet::fireAll):
• bytecode/Watchpoint.h: (JSC::FireDetail::FireDetail): (JSC::FireDetail::~FireDetail): (JSC::StringFireDetail::StringFireDetail): (JSC::Watchpoint::fire): (JSC::WatchpointSet::fireAll): (JSC::WatchpointSet::touch): (JSC::WatchpointSet::invalidate): (JSC::InlineWatchpointSet::fireAll): (JSC::InlineWatchpointSet::touch):
• dfg/DFGCommonData.h:
• dfg/DFGOperations.cpp:
• interpreter/Interpreter.cpp: (JSC::Interpreter::execute):
• jsc.cpp: (WTF::Masquerader::create):
• profiler/ProfilerCompilation.cpp: (JSC::Profiler::Compilation::setJettisonReason): (JSC::Profiler::Compilation::toJS):
• profiler/ProfilerCompilation.h: (JSC::Profiler::Compilation::setJettisonReason): Deleted.
• runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer):
• runtime/ArrayBufferNeuteringWatchpoint.cpp: (JSC::ArrayBufferNeuteringWatchpoint::fireAll):
• runtime/ArrayBufferNeuteringWatchpoint.h:
• runtime/CommonIdentifiers.h:
• runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL):
• runtime/Identifier.cpp: (JSC::Identifier::dump):
• runtime/Identifier.h:
• runtime/JSFunction.cpp: (JSC::JSFunction::put): (JSC::JSFunction::defineOwnProperty):
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::addFunction): (JSC::JSGlobalObject::haveABadTime):
• runtime/JSSymbolTableObject.cpp: (JSC::VariableWriteFireDetail::dump):
• runtime/JSSymbolTableObject.h: (JSC::VariableWriteFireDetail::VariableWriteFireDetail): (JSC::symbolTablePut): (JSC::symbolTablePutWithAttributes):
• runtime/PropertyName.h: (JSC::PropertyName::dump):
• runtime/Structure.cpp: (JSC::Structure::notifyTransitionFromThisStructure):
• runtime/Structure.h: (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
• runtime/SymbolTable.cpp: (JSC::SymbolTableEntry::notifyWriteSlow): (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
• runtime/SymbolTable.h: (JSC::SymbolTableEntry::notifyWrite):
• runtime/VM.cpp: (JSC::VM::addImpureProperty):

Source/WebCore:

2014-07-01 Mark Lam <​mark.lam@apple.com>

[ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
<​https://webkit.org/b/134420>

Reviewed by Geoffrey Garen.

No new tests.

• ForwardingHeaders/debugger/DebuggerCallFrame.h: Removed.
• This is not in use. Hence, we can remove it.
• bindings/js/ScriptController.cpp: (WebCore::ScriptController::attachDebugger):
• We should acquire the JSLock before modifying a JS global object.

2014-06-25 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
​https://bugs.webkit.org/show_bug.cgi?id=134333

Reviewed by Geoffrey Garen.

No new tests because no change in behavior.

• bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader):

Tools:

2014-06-25 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
​https://bugs.webkit.org/show_bug.cgi?id=134333

Reviewed by Geoffrey Garen.

• Scripts/display-profiler-output:

LayoutTests:

2014-07-16 Mark Hahnenberg <​mhahnenberg@apple.com>

sputnik/Implementation_Diagnostics/S12.6.4_D1.html depends on undefined behavior
​https://bugs.webkit.org/show_bug.cgi?id=135007

Reviewed by Filip Pizlo.

EcmaScript 5.1 specifies that during for-in enumeration newly added properties may or may not be
visited during the current enumeration. Specifically, in section 12.6.4 the spec states:

"If new properties are added to the object being enumerated during enumeration, the newly added properties
are not guaranteed to be visited in the active enumeration."

The sputnik/Implementation_Diagnostics/S12.6.4_D1.html layout test is from before sputnik was added
to the test262 suite. I believe it has since been removed, so it would probably be okay to remove it
from our layout test suite.

• sputnik/Implementation_Diagnostics/S12.6.4_D1-expected.txt: Removed.
• sputnik/Implementation_Diagnostics/S12.6.4_D1.html: Removed.

2014-07-13 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
​https://bugs.webkit.org/show_bug.cgi?id=134677

Reviewed by Sam Weinig.

• js/regress/gcse-expected.txt: Added.
• js/regress/gcse-poly-get-expected.txt: Added.
• js/regress/gcse-poly-get-less-obvious-expected.txt: Added.
• js/regress/gcse-poly-get-less-obvious.html: Added.
• js/regress/gcse-poly-get.html: Added.
• js/regress/gcse.html: Added.
• js/regress/script-tests/gcse-poly-get-less-obvious.js: Added.
• js/regress/script-tests/gcse-poly-get.js: Added.
• js/regress/script-tests/gcse.js: Added.

2014-07-04 Filip Pizlo <​fpizlo@apple.com>

[ftlopt] Infer immutable object properties
​https://bugs.webkit.org/show_bug.cgi?id=134567

Reviewed by Mark Hahnenberg.

• js/regress/infer-constant-global-property-expected.txt: Added.
• js/regress/infer-constant-global-property.html: Added.
• js/regress/infer-constant-property-expected.txt: Added.
• js/regress/infer-constant-property.html: Added.
• js/regress/script-tests/infer-constant-global-property.js: Added.
• js/regress/script-tests/infer-constant-property.js: Added.

10:20 PM Changeset in webkit [172128] by ryuan.choi@samsung.com

• 2 edits in trunk/Source/WebCore

Build break since r172093
​https://bugs.webkit.org/show_bug.cgi?id=135636

Reviewed by Gyuyoung Kim.

Since r172093, AbstractView.idl is added in CMake Build but CodeGeneratorJS.pm does not take care of it.

No new tests required, no new functionality.

• bindings/scripts/CodeGeneratorJS.pm:

(ShouldGenerateToJSDeclaration):
(ShouldGenerateToJSImplementation):
(GetImplClassName): Added to rename implClassName to DOMWindow if interface name is AbstractView.
(GenerateHeader):
(GenerateImplementation):

10:13 PM Changeset in webkit [172127] by Lucas Forschler

• 5 edits in branches/safari-600.1-branch/Source

Versioning.

10:09 PM Changeset in webkit [172126] by Lucas Forschler

• 1 copy in tags/Safari-600.1.7

New Tag.

9:53 PM Changeset in webkit [172125] by dburkart@apple.com

• 5 edits in tags/Safari-600.1.2.7/Source

Versioning.

9:25 PM Changeset in webkit [172124] by dburkart@apple.com

• 2 edits in tags/Safari-600.1.2.7/Source/WebCore

Merge r172114 <rdar://problem/17925495>.

9:21 PM Changeset in webkit [172123] by dburkart@apple.com

• 2 edits in tags/Safari-600.1.2.7/WebKitLibraries

Merge Patch for <rdar://problem/17923227>.

9:18 PM Changeset in webkit [172122] by dburkart@apple.com

• 1 copy in tags/Safari-600.1.2.7

New Tag

8:27 PM Changeset in webkit [172121] by dburkart@apple.com

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r172114

7:30 PM Changeset in webkit [172120] by commit-queue@webkit.org

• 4 edits
  3 deletes in trunk

Unreviewed, rolling out r172099.
​https://bugs.webkit.org/show_bug.cgi?id=135635

Needs a do-over. (Requested by kling on #webkit).

Reverted changeset:

"The JIT should cache property lookup misses."
​https://bugs.webkit.org/show_bug.cgi?id=135578
​http://trac.webkit.org/changeset/172099

7:19 PM Changeset in webkit [172119] by commit-queue@webkit.org

• 3 edits
  4 adds
  1 delete in trunk

[CG] strokeRect does not honor lineJoin
​https://bugs.webkit.org/show_bug.cgi?id=132948

Patch by Nikos Andronikos <​nikos.andronikos-webkit@cisra.canon.com.au> on 2014-08-05
Reviewed by Darin Adler.

Source/WebCore:

Replaced use of CGContextStrokeRectWithWidth convenience function with explicit
call to CGContextAddRect and CGContextStrokePath. The convenience functions
CGContextStrokeRect and CGContextStrokeRectWithWidth fail to apply some attributes
(e.g. stroke join) of the graphics state in certain cases.

Test: fast/canvas/canvas-strokeRect-lineJoin.html

• platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::strokeRect):

LayoutTests:

Test behavior of canvas with stroke rect with line join

• fast/canvas/canvas-strokeRect-lineJoin-expected.txt: Added.
• fast/canvas/canvas-strokeRect-lineJoin.html: Added.
• fast/canvas/script-tests/canvas-strokeRect-lineJoin.js: Added.
• platform/mac-mountainlion/canvas/philip/tests/2d.strokeRect.zero.5-expected.txt: Added.
• platform/mac/fast/canvas/canvas-strokeRect-alpha-shadow-expected.txt: Removed.

6:39 PM Changeset in webkit [172118] by dfarler@apple.com

• 3 edits in trunk/Tools

[iOS] Run ImageDiff in the sim bootstrap
​https://bugs.webkit.org/show_bug.cgi?id=135624

Reviewed by David Kilzer.

• Scripts/webkitpy/port/image_diff.py:

(ImageDiffer.stop):
(IOSSimulatorImageDiffer):
(IOSSimulatorImageDiffer._start):

• Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.diff_image):

6:38 PM Changeset in webkit [172117] by dfarler@apple.com

• 2 edits
  3 adds in trunk/Tools

[iOS] run-webkit-tests: defaults for --runtime and --device-type flags
​https://bugs.webkit.org/show_bug.cgi?id=135441

Reviewed by Tim Horton.

• Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(parse_args):
(_set_up_derived_options):
If using the ios-simulator platform and runtime or device-type
aren't defined, get the latest runtime from the active Xcode.app
and pick a default device type based on the desired architecture:
iPhone 5 for i386 and iPhone 5s for x86_64.

• Scripts/webkitpy/xcode/init.py: Added.
• Scripts/webkitpy/xcode/simulator.py: Added.

6:30 PM Changeset in webkit [172116] by Bem Jones-Bey

• 4 edits in trunk/LayoutTests

[GTK] [CSS Shapes] Layout test fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html fails
​https://bugs.webkit.org/show_bug.cgi?id=135585

Reviewed by Zoltan Horvath.

The positioning was dependent on the font metrics of the <p> tag,
which differs between platforms. This fixes that, which should make
the test pass on all platforms.

• fast/shapes/shape-outside-floats/shape-outside-image-shape-margin-expected.html:
• fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html:
• platform/gtk/TestExpectations:

6:07 PM Changeset in webkit [172115] by dfarler@apple.com

• 2 edits in trunk/Tools

[iOS] simctl can hang if run quickly after shutting down CoreSimulator services
​https://bugs.webkit.org/show_bug.cgi?id=135626

Reviewed by Dan Bernstein.

• Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run):
Remove call to simctl shutdown <device> - telling the simulator app to quit
will shut down all booted devices.

6:06 PM Changeset in webkit [172114] by Brent Fulgham

• 2 edits in trunk/Source/WebCore

[Win] Build attempts to use ANGLE when not building WebGL.
​https://bugs.webkit.org/show_bug.cgi?id=135630
<rdar://problem/135630>

Unreviewed build fix.

• platform/graphics/win/GraphicsContext3DWin.cpp: Move #include of GraphicsContext3D.h

inside USE(3D_GRAPHICS) guard.

6:02 PM Changeset in webkit [172113] by commit-queue@webkit.org

• 2 edits in trunk/Source/JavaScriptCore

Fix resource leak of unclosed file descriptor.
​https://bugs.webkit.org/show_bug.cgi?id=135417

Patch by Przemyslaw Kuczynski <​p.kuczynski@samsung.com> on 2014-08-05
Reviewed by Darin Adler.

When open returns zero, fd handle leaks. Checking (fd > 0) needs to be replaced
with (fd != -1).

• assembler/MacroAssemblerARM.cpp:

(JSC::isVFPPresent):

5:54 PM Changeset in webkit [172112] by Simon Fraser

• 3 edits
  4 adds in trunk

[iOS WK2] Crash going back on a specific tumblr blog (under ScrollingStateTree::removeNodeAndAllDescendants)
​https://bugs.webkit.org/show_bug.cgi?id=135629
<rdar://problem/17802174>

Reviewed by Tim Horton.

Source/WebCore:

In r170198 I added an "orphan scrolling nodes" code path that sets aside subtrees
of scrolling nodes into an m_orphanedSubframeNodes map, which keeps them alive until
they get reparented or destroyed. The nodes in that subtree remain in m_stateNodeMap,
which holds raw pointers to them.

However, ScrollingStateTree::commit() can clear m_orphanedSubframeNodes, which is
sometimes non-empty at this point. When that happened, we would destroy nodes which
were still referenced by m_stateNodeMap, with the result that a later query for the
same nodeID would hand back a pointer to a deleted object.

Fix by calling recursiveNodeWillBeRemoved() on nodes in the m_orphanedSubframeNodes
before clearing it, which removes them and all their descendants from the state node map.

Test: platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree.html

• page/scrolling/ScrollingStateTree.cpp:

(WebCore::ScrollingStateTree::clear):
(WebCore::ScrollingStateTree::commit):

LayoutTests:

Testcase with nesting of frames inside fixed inside frames, where a subframe disconnects
part of the scrolling tree.

• platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree-expected.txt: Added.
• platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree.html: Added.
• platform/mac-wk2/tiled-drawing/scrolling/frames/resources/leaf-frame.html: Added.
• platform/mac-wk2/tiled-drawing/scrolling/frames/resources/subframe-inside-fixed.html: Added.

4:44 PM Changeset in webkit [172111] by Lucas Forschler

• 14 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172104. <rdar://problem/17202556>

4:40 PM Changeset in webkit [172110] by commit-queue@webkit.org

• 8 edits in trunk/Source/WebCore

Add the ability to force text to render in white, not just black
​https://bugs.webkit.org/show_bug.cgi?id=135625

Patch by Peyton Randolph <​prandolph@apple.com> on 2014-08-05
Reviewed by Beth Dakin.

This patch introduces PaintBehaviorForceWhiteText, a complement to PaintBehaviorForceBlackText. If
a client specifies both PaintBehaviorForceWhiteText and PaintBehaviorForceBlackText, the text will be
painted black.

No new tests.

• rendering/EllipsisBox.cpp:

(WebCore::EllipsisBox::paint): Use the forced text color to paint the text if requested.

• rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint): Disable the text shadow if a text color has been forced.

• rendering/PaintInfo.h:

(WebCore::PaintInfo::forceTextColor):
Return true iff the client has requested to force a black or white text color.
(WebCore::PaintInfo::forceWhiteText):
Return true iff forcing white text has been requested.
(WebCore::PaintInfo::forcedTextColor):
Return the forced text color. Currently only white and black are supported.

• rendering/PaintPhase.h:
• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayerContents): Remove the forceBlackText-related code as it is redundant.
(WebCore::RenderLayer::paintForegroundForFragments):
Remove forceBlackText parameter and infer the correct behavior from the given paint behavior.

• rendering/RenderLayer.h:
• rendering/TextPaintStyle.cpp:

(WebCore::computeTextPaintStyle): Use the forced text color if available.
(WebCore::computeTextSelectionPaintStyle): Use the forced text color if available.

4:39 PM Changeset in webkit [172109] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172083. <rdar://problem/17849206>

4:38 PM Changeset in webkit [172108] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172053. <rdar://problem/17876385>

4:36 PM Changeset in webkit [172107] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172039. <rdar://problem/17876385>

4:34 PM Changeset in webkit [172106] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172034. <rdar://problem/17864079>

4:32 PM Changeset in webkit [172105] by Lucas Forschler

• 8 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172031. <rdar://problem/17864079>

4:32 PM Changeset in webkit [172104] by timothy_horton@apple.com

• 14 edits in trunk/Source/WebKit2

REGRESSION (r164337): Pages are sometimes cut off/oriented incorrectly after using WKThumbnailView
​https://bugs.webkit.org/show_bug.cgi?id=135622
<rdar://problem/17202556>

Reviewed by Dan Bernstein.

In some cases (when the page changed scroll offset while thumbnailed),
when transitioning back to thumbnail scale = 1, we would get the math
wrong and end up with a non-identity sublayerTransform on the DrawingArea.

Luckily, none of this code is necessary anymore, as the only client
of WKThumbnailView only uses its snapshotting mode.

• Shared/ImageOptions.h:

Remove SnapshotOptionsRespectDrawingAreaTransform; DrawingArea no longer
has a rootLayerTransform().

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setThumbnailScale): Deleted.

• UIProcess/WebPageProxy.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scaledSnapshotWithOptions):
(WebKit::WebPage::snapshotAtSize):

(WebKit::WebPage::setThumbnailScale): Deleted.

• WebProcess/WebPage/WebPage.h:
• WebProcess/WebPage/WebPage.messages.in:

Remove setThumbnailScale and SnapshotOptionsRespectDrawingAreaTransform.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didCommitLoad):
Revert this to its state before r164337, as we no longer have "thumbnail scale".

• UIProcess/API/Cocoa/_WKThumbnailView.h:
• UIProcess/API/Cocoa/_WKThumbnailView.mm:

(-[_WKThumbnailView initWithFrame:fromWKView:]):
(-[_WKThumbnailView _viewWasUnparented]):
(-[_WKThumbnailView _viewWasParented]):
(-[_WKThumbnailView _requestSnapshotIfNeeded]):
(-[_WKThumbnailView setScale:]):
Clean up code assuming _shouldApplyThumbnailScale = NO, _usesSnapshot = YES.

(-[_WKThumbnailView setUsesSnapshot:]):
(-[_WKThumbnailView usesSnapshot]):
Always return YES from usesSnapshot; we only support snapshotting WKThumbnailViews.
Ignore setUsesSnapshot.

• UIProcess/API/mac/WKView.mm:

(-[WKView _setThumbnailView:]):
(-[WKView _updateThumbnailViewLayer]):
Stop checking usesSnapshot; it's always true.

• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setRootLayerTransform): Deleted.

• WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::rootLayerTransform): Deleted.

• WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setRootLayerTransform): Deleted.
Remove rootLayerTransform() and setRootLayerTransform().

4:29 PM Changeset in webkit [172103] by Lucas Forschler

• 4 edits in branches/safari-600.1-branch/Source

Merged r172016. <rdar://problem/17896295>

4:27 PM Changeset in webkit [172102] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/WebKitLibraries

Merge Patch for <rdar://problem/17923227>.

4:15 PM Changeset in webkit [172101] by matthew_hanson@apple.com

• 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

4:13 PM Changeset in webkit [172100] by matthew_hanson@apple.com

• 1 copy in tags/Safari-600.1.4.6

New Tag.

4:10 PM Changeset in webkit [172099] by akling@apple.com

• 4 edits
  3 adds in trunk

The JIT should cache property lookup misses.
<​https://webkit.org/b/135578>

Source/JavaScriptCore:

Add support for inline caching of object properties that don't exist.
Previously we'd fall back to the C++ slow-path whenever a property was missing.

It's implemented as a simple GetById-style stub that returns jsUndefined() as
long as the Structure chain check passes.

10x speedup on the included microbenchmark.

Reviewed by Geoffrey Garen.

• jit/Repatch.cpp:

(JSC::toString):
(JSC::kindFor):
(JSC::generateByIdStub):
(JSC::tryCacheGetByID):
(JSC::patchJumpToGetByIdStub):

• runtime/PropertySlot.h:

(JSC::PropertySlot::isUnset):

LayoutTests:

Add a JS microbenchmark that accesses an undefined property in a hot loop.

Reviewed by Geoffrey Garen.

• js/regress/script-tests/undefined-property-access.js: Added.

(foo):

• js/regress/undefined-property-access-expected.txt: Added.
• js/regress/undefined-property-access.html: Added.

4:06 PM Changeset in webkit [172098] by commit-queue@webkit.org

• 4 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r172009.
​https://bugs.webkit.org/show_bug.cgi?id=135627

"Commit landed on trunk instead of ftlopt branch." (Requested
by saamyjoon on #webkit).

Reverted changeset:

"Create a more generic way for VMEntryScope to notify those
interested that it will be destroyed"
​https://bugs.webkit.org/show_bug.cgi?id=135358
​http://trac.webkit.org/changeset/172009

4:00 PM Changeset in webkit [172097] by ap@apple.com

• 2 edits in trunk/Tools

Remove an unused argument from BuildbotQueue.update()
​https://bugs.webkit.org/show_bug.cgi?id=135623

Reviewed by Timothy Hatcher.

Also remaned a constant to better match what it means.

• BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:

3:43 PM Changeset in webkit [172096] by Lucas Forschler

• 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172032. <rdar://problem/17856763>

3:41 PM Changeset in webkit [172095] by Lucas Forschler

• 5 edits in branches/safari-600.1-branch

Merged r172028. <rdar://problem/17072113>

3:32 PM Changeset in webkit [172094] by Brian Burg

• 19 edits in trunk/Source/WebInspectorUI

Web Inspector: support storing multiple timeline recordings in the manager
​https://bugs.webkit.org/show_bug.cgi?id=132875

Reviewed by Timothy Hatcher.

This patch adds support for capturing multiple timeline recordings and switching
between them in the user interface using hierarchical path components.

• Localizations/en.lproj/localizedStrings.js:
• UserInterface/Base/Main.js:

(WebInspector.contentLoaded): Remove hard-coded priming of the timeline sidebar panel.
Instead, load the first recording in the timeline manager after the initial load.

(WebInspector._revealAndSelectRepresentedObjectInNavigationSidebar): Don't suppress
onselect events when selecting the tree element for a newly shown content view. This
allows the sidebar to sync the current content view and timeline tree element selection
with what is displayed in the content browser.

• UserInterface/Controllers/TimelineManager.js: Add two new events, RecordingCreated and

RecordingLoaded. A recording is considered active when any new records recieved will be
appended to that recording. The user interface is not necessarily viewing the active
recording.

(WebInspector.TimelineManager.delayedWork):
(WebInspector.TimelineManager): Keep a list of recordings, and load the first recording
asynchronously so that everyone can add an event listener for it.

(WebInspector.TimelineManager.prototype.get activeRecording):
(WebInspector.TimelineManager.prototype.get recordings):
(WebInspector.TimelineManager.prototype.startCapturing):
(WebInspector.TimelineManager.prototype.stopCapturing): Use promises to make the iOS 7
fallback path better match the async semantics of the non-fallback path.

(WebInspector.TimelineManager.prototype.unloadRecording):
(WebInspector.TimelineManager.prototype._loadNewRecording): Stop capturing and unload
any existing recording before creating and loading a new recording.

(WebInspector.TimelineManager.prototype._startAutoCapturing): Create a new recording
rather than resetting the current recording.

• UserInterface/Models/NetworkTimeline.js:

(WebInspector.NetworkTimeline):

• UserInterface/Models/Timeline.js:

(WebInspector.Timeline):
(WebInspector.Timeline.prototype.get type): Each timeline stores its TimelineRecord.Type
so that other code can create type-specific views using the Timeline as a representedObject.

• UserInterface/Models/TimelineRecording.js: For each recording, add new state for a unique identifier,

display string, and an isWritable flag. Once a recording is unloaded, it becomes read-only.
(WebInspector.TimelineRecording.prototype.get displayName):
(WebInspector.TimelineRecording.prototype.get identifier):
(WebInspector.TimelineRecording.prototype.isWritable):
(WebInspector.TimelineRecording.prototype.unloaded):
(WebInspector.TimelineRecording.prototype.reset): A recording can only be reset if it is writable.

• UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setTimelineProfilingEnabled): Don't make redundant start/stop capturing calls.

• UserInterface/Views/LayoutTimelineOverviewGraph.js: Use a timeline as the representedObject for all

timeline-specific graphs and views. Otherwise, use the recording.
(WebInspector.LayoutTimelineOverviewGraph):

• UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):
(WebInspector.LayoutTimelineView.prototype._treeElementSelected):

• UserInterface/Views/NetworkTimelineOverviewGraph.js:

(WebInspector.NetworkTimelineOverviewGraph):

• UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):

• UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView.prototype._networkTimelineRecordAdded):

• UserInterface/Views/ScriptTimelineOverviewGraph.js:

(WebInspector.ScriptTimelineOverviewGraph):

• UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView):
(WebInspector.ScriptTimelineView.prototype._treeElementSelected):

• UserInterface/Views/TimelineContentView.js: Iterate over timeline objects when setting up maps. Use timelines

as keys rather than their type identifiers.
(WebInspector.TimelineContentView.prototype.showTimelineViewForTimeline): Renamed from showTimelineView. This
function takes a Timeline instance rather than an identifier, since the conten view is specific to one recording.
(WebInspector.TimelineContentView.prototype.get selectionPathComponents): Match types against the currently
visible timeline's representedObject.
(WebInspector.TimelineContentView.prototype.get currentTimelineView): Used by the sidebar panel to sync timeline
tree element selections to TimelineView shown by the TimelineContentView.
(WebInspector.TimelineContentView.prototype.shown): Sync enablement of the "Clear Timelines" button to recording
read-only state.

(WebInspector.TimelineContentView.prototype.saveToCookie):
(WebInspector.TimelineContentView.prototype.restoreFromCookie): Added. Only handle saving/restoring the subview.

(WebInspector.TimelineContentView.prototype._pathComponentSelected):
(WebInspector.TimelineContentView.prototype._showTimelineView): Relax the early return so that timeline views
and content tree outlines are reattached when re-navigating to the same timeline view via back-forward entries.
(WebInspector.TimelineContentView.prototype.showTimelineView): Deleted.

• UserInterface/Views/TimelineOverviewGraph.js:

(WebInspector.TimelineOverviewGraph):

• UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel): Keep a tree outline and tree element map for storing available recordings.
(WebInspector.TimelineSidebarPanel.createTimelineTreeElement):
(WebInspector.TimelineSidebarPanel.prototype.shown): Added.
(WebInspector.TimelineSidebarPanel.prototype.showDefaultContentView): Add a guard.
(WebInspector.TimelineSidebarPanel.prototype.get hasSelectedElement): Added. Selected recording tree elements
should be considered when deciding whether a represented object has been selected in the sidebar panel.

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.looselyCompareRepresentedObjects):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject):
(WebInspector.TimelineSidebarPanel.prototype.showTimelineOverview):
(WebInspector.TimelineSidebarPanel.prototype.showTimelineViewForType): Renamed to explicit take a type identifier.
Delegate the actual showing of the timeline view to the onselect handler for the timelines tree outline.

(WebInspector.TimelineSidebarPanel.prototype.matchTreeElementAgainstCustomFilters):
(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie): Fix a typo.
(WebInspector.TimelineSidebarPanel.prototype.restoreStateFromCookie): Fix a typo.
(WebInspector.TimelineSidebarPanel.prototype._recordingsTreeElementSelected): Sync the currently displayed
recording object and content view, and sync the selected tree element to the displayed timeline subview.

(WebInspector.TimelineSidebarPanel.prototype._timelinesTreeElementSelected): If this is a user action, show the timeline.
(WebInspector.TimelineSidebarPanel.prototype._contentBrowserCurrentContentViewDidChange): Use classList.toggle().
(WebInspector.TimelineSidebarPanel.prototype._recordingCreated): Dynamically add new recordings to the interface.
(WebInspector.TimelineSidebarPanel.prototype._recordingLoaded): Automatically show recordings when they are loaded.
(WebInspector.TimelineSidebarPanel.prototype._recordGlyphClicked): Shift+click will force-create a new recording.
(WebInspector.TimelineSidebarPanel.prototype.initialize): Deleted.

• UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView):
(WebInspector.TimelineView.prototype.get representedObject):

3:28 PM Changeset in webkit [172093] by achristensen@apple.com

• 13 edits in trunk

More work on CMake.
​https://bugs.webkit.org/show_bug.cgi?id=135620

.:
Reviewed by Laszlo Gombos.

• Source/cmake/OptionsMac.cmake:

Use UDIS86 by default on Mac.

Source/JavaScriptCore:
Reviewed by Laszlo Gombos.

• CMakeLists.txt:

Added missing source files.

• PlatformEfl.cmake:
• PlatformGTK.cmake:

Include glib directories and libraries to find glib.h in EventLoop.cpp.

• PlatformMac.cmake:

Moved STATICALLY_LINKED_WITH_WTF definition away from the common CMakeLists
because it should not be defined on Windows.
Added remote inspector source files.

Source/WebCore:
Reviewed by Reviewed by Laszlo Gombos.

• CMakeLists.txt:

Added missing idls.

• PlatformMac.cmake:

Added additional include directories and source files.

• css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
• css/makeSelectorPseudoElementsMap.py:

The Windows distribution of gperf doesn't like single quotes for its key-positions parameters.

• page/Chrome.h:

Compile fix.

3:27 PM Changeset in webkit [172092] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172026. <rdar://problem/17810998>

3:24 PM Changeset in webkit [172091] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172018. <rdar://problem/17837636>

3:18 PM Changeset in webkit [172090] by Lucas Forschler

• 4 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172013. <rdar://problem/17837636>

3:15 PM Changeset in webkit [172089] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172083. <rdar://problem/17849206>

3:12 PM Changeset in webkit [172088] by matthew_hanson@apple.com

• 4 edits in branches/safari-600.1.4-branch/Source

Roll out r172035. <rdar://problem/17869353>

2:56 PM Changeset in webkit [172087] by Brian Burg

• 7 edits in trunk/Source

Web Inspector: ReplayManager shouldn't assume replay status when the inspector is opened
​https://bugs.webkit.org/show_bug.cgi?id=135212

Reviewed by Timothy Hatcher.

Source/WebCore:

The frontend should be able to introspect the session and segment state machines,
currently loaded segment and session identifiers, and replay position.

• inspector/InspectorReplayAgent.cpp:

(WebCore::buildInspectorObjectForSessionState): Added.
(WebCore::buildInspectorObjectForSegmentState): Added.
(WebCore::InspectorReplayAgent::currentReplayState): Added.

• inspector/InspectorReplayAgent.h:
• inspector/protocol/Replay.json: Add currentReplayState query command.
• replay/ReplayController.h: Add some accessors.

Source/WebInspectorUI:

The inspector could be closed and reopened at any point during capturing or replaying.
ReplayManager should query the current state on initialization rather than assuming
that the replay controller is still in its initial state.

ReplayManager's initialization code requires querying the backend for the current replay
state. This could race with replay protocol events that mutate the manager's state before
it is fully initialized, leading to undefined behavior.

To mitigate this, all protocol event handlers (called by ReplayObserver) are wrapped
with a guard that enqueues the callback if initialization is not yet complete. This
queue is implemented via multiple then-chaining of a shared 'initialization' promise
which resolves when initialization completes.

• UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.then):
(WebInspector.ReplayManager.catch):
(WebInspector.ReplayManager): Rewrite the initialization code to first query the replay
state, set the initialization flag to true, and then request and update session records.
The sessions must be loaded after querying initial state because ReplayManager.sessionCreated
requires replay state to be initialized.

(WebInspector.ReplayManager.prototype.get sessionState):
(WebInspector.ReplayManager.prototype.get segmentState):
(WebInspector.ReplayManager.prototype.get activeSessionIdentifier):
(WebInspector.ReplayManager.prototype.get activeSegmentIdentifier):
(WebInspector.ReplayManager.prototype.get playbackSpeed):
(WebInspector.ReplayManager.prototype.set playbackSpeed):
(WebInspector.ReplayManager.prototype.get currentPosition): Add assertions to catch uses of
manager state before the manager is fully initialized.

(WebInspector.ReplayManager.prototype.waitUntilInitialized): Added. It returns a shared promise
that is fulfilled when initialization is complete.

(WebInspector.ReplayManager.prototype.captureStarted):
(WebInspector.ReplayManager.prototype.captureStopped):
(WebInspector.ReplayManager.prototype.playbackStarted):
(WebInspector.ReplayManager.prototype.playbackHitPosition):
(WebInspector.ReplayManager.prototype.playbackPaused):
(WebInspector.ReplayManager.prototype.playbackFinished):
(WebInspector.ReplayManager.prototype.sessionModified):
(WebInspector.ReplayManager.prototype.sessionLoaded):
(WebInspector.ReplayManager.prototype.segmentCompleted.set catch):
(WebInspector.ReplayManager.prototype.segmentCompleted):
(WebInspector.ReplayManager.prototype.segmentRemoved.then):
(WebInspector.ReplayManager.prototype.segmentRemoved):
(WebInspector.ReplayManager.prototype.segmentLoaded): Add initialization guards.

2:41 PM Changeset in webkit [172086] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172006. <rdar://problem/17856494>

2:39 PM Changeset in webkit [172085] by Lucas Forschler

• 12 edits in branches/safari-600.1-branch/Source

Merged r171973. <rdar://problem/17834694>

2:37 PM Changeset in webkit [172084] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171959. <rdar://problem/17671574>

2:33 PM Changeset in webkit [172083] by dino@apple.com

• 2 edits in trunk/Source/WebCore

[iOS] Media controls layout incorrectly in RTL content
​https://bugs.webkit.org/show_bug.cgi?id=135621
<rdar://problem/17849206>

Reviewed by Eric Carlson.

Media controls should always layout in LTR mode, even when the
page content is RTL. There already was a rule to do this on
non-iOS systems, but it wasn't getting included for iOS.
In this case I put the rule on the composited parent of the
controls in order to maintain the padding of the control panel.
This should still leave the captions unaffected.

• Modules/mediacontrols/mediaControlsiOS.css:

(video::-webkit-media-controls-panel-composited-parent): Add direction: ltr.

2:33 PM Changeset in webkit [172082] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171952. <rdar://problem/17850323>

2:31 PM Changeset in webkit [172081] by Lucas Forschler

• 7 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171951. <rdar://problem/17850323>

2:28 PM Changeset in webkit [172080] by Brian Burg

• 7 edits in trunk/Source

Web Replay: rename protocol methods for getting replay session/segment data
​https://bugs.webkit.org/show_bug.cgi?id=135618

Reviewed by Timothy Hatcher.

Source/WebCore:

• inspector/InspectorReplayAgent.cpp:

(WebCore::InspectorReplayAgent::getSessionData):
(WebCore::InspectorReplayAgent::getSegmentData):
(WebCore::InspectorReplayAgent::getSerializedSession): Deleted.
(WebCore::InspectorReplayAgent::getSerializedSegment): Deleted.

• inspector/InspectorReplayAgent.h:
• inspector/protocol/Replay.json:

Source/WebInspectorUI:

• UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.prototype.getSession.get var):
(WebInspector.ReplayManager.prototype.getSegment.get var):

• UserInterface/Models/ReplaySession.js:

(WebInspector.ReplaySession.prototype.segmentsChanged):

2:21 PM Changeset in webkit [172079] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171949. <rdar://problem/17474290>

2:19 PM Changeset in webkit [172078] by Lucas Forschler

• 5 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171946. <rdar://problem/17474290>

2:14 PM Changeset in webkit [172077] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172047. <rdar://problem/17879156>

2:12 PM Changeset in webkit [172076] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171944. <rdar://problem/17879156>

2:10 PM Changeset in webkit [172075] by Lucas Forschler

• 9 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171943. <rdar://problem/17869279>

2:08 PM Changeset in webkit [172074] by Lucas Forschler

• 5 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171940. <rdar://problem/17886998>

2:06 PM Changeset in webkit [172073] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171937. <rdar://problem/17876699>

2:05 PM Changeset in webkit [172072] by Lucas Forschler

• 6 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171928. <rdar://problem/17862013>

2:02 PM Changeset in webkit [172071] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171920. <rdar://problem/17628212>

2:00 PM Changeset in webkit [172070] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171908. <rdar://problem/17872655>

1:58 PM Changeset in webkit [172069] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171895. <rdar://problem/17835345>

1:56 PM Changeset in webkit [172068] by Lucas Forschler

• 3 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171894. <rdar://problem/17874096>

1:54 PM Changeset in webkit [172067] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171932. <rdar://problem/17850323>

1:52 PM Changeset in webkit [172066] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171905. <rdar://problem/17850323>

1:50 PM Changeset in webkit [172065] by Lucas Forschler

• 1 edit
  1 copy in branches/safari-600.1-branch/LayoutTests

Merged r171892. <rdar://problem/17850323>

1:47 PM Changeset in webkit [172064] by Lucas Forschler

• 15 edits
  5 copies
  5 deletes in branches/safari-600.1-branch

Merged r171891. <rdar://problem/17850323>

1:43 PM Changeset in webkit [172063] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171889. <rdar://problem/17614632>

1:37 PM Changeset in webkit [172062] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171887. <rdar://problem/17864139>

1:34 PM Changeset in webkit [172061] by Lucas Forschler

• 15 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171885. <rdar://problem/17865310>

1:31 PM Changeset in webkit [172060] by Lucas Forschler

• 4 edits
  2 copies in branches/safari-600.1-branch

Merged r171882. <rdar://problem/17802531>

1:29 PM Changeset in webkit [172059] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172053. <rdar://problem/17876385>

1:25 PM Changeset in webkit [172058] by Lucas Forschler

• 3 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171881. <rdar://problem/17874168>

1:23 PM Changeset in webkit [172057] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171869. <rdar://problem/17865147>

1:22 PM Changeset in webkit [172056] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merge r172034. <rdar://problem/17864079>

1:20 PM Changeset in webkit [172055] by matthew_hanson@apple.com

• 8 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merge r172031. <rdar://problem/17864079>

1:19 PM Changeset in webkit [172054] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source

Merged r171866. <rdar://problem/17872676>

1:15 PM Changeset in webkit [172053] by Antti Koivisto

• 2 edits in trunk/Source/WebCore

REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
​https://bugs.webkit.org/show_bug.cgi?id=135603
<rdar://problem/17876385>

This hit ASSERT(frame().isMainFrame()) in FrameView::updateLayerFlushThrottling
running scrollbars/scrollbar-iframe-click-does-not-blur-content.html and a few other tests.

• page/FrameView.cpp:

(WebCore::FrameView::setWasScrolledByUser): Only invoke updateLayerFlushThrottling for the main frame.

1:07 PM Changeset in webkit [172052] by matthew_hanson@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172039. <rdar://problem/17876385>

1:07 PM Changeset in webkit [172051] by Lucas Forschler

• 6 edits in branches/safari-600.1-branch/Source

Merged r171866. <rdar://problem/17872082>

1:01 PM Changeset in webkit [172050] by matthew_hanson@apple.com

• 4 edits in branches/safari-600.1.4-branch/Source

Merge r172016. <rdar://problem/17896295>

12:55 PM Changeset in webkit [172049] by matthew_hanson@apple.com

• 4 edits in branches/safari-600.1.4-branch/Source

Merge r172035. <rdar://problem/17869353>

12:53 PM Changeset in webkit [172048] by commit-queue@webkit.org

• 8 edits in trunk/Source

Rename MAC_LONG_PRESS feature flag to LONG_MOUSE_PRESS.
​https://bugs.webkit.org/show_bug.cgi?id=135276

Patch by Peyton Randolph <​prandolph@apple.com> on 2014-08-05
Reviewed by Beth Dakin.

Source/JavaScriptCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebCore:

No new tests. Just a compiler flag.

• Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

• Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

• Configurations/FeatureDefines.xcconfig:

12:36 PM Changeset in webkit [172047] by dino@apple.com

• 2 edits in trunk/Source/WebCore

[Media iOS] Ensure there is a nice default fallback for missing wireless target names
​https://bugs.webkit.org/show_bug.cgi?id=135488
<rdar://problem/17879156>

Reviewed by Antoine Quint.

Antoine found me on iMessage to tell me I'm an idiot and that I've
forgotten how to write JavaScript. Embarrassingly, this code is what
I originally had, but then second-guessed myself.

• Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessPlaybackStatus): No need for the local
variable or conditional statement, since null and "" both evaluate as false.

12:35 PM Changeset in webkit [172046] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171851. <rdar://problem/17719026>

12:32 PM Changeset in webkit [172045] by Lucas Forschler

• 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171292. <rdar://problem/17843592>

12:25 PM Changeset in webkit [172044] by Brian Burg

• 3 edits in trunk/Source/WebInspectorUI

Web Inspector: cannot navigate between multiple applicable dashboards
​https://bugs.webkit.org/show_bug.cgi?id=135130

Reviewed by Timothy Hatcher.

Add navigation arrows between dashboards when multiple dashboards are applicable.
For example, the user should be able to go back to the default dashboard while paused
at a breakpoint. Dashboards form a stack based on when they are first introduced.

• UserInterface/Views/DashboardContainerView.css:

(.toolbar .dashboard): Increase padding-right a bit to make room for arrows.
(.toolbar .dashboard:not(.visible)): Fix a bug where higher dashboards in the dashboard stack
can shine through when animating between two lower dashboards that have transparent background.
This ensures that at most two dashboards (namely, the ones being animated) are displayed.

(.dashboard-container .advance-arrow): Main style class for navigation arrows.
(.dashboard-container .advance-arrow:hover):
(.dashboard-container .advance-arrow:active):
(.dashboard-container .advance-arrow.inactive):
(.toolbar.label-only .dashboard-container .advance-arrow): Make arrows slightly smaller when
the dashboards get shorter.

(.dashboard-container .advance-arrow.advance-forward):
(.dashboard-container .advance-arrow.advance-backward):

• UserInterface/Views/DashboardContainerView.js:

(WebInspector.DashboardContainerView): Arrow styles are updated when a dashboard is shown,
hidden, or closed. When moving away, we dismiss (i.e., set zero opacity) arrows at animation
start. When the animation finishes, redisplay arrows that are applicable for the new dashboard.

(WebInspector.DashboardContainerView.prototype._advanceForwardArrowClicked):
(WebInspector.DashboardContainerView.prototype._advanceBackwardArrowClicked):
(WebInspector.DashboardContainerView.prototype._dismissAdvanceArrows):
(WebInspector.DashboardContainerView.prototype._updateAdvanceArrowVisibility):
(WebInspector.DashboardContainerView.prototype._showDashboardAtIndex): There was a bug here
where it would unconditionally use the same animation direction when showing a dashboard, but
it was hard to spot without arrows that must correlate with the animation direction.

(WebInspector.DashboardContainerView.prototype.animationEnded):
(WebInspector.DashboardContainerView.prototype._showDashboardView):
(WebInspector.DashboardContainerView.prototype._hideDashboardView):
(WebInspector.DashboardContainerView.prototype._closeDashboardView):

12:16 PM Changeset in webkit [172043] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171279. <rdar://problem/17718984>

12:15 PM Changeset in webkit [172042] by Lucas Forschler

• 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171259. <rdar://problem/17718984>

12:13 PM Changeset in webkit [172041] by Lucas Forschler

• 2 edits
  1 add in branches/safari-600.1-branch/Source/JavaScriptCore

Merge patch for <rdar://problem/17887398>

11:48 AM Changeset in webkit [172040] by dburkart@apple.com

• 1 copy in branches/safari-537.78-branch/LayoutTests/fast/js/resources/plugin.js

Fix for layout tests

11:34 AM Changeset in webkit [172039] by Antti Koivisto

• 2 edits in trunk/Source/WebCore

REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
​https://bugs.webkit.org/show_bug.cgi?id=135603
<rdar://problem/17876385>

Reviewed by Andreas Kling.

• page/FrameView.cpp:

(WebCore::determineLayerFlushThrottleState):

Disable throttling after user has scrolled the page.
This is consistent with the speculative tiling. It also gets enabled on first scroll.

(WebCore::FrameView::setWasScrolledByUser):

11:29 AM Changeset in webkit [172038] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebInspectorUI

Web Inspector: shown() called on a content view when stepping over an instruction in the debugger
​https://bugs.webkit.org/show_bug.cgi?id=135311

Patch by Saam Barati <​sbarati@apple.com> on 2014-08-05
Reviewed by Timothy Hatcher.

ContentViewContainer should not repeatedly call ContentView.prototype.shown
on ContentViews that are already visible. ContentViewContainer now passes
a flag to BackForwardEntry.prototype.prepareToShow indicating whether it should
call the shown function on the ContentView it is about to display.
ContentViewContainer.prototype.showBackForwardEntryForIndex passes in this
flag based on its ContentView being visible.

• UserInterface/Models/BackForwardEntry.js:

(WebInspector.BackForwardEntry.prototype.prepareToShow):

• UserInterface/Views/ContentViewContainer.js:

(WebInspector.ContentViewContainer.prototype.showBackForwardEntryForIndex):
(WebInspector.ContentViewContainer.prototype.replaceContentView):
(WebInspector.ContentViewContainer.prototype.closeAllContentViewsOfPrototype):
(WebInspector.ContentViewContainer.prototype.shown):
(WebInspector.ContentViewContainer.prototype._showEntry):

11:27 AM Changeset in webkit [172037] by Lucas Forschler

• 1 edit in branches/safari-537.78-branch/LayoutTests/fast/viewport/viewport-warnings-7.html

Update test for branch.

11:14 AM Changeset in webkit [172036] by commit-queue@webkit.org

• 3 edits
  2 adds in trunk

ASSERTION FAILED: name[0] == '@' && length >= 2 in WebCore::CSSParser::detectAtToken
​https://bugs.webkit.org/show_bug.cgi?id=134632

Source/WebCore:

At-rules must consist of at least two characters: the '@' symbol followed by
an identifier name. The failure of this condition makes the assertion fail.

The length of an at-rule is currently calculated by pointer arithmetic on
the 'result' pointer, which is expected to be set to the end of the at-rule
identifier by the WebCore::*CSSTokenizer::parseIdentifier method.
If the at-rule token is a sequence of 8-bit-only characters then
'result' will point correctly at the end of the identifier. However, if
the at-rule contains a 16-bit Unicode escape then 'result' will not be
updated correctly anymore, hence it cannot be used for length calculation.
The patch makes the parseIdentifier bump the result pointer even in the 16-bit slow case.

Patch by Renata Hodovan, backported from Chromium: ​https://codereview.chromium.org/241053002

Patch by Martin Hodovan <​mhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Darin Adler.

Test: fast/css/atrule-with-escape-character-crash.html

• css/CSSParser.cpp:

(WebCore::CSSParser::realLex):

LayoutTests:

Added test demonstrates that at-rules containing 16-bit Unicode characters
can be handled properly.

Patch by Martin Hodovan <​mhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Darin Adler.

• fast/css/atrule-with-escape-character-crash-expected.txt: Added.
• fast/css/atrule-with-escape-character-crash.html: Added.

10:49 AM Changeset in webkit [172035] by aestes@apple.com

• 4 edits in trunk/Source

[iOS] The raw bytes of an iWork document's PDF preview are displayed rather than the PDF itself
​https://bugs.webkit.org/show_bug.cgi?id=135596

Reviewed by David Kilzer.

Source/WebCore:

Some iWork documents contain pre-rendered PDF previews. When WebKit asks QuickLook to convert such a document,
QuickLook will return this PDF as the converted response. However, until WebKit has sent the document's data to
QuickLook, -[QLPreviewConverter previewResponse] will misleadingly tell WebKit that the converted resource will
be of type 'text/html'. This leads WebKit to render the PDF preview as HTML.

Instead of querying QLPreviewConverter for the previewResponse before we've sent it any data, postpone calling
ResourceLoader::didReceiveResponse until we've begun to receive data via the QLPreviewConverter delegate. At
that point -[QLPreviewConverter previewResponse] will have the correct MIME type and we can call didReceiveResponse.

No new tests. QuickLook is not testable from WebKit.

• platform/network/ios/QuickLook.mm:

(-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): If didReceiveResponse has yet to be
called, call it now with QuickLookHandle::nsResponse().
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]): Assert that didReceiveResponse has been called.
(-[WebResourceLoaderQuickLookDelegate clearHandle]): Cleared the raw pointer to QuickLookHandle.
(WebCore::QuickLookHandle::create): Pointed WebResourceLoaderQuickLookDelegate's quickLookHandle property to
the newly created QuickLookHandle.

Source/WebKit2:

• WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo): If the response will be handled by
QuickLook, do not call ResourceLoader::didReceiveResponse. It will be called later by
WebResourceLoaderQuickLookDelegate once converted data is received.

10:03 AM Changeset in webkit [172034] by ap@apple.com

• 2 edits in trunk/Source/WebKit2

Build fix.

• UIProcess/WebContext.h:

9:46 AM Changeset in webkit [172033] by commit-queue@webkit.org

• 3 edits
  2 adds in trunk

Fixing calc() parameter parsing in cubic-bezier functions
​https://bugs.webkit.org/show_bug.cgi?id=135605

Patch by Renata Hodovan <​rhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Andreas Kling.

Source/WebCore:

Before this patch, calc values in cubic-bezier functions weren't being read correctly
since they were handled as simple floats.

This is a backport of my fix in Blink: ​https://codereview.chromium.org/369313002/

Test: css3/calc/cubic-bezier-with-multiple-calcs-crash.html.html

• css/CSSParser.cpp:

(WebCore::CSSParser::parseCubicBezierTimingFunctionValue):

LayoutTests:

• css3/calc/cubic-bezier-with-multiple-calcs-crash.html-expected.txt: Added.
• css3/calc/cubic-bezier-with-multiple-calcs-crash.html.html: Added.

9:42 AM Changeset in webkit [172032] by jer.noble@apple.com

• 3 edits in trunk/Source/WebCore

[MSE] Seeking occasionally causes many frames to be displayed in "fast forward" mode
​https://bugs.webkit.org/show_bug.cgi?id=135422

Reviewed by Eric Carlson.

Three related fixes:

In reenqueueMediaForTime(), update TrackBuffer.lastEnqueuedPresentationTime when we flush
samples, so that the next time samples are re-enqueued, the starting point for re-enqueueing
is correct.

In sourceBufferPrivateDidReceiveSample(), do not add samples to the decode queue
if they are before the current media time.

When a seek is pending, but samples for the new time is not yet present in the SourceBuffer,
the SourceBufferPrivate may signal that it's ready for new samples through the
sourceBufferPrivateDidBecomeReadyForMoreSamples() method. In this situation, we should not
continue to provideMediaData(), as that will append samples from the prior-to-seeking media
timeline. Since the timeline may have moved forward due to the seek, a decoder may decide to
display those frames as quickly as possible (the "fast forward" behavior) in order to catch
up to the new current time.

If a re-enqueue is pending, don't provide media data in response to being notified that the
SourceBufferPrivate is ready for more samples. Wait until samples for the new current time
are appended.

Also, don't provide media data if we are waiting for a seek to complete.

• Modules/mediasource/MediaSource.h:

(WebCore::MediaSource::isSeeking): Convenience method.

• Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
(WebCore::SourceBuffer::sourceBufferPrivateDidBecomeReadyForMoreSamples):
(WebCore::SourceBuffer::reenqueueMediaForTime):

9:41 AM Changeset in webkit [172031] by oliver@apple.com

• 8 edits in trunk/Source/WebKit2

SSO expects to be able to walk parent application's bundle
​https://bugs.webkit.org/show_bug.cgi?id=135581
<rdar://problem/17864079>

Reviewed by Alexey Proskuryakov.

SSO expects to be able to walk the parent application's
bundle looking for Info plists. To allow this to actually
work we provide an extension from the ui process that
covers the bundle directory, and then in the profile
restrict access to the ability to read directories and
files named Info.plist.

• NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

• Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
• Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

• Shared/Network/NetworkProcessCreationParameters.h:
• UIProcess/WebContext.cpp:

(WebKit::WebContext::ensureNetworkProcess):
(WebKit::WebContext::parentBundleDirectory):

• UIProcess/WebContext.h:
• UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::parentBundleDirectory):

9:38 AM Changeset in webkit [172030] by vivek.vg@samsung.com

• 2 edits in trunk/Tools

[gtk] Include llvm-dev(el) package to satisfy mesa build configuration
​https://bugs.webkit.org/show_bug.cgi?id=135555

Reviewed by Philippe Normand.

Initial setup of gtk on linux requires this package to be installed.
This is required during the build configuration of mesa through jhbuild.

• gtk/install-dependencies:

8:56 AM Performance Tests edited by clopez@igalia.com

Rename PerfTestRunner.runPerSecond to … (diff)

8:16 AM Changeset in webkit [172029] by commit-queue@webkit.org

• 3 edits in trunk/Tools

Fix the commit-log-editor after r167243 and add more unit tests
​https://bugs.webkit.org/show_bug.cgi?id=131727

Patch by Eva Balazsfalvi <​evab.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Csaba Osztrogonác.

• Scripts/commit-log-editor:

(createCommitMessage):
(removeLongestCommonPrefixEndingInNewline):

• Scripts/webkitpy/common/checkout/checkout_unittest.py:

(CommitMessageForThisCommitTest):
(CommitMessageForThisCommitTest.mock_changelog):
(CommitMessageForThisCommitTest.mock_checkout_for_test):
(CommitMessageForThisCommitTest.test_commit_message_for_unreviewed_changelogs_with_different_messages):
(test_commit_message_for_one_reviewed_changelog):
(test_commit_message_for_changelogs_with_same_messages):
(test_commit_message_for_changelogs_with_different_messages):
(test_commit_message_for_one_rollout_changelog):
(test_commit_message_for_rollout_changelogs_with_different_directories):
(setUp): Deleted.
(test_commit_message_for_this_commit): Deleted.

8:15 AM Changeset in webkit [172028] by Chris Fleizach

• 5 edits in trunk

AX: Select text activity should return replaced text instead of previously selected text
​https://bugs.webkit.org/show_bug.cgi?id=135595

Reviewed by Mario Sanchez Prada.

Source/WebCore:
When the select activity API is used to replace text, the replacement string should be returned instead of the old selected text.

Updated existing test: platform/mac/accessibility/select-text.html

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

• platform/mac/accessibility/select-text-expected.txt:
• platform/mac/accessibility/select-text.html:

Aug 4, 2014:

10:09 PM Changeset in webkit [172027] by Chris Fleizach

• 5 edits in trunk

AX: Select activity behavior does not work when an existing range is already selected
​https://bugs.webkit.org/show_bug.cgi?id=135579

Reviewed by Mario Sanchez Prada.

Source/WebCore:
If you have an existing range selected, and try to apply a select and replace operation, like capitalize,
searching for that range will fail because it skips the currently selected range.

For these cases, it seems the best way is to start the search from the start position, rather than relying on the
entire range.

Updated existing test: platform/mac/accessibility/select-text.html

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

• platform/mac/accessibility/select-text-expected.txt:
• platform/mac/accessibility/select-text.html:

8:58 PM Changeset in webkit [172026] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

[MSE][Mac] Seeking past buffered range will not resume playback when seek completes.
​https://bugs.webkit.org/show_bug.cgi?id=135591

Reviewed by Eric Carlson.

If a seek is delayed due to seeking into an unbuffered area, playback will not be restarted
at that point. Instead, playback must resume when enough media data has been added, and
the MediaSource indicates the seek should complete.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekCompleted):

8:57 PM Changeset in webkit [172025] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

[MSE] Videos will report a stall when within 1 frame-duration before the end of a movie.
​https://bugs.webkit.org/show_bug.cgi?id=135586

Reviewed by Eric Carlson.

Under certain circumstances, videos which are within 1/24 seconds before the end of a media stream when
monitorSourceBuffers() is called will fail the hasFutureTime() check. This is because hasFutureTime()
checks whether enough media is buffered to play back at least some time in the future, but when the
current time is close to the duration, not enough data is buffered to satisfy that check.

Add some logic which will break out early when the SourceBuffer has buffered up to and including the
media's duration, and return that the buffer indeed hasFutureTime() available.

• Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::hasFutureTime):

8:40 PM Changeset in webkit [172024] by benjamin@webkit.org

• 5 edits
  2 adds in trunk

Simplify the StyleInvalidation mode of rule collection
​https://bugs.webkit.org/show_bug.cgi?id=135521

Reviewed by Antti Koivisto.

Source/WebCore:
There are two branches where StyleInvalidation code is removed:
-Pseudo elements for shadow dom elements.
-Pseudo elements without dom tree counterpart.

The first can never be hit because StyleInvalidationAnalysis does a complete invalidation
when there is any shadow dom styling involved in the stylesheets.

Even if that branch was hit, not failing on custom pseudo elements would be equivalent
to ignoring those pseudo elements from the Selector. By doing so, we would match elements
that do not have shadow dom and invalidate pretty much everything.

Unlike pseudo elements without real elements, shadow dom elements are not matched separately with a different
context, thus we could generalize StyleInvalidationAnalysis to handle this case.

The second case handle pseudo elements that do not have a real element. That case no longer need to be handled
separately at the filter time, it has become a special case of SelectorChecker::match() after everything else
has matched.

The only condition for this to work is that the Context's pseudoId must be NOPSEUDO. This is the case
in practice since matching specific pseudo types would be a waste of time. ElementRuleCollector::collectMatchingRules()
has a new assertion to enforce that.

Test: fast/css/stylesheet-change-updates-pseudo-elements.html

• css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::collectMatchingRules):

• css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

• cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateRequestedPseudoElementEqualsToSelectorPseudoElement):

LayoutTests:
This test by:
1) Forcing the recalc of the user-agent stylesheet.
2) Wait for the page to finish loading.
3) Add a style changing only pseudo elements without corresponding shadow element.

• fast/css/stylesheet-change-updates-pseudo-elements-expected.html: Added.
• fast/css/stylesheet-change-updates-pseudo-elements.html: Added.

8:25 PM Changeset in webkit [172023] by benjamin@webkit.org

• 15 edits in trunk

Add a flag for the CSS Selectors level 4 implementation
​https://bugs.webkit.org/show_bug.cgi?id=135535

Reviewed by Andreas Kling.

.:

• Source/cmake/OptionsEfl.cmake:
• Source/cmake/OptionsGTK.cmake:
• Source/cmake/WebKitFeatures.cmake:
• Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebCore:

• Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

• Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

• Configurations/FeatureDefines.xcconfig:

WebKitLibraries:

• win/tools/vsprops/FeatureDefines.props:

7:51 PM Changeset in webkit [172022] by commit-queue@webkit.org

• 2 edits in trunk/Tools

[GTK] run-launcher --gtk is broken
​https://bugs.webkit.org/show_bug.cgi?id=135571

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-08-04
Reviewed by Martin Robinson.

• Scripts/webkitdirs.pm:

(builtDylibPathForName): Search for libwebkit2gtk-4.0

7:47 PM Changeset in webkit [172021] by Chris Fleizach

• 3 edits in trunk/Source/WebCore

AX: add AccessibilityObject::computedLabelString() for WebAXI
​https://bugs.webkit.org/show_bug.cgi?id=129939

Reviewed by Mario Sanchez Prada.

Provide a method that the WebKit Inspector can call in order to
display an accessible name for an AX node.

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::accessibilityComputedLabel):

• accessibility/AccessibilityObject.h:

7:01 PM Changeset in webkit [172020] by matthew_hanson@apple.com

• 5 edits in tags/Safari-600.1.2.6/Source

Versioning.

6:54 PM Changeset in webkit [172019] by matthew_hanson@apple.com

• 6 edits in tags/Safari-600.1.2.6

Apply custom patch from ​https://bugs.webkit.org/show_bug.cgi?id=135543

6:39 PM Changeset in webkit [172018] by timothy_horton@apple.com

• 2 edits in trunk/Source/WebCore

Lots of crashes in WebKit1 after r172013.
​https://bugs.webkit.org/show_bug.cgi?id=135582
<rdar://problem/17837636>

Reviewed by Enrica Casucci.

• editing/SelectionRectGatherer.cpp:

(WebCore::SelectionRectGatherer::addRect):
(WebCore::SelectionRectGatherer::addGapRects):
Don't try to do local-to-absolute coordinate conversion if we don't have
a repaint container, which happens a lot in WebKit1.

6:31 PM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com

(diff)

6:28 PM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com

(diff)

6:22 PM Changeset in webkit [172017] by clopez@igalia.com

• 2 edits in trunk/LayoutTests

[GTK] Unreviewed GTK gardening.

• platform/gtk/TestExpectations: Report and mark new failures after 172008 and r172010.

Remove expectations for test that now pass after r171964 (revert of r171957).
Update expectations for new flaky tests.

6:04 PM Changeset in webkit [172016] by benjamin@webkit.org

• 4 edits in trunk/Source

Check for null frame when processing geolocation authorization request
​https://bugs.webkit.org/show_bug.cgi?id=135577
<rdar://problem/17896295>

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2014-08-04
Reviewed by Geoffrey Garen.

Source/WebKit/mac:

• WebCoreSupport/WebGeolocationClient.mm:

(WebGeolocationClient::requestPermission):

Source/WebKit2:
I could have put the null check in GeolocationController instead of the WebKit layer,
but that would be a little weird as GeolocationController knows nothing about how
the WebKit layer decides what to do with requests.

• WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:

(WebKit::GeolocationPermissionRequestManager::startRequestForGeolocation):

5:58 PM Changeset in webkit [172015] by matthew_hanson@apple.com

• 1 copy in tags/Safari-600.1.2.6

New Tag.

5:30 PM Changeset in webkit [172014] by achristensen@apple.com

• 8 edits
  3 adds in trunk

Progress towards CMake on Mac.
​https://bugs.webkit.org/show_bug.cgi?id=135528

Reviewed by Gyuyoung Kim.

.:

• Source/cmake/OptionsMac.cmake:

Made options list based on FeatureDefines.xcconfig files.

Source/JavaScriptCore:

• CMakeLists.txt:

Include necessary directories and copy all necessary forwarding headers.
Only compile UDis86Disassembler.cpp if we're using UDIS86.

• PlatformMac.cmake: Added.
• tools/CodeProfiling.cpp:

Compile fix. Include sys/time.h on darwin, too.

Source/WebCore:

• PlatformMac.cmake: Added.

Source/WTF:

• wtf/CMakeLists.txt:

Include text directory.

• wtf/PlatformMac.cmake: Added.

5:28 PM Changeset in webkit [172013] by timothy_horton@apple.com

• 4 edits in trunk/Source/WebCore

Selection services menu dropdown is in the wrong place when selecting some text on Yelp
​https://bugs.webkit.org/show_bug.cgi?id=135582
<rdar://problem/17837636>

Reviewed by Simon Fraser.

• editing/SelectionRectGatherer.cpp:

(WebCore::SelectionRectGatherer::addRect):
(WebCore::SelectionRectGatherer::addGapRects):
(WebCore::SelectionRectGatherer::addRects): Deleted.
Rename addRects to addGapRects for clarity.
Map rects and gapRects to absolute RenderView coordinates so that
they are in a form WebKit2 can use. Previously they were sometimes
relative to a different repaint container, but that information was
lost when moving through SelectionRectGatherer.

Ideally we would keep selection rects as full quads instead of rects
for more of their life, but that problem is much deeper than just SelectionRectGatherer.

• editing/SelectionRectGatherer.h:

Add a comment clarifying the coordinate space of the stored selection rects.

• rendering/RenderView.cpp:

(WebCore::RenderView::applySubtreeSelection):
Rename addRects to addGapRects for clarity.

4:06 PM Changeset in webkit [172012] by commit-queue@webkit.org

• 2 edits in trunk/Tools

lldb_webkit.py throws exception when generating summary of null StringImpl
​https://bugs.webkit.org/show_bug.cgi?id=129448

Patch by Matt Baker <Matt Baker> on 2014-08-04
Reviewed by Jer Noble.

Added checks for null StringImpl and 0 byte ReadMemory calls.

• lldb/lldb_webkit.py:

(WTFStringImpl_SummaryProvider):
(ustring_to_string):
(lstring_to_string):
(WTFStringImplProvider.to_string):
(WTFStringImplProvider.is_initialized):

3:25 PM Changeset in webkit [172011] by Lucas Forschler

• 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

3:17 PM Changeset in webkit [172010] by Bem Jones-Bey

• 3 edits
  3 adds in trunk

[CSS Shapes] shape-margin not respected when it extends beyond an explicitly set margin
​https://bugs.webkit.org/show_bug.cgi?id=135308

Reviewed by Dean Jackson.

Source/WebCore:
When a zero height line is supplied and the image shape extends into
the margin box (only possible when a shape-margin is supplied), then
only an empty interval was being returned. This patch makes it
properly return the interval for the line in question.

Test: fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html

• rendering/shapes/RasterShape.cpp:

(WebCore::RasterShape::getExcludedIntervals): Handle the zero height
line case.

LayoutTests:
Test case based on the one supplied by Rebecca Hauck in the bug
report.

• fast/shapes/resources/square.png: Added.
• fast/shapes/shape-outside-floats/shape-outside-image-shape-margin-expected.html: Added.
• fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html: Added.

3:04 PM Changeset in webkit [172009] by commit-queue@webkit.org

• 4 edits in trunk/Source/JavaScriptCore

Create a more generic way for VMEntryScope to notify those interested that it will be destroyed
​https://bugs.webkit.org/show_bug.cgi?id=135358

Patch by Saam Barati <​sbarati@apple.com> on 2014-08-04
Reviewed by Geoffrey Garen.

When VMEntryScope is destroyed, and it has a flag set indicating that the
Debugger needs to recompile all functions, it calls Debugger::recompileAllJSFunctions.
This flag is only used by Debugger to have VMEntryScope notify it when the
Debugger is safe to recompile all functions. This patch will substitute this
Debugger-specific recompilation flag with a list of callbacks that are notified
when the outermost VMEntryScope dies. This creates a general purpose interface
for being notified when the VM stops executing code via the event of the outermost
VMEntryScope dying.

• debugger/Debugger.cpp:

(JSC::Debugger::recompileAllJSFunctions):

• runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::addEntryScopeDidPopListener):
(JSC::VMEntryScope::~VMEntryScope):

• runtime/VMEntryScope.h:

(JSC::VMEntryScope::setRecompilationNeeded): Deleted.

3:01 PM Changeset in webkit [172008] by Alan Bujtas

• 7 edits
  2 adds in trunk

Subpixel rendering: InlineTextBox mistakenly rounds offset value before painting.
​https://bugs.webkit.org/show_bug.cgi?id=135470

Reviewed by Simon Fraser.

This patch removes the premature paint offset adjustment for inlines. Premature snapping
could alter the final painting coordinates and push content to wrong positions.

This patch also enforces WebCore's pixel snapping strategy (round) on text painting.
It ensures that text positioning is in sync with other painting related operations including
clipping, box decorations etc. Underlying graphics libraries can take different directions on
text snapping, for example CG ceils text coordinates vertically (in horizontal context,
with the current settings). It can lead to undesired side effects.

Source/WebCore:
Test: fast/inline/hidpi-inline-selection-leaves-gap.html

• rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects): wrong direction used at r171896.

• rendering/SimpleLineLayoutFunctions.cpp: we don't paint vertical content here.

(WebCore::SimpleLineLayout::paintFlow):

LayoutTests:

• fast/inline/hidpi-inline-selection-leaves-gap-expected.html: Added.
• fast/inline/hidpi-inline-selection-leaves-gap.html: Added.
• fast/multicol/newmulticol/multicol-clip-rounded-corners-expected.html:
• fast/multicol/newmulticol/multicol-clip-rounded-corners.html: pixels are distributed properly.

No need to have the special 122px shortened width for col2.

2:58 PM Changeset in webkit [172007] by jer.noble@apple.com

• 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r171992, r171995, & r172000.

The cumulative effect of those revisions was to cause decoding errors when switching resolutions on YouTube.

Reverted changesets:

​https://bugs.webkit.org/show_bug.cgi?id=135422 / ​http://trac.webkit.org/changeset/171992
​https://bugs.webkit.org/show_bug.cgi?id=135424 / ​http://trac.webkit.org/changeset/171995
​https://bugs.webkit.org/show_bug.cgi?id=135572 / ​http://trac.webkit.org/changeset/172000

2:57 PM Changeset in webkit [172006] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Always clear ConsoleClient when Page/WindowShell is destroyed
​https://bugs.webkit.org/show_bug.cgi?id=135569

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2014-08-04
Reviewed by Mark Lam.

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::~ScriptController):
Whenever a window shell goes away, clear the console client.
We did this in clearWindowShell but not before destroying.

2:56 PM Changeset in webkit [172005] by Chris Fleizach

• 5 edits in trunk

AX: isWordEndMatch should allow for multiple word selections
​https://bugs.webkit.org/show_bug.cgi?id=135573

Reviewed by Mario Sanchez Prada.

Source/WebCore:
isWordEndMatch was searching from the beginning of the selected range, which meant
that if the result was multiple words, we'd reject the result.
Instead, we should search from the end of the range, so that we encompass all words.

Modified existing test: platform/mac/accessibility/select-text-should-match-whole-words.html

• editing/TextIterator.cpp:

(WebCore::SearchBuffer::isWordEndMatch):

LayoutTests:

• platform/mac/accessibility/select-text-should-match-whole-words-expected.txt:
• platform/mac/accessibility/select-text-should-match-whole-words.html:

2:25 PM Changeset in webkit [172004] by Lucas Forschler

• 1 delete in tags/Safari-600.1.2.5/safari-600.1.4-branch

Delete incorrect Tag.

2:18 PM Changeset in webkit [172003] by Lucas Forschler

• 1 copy in tags/Safari-600.1.4.5

New Tag.

2:17 PM Changeset in webkit [172002] by Chris Fleizach

• 3 edits
  2 adds in trunk

AX: Secure text fields need to support Search parameterized attributes
​https://bugs.webkit.org/show_bug.cgi?id=135568

Reviewed by Mario Sanchez Prada.

Source/WebCore:

Secure text fields still need to support the fast searching that WebKit exposes, even though they don't support
other parameterized attributes.

Test: platform/mac/accessibility/secure-text-field-supports-fast-search.html

• accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityParameterizedAttributeNames]):

LayoutTests:

• platform/mac/accessibility/secure-text-field-supports-fast-search-expected.txt: Added.
• platform/mac/accessibility/secure-text-field-supports-fast-search.html: Added.

2:13 PM Changeset in webkit [172001] by Lucas Forschler

• 1 copy in tags/Safari-600.1.2.5/safari-600.1.4-branch

New Tag.

1:54 PM Changeset in webkit [172000] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

[MSE] Further fixes for "fast forward" playback after seeking in YouTube behavior.
​https://bugs.webkit.org/show_bug.cgi?id=135572

Reviewed by Eric Carlson.

Two related fixes:

In reenqueueMediaForTime(), update TrackBuffer.lastEnqueuedPresentationTime when we flush samples, so that
the next time samples are re-enqueued, the starting point for re-enqueueing is correct.

In sourceBufferPrivateDidReceiveSample(), do not add samples to the decode queue if they are before the
current media time.

• Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
(WebCore::SourceBuffer::reenqueueMediaForTime):

1:50 PM Changeset in webkit [171999] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Web Inspector: All-caps CSS properties are not shown in Computed pane
​https://bugs.webkit.org/show_bug.cgi?id=133700

Patch by Matt Baker <Matt Baker> on 2014-08-04
Reviewed by Timothy Hatcher.

• inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyle::styleWithProperties):

1:32 PM Changeset in webkit [171998] by Lucas Forschler

• 4 edits
  2 copies in branches/safari-600.1.4-branch

Merged r171882. <rdar://problem/17802531>

10:42 AM Changeset in webkit [171997] by Chris Fleizach

• 5 edits in trunk

AX: SelectText functionality always selects text after current selection even if closer selection is behind it
​https://bugs.webkit.org/show_bug.cgi?id=135546

Reviewed by Mario Sanchez Prada.

Source/WebCore:
Logic was incorrect for comparing ranges found before the current selection.
ASSERT was incorrect for allowed ranges. We need to allow ranges that are right at the boundaries of our found ranges.

Extended existing test: platform/mac/accessibility/select-text.html

• accessibility/AccessibilityObject.cpp:

(WebCore::rangeClosestToRange):

LayoutTests:

• platform/mac/accessibility/select-text-expected.txt:
• platform/mac/accessibility/select-text.html:

10:32 AM Changeset in webkit [171996] by Chris Fleizach

• 5 edits
  2 adds in trunk

AX: AXSelectTextWithCriteriaParameterizedAttribute incorrectly selects the beginning letters of a word
​https://bugs.webkit.org/show_bug.cgi?id=135547

Reviewed by Mario Sanchez Prada.

Source/WebCore:
Allow text search to specify that it wants to match end of words as well as start of words.
This allows select text criteria to match on whole words only.

Test: platform/mac/accessibility/select-text-should-match-whole-words.html

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::rangeOfStringClosestToRangeInDirection):

• editing/FindOptions.h:
• editing/TextIterator.cpp:

(WebCore::SearchBuffer::isWordEndMatch):
(WebCore::SearchBuffer::search):

LayoutTests:

• platform/mac/accessibility/select-text-should-match-whole-words-expected.txt: Added.
• platform/mac/accessibility/select-text-should-match-whole-words.html: Added.

10:26 AM Changeset in webkit [171995] by jer.noble@apple.com

• 3 edits in trunk/Source/WebCore

[MSE] Re-enqueing due to overlapping appended samples can cause stuttering playback
​https://bugs.webkit.org/show_bug.cgi?id=135424

Reviewed by Eric Carlson.

If it become necessary to re-enqueue samples (due to appending overlapping samples which cause
existing samples to be removed), the previous behavior was to flush and re-enqueue the new
samples dependencies; i.e., everything up to and including the previous sync sample. This causes
the decoder to visibly stall while it decodes those non-displaying samples, which could be
a second or more worth of encoded video samples, depending on the frequency of sync samples.

Instead, when we are asked to re-enqueue, we will look for the next occurring sync sample.
If found, we can switch over to the replacement samples at that point in the decode queue.
This limits the overhead of a stream switch, and should allow for a visually seamless switch,
at the cost of having to wait for the next sync sample to occur to affect the switch.

• Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::seekToTime): Clear the decode queue when seeking.
(WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Call reenqueueMediaForCurrentTime.
(WebCore::SourceBuffer::reenqueueMediaForCurrentTime): Switch over to the new stream only

at the next sync sample.

10:23 AM Changeset in webkit [171994] by Chris Fleizach

• 3 edits
  2 adds in trunk

AX: The Dictation command "Replace <phrase> with <phrase>" always capitalizes the replacement string
​https://bugs.webkit.org/show_bug.cgi?id=135557

Reviewed by Mario Sanchez Prada.

Source/WebCore:
When replacing text, we should match the capitalization of the word being replaced
(unless the replacement looks like an abbreviation).

Test: platform/mac/accessibility/find-and-replace-match-capitalization.html

• accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

• platform/mac/accessibility/find-and-replace-match-capitalization-expected.txt: Added.
• platform/mac/accessibility/find-and-replace-match-capitalization.html: Added.

10:19 AM Changeset in webkit [171993] by psolanki@apple.com

• 5 edits in trunk/Source/WebCore

QuickLook resources are cache-replaced with their original binary data causing ASSERT(m_data->size() == newBuffer->size()) in CachedResource.cpp
​https://bugs.webkit.org/show_bug.cgi?id=135548
<rdar://problem/17891321>

Reviewed by David Kilzer.

When loading QuickLook resources, the SharedBuffer in the CachedResource is actually a
converted representation of the real QuickLook resource. Replacing this with the actual
network resource (which is what tryReplaceEncodedData() tried to do) is wrong and triggered
asserts in the code.

Fix this by having CachedRawResource::mayTryReplaceEncodedData() return false if we are
loading a QuickLook resource.

No new tests because we don't have a way to test QuickLook documents.

• loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::ResourceLoader):
(WebCore::ResourceLoader::didCreateQuickLookHandle):

Set a flag to indicate that we are loading a QuickLook document.

• loader/ResourceLoader.h:

(WebCore::ResourceLoader::isQuickLookResource):

• loader/cache/CachedRawResource.cpp:

(WebCore::CachedRawResource::CachedRawResource):
(WebCore::CachedRawResource::finishLoading):

Check if we were loading a QuickLook document and if so disable encoded data
replacement.

• loader/cache/CachedRawResource.h:

Add a new bool field returned by mayTryReplaceEncodedData(). Default is true but it is
set to false in finishLoading() if we were loading QuickLook document.

10:17 AM Changeset in webkit [171992] by jer.noble@apple.com

• 2 edits in trunk/Source/WebCore

[MSE] Seeking occasionally causes many frames to be displayed in "fast forward" mode
​https://bugs.webkit.org/show_bug.cgi?id=135422

Reviewed by Eric Carlson.

When a seek is pending, but samples for the new time is not yet present in the SourceBuffer,
the SourceBufferPrivate may signal that it's ready for new samples through the
sourceBufferPrivateDidBecomeReadyForMoreSamples() method. In this situation, we should not
continue to provideMediaData(), as that will append samples from the prior-to-seeking media
timeline. Since the timeline may have moved forward due to the seek, a decoder may decide to
display those frames as quickly as possible (the "fast forward" behavior) in order to catch
up to the new current time.

If a re-enqueue is pending, don't provide media data in response to being notified that the
SourceBufferPrivate is ready for more samples. Wait until samples for the new current time
are appended.

• Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidBecomeReadyForMoreSamples):

• dom/Document.cpp:

(WebCore::Document::unregisterCollection):

8:08 AM Changeset in webkit [171991] by Carlos Garcia Campos

• 2 edits in trunk/Source/WebCore

[GTK] Install all unstable webkitdom headers
​https://bugs.webkit.org/show_bug.cgi?id=135544

Reviewed by Gustavo Noronha Silva.

We were checking whether generated file existed before they had
been generated.

• PlatformGTK.cmake: Add Unstable.h header for all stable classes

to GObjectDOMBindingsUnstable_INSTALLED_HEADERS and split the
install command for stable and unstable headers making unstable
headers optional.

6:31 AM Changeset in webkit [171990] by Michał Pakuła vel Rutka

• 6 edits
  6 adds in trunk/LayoutTests

Unreviewed EFL gardening

• platform/efl/TestExpectations: Add or update test expectations for failing tests.
• platform/efl/fast/text/international/cjk-segmentation-expected.txt: Added.
• platform/efl/js/dom/global-constructors-attributes-expected.txt: Rebaseline after r167632.
• platform/efl/sputnik/Unicode/Unicode_320/S7.6_A2.2_T2-expected.txt: Added.
• platform/efl/sputnik/Unicode/Unicode_320/S7.6_A5.2_T8-expected.txt: Added.
• platform/efl/svg/text/non-bmp-positioning-lists-expected.png: Rebaseline after r168350 and r168543.
• platform/efl/svg/text/non-bmp-positioning-lists-expected.txt: Ditto.
• platform/efl/transforms/2d/hindi-rotated-expected.txt: Fix baseline.

1:47 AM Changeset in webkit [171989] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

[WinCairo] Compile error in OpenTypeMathData.cpp.
​https://bugs.webkit.org/show_bug.cgi?id=135541

Patch by ​peavo@outlook.com <​peavo@outlook.com> on 2014-08-04
Reviewed by Brent Fulgham.

The SharedBuffer class needs to be defined.
Also, the OpenTypeMathData constructor should be implemented when OPENTYPE_MATH is not enabled.

• platform/graphics/opentype/OpenTypeMathData.cpp:

12:17 AM Changeset in webkit [171988] by zandobersek@gmail.com

• 2 edits in trunk

[GTK] Windowing target support should reflect the support in the GTK+ dependency
​https://bugs.webkit.org/show_bug.cgi?id=134736

Reviewed by Martin Robinson.

• Source/cmake/FindGTK3.cmake: Don't error out if the GTK+ dependency doesn't

support the X11 or Wayland windowing targets -- instead, if there's no support
the specific target is disabled, and an error is thrown only if neither of the
backends is enabled at the end..
For now the X11 target remains enabled by default, and the Wayland target is
kept disabled. Once it's possible to have both targets enabled at runtime in
WebKit, the Wayland target will be enabled as well and we'll leave it to the
GTK+ dependency to determine which targets can be enabled.

12:10 AM Changeset in webkit [171987] by zandobersek@gmail.com

• 1 edit
  1 add in trunk

[CMake] Add FindWayland.cmake
​https://bugs.webkit.org/show_bug.cgi?id=135540

Reviewed by Martin Robinson.

• Source/cmake/FindWayland.cmake: Added. Enables finding the Wayland

dependency. For now bundles the wayland-client, wayland-server and
wayland-egl pkg-config targets into one dependency, but these could
be split in the future if necessary.

12:00 AM Changeset in webkit [171986] by Carlos Garcia Campos

• 2 edits in trunk/Tools

[GTK] Do not include JavaScriptCore stress tests in release tarballs
​https://bugs.webkit.org/show_bug.cgi?id=135503

Reviewed by Martin Robinson.

• gtk/manifest.txt: Exclude Source/JavaScriptCore/tests dir.

Aug 3, 2014:

7:12 PM Changeset in webkit [171985] by ryuan.choi@samsung.com

• 2 edits in trunk

[EFL] Move DATA_INSTALL_DIR to ewebkit2-0
​https://bugs.webkit.org/show_bug.cgi?id=135553

Reviewed by Gyuyoung Kim.

Since WebKit1/Efl is dropped, we don't need to use ewebkit-1 and ewebkit2-1.
And removed WebKit_OUTPUT_NAME variable which is not used anymore on the EFL port.

• Source/cmake/OptionsEfl.cmake:

12:21 PM Changeset in webkit [171984] by mitz@apple.com

• 2 edits in trunk/Source/WebCore

<rdar://problem/17782529> REGRESSION: OS marketing version in iOS Simulator user-agent string is the host OS’s
​https://bugs.webkit.org/show_bug.cgi?id=135549

Reviewed by Mark Rowe.

• platform/cocoa/SystemVersion.mm:

(WebCore::createSystemMarketingVersion): On the iOS Simulator, locate the system Library
directory relative to the Simulator root.

1:16 AM Changeset in webkit [171983] by bshafiei@apple.com

• 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

1:12 AM Changeset in webkit [171982] by bshafiei@apple.com

• 1 copy in tags/Safari-600.1.4.4

New tag.

1:03 AM Changeset in webkit [171981] by bshafiei@apple.com

• 2 edits
  1 add in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged patch for <rdar://problem/17887398>.

12:56 AM Changeset in webkit [171980] by bshafiei@apple.com

• 12 edits in branches/safari-600.1.4-branch/Source

Merged r171973. <rdar://problem/17834694>

12:45 AM Changeset in webkit [171979] by bshafiei@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171959. <rdar://problem/17671574>

12:43 AM Changeset in webkit [171978] by bshafiei@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged r171949. <rdar://problem/17888408>

12:40 AM Changeset in webkit [171977] by bshafiei@apple.com

• 5 edits in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged r171946. <rdar://problem/17888408>

12:37 AM Changeset in webkit [171976] by bshafiei@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merged r171944. <rdar://problem/17879156>

12:34 AM Changeset in webkit [171975] by bshafiei@apple.com

• 9 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171943. <rdar://problem/17869279>

12:28 AM Changeset in webkit [171974] by bshafiei@apple.com

• 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171887. <rdar://problem/17864139>

Aug 2, 2014:

5:03 PM Changeset in webkit [171973] by commit-queue@webkit.org

• 12 edits in trunk/Source

Support both window and view based video fullscreen.
​https://bugs.webkit.org/show_bug.cgi?id=135525

Patch by Jeremy Jones <​jeremyj@apple.com> on 2014-08-02
Reviewed by Simon Fraser.

Source/WebCore:
Presenting in a separate window gives greater flexibility for rotation separately from the app.
Presenting in the same window works better if the interface is rehosted in another process.

• platform/ios/WebVideoFullscreenControllerAVKit.mm:

(-[WebVideoFullscreenController enterFullscreen:]): Use clientRect instead of screenRect.

• platform/ios/WebVideoFullscreenInterfaceAVKit.h: Add m_window and m_parentView.
• platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVVideoLayer setBounds:]): Parent view might not be fullscreen; use window instead.
(WebVideoFullscreenInterfaceAVKit::setupFullscreen): Conditionally create UIWindow and UIViewController for fullscreen.
(WebVideoFullscreenInterfaceAVKit::enterFullscreen): Video, not the container should have black background.
(WebVideoFullscreenInterfaceAVKit::exitFullscreen): Conditionally translate finalRect.
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): Clean up UIWindow and force status bar to correct orientation.
(WebVideoFullscreenInterfaceAVKit::invalidate): Clean up UIWindow.
(WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): Hide window and exit without animation.

• platform/ios/WebVideoFullscreenModelMediaElement.mm:

(WebVideoFullscreenModelMediaElement::setVideoFullscreenLayer): Apply frame, because it may have been set before the layer.

Source/WebKit/mac:
Parenting in the view instead of the window gives the fullscreen implementation more latitude
in how it implements the animation.

• WebView/WebView.mm:

(-[WebView _enterFullscreenForNode:]): Use view instead of window.

Source/WebKit2:
Parenting in the view instead of the window gives the fullscreen implementation more latitude
in how it implements the animation.

• UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID): Use view instead of window.

• WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::clientRectForNode): Use client rect instead of screen rect.
(WebKit::WebVideoFullscreenManager::enterFullscreenForNode): ditto
(WebKit::WebVideoFullscreenManager::exitFullscreenForNode): ditto
(WebKit::screenRectForNode): Deleted.

1:51 PM Changeset in webkit [171972] by benjamin@webkit.org

• 8 edits in trunk/Source/WebCore

Update the SearchFieldResultsButtonElement shadow Pseudo Id when HTMLInputElement's maxResults change
​https://bugs.webkit.org/show_bug.cgi?id=135491

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2014-08-02
Reviewed by Ryosuke Niwa.

Replace the shadowPseudoId() override + manual style invalidation by the generic pseudo ID update.

• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseAttribute):

• html/InputType.cpp:

(WebCore::InputType::maxResultsAttributeChanged):

• html/InputType.h:
• html/SearchInputType.cpp:

(WebCore::SearchInputType::SearchInputType):
(WebCore::updateResultButtonPseudoType):
(WebCore::SearchInputType::maxResultsAttributeChanged):
(WebCore::SearchInputType::createShadowSubtree):
(WebCore::SearchInputType::destroyShadowSubtree):

• html/SearchInputType.h:
• html/shadow/TextControlInnerElements.cpp:

(WebCore::SearchFieldResultsButtonElement::shadowPseudoId): Deleted.

• html/shadow/TextControlInnerElements.h:

1:47 PM Changeset in webkit [171971] by benjamin@webkit.org

• 3 edits in trunk/Source/WebCore

Add warnings for the buggy implementations of shadowPseudoId()
​https://bugs.webkit.org/show_bug.cgi?id=135477

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2014-08-02
Reviewed by Ryosuke Niwa.

Dean is going to look into fixing media element styling.
In the meantime, add warnings to prevent this from spreading.

• dom/Element.h:
• html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::shadowPseudoId):

11:35 AM Changeset in webkit [171970] by Brent Fulgham

• 2 edits in trunk/Source/ThirdParty/ANGLE

[Win] Unreviewed build fix.

• src/libGLESv2/renderer/d3d11/BufferStorage11.cpp:

(rx::BufferStorage11::copyData): Help compiler make
decision about types.

11:04 AM Changeset in webkit [171969] by dfarler@apple.com

• 5 edits in trunk/Tools

build-webkittestrunner doesn't build the app target for iOS SDKs
​https://bugs.webkit.org/show_bug.cgi?id=135433

Reviewed by Dan Bernstein.

• Scripts/build-dumprendertree: Build the app target on iOS.
• Scripts/build-webkittestrunner: Build the app target on iOS.
• Scripts/webkitdirs.pm: Add -sdk flags when building for iOS.

(buildXCodeProject):

• Scripts/webkitpy/port/ios.py: Use --sdk flags instead of SDKROOT.

(IOSSimulatorPort._build_driver_flags):

11:03 AM Changeset in webkit [171968] by dfarler@apple.com

• 2 edits
  1 delete in trunk/Tools

Remove iOS Perl DumpRenderTree support target
​https://bugs.webkit.org/show_bug.cgi?id=135271

Reviewed by Dan Bernstein.

• DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj: Remove the target.
• DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupport.c: Removed.
• DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupportPregenerated.pm: Removed.
• DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupport_wrapPregenerated.c: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/Changes: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/IPhoneSimulatorNotification.xs: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/MANIFEST: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/Makefile.PL: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/README: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/lib/IPhoneSimulatorNotification.pm: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/ppport.h: Removed.
• DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/t/IPhoneSimulatorNotification.t: Removed.
• DumpRenderTree/ios/PerlSupport/Makefile: Removed.

11:01 AM Changeset in webkit [171967] by dfarler@apple.com

• 1 edit
  1 delete in trunk/Tools

Remove old-run-webkit-tests
​https://bugs.webkit.org/show_bug.cgi?id=135374

Reviewed by Csaba Osztrogonác.

• Scripts/old-run-webkit-tests: Removed.

10:34 AM Changeset in webkit [171966] by mitz@apple.com

• 2 edits in trunk/Tools

prepare-ChangeLog --no-write shouldn’t require ChangeLog to exist
​https://bugs.webkit.org/show_bug.cgi?id=135542

Reviewed by Tim Horton.

• Scripts/prepare-ChangeLog:

(main): Pass $writeChangeLogs for the new requireChangeLogToExist parameter of
findChangeLogs.
(findChangeLogs): Don’t require a ChangeLog file to exist if unless the
requireChangeLogToExist argument is true.