Timeline



May 15, 2015:

11:42 PM Changeset in webkit [184431] by rniwa@webkit.org
  • 3 edits in trunk/Tools

run_benchmark should have an option to specify the number of runs
https://bugs.webkit.org/show_bug.cgi?id=145091

Reviewed by Stephanie Lewis.

Added --count option.

  • Scripts/run-benchmark:

(main):

  • Scripts/webkitpy/benchmark_runner/benchmark_runner.py:

(BenchmarkRunner.init):

9:24 PM Changeset in webkit [184430] by Simon Fraser
  • 4 edits
    2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

Re-land r184421 with a fix to check against rects.coverageRect
rather than the stale m_coverageRect.

Test: compositing/visible-rect/backing-change-height-from-zero.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump):

LayoutTests:

Re-land.

  • compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
  • compositing/visible-rect/backing-change-height-from-zero.html: Added.
8:47 PM Changeset in webkit [184429] by Matt Baker
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: empty timeline should not use previous timeline's zoom interval
https://bugs.webkit.org/show_bug.cgi?id=132754

Reviewed by Joseph Pecoraro.

When a timeline recording is started in response to a provisional load, TimelineManager should check whether
the main resource url is changing before loading a new timeline recording. If the main resource is changing,
set the selection start, selection duration, and duration-per-pixel settings of the TimelineOverview to their
default values.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager):
(WebInspector.TimelineManager.prototype.isCapturingPageReload):
(WebInspector.TimelineManager.prototype.capturingStopped):
(WebInspector.TimelineManager.prototype.pageDidLoad):
(WebInspector.TimelineManager.prototype._startAutoCapturing):
Added a property for checking whether auto capture was triggered by a page reload.

  • UserInterface/Views/LinearTimelineOverview.js:

(WebInspector.LinearTimelineOverview):
Increase default selection time to 15 seconds.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
Reset selection and zoom if TimelineManager isn't capturing in response to a page reload.

(WebInspector.TimelineOverview.prototype.reset):
Reset selection and zoom.

(WebInspector.TimelineOverview.prototype._timeRangeSelectionChanged):
(WebInspector.TimelineOverview.prototype._resetSelection):
Added a helper function for resetting selection and zoom to their default values.

8:46 PM Changeset in webkit [184428] by Matt Baker
  • 2 edits in trunk/Source/WebCore

Web Inspector: REGRESSION (r181625): Timeline recording started from console.profile is always empty
https://bugs.webkit.org/show_bug.cgi?id=144882

Reviewed by Joseph Pecoraro.

A timeline recording will always be stopped before the end of the current run loop is observed. Before
dispatching the recording stopped event, any events that are currently in progress should be considered
complete and sent to the frontend.

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStop):

8:00 PM Changeset in webkit [184427] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Timeline data grid displays wrong records after switching between Timelines/Frames mode
https://bugs.webkit.org/show_bug.cgi?id=145084

Reviewed by Timothy Hatcher.

Update timeline sidebar filter whenever the view mode changes.

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if.get if):
(WebInspector.TimelineSidebarPanel.get else):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject):

7:31 PM Changeset in webkit [184426] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Bump image format number to force image regeneration
https://bugs.webkit.org/show_bug.cgi?id=145074

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Base/ImageUtilities.js:
7:24 PM Changeset in webkit [184425] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Don't reset the preview recognizer in [WKContentViewInteraction cleanupInteraction]
https://bugs.webkit.org/show_bug.cgi?id=145081

We shouldn't reset the recognizer in [WKContentViewInteraction cleanupInteraction] since we don't re-add it
back to WKContentView when the process relaunched. Since we already add/remove it when the view is move into/
removed from the window, we don't need reset it in cleanupInteraction.

Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2015-05-15
Reviewed by Dan Bernstein.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView cleanupInteraction]):

6:46 PM Changeset in webkit [184424] by mmaxfield@apple.com
  • 1 edit
    2 adds in trunk/LayoutTests

Test the interaction between font-family and font-weight
https://bugs.webkit.org/show_bug.cgi?id=145078

Reviewed by Dean Jackson.

This test is designed to test the interaction between font-family and font-weight. In particular,
our implementation of font-family accepts PostScript names, which may name a font with a particular
weight. However, there is another CSS property, font-weight, in which the author may also name a
particular weight. Our font selection algorithm takes both of these signals into account when
choosing fonts.

There is currently no good way in JavaScript to find the actual font chosen for some text.
Therefore, the best way to test this aspect of the font selection algorithm is to dump the render
tree, therefore testing glyph advances (which are a property of font weight).

  • platform/mac/fast/text/font-weights-expected.txt: Added.
  • platform/mac/fast/text/font-weights.html: Added.
6:37 PM Changeset in webkit [184423] by commit-queue@webkit.org
  • 4 edits
    2 deletes in trunk

Unreviewed, rolling out r184421.
https://bugs.webkit.org/show_bug.cgi?id=145087

Introduced 42 layout test failures (Requested by rniwa on
#webkit).

Reverted changeset:

"REGRESSION (r183300): Background missing on top links on
apple.com"
https://bugs.webkit.org/show_bug.cgi?id=145079
http://trac.webkit.org/changeset/184421

5:21 PM Changeset in webkit [184422] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r181910): WKWebView incorrectly scales snapshot
https://bugs.webkit.org/show_bug.cgi?id=145076

Patch by James Savage <James Savage> on 2015-05-15
Reviewed by Tim Horton.

We added a fast path to snapshotting using IOSurfaces with
http://trac.webkit.org/changeset/181910 which incorrectly determined
scale and transform and resulted in bad snapshots in some situations.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _snapshotRect:intoImageOfWidth:completionHandler:]):
When snapshotting an IOSurface we need to compute our scale based off of
the rect in the WKWebView coordinates, we also failed to account for
non-zero origins in the snapshot rect. Remove an unused varible while
we're here.

4:29 PM Changeset in webkit [184421] by Simon Fraser
  • 4 edits
    2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

GraphicsLayerCA::setVisibleAndCoverageRects() only set the m_intersectsCoverageRect
flag if the coverage rect changed, but it doesn't if you simply change the size of
the layer.

Instead, always re-evaluate the intersection, and set the CoverageRectChanged bit
if it changes.

Test: compositing/visible-rect/backing-change-height-from-zero.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump): Don't skip any layers in a
debug layer dump, to assist debugging.

LayoutTests:

Composited box that toggles to a non-zero height and dumps layers.

  • compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
  • compositing/visible-rect/backing-change-height-from-zero.html: Added.
3:55 PM Changeset in webkit [184420] by weinig@apple.com
  • 13 edits
    2 adds in trunk

Move HTMLElement's children property to ParentNode
https://bugs.webkit.org/show_bug.cgi?id=145072

Reviewed by Chris Dumez.

Source/WebCore:

Match the latest DOM standard and other browsers by moving the children property
to ParentNode, thus exposing it on Element, Document and DocumentFragment.

Test: fast/dom/ParentNode-children.html

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::children):
Moved implementation from HTMLElement to here.

(WebCore::ContainerNode::ensureCachedHTMLCollection):
(WebCore::ContainerNode::cachedHTMLCollection):
Moved implementation from Element to here so that ContainerNode::children
can use it.

(WebCore::ContainerNode::firstElementChild):
(WebCore::ContainerNode::lastElementChild):
(WebCore::ContainerNode::childElementCount):
Remove unnecessary assertions.

  • dom/ContainerNode.h:

Moved declarations from HTMLElement and Element to here.

  • dom/Element.cpp:

(WebCore::Element::ensureCachedHTMLCollection): Deleted.
(WebCore::Element::cachedHTMLCollection): Deleted.

  • dom/Element.h:

Moved to ContainerNode.

  • dom/Node.cpp:

(WebCore::Node::previousElementSibling):
(WebCore::Node::nextElementSibling):
Remove unnecessary assertions.

  • dom/ParentNode.idl:

Moved the children property here from HTMLElement.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::children): Deleted.

  • html/HTMLElement.h:

Moved to ContainerNode.

  • html/HTMLElement.idl:

Get rid of the children property for all bindings except Objective-C which needs
to keep it to avoid changing the public API.

LayoutTests:

  • fast/dom/ParentNode-children-expected.txt: Added.
  • fast/dom/ParentNode-children.html: Added.

Test children on Element, Document and DocumentFragment.

  • fast/dom/xmlserializer-serialize-to-string-exception-expected.txt:

Update results since document.children is no longer undefined.

  • js/dom/dom-static-property-for-in-iteration-expected.txt:

Update results.

3:10 PM WindowsWithoutCygwin edited by mmaxfield@apple.com
(diff)
2:59 PM Changeset in webkit [184419] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

WebCore ASan debug build fails. ERROR: WebCore has a weak external symbol in it.
https://bugs.webkit.org/show_bug.cgi?id=145070

Reviewed by David Kilzer.

Build fix.

  • Configurations/WebCore.unexp:
2:36 PM Changeset in webkit [184418] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Reduce type annotation update frequency
https://bugs.webkit.org/show_bug.cgi?id=145066

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Controllers/TypeTokenAnnotator.js:

Reduce the frequency which could commonly be 16-24ms
to a minimum of 100ms and maximum of 2000ms.

2:31 PM Changeset in webkit [184417] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Prefix force on MouseEvent and add constants for click and force click values
https://bugs.webkit.org/show_bug.cgi?id=145065
-and corresponding-
rdar://problem/20770052

Reviewed by Tim Horton.

(WebCore::MouseEvent::webkitForce):

  • dom/MouseEvent.idl:
2:30 PM Changeset in webkit [184416] by jer.noble@apple.com
  • 8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

  • html/HTMLMediaElement.h:
  • rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

  • rendering/RenderMedia.h:

Drive-by fixes:

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

2:11 PM Changeset in webkit [184415] by fpizlo@apple.com
  • 11 edits
    2 adds
    2 deletes in trunk/Source/JavaScriptCore

Insert store barriers late so that IR transformations don't have to worry about them
https://bugs.webkit.org/show_bug.cgi?id=145015

Reviewed by Geoffrey Garen.

We have had three kinds of bugs with store barriers. For the sake of discussion we say
that a store barrier is needed when we have something like:

base.field = value


  • We sometimes fail to realize that we could remove a barrier when value is a non-cell. This might happen if we prove value to be a non-cell even though in the FixupPhase it wasn't predicted non-cell.


  • We sometimes have a barrier in the wrong place after object allocation sinking. We might sink an allocation to just above the store, but that puts it just after the StoreBarrier that FixupPhase inserted.


  • We don't remove redundant barriers across basic blocks.


This comprehensively fixes these issues by doing store barrier insertion late, and
removing the store barrier elision phase. Store barrier insertion uses an epoch-based
algorithm to determine when stores need barriers. Briefly, a barrier is not needed if
base is in the current GC epoch (i.e. was the last object that we allocated or had a
barrier since last GC) or if base has a newer GC epoch than value (i.e. value would have
always been allocated before base). We do conservative things when merging epoch state
between basic blocks, and we only do such inter-block removal in the FTL. FTL also
queries AI to determine what type we've proved about value, and avoids barriers when
value is not a cell. FixupPhase still inserts type checks on some stores, to maximize
the likelihood that this AI-based removal is effective.

(JSC::DFG::BlockMap::at):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):

  • dfg/DFGEpoch.h:

(JSC::DFG::Epoch::operator<):
(JSC::DFG::Epoch::operator>):
(JSC::DFG::Epoch::operator<=):
(JSC::DFG::Epoch::operator>=):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::speculateForBarrier):
(JSC::DFG::FixupPhase::insertStoreBarrier): Deleted.

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGStoreBarrierElisionPhase.cpp: Removed.
  • dfg/DFGStoreBarrierElisionPhase.h: Removed.
  • dfg/DFGStoreBarrierInsertionPhase.cpp: Added.

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

  • dfg/DFGStoreBarrierInsertionPhase.h: Added.
2:10 PM Changeset in webkit [184414] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[ARM64] Do not fail branchConvertDoubleToInt32 when the result is zero and not negative zero
https://bugs.webkit.org/show_bug.cgi?id=144976

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-15
Reviewed by Michael Saboff.

Failing the conversion on zero is pretty dangerous as we discovered on x86.

This patch does not really impact performance significantly because
r184220 removed the zero checks from Kraken. This patch is just to be
on the safe side for cases not covered by existing benchmarks.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):

1:48 PM Changeset in webkit [184413] by achristensen@apple.com
  • 5 edits in trunk/Source

[Content Extensions] Fail to load old content extension files
https://bugs.webkit.org/show_bug.cgi?id=145027

Reviewed by Eric Carlson.

Source/WebCore:

  • contentextensions/DFABytecode.h:

Source/WebKit2:

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::openAndMapContentExtension):

  • UIProcess/API/APIUserContentExtensionStore.h:
1:47 PM Changeset in webkit [184412] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Remove unnecessary forward declarations in PropertyNameArray.h.
https://bugs.webkit.org/show_bug.cgi?id=145058

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Andreas Kling.

No new tests, no behavior change.

  • runtime/PropertyNameArray.h:
1:47 PM Changeset in webkit [184411] by commit-queue@webkit.org
  • 11 edits in trunk/Source/WebInspectorUI

Web Inspector: Fix some possible event listener leakers in content views
https://bugs.webkit.org/show_bug.cgi?id=145068

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

Now that some content views can be closed that weren't closable before, ensure
we clean up after global event listeners that may strongly reference "this".

  • UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView.prototype.closed):

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline.prototype.close):

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView.prototype.closed):

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView.prototype.closed):

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView.prototype.closed):

  • UserInterface/Views/ScriptContentView.js:

(WebInspector.ScriptContentView.prototype.closed):

  • UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView.prototype.closed):

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.close):

  • UserInterface/Views/TextResourceContentView.js:

(WebInspector.TextResourceContentView.prototype.closed):

  • UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid.prototype.closed):
(WebInspector.TimelineDataGrid.prototype.handleEvent):

1:45 PM Changeset in webkit [184410] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Initiator Popovers no longer work in Layout Timeline
https://bugs.webkit.org/show_bug.cgi?id=145067

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayoutTimelineDataGrid.js:

(WebInspector.LayoutTimelineDataGrid.prototype.callFramePopoverAnchorElement):
Update the column name, which changed in r183134.

1:45 PM Changeset in webkit [184409] by timothy_horton@apple.com
  • 2 edits in trunk/Tools

Temporarily disable failing API test.

  • TestWebKitAPI/Tests/WebKit2ObjC/ActionMenus.mm:

(TestWebKitAPI::TEST):

1:21 PM Changeset in webkit [184408] by rniwa@webkit.org
  • 4 edits in branches/safari-600.7-branch/Tools

Merge r182018 and r181280.

2015-03-26 Jer Noble <jer.noble@apple.com>

Add --allowed-host support to run-webkit-tests
https://bugs.webkit.org/show_bug.cgi?id=142938

Reviewed by Brent Fulgham.

Accept --allowed-host arguments from run-webkit-tests and pass them through to
DumpRenderTree and WebKitTestRunner.

Drive-by fix: Depending on the value of the --layout-test-dir parameter, layout test results
are placed in the wrong location. The argument is compared with each tests's path, and if a
relative path or a path with '..' was used, results are placed alongside the test. Take the
absolute path of the --layout-test-dir argument, collapsing path components like '..'.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
  • Scripts/webkitpy/port/base.py: (Port.init): (Port.allowed_hosts):
  • Scripts/webkitpy/port/driver.py: (Driver.cmd_line):

2015-03-06 Jer Noble <jer.noble@apple.com>

Add an option to run-webkit-tests to override the LayoutTests/ directory
https://bugs.webkit.org/show_bug.cgi?id=142418

Reviewed by David Kilzer.

Add an arugment to run-webkit-tests which, when set, overrides the port's default LayoutTests
directory. The base port will parse the options during initialization and store the override
location if present. layout_tests_dir() will return this overridden location if set.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
  • Scripts/webkitpy/port/base.py: (Port.init): (Port.layout_tests_dir):
1:02 PM Changeset in webkit [184407] by mark.lam@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

JSArray::setLength() should reallocate instead of zero-filling if the reallocation would be small enough.
https://bugs.webkit.org/show_bug.cgi?id=144622

Reviewed by Geoffrey Garen.

When setting the array to a new length that is shorter, we now check if it is worth
just making a new butterfly instead of clearing out the slots in the old butterfly
that resides beyond the new length. If so, we will make a new butterfly instead.

There is no perf differences in the benchmark results. However, this does benefit
the perf of pathological cases where we need to shorten the length of a very large
array, as is the case in tests/mozilla/js1_5/Array/regress-101964.js. With this
patch, we can expect that test to complete in a short time again.

  • runtime/JSArray.cpp:

(JSC::JSArray::setLength):

  • runtime/JSObject.cpp:

(JSC::JSObject::reallocateAndShrinkButterfly):

  • makes a new butterfly with a new shorter length.
  • runtime/JSObject.h:
  • tests/mozilla/js1_5/Array/regress-101964.js:
  • Undo this test change since this patch will prevent us from spending a lot of time clearing a large butterfly.
1:02 PM Changeset in webkit [184406] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Add clang pragmas to ignore

deprecation warnings.

12:30 PM Changeset in webkit [184405] by basile_clement@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

DFGLICMPhase shouldn't create NodeOrigins with forExit but without semantic
https://bugs.webkit.org/show_bug.cgi?id=145062

Reviewed by Filip Pizlo.

We assert in various places (including NodeOrigin::isSet()) that a
NodeOrigin's semantic and forExit must be either both set, or both
unset. However, LICM'ing a node with unset NodeOrigin would only set
forExit, and leave semantic unset. This can for instance happen when a
Phi node is constant-folded into a JSConstant, which in turn gets
LICM'd.

This patch changes DFGLICMPhase to set the NodeOrigin's semantic in
addition to its forExit if semantic was previously unset.

It also adds two validators to DFGValidate.cpp:

  • In both SSA and CPS form, a NodeOrigin semantic and forExit must be either both set or both unset
  • In CPS form, all nodes must have a set NodeOrigin forExit (this is the CPS counterpart to the SSA validator that checks that all nodes must have a set NodeOrigin except possibly for a continuous chunk of nodes at the top of a block)
  • dfg/DFGLICMPhase.cpp:

(JSC::DFG::LICMPhase::attemptHoist):

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::validateCPS):

12:12 PM Changeset in webkit [184404] by commit-queue@webkit.org
  • 6 edits in trunk/Source

Limit alternate fullscreen with linked on or after.
https://bugs.webkit.org/show_bug.cgi?id=144894

Patch by Jeremy Jones <jeremyj@apple.com> on 2015-05-15
Reviewed by Dean Jackson.

Source/WebCore:

  • platform/ios/WebCoreSystemInterfaceIOS.h: add new wkIOSSystemVersion

Source/WebKit/mac:

  • WebView/WebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WebView _preferencesChanged:]):

Source/WebKit2:

  • UIProcess/API/Cocoa/WKWebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WKWebView initWithFrame:configuration:]):

12:07 PM Changeset in webkit [184403] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed. Revert part of r184361.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):
HI wants the buttons flipped.

11:44 AM Changeset in webkit [184402] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix trivial typo in TextEncodingDetectorICU.cpp.
https://bugs.webkit.org/show_bug.cgi?id=145055

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change..

  • platform/text/TextEncodingDetectorICU.cpp:

(WebCore::detectTextEncoding):

11:41 AM Changeset in webkit [184401] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Cyrillic top-level domains are displayed as punycode
https://bugs.webkit.org/show_bug.cgi?id=145024
rdar://problem/17747133
rdar://problem/14116594

Reviewed by Tim Horton.

Handling each TLD in code is annoying, but we can probably survive like this
for a few more years, and maybe we'll think of an entirely different way to deal
with non-ASCII domain labels in the meanwhile.

  • platform/mac/WebCoreNSURLExtras.mm:

(WebCore::isSecondLevelDomainNameAllowedByTLDRules):
(WebCore::allCharactersAllowedByTLDRules):

11:40 AM Changeset in webkit [184400] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Cursor is displayed after full screen video controls fade away.
https://bugs.webkit.org/show_bug.cgi?id=145034.
<rdar://problem/20458604>

Reviewed by Jer Noble.

  • Modules/mediacontrols/mediaControlsApple.css:

(video::-webkit-media-controls-panel):
Unnecessary cursor style is on the control panel while hidden but
the cursor will already be hidden anyways from being auto-hidden.
Causes style to change when controls are hidden,
which causes the cursor to reappear.

11:25 AM Changeset in webkit [184399] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2][Cocoa] Back swipe tab snapshot takes a long time to be removed on bing.com
https://bugs.webkit.org/show_bug.cgi?id=145061
<rdar://problem/20939743>

Reviewed by Tim Horton.

When swiping back from a video search result to the list of video
search results on bing.com, the back swipe gesture tab snapshot takes
~3 seconds to be removed, even though the page gets loaded almost
instantly from PageCache. The tab snapshot should be removed as soon as
the load is done.

The issue is that we only cleared the back swipe gesture tab snapshot
after PageClient::didFinishLoadForMainFrame() has been called. However,
PageClient::didFinishLoadForMainFrame() was only being called by
WebPageProxy if the main frame loaded *without* error. In case the main
frame loaded with an error, only WebPageProxy::didFailLoadForFrame() is
called, not WebPageProxy::didFinishLoadForFrame() and we would fail to
remove the gesture snapshot until the 3 seconds timeout.

This patch calls PageClient::didFinishLoadForMainFrame() from
WebPageProxy::didFailLoadForFrame() so we remove the snapshot in the
error case as well.

The reason didFailLoadForFrame() is being called on bing.com video
search results is because a "ping" load is aborted when the page is
entering PageCache. Aborting any kind of resource load sets a
"cancellation" error on the main document.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFailLoadForFrame):

11:21 AM Changeset in webkit [184398] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove an unused declaration.

  • dfg/DFGSpeculativeJIT.h:
11:09 AM Changeset in webkit [184397] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Remove unused constant-base and constant-value store barrier code in the DFG
https://bugs.webkit.org/show_bug.cgi?id=145039

Reviewed by Andreas Kling.

Just killing dead code.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Deleted.
(JSC::DFG::SpeculativeJIT::writeBarrier): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

10:58 AM Changeset in webkit [184396] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Checkmark on OFF option of captions sometimes does not appear.
https://bugs.webkit.org/show_bug.cgi?id=145060.
<rdar://problem/19388333>

Reviewed by Eric Carlson.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.buildCaptionMenu):
Audio tracks don’t have an OFF option.
Remove related code to allow OFF option for subtitles to work properly.

10:39 AM Changeset in webkit [184395] by Alan Bujtas
  • 17 edits
    2 adds in trunk

White edge on animating panel on http://rokkosunnyvale.com
https://bugs.webkit.org/show_bug.cgi?id=144986
rdar://problem/20907683

Reviewed by Simon Fraser.

Background image geometry calculation needs to be based on the final painting size of the container
in order to accurately compute tile sizes, repeating positions etc.
The container's size is pixelsnapped at painting using absolute coordinates. This patch
ensures that we snap to the same size while computing background geometry.

Source/WebCore:

Test: fast/images/background-image-size-changes-fractional-position.html

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::paintBoxDecorations):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::paintBoxDecorations):
(WebCore::RenderBox::paintBackground):
(WebCore::RenderBox::getBackgroundPaintedExtent):
(WebCore::RenderBox::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderBox::maskClipRect):
(WebCore::RenderBox::repaintLayerRectsForImage): unable to get absolute coords.

  • rendering/RenderBox.h:
  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintFillLayerExtended):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
(WebCore::RenderBoxModelObject::getGeometryForBackgroundImage):
(WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground):

  • rendering/RenderBoxModelObject.h:
  • rendering/RenderFieldset.cpp:

(WebCore::RenderFieldset::paintBoxDecorations):

  • rendering/RenderImage.cpp:

(WebCore::RenderImage::boxShadowShouldBeAppliedToBackground):
(WebCore::RenderImage::computeBackgroundIsKnownToBeObscured):

  • rendering/RenderImage.h:
  • rendering/RenderLayer.cpp: unable to get absolute coords.

(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundImage): currently not used.

  • rendering/RenderObject.h:

(WebCore::RenderObject::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderObject::backgroundIsKnownToBeObscured):

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::paintBoxDecorations):

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::boxShadowShouldBeAppliedToBackground):

  • rendering/RenderTableCell.h:

LayoutTests:

  • fast/backgrounds/hidpi-bitmap-background-repeat-on-subpixel-position-expected.html: progression.
  • fast/images/background-image-size-changes-fractional-position-expected.html: Added.
  • fast/images/background-image-size-changes-fractional-position.html: Added.
10:15 AM Changeset in webkit [184394] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count
https://bugs.webkit.org/show_bug.cgi?id=145042

Reviewed by David Hyatt.

RenderFlowThread previously used a ListHashSet to store its stack of active objects. This
is problematic because, if the same object is pushed twice, only a single entry of that
object is added to the stack. After this occurs, a matching number of pushes will pop too
many items off the stack, causing a crash when popping a stack with zero items. This
specifically happens in FrameView::layout(), which will push its root renderer on the stack
of active items, and then ask the root to layout(), which will attempt to push itself on the
stack of active items.

Instead of a ListHashSet, use a Vector, which has similar memory characteristics and no
uniqueness requirements.

  • rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::pushFlowThreadLayoutState):
(WebCore::RenderFlowThread::popFlowThreadLayoutState):

  • rendering/RenderFlowThread.h:
9:46 AM Changeset in webkit [184393] by mitz@apple.com
  • 2 edits in trunk/Source/WTF

Build fix for some versions of clang.

  • wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

8:32 AM Changeset in webkit [184392] by commit-queue@webkit.org
  • 2 edits
    1 add in trunk/LayoutTests

[GTK] Gardening 15th May.
https://bugs.webkit.org/show_bug.cgi?id=145047

Unreviewed.

Patch by Marcos Chavarría Teijeiro <mchavarria@igalia.com> on 2015-05-15

  • platform/gtk/TestExpectations:
  • platform/gtk/fast/events/ghostly-mousemoves-in-subframe-expected.txt: Added.
6:53 AM Changeset in webkit [184391] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.8.3

WebKitGTK+ 2.8.3

6:52 AM Changeset in webkit [184390] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.3 release.

.:

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.8.3.
6:50 AM Changeset in webkit [184389] by peavo@outlook.com
  • 3 edits in trunk/Source/WebCore

[Curl] WebSocket platform part is not implemented.
https://bugs.webkit.org/show_bug.cgi?id=144628

Reviewed by Darin Adler.

Add Curl platform code implementation for WebSockets.

  • platform/network/curl/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):
(WebCore::SocketStreamHandle::SocketData::SocketData):

  • platform/network/curl/SocketStreamHandleCurl.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::platformSend):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::readData):
(WebCore::SocketStreamHandle::sendData):
(WebCore::SocketStreamHandle::waitForAvailableData):
(WebCore::SocketStreamHandle::startThread):
(WebCore::SocketStreamHandle::stopThread):
(WebCore::SocketStreamHandle::didReceiveData):
(WebCore::SocketStreamHandle::didOpenSocket):
(WebCore::SocketStreamHandle::createCopy):

5:56 AM Changeset in webkit [184388] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, but the ResourceHandle shouldn't
be cleaned up because it's still used for the download.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::cleanup):

5:49 AM Changeset in webkit [184387] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r184373 - Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position.html: Added.
5:46 AM Changeset in webkit [184386] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r184355 - Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

  • editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

  • editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
  • editing/inserting/insert-table-in-paragraph-crash.html: Added.
5:44 AM Changeset in webkit [184385] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r184346 - String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

  • runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

5:38 AM Changeset in webkit [184384] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r184334 - [GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

  • UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

5:37 AM Changeset in webkit [184383] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184323 - REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:22 AM Changeset in webkit [184382] by Csaba Osztrogonác
  • 6 edits in trunk/Tools

User interruption while running of run-webkit-tests should also generate results.html
https://bugs.webkit.org/show_bug.cgi?id=122154

Patch by Ravi Phaneendra Kasibhatla <r.kasibhatla@samsung.com> on 2015-05-15
Reviewed by Csaba Osztrogonác.

Generation of results.html on execution of run-webkit-tests happens only
on completion of entire layout tests run. It should be created even when
the execution has been interrupted - either by user (by pressing Ctrl+C)
or because of other interruptions (like exit-after-n-failures option).

  • Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:

(LayoutTestRunner.run_tests):

  • Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

  • Scripts/webkitpy/layout_tests/models/test_run_results.py:

(TestRunResults.init):

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(main):

  • Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:

(RunTest.test_keyboard_interrupt):
(MainTest.test_exception_handling):

5:04 AM Changeset in webkit [184381] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184293 - Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

4:59 AM Changeset in webkit [184380] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r184219 - REGRESSION(r175617): Some text doesn't render on internationalculinarycenter.com
https://bugs.webkit.org/show_bug.cgi?id=144917
rdar://problem/20545878

Reviewed by Andreas Kling.

This patch ensures that text stroke width value is taken into account while
calculating visual overflow for simple line layout.
Ceiling the text stroke width value matches the normal text layout behaviour.

Source/WebCore:

Test: fast/text/simple-line-layout-text-stroke-width.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

  • fast/text/simple-line-layout-text-stroke-width-expected.txt: Added.
  • fast/text/simple-line-layout-text-stroke-width.html: Added.
4:54 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:00 AM Changeset in webkit [184379] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[buildbot] Fix the URL of the performance bots
https://bugs.webkit.org/show_bug.cgi?id=145043

Reviewed by Ryosuke Niwa.

  • BuildSlaveSupport/build.webkit.org-config/templates/root.html:
2:50 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
2:22 AM Changeset in webkit [184378] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Fix typo in function name parseFunctionParamters -> parseFunctionParameters
https://bugs.webkit.org/show_bug.cgi?id=145040

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-15
Reviewed by Mark Lam.

  • parser/Parser.h:
  • parser/Parser.cpp:
1:42 AM Changeset in webkit [184377] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184273 - [EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

The pixmap is created and passed to eglCreatePixmapSurface(), but
never released. eglCreatePixmapSurface() doesn't take the
ownership of the pixmap, so we should explicitly free it when the
GLContextEGL is destroyed.

  • platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createPixmapContext): Use XUniquePixmap
and transfer the ownership to the context by using the new
constructor that receives a XUniquePixmap&&.
(WebCore::GLContextEGL::createContext): createPixmapContext() is
now only defined for X11.
(WebCore::GLContextEGL::GLContextEGL): New constructor that
receives a XUniquePixmap&&.

  • platform/graphics/egl/GLContextEGL.h: Add new constructor and

initialize the cairo device when defined to simplify constructors.

1:03 AM Changeset in webkit [184376] by Carlos Garcia Campos
  • 5 edits in trunk/Source

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Add ResourceHandle::releaseForDownload() that releases the current
handle to be used as a download.

  • platform/network/ResourceHandle.h:
  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::ResourceHandle::releaseForDownload):

Source/WebKit2:

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, and the ResourceHandle is
cleaned up aborting the download operation. We need to use a
different ResourceHandle for the download operation.

  • Shared/Downloads/soup/DownloadSoup.cpp:

(WebKit::Download::startWithHandle): Use ResourceHandle::releaseForDownload()
instead of reusing the given handle.

1:01 AM Changeset in webkit [184375] by rniwa@webkit.org
  • 3 edits in trunk/LayoutTests

Removed failing test expectations from passing tests.

12:05 AM Changeset in webkit [184374] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

[GTK] Fix PlatformDisplayWayland construction error, implement the destructor
https://bugs.webkit.org/show_bug.cgi?id=144997

Reviewed by Carlos Garcia Campos.

The PlatformDisplayWayland constructor is private, so we can't use
std::make_unique<>() to construct an object of this class.

Implement the PlatformDisplayWayland destructor, cleaning out all
the Wayland resources, if present.

  • platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):
(WebCore::PlatformDisplayWayland::PlatformDisplayWayland):
(WebCore::PlatformDisplayWayland::~PlatformDisplayWayland):

May 14, 2015:

10:09 PM Changeset in webkit [184373] by Alan Bujtas
  • 3 edits
    4 adds in trunk

Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position.html: Added.
10:07 PM Changeset in webkit [184372] by Chris Dumez
  • 6 edits in trunk/Source/WebCore

Have DOMWindow::createWindow() take references to frames
https://bugs.webkit.org/show_bug.cgi?id=145037

Reviewed by Gyuyoung Kim.

Have DOMWindow::createWindow() take references to frames instead of
pointers as they are expected to be non-null. Also return a RefPtr
instead of a PassRefPtr.

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

  • loader/FrameLoader.cpp:

(WebCore::createWindow):

  • loader/FrameLoader.h:
  • page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):

  • page/DOMWindow.h:
9:43 PM Changeset in webkit [184371] by Simon Fraser
  • 5 edits
    2 adds in trunk

REGRESSION (r183794): Garbage tiles when body background switches to fixed
https://bugs.webkit.org/show_bug.cgi?id=145032
rdar://problem/20963679

Reviewed by Dean Jackson.

Source/WebCore:

After r183794 (or possibly an earlier commit), we failed to dynamically update
the configuration of layers that handled fixed background attachment on the root.

This would result in unpainted tiles, and non-fixed-background behavior.

Fix by calling RenderLayerCompositor::rootOrBodyStyleChanged() whenever the
style changes on the root or body renderers, and triggering a compositing update
if the fixedness of the background changes. It calls the existing rootBackgroundTransparencyChanged()
if the color changes.

Test: platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
(WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged):

  • rendering/RenderLayerCompositor.h:

LayoutTests:

Test that toggles the attachment of the body background to fixed, then dumps layers.

  • platform/mac-wk2/tiled-drawing/toggle-to-fixed-background-expected.txt: Added.
  • platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html: Added.
9:39 PM Changeset in webkit [184370] by beidson@apple.com
  • 17 edits in trunk/Source/WebKit2

Rename connectionDidClose and related methods to be more clear.
https://bugs.webkit.org/show_bug.cgi?id=145030

Reviewed by Darin Adler.

These methods were easy to confuse with "Connection::Client::didClose()", yet they
were about something much more explicit: A child process being shut down by the UI Process.

Let's call them as such.

  • Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess):
(WebKit::ChildProcessProxy::clearConnection): Deleted.
(WebKit::ChildProcessProxy::connectionDidClose): Deleted.

  • Shared/ChildProcessProxy.h:
  • UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::processWillShutDown):

  • UIProcess/Databases/DatabaseProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::processWillShutDown):

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::processWillShutDown):

  • UIProcess/Plugins/PluginProcessProxy.h:
  • UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::webProcessWillShutDown):
(WebKit::WebFrameProxy::disconnect): Deleted.

  • UIProcess/WebFrameProxy.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::webProcessWillShutDown):
(WebKit::WebPageProxy::connectionDidClose): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessLifetimeTracker.cpp:

(WebKit::WebProcessLifetimeTracker::webProcessWillShutDown):
(WebKit::WebProcessLifetimeTracker::connectionDidClose): Deleted.

  • UIProcess/WebProcessLifetimeTracker.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::didClose):
(WebKit::WebProcessProxy::disconnectFramesFromPage):
(WebKit::WebProcessProxy::shouldTerminate):
(WebKit::WebProcessProxy::requestTermination):
(WebKit::WebProcessProxy::connectionDidClose): Deleted.
(WebKit::WebProcessProxy::disconnect): Deleted.

  • UIProcess/WebProcessProxy.h:
9:36 PM Changeset in webkit [184369] by mitz@apple.com
  • 2 edits in trunk/Source/WTF

Reverted r177753, now that <rdar://problem/19347133> is fixed.

Rubber-stamped by Benjamin Poulain.

  • wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

9:14 PM Changeset in webkit [184368] by fpizlo@apple.com
  • 15 edits in trunk/Source/JavaScriptCore

Remove StoreBarrierWithNullCheck, nobody ever generates this.

Rubber stamped by Benjamin Poulain and Michael Saboff.

If we did bring something like this back in the future, we would just use UntypedUse instead
of CellUse to indicate that this is what we want.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::isStoreBarrier):

  • dfg/DFGNodeType.h:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStoreBarrier):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck): Deleted.

8:51 PM Changeset in webkit [184367] by fpizlo@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

PutGlobalVar should reference the global object it's storing into
https://bugs.webkit.org/show_bug.cgi?id=145036

Reviewed by Michael Saboff.

This makes it easier to reason about store barrier insertion and elimination. This changes
the format of PutGlobalVar so that child1 is the global object and child2 is the value.
Previously it just had child1, and that was the value.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):

8:28 PM Changeset in webkit [184366] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

Unreviewed, rolling out r184359 and r184362.
https://bugs.webkit.org/show_bug.cgi?id=145035

Introduced a crash in six media element tests (Requested by
rniwa on #webkit).

Reverted changesets:

"[MediaControls] Refactor media controls & bring improvements
made to iOS controls to Mac."
https://bugs.webkit.org/show_bug.cgi?id=144973
http://trac.webkit.org/changeset/184359

"Unreviewed build fix after r184359; typo."
http://trac.webkit.org/changeset/184362

7:03 PM Changeset in webkit [184365] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Some CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=145025.
and
rdar://problem/20646308.

Patch by Zhuo Li <zachli@apple.com> on 2015-05-14
Reviewed by Alexey Proskuryakov.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate):

5:25 PM Changeset in webkit [184364] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Update the New Tab button disabled state after extra domains are activated
https://bugs.webkit.org/show_bug.cgi?id=145028

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-14
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector.activateExtraDomains):

5:08 PM Changeset in webkit [184363] by Michael Catanzaro
  • 4 edits in trunk

[CMake] Error out when ruby is too old
https://bugs.webkit.org/show_bug.cgi?id=145014

Reviewed by Martin Robinson.

.:

Error out immediately after checking for Ruby if the ruby executable is not found, or if it
is too old.

  • CMakeLists.txt:

Source/JavaScriptCore:

Don't enforce the check for the Ruby executable here; it's now enforced in the top-level
CMakeLists.txt instead.

  • CMakeLists.txt:
4:52 PM Changeset in webkit [184362] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r184359; typo.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

4:40 PM Changeset in webkit [184361] by roger_fong@apple.com
  • 3 edits in trunk/Source/WebCore

Adjust button CSS and positioning in preparation.
https://bugs.webkit.org/show_bug.cgi?id=144973.
<rdar://problem/20306227>

Reviewed by Dean Jackson.

The only visual change here is the swapping of the rewind and play button positions.
Also, position buttons based off of both left and right margins instead of just one of the two.
This allows the controls drop off to work without having to use a spacer element to take the place
of the timeline if the controls are too small.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-time-remaining-display):
(audio:-webkit-full-screen::-webkit-media-controls-toggle-closed-captions-button):
(audio:-webkit-full-screen::-webkit-media-controls-wireless-playback-picker-button):

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):

4:35 PM Changeset in webkit [184360] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

MediaControls: controls are live even when invisible
https://bugs.webkit.org/show_bug.cgi?id=145029
<rdar://problem/20865442>

Reviewed by Jer Noble.

When the controls are invisible they should ignore touch/mouse
events.

  • Modules/mediacontrols/mediaControlsiOS.css: Add pointer-events: none where appropriate.

(video::-webkit-media-controls-panel-container):
(video::-webkit-media-controls-panel-background):
(video::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel.paused):

4:27 PM Changeset in webkit [184359] by jer.noble@apple.com
  • 8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

  • html/HTMLMediaElement.h:
  • rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

  • rendering/RenderMedia.h:

Drive-by fixes:

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

3:46 PM Changeset in webkit [184358] by timothy_horton@apple.com
  • 20 edits in trunk

Add a layout mode that scales down the view to try to fit the document
https://bugs.webkit.org/show_bug.cgi?id=145022
<rdar://problem/19790341>

Reviewed by Dean Jackson.

  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setShouldScaleViewToFitDocument):

  • UIProcess/WebPageProxy.h:
  • WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setShouldScaleViewToFitDocument):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setShouldScaleViewToFitDocument):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Plumb shouldScaleViewToFitDocument through to the DrawingArea.

  • UIProcess/mac/WKViewLayoutStrategy.mm:

(+[WKViewLayoutStrategy layoutStrategyWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy initWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy updateLayout]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy willChangeLayoutStrategy]):

  • UIProcess/API/C/WKLayoutMode.h:
  • UIProcess/API/Cocoa/_WKLayoutMode.h:

Add a new layout mode, which just turns on shouldScaleViewToFitDocument,
and otherwise behaves as normal.

  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setShouldScaleViewToFitDocument):
(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
On every flush where either the document size or view size has changed,
or layout is outstanding, do a layout with fixed layout off to determine
whether the document fits inside the view. If it doesn't, scale it down
to fit. This will require an extra layout for every resize while in the
scaled-down state, but there is potential for future optimization.

  • MiniBrowser/mac/BrowserWindow.xib:
  • MiniBrowser/mac/BrowserWindowController.h:
  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController toggleShrinkToFit:]):
(-[WK2BrowserWindowController toggleUseMinimumViewSize:]): Deleted.
Switch to _WKLayoutModeDynamicSizeComputedFromMinimumDocumentSize.

3:29 PM Changeset in webkit [184357] by Michael Catanzaro
  • 2 edits in trunk/Tools

[CMake] Don't read the LOCATION property of targets
https://bugs.webkit.org/show_bug.cgi?id=145018

Reviewed by Martin Robinson.

Use the TARGET_FILE_DIR generator expression to determine the location of the test injected
bundle, rather than assuming that the LOCATION property of TestWebKitAPIInjectedBundle will
be the same at configure-time as it is at generate-time.

  • TestWebKitAPI/CMakeLists.txt:
2:43 PM Changeset in webkit [184356] by andersca@apple.com
  • 5 edits in trunk/Source/WebKit2

Local storage origins should include origins with transient local storage
https://bugs.webkit.org/show_bug.cgi?id=145017
rdar://problem/10690447

Reviewed by Sam Weinig.

The transient local storage namespaces are used for third party data blocking and will stay
around until the UI process exits so we need to be able to include website data from transient storage
in the website data store APIs.

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::TransientLocalStorageNamespace::origins):
(WebKit::StorageManager::getLocalStorageOrigins):

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):

2:39 PM Changeset in webkit [184355] by rniwa@webkit.org
  • 4 edits
    2 adds in trunk

Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

  • editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

  • editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
  • editing/inserting/insert-table-in-paragraph-crash.html: Added.
2:32 PM Changeset in webkit [184354] by basile_clement@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

Enforce options coherency
https://bugs.webkit.org/show_bug.cgi?id=144921

Reviewed by Mark Lam.

JavaScriptCore should be failing early when the options are set in such
a way that we don't have a meaningful way to execute JavaScript, rather
than failing for obscure reasons at some point during execution.

This patch adds a new function that checks whether the options are set
in a coherent way, and makes JSC::Options::initialize() crash when the
environment enforces incoherent options.
Client applications able to add or change additional options are
responsible to check for coherency again before starting to actually
execute JavaScript, if any additional options have been set. This is
implemented for the jsc executable in this patch.

  • jsc.cpp:

(CommandLine::parseArguments):

  • runtime/Options.cpp:

(JSC::Options::initialize):
(JSC::Options::ensureOptionsAreCoherent): Added.

  • runtime/Options.h:

(JSC::Options::ensureOptionsAreCoherent): Added.

2:28 PM Changeset in webkit [184353] by mmaxfield@apple.com
  • 13 edits
    1 delete in trunk

[Mac] Expose more font weights for -apple-system
https://bugs.webkit.org/show_bug.cgi?id=144707

Reviewed by Simon Fraser.

Source/WebCore:

Previously, when we parsed a CSS declaration of the form font: keyword; where keyword
is one of caption, icon, menu, message-box, small-caption, -webkit-mini-control, -webkit-small-control,
or -webkit-control (which html.css does for form controls), we would ask the system what the appropriate
system font is, get that font's family name, and synthesize a font-family CSS property for the element.
Then, later when we actually go to look up the font, we would look up the font by family name using this
information. However, this round-tripping of a font through a family name is actually lossy, and is not
guaranteed to preserve system-font-ness (which we use for various things including metrics calculations).

This patch modifies this logic to specify a token family name instead, which the font lookup code special
cases (and reacts by making the appropriate system-font lookup call). This approach is currently how iOS
handles these system fonts; this patch simply brings this approach to OS X.

There is also an added progression here. We used to simply call [NSFont fontWithName:size:] on the system
font family name (which the parser found for us) which entirely disregards weight. This means that we
used to be getting synthesized bold in form controls which ask for a heavy weight. Migrating to this
system-font aware call means that we get the real bold font instead of synthesized bold.

Once this system-font-ness is guaranteed to be preserved between parsing time and font lookup time, we
can safely migrate to using [NSFont systemFontOfSize:weight] instead of [NSFont systemFontOfSize:] on
platforms which support it.

Tests: fast/text/systemFont.html

fast/css/css2-system-fonts.html
fast/forms/select/optgroup-rendering.html
fast/forms/validation-message-appearance.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseSystemFont): Add a comment regarding why we are bothering with expanding out
the font property in the first place.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::FontCascade::primaryFontIsSystemFont): Update to use new system font tokens.

  • platform/graphics/mac/FontCacheMac.mm:

(WebCore::toNSFontWeight): New static method to map font weights to NSFontWeight constants available on
Yosemite and later.
(WebCore::fontWithFamilySpecialCase): Pull all these special-case font token name handling into a
separate function, which returns an Optional.
(WebCore::fontWithFamily):

  • platform/mac/ThemeMac.mm:

(WebCore::ThemeMac::controlFont): Use the font token name instead of the generated system font family
name.

  • platform/spi/mac/NSFontSPI.h: Add [NSFont systemFontWithSize:weight:] and the proper NSFontWeight

constants.

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Use the font token names instead of the
generated system font family name.
(WebCore::RenderThemeMac::setFontFromControlSize): Ditto.

LayoutTests:

  • platform/mac/fast/text/systemFont-expected.txt: Update expectations.
  • platform/mac/fast/text/systemFont.html: Update test to include font weights for -apple-system.
  • platform/mac/fast/css/css2-system-fonts-expected.txt: Updated to not hardcode the system font family name.
  • platform/mac-mavericks/fast/css/css2-system-fonts-expected.txt: Ditto.
  • platform/mac/fast/forms/select/optgroup-rendering-expected.txt: Updated to not use synthetic bold.
  • platform/mac/fast/forms/validation-message-appearance-expected.txt: Ditto.
2:24 PM Changeset in webkit [184352] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
https://bugs.webkit.org/show_bug.cgi?id=145019

Reviewed by Ryosuke Niwa.

Attempt to fix compile errors in EFL ARM buildbots.
By executing nm, found JSTemplateRegistryKey.cpp.o and TemplateRegistry.cpp.o have
unresolved reference to Structure::get. That is inlined function in StructureInlines.h.

  • runtime/JSTemplateRegistryKey.cpp:
  • runtime/TemplateRegistry.cpp:
2:19 PM Changeset in webkit [184351] by roger_fong@apple.com
  • 4 edits in trunk/Source/WebCore

Add internals setting to disable wireless playback availability for layout tests
https://bugs.webkit.org/show_bug.cgi?id=145012.
<rdar://problem/20946504>

Reviewed by Eric Carlson.

  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setWirelessPlaybackDisabled):

  • testing/InternalSettings.idl:
1:56 PM Changeset in webkit [184350] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

1:38 PM Changeset in webkit [184349] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Small refactoring before implementation of the ES6 arrow function.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-14
Reviewed by Ryosuke Niwa.

  • parser/Parser.h:
  • parser/Parser.cpp:
1:27 PM Changeset in webkit [184348] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.32.2.1

New tag.

12:58 PM Changeset in webkit [184347] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): ASSERT failed in debug builds for tagged templates
https://bugs.webkit.org/show_bug.cgi?id=145013

Reviewed by Filip Pizlo.

Fix the regression introduced by r184337.

  1. JSTemporaryRegistryKey::s_info should inherit the Base::s_info, JSDestructibleObject::s_info.
  1. The first register argument of BytecodeGenerator::emitNode should be a referenced register if it is a temporary register.
  • bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):

  • runtime/JSTemplateRegistryKey.cpp:
12:07 PM Changeset in webkit [184346] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

  • runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

11:17 AM Changeset in webkit [184345] by Beth Dakin
  • 5 edits in trunk/Source

Change range of possible forces for mouseforcechanged DOM event
https://bugs.webkit.org/show_bug.cgi?id=144987
-and corresponding-
rdar://problem/20472802

Reviewed by Tim Horton.

Change to a 0-3 range.
Source/WebCore:

  • platform/PlatformMouseEvent.h:
  • platform/mac/PlatformEventFactoryMac.mm:

(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

Source/WebKit2:

  • Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

11:11 AM Changeset in webkit [184344] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Change the status of ES6 tagged templates to Done in features.json
https://bugs.webkit.org/show_bug.cgi?id=145003

Reviewed by Benjamin Poulain.

Now it's implemented in r184337.

  • features.json:
10:59 AM Changeset in webkit [184343] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

10:55 AM Changeset in webkit [184342] by bshafiei@apple.com
  • 1 copy in branches/safari-601.1.32.2-branch

New Branch.

10:55 AM Changeset in webkit [184341] by mmaxfield@apple.com
  • 9 edits in trunk

Add String literal overloads to equalIgnoringASCIICase()
https://bugs.webkit.org/show_bug.cgi?id=145008

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-05-14
Reviewed by Benjamin Poulain.

Source/WTF:

Create an overload for equalIgnoringASCIICase for string literals.

  • wtf/text/StringImpl.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

  • wtf/text/StringImpl.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

  • wtf/text/StringView.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

  • wtf/text/StringView.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

  • wtf/text/WTFString.h:

(WTF::equalIgnoringASCIICase): Delegate to StringImpl's implementation.

Tools:

Test changes to WTF.

  • TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(WTF.StringImplEqualIgnoringASCIICaseBasic): Test const char*.
(WTF.StringImplEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

  • TestWebKitAPI/Tests/WTF/StringView.cpp:

(WTF.StringViewEqualIgnoringASCIICaseBasic): Ditto.
(WTF.StringViewEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

10:36 AM Changeset in webkit [184340] by Yusuke Suzuki
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

Introduce SymbolType into SpeculativeTypes
https://bugs.webkit.org/show_bug.cgi?id=142651

Reviewed by Filip Pizlo.

Introduce SpecSymbol type into speculative types.
Previously symbol type is categorized into SpecCellOther.
But SpecCellOther is not intended to be used for such cells.

This patch just introduces SpecSymbol.
It represents the type of target value is definitely the symbol type.
It is the part of SpecCell.

In this patch, we do not introduce SymbolUse tracking.
It will be added in the separate patch.

  • bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromStructure):

  • bytecode/SpeculatedType.h:

(JSC::isSymbolSpeculation):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::setType):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • tests/stress/typeof-symbol.js: Added.
9:37 AM Changeset in webkit [184339] by Manuel Rego Casasnovas
  • 7 edits in trunk/Source/WebCore

Fix typo in RenderBox::instrinsicScrollbarLogicalWidth()
https://bugs.webkit.org/show_bug.cgi?id=144999

Reviewed by Sergio Villar Senin.

Rename RenderBox::instrinsicScrollbarLogicalWidth() to
RenderBox::intrinsicScrollbarLogicalWidth().

No new tests, no behavior changes.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeIntrinsicLogicalWidths):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::intrinsicScrollbarLogicalWidth):
(WebCore::RenderBox::instrinsicScrollbarLogicalWidth): Deleted.

  • rendering/RenderBox.h:
  • rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::computeIntrinsicLogicalWidths):

  • rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths):

9:31 AM Changeset in webkit [184338] by fpizlo@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed, skip js/regress-141098.html. The fix will be tracked in https://bugs.webkit.org/show_bug.cgi?id=145007

9:07 AM Changeset in webkit [184337] by Yusuke Suzuki
  • 24 edits
    11 adds in trunk/Source/JavaScriptCore

[ES6] Implement tagged templates
https://bugs.webkit.org/show_bug.cgi?id=143183

Reviewed by Oliver Hunt.

This patch implements ES6 tagged templates.
In tagged templates, the function takes the template object.

The template object contains the raw and cooked template strings,
so when parsing the tagged templates, we need to tokenize the raw and cooked strings.
While tagged templates require the both strings, the template literal only requires
the cooked strings. So when tokenizing under the template literal context,
we only builds the cooked strings.

As per ES6 spec, the template objects for the same raw strings are shared in the same realm.
The template objects is cached. And every time we evaluate the same tagged templates,
the same (cached) template objects are used.
Since the spec freezes this template objects completely,
we cannot attach some properties to it.
So we can say that it behaves as if the template objects are the primitive values (like JSString).
Since we cannot attach properties, the only way to test the identity of the template object is comparing. (===)
As the result, when there is no reference to the template object, we can garbage collect it
because the user has no way to test that the newly created template object does not equal
to the already collected template object.

So, to implement tagged templates, we implement the following components.

  1. JSTemplateRegistryKey

It holds the template registry key and it does not exposed to users.
TemplateRegistryKey holds the vector of raw and cooked strings with the pre-computed hash value.
When obtaining the template object for the (statically, a.k.a. at the parsing time) given raw string vectors,
we use this JSTemplateRegistryKey as a key to the map and look up the template object from
TemplateRegistry.
JSTemplateRegistryKey is created at the bytecode compiling time and
stored in the CodeBlock as like as JSString content values.

  1. TemplateRegistry

This manages the cached template objects.
It holds the weak map (JSTemplateRegistryKey -> the template object).
The template object is weakly referenced.
So if there is no reference to the template object,
the template object is automatically GC-ed.
When looking up the template object, it searches the cached template object.
If it is found, it is returned to the users.
If there is no cached template objects, it creates the new template object and
stores it with the given template registry key.

(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode): Deleted.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createTaggedTemplate):
(JSC::ASTBuilder::createTemplateLiteral): Deleted.

  • parser/Lexer.cpp:

(JSC::Lexer<T>::setCode):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTrailingTemplateString):
(JSC::Lexer<T>::clear):

  • parser/Lexer.h:

(JSC::Lexer<T>::makeEmptyIdentifier):

  • parser/NodeConstructors.h:

(JSC::TaggedTemplateNode::TaggedTemplateNode):
(JSC::TemplateLiteralNode::TemplateLiteralNode): Deleted.

  • parser/Nodes.h:

(JSC::TemplateLiteralNode::templateStrings):
(JSC::TemplateLiteralNode::templateExpressions):
(JSC::TaggedTemplateNode::templateLiteral):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):

  • parser/Parser.h:
  • parser/ParserArena.h:

(JSC::IdentifierArena::makeEmptyIdentifier):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createTaggedTemplate):
(JSC::SyntaxChecker::createTemplateLiteral): Deleted.

  • runtime/CommonIdentifiers.h:
  • runtime/JSGlobalObject.cpp:

(JSC::getTemplateObject):
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::templateRegistry):

  • runtime/JSTemplateRegistryKey.cpp: Added.

(JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
(JSC::JSTemplateRegistryKey::create):
(JSC::JSTemplateRegistryKey::destroy):

  • runtime/JSTemplateRegistryKey.h: Added.
  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorFreeze):

  • runtime/ObjectConstructor.h:
  • runtime/TemplateRegistry.cpp: Added.

(JSC::TemplateRegistry::TemplateRegistry):
(JSC::TemplateRegistry::getTemplateObject):

  • runtime/TemplateRegistry.h: Added.
  • runtime/TemplateRegistryKey.h: Added.

(JSC::TemplateRegistryKey::isDeletedValue):
(JSC::TemplateRegistryKey::isEmptyValue):
(JSC::TemplateRegistryKey::hash):
(JSC::TemplateRegistryKey::rawStrings):
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::operator==):
(JSC::TemplateRegistryKey::operator!=):
(JSC::TemplateRegistryKey::Hasher::hash):
(JSC::TemplateRegistryKey::Hasher::equal):
(JSC::TemplateRegistryKey::TemplateRegistryKey):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
  • tests/stress/tagged-templates-identity.js: Added.

(shouldBe):

  • tests/stress/tagged-templates-raw-strings.js: Added.

(shouldBe):
(tag):
(testEval):

  • tests/stress/tagged-templates-syntax.js: Added.

(tag):
(testSyntax):
(testSyntaxError):

  • tests/stress/tagged-templates-template-object.js: Added.

(shouldBe):
(tag):

  • tests/stress/tagged-templates-this.js: Added.

(shouldBe):
(tag):

  • tests/stress/tagged-templates.js: Added.

(shouldBe):
(raw):
(cooked):
(Counter):

8:33 AM Changeset in webkit [184336] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Current time marker is always at zero in Rendering Frames ruler
https://bugs.webkit.org/show_bug.cgi?id=144518

Reviewed by Timothy Hatcher.

The current and end time values for the rendering frame timeline overview should always be equal to the frame
number of the last record in the rendering frames timeline.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.updateLayout):

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._recordingTimesUpdated):

3:52 AM Changeset in webkit [184335] by zandobersek@gmail.com
  • 2 edits in trunk

[GTK] Enable plugin-related CMake options and variables for the X11 target only
https://bugs.webkit.org/show_bug.cgi?id=144995

Reviewed by Carlos Garcia Campos.

  • Source/cmake/OptionsGTK.cmake: Plugins are only supported for

the X11 windowing target at the moment, so the following options
and variables should be enabled or disabled accordingly:

  • ENABLE_PLUGIN_PROCESS_GTK2
  • ENABLE_NETSCAPE_PLUGIN_API
  • ENABLE_PLUGIN_PROCESS
2:33 AM Changeset in webkit [184334] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebKit2

[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

  • UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

2:32 AM Changeset in webkit [184333] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WTF

[GTK] RunLoop constructor should properly retrieve or establish the thread-default GMainContext
https://bugs.webkit.org/show_bug.cgi?id=144732

Reviewed by Carlos Garcia Campos.

RunLoop constructor in the GTK implementation should use the
existing thread-default context, create a new one if not on
the main thread, or use the global-default one if on the main
thread.

In RunLoop::run(), the GMainContext should then be pushed as
the thread-default before calling g_main_loop_run(), and popped
off when the main loop stops.

  • wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::run):

12:59 AM Changeset in webkit [184332] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

[EFL] Unskip passing AX tests since r184198

Unreviewed EFL gardening.

  • platform/efl/TestExpectations: Two AX tests have been passed since r184198.
12:57 AM Changeset in webkit [184331] by youenn.fablet@crf.canon.fr
  • 12 edits
    2 adds in trunk

SharedBuffer::createWithContentsOfFile should use map file routines
https://bugs.webkit.org/show_bug.cgi?id=144192

Reviewed by Darin Adler.

Source/WebCore:

Made use of mmap routines within SharedBuffer::createWithContentsOfFile for EFL, GTK and Mac ports.
If mapping is failing, it falls back to the previous version of SharedBuffer::createWithContentsOfFile renamed as
SharedBuffer::createFromReadingFile (using open/read method).
File content is mapped until SharedBuffer is cleared, destroyed or additional content is appended to the SharedBuffer.

A helper class, MappedFileData, is introduced to handle mapped files through calls to open/mmap/munmap/close.

Patch covered by existing layout tests and added unit tests.

  • platform/FileSystem.cpp:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator=):
(WebCore::MappedFileData::~MappedFileData):

  • platform/FileSystem.h:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator bool):
(WebCore::MappedFileData::data):
(WebCore::MappedFileData::size):

  • platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::createWithContentsOfFile): Making use of MappedFileData before using createFromReadingFile.
(WebCore::SharedBuffer::size): Checking whether data is coming from a MappedFileData.
(WebCore::SharedBuffer::data): Ditto.
(WebCore::SharedBuffer::append): Ditto.
(WebCore::SharedBuffer::clear): Clearing MappedFileData if needed.
(WebCore::SharedBuffer::copy): Transferring mapped data to buffer if needed.
(WebCore::SharedBuffer::getSomeData):
(WebCore::SharedBuffer::maybeTransferMappedFileData):

  • platform/SharedBuffer.h:
  • platform/gtk/SharedBufferGtk.cpp:

(WebCore::SharedBuffer::createFromReadingFile): renamed from createWithContentsOfFile.

  • platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createFromReadingFile): Dito.

  • platform/posix/SharedBufferPOSIX.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

  • platform/win/SharedBufferWin.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

Tools:

Adding SharedBuffer and FileSystem Unit tests to Mac and GTK, not yet for EFL.

  • TestWebKitAPI/PlatformGTK.cmake:
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebCore/FileSystem.cpp: Added.

(TestWebKitAPI::FileSystemTest::tempFilePath):
(TestWebKitAPI::FileSystemTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

  • TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp: Added.

(TestWebKitAPI::SharedBufferTest::tempFilePath):
(TestWebKitAPI::SharedBufferTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

May 13, 2015:

10:59 PM Changeset in webkit [184330] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
https://bugs.webkit.org/show_bug.cgi?id=144953

Reviewed by Martin Robinson.

Return early if we fail to get the birthtime xattr.

  • NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::fileTimes):

10:10 PM Changeset in webkit [184329] by Simon Fraser
  • 5 edits in trunk/Source/WebCore

Get the ScriptController from the correct frame for media elements and plug-ins
https://bugs.webkit.org/show_bug.cgi?id=144983
rdar://problem/20692642&19943135

Reviewed by Sam Weinig.

HTMLMediaElement, QuickTimePluginReplacement and HTMLPlugInImageElement were
getting the main frame's ScriptController instead of the one for their frame.
This caused media controls JS to be running in the context of the main frame,
which broke media controls which use getCSSCanvasContext() and -webkit-canvas.

Fix by getting the frame via the element's document.

Also undo r180584 which was working around this bug.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.drawTimelineBackground):

  • Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
(WebCore::QuickTimePluginReplacement::installReplacement):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):

  • html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

9:19 PM Changeset in webkit [184328] by rniwa@webkit.org
  • 12 edits
    1 add in trunk/Source/JavaScriptCore

REGRESSION(r180595): same-callee profiling no longer works
https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Filip Pizlo.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

  • bytecode/BytecodeList.json: Increased the number of operands to 5.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior and/or we've OSR exited here.
(JSC::JIT::emitSlow_op_create_this):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):

  • llint/LowLevelInterpreter32_64.asm:

(_llint_op_create_this): Ditto.

  • llint/LowLevelInterpreter64.asm:

(_llint_op_create_this): Ditto.

  • runtime/CommonSlowPaths.cpp:

(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().

  • runtime/JSCell.h:

(JSC::JSCell::seenMultipleCalleeObjects): Added.

  • runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.

  • tests/stress/create-this-with-callee-variants.js: Added.
9:07 PM Changeset in webkit [184327] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Fix trivial typos in ApplyBlockElementCommand
https://bugs.webkit.org/show_bug.cgi?id=144984

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change.

  • editing/ApplyBlockElementCommand.cpp:

(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded):
(WebCore::ApplyBlockElementCommand::endOfNextParagrahSplittingTextNodesIfNeeded): Deleted.

  • editing/ApplyBlockElementCommand.h:
8:07 PM Changeset in webkit [184326] by dbates@webkit.org
  • 13 edits in trunk/Source/WebKit2

Rename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel}PrepareToSuspend()
https://bugs.webkit.org/show_bug.cgi?id=144619
<rdar://problem/20812779>

Reviewed by Andy Estes.

The names of the functions ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() are misnomers. These
functions are called when the ProcessThrottler wants to prepare the process that it manages for suspension
and changes its mind, respectively. That is, these functions do not actually correspond to the OS decision
to suspend a process or cancel the suspension of a process, respectively. So, rename these functions and
associated {Network, Web}ProcessProxy message names to better describe their purpose.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::cancelPrepareToSuspend):
(WebKit::NetworkProcess::processWillSuspend): Deleted.
(WebKit::NetworkProcess::cancelProcessWillSuspend): Deleted.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in:
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendCancelPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::NetworkProcessProxy::sendCancelProcessWillSuspend): Deleted.

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::updateAssertion):

  • UIProcess/ProcessThrottlerClient.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcess::actualPrepareToSuspend): Formerly named prepareToSuspend.
(WebKit::WebProcessProxy::sendPrepareToSuspend):
(WebKit::WebProcessProxy::sendCancelPrepareToSuspend):
(WebKit::WebProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::WebProcessProxy::sendCancelProcessWillSuspend): Deleted.

  • UIProcess/WebProcessProxy.h:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processWillSuspend): Deleted.
(WebKit::WebProcess::cancelProcessWillSuspend): Deleted.

  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in:
6:34 PM Changeset in webkit [184325] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Clean up some possible RefPtr to PassRefPtr churn
https://bugs.webkit.org/show_bug.cgi?id=144779

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Darin Adler.

  • runtime/GenericTypedArrayViewInlines.h:

(JSC::GenericTypedArrayView<Adaptor>::create):
(JSC::GenericTypedArrayView<Adaptor>::createUninitialized):

  • runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):

  • runtime/TypedArrayBase.h:

(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):

  • tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):
Release the last use of a RefPtr as it is passed on.

6:32 PM Changeset in webkit [184324] by commit-queue@webkit.org
  • 37 edits
    3 adds in trunk

ES6: Allow duplicate property names
https://bugs.webkit.org/show_bug.cgi?id=142895

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Introduce new op_put_getter_by_id and op_put_setter_by_id opcodes
that will define a single getter or setter property on an object.

The existing op_put_getter_setter opcode is still preferred for
putting both a getter and setter at the same time but cannot be used
for putting an individual getter or setter which is needed in
some cases.

Add a new slow path when generating bytecodes for a property list
with computed properties, as computed properties are the only time
the list of properties cannot be determined statically.

  • bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

  • fast path for all constant properties
  • slow but paired getter/setter path if there are no computed properties
  • slow path, individual put operation for every property, if there are computed properties
  • parser/Nodes.h:

Distinguish a Computed property from a Constant property.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
Distingish Computed and Constant properties.

(JSC::Parser<LexerType>::parseObjectLiteral):
When we drop into strict mode it is because we saw a getter
or setter, so be more explicit.

(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Eliminate duplicate property syntax error exception.

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::getName):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::getName): Deleted.
No longer used.

  • runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):
When updating a property. If the Accessor attribute changed
update the Structure.

  • runtime/JSObject.cpp:

(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
Called by the opcodes, just perform the same operation that
defineGetter or defineSetter would do.

(JSC::JSObject::putDirectNonIndexAccessor):
This transition is now handled in putDirectInternal.

  • runtime/Structure.h:

Add needed export.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutGetterById):
(JSC::BytecodeGenerator::emitPutSetterById):

  • bytecompiler/BytecodeGenerator.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:

New bytecodes. Modelled after existing op_put_getter_setter.

LayoutTests:

  • js/object-literal-duplicate-properties-expected.txt: Added.
  • js/object-literal-duplicate-properties.html: Added.
  • js/script-tests/object-literal-duplicate-properties.js: Added.

Include a new test all about testing duplicate property names
and their expected cascading results.

  • ietestcenter/Javascript/11.1.5_4-4-b-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-b-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-c-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-c-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-3-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-4-expected.txt:

ES5 behavior for duplciate properties has changed.

  • js/mozilla/strict/11.1.5-expected.txt:
  • js/object-literal-syntax-expected.txt:
  • js/script-tests/object-literal-syntax.js:

Update other tests and values now that duplicate properties
are allowed, and their cascade order behaves correctly.

6:21 PM Changeset in webkit [184323] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:39 PM Changeset in webkit [184322] by bshafiei@apple.com
  • 5 edits in branches/safari-600.5.17-branch/Source

Versioning.

5:36 PM Changeset in webkit [184321] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32-branch/Source

Versioning.

5:11 PM Changeset in webkit [184320] by rniwa@webkit.org
  • 2 edits in branches/safari-600.7-branch/LayoutTests

Add a Pass/Failure test expectation on
fast/canvas/webgl/tex-image-and-sub-image-2d-with-potentially-subsampled-image.html.

I don't know why this test expectation was not in the branch given it was added back in r174585.
Perhaps it got lost during some merges.

  • platform/mac/TestExpectations:
5:08 PM Changeset in webkit [184319] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.32.2

New tag.

4:57 PM Changeset in webkit [184318] by fpizlo@apple.com
  • 7 edits
    1 add in trunk/Source/JavaScriptCore

Creating a new blank document in icloud pages causes an AI error: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble.
https://bugs.webkit.org/show_bug.cgi?id=144856

Reviewed by Benjamin Poulain.

First I made fixTypeForRepresentation() print out better diagnostics when it dies.

Then I fixed the bug: Node::convertToIdentityOn(Node*) needs to make sure that when it
converts to a representation-changing node, it needs to use one of the UseKinds that such
a node expects. For example, DoubleRep(UntypedUse:) doesn't make sense; it needs to be
something like DoubleRep(NumberUse:) since it will speculate that the input is a number.

  • dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::setBuiltInConstant):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::fixTypeForRepresentation):

  • dfg/DFGAbstractValue.h:
  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

  • dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):

  • tests/stress/cloned-arguments-get-by-val-double-array.js: Added.

(foo):

4:33 PM Changeset in webkit [184317] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184313.
https://bugs.webkit.org/show_bug.cgi?id=144974

Introduced an assertion failure in class-syntax-
declaration.js, class-syntax-expression.js, and object-
literal-syntax.js (Requested by rniwa on #webkit).

Reverted changeset:

"Small refactoring before ES6 Arrow function implementation."
https://bugs.webkit.org/show_bug.cgi?id=144954
http://trac.webkit.org/changeset/184313

4:18 PM Changeset in webkit [184316] by oliver@apple.com
  • 7 edits in trunk/Source

Source/JavaScriptCore:
Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

One of the simpler cases of this in JavaScriptCore. There
are other cases where we need to guard the derefs but they
are more complex cases.

  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::releaseImpl):

  • inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::releaseImpl):

Source/WTF:

Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

In order to prevent use after free bugs caused by destructors
that end up trying to access the smart pointer itself, we should
make sure we always clear the m_ptr field before calling deref.

Essentially the UaF path is:
struct Foo : RefCounted<Foo> {

Wibble* m_wibble;
void doSomething();
~Foo() { m_wibble->doSomethingLikeCleanup(); }

};

struct Wibble {

void doSomethingLikeCleanup()
{

if (m_foo) {

/* if this branch is not here we get a null deref */
m_foo->doSomething();

}

}
void replaceFoo(Foo* foo) { m_foo = foo; }
RefPtr<Foo> m_foo;

};

Wibble* someWibble = /* a Wibble with m_foo->m_refCount == 1 */;

/* and m_foo points to someWibble */;

someWibble->replaceFoo(someOtherFoo);
+ someWibble->m_foo->m_ptr->deref();

+ someWibble->m_foo->m_ptr->~Foo()

+ someWibble->m_foo->m_ptr->m_wibble->doSomethingLikeCleanup()

+ someWibble->m_foo->m_ptr->m_wibble /* someWibble */ ->m_foo->m_ptr /*logically dead*/ ->doSomething()

By clearing m_ptr first we either force a null pointer deref or
we force our code down a path that does not use the dead smart
pointer.

  • wtf/PassRefPtr.h: (WTF::PassRefPtr::~PassRefPtr):
  • wtf/Ref.h: (WTF::Ref::~Ref): (WTF::Ref::operator=):
  • wtf/RefPtr.h: (WTF::RefPtr::~RefPtr):
  • wtf/RetainPtr.h: (WTF::RetainPtr::~RetainPtr): (WTF::RetainPtr<T>::clear):
4:09 PM Changeset in webkit [184315] by Antti Koivisto
  • 31 edits
    5 adds in trunk

Cached CSS image resources don't show up after reloading <http://nightly.webkit.org/start/>
https://bugs.webkit.org/show_bug.cgi?id=144952
Source/WebCore:

rdar://problem/13387307

Reviewed by Oliver Hunt.

This is a symptom of a general problem that we don't revalidate subresources of cached parsed stylesheets.

Fix by tightening the check we perform when choosing to used the cached sheet. If there are expired subresources
we reparse the sheet.

Test: http/tests/cache/stylesheet-sharing.html

  • css/CSSCrossfadeValue.cpp:

(WebCore::CSSCrossfadeValue::traverseSubresources):
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): Deleted.

Replace hasFailedOrCanceledSubresources with general purpose subresource traversal functions.

  • css/CSSCrossfadeValue.h:
  • css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::traverseSubresources):
(WebCore::CSSFilterImageValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSFilterImageValue.h:
  • css/CSSFontFaceSrcValue.cpp:

(WebCore::CSSFontFaceSrcValue::traverseSubresources):
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSFontFaceSrcValue.h:
  • css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSImageSetValue.h:
  • css/CSSImageValue.cpp:

(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSImageValue.h:
  • css/CSSValue.cpp:

(WebCore::CSSValue::traverseSubresources):
(WebCore::CSSValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSValue.h:
  • css/CSSValueList.cpp:

(WebCore::CSSValueList::traverseSubresources):
(WebCore::CSSValueList::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSValueList.h:
  • css/StyleProperties.cpp:

(WebCore::StyleProperties::traverseSubresources):
(WebCore::StyleProperties::hasFailedOrCanceledSubresources): Deleted.

  • css/StyleProperties.h:
  • css/StyleSheetContents.cpp:

(WebCore::traverseSubresourcesInRules):
(WebCore::StyleSheetContents::traverseSubresources):
(WebCore::StyleSheetContents::subresourcesAllowReuse):

Disallow reuse if there are expired subresources.

(WebCore::StyleSheetContents::isLoadingSubresources):

Testing support.

(WebCore::childRulesHaveFailedOrCanceledSubresources): Deleted.
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): Deleted.

  • css/StyleSheetContents.h:

(WebCore::StyleSheetContents::loadCompleted):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

  • loader/cache/CachedCSSStyleSheet.cpp:

(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):

  • loader/cache/CachedCSSStyleSheet.h:
  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::makeRevalidationDecision):
(WebCore::CachedImage::mustRevalidateDueToCacheHeaders): Deleted.

Move the logging code out from this function (it requires frame access this function doesn't otherwise need)
and refactor to return a decision enum.

  • loader/cache/CachedImage.h:
  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::makeRevalidationDecision):
(WebCore::logResourceRevalidationReason): Deleted.
(WebCore::CachedResource::mustRevalidateDueToCacheHeaders): Deleted.

  • loader/cache/CachedResource.h:

(WebCore::CachedResource::loadFailedOrCanceled):

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::logRevalidation):
(WebCore::logResourceRevalidationDecision):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

Move logging here.

  • testing/Internals.cpp:

(WebCore::Internals::isSharingStyleSheetContents):
(WebCore::Internals::isStyleSheetLoadingSubresources):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

Reviewed by Oliver Hunt.

  • http/tests/cache/resources/non-shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

  • http/tests/cache/resources/shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

  • http/tests/cache/resources/stylesheet-html.php: Added.
  • http/tests/cache/stylesheet-sharing-expected.txt: Added.
  • http/tests/cache/stylesheet-sharing.html: Added.
3:27 PM Changeset in webkit [184314] by commit-queue@webkit.org
  • 3 edits in trunk/Tools

[Content Extensions] Test interactions between multiple extensions and multiple domains.
https://bugs.webkit.org/show_bug.cgi?id=144967

Patch by Alex Christensen <achristensen@webkit.org> on 2015-05-13
Reviewed by Benjamin Poulain.

  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:

Xcode wanted to fix an alphabetization issue.

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::TEST_F):
Test interactions that worked but were not explicitly tested before.

3:23 PM Changeset in webkit [184313] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Small refactoring before ES6 Arrow function implementation.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-13
Reviewed by Filip Pizlo.

  • parser/Parser.h:
  • parser/Parser.cpp:
3:16 PM Changeset in webkit [184312] by ryuan.choi@navercorp.com
  • 6 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
https://bugs.webkit.org/show_bug.cgi?id=144935

Reviewed by Darin Adler.

The members of SurfaceUpdateInfo are only used to update tile except scaleFactor.
So, this patch removes scaleFactor from SurfaceUpdateInfo.
In addition, removes unnecessary parameters in createTile()

No new tests because there is no behavior change.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createTile):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
  • platform/graphics/texmap/coordinated/CoordinatedTile.cpp:

(WebCore::CoordinatedTile::updateBackBuffer):

  • platform/graphics/texmap/coordinated/CoordinatedTile.h:
  • platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:
3:14 PM Changeset in webkit [184311] by fpizlo@apple.com
  • 8 edits
    3 adds in trunk/Source/JavaScriptCore

The liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility of an object's bytecode liveness being longer than its DFG liveness
https://bugs.webkit.org/show_bug.cgi?id=144945

Reviewed by Michael Saboff.

We were making the mistake of using DFG liveness for object allocation sinking decisions.
This is wrong. In fact we almost never want to use DFG liveness directly. The only place
where that makes sense is pruning in DFG AI.

So, I created a CombinedLiveness class that combines the DFG liveness with bytecode
liveness.

In the process of doing this, I realized that the DFGForAllKills definition of combined
liveness at block tail was not strictly right; it was using the bytecode liveness at the
block terminal instead of the union of the bytecode live-at-heads of successor blocks. So,
I changed DFGForAllKills to work in terms of CombinedLiveness.

This allows me to unskip the test I added in r184260. I also added a new test that tries to
trigger this bug more directly.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGCombinedLiveness.cpp: Added.

(JSC::DFG::liveNodesAtHead):
(JSC::DFG::CombinedLiveness::CombinedLiveness):

  • dfg/DFGCombinedLiveness.h: Added.

(JSC::DFG::CombinedLiveness::CombinedLiveness):

  • dfg/DFGForAllKills.h:

(JSC::DFG::forAllKillsInBlock):
(JSC::DFG::forAllLiveNodesAtTail): Deleted.

  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
(JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

  • tests/stress/escape-object-in-diamond-then-exit.js: Added.
  • tests/stress/sink-object-past-invalid-check-sneaky.js:
3:07 PM Changeset in webkit [184310] by andersca@apple.com
  • 8 edits in trunk/Source/WebKit2

Don't create a per-pool data store when using the modern API
https://bugs.webkit.org/show_bug.cgi?id=144963
rdar://problem/20331756

Reviewed by Tim Horton.

  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::copy):

  • UIProcess/API/APIProcessPoolConfiguration.h:

Keep track of whether the process pool should have a data store.

  • UIProcess/API/C/WKContext.cpp:

(WKContextGetWebsiteDataStore):

  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
Update now that WebProcessPool::dataStore() no longer returns a reference.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
Only create a data store if the configuration states that we should.

  • UIProcess/WebProcessPool.h:

Change dataStore() to return a pointer instead of a reference.

3:06 PM Changeset in webkit [184309] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Modernize ContainerNode::childElementCount
https://bugs.webkit.org/show_bug.cgi?id=144930

Patch by Sam Weinig <sam@webkit.org> on 2015-05-13
Reviewed by Darin Adler.

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::childElementCount):
Use std::distance to compute the number of child elements.

  • dom/ElementChildIterator.h:

Add typedefs to make the child element iterators conform STL standards.

2:58 PM Changeset in webkit [184308] by rniwa@webkit.org
  • 5 edits
    2 adds in trunk

REGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying underline
https://bugs.webkit.org/show_bug.cgi?id=144949
Source/WebCore:

<rdar://problem/20895753>

Reviewed by Darin Adler.

The crash was caused by the variant of applyStyleToSelection that takes EditingStyle passing
a null pointer to shouldApplyStyle when we're only applying text decoration changes so that
m_mutableStyle in the editing style is null. This didn't reproduce in execCommand since we
wouldn't call shouldApplyStyle in that case. It didn't reproduce in my manual testing because
font panel also sets text shadow, which ends up filling up m_mutableStyle.

Fixed the bug by creating a mutable style properties when one is not provided by EditingStyle.
Also fixed the "FIXME" in the function by converting text decoration changes to a corresponding
text decoration value. The values passed to shouldApplyStyle now matches the old behavior prior
to r183770.

Test: editing/style/underline-by-user.html

  • editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleWithResolvedTextDecorations): Added.

  • editing/EditingStyle.h:
  • editing/Editor.cpp:

(WebCore::Editor::applyStyleToSelection): Use styleWithResolvedTextDecorations to avoid the crash.

LayoutTests:

Reviewed by Darin Adler.

Added a test that emulates underlining of text by the user. Unlike document.execCommand,
testRunner.execCommand simulates a user initiated editing command and therefore invokes
shouldApplyStyle.

  • editing/style/underline-by-user-expected.txt: Added.
  • editing/style/underline-by-user.html: Added.
2:37 PM Changeset in webkit [184307] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.5.17.2

New tag.

2:18 PM Changeset in webkit [184306] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

Work around HTMLMediaElement::documentDidResumeFromPageCache being called twice
https://bugs.webkit.org/show_bug.cgi?id=144969

Reviewed by Alexey Proskuryakov.

  • dom/Document.cpp:

(WebCore::Document::addPlaybackTargetPickerClient): Replace ASSERT with early
return to work around https://webkit.org/b/144970.

2:05 PM Changeset in webkit [184305] by rniwa@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

I skipped a wrong test in r184270. Fix that.
The failure is tracked by webkit.org/b/144947.

  • tests/stress/arith-modulo-node-behaviors.js:
  • tests/stress/arith-mul-with-constants.js:
1:51 PM Changeset in webkit [184304] by timothy_horton@apple.com
  • 7 edits in trunk/Source/WebCore

Going back after resizing causes scroll knob to appear in the middle of the page
https://bugs.webkit.org/show_bug.cgi?id=144968
<rdar://problem/18299827>

Reviewed by Beth Dakin.

  • history/CachedPage.cpp:

(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

  • history/CachedPage.h:

(WebCore::CachedPage::markForContentsSizeChanged):

  • history/PageCache.cpp:

(WebCore::PageCache::markPagesForContentsSizeChanged):

  • history/PageCache.h:

Add a flag that will cause us to call updateContentsSize() after a page
comes out of the page cache, if necessary.

  • page/FrameView.cpp:

(WebCore::FrameView::setContentsSize):

  • page/FrameView.h:

Mark all cached pages for this frame as needing updateContentsSize()
when setContentsSize happens. This will ensure that scrollbar layers
are repositioned when coming out of the page cache.

1:42 PM Changeset in webkit [184303] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

[Mac] Sandbox violation reading SubmitDiagInfo.domains
https://bugs.webkit.org/show_bug.cgi?id=144962
rdar://problem/20719330

Reviewed by Darin Adler.

  • WebProcess/com.apple.WebProcess.sb.in:
1:40 PM Changeset in webkit [184302] by bshafiei@apple.com
  • 3 edits in branches/safari-600.5.17-branch/Source/JavaScriptCore

Merged r184229. rdar://problem/18736465

1:10 PM Changeset in webkit [184301] by bshafiei@apple.com
  • 18 edits in branches/safari-601.1.32-branch

Merged r183976.

1:08 PM Changeset in webkit [184300] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183958.

12:59 PM Changeset in webkit [184299] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Speculative build fix.

  • UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:
12:56 PM Changeset in webkit [184298] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[GTK][CMake] Extra include directory when libnotify is present but disabled
https://bugs.webkit.org/show_bug.cgi?id=144941

Reviewed by Martin Robinson.

Add LIBNOTIFY_INCLUDE_DIRS to WebKit2_INCLUDE_DIRECTORIES only if USE_LIBNOTIFY is true,
rather than checking LIBNOTIFY_FOUND.

  • PlatformGTK.cmake:
12:28 PM Changeset in webkit [184297] by Beth Dakin
  • 18 edits
    1 add in trunk/Source

Need SPI to set the overlay scroll bar style
https://bugs.webkit.org/show_bug.cgi?id=144928
-and corresponding-
rdar://problem/20143614

Reviewed by Anders Carlsson.

Source/WebCore:

New ChromeClient function preferredScrollbarOverlayStyle() will fetch the
scrollbar style that was set via the new SPI.

  • page/ChromeClient.h:

If the preferredScrollbarOverlayStyle() is anything but None, then use it. None is
used to indicate that the normal heuristic should compute the appropriate color.

  • page/FrameView.cpp:

(WebCore::FrameView::recalculateScrollbarOverlayStyle):

  • page/FrameView.h:

Source/WebKit2:

Make scrollbarOverlayStyle a part of the creation parameters.

  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:

New SPI.

  • UIProcess/API/Cocoa/WKViewPrivate.h:
  • UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h: Added.
  • UIProcess/API/mac/WKView.mm:

(-[WKView _setOverlayScrollbarStyle:]):
(-[WKView _overlayScrollbarStyle]):

Store m_scrollbarOverlayStyle on WebPageProxy, and set it to the WebProcess.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setOverlayScrollbarStyle):

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::overlayScrollbarStyle):

  • WebKit2.xcodeproj/project.pbxproj:

Return WebPage’s scrollbarOverlayStyle().

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::preferredScrollbarOverlayStyle):

  • WebProcess/WebCoreSupport/WebChromeClient.h:

Cache the scrollbarOverlayStyle() here for the WebProcess.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setScrollbarOverlayStyle):

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::scrollbarOverlayStyle):

  • WebProcess/WebPage/WebPage.messages.in:
12:26 PM Changeset in webkit [184296] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

Scrollbars in overflow regions are not vanishing after scrolling with scroll snap points
https://bugs.webkit.org/show_bug.cgi?id=142521
<rdar://problem/20100706>

Reviewed by Darin Adler.

The scrollbars were not being dismissed because they were not being notified that the wheel
gesture was finished. This was happening because the wheel event 'ended' state has zero
deltaX and deltaY. If the region did not allow stretching, it would exit early, never passing
through the 'handleWheelEventPhase' code that would notify the scrollbar controller that
the gesture had ended.

  • platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::mouseExitedContentArea): The wrong ScrollAnimator method was being
called when the mouse exited the content area.

  • platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::handleWheelEvent): Do not early return when the wheel event has
no change in X or Y coordinate.

12:24 PM Changeset in webkit [184295] by andersca@apple.com
  • 5 edits in trunk/Source/WebKit2

Rename some StorageManager functions to indicate that they work on local storage entries
https://bugs.webkit.org/show_bug.cgi?id=144958
First part of rdar://problem/10690447.

Reviewed by Beth Dakin.

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageDetailsByOrigin):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteAllLocalStorageEntries):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrigins): Deleted.
(WebKit::StorageManager::getStorageDetailsByOrigin): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigin): Deleted.
(WebKit::StorageManager::deleteAllEntries): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigins): Deleted.

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

12:20 PM Changeset in webkit [184294] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Crash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening new page
https://bugs.webkit.org/show_bug.cgi?id=144957

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Simon Fraser.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::attachAvailabilityChanged):

11:56 AM Changeset in webkit [184293] by hyatt@apple.com
  • 2 edits in trunk/Source/WebCore

Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

11:51 AM Changeset in webkit [184292] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

Avoid always running some debug code in type profiling
https://bugs.webkit.org/show_bug.cgi?id=144775

Reviewed by Daniel Bates.

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

11:51 AM Changeset in webkit [184291] by Joseph Pecoraro
  • 36 edits in trunk/Source

Pass String as reference in more places
https://bugs.webkit.org/show_bug.cgi?id=144769

Reviewed by Daniel Bates.

Source/JavaScriptCore:

  • debugger/Breakpoint.h:

(JSC::Breakpoint::Breakpoint):

  • parser/Parser.h:

(JSC::Parser::setErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):

  • parser/ParserError.h:

(JSC::ParserError::ParserError):

  • runtime/RegExp.cpp:

(JSC::RegExpFunctionalTestCollector::outputOneTest):

  • runtime/RegExpObject.cpp:

(JSC::regExpObjectSourceInternal):

  • runtime/TypeProfiler.cpp:

(JSC::TypeProfiler::typeInformationForExpressionAtOffset):

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

  • runtime/TypeProfilerLog.h:
  • tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):

  • inspector/scripts/codegen/generate_objc_conversion_helpers.py:

(ObjCConversionHelpersGenerator._generate_enum_from_protocol_string):

  • inspector/scripts/codegen/objc_generator_templates.py:
  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
  • inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
  • inspector/scripts/tests/expected/enum-values.json-result:
  • inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
  • inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
  • inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-array-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

Rebaseline tests after updating the generator.

Source/WebCore:

  • bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::dumpString):
(WebCore::CloneSerializer::dumpStringObject):

  • dom/DocumentMarkerController.cpp:

(WebCore::DocumentMarkerController::addMarker):

  • dom/DocumentMarkerController.h:
  • inspector/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::assertFrameWithDocumentLoader):

  • inspector/InspectorApplicationCacheAgent.h:
  • inspector/InspectorNodeFinder.cpp:

(WebCore::stripCharacters):
(WebCore::InspectorNodeFinder::InspectorNodeFinder):

  • inspector/InspectorNodeFinder.h:

Source/WebKit2:

  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showMainResourceForFrame):

  • WebProcess/WebPage/WebInspectorUI.h:
11:11 AM Changeset in webkit [184290] by timothy_horton@apple.com
  • 11 edits in trunk/Source

View scale changes are temporarily lost after restoring a page from the page cache
https://bugs.webkit.org/show_bug.cgi?id=144934

Reviewed by Brady Eidson.

  • history/CachedPage.cpp:

(WebCore::CachedPage::CachedPage):
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

  • history/CachedPage.h:

(WebCore::CachedPage::markForDeviceOrPageScaleChanged): Renamed.

  • history/PageCache.cpp:

(WebCore::PageCache::markPagesForDeviceOrPageScaleChanged): Renamed.

  • history/PageCache.h:

Rename PageCache/CachedPage methods to make it more clear that they
will eventually result in calling deviceOrPageScaleFactorChanged().
Also, use modern initialization for CachedPage members.

  • loader/HistoryController.cpp:

(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
(WebCore::HistoryController::restoreScrollPositionAndViewState):
Store the pageScaleFactor on HistoryItem with the view scale factored out,
because the view scale can change while the page is in the page cache, and
WebCore needs a way - without consulting with WebKit2 - to apply the changed
view scale to the cached page scale.

  • page/Page.cpp:

(WebCore::Page::setViewScaleFactor):
(WebCore::Page::setDeviceScaleFactor):

  • page/Page.h:

(WebCore::Page::viewScaleFactor):
Keep track of the viewScaleFactor, and mark all pages in the page cache
as needing to call deviceOrPageScaleFactorChanged and do a full style recalc
when they come back from the page cache.

For now, we expect all callers of setPageScaleFactor (including WebKit2 and
HistoryController) to multiply the viewScale in manually, to avoid the
significant amount of change in WebCore that would be required to keep them
totally separately.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scalePage):
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
(WebKit::WebPage::viewScaleFactor):
(WebKit::WebPage::scaleView):

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewScaleFactor): Deleted.
Get rid of m_viewScaleFactor, instead using Page::viewScaleFactor.

10:58 AM Changeset in webkit [184289] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

com.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUnconditionally
https://bugs.webkit.org/show_bug.cgi?id=144933

Changed the RELEASE_ASSERT_NOT_REACHED into an ASSERT. Added some diagnostic messages to
help determine the cause for any crash.

Reviewed by Geoffrey Garen.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finalizeUnconditionally):

10:39 AM Changeset in webkit [184288] by fpizlo@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

REGRESSION(r184260): arguments elimination has stopped working because of Check(UntypedUse:) from SSAConversionPhase
https://bugs.webkit.org/show_bug.cgi?id=144951

Reviewed by Michael Saboff.

There were two issues here:

  • In r184260 we expected a small number of possible use kinds in Check nodes, and UntypedUse was not one of them. That seemed like a sensible assumption because we don't create Check nodes unless it's to have a check. But, SSAConversionPhase was creating a Check that could have UntypedUse. I fixed this. It's cleaner for SSAConversionPhase to follow the same idiom as everyone else and not create tautological checks.


  • It's clearly not very robust to assume that Checks will not be used tautologically. So, this changes how we validate Checks in the escape analyses. We now use willHaveCheck, which catches cases that AI would have already marked as unnecessary. It then also uses a new helper called alreadyChecked(), which allows us to just ask if the check is unnecessary for objects. That's a good fall-back in case AI hadn't run yet.
  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGMayExit.cpp:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

  • dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

  • dfg/DFGUseKind.h:

(JSC::DFG::alreadyChecked):

  • dfg/DFGVarargsForwardingPhase.cpp:
9:48 AM Changeset in webkit [184287] by Yusuke Suzuki
  • 8 edits
    2 adds in trunk

[ES6] Implement String.raw
https://bugs.webkit.org/show_bug.cgi?id=144330

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Implement String.raw. It is intended to be used with tagged-templates syntax.
To implement ToString abstract operation efficiently,
we introduce @toString bytecode intrinsic. It emits op_to_string directly.

  • CMakeLists.txt:
  • builtins/StringConstructor.js: Added.

(raw):

  • bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):

  • runtime/CommonIdentifiers.h:
  • runtime/StringConstructor.cpp:
  • tests/stress/string-raw.js: Added.

(shouldBe):
(.get shouldBe):
(Counter):

LayoutTests:

Add String.raw.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
2:32 AM Changeset in webkit [184286] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32-branch/Tools

Merged r184018.

2:31 AM Changeset in webkit [184285] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Minor cleanups to PluginProxy.cpp.
https://bugs.webkit.org/show_bug.cgi?id=144948

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

  1. Remove unnecessary #include.
  2. Remove unnecessary return statement from PluginProxy::paint().

No new tests, no behavior change.

  • WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::paint):

2:23 AM Changeset in webkit [184284] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183980. rdar://problem/20769741

2:13 AM Changeset in webkit [184283] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=144906

Patch by Daegyu Lee <daegyu.lee@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

  • UIProcess/CoordinatedGraphics/PageViewportController.cpp:

(WebKit::PageViewportController::updateMinimumScaleToFit): Recover the r176631 condition to
call applyScaleAfterRenderingContents function to apply correct scale.

1:26 AM Changeset in webkit [184282] by bshafiei@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184028. rdar://problem/20210267

12:21 AM Changeset in webkit [184281] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Tools

Merged r183915.

12:10 AM Changeset in webkit [184280] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184241. rdar://problem/20172315

12:09 AM Changeset in webkit [184279] by bshafiei@apple.com
  • 8 edits in branches/safari-601.1.32-branch/Source

Merged r184231. rdar://problem/20923031

12:04 AM Changeset in webkit [184278] by bshafiei@apple.com
  • 12 edits
    3 copies in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184215. rdar://problem/19708579

12:02 AM Changeset in webkit [184277] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184125. rdar://problem/19708579

12:01 AM Changeset in webkit [184276] by bshafiei@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184061. rdar://problem/20856497

May 12, 2015:

11:48 PM Changeset in webkit [184275] by bshafiei@apple.com
  • 4 edits
    1 copy in branches/safari-601.1.32-branch

Merged r183933. rdar://problem/20681226

11:47 PM Changeset in webkit [184274] by zandobersek@gmail.com
  • 4 edits in trunk/Source/WebCore

Reduce TransformationMatrix copies in MatrixTransformOperation, Matrix3DTransformOperation
https://bugs.webkit.org/show_bug.cgi?id=144797

Reviewed by Darin Adler.

Using std::swap() on TransformationMatrix objects which don't
provide move constructors will result in copies.

Instead, use a helper function in both MatrixTransformOperation
and Matrix3DTransformOperation that calls TransformationMatrix::blend()
and returns the new Matrix(3D)TransformOperation object, and call it
with fromT and toT arguments switched when blending to identity.

  • platform/graphics/transforms/Matrix3DTransformOperation.cpp:

(WebCore::createOperation):
(WebCore::Matrix3DTransformOperation::blend):

  • platform/graphics/transforms/Matrix3DTransformOperation.h: No need

to copy the m_matrix member, it won't change when passed to
TransformationMatrix::multiply().

  • platform/graphics/transforms/MatrixTransformOperation.cpp:

(WebCore::createOperation):
(WebCore::MatrixTransformOperation::blend):

11:18 PM Changeset in webkit [184273] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebCore

[EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

The pixmap is created and passed to eglCreatePixmapSurface(), but
never released. eglCreatePixmapSurface() doesn't take the
ownership of the pixmap, so we should explicitly free it when the
GLContextEGL is destroyed.

  • platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createPixmapContext): Use XUniquePixmap
and transfer the ownership to the context by using the new
constructor that receives a XUniquePixmap&&.
(WebCore::GLContextEGL::createContext): createPixmapContext() is
now only defined for X11.
(WebCore::GLContextEGL::GLContextEGL): New constructor that
receives a XUniquePixmap&&.

  • platform/graphics/egl/GLContextEGL.h: Add new constructor and

initialize the cairo device when defined to simplify constructors.

10:47 PM Changeset in webkit [184272] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit/mac

Merged r183968. rdar://problem/20281886

10:44 PM Changeset in webkit [184271] by rniwa@webkit.org
  • 2 edits in trunk/Tools

Unreviewed build fix.

Added the missing metric name and wrapped values in an array as done in SunSpider.patch.

  • Scripts/webkitpy/benchmark_runner/data/patches/Kraken.patch:
10:39 PM Changeset in webkit [184270] by rniwa@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Temporarily disable the test on Windows. The failure is tracked in webkit.org/b/144897.

  • tests/stress/arith-mul-with-constants.js:
10:34 PM Changeset in webkit [184269] by dburkart@apple.com
  • 12 edits in branches/safari-601.1.32-branch

Fix horked ChangeLogs

10:33 PM Changeset in webkit [184268] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184226. rdar://problem/20707307

10:33 PM Changeset in webkit [184267] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184207. rdar://problem/20707307

10:33 PM Changeset in webkit [184266] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184140. rdar://problem/20907253

10:33 PM Changeset in webkit [184265] by dburkart@apple.com
  • 21 edits in branches/safari-601.1.32-branch/Source

Merge r184139. rdar://problem/20125088

10:33 PM Changeset in webkit [184264] by dburkart@apple.com
  • 54 edits in branches/safari-601.1.32-branch

Merge r184137. rdar://problem/20707307

10:33 PM Changeset in webkit [184263] by dburkart@apple.com
  • 7 edits in branches/safari-601.1.32-branch/Source/WebInspectorUI

Merge r184130. rdar://problem/20829494

10:31 PM Changeset in webkit [184262] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Reindent DIBPixelData.h for consistency.
https://bugs.webkit.org/show_bug.cgi?id=144942

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-12
Reviewed by Darin Adler.

No new tests, no behavior change.

  • platform/graphics/win/DIBPixelData.h:

(WebCore::DIBPixelData::DIBPixelData):
(WebCore::DIBPixelData::buffer):
(WebCore::DIBPixelData::bufferLength):
(WebCore::DIBPixelData::size):
(WebCore::DIBPixelData::bytesPerRow):
(WebCore::DIBPixelData::bitsPerPixel):

10:25 PM Changeset in webkit [184261] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/text/simple-line-layout-text-stroke-width.html fails on Windows

  • platform/win/TestExpectations: Mark it as such. The tets likely needs to be

improved to work cross-platform.

10:21 PM Changeset in webkit [184260] by fpizlo@apple.com
  • 11 edits
    13 adds in trunk

js/dom/stack-trace.html fails with eager compilation
https://bugs.webkit.org/show_bug.cgi?id=144853

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

All of our escape analyses were mishandling Check(). They were assuming that this is a
non-escaping operation. But, if we do for example a Check(Int32:@x) and @x is an escape
candidate, then we need to do something: if we eliminate or sink @x, then the check no
longer makes any sense since a phantom allocation has no type. This will make us forget
that this operation would have exited. This was causing us to not call a valueOf method in
js/dom/stack-trace.html with eager compilation enabled, because it was doing something like
+o where o had a valueOf method, and o was otherwise sinkable.

This changes our escape analyses to basically pretend that any Check() that isn't obviously
unnecessary is an escape. We don't have to be super careful here. Most checks will be
completely eliminated by constant-folding. If that doesn't run in time, then the most
common check we will see is CellUse. So, we just recognize some very obvious check kinds
that we know would have passed, and for all of the rest we just assume that it's an escape.

This was super tricky to test. The obvious way to test it is to use +o like
stack-trace.html, except that doing so relies on the fact that we still haven't implemented
the optimal behavior for op_to_number. So, I take four approaches in testing this patch:

1) Use +o. These will test what we want it to test for now, but at some point in the future

these tests will just be a good sanity-check that our op_to_number implementation is
right.


2) Do fancy control flow tricks to fool the profiling into thinking that some arithmetic

operation always sees integers even though we eventually feed it an object and that
object is a sink candidate.


3) Introduce a new jsc.cpp intrinsic called isInt32() which returns true if the incoming

value is an int32. This intrinsic is required to be implemented by DFG by
unconditionally speculating that the input is int32. This allows us to write much more
targetted tests of the underlying issue.


4) I made a version of stack-trace.html that runs in run-jsc-stress-tests, so that we can

get regression test coverage of this test in eager mode.

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsic):

  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

  • dfg/DFGVarargsForwardingPhase.cpp:
  • ftl/FTLExitValue.cpp:

(JSC::FTL::ExitValue::dumpInContext):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::buildExitArguments):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileFTLOSRExit):

  • jsc.cpp:

(GlobalObject::finishCreation):
(functionIsInt32):

  • runtime/Intrinsic.h:
  • tests/stress/sink-arguments-past-invalid-check-dfg.js: Added.
  • tests/stress/sink-arguments-past-invalid-check-int32-dfg.js: Added.
  • tests/stress/sink-arguments-past-invalid-check-int32.js: Added.
  • tests/stress/sink-arguments-past-invalid-check-sneakier.js: Added.
  • tests/stress/sink-arguments-past-invalid-check.js: Added.
  • tests/stress/sink-function-past-invalid-check-sneakier.js: Added.
  • tests/stress/sink-function-past-invalid-check-sneaky.js: Added.
  • tests/stress/sink-object-past-invalid-check-int32.js: Added.
  • tests/stress/sink-object-past-invalid-check-sneakier.js: Added.
  • tests/stress/sink-object-past-invalid-check-sneaky.js: Added.
  • tests/stress/sink-object-past-invalid-check.js: Added.

LayoutTests:

Make a copy of the stack-trace test that only runs in run-jsc-stress-tests. Sadly, we don't
have a good way of having different expectation files for when a test runs in RJST versus
RWT. So, the approach I take is that I make a copy of the test just for RJST and I exclude
the .html file, which makes RWT overlook it. The test has different expectations in the
two harnesses because it does some small DOM things.

  • js/script-tests/stack-trace.js: Added.
  • js/stack-trace-expected.txt: Added.
10:18 PM Changeset in webkit [184259] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r184224.
https://bugs.webkit.org/show_bug.cgi?id=144946

Made inspector/page/main-frame-resource.html assert every time
(Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: REGRESSION (r181625): Timeline recording
started from console.profile is always empty"
https://bugs.webkit.org/show_bug.cgi?id=144882
http://trac.webkit.org/changeset/184224

9:38 PM Changeset in webkit [184258] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

In Safari, Debug > Get Bytecode Profile crashes the Web Content process
https://bugs.webkit.org/show_bug.cgi?id=144944

Reviewed by Darin Adler.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::getBytecodeProfile): Don’t assert that m_perBytecodeProfiler isn’t null,
because it is when the profiler is disabled, which is the default. In that case, return
after sending back the empty string, rather than continuing to dereference a null pointer.

9:25 PM Changeset in webkit [184257] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184121. rdar://problem/20774613

9:25 PM Changeset in webkit [184256] by dburkart@apple.com
  • 27 edits
    3 adds in branches/safari-601.1.32-branch

Merge r184116. rdar://problem/20774613

9:25 PM Changeset in webkit [184255] by dburkart@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebInspectorUI

Merge r184108. rdar://problem/20903134

9:25 PM Changeset in webkit [184254] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184104. rdar://problem/20727702

9:17 PM Changeset in webkit [184253] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184026. rdar://problem/20757196

9:17 PM Changeset in webkit [184252] by dburkart@apple.com
  • 3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184005. rdar://problem/20486538

9:17 PM Changeset in webkit [184251] by dburkart@apple.com
  • 4 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184001. rdar://problem/20862460

9:17 PM Changeset in webkit [184250] by dburkart@apple.com
  • 3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183971. rdar://problem/20065572

9:10 PM Changeset in webkit [184249] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

[Mac] Hang in MediaPlayerPrivateAVFoundationObjC::audioSourceProvider() - 'tracks' property not yet loaded
https://bugs.webkit.org/show_bug.cgi?id=144937

Reviewed by Eric Carlson.

Querying for the -[AVAsset tracks] property blocks for network loading; and could
block forever if the asset in question is not reachable. Add a "safe" mechanism for
querying the list of audible tracks, and use that when providing the audioSourceProvider()
with an audible track.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
(WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
(WebCore::MediaPlayerPrivateAVFoundationObjC::audioSourceProvider):
(WebCore::MediaPlayerPrivateAVFoundationObjC::processLegacyClosedCaptionsTracks):
(WebCore::MediaPlayerPrivateAVFoundationObjC::safeAVAssetTracksForAudibleMedia):

9:08 PM Changeset in webkit [184248] by dburkart@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183970. rdar://problem/20769741

9:08 PM Changeset in webkit [184247] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183965. rdar://problem/20866590

9:08 PM Changeset in webkit [184246] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit/mac

Merge r183957. rdar://problem/20811128

9:02 PM Changeset in webkit [184245] by msaboff@apple.com
  • 2 edits in trunk/Source/WTF

If JSC cannot get executable memory, it shouldn't call madvise
https://bugs.webkit.org/show_bug.cgi?id=144931

Reviewed by Mark Lam.

Made calling madvise conditional on really getting mmapped memory.

  • wtf/OSAllocatorPosix.cpp:

(WTF::OSAllocator::reserveUncommitted):

8:58 PM Changeset in webkit [184244] by dburkart@apple.com
  • 15 edits in branches/safari-601.1.32-branch

Merge r183954. rdar://problem/20281886

8:58 PM Changeset in webkit [184243] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183953. rdar://problem/19997548

8:58 PM Changeset in webkit [184242] by dburkart@apple.com
  • 7 edits
    2 adds in branches/safari-601.1.32-branch

Merge r183943. rdar://problem/19913748

8:51 PM Changeset in webkit [184241] by jhoneycutt@apple.com
  • 2 edits in trunk/Source/WebKit2

Crash when using <input type=file>

<https://bugs.webkit.org/show_bug.cgi?id=144939>
<rdar://problem/20172315>

Reviewed by Andy Estes.

  • UIProcess/ios/forms/WKFileUploadPanel.mm:

Use a RefPtr to hold the WebOpenPanelResultListenerProxy, because the
WKFileUploadPanel can outlive it.

8:45 PM Changeset in webkit [184240] by rniwa@webkit.org
  • 3 edits in branches/safari-600.7-branch/LayoutTests

Added prefixes in the test added in r182985 (merged in r183180) since we don't support unprefixed versions in this branch.

  • compositing/animation/animation-backing.html:
  • platform/mac-wk2/TestExpectations: Removed merge conflict lines.
8:42 PM Changeset in webkit [184239] by jdiggs@igalia.com
  • 1 edit
    1 add in trunk/LayoutTests

AX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
https://bugs.webkit.org/show_bug.cgi?id=144936

Unreviewed gardening.

Adding the platform-specific expectations for Windows now that the
accessibility tree is being correctly generated for this test.

  • platform/win/accessibility/aria-menubar-menuitems-expected.txt: Added.
8:22 PM Changeset in webkit [184238] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r183937. rdar://problem/20458697

8:22 PM Changeset in webkit [184237] by dburkart@apple.com
  • 3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183927. rdar://problem/20854785

8:15 PM Changeset in webkit [184236] by dburkart@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r183911. rdar://problem/20702435

8:15 PM Changeset in webkit [184235] by dburkart@apple.com
  • 15 edits in branches/safari-601.1.32-branch/Source

Merge r183909. rdar://problem/18894598

8:08 PM Changeset in webkit [184234] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Mac build fix after r184228.

  • bindings/scripts/CodeGeneratorJS.pm:
8:02 PM Changeset in webkit [184233] by dburkart@apple.com
  • 4 edits in branches/safari-601.1.32-branch

Merge r183942. rdar://problem/20049088

8:02 PM Changeset in webkit [184232] by dburkart@apple.com
  • 5 edits
    2 adds in branches/safari-601.1.32-branch

Merge r183894. rdar://problem/20049088

7:01 PM Changeset in webkit [184231] by Simon Fraser
  • 8 edits in trunk/Source

Turn antialiased font dilation off by default
https://bugs.webkit.org/show_bug.cgi?id=144940
rdar://problem/20923031

Reviewed by Sam Weinig.
Source/WebCore:

Turn antialised font dilation off by default.

  • page/Settings.cpp:

(WebCore::Settings::Settings):

  • platform/graphics/FontCascade.cpp:

Source/WebKit/mac:

Turn antialised font dilation off by default.

  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Source/WebKit2:

Turn antialised font dilation off by default.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferencesRefPrivate.h:
6:52 PM Changeset in webkit [184230] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Fix the iteration count of arith-modulo-node-behaviors.js

  • tests/stress/arith-modulo-node-behaviors.js:

No need for big numbers for the real testing.

6:47 PM Changeset in webkit [184229] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Windows: Cannot use HANDLE from GetCurrentThread() to get the CONTEXT of another thread.
https://bugs.webkit.org/show_bug.cgi?id=144924

Reviewed by Alex Christensen.

The present stack scanning code in the Windows port is expecting that the
GetCurrentThread() API will provide a unique HANDLE for each thread. The code
then saves and later uses that HANDLE with GetThreadContext() to get the
runtime state of the target thread from the GC thread. According to
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683182(v=vs.85).aspx,
GetCurrentThread() does not provide this unique HANDLE that we expect:

"The function cannot be used by one thread to create a handle that can
be used by other threads to refer to the first thread. The handle is
always interpreted as referring to the thread that is using it. A
thread can create a "real" handle to itself that can be used by other
threads, or inherited by other processes, by specifying the pseudo
handle as the source handle in a call to the DuplicateHandle function."

As a result of this, GetCurrentThread() always returns the same HANDLE value, and
we end up never scanning the stacks of other threads because we wrongly think that
they are all equal (in identity) to the scanning thread. This, in turn, results
in crashes due to objects that are incorrectly collected.

The fix is to call DuplicateHandle() to create a HANDLE that we can use. The
MachineThreads::Thread class already accurately tracks the period of time when
we need that HANDLE for the VM. Hence, the life-cycle of the HANDLE can be tied
to the life-cycle of the MachineThreads::Thread object for the corresponding thread.

  • heap/MachineStackMarker.cpp:

(JSC::getCurrentPlatformThread):
(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::Thread::~Thread):
(JSC::MachineThreads::Thread::suspend):
(JSC::MachineThreads::Thread::resume):
(JSC::MachineThreads::Thread::getRegisters):

6:47 PM Changeset in webkit [184228] by achristensen@apple.com
  • 18 edits in trunk/Source/WebCore

Don't export all JS bindings classes.
https://bugs.webkit.org/show_bug.cgi?id=144932

Reviewed by Dan Bernstein.

This change is good if it compiles and links successfully.

  • bindings/scripts/CodeGeneratorJS.pm:

(ExportLabelForClass):
Add a list of the JS bindings classes that need WEBCORE_EXPORT to prevent exporting too many symbols from WebCore.

  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
  • bindings/scripts/test/JS/JSTestEventConstructor.h:
  • bindings/scripts/test/JS/JSTestEventTarget.h:
  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
  • bindings/scripts/test/JS/JSTestNamedConstructor.h:
  • bindings/scripts/test/JS/JSTestNode.h:
  • bindings/scripts/test/JS/JSTestNondeterministic.h:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
  • bindings/scripts/test/JS/JSTestTypedefs.h:
  • bindings/scripts/test/JS/JSattribute.h:
  • bindings/scripts/test/JS/JSreadonly.h:

Update bindings tests to remove WEBCORE_EXPORT from most of the tests,
but keep one test with WEBCORE_EXPORT and one test with WEBCORE_TESTSUPPORT_EXPORT.

6:43 PM Changeset in webkit [184227] by jdiggs@igalia.com
  • 2 edits in trunk/LayoutTests

AX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
https://bugs.webkit.org/show_bug.cgi?id=144936

Reviewed by Chris Fleizach.

Use focusedElement + childAtIndex rather than accessibleElementById
as the latter seems to be failing, and the former worked on Windows
to get the menubar in the original version of this test.

  • accessibility/aria-menubar-menuitems.html: Modified.
5:57 PM Changeset in webkit [184226] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Update DXSDK_DIR settings for build system.

Unreviewed build fix.

  • WebCore.vcxproj/WebCore.proj: Add DXSDK_DIR definition for builder.
5:30 PM Changeset in webkit [184225] by Gyuyoung Kim
  • 25 edits in trunk/Source/WebCore

Return Ref instead of PassRefPtr in create() factory functions of WebCore/dom
https://bugs.webkit.org/show_bug.cgi?id=144904

Reviewed by Andreas Kling.

We return Ref when we're sure if pointer can't be null. If not, we use RefPtr instead PassRefPtr.

No new tests, no behavior changes.

  • dom/AutocompleteErrorEvent.h:
  • dom/DOMNamedFlowCollection.h:

(WebCore::DOMNamedFlowCollection::create):

  • dom/MessageChannel.h:

(WebCore::MessageChannel::create):

  • dom/MessagePort.h:
  • dom/MutationObserver.cpp:

(WebCore::MutationObserver::create):

  • dom/MutationObserver.h:
  • dom/NamedFlowCollection.h:
  • dom/NodeFilter.h:

(WebCore::NodeFilter::create):

  • dom/NodeIterator.h:

(WebCore::NodeIterator::create):

  • dom/ProcessingInstruction.cpp:

(WebCore::ProcessingInstruction::create):

  • dom/ProcessingInstruction.h:
  • dom/ScriptedAnimationController.h:

(WebCore::ScriptedAnimationController::create):

  • dom/SecurityPolicyViolationEvent.h:
  • dom/StaticNodeList.h:
  • dom/TemplateContentDocumentFragment.h:
  • dom/Touch.cpp:

(WebCore::Touch::cloneWithNewTarget):

  • dom/Touch.h:

(WebCore::Touch::create):

  • dom/TouchEvent.h:
  • dom/TouchList.h:

(WebCore::TouchList::create):

  • dom/TreeWalker.h:

(WebCore::TreeWalker::create):

  • dom/WebKitNamedFlow.cpp:

(WebCore::WebKitNamedFlow::create):

  • dom/WebKitNamedFlow.h:
  • dom/default/PlatformMessagePortChannel.cpp:

(WebCore::PlatformMessagePortChannel::create):

  • dom/default/PlatformMessagePortChannel.h:

(WebCore::PlatformMessagePortChannel::MessagePortQueue::create):

4:13 PM Changeset in webkit [184224] by Matt Baker
  • 2 edits in trunk/Source/WebCore

Web Inspector: REGRESSION (r181625): Timeline recording started from console.profile is always empty
https://bugs.webkit.org/show_bug.cgi?id=144882

Reviewed by Brian Burg.

A timeline recording will always be stopped before the end of the current run loop is observed. Before
dispatching the recording stopped event, the last run loop record must be completed and sent to the frontend
to prevent it from being discarded.

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStop):

3:06 PM Changeset in webkit [184223] by dbates@webkit.org
  • 7 edits in trunk/Source/WebKit2

Make {Network, Web}ProcessProxy inherit from ProcessThrottleClient privately
https://bugs.webkit.org/show_bug.cgi?id=144886

Reviewed by Darin Adler.

{Network, Web}ProcessProxy are implemented in terms of ProcessThrottleClient, an
interface that defines the callbacks that ProcessThrottler makes to a client. We
do not want to allow arbitrary callers to make use of the interface ProcessThrottleClient.
So, we should use private inheritance to represent the relationship between
{Network, Web}ProcessProxy and ProcessThrottleClient instead of public inheritance.

Additionally make ProcessThrottler a instance variable of {Network, Web}ProcessProxy instead
of holding a smart pointer to a ProcessThrottler instance because we always want to
have a ProcessThrottler for each instance of {Network, Web}ProcessProxy.

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::NetworkProcessProxy): Update code to work now that m_throttler
is an instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.
(WebKit::NetworkProcessProxy::didFinishLaunching): Update code to access functions of
m_throttler by reference instead of by pointer.
(WebKit::NetworkProcessProxy::didCancelProcessSuspension): Ditto.
(WebKit::NetworkProcessProxy::processReadyToSuspend): Ditto.
(WebKit::NetworkProcessProxy::setIsHoldingLockedFiles): Ditto.

  • UIProcess/Network/NetworkProcessProxy.h: Inherit from ProcessThrottleClient privately.

(WebKit::NetworkProcessProxy::throttler): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.

  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler): Update code to work now that m_process is
a lvalue reference instead of a pointer.
(WebKit::ProcessThrottler::updateAssertion): Ditto.
(WebKit::ProcessThrottler::assertionWillExpireImminently): Ditto.

  • UIProcess/ProcessThrottler.h: Ditto.
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::WebProcessProxy): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.
(WebKit::WebProcessProxy::didFinishLaunching): Update code to access functions of
m_throttler by reference instead of by pointer.
(WebKit::WebProcessProxy::processReadyToSuspend): Ditto.
(WebKit::WebProcessProxy::didCancelProcessSuspension): Ditto.
(WebKit::WebProcessProxy::setIsHoldingLockedFiles): Ditto.

  • UIProcess/WebProcessProxy.h: Inherit from ProcessThrottleClient privately.

(WebKit::WebProcessProxy::throttler): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.

2:50 PM Changeset in webkit [184222] by rniwa@webkit.org
  • 2 edits in trunk/Tools

Fix the previous commit, which made both bubbles green.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/StatusLineView.css:

(.status-line.good .bubble):
(.status-line.bad .bubble):
(.status-line.good .message):

2:30 PM Changeset in webkit [184221] by rniwa@webkit.org
  • 2 edits in trunk/Tools

People with Deuteranopia can't tell red and green apart on bot watcher's dashboard
https://bugs.webkit.org/show_bug.cgi?id=144929

Reviewed by Eric Carlson.

Tweaked colors as I see fit.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/StatusLineView.css:

(.status-line.good .bubble):
(.status-line.bad .bubble):

2:28 PM Changeset in webkit [184220] by benjamin@webkit.org
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Make the NegZero backward propagated flags of ArithMod stricter
https://bugs.webkit.org/show_bug.cgi?id=144897

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-12
Reviewed by Geoffrey Garen.

The NegZero flags of ArithMod were the same as ArithDiv: both children were
marked as needing to handle NegativeZero.

Lucky for us, ArithMod is quite a bit different than ArithDiv.

First, the sign of the result is completely independent from
the sign of the divisor. A zero on the divisor always produces a NaN.
That's great, we can remove the NodeBytecodeNeedsNegZero
from the flags propagated to child2.

Second, the sign of the result is always the same as the sign of
the dividend. A dividend of zero produces a zero of same sign
unless the divisor is zero (in which case the result is NaN).
This is great too: we can just pass the flags we got into
ArithMod.

With those two out of the way, we can make a faster version of ArithRound
for Kraken's oscillator. Since we no longer care about negative zero,
rounding becomes cast<int32>(value + 0.5). This gives ~3% faster runtime
on the benchmark.

Unfortunatelly, most of the time is spent in FTL and the same optimization
does not apply well just yet: rdar://problem/20904149.

  • dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::BackwardsPropagationPhase::propagate):
Never add NodeBytecodeNeedsNegZero unless needed by the users of this node.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRound):
Faster Math.round() when negative zero is not important.

  • tests/stress/arith-modulo-node-behaviors.js: Added.

(moduloWithNegativeZeroDividend):
(moduloWithUnusedNegativeZeroDividend):
(moduloWithNegativeZeroDivisor):

2:24 PM Changeset in webkit [184219] by Alan Bujtas
  • 3 edits
    2 adds in trunk

REGRESSION(r175617): Some text doesn't render on internationalculinarycenter.com
https://bugs.webkit.org/show_bug.cgi?id=144917
rdar://problem/20545878

Reviewed by Andreas Kling.

This patch ensures that text stroke width value is taken into account while
calculating visual overflow for simple line layout.
Ceiling the text stroke width value matches the normal text layout behaviour.

Source/WebCore:

Test: fast/text/simple-line-layout-text-stroke-width.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

  • fast/text/simple-line-layout-text-stroke-width-expected.txt: Added.
  • fast/text/simple-line-layout-text-stroke-width.html: Added.
2:20 PM Changeset in webkit [184218] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Refactor MachineStackMarker.cpp so that it's easier to reason about MachineThreads::Thread.
https://bugs.webkit.org/show_bug.cgi?id=144925

Reviewed by Michael Saboff.

Currently, the code in MachineStackMarker.cpp is written as a bunch of functions that
operate on the platformThread value in the MachineThreads::Thread struct. Instead, we
can apply better OO encapsulation and convert all these functions into methods of the
MachineThreads::Thread struct.

This will also make it easier to reason about the fix for
https://bugs.webkit.org/show_bug.cgi?id=144924 later.

  • heap/MachineStackMarker.cpp:

(JSC::getCurrentPlatformThread):
(JSC::MachineThreads::Thread::createForCurrentThread):
(JSC::MachineThreads::Thread::operator!=):
(JSC::MachineThreads::Thread::operator==):
(JSC::MachineThreads::addCurrentThread):
(JSC::MachineThreads::removeThreadIfFound):
(JSC::MachineThreads::Thread::suspend):
(JSC::MachineThreads::Thread::resume):
(JSC::MachineThreads::Thread::getRegisters):
(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::freeRegisters):
(JSC::MachineThreads::Thread::captureStack):
(JSC::MachineThreads::tryCopyOtherThreadStack):
(JSC::MachineThreads::tryCopyOtherThreadStacks):
(JSC::equalThread): Deleted.
(JSC::suspendThread): Deleted.
(JSC::resumeThread): Deleted.
(JSC::getPlatformThreadRegisters): Deleted.
(JSC::otherThreadStackPointer): Deleted.
(JSC::freePlatformThreadRegisters): Deleted.
(JSC::otherThreadStack): Deleted.

2:04 PM Changeset in webkit [184217] by rniwa@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

Array.slice should have a fast path like Array.splice
https://bugs.webkit.org/show_bug.cgi?id=144901

Reviewed by Geoffrey Garen.

Add a fast memcpy path to Array.prototype.slice as done for Array.prototype.splice.
In Kraken, this appears to be 30% win on stanford-crypto-ccm and 10% win on stanford-crypto-pbkdf2.

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSlice):

  • runtime/JSArray.cpp:

(JSC::JSArray::fastSlice): Added.

  • runtime/JSArray.h:
2:02 PM Changeset in webkit [184216] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Build fix.

  • platform/spi/cf/CFNetworkSPI.h:
1:46 PM Changeset in webkit [184215] by andersca@apple.com
  • 12 edits
    3 copies in trunk/Source/WebKit2

Production builds should link against the shims directly
https://bugs.webkit.org/show_bug.cgi?id=144922
rdar://problem/19708579

Reviewed by Dan Bernstein.

  • Configurations/NetworkService.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against SecItemShim.dylib where possible.

  • Configurations/PluginProcessShim.xcconfig:

Set the install name and install path.

  • Configurations/PluginService.32.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against PluginProcessShim.dylib where possible.

  • Configurations/PluginService.64.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against PluginProcessShim.dylib where possible.

  • Configurations/SecItemShim.xcconfig:

Set the install name and install path.

  • Configurations/WebContentService.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against WebProcessShim.dylib where possible.

  • Configurations/WebProcessShim.xcconfig:

Set the install name and install path.

  • NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX-10.9-10.10.plist: Copied from Source/WebKit2/NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX.plist.
  • NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

  • PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64-10.9-10.10.Info.plist: Copied from Source/WebKit2/PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist.
  • PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX-10.9-10.10.plist: Copied from Source/WebKit2/WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX.plist.
  • WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

12:49 PM Changeset in webkit [184214] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

ROLLOUT [Win] Unreviewed build fix for older DirectX build environments.

  • platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
12:44 PM Changeset in webkit [184213] by jdiggs@igalia.com
  • 9 edits
    2 adds
    2 deletes in trunk

AX: [ATK] ARIA menu items should not have anonymous block children
https://bugs.webkit.org/show_bug.cgi?id=144653

Reviewed by Chris Fleizach.

Source/WebCore:

Exclude anonymous block children of menu items from the accessible tree
for ATK. Exclude list markers from the accessibility tree if the parent
is not being exposed as an accessible list item.

No new tests. Instead, modified the existing tests to reflect the correct
behavior.

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):

  • accessibility/atk/AccessibilityObjectAtk.cpp:

(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

LayoutTests:

The existing test was not cross-platform friendly and was rewritten as
part of the fix for this bug. New expectations were generated for Mac,
Efl, and Gtk. The shared expectations and the Windows expectations were
removed so as not to break the Win port. The search-predicate test also
was updated because it included an ARIA treeitem which had a listmarker
child it should not have, and no longer has as a result of the bug fix.

  • accessibility/aria-menubar-menuitems-expected.txt: Removed. Platform hierarchies vary vastly.
  • accessibility/aria-menubar-menuitems.html: Rewritten to work better as a shared test.
  • platform/efl/accessibility/aria-menubar-menuitems-expected.txt: Added.
  • platform/gtk/accessibility/aria-menubar-menuitems-expected.txt: Added.
  • platform/mac/accessibility/aria-menubar-menuitems-expected.txt: Modified as result of rewrite.
  • platform/mac/accessibility/search-predicate.html: Modified to reflect correct treeitem children.
  • platform/mac/accessibility/search-predicate-expected.txt: Modified to reflect correct treeitem children.
  • platform/win/accessibility/aria-menubar-menuitems-expected.txt: Removed. New file should be generated.
  • resources/accessibility-helper.js: Added an argument so dumpAccessibilityTree can print title rather than value.

(dumpAccessibilityTree):

12:42 PM Changeset in webkit [184212] by ap@apple.com
  • 3 edits in trunk/Source/WebKit2

Undo a mistaken part of r184211.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::cookieStorageDirectory):
  • UIProcess/WebProcessPool.h:

cookieStorageDirectory() is used on iOS, so bring it back.

12:37 PM Changeset in webkit [184211] by ap@apple.com
  • 19 edits in trunk

[Mac] Share cookie storage between UI process and secondary processes
https://bugs.webkit.org/show_bug.cgi?id=144820
rdar://problem/20572830

Reviewed by Darin Adler.

Source/WebCore:

  • platform/network/mac/CookieJarMac.mm:
  • platform/spi/cf/CFNetworkSPI.h:

Moved SPIs into an SPI header, so that WebKit2 could use them too without duplication.

Source/WebKit2:

Pass a cookie storage descriptor that includes file path as well as other data that
CFNetwork needs to use the same cookies storage as in another process (session cookies
are still separate).

While at it, started to clean up code that passes cookie storage path. It was mostly
dead and unimplemented, only used in child processes when USE(SECCOMP_FILTERS) was enabled.

  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

  • Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

  • Shared/Network/NetworkProcessCreationParameters.h:
  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::WebProcessPool::platformInitializeNetworkProcess):
(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess):
(WebKit::WebProcessPool::createNewWebProcess):
(WebKit::WebProcessPool::cookieStorageDirectory):

  • UIProcess/WebProcessPool.h:
  • UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

  • UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

  • WebKitTestRunner/TestController.cpp: (WTR::TestController::initialize):

Don't set cookie storage directory, as it's a no-op, we use an ephemeral session
for testing.

12:29 PM Changeset in webkit [184210] by Chris Dumez
  • 5 edits in trunk/Source

[WK2] Log using diagnostic logging how far back in history we navigate
https://bugs.webkit.org/show_bug.cgi?id=144919
<rdar://problem/20920043>

Reviewed by Gavin Barraclough.

Source/WebCore:

Add diagnostic logging keys for logging back history navigation delta.

  • page/DiagnosticLoggingKeys.cpp:

(WebCore::DiagnosticLoggingKeys::deltaKey):
(WebCore::DiagnosticLoggingKeys::backNavigationKey):

  • page/DiagnosticLoggingKeys.h:

Source/WebKit2:

Log using diagnostic logging how far back in history we navigate.
When a back navigation or a backward indexed navigation occurs, we
log the delta: (HistoryListSize - 1) - NewHistoryItemIndex.

  • UIProcess/WebBackForwardList.cpp:

(WebKit::WebBackForwardList::goToItem):

12:23 PM Changeset in webkit [184209] by jacob_nielsen@apple.com
  • 9 edits in trunk/Tools

Fix internal build configuration issues
https://bugs.webkit.org/show_bug.cgi?id=144762

Reviewed by David Kilzer.

Modifies DumpRenderTree's xcconfig files to use SDK selectors.

  • DumpRenderTree/mac/Configurations/Base.xcconfig:
  • DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
  • DumpRenderTree/mac/Configurations/DumpRenderTree.xcconfig:
  • DumpRenderTree/mac/Configurations/DumpRenderTreeApp.xcconfig:
  • DumpRenderTree/mac/Configurations/DumpRenderTreeLibrary.xcconfig:
  • DumpRenderTree/mac/Configurations/ImageDiff.xcconfig:
  • DumpRenderTree/mac/Configurations/LayoutTestHelper.xcconfig:
  • DumpRenderTree/mac/Configurations/TestNetscapePlugIn.xcconfig:
11:40 AM Changeset in webkit [184208] by yoav@yoav.ws
  • 4 edits in trunk/Source/WebCore

Avoid CSSPrimitiveValue allocation when parsing sizes
https://bugs.webkit.org/show_bug.cgi?id=144910

Reviewed by Darin Adler.

Turn non-calc length calculation logic into a static method,
so that it can be called without a CSSPrimitiveValue object.
Then, call that method to calculate the default source-size length.

No new tests, since no functionality change.

  • css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::computeLengthDouble): Split out the logic for everything that's not calc into a static method.
(WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble): Static length computation logic for everything that is not calc.

  • css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isFontRelativeLength): Turn into static.

  • css/SourceSizeList.cpp:

(WebCore::defaultLength): Use the new static method to compute the length.
(WebCore::computeLength): Use the calc length computation methods directly.

11:07 AM Changeset in webkit [184207] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix for older DirectX build environments.

  • platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: Switch back to our

d3d stub header to avoid build failures on July 2004 DXSDK build environments.

11:01 AM Changeset in webkit [184206] by fpizlo@apple.com
  • 5 edits
    2 adds in trunk/Source/JavaScriptCore

OSR availability analysis would be more scalable (and correct) if it did more liveness pruning
https://bugs.webkit.org/show_bug.cgi?id=143078

Reviewed by Andreas Kling.

In https://bugs.webkit.org/show_bug.cgi?id=144883, we found an example of where liveness
pruning is actually necessary. Well, not quite: we just need to prune out keys from the
heap availability map where the base node doesn't dominate the point where we are asking
for availability. If we don't do this, then eventually the IR gets corrupt because we'll
insert PutHints that reference the base node in places where the base node doesn't
dominate. But if we're going to do any pruning, then it makes sense to prune by bytecode
liveness. This is the strongest possible pruning we can do, and it should be sound. We
shouldn't have a node available for a virtual register if that register is live and the
node doesn't dominate.

Making this work meant reusing the prune-to-liveness algorithm from the FTL backend. So, I
abstracted this a bit better. You can now availabilityMap.pruneByLiveness(graph, origin).

  • dfg/DFGAvailabilityMap.cpp:

(JSC::DFG::AvailabilityMap::pruneHeap):
(JSC::DFG::AvailabilityMap::pruneByLiveness):
(JSC::DFG::AvailabilityMap::prune): Deleted.

  • dfg/DFGAvailabilityMap.h:
  • dfg/DFGOSRAvailabilityAnalysisPhase.cpp:

(JSC::DFG::OSRAvailabilityAnalysisPhase::run):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::buildExitArguments):

  • tests/stress/liveness-pruning-needed-for-osr-availability.js: Added. This is a proper regression test.
  • tests/stress/liveness-pruning-needed-for-osr-availability-eager.js: Added. This is the original reduced test case, requires eager-no-cjit to fail prior to this changeset.
10:30 AM Changeset in webkit [184205] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/frames/flattening/iframe-flattening-resize-event-count.html times out on Yosemite WK2
https://bugs.webkit.org/show_bug.cgi?id=144155

  • platform/mac-wk2/TestExpectations: Marking as flaky for now.
9:41 AM Changeset in webkit [184204] by eric.carlson@apple.com
  • 7 edits in trunk/Source/WebCore

[Mac] Refine media playback target client configuration
https://bugs.webkit.org/show_bug.cgi?id=144892

Reviewed by Brent Fulgham.

Client and target picker state changes fequently happen several times in quick succession, so
don't react to immediately so we can batch callbacks to the web process.

  • Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::ClientState::ClientState): Store the client as a reference rather than a pointer
because it can never be NULL.
(WebCore::ClientState::operator == ): New.
(WebCore::WebMediaSessionManager::addPlaybackTargetPickerClient): Schedule the initial client
configuration and a target configuration check.
(WebCore::WebMediaSessionManager::removePlaybackTargetPickerClient): Schedule a target monitoring
update, and a target configuration check.
(WebCore::WebMediaSessionManager::removeAllPlaybackTargetPickerClients): Ditto.
(WebCore::WebMediaSessionManager::showPlaybackTargetPicker): Schedule a target monitoring update.
(WebCore::WebMediaSessionManager::clientStateDidChange): If the client whose state has changed
can play to a target, tell it to start using the target even if it isn't playing as long as
no other client is actively using a target.
(WebCore::WebMediaSessionManager::setPlaybackTarget): Configure clients after a pause.
(WebCore::WebMediaSessionManager::configureNewClients): New, do new client configuration.
(WebCore::WebMediaSessionManager::configurePlaybackTargetClients): New, configure target clients.
(WebCore::WebMediaSessionManager::scheduleDelayedTask): Schedule the timer.
(WebCore::WebMediaSessionManager::taskTimerFired): Execute delayed tasks.
(WebCore::WebMediaSessionManager::find):

  • Modules/mediasession/WebMediaSessionManager.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMuted): Call updateMediaState.
(WebCore::HTMLMediaElement::setPlaying): Ditto.
(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Ditto.
(WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Expand logging.
(WebCore::HTMLMediaElement::updateMediaState): New, don't broadcast a media state change
unless something actually changed.

  • html/HTMLMediaElement.h:
  • html/HTMLMediaSession.cpp:

(WebCore::HTMLMediaSession::externalOutputDeviceAvailableDidChange): Update logging.
(WebCore::HTMLMediaSession::setShouldPlayToPlaybackTarget): Ditto.
(WebCore::HTMLMediaSession::mediaEngineUpdated): Cleanup.

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker): Remove the call to
deprecated API and the "-Wdeprecated-declarations".

9:25 AM Changeset in webkit [184203] by weinig@apple.com
  • 6 edits in trunk/Source/WebKit2

ChildProcess should take an os_activity
https://bugs.webkit.org/show_bug.cgi?id=141781

Reviewed by Ryosuke Niwa.

  • DatabaseProcess/EntryPoint/mac/XPCService/DatabaseServiceEntryPoint.mm:

(DatabaseServiceInitializer):

  • NetworkProcess/EntryPoint/mac/XPCService/NetworkServiceEntryPoint.mm:

(NetworkServiceInitializer):

  • PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:

(PluginServiceInitializer):

  • WebProcess/EntryPoint/mac/XPCService/WebContentServiceEntryPoint.mm:

(WebContentServiceInitializer):
Start an os_activity in the initializer for each XPC service.

  • config.h:

Add HAVE_OS_ACTIVITY where available.

7:31 AM Changeset in webkit [184202] by ddkilzer@apple.com
  • 3 edits in trunk/Tools

Switch to launching iOS Simulator using bundle ID
<rdar://problem/20916096>

This is required to fix the layout tests on internal bots.

  • Scripts/webkitdirs.pm:

(relaunchIOSSimulator): Switch to use bundle ID to launch iOS
Simulator. Add FIXME.
(quitIOSSimulator): Add FIXME.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run): Switch to use bundle ID to
launch iOS Simulator. Add FIXME.
(IOSSimulatorPort.check_sys_deps): Add FIXME.

7:22 AM Changeset in webkit [184201] by peavo@outlook.com
  • 2 edits in trunk/Tools

Fix run-javascriptcore-tests step on the WinCairo bot
https://bugs.webkit.org/show_bug.cgi?id=144866

Reviewed by Csaba Osztrogonác.

Catch exception when failing to create soft link, so we can fall back to copy.

  • Scripts/run-jsc-stress-tests:
6:28 AM Changeset in webkit [184200] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ debug build after r184197.

  • UIProcess/gtk/RedirectedXCompositeWindow.cpp: Add missing include.
5:01 AM Changeset in webkit [184199] by jdiggs@igalia.com
  • 10 edits in trunk

AX: [GTK] Defer to WebCore Accessibility for table exposure
https://bugs.webkit.org/show_bug.cgi?id=144896

Reviewed by Chris Fleizach.

Source/WebCore:

Stop unconditionally exposing all HTMLTableElement nodes as AccessibilityTables
for WebKitGtk.

No new tests. Several existing tests already cover table exposure. They have
been updated accordingly.

  • accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::computeIsTableExposableThroughAccessibility):

LayoutTests:

Several platform tests are testing accessibility of tables. In order to ensure
that those tables continue to be exposed as tables, a border was added so that
they are not judged to be layout tables. For the remainder of the tests, the
expectations were updated to reflect the fact that layout tables are no longer
exposed as AccessibilityTables in WebKitGtk.

  • platform/gtk/accessibility/caret-offsets.html: Added border to table.
  • platform/gtk/accessibility/table-detection-expected.txt: Updated to reflect new behavior.
  • platform/gtk/accessibility/table-hierarchy-expected.txt: Updated to reflect new behavior.
  • platform/gtk/accessibility/table-one-cell-expected.txt: Updated to reflect new behavior.
  • platform/gtk/accessibility/table-with-rules-expected.txt: Updated to reflect new behavior.
  • platform/gtk/accessibility/text-for-range-table-cells.html: Added border to table.
  • platform/gtk/accessibility/text-for-table.html: Added border to table.
4:59 AM Changeset in webkit [184198] by jdiggs@igalia.com
  • 6 edits in trunk

[GTK][WK2] rowAtIndex is not implemented in DRT/WKTR
https://bugs.webkit.org/show_bug.cgi?id=116971

Reviewed by Chris Fleizach.

Source/WebCore:

Because ATK lacks API to directly get an accessible row via its index,
the implementation of rowAtIndex gets a cell in the indexed row and
returns the parent row. The failing test continued to fail because
AccessibilityARIAGridCell::parentTable called parentObjectUnignored at
most twice, the second call in place to handle rows which are included
in the tree. However, given a well-formed ARIA grid with a rowgroup that
is interactive, that rowgroup also needs to be in the tree necessitating
parentObjectUnignored be called a third time to get to the grid. Given a
poorly-formed ARIA grid, there may additional objects which pass the test
for inclusion standing in between the cell and grid necessitating more
calls still. Therefore, ascend the hierarchy to find the parent grid.

No new tests. The failing test now passes.

  • accessibility/AccessibilityARIAGridCell.cpp:

(WebCore::AccessibilityARIAGridCell::parentTable):

Tools:

Implement rowAtIndex for ATK.

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::rowAtIndex):

LayoutTests:

  • platform/gtk/TestExpectations: Removed previously-failing test.
4:11 AM Changeset in webkit [184197] by Carlos Garcia Campos
  • 21 edits
    3 adds in trunk/Source

[X11] Add XUniquePtr and XUniqueResource to automatically free X resources
https://bugs.webkit.org/show_bug.cgi?id=144521

Reviewed by Darin Adler.

Source/WebCore:

Add XUniquePtr as a template alias of std:unique_ptr to handle X
resources using pointers and XUniqueResource as a new class to
handle X resources using a long unsigned identifier. This
simplifies the code and makes it more difficult to leak X resources.

  • PlatformEfl.cmake: Add new files to compilation.
  • PlatformGTK.cmake: Ditto.
  • platform/graphics/cairo/BackingStoreBackendCairoX11.cpp:

(WebCore::BackingStoreBackendCairoX11::BackingStoreBackendCairoX11):
Remove the display member, and use XUnique for Pixmap and GC.
(WebCore::BackingStoreBackendCairoX11::~BackingStoreBackendCairoX11):
Remove code to explicitly free Pixmap and GC.
(WebCore::BackingStoreBackendCairoX11::scroll):

  • platform/graphics/cairo/BackingStoreBackendCairoX11.h:
  • platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::createWindowContext): Use XUnique and the
new constructor that receives a XID, since there's no longer
conflict with the one receiving a Pbuffer.
(WebCore::GLContextGLX::createPbufferContext): Use XUnique and the
new constructor that receives a XUniqueGLXPbuffer&&.
(WebCore::GLContextGLX::createPixmapContext):
(WebCore::GLContextGLX::createContext):
(WebCore::GLContextGLX::GLContextGLX):
(WebCore::GLContextGLX::~GLContextGLX): Remove code to explicitly
free X resources.
(WebCore::GLContextGLX::makeContextCurrent):
(WebCore::GLContextGLX::cairoDevice):
(WebCore::GLContextGLX::platformContext):

  • platform/graphics/glx/GLContextGLX.h:
  • platform/graphics/surfaces/egl/EGLXSurface.cpp:

(WebCore::EGLXTransportSurfaceClient::EGLXTransportSurfaceClient):
(WebCore::EGLXTransportSurfaceClient::destroy):
(WebCore::EGLXTransportSurfaceClient::prepareTexture):

  • platform/graphics/surfaces/egl/EGLXSurface.h:
  • platform/graphics/surfaces/glx/GLXConfigSelector.h:

(WebCore::GLXConfigSelector::findMatchingConfig): Use XUnique
instead of the custom std::unique X11Deleter.
(WebCore::GLXConfigSelector::findMatchingConfigWithVisualId): Ditto.

  • platform/graphics/surfaces/glx/GLXSurface.cpp:

(WebCore::GLXTransportSurface::GLXTransportSurface): Ditto.
(WebCore::GLXOffScreenSurface::initialize):

  • platform/graphics/surfaces/glx/X11Helper.cpp:

(WebCore::X11Helper::createOffScreenWindow): Ditto.
(WebCore::X11Helper::createPixmap): Ditto.

  • platform/graphics/surfaces/glx/X11Helper.h:
  • platform/graphics/x11/XUniquePtr.h: Remove X11Deleter.

(WebCore::XPtrDeleter::operator()):

  • platform/graphics/x11/XUniqueResource.cpp: Added.

(WebCore::XUniqueResource<XResource::Colormap>::deleteXResource):
(WebCore::XUniqueResource<XResource::Damage>::deleteXResource):
(WebCore::XUniqueResource<XResource::Pixmap>::deleteXResource):
(WebCore::XUniqueResource<XResource::Window>::deleteXResource):
(WebCore::XUniqueResource<XResource::GLXPbuffer>::deleteXResource):
(WebCore::XUniqueResource<XResource::GLXPixmap>::deleteXResource):

  • platform/graphics/x11/XUniqueResource.h: Added.

(WebCore::XUniqueResource::XUniqueResource):
(WebCore::XUniqueResource::operator=):
(WebCore::XUniqueResource::~XUniqueResource):
(WebCore::XUniqueResource::get):
(WebCore::XUniqueResource::release):
(WebCore::XUniqueResource::reset):
(WebCore::XUniqueResource::operator!):
(WebCore::XUniqueResource::operator UnspecifiedBoolType*):

Source/WebKit2:

Use XUniquePtr and XUniqueResource to free X resources.

  • PlatformEfl.cmake: Add Source/WebCore/platform/graphics/x11 dir

to the include dir list.

  • PlatformGTK.cmake: Ditto.
  • UIProcess/cairo/BackingStoreCairo.cpp:

(WebKit::BackingStore::createBackend): Do not pass the display to
the BackingStoreBackendCairoX11 constructor.

  • UIProcess/gtk/RedirectedXCompositeWindow.cpp:

(WebKit::RedirectedXCompositeWindow::RedirectedXCompositeWindow):
(WebKit::RedirectedXCompositeWindow::~RedirectedXCompositeWindow):
(WebKit::RedirectedXCompositeWindow::resize):
(WebKit::RedirectedXCompositeWindow::cleanupPixmapAndPixmapSurface):
(WebKit::RedirectedXCompositeWindow::surface):

  • UIProcess/gtk/RedirectedXCompositeWindow.h:

(WebKit::RedirectedXCompositeWindow::windowID):

  • WebProcess/Plugins/Netscape/NetscapePlugin.h:
  • WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:

(WebKit::NetscapePlugin::platformPostInitializeWindowless):
(WebKit::NetscapePlugin::platformDestroy):
(WebKit::NetscapePlugin::platformGeometryDidChange):
(WebKit::NetscapePlugin::platformPaint):

3:17 AM Changeset in webkit [184196] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.8.2

WebKitGTK+ 2.8.2

3:17 AM Changeset in webkit [184195] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.2 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.8.2.
3:16 AM Changeset in webkit [184194] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Unreviewed. Fix the build with RESOURCE_TIMING disabled.

  • loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::isolatedCopy):

2:53 AM Changeset in webkit [184193] by zandobersek@gmail.com
  • 18 edits in trunk/Source/WebCore

Move TransformOperation-based classes off of PassRefPtr
https://bugs.webkit.org/show_bug.cgi?id=144876

Reviewed by Darin Adler.

Remove uses of PassRefPtr from the TransformOperation class and its
derivatives, operating on Ref and RefPtr objects instead.

  • platform/graphics/transforms/IdentityTransformOperation.h:
  • platform/graphics/transforms/Matrix3DTransformOperation.cpp:

(WebCore::Matrix3DTransformOperation::blend):

  • platform/graphics/transforms/Matrix3DTransformOperation.h:
  • platform/graphics/transforms/MatrixTransformOperation.cpp:

(WebCore::MatrixTransformOperation::blend):

  • platform/graphics/transforms/MatrixTransformOperation.h:
  • platform/graphics/transforms/PerspectiveTransformOperation.cpp:

(WebCore::PerspectiveTransformOperation::blend):

  • platform/graphics/transforms/PerspectiveTransformOperation.h:
  • platform/graphics/transforms/RotateTransformOperation.cpp:

(WebCore::RotateTransformOperation::blend):

  • platform/graphics/transforms/RotateTransformOperation.h:
  • platform/graphics/transforms/ScaleTransformOperation.cpp:

(WebCore::ScaleTransformOperation::blend):

  • platform/graphics/transforms/ScaleTransformOperation.h:
  • platform/graphics/transforms/SkewTransformOperation.cpp:

(WebCore::SkewTransformOperation::blend):

  • platform/graphics/transforms/SkewTransformOperation.h:
  • platform/graphics/transforms/TransformOperation.h:
  • platform/graphics/transforms/TransformOperations.cpp:

(WebCore::TransformOperations::blendByMatchingOperations):

  • platform/graphics/transforms/TranslateTransformOperation.cpp:

(WebCore::TranslateTransformOperation::blend):

  • platform/graphics/transforms/TranslateTransformOperation.h:
2:36 AM Changeset in webkit [184192] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r184170 - Workaround for Cortex-A53 erratum 843419
https://bugs.webkit.org/show_bug.cgi?id=144680

Reviewed by Michael Saboff.

This patch is about to give simple workaround for Cortex-A53 erratum 843419.
It inserts nops after ADRP instruction to avoid wrong address accesses.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::adrp):
(JSC::ARM64Assembler::nopCortexA53Fix843419):

2:35 AM Changeset in webkit [184191] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184154 - Clean up redundant resources in case of failure in GLContextEGL context creation methods
https://bugs.webkit.org/show_bug.cgi?id=144878

Reviewed by Martin Robinson.

GLContextEGL::createWindowContext() and GLContextEGL::createPixmapContext() methods
should clean up the freshly-created resources when prematurely returning due to a
failure.

  • platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createWindowContext):
(WebCore::GLContextEGL::createPixmapContext):

2:25 AM Changeset in webkit [184190] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184104 - WebContent crash under com.apple.WebCore: WebCore::WebKitCSSResourceValue::isCSSValueNone const + 6
https://bugs.webkit.org/show_bug.cgi?id=144870
rdar://problem/20727702

Reviewed by Simon Fraser.

No repro but we are seeing null pointer crashes like this:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff92da5706 WebCore::WebKitCSSResourceValue::isCSSValueNone() const + 6
1 com.apple.WebCore 0x00007fff93382b48 WebCore::MaskImageOperation::isCSSValueNone() const + 24
2 com.apple.WebCore 0x00007fff92e0475e WebCore::FillLayer::hasNonEmptyMaskImage() const + 30

  • platform/graphics/MaskImageOperation.cpp:

(WebCore::MaskImageOperation::MaskImageOperation):
(WebCore::MaskImageOperation::isCSSValueNone):

This would crash like this if both m_styleImage and m_cssMaskImageValue are null.
There are no obvious guarantees that this doesn't happen. Two of the constructor variants allow it
and there is setImage which may turn m_styleImage null later too.

Fix by making null m_cssMaskImageValue always signify CSSValueNone.

(WebCore::MaskImageOperation::cssValue):

2:24 AM Changeset in webkit [184189] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r184097 - AX: Crash at WebCore::AccessibilityMenuList::addChildren()
https://bugs.webkit.org/show_bug.cgi?id=144860

Reviewed by Mario Sanchez Prada.

Source/WebCore:

There were some unsafe pointer accesses in AccessibilityMenuList code that needed to be cleaned up.

Test: accessibility/menu-list-crash2.html

  • accessibility/AccessibilityMenuList.cpp:

(WebCore::AccessibilityMenuList::addChildren):

LayoutTests:

  • accessibility/menu-list-crash2-expected.txt: Added.
  • accessibility/menu-list-crash2.html: Added.
2:23 AM Changeset in webkit [184188] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r184072 - [GTK] WorkQueue objects are not released
https://bugs.webkit.org/show_bug.cgi?id=144824

Reviewed by Žan Doberšek.

Do not keep a reference of the WorkQueue for the entire life of
its worker thread, since every task scheduled on the WorkQueue
already takes a reference. Instead, take a reference of the main
loop to make sure that when the worker thread starts, the main
loop hasn't been released to avoid runtime warnings (see
webkit.org/b/140998). Also removed the g_main_context_pop_thread_default()
from the thread body, since the thread-specific context queue will
be freed anyway when the thread exits.
If the WorkQueue is released early, before the thread has started,
schedule a main loop quit in the context, to make sure it will
be the first thing run by the main loop and the thread will exit.

  • wtf/WorkQueue.h: Remove unused event loop mutex.
  • wtf/gtk/WorkQueueGtk.cpp:

(WTF::WorkQueue::platformInitialize):
(WTF::WorkQueue::platformInvalidate):

2:17 AM Changeset in webkit [184187] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184070 - Reduce TransformationMatrix copies in WebKitCSSMatrix operations
https://bugs.webkit.org/show_bug.cgi?id=144795

Reviewed by Darin Adler.

Instead of copying the TransformationMatrix member, performing
the operation on it and then copying it again when creating
the new WebKitCSSMatrix object, copy it just once by first
creating the new WebKitCSSMatrix object and then performing
the operation on that object's TransformationMatrix directly.

  • css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::multiply):
(WebCore::WebKitCSSMatrix::translate):
(WebCore::WebKitCSSMatrix::scale):
(WebCore::WebKitCSSMatrix::rotate):
(WebCore::WebKitCSSMatrix::rotateAxisAngle):
(WebCore::WebKitCSSMatrix::skewX):
(WebCore::WebKitCSSMatrix::skewY):

2:17 AM Changeset in webkit [184186] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184005 - Crashes in SocketStreamHandleBase::close
https://bugs.webkit.org/show_bug.cgi?id=144767
rdar://problem/20486538

Reviewed by Brady Eidson.

This is a speculative fix, I could not reproduce the crash.

  • Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::processFrame):

Normally, processOutgoingFrameQueue() closes the handle in the end when called in
OutgoingFrameQueueClosing state. But there is no definitive protection against
processing two CLOSE frames, in which case we'd try to close the handle twice.

  • platform/network/cf/SocketStreamHandleCFNet.cpp:

(WebCore::SocketStreamHandle::readStreamCallback): Passing empty data to the client
results in the socket being closed, which makes no sense here.

2:16 AM Changeset in webkit [184185] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r183959 - Release assert in com.apple.WebKit.WebContent under JavaScriptCore: JSC::JSONProtoFuncStringify
https://bugs.webkit.org/show_bug.cgi?id=144758

Reviewed by Andreas Kling.

This was an out-of-memory error when trying to shrink a string builder.
bmalloc was missing the optimization that allowed realloc() to shrink
without copying. So, let's add it.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate): Added Large and XLarge cases for
shrinking without copying. This isn't possible for small and medium
objects, and probably not very profitable, either.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::findXLarge):
(bmalloc::Heap::deallocateXLarge):

  • bmalloc/Heap.h: Refactored this code to return a reference to an

XLarge range. This makes the code reusable, and also makes it easier
for realloc() to update metadata.

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::split): Allow allocated objects to split because
that's what realloc() wants to do, and there's nothing intrinsically
wrong with it.

2:02 AM Changeset in webkit [184184] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183950 - REGRESSION (r164449): Subpixel rendering: http://www.apple.com/iphone-6/ "Faster wireless." image displays vertical black line on 1x displays at specific window width.
https://bugs.webkit.org/show_bug.cgi?id=144723
rdar://problem/18307094

Reviewed by Simon Fraser.

This patch ensures that the backing store's graphics layer is always positioned on a device pixel boundary.

While calculating the backing store's graphics layer location, its ancestor layer's compositing bounds is taken into account.
However the compositing bounds is an unsnapped value, so in order to place the graphics layer properly,
we need to pixel align the ancestor compositing bounds before using it to adjust the child's graphics layer position.

Source/WebCore:

Test: compositing/ancestor-compositing-layer-is-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/ancestor-compositing-layer-is-on-subpixel-position-expected.html: Added.
  • compositing/ancestor-compositing-layer-is-on-subpixel-position.html: Added.
  • platform/mac/compositing/layer-creation/overlap-animation-container-expected.txt: progression.
2:01 AM Changeset in webkit [184183] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183948 - Fix sizes crash and add invalid value tests.
https://bugs.webkit.org/show_bug.cgi?id=144739

Reviewed by Darin Adler.

Source/WebCore:

Make sure that only CSS length are allowed when the sizes parser is calling computeLength.
Also make sure that for invalid lengths, the 100vw default is used instead.

Test: fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html

  • css/SourceSizeList.cpp:

(WebCore::computeLength):
(WebCore::defaultLength):
(WebCore::parseSizesAttribute):

LayoutTests:

Add tests that make sure that invalid values are properly handled, and a 100vw
source-size length is being used for srcset and for intrinsic dimension calculation.

  • fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt: Added.
  • fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html: Added.
2:00 AM Changeset in webkit [184182] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r183941 - Add PLUGIN_ARCHITECTURE(X11) around m_frameRectInWindowCoordinates in NetscapePlugin.
https://bugs.webkit.org/show_bug.cgi?id=144490

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-07
Reviewed by Darin Adler.

m_frameRectInWindowCoordinates in NetscapePlugin is currently being used only for
the windowed plugins, and the windowed plugins are only supported on X11. So we can
guard it with PLUGIN_ARCHITECTURE(X11).

No new tests, no behavior change.

  • WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::geometryDidChange):

  • WebProcess/Plugins/Netscape/NetscapePlugin.h:
1:57 AM Changeset in webkit [184181] by Carlos Garcia Campos
  • 4 edits
    1 add in releases/WebKitGTK/webkit-2.8

Merge r183933 - Fix a couple of cases where the backForwardListState's currentIndex is not set correctly in WebBackForwardList::backForwardListState().
https://bugs.webkit.org/show_bug.cgi?id=144666

Reviewed by Darin Adler.

  • UIProcess/WebBackForwardList.cpp:

(WebKit::WebBackForwardList::backForwardListState):
If the first item is filtered out and the currentIndex is 0, don't decrement currentIndex.
If all the items are filtered out, set currentIndex to the uninitialized value.

Tools:
Add a test for WKPageCopySessionState() with filtering.
https://bugs.webkit.org/show_bug.cgi?id=144666

Reviewed by Darin Adler.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2/WKPageCopySessionStateWithFiltering.cpp: Added.

(TestWebKitAPI::didFinishLoadForFrame):
(TestWebKitAPI::setPageLoaderClient):
(TestWebKitAPI::filterFirstItemCallback):
(TestWebKitAPI::filterAllItemsCallback):
(TestWebKitAPI::createSessionStates):
(TestWebKitAPI::TEST):

1:56 AM Changeset in webkit [184180] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r183921 - [GTK] Clean up RunLoop implementation
https://bugs.webkit.org/show_bug.cgi?id=144729

Reviewed by Carlos Garcia Campos.

Clean up the RunLoop implementation for the GTK port,
removing unnecessary methods and using simpler variable names.

Nested GMainLoops in RunLoop::run() are now created for the
RunLoop's GMainContext, and not for the default context (enforced
through the null argument to g_main_loop_new()).

  • wtf/RunLoop.h:
  • wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::~RunLoop):
(WTF::RunLoop::run):
(WTF::RunLoop::stop):
(WTF::RunLoop::wakeUp):
(WTF::RunLoop::TimerBase::start):
(WTF::RunLoop::innermostLoop): Deleted.
(WTF::RunLoop::pushNestedMainLoop): Deleted.
(WTF::RunLoop::popNestedMainLoop): Deleted.

1:53 AM Changeset in webkit [184179] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183891 - Avoid copies in scrollOffsetForFixedPosition() and inline it.
https://bugs.webkit.org/show_bug.cgi?id=144709

Reviewed by Simon Fraser.

  • page/FrameView.cpp:

(WebCore::FrameView::frameScaleFactor):
Added so that scrollOffsetForFixedPosition() can be inlined without having to
reference Frame's implementation.

(WebCore::FrameView::scrollOffsetForFixedPosition): Deleted.
Moved this to the header.

  • page/FrameView.h:

Inline scrollOffsetForFixedPosition() and get rid of all the copying
it was doing.

1:48 AM Changeset in webkit [184178] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183887 - RenderLayer::currentTransform computes a pixel snapped rect it doesn't use.
https://bugs.webkit.org/show_bug.cgi?id=144708

Reviewed by Simon Fraser.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::currentTransform):

Only compute a pixel snapped rect if we actually end up needing it. The common case
is that this rect is not needed, so pushing it inside the two if statements
speeds up the common case.

1:47 AM Changeset in webkit [184177] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183885 - Optimize topLeftLocationOffset() addition in updateLayerPosition
https://bugs.webkit.org/show_bug.cgi?id=144704

Reviewed by Dean Jackson.

  • page/FrameView.cpp:

(WebCore::FrameView::FrameView):

  • page/FrameView.h:

Move the hasFlippedBlocks bit to FrameView instead of RenderView. Works better for inlining
the check in any renderer header, and it also makes more sense conceptually, since the RenderView
itself could be a flipped block.

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::layoutOverflowRectForPropagation):
Change over to the FrameView bit.

  • rendering/RenderBox.h:

(WebCore::RenderBox::applyTopLeftLocationOffset):
Add a new inlined function that can apply the top left location offset to a point without
multiple LayoutSize creations and copies. It invokes a helper for flipping that is not
inlined only in the case where actual flipped blocks exist in the render tree.

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::updateFromStyle):
Set the bit on the FrameView now instead of the RenderView.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::updateLayerPosition):
Call the new applyTopLeftLocationOffset function so that the point can have offsets added
in without any extra copies.

(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::rangeIntersectsRect):
Switch over to the bit on the FrameView.

  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):

  • rendering/RenderView.h:

Get rid of the bit on the RenderView.

1:38 AM Changeset in webkit [184176] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183879 - Optimize relativePositionOffset() to avoid doing unnecessary work
https://bugs.webkit.org/show_bug.cgi?id=144698

Reviewed by Simon Fraser.

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::relativePositionOffset):

Patch relativePositionOffset to avoid doing unnecessary work in the common case where
all values of top/left/right/bottom are either auto or fixed. We no longer fetch
containingBlock() into a local always, but instead just invoke the function only
when necessary.

Also avoid computing the percentage-relative maximum for the top/right/bottom/left lengths
when they are fixed values, since that maximum won't be examined at all.

1:37 AM Changeset in webkit [184175] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r183861 - NetworkResourceLoader::cleanup() should clear ResourceHandle client pointer.
https://bugs.webkit.org/show_bug.cgi?id=144641
rdar://problem/20250960

Reviewed by David Kilzer.

  • NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::cleanup):

Clear the client pointer.

  • Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::useCredentialForChallenge):
(WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):
(WebKit::AuthenticationManager::cancelChallenge):
(WebKit::AuthenticationManager::performDefaultHandling):
(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):
Updated comments, which were not accurate, at least on Mac.

1:35 AM Changeset in webkit [184174] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183855 - EventHandler::m_eventHandlerWillResetCapturingMouseEventsElement is incorrectly initialized
https://bugs.webkit.org/show_bug.cgi?id=144583

Reviewed by Daniel Bates.

  • page/EventHandler.cpp:

(WebCore::EventHandler::EventHandler): The
m_eventHandlerWillResetCapturingMouseEventsElement is a boolean,
so initialize it to false, instead of to nullptr.

1:34 AM Changeset in webkit [184173] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183800 - [GTK] Async operations running in the WorkQueue thread should schedule their sources to the WorkQueue main lopp
https://bugs.webkit.org/show_bug.cgi?id=144541

Reviewed by Žan Doberšek.

Source/WTF:

They are currently sent to the main thread run loop, because we
are not setting the WorkQueue main context as the default one in
the worker thread.

  • wtf/gtk/WorkQueueGtk.cpp:

(WTF::WorkQueue::platformInitialize): Call
g_main_context_push_thread_default() to set the WorkQueue main
context as the default of the thread before running the main loop,
and g_main_context_pop_thread_default() when the main loop quits.

1:29 AM Changeset in webkit [184172] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183788 - RenderWidget::setWidgetGeometry() can end up destroying *this*.
https://bugs.webkit.org/show_bug.cgi?id=144601

Reviewed by Andreas Kling.

This is a speculative fix to ensure we don't crash on an invalid *this* renderer
while flattening the current iframe.
Calling RenderWidget::setWidgetGeometry() can result in destroying the current renderer.
While it is not a issue in case of normal layout flow as widget positions are updated at post layout,
frame flattening initiates this action in the middle of layout.
This patch re-introduces refcount model for RenderWidgets so that the renderer is protected during layout
when frame flattening is in use.

  • rendering/RenderFrameBase.cpp:

(WebCore::RenderFrameBase::layoutWithFlattening): Let's be paranoid about child view.

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::destroy):

  • rendering/FrameView.cpp:

(WebCore::FrameView::layout):

  • rendering/RenderView.h:
  • rendering/RenderWidget.cpp:

(WebCore::RenderWidget::~RenderWidget):

  • rendering/RenderWidget.h:

(WebCore::RenderWidget::ref):
(WebCore::RenderWidget::deref):

1:15 AM Changeset in webkit [184171] by Carlos Garcia Campos
  • 6 edits
    3 adds in releases/WebKitGTK/webkit-2.8

Merge r183781 - Crash at com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::createWindow + 185
https://bugs.webkit.org/show_bug.cgi?id=144597
<rdar://problem/20361579>

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/dom/Window/window-open-activeWindow-null-frame.html

In our implementation of window.open(), we make sure that the window
which window.open() is called has a frame. However, we did not have the
same check for the activeDOMWindow (i.e. the lexicalGlobalObject) causing
us to crash in WebCore::createWindow() when dereferencing it.

This patch updates WebCore::createWindow() takes a reference to the
openerFrame instead of a pointer to make it clear the implementation
expects it to be non-null. A null check is then added for the frame
at the call site: DOMWindow::createWindow().

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

  • loader/FrameLoader.cpp:

(WebCore::isDocumentSandboxed):
(WebCore::FrameLoader::submitForm):
(WebCore::createWindow):
Take a reference to openerFrame instead of a pointer as the
implementation expects it to be non-null.

  • loader/FrameLoader.h:
  • page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
Add null check for activeFrame before passing it to
WebCore::createWindow().

LayoutTests:

Add a layout test to cover the case where window.open() is called on a
window that is different than the activeDOMWindow and where the
activeDOMWindow does not have a frame.

  • fast/dom/Window/resources/test-frame.html: Added.
  • fast/dom/Window/window-open-activeWindow-null-frame-expected.txt: Added.
  • fast/dom/Window/window-open-activeWindow-null-frame.html: Added.
1:15 AM Changeset in webkit [184170] by loki@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Workaround for Cortex-A53 erratum 843419
https://bugs.webkit.org/show_bug.cgi?id=144680

Reviewed by Michael Saboff.

This patch is about to give simple workaround for Cortex-A53 erratum 843419.
It inserts nops after ADRP instruction to avoid wrong address accesses.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::adrp):
(JSC::ARM64Assembler::nopCortexA53Fix843419):

1:06 AM Changeset in webkit [184169] by Carlos Garcia Campos
  • 6 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r183765 - REGRESSION (r178156): CSS Parser incorrectly rejects valid calc() in padding-right property
https://bugs.webkit.org/show_bug.cgi?id=144584
<rdar://problem/20796829>

Reviewed by Darin Adler.

Source/WebCore:

The CSS parser was rejecting calculated values at parsing time if it
considered the value was negative and the CSS property did not allow
negative values. However, doing so at this point will not always work
because we don't necessarily know the font-size yet (for e.g. for
calc(0.5em - 2px). Also, rejecting negative calculated values is not
the right behavior as the the specification. The specification says
we should clamp:
http://dev.w3.org/csswg/css-values-3/#calc-range

This patch updates validateCalculationUnit() to stop marking the value
as invalid if it is negative. Instead, let the CSSCalcValue's permitted
range clamp the value as needed.

This bug was causing the bottom graphic on aldentrio.com to not be
rendered properly.

Test: fast/css/negative-calc-values.html

fast/css/padding-calc-value.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::validateCalculationUnit):

LayoutTests:

  • fast/css/negative-calc-values-expected.txt: Added.
  • fast/css/negative-calc-values.html: Added.

Add a layout test that assigns negative calc() values to properties
whose values cannot be negative to verify that values are clamped as
per the specification:
http://dev.w3.org/csswg/css-values-3/#calc-range

  • fast/css/padding-calc-value-expected.txt: Added.
  • fast/css/padding-calc-value.html: Added.

Add a layout test to test that using calc(.5em - 2px) for padding-right
CSS property works as intended. It used to be resolved as 0px instead
of "2*font-size - 2px".

  • fast/css/text-shadow-calc-value-expected.txt:
  • fast/css/text-shadow-calc-value.html:

Update test to match what the specification says:
http://dev.w3.org/csswg/css-values-3/#calc-range
"width: calc(5px - 10px);" is equivalent to "width: 0px;" since widths
smaller than 0px are not allowed.

1:03 AM Changeset in webkit [184168] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8

Merge r183741 - [cmake] Disable GNU Gold linker on Cortex A53
https://bugs.webkit.org/show_bug.cgi?id=144382

Reviewed by Carlos Garcia Campos.

  • Source/cmake/OptionsCommon.cmake:
1:00 AM Changeset in webkit [184167] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183740 - [ARM] Don't compare unsigned chars to EOF (-1)
https://bugs.webkit.org/show_bug.cgi?id=144439

Reviewed by Geoffrey Garen.

Source/WebCore:

  • platform/linux/MemoryPressureHandlerLinux.cpp:

(WebKit::nextToken): Don't cast return value of fgetc() to char.

Source/WebKit2:

  • Shared/linux/WebMemorySamplerLinux.cpp:

(WebKit::nextToken): Don't cast return value of fgetc() to char.

12:59 AM Changeset in webkit [184166] by ryuan.choi@navercorp.com
  • 3 edits in trunk

Linker fails without -DDEVELOPER_MODE=ON
https://bugs.webkit.org/show_bug.cgi?id=144117

Reviewed by Gyuyoung Kim.

  • Source/cmake/OptionsEfl.cmake:

Remove fvisibility flags. linker script will cover the functionality for ewebkit2.so in release mode,

  • Source/cmake/eflsymbols.filter: Updated symbol patterns which should be exposed for ewebkit2.
12:58 AM Changeset in webkit [184165] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183729 - [GTK] API tests crashing on debug builds due to extra unref
https://bugs.webkit.org/show_bug.cgi?id=144508

Reviewed by Mario Sanchez Prada.

The problem is that we were assuming that when a new DOMWindow is
created, the DOM object cache was notified about the previous
DOMWindow being destroyed before objects for the new DOMWindow are
added to the cache. However, that's not always the case and we
only create a DOMWindowObserver for the first DOMWindow. We need
to keep a pointer to the DOMWindow being observed to clear() the
cache and create a new DOMWindowObserver when it changes in the
Frame.

Fixes crashes in several unit tests in debug builds.

  • bindings/gobject/DOMObjectCache.cpp:
12:57 AM Changeset in webkit [184164] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183706 - Reproducible crash removing name attribute from <img> node
<https://webkit.org/b/144371>
<rdar://problem/17198583>

Reviewed by Darin Adler.

Source/WebCore:

The problem here was with HTMLImageElement::getNameAttribute(), which relies
on Element::hasName() to avoid slow attribute lookups when the attribute
is already known not to be present. Unfortunately hasName() uses an ElementData
flag that wasn't getting updated until after the call to parseAttribute().

This patch fixes the issue by moving the code that updates the hasName() flag
before the parseAttribute() virtual dispatch.

Test: fast/dom/HTMLImageElement/remove-name-id-attribute-from-image.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged):

LayoutTests:

  • fast/dom/HTMLImageElement/remove-name-id-attribute-from-image-expected.txt: Added.
  • fast/dom/HTMLImageElement/remove-name-id-attribute-from-image.html: Added.
12:55 AM Changeset in webkit [184163] by Carlos Garcia Campos
  • 12 edits
    1 add in releases/WebKitGTK/webkit-2.8

Merge r183698 - Back/forward navigation to an error page in Safari breaks the back-forward list
https://bugs.webkit.org/show_bug.cgi?id=144501

Reviewed by Darin Adler.

Test: TestWebKitAPI/Tests/WebKit2Cocoa/LoadAlternateHTMLString.mm

Normally, loading substitute data (such as an error page) creates a new back-forward list
item. FrameLoader has a mechanism that detects when a substitute data load occurs during
handling of a provisional load error and prevents the creation of a new back-forwards list
item in that case if the unreachable URL is the same as the failing provisional URL. This
mechanism was broken in WebKit2, where handling the provisional load error is asynchronous.

The fix is to capture some state (namely, the failing provisional URL) when dispatching the
load error and allow it to be restored when loading the substitute data.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::FrameLoader): Removed initialization of
m_delegateIsHandlingProvisionalLoadError.
(WebCore::FrameLoader::shouldReloadToHandleUnreachableURL): Instead of checking
m_delegateIsHandlingProvisionalLoadError and if true using the provisional document loader’s
URL, check m_provisionalLoadErrorBeingHandledURL.
(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Instead of checking and setting
m_delegateIsHandlingProvisionalLoadError, use m_provisionalLoadErrorBeingHandledURL.

  • loader/FrameLoader.h:

(WebCore::FrameLoader::provisionalLoadErrorBeingHandledURL): Added this getter. The client
can call this from its override of dispatchDidFailProvisionalLoad and store the result.
(WebCore::FrameLoader::setProvisionalLoadErrorBeingHandledURL): Added this setter. The
client can call this prior to loading substitute data if it’s done as part of handling a
previously-dispatched didFailProvisionalLoad.

Source/WebKit2:
WebKit2 part of <rdar://problem/8636045> Back/forward navigation to an error page in Safari breaks the back-forward list
https://bugs.webkit.org/show_bug.cgi?id=144501

Reviewed by Darin Adler.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::loadAlternateHTMLString): If this is called during
didFailProvisionalLoadForFrame, send back the provisional URL captured at the time of
failure.
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame): Get the provisioinal URL and keep
it in new member variable m_failingProvisionalLoadURL for the duration of the client’s
handling of this message.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in: Added provisionalURL parameter to

DidFailProvisionalLoadForFrame.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidFailProvisionalLoad): Send the URL for this error
to the UI process.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::loadAlternateHTMLString): Temporarily restore the loader’s state to
reflect the provisional load error being handled.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in: Added provisionalLoadErrorURL parameter to

LoadAlternateHTMLString.

12:40 AM Changeset in webkit [184162] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183648 - DOM bindings should not be using a reference type to point to a temporary object
https://bugs.webkit.org/show_bug.cgi?id=144474

Reviewed by Beth Dakin.

The DOM bindings will currently try and use a local reference to point
to a temporary object. This currently works as a by product of the compiler's
stack layout. This patch removes the dependency on undefined behaviour
by ensuring that we use a value rather than reference type.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck):
(GetNativeTypeForCallbacks):

12:35 AM Changeset in webkit [184161] by jinwoo7.song@samsung.com
  • 5 edits in trunk/LayoutTests

[EFL] Rebaseline some editing tests

Also add some missing baselines.

  • platform/efl/editing/execCommand/5142012-1-expected.png:
  • platform/efl/editing/execCommand/5142012-1-expected.txt:
  • platform/efl/editing/inserting/insert-at-end-02-expected.png:
  • platform/efl/editing/inserting/insert-at-end-02-expected.txt:
12:16 AM Changeset in webkit [184160] by Carlos Garcia Campos
  • 5 edits
    3 adds in releases/WebKitGTK/webkit-2.8

Merge r183646 - Javascript using WebSQL can create their own WebKit info table.
<rdar://problem/20688792> and https://bugs.webkit.org/show_bug.cgi?id=144466

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/alter-to-info-table.html

  • Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::DatabaseBackendBase::databaseInfoTableName): Return the info table name.
(WebCore::fullyQualifiedInfoTableName): Append "main." to the info table name.
(WebCore::DatabaseBackendBase::DatabaseBackendBase): Use the fully qualified name.
(WebCore::DatabaseBackendBase::performOpenAndVerify): Ditto.
(WebCore::DatabaseBackendBase::getVersionFromDatabase): Ditto.
(WebCore::DatabaseBackendBase::setVersionInDatabase): Ditto.

LayoutTests:

  • storage/websql/alter-to-info-table-expected.txt: Added.
  • storage/websql/alter-to-info-table.html: Added.
  • storage/websql/alter-to-info-table.js: Added.
12:15 AM Changeset in webkit [184159] by youenn.fablet@crf.canon.fr
  • 8 edits in trunk

[Streams API] ReadableStream reader should not be disposable when having pending promises
https://bugs.webkit.org/show_bug.cgi?id=144869

Reviewed by Darin Adler.

Source/WebCore:

Made error promise callback to take a ref to the reader so that the reader is not disposed as long as the promise callback is not resolved.

Covered by tests added to streams/readable-stream-gc.html.

  • Modules/streams/ReadableStreamReader.cpp:

(WebCore::ReadableStreamReader::ReadableStreamReader): Moved initialize() call outside constructor as it can ref/unref.
(WebCore::ReadableStreamReader::releaseStreamAndClean): Added protector.

  • Modules/streams/ReadableStreamReader.h:
  • bindings/js/JSReadableStreamReaderCustom.cpp:

(WebCore::JSReadableStreamReader::closed): Lambda for error now takes a ref to the reader.

  • bindings/js/ReadableJSStream.cpp:

(WebCore::ReadableJSStream::Reader::create): Calling initialize() after adoptRef().

LayoutTests:

  • streams/readable-stream-gc.html:
  • streams/readable-stream-gc-expected.txt:
12:12 AM Changeset in webkit [184158] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183636 - Avoid containingBlock() calls when no writing mode flipping is needed.
https://bugs.webkit.org/show_bug.cgi?id=144407

Reviewed by Simon Fraser.

Add a bool to RenderView that indicates whether or not any flipped blocks have been
added to the view. Once tainted, the view just stays dirty forever. If no flipped
blocks are ever seen, we can then optimize away calls to containingBlock().

The motivation for this patch is to improve layer position updating, which makes many
calls to topLeftLocationOffset(), one of the functions that can be optimized by this
change.

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::layoutOverflowRectForPropagation):

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::updateFromStyle):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::rangeIntersectsRect):

  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):

  • rendering/RenderView.h:
12:07 AM Changeset in webkit [184157] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r183564 - Safari WebKit crash when loading Google Spreadsheet.
https://bugs.webkit.org/show_bug.cgi?id=144020

Reviewed by Filip Pizlo.

The bug is that the object allocation sinking phase did not account for a case
where a property of a sunken object is only initialized on one path and not
another. As a result, on the path where the property is not initialized, we'll
encounter an Upsilon with a BottomValue (which is not allowed by definition).

The fix is to use a JSConstant(undefined) as the bottom value instead (of
BottomValue). If the property is uninitialized, it should still be accessible
and have the value undefined.

  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

  • tests/stress/object-allocation-sinking-with-uninitialized-property-on-one-path.js: Added.

(foo):
(foo2):

12:03 AM Changeset in webkit [184156] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183538 - Fix crash in WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock().
https://bugs.webkit.org/show_bug.cgi?id=140261

Patch by Hyungwook Lee <hyungwook.lee@navercorp.com> on 2015-04-29
Reviewed by Darin Adler.

Source/WebCore:

We need to check whether RenderObject is valid in RenderView::fooSubtreeSelection functions
because invalid object has caused a crash. This patch adds isValidObjectForNewSelection(), and use it.

  • rendering/RenderView.cpp:

(WebCore::isValidObjectForNewSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

LayoutTests:

  • editing/execCommand/crash-140261-expected.txt: Added.
  • editing/execCommand/crash-140261.html: Added.
12:01 AM Changeset in webkit [184155] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r183504 - Properly reset deleted count when clearing HashTables.
https://bugs.webkit.org/show_bug.cgi?id=144343

Reviewed by Andreas Kling.

  • wtf/HashTable.h:

(WTF::KeyTraits>::clear):
Reset m_deletedCount, which appears to have been forgotten.

May 11, 2015:

11:39 PM Changeset in webkit [184154] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

Clean up redundant resources in case of failure in GLContextEGL context creation methods
https://bugs.webkit.org/show_bug.cgi?id=144878

Reviewed by Martin Robinson.

GLContextEGL::createWindowContext() and GLContextEGL::createPixmapContext() methods
should clean up the freshly-created resources when prematurely returning due to a
failure.

  • platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createWindowContext):
(WebCore::GLContextEGL::createPixmapContext):

10:51 PM Changeset in webkit [184153] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184009.
https://bugs.webkit.org/show_bug.cgi?id=144900

Caused crashes on inspector tests (Requested by ap on
#webkit).

Reverted changeset:

"MapDataImpl::add() shouldn't do the same hash lookup twice."
https://bugs.webkit.org/show_bug.cgi?id=144759
http://trac.webkit.org/changeset/184009

10:48 PM Changeset in webkit [184152] by commit-queue@webkit.org
  • 13 edits
    1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184123.
https://bugs.webkit.org/show_bug.cgi?id=144899

Seems to have introduced flaky crashes in many JS tests
(Requested by rniwa on #webkit).

Reverted changeset:

"REGRESSION(r180595): same-callee profiling no longer works"
https://bugs.webkit.org/show_bug.cgi?id=144787
http://trac.webkit.org/changeset/184123

10:38 PM Changeset in webkit [184151] by mitz@apple.com
  • 12 edits
    1 add in trunk

Source/WebCore:
WebCore part of <rdar://problem/20878075> Trying to navigate to an invalid URL loads about:blank, but -[WKWebView URL] returns the invalid URL

Reviewed by Alexey Proskuryakov.

Test: TestWebKitAPI/Tests/WebKit2Cocoa/ProvisionalURLChange.mm

In some cases, trying to navigate to an invalid URL results in navigation to about:blank.
When the about:blank load is committed, the UI process still thinks that the provisional
URL is the original, invalid URL, and updates its state to reflect that that’s the URL that
has been committed.

The provisional URL changes (1) when a provisional load begins, (2) when a server redirect
happens, (3) when the client changes the request in willSendRequest, and (4) in this
about:blank case. For (1) and (2), there are frame loader client callbacks. (3) is client-
initiated. So this patch addresses (4).

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::maybeLoadEmpty): If our request URL is changing to about:blank and
while loading the main resource, call FrameLoaderClient::dispatchDidChangeProvisionalURL.

  • loader/FrameLoaderClient.h: Added dispatchDidChangeProvisionalURL with an empty

implementation.

Source/WebKit2:
WebKit2 part of <rdar://problem/20878075> Trying to navigate to an invalid URL loads about:blank, but -[WKWebView URL] returns the invalid URL

Reviewed by Alexey Proskuryakov.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didChangeProvisionalURLForFrame): Added. Update internal state the
same way we update it for server redirects, but don’t make client callbacks. Clients
observing the URL property will see it change.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in: Added DidChangeProvisionalURLForFrame.
  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidChangeProvisionalURL): Override this new
FrameLoaderClient function to send a DidChangeProvisionalURLForFrame message to the UI
process.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

Tools:
Test for <rdar://problem/20878075> Trying to navigate to an invalid URL loads about:blank, but -[WKWebView URL] returns the invalid URL

Reviewed by Alexey Proskuryakov.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/LoadAlternateHTMLString.mm: Fixed copyright header.
  • TestWebKitAPI/Tests/WebKit2Cocoa/ProvisionalURLChange.mm: Added.

(-[ProvisionalURLChangeController webView:didFinishNavigation:]):

9:01 PM Changeset in webkit [184150] by Alan Bujtas
  • 10 edits
    2 adds in trunk

Text is misplaced when custom font does not have space glyph.
https://bugs.webkit.org/show_bug.cgi?id=144879

Reviewed by Myles C. Maxfield

This patch ensures that we use fallback font for the missing space glyph only when the rendered text has space in it.

If a font does not provide all the glyphs required to render the associated text, we initiate fallback fonts. It is done while
measuring the text at layout time. However due to the fact that we always pre-measure space, a font with no space glyph in it is never sufficient.
(even when the text does not require space at all)
Fallback fonts impact line positions through ascent/descent calculation.

Source/WebCore:

Test: fast/text/font-with-no-space-glyph.html

  • rendering/RenderText.cpp:

(WebCore::RenderText::computePreferredLogicalWidths):

  • rendering/line/BreakingContext.h:

(WebCore::WordTrailingSpace::WordTrailingSpace):
(WebCore::WordTrailingSpace::width):
(WebCore::BreakingContext::handleText):

LayoutTests:

  • fast/ruby/ruby-expansion-cjk-2-expected.html: progression
  • fast/ruby/ruby-expansion-cjk-3-expected.html: progression
  • fast/ruby/ruby-expansion-cjk-4-expected.html: progression
  • fast/ruby/ruby-expansion-cjk-5-expected.html: progression
  • fast/ruby/ruby-expansion-cjk-expected.html: progression
  • fast/text/font-with-no-space-glyph-expected.html: Added.
  • fast/text/font-with-no-space-glyph.html: Added.
  • platform/mac/svg/fonts/svg-font-general-expected.html: progression
7:45 PM Changeset in webkit [184149] by mitz@apple.com
  • 5 edits in trunk/Source/WebKit2

<rdar://problem/19773721> [iOS] Find on page feels like it zooms in too much
https://bugs.webkit.org/show_bug.cgi?id=144891

Reviewed by Darin Adler.

Sometimes, Find on Page’s constant 1.6 scale factor is too much. Smart magnification is
designed to choose a scale factor that is just right.

  • UIProcess/ios/SmartMagnificationController.h:
  • UIProcess/ios/SmartMagnificationController.messages.in: Added Magnify message.
  • UIProcess/ios/SmartMagnificationController.mm:

(WebKit::SmartMagnificationController::magnify): Added. Handle the new message using
-[WKContentView _soomToRect:withOrigin:fitEntireRect:minimumScale:maximumScale:minimumScrollDistance:].

  • WebProcess/WebPage/ios/FindControllerIOS.mm:

(WebKit::FindController::updateFindIndicator): Instead of zooming to the selection rect,
get the surrounding render rect (the area we would target for a double-tap at the beginning
of the selection), and tell the magnification controller to target it. Use the center of the
start of the selection as the origin.

7:39 PM Changeset in webkit [184148] by Simon Fraser
  • 4 edits in trunk/Source/WebCore

Small tidyup in animations code
https://bugs.webkit.org/show_bug.cgi?id=144893

Reviewed by Eric Carlson.

Reading progress(1, 0, 0) in callers of AnimationBase::progress() was confusing,
particularly as the last parameter is a TimingFunction*. Put default values
in the header (with nullptr) and fix the callers. Also fix variable names in
the implementation.

  • page/animation/AnimationBase.cpp:

(WebCore::AnimationBase::progress):

  • page/animation/AnimationBase.h:
  • page/animation/ImplicitAnimation.cpp:

(WebCore::ImplicitAnimation::animate):
(WebCore::ImplicitAnimation::getAnimatedStyle):
(WebCore::ImplicitAnimation::blendPropertyValueInStyle):

7:17 PM ApplicationsGtk edited by hendry@iki.fi
kiosk product (diff)
7:11 PM ApplicationsGtk edited by hendry@iki.fi
suckless surf (diff)
7:06 PM Changeset in webkit [184147] by Gyuyoung Kim
  • 20 edits in trunk/Source/WebCore

Purge PassRefPtr in WebCore/rendering
https://bugs.webkit.org/show_bug.cgi?id=144872

Patch by Gyuyoung Kim <Gyuyoung Kim> on 2015-05-11
Reviewed by Darin Adler.

As a step to remove PassRefPtr, this patch replaces PassRefPtr with Ref in WebCore/rendering.

No new tests, no behavior changes.

  • rendering/HitTestingTransformState.h:

(WebCore::HitTestingTransformState::create):

  • rendering/RenderLayer.cpp:

(WebCore::ClipRects::create):

  • rendering/RenderThemeGtk.cpp:

(WebCore::RenderThemeGtk::create):
(WebCore::RenderTheme::themeForPage):

  • rendering/RenderThemeGtk.h:
  • rendering/RenderThemeIOS.h:
  • rendering/RenderThemeIOS.mm:

(WebCore::RenderTheme::themeForPage):
(WebCore::RenderThemeIOS::create):

  • rendering/RenderThemeMac.h:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderTheme::themeForPage):
(WebCore::RenderThemeMac::create):

  • rendering/RenderThemeSafari.cpp:

(WebCore::RenderThemeSafari::create):
(WebCore::RenderTheme::themeForPage):

  • rendering/RenderThemeSafari.h:
  • rendering/RenderThemeWin.cpp:

(WebCore::RenderThemeWin::create):
(WebCore::RenderTheme::themeForPage):

  • rendering/RenderThemeWin.h:
  • rendering/TextAutoSizing.h:

(WebCore::TextAutoSizingValue::create):

  • rendering/style/ShapeValue.h:

(WebCore::ShapeValue::createShapeValue):
(WebCore::ShapeValue::createBoxShapeValue):
(WebCore::ShapeValue::createImageValue):

  • rendering/style/StyleCachedImage.h:
  • rendering/style/StyleCachedImageSet.h:
  • rendering/style/StyleGeneratedImage.h:
  • rendering/style/StylePendingImage.h:
  • rendering/style/StyleReflection.h:

(WebCore::StyleReflection::create):

6:54 PM Changeset in webkit [184146] by jacob_nielsen@apple.com
  • 8 edits in trunk/Tools

Fix internal build configuration issues
https://bugs.webkit.org/show_bug.cgi?id=144762

Reviewed by Darin Adler.

Modifies TestWebKitAPI and WebKitTestRunner's xcconfig files to use SDK selectors.

  • TestWebKitAPI/Configurations/Base.xcconfig:
  • TestWebKitAPI/Configurations/DebugRelease.xcconfig:
  • TestWebKitAPI/Configurations/InjectedBundle.xcconfig:
  • TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig:
  • WebKitTestRunner/Configurations/DebugRelease.xcconfig:
  • WebKitTestRunner/Configurations/InjectedBundle.xcconfig:
  • WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:
6:43 PM Changeset in webkit [184145] by bshafiei@apple.com
  • 5 edits in branches/safari-600.1.4.16-branch/Source

Versioning.

6:43 PM Changeset in webkit [184144] by bshafiei@apple.com
  • 5 edits in branches/safari-600.7-branch/Source

Versioning.

6:40 PM Changeset in webkit [184143] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32-branch/Source

Versioning.

6:29 PM Changeset in webkit [184142] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.32.1

New tag.

6:17 PM Changeset in webkit [184141] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.7.7

New tag.

6:13 PM Changeset in webkit [184140] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac] Update device picker icon when video tracks change
https://bugs.webkit.org/show_bug.cgi?id=144889
<rdar://problem/20907253>

Reviewed by Brent Fulgham.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.updateHasVideo):

6:12 PM Changeset in webkit [184139] by Brent Fulgham
  • 21 edits in trunk/Source

Scroll snap logic should be triggered when resizing the WebView
https://bugs.webkit.org/show_bug.cgi?id=142590
<rdar://problem/20125088>

Reviewed by Simon Fraser.

Source/WebCore:

Tests coming in a second patch.

Resizing of the main frame or overflow regions was properly recalculating the scroll snap points,
but there was no code to honor these values when window resizing was occurring. The correction was
handled in two ways:

  1. Scrolling thread operations that moved to new snap points needed to notify the main thread that it had shifted to a new snap point, so that the resize code (which happens on the main thread) could ensure that we stayed clamped to the correct 'tile' in the snap region.
  2. Main thread (overflow) resizes were likewise missing code to honor the current snap position after resizing calculations were complete.

This change also required the addition of two indices to the scrollable area to track which scroll
snap point was currently being used. We don't bother with a 'none' case because you cannot have a
'none' state when you have an active set of scroll snap points, and we do not execute this code
if the scroll snap points are null.

The FrameView code was computing updated snap offsets after it had dispatched frame view layout
information to the scrolling thread, which was wrong. This was also corrected.

I think it might be possible to track all of this state inside the ScrollController, but the current
scroll snap architecture destroys and recreates the state each time a new set of interactions starts.
This should be fixed in the future, which would allow us to remove some of this local state.

  • page/FrameView.cpp:

(WebCore::FrameView::performPostLayoutTasks): Make sure 'updateSnapOffsets' is called prior to
calling 'frameViewLayoutUpdated' so the scrolling thread gets correct updated points. Add a new
call to 'scrollToNearestActiveSnapPoint', which will keep us on our current snap point during
resize (if appropriate).

  • page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::updateScrollSnapOffsetIndices): Added. This finds and notifies
the correct scroll region when a new snap position (index) has been selected by user interaction on
the scrolling thread.
(WebCore::AsyncScrollingCoordinator::deferTestsForReason): Added an assertion for 'isMainThread'.
(WebCore::AsyncScrollingCoordinator::removeTestDeferralForReason): Ditto.

  • page/scrolling/AsyncScrollingCoordinator.h:
  • page/scrolling/AxisScrollSnapOffsets.h:

(WebCore::closestSnapOffset): Modified to also return the selected snap point index so we can track
it to handle resize operations.

  • page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::updateScrollSnapOffsetIndices):

  • page/scrolling/ThreadedScrollingTree.cpp:

(WebCore::ThreadedScrollingTree::updateScrollSnapOffsetIndices): Added method to dispatch the active
horizontal and vertical scroll snap indices back to the main thread.

  • page/scrolling/ThreadedScrollingTree.h:
  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::handleWheelEvent): After the scroll controller processes
the current event, notify the main thread of any change in the active scroll snap index.

  • platform/ScrollAnimator.cpp:

(WebCore::ScrollAnimator::activeScrollSnapOffsetIndexDidChange): Added method to allow ScrollAnimator
clients to find out about the current scroll snap state, which is only known by the ScrollController.
(WebCore::ScrollAnimator::activeScrollSnapOffsetIndexForAxis): Ditto.

  • platform/ScrollAnimator.h:
  • platform/ScrollView.cpp:

(WebCore::ScrollView::scrollToNearestActiveSnapPoint): Added method that allows us to set scroll position
to one of our active scroll snap offsets.

  • platform/ScrollView.h:
  • platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::handleWheelEvent): If the active scroll snap offset has changed, make sure we
keep track of the new values for potential resize operations.
(WebCore::ScrollableArea::clearHorizontalSnapOffsets): Make sure to also clear out the current snap index.
(WebCore::ScrollableArea::clearVerticalSnapOffsets): Ditto.
(WebCore::ScrollableArea::nearestActiveSnapPoint): New method that returns an updated IntPoint reflecting
the proper scroll position based on the active scroll snap offset.

  • platform/ScrollableArea.h:

(WebCore::ScrollableArea::currentHorizontalSnapPointIndex): Added.
(WebCore::ScrollableArea::setCurrentHorizontalSnapPointIndex): Added.
(WebCore::ScrollableArea::currentVerticalSnapPointIndex): Added.
(WebCore::ScrollableArea::setCurrentVerticalSnapPointIndex): Added.
(WebCore::ScrollableArea::scrollToNearestActiveSnapPoint): Added.

  • platform/cocoa/ScrollController.h:

(WebCore::ScrollControllerClient::activeScrollOffsetIndex): Added new method for clients to implement.
(WebCore::ScrollController::activeScrollSnapOffsetIndexDidChange): Added.
(WebCore::ScrollController::setScrollSnapOffsetIndexDidChange): Added.

  • platform/cocoa/ScrollController.mm:

(WebCore::ScrollController::activeScrollSnapOffsetIndexForAxis): Helper method to return current active
index (if applicable).
(WebCore::ScrollController::setActiveScrollSnapOffsetIndexForAxis): Helper function to safely set
the current active index.
(WebCore::ScrollController::beginScrollSnapAnimation): Updated to keep track of the new active scroll snap
index, as well as whether the current animation actually changed the active snap point offset.

  • platform/cocoa/ScrollSnapAnimatorState.h: Revise to use modern C++ initializers, and to track a new index

that represents the current scroll snap offset.

  • platform/cocoa/ScrollSnapAnimatorState.mm:

(WebCore::ScrollSnapAnimatorState::ScrollSnapAnimatorState): Update for modern C++ syntax.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollToNearestActiveSnapPoint): New method to set scroll position to be one of our
active scroll snap points.
(WebCore::RenderLayer::updateScrollInfoAfterLayout): Add a new call to 'scrollToNearestActiveSnapPoint' so that
we stay on the current scroll snap offset during resizing.

  • rendering/RenderLayer.h:

Source/WebKit2:

  • UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(RemoteScrollingCoordinatorProxy::closestSnapOffsetForMainFrameScrolling): Modify use of 'closestSnapOffset' to satisfy the additional
argument I added. This is currently not used for anything on iOS.

  • UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm: Ditto.
6:06 PM Changeset in webkit [184138] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

Addressing post-review comments after r184037.

Unreviewed.

No new tests because there is no behavior change.

  • rendering/SimpleLineLayoutTextFragmentIterator.cpp:

(WebCore::SimpleLineLayout::TextFragmentIterator::runWidth):

5:58 PM Changeset in webkit [184137] by Brent Fulgham
  • 54 edits in trunk

[Win] Move Windows build target to Windows 7 (or newer)
https://bugs.webkit.org/show_bug.cgi?id=144890
<rdar://problem/20707307>

Reviewed by Anders Carlsson.

Update linked SDK and minimal Windows level to be compatible with
Windows 7 or newer.

Source/JavaScriptCore:

Source/ThirdParty:

  • gtest/msvc/gtest-md.vcxproj:

Source/ThirdParty/ANGLE:

  • ANGLE.vcxproj/libEGL.vcxproj:
  • ANGLE.vcxproj/libGLESv2.vcxproj:
  • ANGLE.vcxproj/preprocessor.vcxproj:
  • ANGLE.vcxproj/translator_common.vcxproj:
  • ANGLE.vcxproj/translator_glsl.vcxproj:
  • ANGLE.vcxproj/translator_hlsl.vcxproj:

Source/WebCore:

  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCoreGenerated.vcxproj:
  • WebCore.vcxproj/WebCoreTestSupport.vcxproj:
  • WebCorePrefix.h:
  • config.h:
  • testing/js/WebCoreTestSupportPrefix.h:

Source/WebInspectorUI:

  • WebInspectorUI.vcxproj/WebInspectorUI.vcxproj:

Source/WebKit:

  • WebKit.vcxproj/Interfaces/Interfaces.vcxproj:
  • WebKit.vcxproj/WebKit/WebKit.vcxproj:
  • WebKit.vcxproj/WebKitGUID/WebKitGUID.vcxproj:

Source/WebKit/win:

  • WebKitPrefix.h:

Source/WTF:

  • WTF.vcxproj/WTF.vcxproj:
  • WTF.vcxproj/WTFGenerated.vcxproj:
  • config.h:

Tools:

  • DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTree.vcxproj:
  • DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncher.vcxproj:
  • DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiff.vcxproj:
  • DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncher.vcxproj:
  • DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePlugin.vcxproj:
  • DumpRenderTree/config.h:
  • TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj:
  • WinLauncher/WinLauncher.vcxproj/WinLauncher.vcxproj:
  • WinLauncher/WinLauncher.vcxproj/WinLauncherLib.vcxproj:
  • WinLauncher/stdafx.h:
5:15 PM Changeset in webkit [184136] by akling@apple.com
  • 2 edits in branches/safari-600.7-branch/LayoutTests

commit-log-editor -p ChangeLog

5:09 PM Changeset in webkit [184135] by jdiggs@igalia.com
  • 12 edits in trunk

AX: [ATK] Always include rows in the tree of accessible tables
https://bugs.webkit.org/show_bug.cgi?id=144885

Reviewed by Chris Fleizach.

Source/WebCore:

Remove the code that excluded rows from the tree of accessible tables for
Gtk and Efl, the latter of which inherited the exclusion from the former.

No new tests. We already have several tests which cover table hierarchy.
The associated expectations have been updated as part of this fix.

  • accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::addChildrenFromSection):

  • accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(webkitAccessibleGetParent):

LayoutTests:

Update the expectations to reflect the rows which are now included in the tree.

  • platform/efl/accessibility/table-attributes-expected.txt: Updated.
  • platform/efl/accessibility/table-cell-spans-expected.txt: Updated.
  • platform/efl/accessibility/table-cells-expected.txt: Updated.
  • platform/efl/accessibility/table-sections-expected.txt: Updated.
  • platform/gtk/accessibility/table-attributes-expected.txt: Updated.
  • platform/gtk/accessibility/table-cell-spans-expected.txt: Updated.
  • platform/gtk/accessibility/table-cells-expected.txt: Updated.
  • platform/gtk/accessibility/table-sections-expected.txt: Updated.
5:06 PM Changeset in webkit [184134] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.1.4.16.3

New tag.

4:41 PM Changeset in webkit [184133] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Unreviewed, rolling out r184119.
https://bugs.webkit.org/show_bug.cgi?id=144888

broke JSC tests on Apple Windows bots (Requested by kling on
#webkit).

Reverted changeset:

"Fix run-javascriptcore-tests step on the WinCairo bot"
https://bugs.webkit.org/show_bug.cgi?id=144866
http://trac.webkit.org/changeset/184119

4:27 PM Changeset in webkit [184132] by akling@apple.com
  • 2 edits in trunk/Source/WebKit2

Force a rebuild of JSNPObject.cpp on bots.

  • WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::callMethod):

4:21 PM Changeset in webkit [184131] by rniwa@webkit.org
  • 1 edit
    4 adds in trunk/Tools

run-benchmark should support Dromaeo
https://bugs.webkit.org/show_bug.cgi?id=144849

Reviewed by Chris Dumez.

Added the benchmark plans for Dromaeo DOM tests. We only run these tests once since
they can take as much as 15 minutes to run each.

  • Scripts/webkitpy/benchmark_runner/data/patches/Dromaeo.patch: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/dromaeo-cssquery.plan: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/dromaeo-dom.plan: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/dromaeo-jslib.plan: Added.
4:18 PM Changeset in webkit [184130] by timothy@apple.com
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION (Tabs): Issues reloading a resource with breakpoints
https://bugs.webkit.org/show_bug.cgi?id=144650

Fix a number of issues with Debugger tab and navigation/reloading:

  • Close old content views in the Debugger tab when main frame navigates.
  • Prune old resource tree elements before attempting to restore a cookie that might match an old resource.
  • Allow breakpoint selections to be restored from a saved cookie.
  • Fix an assert when closing a content view that isn't the current index, but is the current view.
  • Avoid calling closed() multiple times when a ContentView is in the back/forward list more than once.
  • Make restoreStateFromCookie properly set and use the causedByNavigation argument for a longer restore delay.
  • Create a new cookie object per tab instead of it being cumulative from the previous cookie.

Reviewed by Brian Burg.

  • UserInterface/Base/Main.js:

(WebInspector._mainResourceDidChange): Delay calling _restoreCookieForOpenTabs to give time for sidebars
and tabs to respond to the main resource change.
(WebInspector._restoreCookieForOpenTabs): Rename causedByReload to causedByNavigation. Nothing special about
reload since we restore on all navigation.

  • UserInterface/Views/ContentView.js:

(WebInspector.ContentView): Support Breakpoint as a represented object, which happens during a cookie restore.
(WebInspector.ContentView.isViewable): Ditto.

  • UserInterface/Views/ContentViewContainer.js:

(WebInspector.ContentViewContainer.prototype.closeAllContentViews): Disassociate if the view is current and not just
the current entry index. This matches other close functions. This fixes an assert in _disassociateFromContentView.
(WebInspector.ContentViewContainer.prototype._disassociateFromContentView): Don't disassociate multiple times. This
avoids calling the closed() function on a view more than once.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype.saveStateToCookie):
(WebInspector.DebuggerSidebarPanel.prototype._mainResourceDidChange): Renamed from _mainResourceChanged.
Close all content views if this is the main frame. Also prune all old resources. Doing this now avoids a flash
of having old and new resources in the tree caused by the default delay in NavigationSidebarPanel's _checkForOldResources.

  • UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel): Set _autoPruneOldTopLevelResourceTreeElements for later.
(WebInspector.NavigationSidebarPanel.prototype.get contentTreeOutlineToAutoPrune): Deleted.
(WebInspector.NavigationSidebarPanel.prototype.showDefaultContentView): Fix typo.
(WebInspector.NavigationSidebarPanel.prototype.showDefaultContentViewForTreeElement): Fix whitespace.
(WebInspector.NavigationSidebarPanel.prototype.pruneOldResourceTreeElements): Added. Broken out from
_checkForOldResources.delayedWork so it can be called manually. Also check all visible tree outlines.
(WebInspector.NavigationSidebarPanel.prototype._treeElementAddedOrChanged): Pass treeElement in an array.
(WebInspector.NavigationSidebarPanel.prototype._checkForOldResourcesIfNeeded): Added.
(WebInspector.NavigationSidebarPanel.prototype._checkForOldResources): Call pruneOldResourceTreeElements on a delay.
(WebInspector.NavigationSidebarPanel.prototype._checkForOldResources.delayedWork): Deleted.
(WebInspector.NavigationSidebarPanel.prototype._checkOutlinesForPendingViewStateCookie): Call _checkForOldResourcesIfNeeded.
(WebInspector.NavigationSidebarPanel.prototype._checkElementsForPendingViewStateCookie): Remove array folding code.

  • UserInterface/Views/TabContentView.js:

(WebInspector.TabContentView.prototype.restoreStateFromCookie): Rename causedByReload to causedByNavigation.
(WebInspector.TabContentView.prototype.saveStateToCookie): Don't allow the cookie to build on the old cookie.

3:51 PM Changeset in webkit [184129] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

Unreviewed build fix. Add "Duration" as a time metric.

  • public/js/helper-classes.js:
  • public/v2/data.js:

(RunsData.unitFromMetricName):

3:42 PM Changeset in webkit [184128] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

CPS rethreading phase's flush detector flushes way too many SetLocals
https://bugs.webkit.org/show_bug.cgi?id=144819

Reviewed by Geoffrey Garen.

After probably unrelated changes, this eventually caused some arguments elimination to stop
working because it would cause more SetLocals to turn into PutStacks. But it was a bug for
a long time. Basically, we don't want the children of a SetLocal to be flushed. Flushing is
meant to only affect the SetLocal itself.

This is a speed-up on Octane/earley.

  • dfg/DFGCPSRethreadingPhase.cpp:

(JSC::DFG::CPSRethreadingPhase::computeIsFlushed):

3:41 PM Changeset in webkit [184127] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

gmail and google maps fail to load with eager compilation: Failed to insert inline cache for varargs call (specifically, CallForwardVarargs) because we thought the size would be 250 but it ended up being 262 prior to compaction.
https://bugs.webkit.org/show_bug.cgi?id=144854

Reviewed by Oliver Hunt.

This is easy: just lift the threshold. Also remove the need for some duplicate thresholds.
It used to be that Construct required less code, but that's not the case for now.

  • ftl/FTLInlineCacheSize.cpp:

(JSC::FTL::sizeOfCallForwardVarargs):
(JSC::FTL::sizeOfConstructVarargs):
(JSC::FTL::sizeOfConstructForwardVarargs):

3:36 PM Changeset in webkit [184126] by rniwa@webkit.org
  • 2 edits in trunk/Tools

Build fix. jetstream has a local copy, not remote archive.

  • Scripts/webkitpy/benchmark_runner/data/plans/jetstream.plan:
3:31 PM Changeset in webkit [184125] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Simplify shim path computation
https://bugs.webkit.org/show_bug.cgi?id=144884
Part of rdar://problem/19708579.

Reviewed by Sam Weinig.

Factor the code that computes the shim path out into a separate function. Also make this mac only
since we don't have any shims on iOS.

  • UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::computeProcessShimPath):
(WebKit::addDYLDEnvironmentAdditions):

2:40 PM Changeset in webkit [184124] by rniwa@webkit.org
  • 10 edits
    6 adds
    1 delete in trunk/Tools

run-benchmark should support SunSpider, Kraken and Octane
https://bugs.webkit.org/show_bug.cgi?id=144840

Reviewed by Darin Adler.

Added the support for SunSpider, Kraken, and Octane. Because of the licensing issues, we can't commit the
Kraken source code into the WebKit repository as done for other benchmarks. Instead, we'll dynamically
download it from the remote server using newly added RemoteZipBenchmarkBuilder. We do the same for Octane
for simplicity. Use newly added --local-copy option to specify the location of a local copy if there is any.

Renamed "original_benchmark in the plan file to "local_copy" and added a new optional "remote_archive" to
specify the URL to a remote ZIP file. This optional field is used by Kraken and Octane benchmark plans.

In addition, generalized the ability to run a "create script" in JetStreamBenchmarkBuilder since it's also
needed for SunSpider and Kraken. This feature has now been folded into GenericBenchmarkBuilder.

  • Scripts/webkitpy/benchmark_runner/benchmark_builder/benchmark_builders.json: Added

RemoteZipBenchmarkBuilder for Kraken and removed JetStreamBenchmarkBuilder since GenericBenchmarkBuilder
now has the ability to run an arbitrary "create script".

  • Scripts/run-benchmark:

(main): Added an optional argument, --local-copy, to override the location of the benchmark's local copy.
This also overrides the remote archive URL specified in the plan.

  • Scripts/webkitpy/benchmark_runner/README.md: Updated the description.
  • Scripts/webkitpy/benchmark_runner/benchmark_builder/benchmark_builders.json: Deleted the entry for

JetStreamBenchmarkBuilder.

  • Scripts/webkitpy/benchmark_runner/benchmark_builder/generic_benchmark_builder.py:

(GenericBenchmarkBuilder.prepare): Call _fetchRemoteArchive if local_copy is not specified in the plan or
by --local-copy option but remote_archive is specified. Also call self.clean() here instead of relying on
_runCreateScript and _applyPatch to clean after themselves.
(GenericBenchmarkBuilder._runCreateScript): Moved from JetStreamBenchmarkBuilder._runCreateScript since
JetStream, SunSpider, Kraken all use this feature.
(GenericBenchmarkBuilder._copyBenchmarkToTempDir): Use self.name as the destination location instead of
the leaf directory name since the latter is not available when a remote ZIP file is used.
(GenericBenchmarkBuilder._fetchRemoteArchive): Added.
(GenericBenchmarkBuilder._applyPatch): Apply the patch inside destination directory to avoid hard coding
the benchmark name in the patches.

  • Scripts/webkitpy/benchmark_runner/benchmark_builder/jetstream_benchmark_builder.py: Removed.
  • Scripts/webkitpy/benchmark_runner/benchmark_runner.py:

(BenchmarkRunner.init): Set self.planName. Also override 'local_copy' when --local-copy option is used.
(BenchmarkRunner.execute): Exit early if neither local_copy nor remote_archive is specified. Prefix the URL
the browser opens by planName as the plan file no longer contains that.

  • Scripts/webkitpy/benchmark_runner/data/patches/JetStream.patch: Changed the path to be relative against

the top directory of JetStream instead of its parent.

  • Scripts/webkitpy/benchmark_runner/data/patches/Kraken.patch: Added.
  • Scripts/webkitpy/benchmark_runner/data/patches/Octane.patch: Added.
  • Scripts/webkitpy/benchmark_runner/data/patches/Speedometer.patch: Changed the path to be relative against

the top directory of JetStream instead of its parent.

  • Scripts/webkitpy/benchmark_runner/data/patches/SunSpider.patch: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/jetstream.plan: Uses GenericBenchmarkBuilder and specifies

the script to run. The entry point was changed to the relative path from the top directory of JetStream as
done in JetStream.patch.

  • Scripts/webkitpy/benchmark_runner/data/plans/kraken.plan: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/octane.plan: Added.
  • Scripts/webkitpy/benchmark_runner/data/plans/speedometer.plan: The entry point was changed to the relative

path from the top directory of JetStream as done in JetStream.patch.

  • Scripts/webkitpy/benchmark_runner/data/plans/sunspider.plan: Added.
2:21 PM Changeset in webkit [184123] by rniwa@webkit.org
  • 13 edits
    1 add in trunk/Source/JavaScriptCore

REGRESSION(r180595): same-callee profiling no longer works
https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Michael Saboff.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

  • bytecode/BytecodeList.json: Increased the number of operands to 5.
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset): op_create_this uses 2nd (constructor) and 4th (callee cache)
operands.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior.
(JSC::JIT::emitSlow_op_create_this):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):

  • llint/LowLevelInterpreter32_64.asm:

(_llint_op_create_this): Ditto.

  • llint/LowLevelInterpreter64.asm:

(_llint_op_create_this): Ditto.

  • runtime/CommonSlowPaths.cpp:

(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().

  • runtime/JSCell.h:

(JSC::JSCell::seenMultipleCalleeObjects): Added.

  • runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.

  • tests/stress/create-this-with-callee-variants.js: Added.
2:20 PM Changeset in webkit [184122] by jdiggs@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

AX: [ATK] Need expectation files for menu-list-crash2.html for Gtk and Efl
https://bugs.webkit.org/show_bug.cgi?id=144881

Unreviewed GTK+ and EFL gardening.

  • platform/efl/accessibility/menu-list-crash2-expected.txt: Added.
  • platform/gtk/accessibility/menu-list-crash2-expected.txt: Added.
2:14 PM Changeset in webkit [184121] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebKit2

Unreviewed build fix

Unreviewed.

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::compiledToFile):

2:13 PM Changeset in webkit [184120] by akling@apple.com
  • 6 edits
    1 delete in trunk/Source/JavaScriptCore

PropertyNameArray should use a Vector when there are few entries.
<https://webkit.org/b/144874>

Reviewed by Geoffrey Garen.

Bring back an optimization that was lost in the for-in refactoring.
PropertyNameArray now holds a Vector<AtomicStringImpl*> until there are
enough (20) entries to justify converting to a HashSet for contains().

Also inlined the code while we're here, since it has so few clients and
the call overhead adds up.

~5% progression on Kraken/json-stringify-tinderbox.

  • runtime/PropertyNameArray.cpp: Removed.
  • runtime/PropertyNameArray.h:

(JSC::PropertyNameArray::canAddKnownUniqueForStructure):
(JSC::PropertyNameArray::add):
(JSC::PropertyNameArray::addKnownUnique):

1:42 PM Changeset in webkit [184119] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

Fix run-javascriptcore-tests step on the WinCairo bot
https://bugs.webkit.org/show_bug.cgi?id=144866

Reviewed by Darin Adler.

  • Scripts/run-jsc-stress-tests:
1:28 PM Changeset in webkit [184118] by akling@apple.com
  • 1 edit
    1 add in trunk/LayoutTests

Add a Windows-specific result for the new accessibility/menu-list-crash2.html test.

  • platform/win/accessibility/menu-list-crash2-expected.txt: Added.
1:09 PM Changeset in webkit [184117] by Matt Baker
  • 7 edits in trunk/Source

Web Inspector: REGRESSION (r175203): No profile information is shown in Inspector
https://bugs.webkit.org/show_bug.cgi?id=144808

Reviewed by Darin Adler.

Source/JavaScriptCore:

Since a profile can be started after a timeline recording has already begun, we can't assume a zero start time.
The start time for the root node's call entry should be based on the stopwatch used by the ProfileGenerator.

  • profiler/Profile.cpp:

(JSC::Profile::create):
(JSC::Profile::Profile):

  • profiler/Profile.h:
  • profiler/ProfileGenerator.cpp:

(JSC::ProfileGenerator::ProfileGenerator):
(JSC::AddParentForConsoleStartFunctor::operator()):

Source/WebCore:

Profiles started from the console should always use the Inspector environment's shared stopwatch.

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::startFromConsole):

12:54 PM Changeset in webkit [184116] by commit-queue@webkit.org
  • 27 edits
    3 adds in trunk

[Content Extensions] Support domain-specific rules and exceptions.
https://bugs.webkit.org/show_bug.cgi?id=144833

Patch by Alex Christensen <achristensen@webkit.org> on 2015-05-11
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/contentextensions/domain-rules.html
(And lots of API tests)

This patch adds if-domain and unless-domain to the trigger in the JSON format.
if-domain makes the rule apply only to domains in the list.
unless-domain makes the rule apply to domains that are not in the list.

All rules without if-domain or unless-domain are compiled into a set of DFAs. This behavior is unchanged.
All rules with if-domain or unless-domain are compiled into a separate set of DFAs.
The domains are also compiled into another set of DFAs. This makes 3 arrays of DFA bytecode instead of 1.

If there are no domain specific rules, there is no change in behavior.
If there are domain specific rules, the URL will be checked for matches in both
filtersWithoutDomainsBytecode and filtersWithDomainsBytecode. If there are matches from
filtersWithDomainsBytecode then the domain of the main document will be checked with
domainFiltersBytecode to see which of the matches applies to this domain.

  • contentextensions/CombinedURLFilters.cpp:

(WebCore::ContentExtensions::CombinedURLFilters::isEmpty):
(WebCore::ContentExtensions::CombinedURLFilters::addDomain):

  • contentextensions/CombinedURLFilters.h:

Added addDomain, which adds characters from a domain to the prefix tree directly without using YARR.

  • contentextensions/CompiledContentExtension.cpp:

(WebCore::ContentExtensions::CompiledContentExtension::globalDisplayNoneSelectors):

  • contentextensions/CompiledContentExtension.h:
  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::serializeActions):
(WebCore::ContentExtensions::compileRuleList):
Separate the rules into rules with domains and rules without domains and compile to bytecode.

  • contentextensions/ContentExtensionCompiler.h:

Updated compiler interface to reflect the slightly more complicated structure.

  • contentextensions/ContentExtensionError.cpp:

(WebCore::ContentExtensions::contentExtensionErrorCategory):

  • contentextensions/ContentExtensionError.h:

Added new parsing errors.

  • contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getDomainList):
(WebCore::ContentExtensions::loadTrigger):
(WebCore::ContentExtensions::loadEncodedRules):

  • contentextensions/ContentExtensionRule.h:

(WebCore::ContentExtensions::Trigger::operator==):
Parse the new domain structures from JSON into the Trigger structure.

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):
Interpret as much bytecode as necessary to determine which rules apply to this URL and domain.

  • contentextensions/DFABytecode.h:

(WebCore::ContentExtensions::instructionSizeWithArguments):

  • contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::emitAppendAction):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitTestFlagsAndAppendAction):
(WebCore::ContentExtensions::DFABytecodeCompiler::compileNode):

  • contentextensions/DFABytecodeCompiler.h:
  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::DFABytecodeInterpreter::interpretAppendAction):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpretTestFlagsAndAppendAction):
(WebCore::ContentExtensions::DFABytecodeInterpreter::actionsFromDFARoot):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):

  • contentextensions/DFABytecodeInterpreter.h:
  • loader/ResourceLoadInfo.h:

Keep track of which actions have an if-domain trigger. If an action is in the
filtersWithDomainsBytecode, then it either has an if-domain or an unless-domain in its trigger.
This requires additional information in the bytecode, so there are two new bytecode types.

Source/WebKit2:

  • Shared/WebCompiledContentExtension.cpp:

(WebKit::WebCompiledContentExtension::filtersWithoutDomainsBytecode):
(WebKit::WebCompiledContentExtension::filtersWithoutDomainsBytecodeLength):
(WebKit::WebCompiledContentExtension::filtersWithDomainsBytecode):
(WebKit::WebCompiledContentExtension::filtersWithDomainsBytecodeLength):
(WebKit::WebCompiledContentExtension::domainFiltersBytecode):
(WebKit::WebCompiledContentExtension::domainFiltersBytecodeLength):
(WebKit::WebCompiledContentExtension::bytecode): Deleted.
(WebKit::WebCompiledContentExtension::bytecodeLength): Deleted.

  • Shared/WebCompiledContentExtension.h:
  • Shared/WebCompiledContentExtensionData.cpp:

(WebKit::WebCompiledContentExtensionData::encode):
(WebKit::WebCompiledContentExtensionData::decode):

  • Shared/WebCompiledContentExtensionData.h:

(WebKit::WebCompiledContentExtensionData::WebCompiledContentExtensionData):

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::ContentExtensionMetaData::fileSize):
(API::encodeContentExtensionMetaData):
(API::decodeContentExtensionMetaData):
(API::compiledToFile):
(API::createExtension):
Keep track of 3 different types of bytecode to be able to handle domain-specific rules.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::InMemoryCompiledContentExtension::createFromFilter):
(TestWebKitAPI::InMemoryCompiledContentExtension::create):
(TestWebKitAPI::InMemoryCompiledContentExtension::InMemoryCompiledContentExtension):
Moved CompiledContentExtensionData from ContentExtensionCompiler.h because it is only used for testing.
(TestWebKitAPI::mainDocumentRequest):
(TestWebKitAPI::subResourceRequest):
(TestWebKitAPI::TEST_F):
(TestWebKitAPI::checkCompilerError):
Added tests for parsing and functionality of if-domain and unless-domain.

LayoutTests:

  • http/tests/contentextensions/domain-rules-expected.txt: Added.
  • http/tests/contentextensions/domain-rules.html: Added.
  • http/tests/contentextensions/domain-rules.html.json: Added.
12:32 PM Changeset in webkit [184115] by yoav@yoav.ws
  • 2 edits in trunk/Source/WebCore

Add srcset, sizes and picture to the features json
https://bugs.webkit.org/show_bug.cgi?id=144862

Reviewed by Benjamin Poulain.

Add the srcset w descriptor and sizes attribute as a new feature in the JSON file,
as well as adding the picture element and srcset's x descriptor as seperate features.

No new tests, since no new functionality added.

  • features.json:
12:01 PM Changeset in webkit [184114] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Fix checkingLogicalHeight initialization in Document::updateLayoutIfDimensionsOutOfDate()
https://bugs.webkit.org/show_bug.cgi?id=144873

Reviewed by Simon Fraser.

Fix checkingLogicalHeight initialization in Document::updateLayoutIfDimensionsOutOfDate().
checkingLogicalHeight should only be initialized to true when
"dimensionsCheck & WidthDimensionsCheck" if isVertical is true.

  • dom/Document.cpp:

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

11:59 AM Changeset in webkit [184113] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184004. rdar://problem/20593291

11:41 AM Changeset in webkit [184112] by basile_clement@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove unintended change.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

11:30 AM Changeset in webkit [184111] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Make it easy to enable eager/non-concurrent JIT compilation
https://bugs.webkit.org/show_bug.cgi?id=144877

Reviewed by Michael Saboff.

  • runtime/Options.cpp:

(JSC::recomputeDependentOptions):

  • runtime/Options.h:
11:18 AM Changeset in webkit [184110] by fpizlo@apple.com
  • 3 edits
    7 adds in trunk

We shouldn't promote LoadVarargs to a sequence of GetStacks and PutStacks if doing so would exceed the LoadVarargs' limit
https://bugs.webkit.org/show_bug.cgi?id=144851

Reviewed by Michael Saboff.
Source/JavaScriptCore:


LoadVarargs loads arguments from some object and puts them on the stack. The region of
stack is controlled by a bunch of meta-data, including InlineCallFrame. InlineCallFrame
shouldn't really be edited after ByteCodeParser, so we cannot convert LoadVarargs to
something that uses more stack than the LoadVarargs wanted to.

This check was missing in the ArgumentsEliminationPhase's LoadVarargs->GetStack+PutStack
promoter. This is an important promotion rule for performance, and in cases where we are
compiling truly hot code, the LoadVarargs limit will be at least as big as the length of
the phantom arguments array that this phase sees. The LoadVarargs limit is based on
profiling and the phantom arguments array is a proof; in most cases the profiling is more
conservative.

But, you could write some crazy code where the statically obvious arguments array value is
bigger than what the profiling would have told you. When this happens, this promotion
effectively removes a bounds check. This either results in us clobbering a bunch of stack,
or it means that we never initialize a region of the stack that a later operation will read
(the uninitialization happens because PutStackSinkingPhase removes PutStacks that appear
unnecessary, and a GetMyArgumentByVal will claim not to use the region of the stack outside
the original LoadVarargs limit).

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • tests/stress/load-varargs-elimination-bounds-check-barely.js: Added.

(foo):
(bar):
(baz):

  • tests/stress/load-varargs-elimination-bounds-check.js: Added.

(foo):
(bar):
(baz):

LayoutTests:

  • js/regress/load-varargs-elimination-expected.txt: Added.
  • js/regress/load-varargs-elimination.html: Added.
  • js/regress/script-tests/load-varargs-elimination.js: Added.

(foo):
(bar):
(baz):

  • js/regress/sink-huge-activation-expected.txt: Added.
  • js/regress/sink-huge-activation.html: Added.
11:02 AM Changeset in webkit [184109] by rniwa@webkit.org
  • 4 edits
    2 adds in trunk/Tools

run-benchmark should support Chrome Canary and Firefox Nightly
https://bugs.webkit.org/show_bug.cgi?id=144850

Reviewed by Darin Adler.

Added the support for Chrome Canary, Firefox (release), and Firefox Nightly.

This patch also extracts OSXBrowserDriver to launch and terminate processes on OS X.

  • Scripts/webkitpy/benchmark_runner/browser_driver/browser_drivers.json:
  • Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py: Added.

(OSXBrowserDriver):
(OSXBrowserDriver.prepareEnv): Extracted from ChromeBrowserDriver.prepareEnv.
(OSXBrowserDriver.closeBrowsers): Ditto.
(OSXBrowserDriver.launchProcess): Ditto.
(OSXBrowserDriver.terminateProcesses): Ditto.

  • Scripts/webkitpy/benchmark_runner/browser_driver/osx_chrome_driver.py:

(OSXChromeDriver): Removed the unused self.chromePreferences.
(OSXChromeDriver.prepareEnv): Moved to OSXBrowserDriver.
(OSXChromeDriver.closeBrowsers): Ditto.
(OSXChromeDriver.launchUrl):
(OSXChromeCanaryDriver): Added.
(OSXChromeCanaryDriver.launchUrl):

  • Scripts/webkitpy/benchmark_runner/browser_driver/osx_firefox_driver.py: Added.

(OSXFirefoxDriver): Added.
(OSXFirefoxDriver.launchUrl):
(OSXFirefoxNightlyDriver): Added.
(OSXFirefoxNightlyDriver.launchUrl):

  • Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py:

(OSXSafariDriver):
(OSXSafariDriver.closeBrowsers):

10:50 AM Changeset in webkit [184108] by timothy@apple.com
  • 6 edits in trunk/Source/WebInspectorUI

Web Inspector: NavigationSidebarPanel leaks some event listeners
https://bugs.webkit.org/show_bug.cgi?id=144523

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel):
(WebInspector.NavigationSidebarPanel.prototype.closed):

  • UserInterface/Views/ResourceSidebarPanel.js:

(WebInspector.ResourceSidebarPanel.prototype.closed):

  • UserInterface/Views/SearchSidebarPanel.js:

(WebInspector.SearchSidebarPanel.prototype.closed):

  • UserInterface/Views/StorageSidebarPanel.js:

(WebInspector.StorageSidebarPanel.prototype.closed):

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.closed):

10:47 AM Changeset in webkit [184107] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

JSON.stringify shouldn't use generic get() to access Array.length
<https://webkit.org/b/144847>

Reviewed by Geoffrey Garen.

If the value being serialized is a JSArray object, we can downcast and call its
length() directly instead of doing a generic property lookup.

0.5% progression on Kraken/json-stringify-tinderbox.

  • runtime/JSONObject.cpp:

(JSC::Stringifier::Holder::appendNextProperty):

10:38 AM Changeset in webkit [184106] by timothy_horton@apple.com
  • 8 edits in trunk

Page overlay action context override should indicate the source of the request
https://bugs.webkit.org/show_bug.cgi?id=144832
<rdar://problem/20562594>

Reviewed by Darin Adler.

  • WebProcess/InjectedBundle/API/c/WKBundlePageOverlay.cpp:
  • WebProcess/InjectedBundle/API/c/WKBundlePageOverlay.h:
  • WebProcess/WebPage/WebPageOverlay.cpp:

(WebKit::WebPageOverlay::actionContextForResultAtPoint):

  • WebProcess/WebPage/WebPageOverlay.h:

(WebKit::WebPageOverlay::Client::actionContextForResultAtPoint):

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performActionMenuHitTestAtLocation):
Add a parameter to WKBundlePageOverlayActionContextForResultAtPoint so that
clients can tell whether the requested action context should be targetted
at an action menu or immediate action.

  • TestWebKitAPI/Tests/WebKit2ObjC/ActionMenusBundle.mm:

(TestWebKitAPI::ActionMenuTest::actionContextForResultAtPoint):

10:27 AM Changeset in webkit [184105] by dbates@webkit.org
  • 30 edits in trunk/Source

[iOS] Close all open databases in expiration handler of process assertion
https://bugs.webkit.org/show_bug.cgi?id=144661
<rdar://problem/20845052>

Reviewed by Darin Adler.

Source/WebCore:

Expose functionality in WebCore to close all open databases. Closing a SQLite database
will interrupt any in-progress database transactions.

  • Modules/webdatabase/AbstractDatabaseServer.h:
  • Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::closeAllDatabases): Added; turns around and calls DatabaseServer::closeAllDatabases().

  • Modules/webdatabase/DatabaseManager.h: Export DatabaseManager::closeAllDatabases() so that

we can call in from WebKit2.

  • Modules/webdatabase/DatabaseServer.cpp:

(WebCore::DatabaseServer::closeAllDatabases): Added; turns around and calls DatabaseTracker::closeAllDatabases().

  • Modules/webdatabase/DatabaseServer.h:
  • Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::closeAllDatabases): Added; closes all open databases.

  • Modules/webdatabase/DatabaseTracker.h: Export DatabaseTracker::closeAllDatabases() so that

we can call in from Legacy WebKit.

Source/WebKit/mac:

For Legacy WebKit, close all open databases when the process assertion expiration
handler is called.

  • Storage/WebDatabaseManager.mm:

(+[WebDatabaseManager startBackgroundTask]): Call DatabaseTracker::tracker().closeAllDatabases()
in the expiration handler to close all open databases. As a side effect of closing
a database all in-progress database transactions are interrupted.

Source/WebKit2:

For WebKit2, close all open databases when the process assertion expiration
handler is called.

When the process assertion expiration handler is called we dispatch a synchronous
message called ProcessWillSuspendImminently to the {Web, Network} processes to inform
them that they will be suspended imminently. The {Web, Network} process will always
service this message regardless if they were waiting for another message. In the
WebProcess, we will close all open databases among other tasks upon receiving this
message. In the NetworkProcess, we will purge some data from memory.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::didReceiveSyncMessage): Modified to call NetworkProcess::didReceiveSyncNetworkProcessMessage()
to process the synchronous ProcessWillSuspendImminently message.
(WebKit::NetworkProcess::processWillSuspendImminently): Added; free some memory.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in: Added synchronous message ProcessWillSuspendImminently.
  • Shared/ChildProcessProxy.h:

(WebKit::ChildProcessProxy::sendSync): Added parameter sendSyncFlags so that we can send
a sync message with flag IPC::InterruptWaitingIfSyncMessageArrives to cause the {Web, Network}Process
to process the message regardless of whether it is waiting for another message.

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently): Added. Sends the message
ProcessWillSuspendImminently to the NetworkProcess.

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/ProcessAssertion.cpp:

(WebKit::ProcessAndUIAssertion::setClient): Added.

  • UIProcess/ProcessAssertion.h: Added abstract class ProcessAssertionClient.

(WebKit::ProcessAssertionClient::~ProcessAssertionClient): Added.
(WebKit::ProcessAssertion::setClient): Added.
(WebKit::ProcessAssertion::client): Added.

  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::didConnectToProcess):
(WebKit::ProcessThrottler::assertionWillExpireImminently): Added; implements the ProcessAssertionClient
interface. Notify the process throttler clients that the assertion is near expiration.

  • UIProcess/ProcessThrottler.h:
  • UIProcess/ProcessThrottlerClient.h: Added
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::sendProcessWillSuspendImminently): Added. Sends the message
ProcessWillSuspendImminently to the WebProcess.

  • UIProcess/WebProcessProxy.h:
  • UIProcess/ios/ProcessAssertionIOS.mm:

(-[WKProcessAssertionBackgroundTaskManager addClient:]): Added.
(-[WKProcessAssertionBackgroundTaskManager removeClient:]): Added.
(-[WKProcessAssertionBackgroundTaskManager _updateBackgroundTask]): Modified expiration handler
to notify ProcessAssertionClient clients that the assertion is near expiration.
(WebKit::ProcessAssertion::~ProcessAssertion): Remove the client on destruction.
(WebKit::ProcessAndUIAssertion::setClient): Added.

  • WebProcess/WebCoreSupport/WebDatabaseManager.cpp:

(WebKit::WebDatabaseManager::closeAllDatabases): Added; turns around and calls DatabaseManager::closeAllDatabases().

  • WebProcess/WebCoreSupport/WebDatabaseManager.h:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveSyncMessage): Call WebProcess::didReceiveSyncWebProcessMessage() to process
the synchronous ProcessWillSuspendImminently message. Removed logging for an unhandled synchronous message
since WebProcess::didReceiveSyncWebProcessMessage() will ASSERT_NOT_REACHED() for such a message.
(WebKit::WebProcess::prepareToSuspend): Extracted code from WebProcess::processWillSuspend() so that it can
be used from both WebProcess::processWillSuspend() and WebProcess::processWillSuspendImminently(). And modified
it to conditionally dispatch a ProcessReadyToSuspend message to the WebProcessProxy. We only want to dispatch
such a message as part of a coordinated suspension by the ProcessThrottler. That is, we do not want to dispatch
the ProcessReadyToSuspend message when the background assertion is near expiration (i.e. WebProcess::processWillSuspendImminently()
is called).
(WebKit::WebProcess::processWillSuspendImminently): Added. Suspend all open databases among other tasks.
(WebKit::WebProcess::processWillSuspend): Implemented in terms of WebProcess::prepareToSuspend().
(WebKit::WebProcess::processSuspensionCleanupTimerFired): Modified to conditionally dispatch a ProcessReadyToSuspend
message to the WebProcessProxy.
(WebKit::WebProcess::processDidResume): Stop the suspension cleanup timer, which may be active if the WebProcess
did not mark all its graphics layers as volatile before process suspension.

  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in: Added synchronous message ProcessWillSuspendImminently.
9:26 AM Changeset in webkit [184104] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

WebContent crash under com.apple.WebCore: WebCore::WebKitCSSResourceValue::isCSSValueNone const + 6
https://bugs.webkit.org/show_bug.cgi?id=144870
rdar://problem/20727702

Reviewed by Simon Fraser.

No repro but we are seeing null pointer crashes like this:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff92da5706 WebCore::WebKitCSSResourceValue::isCSSValueNone() const + 6
1 com.apple.WebCore 0x00007fff93382b48 WebCore::MaskImageOperation::isCSSValueNone() const + 24
2 com.apple.WebCore 0x00007fff92e0475e WebCore::FillLayer::hasNonEmptyMaskImage() const + 30

  • platform/graphics/MaskImageOperation.cpp:

(WebCore::MaskImageOperation::MaskImageOperation):
(WebCore::MaskImageOperation::isCSSValueNone):

This would crash like this if both m_styleImage and m_cssMaskImageValue are null.
There are no obvious guarantees that this doesn't happen. Two of the constructor variants allow it
and there is setImage which may turn m_styleImage null later too.

Fix by making null m_cssMaskImageValue always signify CSSValueNone.

(WebCore::MaskImageOperation::cssValue):

8:47 AM Changeset in webkit [184103] by Carlos Garcia Campos
  • 6 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r183436 - Form control may be associated with the wrong HTML Form element after form id change
https://bugs.webkit.org/show_bug.cgi?id=133456
<rdar://problem/17095055>

Reviewed by Andy Estes.

Source/WebCore:

Fixes an issue where a form control may be associated with the wrong HTML Form element
after the id of the HTML Form element associated with the form control is changed when
there is more than one HTML Form element with the same id in the document. Specifically,
a form control that has an HTML form attribute value X will always be associated with
some HTML Form element f where f.id = X regardless of whether f.id is subsequently
changed.

Tests: fast/forms/change-form-id-to-be-unique-then-submit-form.html

fast/forms/change-form-id-to-be-unique.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Notify observers when the id of an element changed.
(WebCore::Element::updateId): Added parameter NotifyObservers (defaults to NotifyObservers::Yes),
as to whether we should notify observers of the id change.
(WebCore::Element::updateIdForTreeScope): Ditto.
(WebCore::Element::willModifyAttribute): Do not notify observers of the id change immediately. As
indicated by the name of this method, we plan to modify the DOM attribute id of the element, but
we have not actually modified it when this method is called. Instead we will notify observers
in Element::attributeChanged(), which is called after the DOM attribute id is modified.
(WebCore::Element::cloneAttributesFromElement): Ditto.

  • dom/Element.h: Defined enum class NotifyObservers.
  • dom/TreeScope.cpp:

(WebCore::TreeScope::addElementById): Added boolean parameter notifyObservers (defaults to true)
as to whether we should dispatch a notification to all observers.
(WebCore::TreeScope::removeElementById): Ditto.

  • dom/TreeScope.h:

LayoutTests:

Add tests to ensure that we associate the correct HTML Form element with a
<select> after changing the id of its associated HTML form element.

  • fast/forms/change-form-id-to-be-unique-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form.html: Added.
  • fast/forms/change-form-id-to-be-unique.html: Added.
8:43 AM WebKitGTK/2.8.x edited by Michael Catanzaro
Propose r184072 and split out OS X merges (diff)
8:40 AM Changeset in webkit [184102] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

[GTK] Gardening 11th May.
https://bugs.webkit.org/show_bug.cgi?id=144863

Unreviewed.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-05-11

  • platform/gtk/TestExpectations:
8:30 AM Changeset in webkit [184101] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183404 - Fix viewport units in Media Queries
https://bugs.webkit.org/show_bug.cgi?id=144260

Reviewed by Darin Adler.

Source/WebCore:

This patch makes sure that viewport units are considered "length units"
in the context of Media Queries, by having MediaQueryExp use the unit logic
that is in CSSPrimitiveValue.
It does that by turning the relevant methods in CSSPrimitiveValue into static.

It also makes sure that the logic for "resolution units" is not maintained separately
in MediaQueryExp, to avoid similiar issues in the future with resolution units.

Test: fast/media/mq-viewport-units.html

  • css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isViewportPercentageLength): Added a static variant.
(WebCore::CSSPrimitiveValue::isLength): Added a static variant.
(WebCore::CSSPrimitiveValue::isResolution): Added a static variant.

  • css/MediaQueryExp.cpp:

(WebCore::featureWithValidPositiveLenghtOrNumber): Call CSSPrimitiveValue's length unit logic.
(WebCore::featureWithValidDensity): Call CSSPrimitiveValue's resolution unit logic.

LayoutTests:

These tests make sure that viewport units are working as expected inside of Media Queries.

  • fast/media/mq-viewport-units-expected.txt: Added.
  • fast/media/mq-viewport-units.html: Added.
8:18 AM Changeset in webkit [184100] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r183291 - [JSC] When inserting a NaN into a Int32 array, we convert it to DoubleArray then to ContiguousArray
https://bugs.webkit.org/show_bug.cgi?id=144169

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-04-24
Reviewed by Geoffrey Garen.

  • runtime/JSObject.cpp:

(JSC::JSObject::convertInt32ForValue):
DoubleArray do not store NaN, they are used for holes.
What happened was:
1) We fail to insert the NaN in the Int32 array because it is a double.
2) We were converting the array to DoubleArray.
3) We were trying to insert the value again. We would fail again because

DoubleArray does not store NaN.

4) We would convert the DoubleArrayt to Contiguous Array, converting the values

to boxed values.

  • tests/stress/int32array-transition-on-nan.js: Added.

The behavior is not really observable. This only test nothing crashes in those
cases.

(insertNaNWhileFilling):
(testInsertNaNWhileFilling):
(insertNaNAfterFilling):
(testInsertNaNAfterFilling):
(pushNaNWhileFilling):
(testPushNaNWhileFilling):

8:15 AM Changeset in webkit [184099] by Carlos Garcia Campos
  • 5 edits
    9 adds in releases/WebKitGTK/webkit-2.8

Merge r183280,r183672 - Origin header is preserved on cross-origin redirects.
https://bugs.webkit.org/show_bug.cgi?id=144157.

Reviewed by Sam Weinig.

Source/WebCore:

Tests: http/tests/security/cors-post-redirect-301.html

http/tests/security/cors-post-redirect-302.html
http/tests/security/cors-post-redirect-307.html
http/tests/security/cors-post-redirect-308.html

  • platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::willSendRequest): Always clear any origin header for cross-origin redirects.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::willSendRequest): Ditto.

LayoutTests:

  • http/tests/security/cors-post-redirect-301-expected.txt: Added.
  • http/tests/security/cors-post-redirect-301.html: Added.
  • http/tests/security/cors-post-redirect-302-expected.txt: Added.
  • http/tests/security/cors-post-redirect-302.html: Added.
  • http/tests/security/cors-post-redirect-307-expected.txt: Added.
  • http/tests/security/cors-post-redirect-307.html: Added.
  • http/tests/security/cors-post-redirect-308-expected.txt: Added.
  • http/tests/security/cors-post-redirect-308.html: Added.
  • http/tests/security/resources/cors-post-redirect-target.php: Added.

[GTK] New CORS tests from r183280 fail on WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=144469

Reviewed by Sergio Villar Senin.

No new tests. This causes failing tests to pass.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect): Clear the origin header on cross-origin redirects.

8:08 AM Changeset in webkit [184098] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.8

Merge r183275 - Made Object.prototype.proto native getter and setter check that this object not null or undefined
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):

LayoutTests:
Added tests to ensure that Object.prototype.proto native getter and setter do not coerce undefined to this
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • js/script-tests/sloppy-getter-setter-global-object.js: Added.
  • js/sloppy-getter-setter-global-object-expected.txt: Added.
  • js/sloppy-getter-setter-global-object.html: Added.
8:08 AM Changeset in webkit [184097] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: Crash at WebCore::AccessibilityMenuList::addChildren()
https://bugs.webkit.org/show_bug.cgi?id=144860

Reviewed by Mario Sanchez Prada.

Source/WebCore:

There were some unsafe pointer accesses in AccessibilityMenuList code that needed to be cleaned up.

Test: accessibility/menu-list-crash2.html

  • accessibility/AccessibilityMenuList.cpp:

(WebCore::AccessibilityMenuList::addChildren):

LayoutTests:

  • accessibility/menu-list-crash2-expected.txt: Added.
  • accessibility/menu-list-crash2.html: Added.
7:00 AM Changeset in webkit [184096] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183255 - [SOUP] Use a webkit subdirectory for the disk cache
https://bugs.webkit.org/show_bug.cgi?id=144048

Reviewed by Martin Robinson.

Source/WebCore:

Add a static method to SoupNetworkSession to clear a soup cache
given its directory.

  • platform/network/soup/SoupNetworkSession.cpp:

(WebCore::strIsNumeric):
(WebCore::SoupNetworkSession::clearCache):

  • platform/network/soup/SoupNetworkSession.h:

Source/WebKit2:

Recent versions of libsoup remove any file in cache dir not
referenced by the index when the cache is loaded to workaround
leaked resources when load/dump is unbalanced for whatever reason,
like a crash. We currently use $XDG_CACHE_HOME/app-name as default
disk cache directory, but that directory could be used by apps to
cache other things, and the soup cache might end up deleting other
stuff. The soup cache assumes the given directory is only for the
disk cache, so we should ensure that.

  • NetworkProcess/soup/NetworkProcessSoup.cpp:

(WebKit::NetworkProcess::platformInitializeNetworkProcess): Append
webkit to the given disk cache and clear the previous soup cache if it exists.

  • WebProcess/soup/WebProcessSoup.cpp:

(WebKit::WebProcess::platformInitializeWebProcess): Ditto.

6:43 AM Changeset in webkit [184095] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183179 - [WK2] WebDiagnosticLoggingClient is leaking
https://bugs.webkit.org/show_bug.cgi?id=144089
<rdar://problem/19706214>

Reviewed by Darin Adler.

WebDiagnosticLoggingClient is leaking. It is constructed inside WebPage
constructor but there is no code destroying it.

This patch adds a new xxxDestroyed() virtual function to
DiagnosticLoggingClient and that is overriden in
WebDiagnosticLoggingClient to call "delete this". This is the same
pattern as for other WK2 clients (e.g. WebFrameLoaderClient,
WebProgressTrackerClient).

Source/WebCore:

  • loader/EmptyClients.h:
  • page/DiagnosticLoggingClient.h:
  • page/MainFrame.cpp:

(WebCore::MainFrame::~MainFrame):

Source/WebKit2:

  • WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:

(WebKit::WebDiagnosticLoggingClient::mainFrameDestroyed):

  • WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.h:
6:41 AM Changeset in webkit [184094] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183178 - CrashTracer: WebProcess at com.apple.WebCore: WebCore::toScriptElementIfPossible + 4
https://bugs.webkit.org/show_bug.cgi?id=144050
rdar://problem/15534973

Reviewed by Chris Dumez.

We are seeing null Element pointer crashes with this stack:

47 com.apple.WebCore: WebCore::toScriptElementIfPossible + 4 <==
47 com.apple.WebCore: WebCore::ScriptRunner::timerFired + 452
47 com.apple.WebCore: WebCore::ThreadTimers::sharedTimerFiredInternal + 175

The most likely cause seems to be that this code

ASSERT(m_pendingAsyncScripts.contains(scriptElement));
m_scriptsToExecuteSoon.append(m_pendingAsyncScripts.take(scriptElement));

in ScriptRunner::notifyScriptReady fails to find scriptElement and we are left with a null entry in
m_scriptsToExecuteSoon. However I haven't managed to repro this or find the exact path how this
could happen. The related code is fragile with lot of state (in ScriptElement class)
and involves many opportunities for re-entry via scripts.

No repro, no test case.

  • dom/ScriptRunner.cpp:

(WebCore::ScriptRunner::timerFired):

Paper this over by adding a null check. We could check m_pendingAsyncScripts.take() above
but this also covers possibility this is caused by something else.

6:38 AM Changeset in webkit [184093] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Merge r183088 - [Cairo] Implement Path::addPath
https://bugs.webkit.org/show_bug.cgi?id=130580

Reviewed by Dirk Schulze.

Source/WebCore:

Add support for addPath method for ports using cairo.
This patch is originally authored by Jae Hyun Park <jaepark@webkit.org>.

Test: fast/canvas/canvas-path-addPath.html

  • platform/graphics/cairo/PathCairo.cpp:

(WebCore::Path::addPath): Implement addPath for cairo.

LayoutTests:

Enable addPath testcase in EFL port.

  • platform/efl/TestExpectations:
6:32 AM Changeset in webkit [184092] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183064 - Use ASSERT_WITH_SECURITY_IMPLICATION() for NoEventDispatchAssertion
https://bugs.webkit.org/show_bug.cgi?id=143971

Reviewed by Darin Adler.

Use ASSERT_WITH_SECURITY_IMPLICATION() for NoEventDispatchAssertion as
firing JS events can cause arbitrary JS execution which often leads to
security bugs when event firing is forbidden. For e.g. firing events
from ActiveDOMObject::suspend() means JS can construct or destroy
ActiveDOMObjects while we are iterating over them.

  • dom/ContainerNode.cpp:

(WebCore::dispatchChildInsertionEvents):
(WebCore::dispatchChildRemovalEvents):

  • dom/ContainerNodeAlgorithms.h:

(WebCore::ChildNodeInsertionNotifier::notify):

  • dom/Document.cpp:

(WebCore::Document::dispatchWindowEvent):
(WebCore::Document::dispatchWindowLoadEvent):

  • dom/Element.cpp:

(WebCore::Element::dispatchFocusInEvent):
(WebCore::Element::dispatchFocusOutEvent):

  • dom/EventDispatcher.cpp:

(WebCore::EventDispatcher::dispatchEvent):

  • dom/EventTarget.cpp:

(WebCore::EventTarget::fireEventListeners):

  • dom/Node.cpp:

(WebCore::Node::dispatchSubtreeModifiedEvent):
(WebCore::Node::dispatchDOMActivateEvent):

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::canSuspendActiveDOMObjectsForPageCache):
(WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
(WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
(WebCore::ScriptExecutionContext::stopActiveDOMObjects):
(WebCore::ScriptExecutionContext::willDestroyActiveDOMObject):

  • dom/WebKitNamedFlow.cpp:

(WebCore::WebKitNamedFlow::dispatchRegionOversetChangeEvent):

6:31 AM Changeset in webkit [184091] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r183053 - REGRESSION (r177494): -webkit-mask-image: with data URI fails on non-local files
https://bugs.webkit.org/show_bug.cgi?id=141857

Reviewed by Dirk Schulze.

Source/WebCore:

r177494 regressed loading of data URIs in masks with remote content, triggering
a cross-domain error which occurs because the mask loading happened via a separate
SVGDocument.

Fix by checking for data URIs at parsing time, which is what we used to do.

Test: http/tests/css/data-uri-mask.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseMaskImage):

  • svg/SVGURIReference.h:

(WebCore::SVGURIReference::isExternalURIReference):

LayoutTests:

Ref test with a masked green square. Has to be an http test to trigger the
origin checking.

  • http/tests/css/data-uri-mask-expected.html: Added.
  • http/tests/css/data-uri-mask.html: Added.
6:12 AM Changeset in webkit [184090] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182980 - Clients sometimes block for 500ms in waitForPossibleGeometryUpdates
https://bugs.webkit.org/show_bug.cgi?id=143901
<rdar://problem/20488655>

Reviewed by Anders Carlsson.

  • Platform/IPC/Connection.cpp:

(IPC::Connection::waitForMessage):
InterruptWaitingIfSyncMessageArrives already cancels waitForMessage if
a sync message arrives while waiting, but it should also avoid waiting
if there's a sync message already in the queue when the waiting starts,
as that will have the same nasty effect.

  • UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:

(WebKit::TiledCoreAnimationDrawingAreaProxy::waitForPossibleGeometryUpdate):
If a synchronous message comes in from the Web process while we're waiting,
cancel our synchronous wait for DidUpdateGeometry. This will cause the size
change to not synchronize with the Web process' painting, but that is better
than pointlessly blocking for 500ms.

6:10 AM Changeset in webkit [184089] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182979 - Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue()
https://bugs.webkit.org/show_bug.cgi?id=143899
<rdar://problem/20584215>

Reviewed by Anders Carlsson.

WebDiagnosticLoggingClient::logDiagnosticMessage*() methods failed to
check that m_page.corePage() was non-null before dereferencing, thus
causing crashes when it is null.

  • WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:

(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessage):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithResult):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue):

6:08 AM Changeset in webkit [184088] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182974 - Large values for line-height cause integer overflow in RenderStyle::computedLineHeight
https://bugs.webkit.org/show_bug.cgi?id=143863

Reviewed by Rob Buis.

Source/WebCore:

When we compute huge values for line-height through percentage or CSS
calc, we'll overflow the integer and later on
ShapeOutsideInfo::computeDeltasForContainingBlockLine will ASSERT
because it expects non-negative line height. So for the computed
line-height, clamp to an integer range to avoid overflow. Note that
the code path for percentages here is safe because LayoutUnit clamps
to an int on conversion.

This is based on a Blink patch by Rob Buis.

Test: fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::computedLineHeight): Clamp line-height to an

int to avoid overflow.

LayoutTests:

Simplified test from a fuzzer.

  • fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash-expected.txt: Added.
  • fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html: Added.
6:05 AM Changeset in webkit [184087] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182962 - RenderTableCell::computeCollapsed*Border() should check if the cell is still attached to the render tree.
https://bugs.webkit.org/show_bug.cgi?id=143887
rdar://problem/20568989

Reviewed by Simon Fraser.

Detached table cell has no access to its parent table. This is a speculative fix to
avoid dereferencing the invalid table pointer.

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::computeCollapsedStartBorder):
(WebCore::RenderTableCell::computeCollapsedEndBorder):
(WebCore::RenderTableCell::computeCollapsedBeforeBorder):
(WebCore::RenderTableCell::computeCollapsedAfterBorder):

6:04 AM Changeset in webkit [184086] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Merge r182943 - [SOUP] Redirect to non HTTP destination is broken
https://bugs.webkit.org/show_bug.cgi?id=143866

Reviewed by Sergio Villar Senin.

Source/WebCore:

This is because we are passing true unconditionally as
isHTTPFamilyRequest parameter of
createSoupRequestAndMessageForHandle in continueAfterWillSendRequest.
We don't actually need to pass isHTTPFamilyRequest parameter to
createSoupRequestAndMessageForHandle, since it can simply check
that from the given request.

Covered by unit tets and also cache/disk-cache/disk-cache-redirect-to-data.html.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::continueAfterWillSendRequest):
(WebCore::createSoupRequestAndMessageForHandle):
(WebCore::ResourceHandle::start):

Tools:

Add a unit test to check that redirect to a data URI works.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:

(testRedirectToDataURI):
(serverCallback):
(beforeAll):

6:01 AM Changeset in webkit [184085] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182918 - Media element can manipulate DOM during Document destruction.
rdar://problem/20553898 and https://bugs.webkit.org/show_bug.cgi?id=143780

Patch by Brady Eidson <beidson@apple.com> on 2015-04-16
Reviewed by Jer Noble.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::configureMediaControls): Bail if the element has no active document.

5:59 AM Changeset in webkit [184084] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182880 - We should dump GraphicsLayer's anchorPoint z component
https://bugs.webkit.org/show_bug.cgi?id=143815

Reviewed by Tim Horton.

We didn't include the z component of a layer's anchor point when dumping.
Dump if it's non-zero (to avoid having to change lots of test output).
No test with non-zero z appears to dump layers.

  • platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::dumpProperties):

  • rendering/style/RenderStyle.cpp:

(WebCore::requireTransformOrigin): Remove a FIXME which, on further consideration,
is wrong.

5:10 AM Changeset in webkit [184083] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8

Merge r182872 - String.prototype.startsWith/endsWith/includes have wrong length in r182673
https://bugs.webkit.org/show_bug.cgi?id=143659

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Fix lengths of String.prototype.{includes,startsWith,endsWith} per spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.includes
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.startswith
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.endswith

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):

LayoutTests:

  • js/script-tests/string-includes.js:
  • js/string-includes-expected.txt:
5:05 AM Changeset in webkit [184082] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8

Merge r182868 - Math.imul has wrong length in Safari 8.0.4
https://bugs.webkit.org/show_bug.cgi?id=143658

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Correcting function length from 1, to 2, to match spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-math.imul

  • runtime/MathObject.cpp:

(JSC::MathObject::finishCreation):

LayoutTests:

  • js/script-tests/math.js:
5:01 AM Changeset in webkit [184081] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182866 - No thread safety when passing ThreadableLoaderOptions from a worker thread
https://bugs.webkit.org/show_bug.cgi?id=143790

Reviewed by Geoffrey Garen.

  • loader/ThreadableLoader.h:
  • loader/ThreadableLoader.cpp: (WebCore::ThreadableLoaderOptions::isolatedCopy): Added.
  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Don't just send
a structure with strings to a different thread, that's bad.

  • platform/CrossThreadCopier.h: I think that this is dead code, but for this bug,

just removing a clearly wrong specialization.

5:00 AM Changeset in webkit [184080] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182707 - Use std::unique_ptr instead of PassOwnPtr|OwnPtr for ResourceResponse
https://bugs.webkit.org/show_bug.cgi?id=143056

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-04-13
Reviewed by Gyuyoung Kim.

No new tests, no behavior changes.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
(WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveResponse):

  • platform/CrossThreadCopier.h:
  • platform/network/ResourceResponseBase.cpp:

(WebCore::ResourceResponseBase::adopt):
(WebCore::ResourceResponseBase::copyData):

  • platform/network/ResourceResponseBase.h:
  • platform/network/cf/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

  • platform/network/curl/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

  • platform/network/soup/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

4:49 AM Changeset in webkit [184079] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r181136 - Use std::unique_ptr instead of PassOwnPtr|OwnPtr for ResourceRequest
https://bugs.webkit.org/show_bug.cgi?id=142349

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-03-05
Reviewed by Darin Adler.

No new tests, no behavior changes.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):

  • loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::removeRequestFromSessionCaches):

  • platform/CrossThreadCopier.h:
  • platform/network/ResourceRequestBase.cpp:

(WebCore::ResourceRequestBase::adopt):
(WebCore::ResourceRequestBase::copyData):

  • platform/network/ResourceRequestBase.h:
  • platform/network/cf/ResourceRequest.h:
  • platform/network/cf/ResourceRequestCFNet.cpp:

(WebCore::ResourceRequest::doPlatformCopyData):
(WebCore::ResourceRequest::doPlatformAdopt):

  • platform/network/curl/ResourceRequest.h:

(WebCore::ResourceRequest::doPlatformCopyData):
(WebCore::ResourceRequest::doPlatformAdopt):

  • platform/network/soup/ResourceRequest.h:

(WebCore::ResourceRequest::doPlatformCopyData):
(WebCore::ResourceRequest::doPlatformAdopt):

4:32 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:14 AM Changeset in webkit [184078] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8

Merge r182863 - Number.parseInt in nightly r182673 has wrong length
https://bugs.webkit.org/show_bug.cgi?id=143657

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Correcting funciton length from 1, to 2, to match spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-number.parseint

  • runtime/NumberConstructor.cpp:

(JSC::NumberConstructor::finishCreation):

LayoutTests:

  • js/number-constructor-expected.txt:
  • js/script-tests/number-constructor.js:
4:06 AM Changeset in webkit [184077] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182835 - Make inline continuation style change logic consistent.
https://bugs.webkit.org/show_bug.cgi?id=143737
rdar://problem/20486596

Reviewed by Simon Fraser.

Do not force RenderBlock type-casting on the first sibling of the continuation's container.
The first sibling of the container of a continuation should be handled as the rest of the siblings.

Source/WebCore:

Test: fast/inline/inline-with-column-span-and-remove-block-child-crash.html

  • rendering/RenderInline.cpp:

(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

LayoutTests:

  • fast/inline/inline-with-column-span-and-remove-block-child-crash-expected.txt: Added.
  • fast/inline/inline-with-column-span-and-remove-block-child-crash.html: Added.
4:04 AM Changeset in webkit [184076] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182827 - DFG register fillSpeculate*() functions should validate incoming spill format is compatible with requested fill format
https://bugs.webkit.org/show_bug.cgi?id=143727

Reviewed by Geoffrey Garen.

Used the result of AbstractInterpreter<>::filter() to check that the current spill format is compatible
with the requested fill format. If filter() reports a contradiction, then we force an OSR exit.
Removed individual checks made redundant by the new check.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

4:04 AM Changeset in webkit [184075] by commit-queue@webkit.org
  • 2 edits
    1 add in trunk/LayoutTests

[GTK] Gardening 7th May.
https://bugs.webkit.org/show_bug.cgi?id=144735

Unreviewed.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-05-11

  • platform/gtk/TestExpectations:
  • platform/gtk/media/video-controls-no-scripting-expected.txt: Added.
3:53 AM Changeset in webkit [184074] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182810 - Media elements not in a page shouldn't load.
https://bugs.webkit.org/show_bug.cgi?id=143720

Reviewed by Jer Noble.

No new tests (Theoretical problem noticed in code review).

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource): Make sure the frame is in a page.

3:41 AM Changeset in webkit [184073] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[WebGL] Unnecessary condition check in the while loop
https://bugs.webkit.org/show_bug.cgi?id=125001

Patch by Przemyslaw Szymanski <p.szymanski3@samsung.com> on 2015-05-11
Reviewed by Csaba Osztrogonác.

While loop in this case needs to be optimized a little.
For now a conditional statement in while will execute two
times at begin. do-while loop avoids to check first statement.

No new tests. No behaviour changed.

  • html/canvas/WebGLFramebuffer.cpp:

(WebCore::WebGLFramebuffer::removeAttachmentFromBoundFramebuffer):

3:21 AM Changeset in webkit [184072] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WTF

[GTK] WorkQueue objects are not released
https://bugs.webkit.org/show_bug.cgi?id=144824

Reviewed by Žan Doberšek.

Do not keep a reference of the WorkQueue for the entire life of
its worker thread, since every task scheduled on the WorkQueue
already takes a reference. Instead, take a reference of the main
loop to make sure that when the worker thread starts, the main
loop hasn't been released to avoid runtime warnings (see
webkit.org/b/140998). Also removed the g_main_context_pop_thread_default()
from the thread body, since the thread-specific context queue will
be freed anyway when the thread exits.
If the WorkQueue is released early, before the thread has started,
schedule a main loop quit in the context, to make sure it will
be the first thing run by the main loop and the thread will exit.

  • wtf/WorkQueue.h: Remove unused event loop mutex.
  • wtf/gtk/WorkQueueGtk.cpp:

(WTF::WorkQueue::platformInitialize):
(WTF::WorkQueue::platformInvalidate):

2:38 AM Changeset in webkit [184071] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[GTK] Reorder Performance class's member initialization sequence
https://bugs.webkit.org/show_bug.cgi?id=144858

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-05-11
Reviewed by Csaba Osztrogonác.

No new tests, no new behaviors.

  • page/Performance.cpp:

(WebCore::Performance::Performance):

1:52 AM Changeset in webkit [184070] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

Reduce TransformationMatrix copies in WebKitCSSMatrix operations
https://bugs.webkit.org/show_bug.cgi?id=144795

Reviewed by Darin Adler.

Instead of copying the TransformationMatrix member, performing
the operation on it and then copying it again when creating
the new WebKitCSSMatrix object, copy it just once by first
creating the new WebKitCSSMatrix object and then performing
the operation on that object's TransformationMatrix directly.

  • css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::multiply):
(WebCore::WebKitCSSMatrix::translate):
(WebCore::WebKitCSSMatrix::scale):
(WebCore::WebKitCSSMatrix::rotate):
(WebCore::WebKitCSSMatrix::rotateAxisAngle):
(WebCore::WebKitCSSMatrix::skewX):
(WebCore::WebKitCSSMatrix::skewY):

1:40 AM Changeset in webkit [184069] by zandobersek@gmail.com
  • 4 edits in trunk/Source/WebCore

Add missing vtable override specifiers under Source/WebCore/loader, Source/WebCore/xml
https://bugs.webkit.org/show_bug.cgi?id=144793

Reviewed by Darin Adler.

Update virtual method overrides under Source/WebCore/loader
and Source/WebCore/dom which are missing the override specifier.

  • loader/DocumentThreadableLoader.h:

(WebCore::DocumentThreadableLoader::refThreadableLoader):
(WebCore::DocumentThreadableLoader::derefThreadableLoader):

  • loader/cache/CachedRawResource.h:
  • xml/parser/XMLDocumentParser.h:
1:39 AM Changeset in webkit [184068] by zandobersek@gmail.com
  • 5 edits in trunk/Source/WebCore

Add missing vtable override specifiers under Source/WebCore/accessibility, Source/WebCore/dom
https://bugs.webkit.org/show_bug.cgi?id=144792

Reviewed by Darin Adler.

Update virtual method overrides under Source/WebCore/accessibility
and Source/WebCore/dom which are missing the override specifier.

  • accessibility/AccessibilityMockObject.h:

(WebCore::AccessibilityMockObject::isDetachedFromParent): Deleted.

  • accessibility/AccessibilityRenderObject.h:
  • dom/DecodedDataDocumentParser.h:
  • dom/TouchEvent.h:
Note: See TracTimeline for information about the timeline view.