Context Navigation

← Previous Period
Next Period →

Timeline

May 16, 2015:

5:24 PM Changeset in webkit [184441] by aestes@apple.com

7 edits in trunk/Source/WebKit2

[iOS] WKPDFView should not follow javascript: links
https://bugs.webkit.org/show_bug.cgi?id=145101

Reviewed by Dan Bernstein.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::navigateToPDFLinkWithSimulatedClick): Returned early if url's protocol is javascript:.
(WebKit::WebPageProxy::navigateToURLWithSimulatedClick): Renamed to navigateToPDFLinkWithSimulatedClick to
reflect that this function is exclusively for following PDF links.

UIProcess/WebPageProxy.h:
UIProcess/ios/WKPDFView.mm:

(-[WKPDFView annotation:wasTouchedAtPoint:controller:]):
(-[WKPDFView actionSheetAssistant:openElementAtLocation:]):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::navigateToPDFLinkWithSimulatedClick): Renamed from navigateToURLWithSimulatedClick.
(WebKit::WebPage::navigateToURLWithSimulatedClick): Renamed to navigateToPDFLinkWithSimulatedClick.

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

4:24 PM Changeset in webkit [184440] by Alan Bujtas

3 edits
4 adds in trunk

REGRESSION (Subpixel): Dashed underline is missing when box is positioned at subpixels.
https://bugs.webkit.org/show_bug.cgi?id=145097
rdar://problem/18588415

Reviewed by Simon Fraser.

Dashed and dotted border painting needs clipping in order to properly display corners.
Similarly to solid border's quad calculation, we pixelsnap the border positions before computing the clipping quad values.

Source/WebCore:

Test: fast/borders/dashed-border-on-subpixel-position.html

fast/borders/dotted-border-on-subpixel-position.html

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::clipBorderSidePolygon):

LayoutTests:

fast/borders/dashed-border-on-subpixel-position-expected.html: Added.
fast/borders/dashed-border-on-subpixel-position.html: Added.
fast/borders/dotted-border-on-subpixel-position-expected.html: Added.
fast/borders/dotted-border-on-subpixel-position.html: Added.

4:00 PM Changeset in webkit [184439] by Brent Fulgham

4 edits in trunk/Source/WebKit2

[iOS] Remote scrolling tree needs to coordinate scroll snap state during resize/rotations
https://bugs.webkit.org/show_bug.cgi?id=145059
<rdar://problem/20975978>

Reviewed by Simon Fraser.

The web view needs to update its scroll snap point offsets to take into account any
adjustments to the view size caused by content insets. We also need to update the
offstes after device rotation.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView scrollViewWillEndDragging:withVelocity:targetContentOffset:]): Retrieve the proper
computed content inset for the view and incorporate into any scroll snap point adjustments.
(-[WKWebView _updateVisibleContentRects]): If we have active scroll snap points,

UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::adjustTargetContentOffsetForSnapping): Update to account
for content inset.
(WebKit::RemoteScrollingCoordinatorProxy::shouldSnapForMainFrameScrolling): Also validate that the
active index is valid.
(WebKit::RemoteScrollingCoordinatorProxy::closestSnapOffsetForMainFrameScrolling): Update to track
current active snap offset index.
(WebKit::RemoteScrollingCoordinatorProxy::hasActiveSnapPoint): Added.
(WebKit::RemoteScrollingCoordinatorProxy::nearestActiveSnapPoint): Added. It calculates the proper
scroll position incorporating any snap point and content insets.

2:01 PM Changeset in webkit [184438] by commit-queue@webkit.org

11 edits
1 move
1 add
1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184415.
https://bugs.webkit.org/show_bug.cgi?id=145096

Broke several tests (Requested by msaboff on #webkit).

Reverted changeset:

"Insert store barriers late so that IR transformations don't
have to worry about them"
https://bugs.webkit.org/show_bug.cgi?id=145015
http://trac.webkit.org/changeset/184415

1:00 PM Changeset in webkit [184437] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Remove styleText() and applyStyleText() from InspectorStyle.
https://bugs.webkit.org/show_bug.cgi?id=145093

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-16
Reviewed by Darin Adler.

styleText() and applyStyleText() in InspectorStyle are private aliases for the public
accessors in the same class but are rarely used. I think it would be better off removing
these aliases and updating all the current call sites to use the public accessors directly
as noted in InspectorStyleSheet.h.

No new tests, no behavior change.

inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyle::populateAllProperties):

inspector/InspectorStyleSheet.h:

12:57 PM Changeset in webkit [184436] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Remove MessageType variant of addMessageToConsole() from ChromeClient.
https://bugs.webkit.org/show_bug.cgi?id=145095

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-16
Reviewed by Darin Adler.

All addMessageToConsole() in ChromeClient are exactly the same thing.
So there is no reason to keep all this methods.

No new tests, no behavior change.

page/ChromeClient.h:
page/PageConsoleClient.cpp:

(WebCore::PageConsoleClient::messageWithTypeAndLevel):

11:16 AM Changeset in webkit [184435] by weinig@apple.com

12 edits
1 copy
2 adds in trunk

Add getElementById to DocumentFragment
https://bugs.webkit.org/show_bug.cgi?id=145094

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Match the latest DOM standard and other browsers by adding getElementById
to DocumentFragment in addition to Document and SVGSVGElement. Add NonElementParentNode
interface that the DOM standard defines.

Test: fast/dom/DocumentFragment/getElementById.html

DerivedSources.make:
WebCore.xcodeproj/project.pbxproj:

Add NonElementParentNode.idl

dom/Document.idl:

Mark Document as implementing NonElementParentNode and remove now redundant getElementById
declaration.

dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::getElementById):

dom/DocumentFragment.h:

Add implementation of getElementById for DocumentFragments. Add a fast path for ShadowRoots
which can take advantage of the fact that they are TreeScopes to use the elements by id cache
in TreeScrope.

dom/DocumentFragment.idl:

Mark DocumentFragment as implementing NonElementParentNode.

dom/NonElementParentNode.idl: Copied from Source/WebCore/dom/NonDocumentTypeChildNode.idl.

Added.

svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::getElementById):

svg/SVGSVGElement.h:
svg/SVGSVGElement.idl:

Convert to taking an AtomicString to match other getElementByIds.

LayoutTests:

fast/dom/DocumentFragment/getElementById-expected.txt: Added.
fast/dom/DocumentFragment/getElementById.html: Added.

6:53 AM Changeset in webkit [184434] by Antti Koivisto

11 edits
2 adds in trunk

When redirecting to data URL use HTTP response for same origin policy checks
https://bugs.webkit.org/show_bug.cgi?id=145054
rdar://problem/20299050

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Test: http/tests/security/canvas-remote-read-data-url-image-redirect.html

dom/ScriptElement.cpp:

(WebCore::ScriptElement::notifyFinished):

dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::sanitizeScriptError):

html/canvas/CanvasRenderingContext.cpp:

(WebCore::CanvasRenderingContext::wouldTaintOrigin):

loader/ImageLoader.cpp:

(WebCore::ImageLoader::notifyFinished):

loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::responseReceived):

loader/TextTrackLoader.cpp:

(WebCore::TextTrackLoader::notifyFinished):

loader/cache/CachedImage.cpp:

(WebCore::CachedImage::isOriginClean):

loader/cache/CachedResource.cpp:

(WebCore::CachedResource::passesAccessControlCheck):
(WebCore::CachedResource::passesSameOriginPolicyCheck):

Factor repeatedly used same origin policy test into a function.

(WebCore::CachedResource::redirectReceived):

When redirecting to a data URL save the redirect response.

(WebCore::CachedResource::responseForSameOriginPolicyChecks):

In case we got redirected to data use that response instead of the final data response for policy checks.

loader/cache/CachedResource.h:

LayoutTests:

http/tests/security/canvas-remote-read-data-url-image-redirect-expected.txt: Added.
http/tests/security/canvas-remote-read-data-url-image-redirect.html: Added.

12:52 AM Changeset in webkit [184433] by jonlee@apple.com

2 edits in trunk/Source/WebCore

[iOS] wireless playback picker button is drawn incorrectly
https://bugs.webkit.org/show_bug.cgi?id=145057
rdar://problem/20877518

Reviewed by Jer Noble.

Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessTargetPickerButton): This method is
defined in Controller, but is only meant to run on Macs. Override it with
an empty function for iOS.

12:11 AM Changeset in webkit [184432] by commit-queue@webkit.org

2 edits in trunk/Tools

[EFL][WK2] Minibrowser : Add search icon to search bar
https://bugs.webkit.org/show_bug.cgi?id=139773

Patch by Tanay C <tanay.c@samsung.com> on 2015-05-16
Reviewed by Gyuyoung Kim.

MiniBrowser/efl/main.c:

(search_icon_show): Added.
(search_box_show): Modified.

May 15, 2015:

11:42 PM Changeset in webkit [184431] by rniwa@webkit.org

3 edits in trunk/Tools

run_benchmark should have an option to specify the number of runs
https://bugs.webkit.org/show_bug.cgi?id=145091

Reviewed by Stephanie Lewis.

Added --count option.

Scripts/run-benchmark:

(main):

Scripts/webkitpy/benchmark_runner/benchmark_runner.py:

(BenchmarkRunner.init):

9:24 PM Changeset in webkit [184430] by Simon Fraser

4 edits
2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

Re-land r184421 with a fix to check against rects.coverageRect
rather than the stale m_coverageRect.

Test: compositing/visible-rect/backing-change-height-from-zero.html

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump):

LayoutTests:

Re-land.

compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
compositing/visible-rect/backing-change-height-from-zero.html: Added.

8:47 PM Changeset in webkit [184429] by Matt Baker

4 edits in trunk/Source/WebInspectorUI

Web Inspector: empty timeline should not use previous timeline's zoom interval
https://bugs.webkit.org/show_bug.cgi?id=132754

Reviewed by Joseph Pecoraro.

When a timeline recording is started in response to a provisional load, TimelineManager should check whether
the main resource url is changing before loading a new timeline recording. If the main resource is changing,
set the selection start, selection duration, and duration-per-pixel settings of the TimelineOverview to their
default values.

UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager):
(WebInspector.TimelineManager.prototype.isCapturingPageReload):
(WebInspector.TimelineManager.prototype.capturingStopped):
(WebInspector.TimelineManager.prototype.pageDidLoad):
(WebInspector.TimelineManager.prototype._startAutoCapturing):
Added a property for checking whether auto capture was triggered by a page reload.

UserInterface/Views/LinearTimelineOverview.js:

(WebInspector.LinearTimelineOverview):
Increase default selection time to 15 seconds.

UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
Reset selection and zoom if TimelineManager isn't capturing in response to a page reload.

(WebInspector.TimelineOverview.prototype.reset):
Reset selection and zoom.

(WebInspector.TimelineOverview.prototype._timeRangeSelectionChanged):
(WebInspector.TimelineOverview.prototype._resetSelection):
Added a helper function for resetting selection and zoom to their default values.

8:46 PM Changeset in webkit [184428] by Matt Baker

2 edits in trunk/Source/WebCore

Web Inspector: REGRESSION (r181625): Timeline recording started from console.profile is always empty
https://bugs.webkit.org/show_bug.cgi?id=144882

Reviewed by Joseph Pecoraro.

A timeline recording will always be stopped before the end of the current run loop is observed. Before
dispatching the recording stopped event, any events that are currently in progress should be considered
complete and sent to the frontend.

inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStop):

8:00 PM Changeset in webkit [184427] by Matt Baker

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Timeline data grid displays wrong records after switching between Timelines/Frames mode
https://bugs.webkit.org/show_bug.cgi?id=145084

Reviewed by Timothy Hatcher.

Update timeline sidebar filter whenever the view mode changes.

UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if.get if):
(WebInspector.TimelineSidebarPanel.get else):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject):

7:31 PM Changeset in webkit [184426] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Bump image format number to force image regeneration
https://bugs.webkit.org/show_bug.cgi?id=145074

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

UserInterface/Base/ImageUtilities.js:

7:24 PM Changeset in webkit [184425] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Don't reset the preview recognizer in [WKContentViewInteraction cleanupInteraction]
https://bugs.webkit.org/show_bug.cgi?id=145081

We shouldn't reset the recognizer in [WKContentViewInteraction cleanupInteraction] since we don't re-add it
back to WKContentView when the process relaunched. Since we already add/remove it when the view is move into/
removed from the window, we don't need reset it in cleanupInteraction.

Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2015-05-15
Reviewed by Dan Bernstein.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView cleanupInteraction]):

6:46 PM Changeset in webkit [184424] by mmaxfield@apple.com

1 edit
2 adds in trunk/LayoutTests

Test the interaction between font-family and font-weight
https://bugs.webkit.org/show_bug.cgi?id=145078

Reviewed by Dean Jackson.

This test is designed to test the interaction between font-family and font-weight. In particular,
our implementation of font-family accepts PostScript names, which may name a font with a particular
weight. However, there is another CSS property, font-weight, in which the author may also name a
particular weight. Our font selection algorithm takes both of these signals into account when
choosing fonts.

There is currently no good way in JavaScript to find the actual font chosen for some text.
Therefore, the best way to test this aspect of the font selection algorithm is to dump the render
tree, therefore testing glyph advances (which are a property of font weight).

platform/mac/fast/text/font-weights-expected.txt: Added.
platform/mac/fast/text/font-weights.html: Added.

6:37 PM Changeset in webkit [184423] by commit-queue@webkit.org

4 edits
2 deletes in trunk

Unreviewed, rolling out r184421.
https://bugs.webkit.org/show_bug.cgi?id=145087

Introduced 42 layout test failures (Requested by rniwa on
#webkit).

Reverted changeset:

"REGRESSION (r183300): Background missing on top links on
apple.com"
https://bugs.webkit.org/show_bug.cgi?id=145079
http://trac.webkit.org/changeset/184421

5:21 PM Changeset in webkit [184422] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

REGRESSION (r181910): WKWebView incorrectly scales snapshot
https://bugs.webkit.org/show_bug.cgi?id=145076

Patch by James Savage <James Savage> on 2015-05-15
Reviewed by Tim Horton.

We added a fast path to snapshotting using IOSurfaces with
http://trac.webkit.org/changeset/181910 which incorrectly determined
scale and transform and resulted in bad snapshots in some situations.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _snapshotRect:intoImageOfWidth:completionHandler:]):
When snapshotting an IOSurface we need to compute our scale based off of
the rect in the WKWebView coordinates, we also failed to account for
non-zero origins in the snapshot rect. Remove an unused varible while
we're here.

4:29 PM Changeset in webkit [184421] by Simon Fraser

4 edits
2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

GraphicsLayerCA::setVisibleAndCoverageRects() only set the m_intersectsCoverageRect
flag if the coverage rect changed, but it doesn't if you simply change the size of
the layer.

Instead, always re-evaluate the intersection, and set the CoverageRectChanged bit
if it changes.

Test: compositing/visible-rect/backing-change-height-from-zero.html

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump): Don't skip any layers in a
debug layer dump, to assist debugging.

LayoutTests:

Composited box that toggles to a non-zero height and dumps layers.

compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
compositing/visible-rect/backing-change-height-from-zero.html: Added.

3:55 PM Changeset in webkit [184420] by weinig@apple.com

13 edits
2 adds in trunk

Move HTMLElement's children property to ParentNode
https://bugs.webkit.org/show_bug.cgi?id=145072

Reviewed by Chris Dumez.

Source/WebCore:

Match the latest DOM standard and other browsers by moving the children property
to ParentNode, thus exposing it on Element, Document and DocumentFragment.

Test: fast/dom/ParentNode-children.html

dom/ContainerNode.cpp:

(WebCore::ContainerNode::children):
Moved implementation from HTMLElement to here.

(WebCore::ContainerNode::ensureCachedHTMLCollection):
(WebCore::ContainerNode::cachedHTMLCollection):
Moved implementation from Element to here so that ContainerNode::children
can use it.

(WebCore::ContainerNode::firstElementChild):
(WebCore::ContainerNode::lastElementChild):
(WebCore::ContainerNode::childElementCount):
Remove unnecessary assertions.

dom/ContainerNode.h:

Moved declarations from HTMLElement and Element to here.

dom/Element.cpp:

(WebCore::Element::ensureCachedHTMLCollection): Deleted.
(WebCore::Element::cachedHTMLCollection): Deleted.

dom/Element.h:

Moved to ContainerNode.

dom/Node.cpp:

(WebCore::Node::previousElementSibling):
(WebCore::Node::nextElementSibling):
Remove unnecessary assertions.

dom/ParentNode.idl:

Moved the children property here from HTMLElement.

html/HTMLElement.cpp:

(WebCore::HTMLElement::children): Deleted.

html/HTMLElement.h:

Moved to ContainerNode.

html/HTMLElement.idl:

Get rid of the children property for all bindings except Objective-C which needs
to keep it to avoid changing the public API.

LayoutTests:

fast/dom/ParentNode-children-expected.txt: Added.
fast/dom/ParentNode-children.html: Added.

Test children on Element, Document and DocumentFragment.

fast/dom/xmlserializer-serialize-to-string-exception-expected.txt:

Update results since document.children is no longer undefined.

js/dom/dom-static-property-for-in-iteration-expected.txt:

Update results.

3:10 PM WindowsWithoutCygwin edited by mmaxfield@apple.com

(diff)

2:59 PM Changeset in webkit [184419] by Alan Bujtas

2 edits in trunk/Source/WebCore

WebCore ASan debug build fails. ERROR: WebCore has a weak external symbol in it.
https://bugs.webkit.org/show_bug.cgi?id=145070

Reviewed by David Kilzer.

Build fix.

Configurations/WebCore.unexp:

2:36 PM Changeset in webkit [184418] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Reduce type annotation update frequency
https://bugs.webkit.org/show_bug.cgi?id=145066

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

UserInterface/Controllers/TypeTokenAnnotator.js:

Reduce the frequency which could commonly be 16-24ms
to a minimum of 100ms and maximum of 2000ms.

2:31 PM Changeset in webkit [184417] by Beth Dakin

2 edits in trunk/Source/WebCore

Prefix force on MouseEvent and add constants for click and force click values
https://bugs.webkit.org/show_bug.cgi?id=145065
-and corresponding-
rdar://problem/20770052

Reviewed by Tim Horton.

(WebCore::MouseEvent::webkitForce):

dom/MouseEvent.idl:

2:30 PM Changeset in webkit [184416] by jer.noble@apple.com

8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

html/HTMLMediaElement.h:
rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

rendering/RenderMedia.h:

Drive-by fixes:

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

2:11 PM Changeset in webkit [184415] by fpizlo@apple.com

11 edits
2 adds
2 deletes in trunk/Source/JavaScriptCore

Insert store barriers late so that IR transformations don't have to worry about them
https://bugs.webkit.org/show_bug.cgi?id=145015

Reviewed by Geoffrey Garen.

We have had three kinds of bugs with store barriers. For the sake of discussion we say
that a store barrier is needed when we have something like:

base.field = value

We sometimes fail to realize that we could remove a barrier when value is a non-cell. This might happen if we prove value to be a non-cell even though in the FixupPhase it wasn't predicted non-cell.

We sometimes have a barrier in the wrong place after object allocation sinking. We might sink an allocation to just above the store, but that puts it just after the StoreBarrier that FixupPhase inserted.

We don't remove redundant barriers across basic blocks.

This comprehensively fixes these issues by doing store barrier insertion late, and
removing the store barrier elision phase. Store barrier insertion uses an epoch-based
algorithm to determine when stores need barriers. Briefly, a barrier is not needed if
base is in the current GC epoch (i.e. was the last object that we allocated or had a
barrier since last GC) or if base has a newer GC epoch than value (i.e. value would have
always been allocated before base). We do conservative things when merging epoch state
between basic blocks, and we only do such inter-block removal in the FTL. FTL also
queries AI to determine what type we've proved about value, and avoids barriers when
value is not a cell. FixupPhase still inserts type checks on some stores, to maximize
the likelihood that this AI-based removal is effective.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGBlockMap.h:

(JSC::DFG::BlockMap::at):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):

dfg/DFGEpoch.h:

(JSC::DFG::Epoch::operator<):
(JSC::DFG::Epoch::operator>):
(JSC::DFG::Epoch::operator<=):
(JSC::DFG::Epoch::operator>=):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::speculateForBarrier):
(JSC::DFG::FixupPhase::insertStoreBarrier): Deleted.

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

dfg/DFGStoreBarrierElisionPhase.cpp: Removed.
dfg/DFGStoreBarrierElisionPhase.h: Removed.
dfg/DFGStoreBarrierInsertionPhase.cpp: Added.

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

dfg/DFGStoreBarrierInsertionPhase.h: Added.

2:10 PM Changeset in webkit [184414] by benjamin@webkit.org

2 edits in trunk/Source/JavaScriptCore

[ARM64] Do not fail branchConvertDoubleToInt32 when the result is zero and not negative zero
https://bugs.webkit.org/show_bug.cgi?id=144976

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-15
Reviewed by Michael Saboff.

Failing the conversion on zero is pretty dangerous as we discovered on x86.

This patch does not really impact performance significantly because
r184220 removed the zero checks from Kraken. This patch is just to be
on the safe side for cases not covered by existing benchmarks.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):

1:48 PM Changeset in webkit [184413] by achristensen@apple.com

5 edits in trunk/Source

[Content Extensions] Fail to load old content extension files
https://bugs.webkit.org/show_bug.cgi?id=145027

Reviewed by Eric Carlson.

Source/WebCore:

contentextensions/DFABytecode.h:

Source/WebKit2:

UIProcess/API/APIUserContentExtensionStore.cpp:

(API::openAndMapContentExtension):

UIProcess/API/APIUserContentExtensionStore.h:

1:47 PM Changeset in webkit [184412] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Remove unnecessary forward declarations in PropertyNameArray.h.
https://bugs.webkit.org/show_bug.cgi?id=145058

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Andreas Kling.

No new tests, no behavior change.

runtime/PropertyNameArray.h:

1:47 PM Changeset in webkit [184411] by commit-queue@webkit.org

11 edits in trunk/Source/WebInspectorUI

Web Inspector: Fix some possible event listener leakers in content views
https://bugs.webkit.org/show_bug.cgi?id=145068

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

Now that some content views can be closed that weren't closable before, ensure
we clean up after global event listeners that may strongly reference "this".

UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView.prototype.closed):

UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline.prototype.close):

UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView.prototype.closed):

UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView.prototype.closed):

UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView.prototype.closed):

UserInterface/Views/ScriptContentView.js:

(WebInspector.ScriptContentView.prototype.closed):

UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView.prototype.closed):

UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.close):

UserInterface/Views/TextResourceContentView.js:

(WebInspector.TextResourceContentView.prototype.closed):

UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid.prototype.closed):
(WebInspector.TimelineDataGrid.prototype.handleEvent):

1:45 PM Changeset in webkit [184410] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Initiator Popovers no longer work in Layout Timeline
https://bugs.webkit.org/show_bug.cgi?id=145067

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

UserInterface/Views/LayoutTimelineDataGrid.js:

(WebInspector.LayoutTimelineDataGrid.prototype.callFramePopoverAnchorElement):
Update the column name, which changed in r183134.

1:45 PM Changeset in webkit [184409] by timothy_horton@apple.com

2 edits in trunk/Tools

Temporarily disable failing API test.

TestWebKitAPI/Tests/WebKit2ObjC/ActionMenus.mm:

(TestWebKitAPI::TEST):

1:21 PM Changeset in webkit [184408] by rniwa@webkit.org

4 edits in branches/safari-600.7-branch/Tools

Merge r182018 and r181280.

2015-03-26 Jer Noble <jer.noble@apple.com>

Add --allowed-host support to run-webkit-tests
https://bugs.webkit.org/show_bug.cgi?id=142938

Reviewed by Brent Fulgham.

Accept --allowed-host arguments from run-webkit-tests and pass them through to
DumpRenderTree and WebKitTestRunner.

Drive-by fix: Depending on the value of the --layout-test-dir parameter, layout test results
are placed in the wrong location. The argument is compared with each tests's path, and if a
relative path or a path with '..' was used, results are placed alongside the test. Take the
absolute path of the --layout-test-dir argument, collapsing path components like '..'.

Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
Scripts/webkitpy/port/base.py: (Port.init): (Port.allowed_hosts):
Scripts/webkitpy/port/driver.py: (Driver.cmd_line):

2015-03-06 Jer Noble <jer.noble@apple.com>

Add an option to run-webkit-tests to override the LayoutTests/ directory
https://bugs.webkit.org/show_bug.cgi?id=142418

Reviewed by David Kilzer.

Add an arugment to run-webkit-tests which, when set, overrides the port's default LayoutTests
directory. The base port will parse the options during initialization and store the override
location if present. layout_tests_dir() will return this overridden location if set.

Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
Scripts/webkitpy/port/base.py: (Port.init): (Port.layout_tests_dir):

1:02 PM Changeset in webkit [184407] by mark.lam@apple.com

5 edits in trunk/Source/JavaScriptCore

JSArray::setLength() should reallocate instead of zero-filling if the reallocation would be small enough.
https://bugs.webkit.org/show_bug.cgi?id=144622

Reviewed by Geoffrey Garen.

When setting the array to a new length that is shorter, we now check if it is worth
just making a new butterfly instead of clearing out the slots in the old butterfly
that resides beyond the new length. If so, we will make a new butterfly instead.

There is no perf differences in the benchmark results. However, this does benefit
the perf of pathological cases where we need to shorten the length of a very large
array, as is the case in tests/mozilla/js1_5/Array/regress-101964.js. With this
patch, we can expect that test to complete in a short time again.

runtime/JSArray.cpp:

(JSC::JSArray::setLength):

runtime/JSObject.cpp:

(JSC::JSObject::reallocateAndShrinkButterfly):

makes a new butterfly with a new shorter length.
runtime/JSObject.h:
tests/mozilla/js1_5/Array/regress-101964.js:
Undo this test change since this patch will prevent us from spending a lot of time clearing a large butterfly.

1:02 PM Changeset in webkit [184406] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

Unreviewed build fix.

platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Add clang pragmas to ignore

deprecation warnings.

12:30 PM Changeset in webkit [184405] by basile_clement@apple.com

3 edits in trunk/Source/JavaScriptCore

DFGLICMPhase shouldn't create NodeOrigins with forExit but without semantic
https://bugs.webkit.org/show_bug.cgi?id=145062

Reviewed by Filip Pizlo.

We assert in various places (including NodeOrigin::isSet()) that a
NodeOrigin's semantic and forExit must be either both set, or both
unset. However, LICM'ing a node with unset NodeOrigin would only set
forExit, and leave semantic unset. This can for instance happen when a
Phi node is constant-folded into a JSConstant, which in turn gets
LICM'd.

This patch changes DFGLICMPhase to set the NodeOrigin's semantic in
addition to its forExit if semantic was previously unset.

It also adds two validators to DFGValidate.cpp:

In both SSA and CPS form, a NodeOrigin semantic and forExit must be either both set or both unset
In CPS form, all nodes must have a set NodeOrigin forExit (this is the CPS counterpart to the SSA validator that checks that all nodes must have a set NodeOrigin except possibly for a continuous chunk of nodes at the top of a block)

dfg/DFGLICMPhase.cpp:

(JSC::DFG::LICMPhase::attemptHoist):

dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::validateCPS):

12:12 PM Changeset in webkit [184404] by commit-queue@webkit.org

6 edits in trunk/Source

Limit alternate fullscreen with linked on or after.
https://bugs.webkit.org/show_bug.cgi?id=144894

Patch by Jeremy Jones <jeremyj@apple.com> on 2015-05-15
Reviewed by Dean Jackson.

Source/WebCore:

platform/ios/WebCoreSystemInterfaceIOS.h: add new wkIOSSystemVersion

Source/WebKit/mac:

WebView/WebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WebView _preferencesChanged:]):

Source/WebKit2:

UIProcess/API/Cocoa/WKWebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WKWebView initWithFrame:configuration:]):

12:07 PM Changeset in webkit [184403] by roger_fong@apple.com

2 edits in trunk/Source/WebCore

Unreviewed. Revert part of r184361.

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):
HI wants the buttons flipped.

11:44 AM Changeset in webkit [184402] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Fix trivial typo in TextEncodingDetectorICU.cpp.
https://bugs.webkit.org/show_bug.cgi?id=145055

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change..

platform/text/TextEncodingDetectorICU.cpp:

(WebCore::detectTextEncoding):

11:41 AM Changeset in webkit [184401] by ap@apple.com

2 edits in trunk/Source/WebCore

Cyrillic top-level domains are displayed as punycode
https://bugs.webkit.org/show_bug.cgi?id=145024
rdar://problem/17747133
rdar://problem/14116594

Reviewed by Tim Horton.

Handling each TLD in code is annoying, but we can probably survive like this
for a few more years, and maybe we'll think of an entirely different way to deal
with non-ASCII domain labels in the meanwhile.

platform/mac/WebCoreNSURLExtras.mm:

(WebCore::isSecondLevelDomainNameAllowedByTLDRules):
(WebCore::allCharactersAllowedByTLDRules):

11:40 AM Changeset in webkit [184400] by roger_fong@apple.com

2 edits in trunk/Source/WebCore

Cursor is displayed after full screen video controls fade away.
https://bugs.webkit.org/show_bug.cgi?id=145034.
<rdar://problem/20458604>

Reviewed by Jer Noble.

Modules/mediacontrols/mediaControlsApple.css:

(video::-webkit-media-controls-panel):
Unnecessary cursor style is on the control panel while hidden but
the cursor will already be hidden anyways from being auto-hidden.
Causes style to change when controls are hidden,
which causes the cursor to reappear.

11:25 AM Changeset in webkit [184399] by Chris Dumez

2 edits in trunk/Source/WebKit2

[WK2][Cocoa] Back swipe tab snapshot takes a long time to be removed on bing.com
https://bugs.webkit.org/show_bug.cgi?id=145061
<rdar://problem/20939743>

Reviewed by Tim Horton.

When swiping back from a video search result to the list of video
search results on bing.com, the back swipe gesture tab snapshot takes
~3 seconds to be removed, even though the page gets loaded almost
instantly from PageCache. The tab snapshot should be removed as soon as
the load is done.

The issue is that we only cleared the back swipe gesture tab snapshot
after PageClient::didFinishLoadForMainFrame() has been called. However,
PageClient::didFinishLoadForMainFrame() was only being called by
WebPageProxy if the main frame loaded *without* error. In case the main
frame loaded with an error, only WebPageProxy::didFailLoadForFrame() is
called, not WebPageProxy::didFinishLoadForFrame() and we would fail to
remove the gesture snapshot until the 3 seconds timeout.

This patch calls PageClient::didFinishLoadForMainFrame() from
WebPageProxy::didFailLoadForFrame() so we remove the snapshot in the
error case as well.

The reason didFailLoadForFrame() is being called on bing.com video
search results is because a "ping" load is aborted when the page is
entering PageCache. Aborting any kind of resource load sets a
"cancellation" error on the main document.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFailLoadForFrame):

11:21 AM Changeset in webkit [184398] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove an unused declaration.

dfg/DFGSpeculativeJIT.h:

11:09 AM Changeset in webkit [184397] by fpizlo@apple.com

5 edits in trunk/Source/JavaScriptCore

Remove unused constant-base and constant-value store barrier code in the DFG
https://bugs.webkit.org/show_bug.cgi?id=145039

Reviewed by Andreas Kling.

Just killing dead code.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Deleted.
(JSC::DFG::SpeculativeJIT::writeBarrier): Deleted.

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

10:58 AM Changeset in webkit [184396] by roger_fong@apple.com

2 edits in trunk/Source/WebCore

Checkmark on OFF option of captions sometimes does not appear.
https://bugs.webkit.org/show_bug.cgi?id=145060.
<rdar://problem/19388333>

Reviewed by Eric Carlson.

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.buildCaptionMenu):
Audio tracks don’t have an OFF option.
Remove related code to allow OFF option for subtitles to work properly.

10:39 AM Changeset in webkit [184395] by Alan Bujtas

17 edits
2 adds in trunk

White edge on animating panel on http://rokkosunnyvale.com
https://bugs.webkit.org/show_bug.cgi?id=144986
rdar://problem/20907683

Reviewed by Simon Fraser.

Background image geometry calculation needs to be based on the final painting size of the container
in order to accurately compute tile sizes, repeating positions etc.
The container's size is pixelsnapped at painting using absolute coordinates. This patch
ensures that we snap to the same size while computing background geometry.

Source/WebCore:

Test: fast/images/background-image-size-changes-fractional-position.html

rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::paintBoxDecorations):

rendering/RenderBox.cpp:

(WebCore::RenderBox::paintBoxDecorations):
(WebCore::RenderBox::paintBackground):
(WebCore::RenderBox::getBackgroundPaintedExtent):
(WebCore::RenderBox::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderBox::maskClipRect):
(WebCore::RenderBox::repaintLayerRectsForImage): unable to get absolute coords.

rendering/RenderBox.h:
rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintFillLayerExtended):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
(WebCore::RenderBoxModelObject::getGeometryForBackgroundImage):
(WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground):

rendering/RenderBoxModelObject.h:
rendering/RenderFieldset.cpp:

(WebCore::RenderFieldset::paintBoxDecorations):

rendering/RenderImage.cpp:

(WebCore::RenderImage::boxShadowShouldBeAppliedToBackground):
(WebCore::RenderImage::computeBackgroundIsKnownToBeObscured):

rendering/RenderImage.h:
rendering/RenderLayer.cpp: unable to get absolute coords.

(WebCore::RenderLayer::calculateClipRects):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundImage): currently not used.

rendering/RenderObject.h:

(WebCore::RenderObject::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderObject::backgroundIsKnownToBeObscured):

rendering/RenderTable.cpp:

(WebCore::RenderTable::paintBoxDecorations):

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::boxShadowShouldBeAppliedToBackground):

rendering/RenderTableCell.h:

LayoutTests:

fast/backgrounds/hidpi-bitmap-background-repeat-on-subpixel-position-expected.html: progression.
fast/images/background-image-size-changes-fractional-position-expected.html: Added.
fast/images/background-image-size-changes-fractional-position.html: Added.

10:15 AM Changeset in webkit [184394] by jer.noble@apple.com

3 edits in trunk/Source/WebCore

Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count
https://bugs.webkit.org/show_bug.cgi?id=145042

Reviewed by David Hyatt.

RenderFlowThread previously used a ListHashSet to store its stack of active objects. This
is problematic because, if the same object is pushed twice, only a single entry of that
object is added to the stack. After this occurs, a matching number of pushes will pop too
many items off the stack, causing a crash when popping a stack with zero items. This
specifically happens in FrameView::layout(), which will push its root renderer on the stack
of active items, and then ask the root to layout(), which will attempt to push itself on the
stack of active items.

Instead of a ListHashSet, use a Vector, which has similar memory characteristics and no
uniqueness requirements.

rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::pushFlowThreadLayoutState):
(WebCore::RenderFlowThread::popFlowThreadLayoutState):

rendering/RenderFlowThread.h:

9:46 AM Changeset in webkit [184393] by mitz@apple.com

2 edits in trunk/Source/WTF

Build fix for some versions of clang.

wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

8:32 AM Changeset in webkit [184392] by commit-queue@webkit.org

2 edits
1 add in trunk/LayoutTests

[GTK] Gardening 15th May.
https://bugs.webkit.org/show_bug.cgi?id=145047

Unreviewed.

Patch by Marcos Chavarría Teijeiro <mchavarria@igalia.com> on 2015-05-15

platform/gtk/TestExpectations:
platform/gtk/fast/events/ghostly-mousemoves-in-subframe-expected.txt: Added.

6:53 AM Changeset in webkit [184391] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.8.3

WebKitGTK+ 2.8.3

6:52 AM Changeset in webkit [184390] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.3 release.

Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

gtk/NEWS: Add release notes for 2.8.3.

6:50 AM Changeset in webkit [184389] by peavo@outlook.com

3 edits in trunk/Source/WebCore

[Curl] WebSocket platform part is not implemented.
https://bugs.webkit.org/show_bug.cgi?id=144628

Reviewed by Darin Adler.

Add Curl platform code implementation for WebSockets.

platform/network/curl/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):
(WebCore::SocketStreamHandle::SocketData::SocketData):

platform/network/curl/SocketStreamHandleCurl.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::platformSend):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::readData):
(WebCore::SocketStreamHandle::sendData):
(WebCore::SocketStreamHandle::waitForAvailableData):
(WebCore::SocketStreamHandle::startThread):
(WebCore::SocketStreamHandle::stopThread):
(WebCore::SocketStreamHandle::didReceiveData):
(WebCore::SocketStreamHandle::didOpenSocket):
(WebCore::SocketStreamHandle::createCopy):

5:56 AM Changeset in webkit [184388] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, but the ResourceHandle shouldn't
be cleaned up because it's still used for the download.

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::cleanup):

5:49 AM Changeset in webkit [184387] by Carlos Garcia Campos

3 edits
4 adds in releases/WebKitGTK/webkit-2.8

Merge r184373 - Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
compositing/parent-clipping-layer-on-subpixel-position.html: Added.

5:46 AM Changeset in webkit [184386] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r184355 - Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
editing/inserting/insert-table-in-paragraph-crash.html: Added.

5:44 AM Changeset in webkit [184385] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r184346 - String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

5:38 AM Changeset in webkit [184384] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r184334 - [GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

5:37 AM Changeset in webkit [184383] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184323 - REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:22 AM Changeset in webkit [184382] by Csaba Osztrogonác

6 edits in trunk/Tools

User interruption while running of run-webkit-tests should also generate results.html
https://bugs.webkit.org/show_bug.cgi?id=122154

Patch by Ravi Phaneendra Kasibhatla <r.kasibhatla@samsung.com> on 2015-05-15
Reviewed by Csaba Osztrogonác.

Generation of results.html on execution of run-webkit-tests happens only
on completion of entire layout tests run. It should be created even when
the execution has been interrupted - either by user (by pressing Ctrl+C)
or because of other interruptions (like exit-after-n-failures option).

Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:

(LayoutTestRunner.run_tests):

Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

Scripts/webkitpy/layout_tests/models/test_run_results.py:

(TestRunResults.init):

Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(main):

Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:

(RunTest.test_keyboard_interrupt):
(MainTest.test_exception_handling):

5:04 AM Changeset in webkit [184381] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184293 - Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

4:59 AM Changeset in webkit [184380] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r184219 - REGRESSION(r175617): Some text doesn't render on internationalculinarycenter.com
https://bugs.webkit.org/show_bug.cgi?id=144917
rdar://problem/20545878

Reviewed by Andreas Kling.

This patch ensures that text stroke width value is taken into account while
calculating visual overflow for simple line layout.
Ceiling the text stroke width value matches the normal text layout behaviour.

Source/WebCore:

Test: fast/text/simple-line-layout-text-stroke-width.html

rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

fast/text/simple-line-layout-text-stroke-width-expected.txt: Added.
fast/text/simple-line-layout-text-stroke-width.html: Added.

4:54 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com

(diff)

4:00 AM Changeset in webkit [184379] by Csaba Osztrogonác

2 edits in trunk/Tools

[buildbot] Fix the URL of the performance bots
https://bugs.webkit.org/show_bug.cgi?id=145043

Reviewed by Ryosuke Niwa.

BuildSlaveSupport/build.webkit.org-config/templates/root.html:

2:50 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com

(diff)

2:22 AM Changeset in webkit [184378] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Fix typo in function name parseFunctionParamters -> parseFunctionParameters
https://bugs.webkit.org/show_bug.cgi?id=145040

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-15
Reviewed by Mark Lam.

parser/Parser.h:
parser/Parser.cpp:

1:42 AM Changeset in webkit [184377] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184273 - [EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

The pixmap is created and passed to eglCreatePixmapSurface(), but
never released. eglCreatePixmapSurface() doesn't take the
ownership of the pixmap, so we should explicitly free it when the
GLContextEGL is destroyed.

platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createPixmapContext): Use XUniquePixmap
and transfer the ownership to the context by using the new
constructor that receives a XUniquePixmap&&.
(WebCore::GLContextEGL::createContext): createPixmapContext() is
now only defined for X11.
(WebCore::GLContextEGL::GLContextEGL): New constructor that
receives a XUniquePixmap&&.

platform/graphics/egl/GLContextEGL.h: Add new constructor and

initialize the cairo device when defined to simplify constructors.

1:03 AM Changeset in webkit [184376] by Carlos Garcia Campos

5 edits in trunk/Source

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Add ResourceHandle::releaseForDownload() that releases the current
handle to be used as a download.

platform/network/ResourceHandle.h:
platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::ResourceHandle::releaseForDownload):

Source/WebKit2:

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, and the ResourceHandle is
cleaned up aborting the download operation. We need to use a
different ResourceHandle for the download operation.

Shared/Downloads/soup/DownloadSoup.cpp:

(WebKit::Download::startWithHandle): Use ResourceHandle::releaseForDownload()
instead of reusing the given handle.

1:01 AM Changeset in webkit [184375] by rniwa@webkit.org

3 edits in trunk/LayoutTests

Removed failing test expectations from passing tests.

TestExpectations:
platform/mac/TestExpectations:

12:05 AM Changeset in webkit [184374] by zandobersek@gmail.com

2 edits in trunk/Source/WebCore

[GTK] Fix PlatformDisplayWayland construction error, implement the destructor
https://bugs.webkit.org/show_bug.cgi?id=144997

Reviewed by Carlos Garcia Campos.

The PlatformDisplayWayland constructor is private, so we can't use
std::make_unique<>() to construct an object of this class.

Implement the PlatformDisplayWayland destructor, cleaning out all
the Wayland resources, if present.

platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):
(WebCore::PlatformDisplayWayland::PlatformDisplayWayland):
(WebCore::PlatformDisplayWayland::~PlatformDisplayWayland):

May 14, 2015:

10:09 PM Changeset in webkit [184373] by Alan Bujtas

3 edits
4 adds in trunk

Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
compositing/parent-clipping-layer-on-subpixel-position.html: Added.

10:07 PM Changeset in webkit [184372] by Chris Dumez

6 edits in trunk/Source/WebCore

Have DOMWindow::createWindow() take references to frames
https://bugs.webkit.org/show_bug.cgi?id=145037

Reviewed by Gyuyoung Kim.

Have DOMWindow::createWindow() take references to frames instead of
pointers as they are expected to be non-null. Also return a RefPtr
instead of a PassRefPtr.

inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

loader/FrameLoader.cpp:

(WebCore::createWindow):

loader/FrameLoader.h:
page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):

page/DOMWindow.h:

9:43 PM Changeset in webkit [184371] by Simon Fraser

5 edits
2 adds in trunk

REGRESSION (r183794): Garbage tiles when body background switches to fixed
https://bugs.webkit.org/show_bug.cgi?id=145032
rdar://problem/20963679

Reviewed by Dean Jackson.

Source/WebCore:

After r183794 (or possibly an earlier commit), we failed to dynamically update
the configuration of layers that handled fixed background attachment on the root.

This would result in unpainted tiles, and non-fixed-background behavior.

Fix by calling RenderLayerCompositor::rootOrBodyStyleChanged() whenever the
style changes on the root or body renderers, and triggering a compositing update
if the fixedness of the background changes. It calls the existing rootBackgroundTransparencyChanged()
if the color changes.

Test: platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html

rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
(WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged):

rendering/RenderLayerCompositor.h:

LayoutTests:

Test that toggles the attachment of the body background to fixed, then dumps layers.

platform/mac-wk2/tiled-drawing/toggle-to-fixed-background-expected.txt: Added.
platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html: Added.

9:39 PM Changeset in webkit [184370] by beidson@apple.com

17 edits in trunk/Source/WebKit2

Rename connectionDidClose and related methods to be more clear.
https://bugs.webkit.org/show_bug.cgi?id=145030

Reviewed by Darin Adler.

These methods were easy to confuse with "Connection::Client::didClose()", yet they
were about something much more explicit: A child process being shut down by the UI Process.

Let's call them as such.

Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess):
(WebKit::ChildProcessProxy::clearConnection): Deleted.
(WebKit::ChildProcessProxy::connectionDidClose): Deleted.

Shared/ChildProcessProxy.h:

UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::processWillShutDown):

UIProcess/Databases/DatabaseProcessProxy.h:

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::processWillShutDown):

UIProcess/Network/NetworkProcessProxy.h:

UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::processWillShutDown):

UIProcess/Plugins/PluginProcessProxy.h:

UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::webProcessWillShutDown):
(WebKit::WebFrameProxy::disconnect): Deleted.

UIProcess/WebFrameProxy.h:

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::webProcessWillShutDown):
(WebKit::WebPageProxy::connectionDidClose): Deleted.

UIProcess/WebPageProxy.h:

UIProcess/WebProcessLifetimeTracker.cpp:

(WebKit::WebProcessLifetimeTracker::webProcessWillShutDown):
(WebKit::WebProcessLifetimeTracker::connectionDidClose): Deleted.

UIProcess/WebProcessLifetimeTracker.h:

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::didClose):
(WebKit::WebProcessProxy::disconnectFramesFromPage):
(WebKit::WebProcessProxy::shouldTerminate):
(WebKit::WebProcessProxy::requestTermination):
(WebKit::WebProcessProxy::connectionDidClose): Deleted.
(WebKit::WebProcessProxy::disconnect): Deleted.

UIProcess/WebProcessProxy.h:

9:36 PM Changeset in webkit [184369] by mitz@apple.com

2 edits in trunk/Source/WTF

Reverted r177753, now that <rdar://problem/19347133> is fixed.

Rubber-stamped by Benjamin Poulain.

wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

9:14 PM Changeset in webkit [184368] by fpizlo@apple.com

15 edits in trunk/Source/JavaScriptCore

Remove StoreBarrierWithNullCheck, nobody ever generates this.

Rubber stamped by Benjamin Poulain and Michael Saboff.

If we did bring something like this back in the future, we would just use UntypedUse instead
of CellUse to indicate that this is what we want.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNode.h:

(JSC::DFG::Node::isStoreBarrier):

dfg/DFGNodeType.h:
dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStoreBarrier):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck): Deleted.

8:51 PM Changeset in webkit [184367] by fpizlo@apple.com

7 edits in trunk/Source/JavaScriptCore

PutGlobalVar should reference the global object it's storing into
https://bugs.webkit.org/show_bug.cgi?id=145036

Reviewed by Michael Saboff.

This makes it easier to reason about store barrier insertion and elimination. This changes
the format of PutGlobalVar so that child1 is the global object and child2 is the value.
Previously it just had child1, and that was the value.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):

8:28 PM Changeset in webkit [184366] by commit-queue@webkit.org

8 edits in trunk/Source/WebCore

Unreviewed, rolling out r184359 and r184362.
https://bugs.webkit.org/show_bug.cgi?id=145035

Introduced a crash in six media element tests (Requested by
rniwa on #webkit).

Reverted changesets:

"[MediaControls] Refactor media controls & bring improvements
made to iOS controls to Mac."
https://bugs.webkit.org/show_bug.cgi?id=144973
http://trac.webkit.org/changeset/184359

"Unreviewed build fix after r184359; typo."
http://trac.webkit.org/changeset/184362

7:03 PM Changeset in webkit [184365] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Some CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=145025.
and
rdar://problem/20646308.

Patch by Zhuo Li <zachli@apple.com> on 2015-05-14
Reviewed by Alexey Proskuryakov.

UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate):

5:25 PM Changeset in webkit [184364] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Update the New Tab button disabled state after extra domains are activated
https://bugs.webkit.org/show_bug.cgi?id=145028

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-14
Reviewed by Timothy Hatcher.

UserInterface/Base/Main.js:

(WebInspector.activateExtraDomains):

5:08 PM Changeset in webkit [184363] by Michael Catanzaro

4 edits in trunk

[CMake] Error out when ruby is too old
https://bugs.webkit.org/show_bug.cgi?id=145014

Reviewed by Martin Robinson.

Error out immediately after checking for Ruby if the ruby executable is not found, or if it
is too old.

CMakeLists.txt:

Source/JavaScriptCore:

Don't enforce the check for the Ruby executable here; it's now enforced in the top-level
CMakeLists.txt instead.

CMakeLists.txt:

4:52 PM Changeset in webkit [184362] by jer.noble@apple.com

2 edits in trunk/Source/WebCore

Unreviewed build fix after r184359; typo.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

4:40 PM Changeset in webkit [184361] by roger_fong@apple.com

3 edits in trunk/Source/WebCore

Adjust button CSS and positioning in preparation.
https://bugs.webkit.org/show_bug.cgi?id=144973.
<rdar://problem/20306227>

Reviewed by Dean Jackson.

The only visual change here is the swapping of the rewind and play button positions.
Also, position buttons based off of both left and right margins instead of just one of the two.
This allows the controls drop off to work without having to use a spacer element to take the place
of the timeline if the controls are too small.

Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-time-remaining-display):
(audio:-webkit-full-screen::-webkit-media-controls-toggle-closed-captions-button):
(audio:-webkit-full-screen::-webkit-media-controls-wireless-playback-picker-button):

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):

4:35 PM Changeset in webkit [184360] by dino@apple.com

2 edits in trunk/Source/WebCore

MediaControls: controls are live even when invisible
https://bugs.webkit.org/show_bug.cgi?id=145029
<rdar://problem/20865442>

Reviewed by Jer Noble.

When the controls are invisible they should ignore touch/mouse
events.

Modules/mediacontrols/mediaControlsiOS.css: Add pointer-events: none where appropriate.

(video::-webkit-media-controls-panel-container):
(video::-webkit-media-controls-panel-background):
(video::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel.paused):

4:27 PM Changeset in webkit [184359] by jer.noble@apple.com

8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

Modules/mediacontrols/mediaControlsApple.js:

to controlsAlwaysVisible().

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

Modules/mediacontrols/mediaControlsiOS.js:

Fire a "resize" event at the shadow DOM root when layout results in a size change.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

html/HTMLMediaElement.h:
rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

rendering/RenderMedia.h:

Drive-by fixes:

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

3:46 PM Changeset in webkit [184358] by timothy_horton@apple.com

20 edits in trunk

Add a layout mode that scales down the view to try to fit the document
https://bugs.webkit.org/show_bug.cgi?id=145022
<rdar://problem/19790341>

Reviewed by Dean Jackson.

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

Shared/WebPageCreationParameters.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setShouldScaleViewToFitDocument):

UIProcess/WebPageProxy.h:
WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setShouldScaleViewToFitDocument):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setShouldScaleViewToFitDocument):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

Plumb shouldScaleViewToFitDocument through to the DrawingArea.

UIProcess/mac/WKViewLayoutStrategy.mm:

(+[WKViewLayoutStrategy layoutStrategyWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy initWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy updateLayout]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy willChangeLayoutStrategy]):

UIProcess/API/C/WKLayoutMode.h:
UIProcess/API/Cocoa/_WKLayoutMode.h:

Add a new layout mode, which just turns on shouldScaleViewToFitDocument,
and otherwise behaves as normal.

WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setShouldScaleViewToFitDocument):
(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
On every flush where either the document size or view size has changed,
or layout is outstanding, do a layout with fixed layout off to determine
whether the document fits inside the view. If it doesn't, scale it down
to fit. This will require an extra layout for every resize while in the
scaled-down state, but there is potential for future optimization.

MiniBrowser/mac/BrowserWindow.xib:
MiniBrowser/mac/BrowserWindowController.h:
MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController toggleShrinkToFit:]):
(-[WK2BrowserWindowController toggleUseMinimumViewSize:]): Deleted.
Switch to _WKLayoutModeDynamicSizeComputedFromMinimumDocumentSize.

3:29 PM Changeset in webkit [184357] by Michael Catanzaro

2 edits in trunk/Tools

[CMake] Don't read the LOCATION property of targets
https://bugs.webkit.org/show_bug.cgi?id=145018

Reviewed by Martin Robinson.

Use the TARGET_FILE_DIR generator expression to determine the location of the test injected
bundle, rather than assuming that the LOCATION property of TestWebKitAPIInjectedBundle will
be the same at configure-time as it is at generate-time.

TestWebKitAPI/CMakeLists.txt:

2:43 PM Changeset in webkit [184356] by andersca@apple.com

5 edits in trunk/Source/WebKit2

Local storage origins should include origins with transient local storage
https://bugs.webkit.org/show_bug.cgi?id=145017
rdar://problem/10690447

Reviewed by Sam Weinig.

The transient local storage namespaces are used for third party data blocking and will stay
around until the UI process exits so we need to be able to include website data from transient storage
in the website data store APIs.

UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::TransientLocalStorageNamespace::origins):
(WebKit::StorageManager::getLocalStorageOrigins):

UIProcess/Storage/StorageManager.h:
UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):

2:39 PM Changeset in webkit [184355] by rniwa@webkit.org

4 edits
2 adds in trunk

Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
editing/inserting/insert-table-in-paragraph-crash.html: Added.

2:32 PM Changeset in webkit [184354] by basile_clement@apple.com

4 edits in trunk/Source/JavaScriptCore

Enforce options coherency
https://bugs.webkit.org/show_bug.cgi?id=144921

Reviewed by Mark Lam.

JavaScriptCore should be failing early when the options are set in such
a way that we don't have a meaningful way to execute JavaScript, rather
than failing for obscure reasons at some point during execution.

This patch adds a new function that checks whether the options are set
in a coherent way, and makes JSC::Options::initialize() crash when the
environment enforces incoherent options.
Client applications able to add or change additional options are
responsible to check for coherency again before starting to actually
execute JavaScript, if any additional options have been set. This is
implemented for the jsc executable in this patch.

jsc.cpp:

(CommandLine::parseArguments):

runtime/Options.cpp:

(JSC::Options::initialize):
(JSC::Options::ensureOptionsAreCoherent): Added.

runtime/Options.h:

(JSC::Options::ensureOptionsAreCoherent): Added.

2:28 PM Changeset in webkit [184353] by mmaxfield@apple.com

13 edits
1 delete in trunk

[Mac] Expose more font weights for -apple-system
https://bugs.webkit.org/show_bug.cgi?id=144707

Reviewed by Simon Fraser.

Source/WebCore:

Previously, when we parsed a CSS declaration of the form font: keyword; where keyword
is one of caption, icon, menu, message-box, small-caption, -webkit-mini-control, -webkit-small-control,
or -webkit-control (which html.css does for form controls), we would ask the system what the appropriate
system font is, get that font's family name, and synthesize a font-family CSS property for the element.
Then, later when we actually go to look up the font, we would look up the font by family name using this
information. However, this round-tripping of a font through a family name is actually lossy, and is not
guaranteed to preserve system-font-ness (which we use for various things including metrics calculations).

This patch modifies this logic to specify a token family name instead, which the font lookup code special
cases (and reacts by making the appropriate system-font lookup call). This approach is currently how iOS
handles these system fonts; this patch simply brings this approach to OS X.

There is also an added progression here. We used to simply call [NSFont fontWithName:size:] on the system
font family name (which the parser found for us) which entirely disregards weight. This means that we
used to be getting synthesized bold in form controls which ask for a heavy weight. Migrating to this
system-font aware call means that we get the real bold font instead of synthesized bold.

Once this system-font-ness is guaranteed to be preserved between parsing time and font lookup time, we
can safely migrate to using [NSFont systemFontOfSize:weight] instead of [NSFont systemFontOfSize:] on
platforms which support it.

Tests: fast/text/systemFont.html

fast/css/css2-system-fonts.html
fast/forms/select/optgroup-rendering.html
fast/forms/validation-message-appearance.html

css/CSSParser.cpp:

(WebCore::CSSParser::parseSystemFont): Add a comment regarding why we are bothering with expanding out
the font property in the first place.

platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::FontCascade::primaryFontIsSystemFont): Update to use new system font tokens.

platform/graphics/mac/FontCacheMac.mm:

(WebCore::toNSFontWeight): New static method to map font weights to NSFontWeight constants available on
Yosemite and later.
(WebCore::fontWithFamilySpecialCase): Pull all these special-case font token name handling into a
separate function, which returns an Optional.
(WebCore::fontWithFamily):

platform/mac/ThemeMac.mm:

(WebCore::ThemeMac::controlFont): Use the font token name instead of the generated system font family
name.

platform/spi/mac/NSFontSPI.h: Add [NSFont systemFontWithSize:weight:] and the proper NSFontWeight

constants.

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Use the font token names instead of the
generated system font family name.
(WebCore::RenderThemeMac::setFontFromControlSize): Ditto.

LayoutTests:

platform/mac/fast/text/systemFont-expected.txt: Update expectations.
platform/mac/fast/text/systemFont.html: Update test to include font weights for -apple-system.
platform/mac/fast/css/css2-system-fonts-expected.txt: Updated to not hardcode the system font family name.
platform/mac-mavericks/fast/css/css2-system-fonts-expected.txt: Ditto.
platform/mac/fast/forms/select/optgroup-rendering-expected.txt: Updated to not use synthetic bold.
platform/mac/fast/forms/validation-message-appearance-expected.txt: Ditto.

2:24 PM Changeset in webkit [184352] by Yusuke Suzuki

3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
https://bugs.webkit.org/show_bug.cgi?id=145019

Reviewed by Ryosuke Niwa.

Attempt to fix compile errors in EFL ARM buildbots.
By executing nm, found JSTemplateRegistryKey.cpp.o and TemplateRegistry.cpp.o have
unresolved reference to Structure::get. That is inlined function in StructureInlines.h.

runtime/JSTemplateRegistryKey.cpp:
runtime/TemplateRegistry.cpp:

2:19 PM Changeset in webkit [184351] by roger_fong@apple.com

4 edits in trunk/Source/WebCore

Add internals setting to disable wireless playback availability for layout tests
https://bugs.webkit.org/show_bug.cgi?id=145012.
<rdar://problem/20946504>

Reviewed by Eric Carlson.

testing/InternalSettings.cpp:

(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setWirelessPlaybackDisabled):

testing/InternalSettings.idl:

1:56 PM Changeset in webkit [184350] by bshafiei@apple.com

5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

1:38 PM Changeset in webkit [184349] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Small refactoring before implementation of the ES6 arrow function.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-14
Reviewed by Ryosuke Niwa.

parser/Parser.h:
parser/Parser.cpp:

1:27 PM Changeset in webkit [184348] by bshafiei@apple.com

1 copy in tags/Safari-601.1.32.2.1

New tag.

12:58 PM Changeset in webkit [184347] by Yusuke Suzuki

3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): ASSERT failed in debug builds for tagged templates
https://bugs.webkit.org/show_bug.cgi?id=145013

Reviewed by Filip Pizlo.

Fix the regression introduced by r184337.

JSTemporaryRegistryKey::s_info should inherit the Base::s_info, JSDestructibleObject::s_info.

The first register argument of BytecodeGenerator::emitNode should be a referenced register if it is a temporary register.

bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):

runtime/JSTemplateRegistryKey.cpp:

12:07 PM Changeset in webkit [184346] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

11:17 AM Changeset in webkit [184345] by Beth Dakin

5 edits in trunk/Source

Change range of possible forces for mouseforcechanged DOM event
https://bugs.webkit.org/show_bug.cgi?id=144987
-and corresponding-
rdar://problem/20472802

Reviewed by Tim Horton.

Change to a 0-3 range.
Source/WebCore:

platform/PlatformMouseEvent.h:
platform/mac/PlatformEventFactoryMac.mm:

(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

Source/WebKit2:

Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

11:11 AM Changeset in webkit [184344] by Yusuke Suzuki

2 edits in trunk/Source/JavaScriptCore

Change the status of ES6 tagged templates to Done in features.json
https://bugs.webkit.org/show_bug.cgi?id=145003

Reviewed by Benjamin Poulain.

Now it's implemented in r184337.

features.json:

10:59 AM Changeset in webkit [184343] by bshafiei@apple.com

5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

10:55 AM Changeset in webkit [184342] by bshafiei@apple.com

1 copy in branches/safari-601.1.32.2-branch

New Branch.

10:55 AM Changeset in webkit [184341] by mmaxfield@apple.com

9 edits in trunk

Add String literal overloads to equalIgnoringASCIICase()
https://bugs.webkit.org/show_bug.cgi?id=145008

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-05-14
Reviewed by Benjamin Poulain.

Source/WTF:

Create an overload for equalIgnoringASCIICase for string literals.

wtf/text/StringImpl.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

wtf/text/StringImpl.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

wtf/text/StringView.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

wtf/text/StringView.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

wtf/text/WTFString.h:

(WTF::equalIgnoringASCIICase): Delegate to StringImpl's implementation.

Tools:

Test changes to WTF.

TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(WTF.StringImplEqualIgnoringASCIICaseBasic): Test const char*.
(WTF.StringImplEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

TestWebKitAPI/Tests/WTF/StringView.cpp:

(WTF.StringViewEqualIgnoringASCIICaseBasic): Ditto.
(WTF.StringViewEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

10:36 AM Changeset in webkit [184340] by Yusuke Suzuki

6 edits
1 add in trunk/Source/JavaScriptCore

Introduce SymbolType into SpeculativeTypes
https://bugs.webkit.org/show_bug.cgi?id=142651

Reviewed by Filip Pizlo.

Introduce SpecSymbol type into speculative types.
Previously symbol type is categorized into SpecCellOther.
But SpecCellOther is not intended to be used for such cells.

This patch just introduces SpecSymbol.
It represents the type of target value is definitely the symbol type.
It is the part of SpecCell.

In this patch, we do not introduce SymbolUse tracking.
It will be added in the separate patch.

bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromStructure):

bytecode/SpeculatedType.h:

(JSC::isSymbolSpeculation):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::setType):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

tests/stress/typeof-symbol.js: Added.

9:37 AM Changeset in webkit [184339] by Manuel Rego Casasnovas

7 edits in trunk/Source/WebCore

Fix typo in RenderBox::instrinsicScrollbarLogicalWidth()
https://bugs.webkit.org/show_bug.cgi?id=144999

Reviewed by Sergio Villar Senin.

Rename RenderBox::instrinsicScrollbarLogicalWidth() to
RenderBox::intrinsicScrollbarLogicalWidth().

No new tests, no behavior changes.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeIntrinsicLogicalWidths):

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):

rendering/RenderBox.cpp:

(WebCore::RenderBox::intrinsicScrollbarLogicalWidth):
(WebCore::RenderBox::instrinsicScrollbarLogicalWidth): Deleted.

rendering/RenderBox.h:
rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::computeIntrinsicLogicalWidths):

rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths):

9:31 AM Changeset in webkit [184338] by fpizlo@apple.com

2 edits in trunk/LayoutTests

Unreviewed, skip js/regress-141098.html. The fix will be tracked in https://bugs.webkit.org/show_bug.cgi?id=145007

TestExpectations:

9:07 AM Changeset in webkit [184337] by Yusuke Suzuki

24 edits
11 adds in trunk/Source/JavaScriptCore

[ES6] Implement tagged templates
https://bugs.webkit.org/show_bug.cgi?id=143183

Reviewed by Oliver Hunt.

This patch implements ES6 tagged templates.
In tagged templates, the function takes the template object.

The template object contains the raw and cooked template strings,
so when parsing the tagged templates, we need to tokenize the raw and cooked strings.
While tagged templates require the both strings, the template literal only requires
the cooked strings. So when tokenizing under the template literal context,
we only builds the cooked strings.

As per ES6 spec, the template objects for the same raw strings are shared in the same realm.
The template objects is cached. And every time we evaluate the same tagged templates,
the same (cached) template objects are used.
Since the spec freezes this template objects completely,
we cannot attach some properties to it.
So we can say that it behaves as if the template objects are the primitive values (like JSString).
Since we cannot attach properties, the only way to test the identity of the template object is comparing. (===)
As the result, when there is no reference to the template object, we can garbage collect it
because the user has no way to test that the newly created template object does not equal
to the already collected template object.

So, to implement tagged templates, we implement the following components.

JSTemplateRegistryKey

It holds the template registry key and it does not exposed to users.
TemplateRegistryKey holds the vector of raw and cooked strings with the pre-computed hash value.
When obtaining the template object for the (statically, a.k.a. at the parsing time) given raw string vectors,
we use this JSTemplateRegistryKey as a key to the map and look up the template object from
TemplateRegistry.
JSTemplateRegistryKey is created at the bytecode compiling time and
stored in the CodeBlock as like as JSString content values.

TemplateRegistry

This manages the cached template objects.
It holds the weak map (JSTemplateRegistryKey -> the template object).
The template object is weakly referenced.
So if there is no reference to the template object,
the template object is automatically GC-ed.
When looking up the template object, it searches the cached template object.
If it is found, it is returned to the users.
If there is no cached template objects, it creates the new template object and
stores it with the given template registry key.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):

bytecompiler/BytecodeGenerator.h:
bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode): Deleted.

parser/ASTBuilder.h:

(JSC::ASTBuilder::createTaggedTemplate):
(JSC::ASTBuilder::createTemplateLiteral): Deleted.

parser/Lexer.cpp:

(JSC::Lexer<T>::setCode):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTrailingTemplateString):
(JSC::Lexer<T>::clear):

parser/Lexer.h:

(JSC::Lexer<T>::makeEmptyIdentifier):

parser/NodeConstructors.h:

(JSC::TaggedTemplateNode::TaggedTemplateNode):
(JSC::TemplateLiteralNode::TemplateLiteralNode): Deleted.

parser/Nodes.h:

(JSC::TemplateLiteralNode::templateStrings):
(JSC::TemplateLiteralNode::templateExpressions):
(JSC::TaggedTemplateNode::templateLiteral):

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):

parser/Parser.h:
parser/ParserArena.h:

(JSC::IdentifierArena::makeEmptyIdentifier):

parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createTaggedTemplate):
(JSC::SyntaxChecker::createTemplateLiteral): Deleted.

runtime/CommonIdentifiers.h:
runtime/JSGlobalObject.cpp:

(JSC::getTemplateObject):
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::templateRegistry):

runtime/JSTemplateRegistryKey.cpp: Added.

(JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
(JSC::JSTemplateRegistryKey::create):
(JSC::JSTemplateRegistryKey::destroy):

runtime/JSTemplateRegistryKey.h: Added.
runtime/ObjectConstructor.cpp:

(JSC::objectConstructorFreeze):

runtime/ObjectConstructor.h:
runtime/TemplateRegistry.cpp: Added.

(JSC::TemplateRegistry::TemplateRegistry):
(JSC::TemplateRegistry::getTemplateObject):

runtime/TemplateRegistry.h: Added.
runtime/TemplateRegistryKey.h: Added.

(JSC::TemplateRegistryKey::isDeletedValue):
(JSC::TemplateRegistryKey::isEmptyValue):
(JSC::TemplateRegistryKey::hash):
(JSC::TemplateRegistryKey::rawStrings):
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::operator==):
(JSC::TemplateRegistryKey::operator!=):
(JSC::TemplateRegistryKey::Hasher::hash):
(JSC::TemplateRegistryKey::Hasher::equal):
(JSC::TemplateRegistryKey::TemplateRegistryKey):

runtime/VM.cpp:

(JSC::VM::VM):

runtime/VM.h:
tests/stress/tagged-templates-identity.js: Added.

(shouldBe):

tests/stress/tagged-templates-raw-strings.js: Added.

(shouldBe):
(tag):
(testEval):

tests/stress/tagged-templates-syntax.js: Added.

(tag):
(testSyntax):
(testSyntaxError):

tests/stress/tagged-templates-template-object.js: Added.

(shouldBe):
(tag):

tests/stress/tagged-templates-this.js: Added.

(shouldBe):
(tag):

tests/stress/tagged-templates.js: Added.

(shouldBe):
(raw):
(cooked):
(Counter):

8:33 AM Changeset in webkit [184336] by Matt Baker

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Current time marker is always at zero in Rendering Frames ruler
https://bugs.webkit.org/show_bug.cgi?id=144518

Reviewed by Timothy Hatcher.

The current and end time values for the rendering frame timeline overview should always be equal to the frame
number of the last record in the rendering frames timeline.

UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.updateLayout):

UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._recordingTimesUpdated):

3:52 AM Changeset in webkit [184335] by zandobersek@gmail.com

2 edits in trunk

[GTK] Enable plugin-related CMake options and variables for the X11 target only
https://bugs.webkit.org/show_bug.cgi?id=144995

Reviewed by Carlos Garcia Campos.

Source/cmake/OptionsGTK.cmake: Plugins are only supported for

the X11 windowing target at the moment, so the following options
and variables should be enabled or disabled accordingly:

ENABLE_PLUGIN_PROCESS_GTK2
ENABLE_NETSCAPE_PLUGIN_API
ENABLE_PLUGIN_PROCESS

2:33 AM Changeset in webkit [184334] by zandobersek@gmail.com

3 edits in trunk/Source/WebKit2

[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

2:32 AM Changeset in webkit [184333] by zandobersek@gmail.com

2 edits in trunk/Source/WTF

[GTK] RunLoop constructor should properly retrieve or establish the thread-default GMainContext
https://bugs.webkit.org/show_bug.cgi?id=144732

Reviewed by Carlos Garcia Campos.

RunLoop constructor in the GTK implementation should use the
existing thread-default context, create a new one if not on
the main thread, or use the global-default one if on the main
thread.

In RunLoop::run(), the GMainContext should then be pushed as
the thread-default before calling g_main_loop_run(), and popped
off when the main loop stops.

wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::run):

12:59 AM Changeset in webkit [184332] by Gyuyoung Kim

2 edits in trunk/LayoutTests

[EFL] Unskip passing AX tests since r184198

Unreviewed EFL gardening.

platform/efl/TestExpectations: Two AX tests have been passed since r184198.

12:57 AM Changeset in webkit [184331] by youenn.fablet@crf.canon.fr

12 edits
2 adds in trunk

SharedBuffer::createWithContentsOfFile should use map file routines
https://bugs.webkit.org/show_bug.cgi?id=144192

Reviewed by Darin Adler.

Source/WebCore:

Made use of mmap routines within SharedBuffer::createWithContentsOfFile for EFL, GTK and Mac ports.
If mapping is failing, it falls back to the previous version of SharedBuffer::createWithContentsOfFile renamed as
SharedBuffer::createFromReadingFile (using open/read method).
File content is mapped until SharedBuffer is cleared, destroyed or additional content is appended to the SharedBuffer.

A helper class, MappedFileData, is introduced to handle mapped files through calls to open/mmap/munmap/close.

Patch covered by existing layout tests and added unit tests.

platform/FileSystem.cpp:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator=):
(WebCore::MappedFileData::~MappedFileData):

platform/FileSystem.h:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator bool):
(WebCore::MappedFileData::data):
(WebCore::MappedFileData::size):

platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::createWithContentsOfFile): Making use of MappedFileData before using createFromReadingFile.
(WebCore::SharedBuffer::size): Checking whether data is coming from a MappedFileData.
(WebCore::SharedBuffer::data): Ditto.
(WebCore::SharedBuffer::append): Ditto.
(WebCore::SharedBuffer::clear): Clearing MappedFileData if needed.
(WebCore::SharedBuffer::copy): Transferring mapped data to buffer if needed.
(WebCore::SharedBuffer::getSomeData):
(WebCore::SharedBuffer::maybeTransferMappedFileData):

platform/SharedBuffer.h:
platform/gtk/SharedBufferGtk.cpp:

(WebCore::SharedBuffer::createFromReadingFile): renamed from createWithContentsOfFile.

platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createFromReadingFile): Dito.

platform/posix/SharedBufferPOSIX.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

platform/win/SharedBufferWin.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

Tools:

Adding SharedBuffer and FileSystem Unit tests to Mac and GTK, not yet for EFL.

TestWebKitAPI/PlatformGTK.cmake:
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebCore/FileSystem.cpp: Added.

(TestWebKitAPI::FileSystemTest::tempFilePath):
(TestWebKitAPI::FileSystemTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp: Added.

(TestWebKitAPI::SharedBufferTest::tempFilePath):
(TestWebKitAPI::SharedBufferTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

May 13, 2015:

10:59 PM Changeset in webkit [184330] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
https://bugs.webkit.org/show_bug.cgi?id=144953

Reviewed by Martin Robinson.

Return early if we fail to get the birthtime xattr.

NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::fileTimes):

10:10 PM Changeset in webkit [184329] by Simon Fraser

5 edits in trunk/Source/WebCore

Get the ScriptController from the correct frame for media elements and plug-ins
https://bugs.webkit.org/show_bug.cgi?id=144983
rdar://problem/20692642&19943135

Reviewed by Sam Weinig.

HTMLMediaElement, QuickTimePluginReplacement and HTMLPlugInImageElement were
getting the main frame's ScriptController instead of the one for their frame.
This caused media controls JS to be running in the context of the main frame,
which broke media controls which use getCSSCanvasContext() and -webkit-canvas.

Fix by getting the frame via the element's document.

Also undo r180584 which was working around this bug.

Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.drawTimelineBackground):

Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
(WebCore::QuickTimePluginReplacement::installReplacement):

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

9:19 PM Changeset in webkit [184328] by rniwa@webkit.org

12 edits
1 add in trunk/Source/JavaScriptCore

REGRESSION(r180595): same-callee profiling no longer works
https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Filip Pizlo.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

bytecode/BytecodeList.json: Increased the number of operands to 5.
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior and/or we've OSR exited here.
(JSC::JIT::emitSlow_op_create_this):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):

llint/LowLevelInterpreter32_64.asm:

(_llint_op_create_this): Ditto.

llint/LowLevelInterpreter64.asm:

(_llint_op_create_this): Ditto.

runtime/CommonSlowPaths.cpp:

(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().

runtime/JSCell.h:

(JSC::JSCell::seenMultipleCalleeObjects): Added.

runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.

tests/stress/create-this-with-callee-variants.js: Added.

9:07 PM Changeset in webkit [184327] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Fix trivial typos in ApplyBlockElementCommand
https://bugs.webkit.org/show_bug.cgi?id=144984

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change.

editing/ApplyBlockElementCommand.cpp:

(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded):
(WebCore::ApplyBlockElementCommand::endOfNextParagrahSplittingTextNodesIfNeeded): Deleted.

editing/ApplyBlockElementCommand.h:

8:07 PM Changeset in webkit [184326] by dbates@webkit.org

13 edits in trunk/Source/WebKit2

Rename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel}PrepareToSuspend()
https://bugs.webkit.org/show_bug.cgi?id=144619
<rdar://problem/20812779>

Reviewed by Andy Estes.

The names of the functions ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() are misnomers. These
functions are called when the ProcessThrottler wants to prepare the process that it manages for suspension
and changes its mind, respectively. That is, these functions do not actually correspond to the OS decision
to suspend a process or cancel the suspension of a process, respectively. So, rename these functions and
associated {Network, Web}ProcessProxy message names to better describe their purpose.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::cancelPrepareToSuspend):
(WebKit::NetworkProcess::processWillSuspend): Deleted.
(WebKit::NetworkProcess::cancelProcessWillSuspend): Deleted.

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendCancelPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::NetworkProcessProxy::sendCancelProcessWillSuspend): Deleted.

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::updateAssertion):

UIProcess/ProcessThrottlerClient.h:
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcess::actualPrepareToSuspend): Formerly named prepareToSuspend.
(WebKit::WebProcessProxy::sendPrepareToSuspend):
(WebKit::WebProcessProxy::sendCancelPrepareToSuspend):
(WebKit::WebProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::WebProcessProxy::sendCancelProcessWillSuspend): Deleted.

UIProcess/WebProcessProxy.h:
WebProcess/WebProcess.cpp:

(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processWillSuspend): Deleted.
(WebKit::WebProcess::cancelProcessWillSuspend): Deleted.

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:

6:34 PM Changeset in webkit [184325] by commit-queue@webkit.org

7 edits in trunk/Source

Clean up some possible RefPtr to PassRefPtr churn
https://bugs.webkit.org/show_bug.cgi?id=144779

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Darin Adler.

runtime/GenericTypedArrayViewInlines.h:

(JSC::GenericTypedArrayView<Adaptor>::create):
(JSC::GenericTypedArrayView<Adaptor>::createUninitialized):

runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):

runtime/Structure.cpp:

(JSC::Structure::toStructureShape):

runtime/TypedArrayBase.h:

(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):

tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):
Release the last use of a RefPtr as it is passed on.

6:32 PM Changeset in webkit [184324] by commit-queue@webkit.org

37 edits
3 adds in trunk

ES6: Allow duplicate property names
https://bugs.webkit.org/show_bug.cgi?id=142895

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Introduce new op_put_getter_by_id and op_put_setter_by_id opcodes
that will define a single getter or setter property on an object.

The existing op_put_getter_setter opcode is still preferred for
putting both a getter and setter at the same time but cannot be used
for putting an individual getter or setter which is needed in
some cases.

Add a new slow path when generating bytecodes for a property list
with computed properties, as computed properties are the only time
the list of properties cannot be determined statically.

bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

fast path for all constant properties
slow but paired getter/setter path if there are no computed properties
slow path, individual put operation for every property, if there are computed properties

parser/Nodes.h:

Distinguish a Computed property from a Constant property.

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
Distingish Computed and Constant properties.

(JSC::Parser<LexerType>::parseObjectLiteral):
When we drop into strict mode it is because we saw a getter
or setter, so be more explicit.

(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Eliminate duplicate property syntax error exception.

parser/SyntaxChecker.h:

(JSC::SyntaxChecker::getName):

parser/ASTBuilder.h:

(JSC::ASTBuilder::getName): Deleted.
No longer used.

runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):
When updating a property. If the Accessor attribute changed
update the Structure.

runtime/JSObject.cpp:

(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
Called by the opcodes, just perform the same operation that
defineGetter or defineSetter would do.

(JSC::JSObject::putDirectNonIndexAccessor):
This transition is now handled in putDirectInternal.

runtime/Structure.h:

Add needed export.

bytecode/BytecodeList.json:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutGetterById):
(JSC::BytecodeGenerator::emitPutSetterById):

bytecompiler/BytecodeGenerator.h:
jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

jit/JIT.h:
jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LLIntSlowPaths.h:
llint/LowLevelInterpreter.asm:

New bytecodes. Modelled after existing op_put_getter_setter.

LayoutTests:

js/object-literal-duplicate-properties-expected.txt: Added.
js/object-literal-duplicate-properties.html: Added.
js/script-tests/object-literal-duplicate-properties.js: Added.

Include a new test all about testing duplicate property names
and their expected cascading results.

ietestcenter/Javascript/11.1.5_4-4-b-1-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-b-2-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-c-1-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-c-2-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-d-1-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-d-2-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-d-3-expected.txt:
ietestcenter/Javascript/11.1.5_4-4-d-4-expected.txt:

ES5 behavior for duplciate properties has changed.

js/mozilla/strict/11.1.5-expected.txt:
js/object-literal-syntax-expected.txt:
js/script-tests/object-literal-syntax.js:

Update other tests and values now that duplicate properties
are allowed, and their cascade order behaves correctly.

6:21 PM Changeset in webkit [184323] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:39 PM Changeset in webkit [184322] by bshafiei@apple.com

5 edits in branches/safari-600.5.17-branch/Source

Versioning.

5:36 PM Changeset in webkit [184321] by bshafiei@apple.com

5 edits in branches/safari-601.1.32-branch/Source

Versioning.

5:11 PM Changeset in webkit [184320] by rniwa@webkit.org

2 edits in branches/safari-600.7-branch/LayoutTests

Add a Pass/Failure test expectation on
fast/canvas/webgl/tex-image-and-sub-image-2d-with-potentially-subsampled-image.html.

I don't know why this test expectation was not in the branch given it was added back in r174585.
Perhaps it got lost during some merges.

platform/mac/TestExpectations:

5:08 PM Changeset in webkit [184319] by bshafiei@apple.com

1 copy in tags/Safari-601.1.32.2

New tag.

4:57 PM Changeset in webkit [184318] by fpizlo@apple.com

7 edits
1 add in trunk/Source/JavaScriptCore

Creating a new blank document in icloud pages causes an AI error: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble.
https://bugs.webkit.org/show_bug.cgi?id=144856

Reviewed by Benjamin Poulain.

First I made fixTypeForRepresentation() print out better diagnostics when it dies.

Then I fixed the bug: Node::convertToIdentityOn(Node*) needs to make sure that when it
converts to a representation-changing node, it needs to use one of the UseKinds that such
a node expects. For example, DoubleRep(UntypedUse:) doesn't make sense; it needs to be
something like DoubleRep(NumberUse:) since it will speculate that the input is a number.

dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::setBuiltInConstant):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::fixTypeForRepresentation):

dfg/DFGAbstractValue.h:
dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):

tests/stress/cloned-arguments-get-by-val-double-array.js: Added.

(foo):

4:33 PM Changeset in webkit [184317] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184313.
https://bugs.webkit.org/show_bug.cgi?id=144974

Introduced an assertion failure in class-syntax-
declaration.js, class-syntax-expression.js, and object-
literal-syntax.js (Requested by rniwa on #webkit).

Reverted changeset:

"Small refactoring before ES6 Arrow function implementation."
https://bugs.webkit.org/show_bug.cgi?id=144954
http://trac.webkit.org/changeset/184313

4:18 PM Changeset in webkit [184316] by oliver@apple.com

7 edits in trunk/Source

Source/JavaScriptCore:
Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

One of the simpler cases of this in JavaScriptCore. There
are other cases where we need to guard the derefs but they
are more complex cases.

inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::releaseImpl):

inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::releaseImpl):

Source/WTF:

Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

In order to prevent use after free bugs caused by destructors
that end up trying to access the smart pointer itself, we should
make sure we always clear the m_ptr field before calling deref.

Essentially the UaF path is:
struct Foo : RefCounted<Foo> {

Wibble* m_wibble;
void doSomething();
~Foo() { m_wibble->doSomethingLikeCleanup(); }

};

struct Wibble {

void doSomethingLikeCleanup()
{

if (m_foo) {

/* if this branch is not here we get a null deref */
m_foo->doSomething();

}

}
void replaceFoo(Foo* foo) { m_foo = foo; }
RefPtr<Foo> m_foo;

};

Wibble* someWibble = /* a Wibble with m_foo->m_refCount == 1 */;

/* and m_foo points to someWibble */;

someWibble->replaceFoo(someOtherFoo);
+ someWibble->m_foo->m_ptr->deref();

+ someWibble->m_foo->m_ptr->~Foo()

+ someWibble->m_foo->m_ptr->m_wibble->doSomethingLikeCleanup()

+ someWibble->m_foo->m_ptr->m_wibble /* someWibble */ ->m_foo->m_ptr /*logically dead*/ ->doSomething()

By clearing m_ptr first we either force a null pointer deref or
we force our code down a path that does not use the dead smart
pointer.

wtf/PassRefPtr.h: (WTF::PassRefPtr::~PassRefPtr):
wtf/Ref.h: (WTF::Ref::~Ref): (WTF::Ref::operator=):
wtf/RefPtr.h: (WTF::RefPtr::~RefPtr):
wtf/RetainPtr.h: (WTF::RetainPtr::~RetainPtr): (WTF::RetainPtr<T>::clear):

4:09 PM Changeset in webkit [184315] by Antti Koivisto

31 edits
5 adds in trunk

Cached CSS image resources don't show up after reloading <http://nightly.webkit.org/start/>
https://bugs.webkit.org/show_bug.cgi?id=144952
Source/WebCore:

rdar://problem/13387307

Reviewed by Oliver Hunt.

This is a symptom of a general problem that we don't revalidate subresources of cached parsed stylesheets.

Fix by tightening the check we perform when choosing to used the cached sheet. If there are expired subresources
we reparse the sheet.

Test: http/tests/cache/stylesheet-sharing.html

css/CSSCrossfadeValue.cpp:

(WebCore::CSSCrossfadeValue::traverseSubresources):
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): Deleted.

Replace hasFailedOrCanceledSubresources with general purpose subresource traversal functions.

css/CSSCrossfadeValue.h:
css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::traverseSubresources):
(WebCore::CSSFilterImageValue::hasFailedOrCanceledSubresources): Deleted.

css/CSSFilterImageValue.h:
css/CSSFontFaceSrcValue.cpp:

(WebCore::CSSFontFaceSrcValue::traverseSubresources):
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): Deleted.

css/CSSFontFaceSrcValue.h:
css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): Deleted.

css/CSSImageSetValue.h:
css/CSSImageValue.cpp:

(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources): Deleted.

css/CSSImageValue.h:
css/CSSValue.cpp:

(WebCore::CSSValue::traverseSubresources):
(WebCore::CSSValue::hasFailedOrCanceledSubresources): Deleted.

css/CSSValue.h:
css/CSSValueList.cpp:

(WebCore::CSSValueList::traverseSubresources):
(WebCore::CSSValueList::hasFailedOrCanceledSubresources): Deleted.

css/CSSValueList.h:
css/StyleProperties.cpp:

(WebCore::StyleProperties::traverseSubresources):
(WebCore::StyleProperties::hasFailedOrCanceledSubresources): Deleted.

css/StyleProperties.h:
css/StyleSheetContents.cpp:

(WebCore::traverseSubresourcesInRules):
(WebCore::StyleSheetContents::traverseSubresources):
(WebCore::StyleSheetContents::subresourcesAllowReuse):

Disallow reuse if there are expired subresources.

(WebCore::StyleSheetContents::isLoadingSubresources):

Testing support.

(WebCore::childRulesHaveFailedOrCanceledSubresources): Deleted.
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): Deleted.

css/StyleSheetContents.h:

(WebCore::StyleSheetContents::loadCompleted):

html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

loader/cache/CachedCSSStyleSheet.cpp:

(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):

loader/cache/CachedCSSStyleSheet.h:
loader/cache/CachedImage.cpp:

(WebCore::CachedImage::makeRevalidationDecision):
(WebCore::CachedImage::mustRevalidateDueToCacheHeaders): Deleted.

Move the logging code out from this function (it requires frame access this function doesn't otherwise need)
and refactor to return a decision enum.

loader/cache/CachedImage.h:
loader/cache/CachedResource.cpp:

(WebCore::CachedResource::makeRevalidationDecision):
(WebCore::logResourceRevalidationReason): Deleted.
(WebCore::CachedResource::mustRevalidateDueToCacheHeaders): Deleted.

loader/cache/CachedResource.h:

(WebCore::CachedResource::loadFailedOrCanceled):

loader/cache/CachedResourceLoader.cpp:

(WebCore::logRevalidation):
(WebCore::logResourceRevalidationDecision):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

Move logging here.

testing/Internals.cpp:

(WebCore::Internals::isSharingStyleSheetContents):
(WebCore::Internals::isStyleSheetLoadingSubresources):

testing/Internals.h:
testing/Internals.idl:

LayoutTests:

Reviewed by Oliver Hunt.

http/tests/cache/resources/non-shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

http/tests/cache/resources/shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

http/tests/cache/resources/stylesheet-html.php: Added.
http/tests/cache/stylesheet-sharing-expected.txt: Added.
http/tests/cache/stylesheet-sharing.html: Added.

3:27 PM Changeset in webkit [184314] by commit-queue@webkit.org

3 edits in trunk/Tools

[Content Extensions] Test interactions between multiple extensions and multiple domains.
https://bugs.webkit.org/show_bug.cgi?id=144967

Patch by Alex Christensen <achristensen@webkit.org> on 2015-05-13
Reviewed by Benjamin Poulain.

DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:

Xcode wanted to fix an alphabetization issue.

TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::TEST_F):
Test interactions that worked but were not explicitly tested before.

3:23 PM Changeset in webkit [184313] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Small refactoring before ES6 Arrow function implementation.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-13
Reviewed by Filip Pizlo.

parser/Parser.h:
parser/Parser.cpp:

3:16 PM Changeset in webkit [184312] by ryuan.choi@navercorp.com

6 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
https://bugs.webkit.org/show_bug.cgi?id=144935

Reviewed by Darin Adler.

The members of SurfaceUpdateInfo are only used to update tile except scaleFactor.
So, this patch removes scaleFactor from SurfaceUpdateInfo.
In addition, removes unnecessary parameters in createTile()

No new tests because there is no behavior change.

platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createTile):

platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
platform/graphics/texmap/coordinated/CoordinatedTile.cpp:

(WebCore::CoordinatedTile::updateBackBuffer):

platform/graphics/texmap/coordinated/CoordinatedTile.h:
platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:

3:14 PM Changeset in webkit [184311] by fpizlo@apple.com

8 edits
3 adds in trunk/Source/JavaScriptCore

The liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility of an object's bytecode liveness being longer than its DFG liveness
https://bugs.webkit.org/show_bug.cgi?id=144945

Reviewed by Michael Saboff.

We were making the mistake of using DFG liveness for object allocation sinking decisions.
This is wrong. In fact we almost never want to use DFG liveness directly. The only place
where that makes sense is pruning in DFG AI.

So, I created a CombinedLiveness class that combines the DFG liveness with bytecode
liveness.

In the process of doing this, I realized that the DFGForAllKills definition of combined
liveness at block tail was not strictly right; it was using the bytecode liveness at the
block terminal instead of the union of the bytecode live-at-heads of successor blocks. So,
I changed DFGForAllKills to work in terms of CombinedLiveness.

This allows me to unskip the test I added in r184260. I also added a new test that tries to
trigger this bug more directly.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGArgumentsEliminationPhase.cpp:
dfg/DFGCombinedLiveness.cpp: Added.

(JSC::DFG::liveNodesAtHead):
(JSC::DFG::CombinedLiveness::CombinedLiveness):

dfg/DFGCombinedLiveness.h: Added.

(JSC::DFG::CombinedLiveness::CombinedLiveness):

dfg/DFGForAllKills.h:

(JSC::DFG::forAllKillsInBlock):
(JSC::DFG::forAllLiveNodesAtTail): Deleted.

dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
(JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

tests/stress/escape-object-in-diamond-then-exit.js: Added.
tests/stress/sink-object-past-invalid-check-sneaky.js:

3:07 PM Changeset in webkit [184310] by andersca@apple.com

8 edits in trunk/Source/WebKit2

Don't create a per-pool data store when using the modern API
https://bugs.webkit.org/show_bug.cgi?id=144963
rdar://problem/20331756

Reviewed by Tim Horton.

UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::copy):

UIProcess/API/APIProcessPoolConfiguration.h:

Keep track of whether the process pool should have a data store.

UIProcess/API/C/WKContext.cpp:

(WKContextGetWebsiteDataStore):

UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
Update now that WebProcessPool::dataStore() no longer returns a reference.

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
Only create a data store if the configuration states that we should.

UIProcess/WebProcessPool.h:

Change dataStore() to return a pointer instead of a reference.

3:06 PM Changeset in webkit [184309] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Modernize ContainerNode::childElementCount
https://bugs.webkit.org/show_bug.cgi?id=144930

Patch by Sam Weinig <sam@webkit.org> on 2015-05-13
Reviewed by Darin Adler.

dom/ContainerNode.cpp:

(WebCore::ContainerNode::childElementCount):
Use std::distance to compute the number of child elements.

dom/ElementChildIterator.h:

Add typedefs to make the child element iterators conform STL standards.

2:58 PM Changeset in webkit [184308] by rniwa@webkit.org

5 edits
2 adds in trunk

REGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying underline
https://bugs.webkit.org/show_bug.cgi?id=144949
Source/WebCore:

<rdar://problem/20895753>

Reviewed by Darin Adler.

The crash was caused by the variant of applyStyleToSelection that takes EditingStyle passing
a null pointer to shouldApplyStyle when we're only applying text decoration changes so that
m_mutableStyle in the editing style is null. This didn't reproduce in execCommand since we
wouldn't call shouldApplyStyle in that case. It didn't reproduce in my manual testing because
font panel also sets text shadow, which ends up filling up m_mutableStyle.

Fixed the bug by creating a mutable style properties when one is not provided by EditingStyle.
Also fixed the "FIXME" in the function by converting text decoration changes to a corresponding
text decoration value. The values passed to shouldApplyStyle now matches the old behavior prior
to r183770.

Test: editing/style/underline-by-user.html

editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleWithResolvedTextDecorations): Added.

editing/EditingStyle.h:
editing/Editor.cpp:

(WebCore::Editor::applyStyleToSelection): Use styleWithResolvedTextDecorations to avoid the crash.

LayoutTests:

Reviewed by Darin Adler.

Added a test that emulates underlining of text by the user. Unlike document.execCommand,
testRunner.execCommand simulates a user initiated editing command and therefore invokes
shouldApplyStyle.

editing/style/underline-by-user-expected.txt: Added.
editing/style/underline-by-user.html: Added.

2:37 PM Changeset in webkit [184307] by bshafiei@apple.com

1 copy in tags/Safari-600.5.17.2

New tag.

2:18 PM Changeset in webkit [184306] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

Work around HTMLMediaElement::documentDidResumeFromPageCache being called twice
https://bugs.webkit.org/show_bug.cgi?id=144969

Reviewed by Alexey Proskuryakov.

dom/Document.cpp:

(WebCore::Document::addPlaybackTargetPickerClient): Replace ASSERT with early
return to work around https://webkit.org/b/144970.

2:05 PM Changeset in webkit [184305] by rniwa@webkit.org

3 edits in trunk/Source/JavaScriptCore

I skipped a wrong test in r184270. Fix that.
The failure is tracked by webkit.org/b/144947.

tests/stress/arith-modulo-node-behaviors.js:
tests/stress/arith-mul-with-constants.js:

1:51 PM Changeset in webkit [184304] by timothy_horton@apple.com

7 edits in trunk/Source/WebCore

Going back after resizing causes scroll knob to appear in the middle of the page
https://bugs.webkit.org/show_bug.cgi?id=144968
<rdar://problem/18299827>

Reviewed by Beth Dakin.

history/CachedPage.cpp:

(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

history/CachedPage.h:

(WebCore::CachedPage::markForContentsSizeChanged):

history/PageCache.cpp:

(WebCore::PageCache::markPagesForContentsSizeChanged):

history/PageCache.h:

Add a flag that will cause us to call updateContentsSize() after a page
comes out of the page cache, if necessary.

page/FrameView.cpp:

(WebCore::FrameView::setContentsSize):

page/FrameView.h:

Mark all cached pages for this frame as needing updateContentsSize()
when setContentsSize happens. This will ensure that scrollbar layers
are repositioned when coming out of the page cache.

1:42 PM Changeset in webkit [184303] by ap@apple.com

2 edits in trunk/Source/WebKit2

[Mac] Sandbox violation reading SubmitDiagInfo.domains
https://bugs.webkit.org/show_bug.cgi?id=144962
rdar://problem/20719330

Reviewed by Darin Adler.

WebProcess/com.apple.WebProcess.sb.in:

1:40 PM Changeset in webkit [184302] by bshafiei@apple.com

3 edits in branches/safari-600.5.17-branch/Source/JavaScriptCore

Merged r184229. rdar://problem/18736465

1:10 PM Changeset in webkit [184301] by bshafiei@apple.com

18 edits in branches/safari-601.1.32-branch

Merged r183976.

1:08 PM Changeset in webkit [184300] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183958.

12:59 PM Changeset in webkit [184299] by Beth Dakin

2 edits in trunk/Source/WebKit2

Speculative build fix.

UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:

12:56 PM Changeset in webkit [184298] by Michael Catanzaro

2 edits in trunk/Source/WebKit2

[GTK][CMake] Extra include directory when libnotify is present but disabled
https://bugs.webkit.org/show_bug.cgi?id=144941

Reviewed by Martin Robinson.

Add LIBNOTIFY_INCLUDE_DIRS to WebKit2_INCLUDE_DIRECTORIES only if USE_LIBNOTIFY is true,
rather than checking LIBNOTIFY_FOUND.

PlatformGTK.cmake:

12:28 PM Changeset in webkit [184297] by Beth Dakin

18 edits
1 add in trunk/Source

Need SPI to set the overlay scroll bar style
https://bugs.webkit.org/show_bug.cgi?id=144928
-and corresponding-
rdar://problem/20143614

Reviewed by Anders Carlsson.

Source/WebCore:

New ChromeClient function preferredScrollbarOverlayStyle() will fetch the
scrollbar style that was set via the new SPI.

page/ChromeClient.h:

If the preferredScrollbarOverlayStyle() is anything but None, then use it. None is
used to indicate that the normal heuristic should compute the appropriate color.

page/FrameView.cpp:

(WebCore::FrameView::recalculateScrollbarOverlayStyle):

page/FrameView.h:

Source/WebKit2:

Make scrollbarOverlayStyle a part of the creation parameters.

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

Shared/WebPageCreationParameters.h:

New SPI.

UIProcess/API/Cocoa/WKViewPrivate.h:
UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h: Added.
UIProcess/API/mac/WKView.mm:

(-[WKView _setOverlayScrollbarStyle:]):
(-[WKView _overlayScrollbarStyle]):

Store m_scrollbarOverlayStyle on WebPageProxy, and set it to the WebProcess.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setOverlayScrollbarStyle):

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::overlayScrollbarStyle):

WebKit2.xcodeproj/project.pbxproj:

Return WebPage’s scrollbarOverlayStyle().

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::preferredScrollbarOverlayStyle):

WebProcess/WebCoreSupport/WebChromeClient.h:

Cache the scrollbarOverlayStyle() here for the WebProcess.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setScrollbarOverlayStyle):

WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::scrollbarOverlayStyle):

WebProcess/WebPage/WebPage.messages.in:

12:26 PM Changeset in webkit [184296] by Brent Fulgham

3 edits in trunk/Source/WebCore

Scrollbars in overflow regions are not vanishing after scrolling with scroll snap points
https://bugs.webkit.org/show_bug.cgi?id=142521
<rdar://problem/20100706>

Reviewed by Darin Adler.

The scrollbars were not being dismissed because they were not being notified that the wheel
gesture was finished. This was happening because the wheel event 'ended' state has zero
deltaX and deltaY. If the region did not allow stretching, it would exit early, never passing
through the 'handleWheelEventPhase' code that would notify the scrollbar controller that
the gesture had ended.

platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::mouseExitedContentArea): The wrong ScrollAnimator method was being
called when the mouse exited the content area.

platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::handleWheelEvent): Do not early return when the wheel event has
no change in X or Y coordinate.

12:24 PM Changeset in webkit [184295] by andersca@apple.com

5 edits in trunk/Source/WebKit2

Rename some StorageManager functions to indicate that they work on local storage entries
https://bugs.webkit.org/show_bug.cgi?id=144958
First part of rdar://problem/10690447.

Reviewed by Beth Dakin.

UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageDetailsByOrigin):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteAllLocalStorageEntries):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrigins): Deleted.
(WebKit::StorageManager::getStorageDetailsByOrigin): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigin): Deleted.
(WebKit::StorageManager::deleteAllEntries): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigins): Deleted.

UIProcess/Storage/StorageManager.h:
UIProcess/WebKeyValueStorageManager.cpp:

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

12:20 PM Changeset in webkit [184294] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Crash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening new page
https://bugs.webkit.org/show_bug.cgi?id=144957

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Simon Fraser.

UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::attachAvailabilityChanged):

11:56 AM Changeset in webkit [184293] by hyatt@apple.com

2 edits in trunk/Source/WebCore

Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

11:51 AM Changeset in webkit [184292] by Joseph Pecoraro

2 edits in trunk/Source/JavaScriptCore

Avoid always running some debug code in type profiling
https://bugs.webkit.org/show_bug.cgi?id=144775

Reviewed by Daniel Bates.

runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

11:51 AM Changeset in webkit [184291] by Joseph Pecoraro

36 edits in trunk/Source

Pass String as reference in more places
https://bugs.webkit.org/show_bug.cgi?id=144769

Reviewed by Daniel Bates.

Source/JavaScriptCore:

debugger/Breakpoint.h:

(JSC::Breakpoint::Breakpoint):

parser/Parser.h:

(JSC::Parser::setErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):

parser/ParserError.h:

(JSC::ParserError::ParserError):

runtime/RegExp.cpp:

(JSC::RegExpFunctionalTestCollector::outputOneTest):

runtime/RegExpObject.cpp:

(JSC::regExpObjectSourceInternal):

runtime/TypeProfiler.cpp:

(JSC::TypeProfiler::typeInformationForExpressionAtOffset):

runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

runtime/TypeProfilerLog.h:
tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):

inspector/scripts/codegen/generate_objc_conversion_helpers.py:

(ObjCConversionHelpersGenerator._generate_enum_from_protocol_string):

inspector/scripts/codegen/objc_generator_templates.py:
inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
inspector/scripts/tests/expected/type-declaration-array-type.json-result:
inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
inspector/scripts/tests/expected/type-declaration-object-type.json-result:
inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

Rebaseline tests after updating the generator.

Source/WebCore:

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::dumpString):
(WebCore::CloneSerializer::dumpStringObject):

dom/DocumentMarkerController.cpp:

(WebCore::DocumentMarkerController::addMarker):

dom/DocumentMarkerController.h:
inspector/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::assertFrameWithDocumentLoader):

inspector/InspectorApplicationCacheAgent.h:
inspector/InspectorNodeFinder.cpp:

(WebCore::stripCharacters):
(WebCore::InspectorNodeFinder::InspectorNodeFinder):

inspector/InspectorNodeFinder.h:

Source/WebKit2:

WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showMainResourceForFrame):

WebProcess/WebPage/WebInspectorUI.h:

11:11 AM Changeset in webkit [184290] by timothy_horton@apple.com

11 edits in trunk/Source

View scale changes are temporarily lost after restoring a page from the page cache
https://bugs.webkit.org/show_bug.cgi?id=144934

Reviewed by Brady Eidson.

history/CachedPage.cpp:

(WebCore::CachedPage::CachedPage):
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

history/CachedPage.h:

(WebCore::CachedPage::markForDeviceOrPageScaleChanged): Renamed.

history/PageCache.cpp:

(WebCore::PageCache::markPagesForDeviceOrPageScaleChanged): Renamed.

history/PageCache.h:

Rename PageCache/CachedPage methods to make it more clear that they
will eventually result in calling deviceOrPageScaleFactorChanged().
Also, use modern initialization for CachedPage members.

loader/HistoryController.cpp:

(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
(WebCore::HistoryController::restoreScrollPositionAndViewState):
Store the pageScaleFactor on HistoryItem with the view scale factored out,
because the view scale can change while the page is in the page cache, and
WebCore needs a way - without consulting with WebKit2 - to apply the changed
view scale to the cached page scale.

page/Page.cpp:

(WebCore::Page::setViewScaleFactor):
(WebCore::Page::setDeviceScaleFactor):

page/Page.h:

(WebCore::Page::viewScaleFactor):
Keep track of the viewScaleFactor, and mark all pages in the page cache
as needing to call deviceOrPageScaleFactorChanged and do a full style recalc
when they come back from the page cache.

For now, we expect all callers of setPageScaleFactor (including WebKit2 and
HistoryController) to multiply the viewScale in manually, to avoid the
significant amount of change in WebCore that would be required to keep them
totally separately.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scalePage):
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
(WebKit::WebPage::viewScaleFactor):
(WebKit::WebPage::scaleView):

WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewScaleFactor): Deleted.
Get rid of m_viewScaleFactor, instead using Page::viewScaleFactor.

10:58 AM Changeset in webkit [184289] by msaboff@apple.com

2 edits in trunk/Source/JavaScriptCore

com.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUnconditionally
https://bugs.webkit.org/show_bug.cgi?id=144933

Changed the RELEASE_ASSERT_NOT_REACHED into an ASSERT. Added some diagnostic messages to
help determine the cause for any crash.

Reviewed by Geoffrey Garen.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finalizeUnconditionally):

10:39 AM Changeset in webkit [184288] by fpizlo@apple.com

7 edits in trunk/Source/JavaScriptCore

REGRESSION(r184260): arguments elimination has stopped working because of Check(UntypedUse:) from SSAConversionPhase
https://bugs.webkit.org/show_bug.cgi?id=144951

Reviewed by Michael Saboff.

There were two issues here:

In r184260 we expected a small number of possible use kinds in Check nodes, and UntypedUse was not one of them. That seemed like a sensible assumption because we don't create Check nodes unless it's to have a check. But, SSAConversionPhase was creating a Check that could have UntypedUse. I fixed this. It's cleaner for SSAConversionPhase to follow the same idiom as everyone else and not create tautological checks.

It's clearly not very robust to assume that Checks will not be used tautologically. So, this changes how we validate Checks in the escape analyses. We now use willHaveCheck, which catches cases that AI would have already marked as unnecessary. It then also uses a new helper called alreadyChecked(), which allows us to just ask if the check is unnecessary for objects. That's a good fall-back in case AI hadn't run yet.

dfg/DFGArgumentsEliminationPhase.cpp:
dfg/DFGMayExit.cpp:
dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

dfg/DFGUseKind.h:

(JSC::DFG::alreadyChecked):

dfg/DFGVarargsForwardingPhase.cpp:

9:48 AM Changeset in webkit [184287] by Yusuke Suzuki

8 edits
2 adds in trunk

[ES6] Implement String.raw
https://bugs.webkit.org/show_bug.cgi?id=144330

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Implement String.raw. It is intended to be used with tagged-templates syntax.
To implement ToString abstract operation efficiently,
we introduce @toString bytecode intrinsic. It emits op_to_string directly.

CMakeLists.txt:
builtins/StringConstructor.js: Added.

(raw):

bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):

runtime/CommonIdentifiers.h:
runtime/StringConstructor.cpp:
tests/stress/string-raw.js: Added.

(shouldBe):
(.get shouldBe):
(Counter):

LayoutTests:

Add String.raw.

js/Object-getOwnPropertyNames-expected.txt:
js/script-tests/Object-getOwnPropertyNames.js:

2:32 AM Changeset in webkit [184286] by bshafiei@apple.com

5 edits in branches/safari-601.1.32-branch/Tools

Merged r184018.

2:31 AM Changeset in webkit [184285] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Minor cleanups to PluginProxy.cpp.
https://bugs.webkit.org/show_bug.cgi?id=144948

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

Remove unnecessary #include.
Remove unnecessary return statement from PluginProxy::paint().

No new tests, no behavior change.

WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::paint):

2:23 AM Changeset in webkit [184284] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183980. rdar://problem/20769741

2:13 AM Changeset in webkit [184283] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

REGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=144906

Patch by Daegyu Lee <daegyu.lee@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

UIProcess/CoordinatedGraphics/PageViewportController.cpp:

(WebKit::PageViewportController::updateMinimumScaleToFit): Recover the r176631 condition to
call applyScaleAfterRenderingContents function to apply correct scale.

1:26 AM Changeset in webkit [184282] by bshafiei@apple.com

6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184028. rdar://problem/20210267

12:21 AM Changeset in webkit [184281] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Tools

Merged r183915.

12:10 AM Changeset in webkit [184280] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184241. rdar://problem/20172315

12:09 AM Changeset in webkit [184279] by bshafiei@apple.com

8 edits in branches/safari-601.1.32-branch/Source

Merged r184231. rdar://problem/20923031

12:04 AM Changeset in webkit [184278] by bshafiei@apple.com

12 edits
3 copies in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184215. rdar://problem/19708579

12:02 AM Changeset in webkit [184277] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184125. rdar://problem/19708579

12:01 AM Changeset in webkit [184276] by bshafiei@apple.com

6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184061. rdar://problem/20856497

May 12, 2015:

11:48 PM Changeset in webkit [184275] by bshafiei@apple.com

4 edits
1 copy in branches/safari-601.1.32-branch

Merged r183933. rdar://problem/20681226

11:47 PM Changeset in webkit [184274] by zandobersek@gmail.com

4 edits in trunk/Source/WebCore

Reduce TransformationMatrix copies in MatrixTransformOperation, Matrix3DTransformOperation
https://bugs.webkit.org/show_bug.cgi?id=144797

Reviewed by Darin Adler.

Using std::swap() on TransformationMatrix objects which don't
provide move constructors will result in copies.

Instead, use a helper function in both MatrixTransformOperation
and Matrix3DTransformOperation that calls TransformationMatrix::blend()
and returns the new Matrix(3D)TransformOperation object, and call it
with fromT and toT arguments switched when blending to identity.

platform/graphics/transforms/Matrix3DTransformOperation.cpp:

(WebCore::createOperation):
(WebCore::Matrix3DTransformOperation::blend):

platform/graphics/transforms/Matrix3DTransformOperation.h: No need

to copy the m_matrix member, it won't change when passed to
TransformationMatrix::multiply().

platform/graphics/transforms/MatrixTransformOperation.cpp:

(WebCore::createOperation):
(WebCore::MatrixTransformOperation::blend):

11:18 PM Changeset in webkit [184273] by Carlos Garcia Campos

3 edits in trunk/Source/WebCore

[EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

platform/graphics/egl/GLContextEGL.cpp:

platform/graphics/egl/GLContextEGL.h: Add new constructor and

initialize the cairo device when defined to simplify constructors.

10:47 PM Changeset in webkit [184272] by bshafiei@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit/mac

Merged r183968. rdar://problem/20281886

10:44 PM Changeset in webkit [184271] by rniwa@webkit.org

2 edits in trunk/Tools

Unreviewed build fix.

Added the missing metric name and wrapped values in an array as done in SunSpider.patch.

Scripts/webkitpy/benchmark_runner/data/patches/Kraken.patch:

10:39 PM Changeset in webkit [184270] by rniwa@webkit.org

2 edits in trunk/Source/JavaScriptCore

Temporarily disable the test on Windows. The failure is tracked in webkit.org/b/144897.

tests/stress/arith-mul-with-constants.js:

10:34 PM Changeset in webkit [184269] by dburkart@apple.com

12 edits in branches/safari-601.1.32-branch

Fix horked ChangeLogs

10:33 PM Changeset in webkit [184268] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184226. rdar://problem/20707307

10:33 PM Changeset in webkit [184267] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184207. rdar://problem/20707307

10:33 PM Changeset in webkit [184266] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184140. rdar://problem/20907253

10:33 PM Changeset in webkit [184265] by dburkart@apple.com

21 edits in branches/safari-601.1.32-branch/Source

Merge r184139. rdar://problem/20125088

10:33 PM Changeset in webkit [184264] by dburkart@apple.com

54 edits in branches/safari-601.1.32-branch

Merge r184137. rdar://problem/20707307

10:33 PM Changeset in webkit [184263] by dburkart@apple.com

7 edits in branches/safari-601.1.32-branch/Source/WebInspectorUI

Merge r184130. rdar://problem/20829494

10:31 PM Changeset in webkit [184262] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Reindent DIBPixelData.h for consistency.
https://bugs.webkit.org/show_bug.cgi?id=144942

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-12
Reviewed by Darin Adler.

No new tests, no behavior change.

platform/graphics/win/DIBPixelData.h:

(WebCore::DIBPixelData::DIBPixelData):
(WebCore::DIBPixelData::buffer):
(WebCore::DIBPixelData::bufferLength):
(WebCore::DIBPixelData::size):
(WebCore::DIBPixelData::bytesPerRow):
(WebCore::DIBPixelData::bitsPerPixel):

10:25 PM Changeset in webkit [184261] by ap@apple.com

2 edits in trunk/LayoutTests

fast/text/simple-line-layout-text-stroke-width.html fails on Windows

platform/win/TestExpectations: Mark it as such. The tets likely needs to be

improved to work cross-platform.

10:21 PM Changeset in webkit [184260] by fpizlo@apple.com

11 edits
13 adds in trunk

js/dom/stack-trace.html fails with eager compilation
https://bugs.webkit.org/show_bug.cgi?id=144853

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

All of our escape analyses were mishandling Check(). They were assuming that this is a
non-escaping operation. But, if we do for example a Check(Int32:@x) and @x is an escape
candidate, then we need to do something: if we eliminate or sink @x, then the check no
longer makes any sense since a phantom allocation has no type. This will make us forget
that this operation would have exited. This was causing us to not call a valueOf method in
js/dom/stack-trace.html with eager compilation enabled, because it was doing something like
+o where o had a valueOf method, and o was otherwise sinkable.

This changes our escape analyses to basically pretend that any Check() that isn't obviously
unnecessary is an escape. We don't have to be super careful here. Most checks will be
completely eliminated by constant-folding. If that doesn't run in time, then the most
common check we will see is CellUse. So, we just recognize some very obvious check kinds
that we know would have passed, and for all of the rest we just assume that it's an escape.

This was super tricky to test. The obvious way to test it is to use +o like
stack-trace.html, except that doing so relies on the fact that we still haven't implemented
the optimal behavior for op_to_number. So, I take four approaches in testing this patch:

1) Use +o. These will test what we want it to test for now, but at some point in the future

these tests will just be a good sanity-check that our op_to_number implementation is
right.

2) Do fancy control flow tricks to fool the profiling into thinking that some arithmetic

operation always sees integers even though we eventually feed it an object and that
object is a sink candidate.

3) Introduce a new jsc.cpp intrinsic called isInt32() which returns true if the incoming

value is an int32. This intrinsic is required to be implemented by DFG by
unconditionally speculating that the input is int32. This allows us to write much more
targetted tests of the underlying issue.

4) I made a version of stack-trace.html that runs in run-jsc-stress-tests, so that we can

get regression test coverage of this test in eager mode.

dfg/DFGArgumentsEliminationPhase.cpp:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsic):

dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

dfg/DFGVarargsForwardingPhase.cpp:
ftl/FTLExitValue.cpp:

(JSC::FTL::ExitValue::dumpInContext):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::buildExitArguments):

ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileFTLOSRExit):

jsc.cpp:

(GlobalObject::finishCreation):
(functionIsInt32):

runtime/Intrinsic.h:
tests/stress/sink-arguments-past-invalid-check-dfg.js: Added.
tests/stress/sink-arguments-past-invalid-check-int32-dfg.js: Added.
tests/stress/sink-arguments-past-invalid-check-int32.js: Added.
tests/stress/sink-arguments-past-invalid-check-sneakier.js: Added.
tests/stress/sink-arguments-past-invalid-check.js: Added.
tests/stress/sink-function-past-invalid-check-sneakier.js: Added.
tests/stress/sink-function-past-invalid-check-sneaky.js: Added.
tests/stress/sink-object-past-invalid-check-int32.js: Added.
tests/stress/sink-object-past-invalid-check-sneakier.js: Added.
tests/stress/sink-object-past-invalid-check-sneaky.js: Added.
tests/stress/sink-object-past-invalid-check.js: Added.

LayoutTests:

Make a copy of the stack-trace test that only runs in run-jsc-stress-tests. Sadly, we don't
have a good way of having different expectation files for when a test runs in RJST versus
RWT. So, the approach I take is that I make a copy of the test just for RJST and I exclude
the .html file, which makes RWT overlook it. The test has different expectations in the
two harnesses because it does some small DOM things.

js/script-tests/stack-trace.js: Added.
js/stack-trace-expected.txt: Added.

10:18 PM Changeset in webkit [184259] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Unreviewed, rolling out r184224.
https://bugs.webkit.org/show_bug.cgi?id=144946

Made inspector/page/main-frame-resource.html assert every time
(Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: REGRESSION (r181625): Timeline recording
started from console.profile is always empty"
https://bugs.webkit.org/show_bug.cgi?id=144882
http://trac.webkit.org/changeset/184224

9:38 PM Changeset in webkit [184258] by mitz@apple.com

2 edits in trunk/Source/WebKit2

In Safari, Debug > Get Bytecode Profile crashes the Web Content process
https://bugs.webkit.org/show_bug.cgi?id=144944

Reviewed by Darin Adler.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::getBytecodeProfile): Don’t assert that m_perBytecodeProfiler isn’t null,
because it is when the profiler is disabled, which is the default. In that case, return
after sending back the empty string, rather than continuing to dereference a null pointer.

9:25 PM Changeset in webkit [184257] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184121. rdar://problem/20774613

9:25 PM Changeset in webkit [184256] by dburkart@apple.com

27 edits
3 adds in branches/safari-601.1.32-branch

Merge r184116. rdar://problem/20774613

9:25 PM Changeset in webkit [184255] by dburkart@apple.com

6 edits in branches/safari-601.1.32-branch/Source/WebInspectorUI

Merge r184108. rdar://problem/20903134

9:25 PM Changeset in webkit [184254] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184104. rdar://problem/20727702

9:17 PM Changeset in webkit [184253] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r184026. rdar://problem/20757196

9:17 PM Changeset in webkit [184252] by dburkart@apple.com

3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184005. rdar://problem/20486538

9:17 PM Changeset in webkit [184251] by dburkart@apple.com

4 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r184001. rdar://problem/20862460

9:17 PM Changeset in webkit [184250] by dburkart@apple.com

3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183971. rdar://problem/20065572

9:10 PM Changeset in webkit [184249] by jer.noble@apple.com

3 edits in trunk/Source/WebCore

[Mac] Hang in MediaPlayerPrivateAVFoundationObjC::audioSourceProvider() - 'tracks' property not yet loaded
https://bugs.webkit.org/show_bug.cgi?id=144937

Reviewed by Eric Carlson.

Querying for the -[AVAsset tracks] property blocks for network loading; and could
block forever if the asset in question is not reachable. Add a "safe" mechanism for
querying the list of audible tracks, and use that when providing the audioSourceProvider()
with an audible track.

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
(WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
(WebCore::MediaPlayerPrivateAVFoundationObjC::audioSourceProvider):
(WebCore::MediaPlayerPrivateAVFoundationObjC::processLegacyClosedCaptionsTracks):
(WebCore::MediaPlayerPrivateAVFoundationObjC::safeAVAssetTracksForAudibleMedia):

9:08 PM Changeset in webkit [184248] by dburkart@apple.com

6 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183970. rdar://problem/20769741

9:08 PM Changeset in webkit [184247] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183965. rdar://problem/20866590

9:08 PM Changeset in webkit [184246] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit/mac

Merge r183957. rdar://problem/20811128

9:02 PM Changeset in webkit [184245] by msaboff@apple.com

2 edits in trunk/Source/WTF

If JSC cannot get executable memory, it shouldn't call madvise
https://bugs.webkit.org/show_bug.cgi?id=144931

Reviewed by Mark Lam.

Made calling madvise conditional on really getting mmapped memory.

wtf/OSAllocatorPosix.cpp:

(WTF::OSAllocator::reserveUncommitted):

8:58 PM Changeset in webkit [184244] by dburkart@apple.com

15 edits in branches/safari-601.1.32-branch

Merge r183954. rdar://problem/20281886

8:58 PM Changeset in webkit [184243] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183953. rdar://problem/19997548

8:58 PM Changeset in webkit [184242] by dburkart@apple.com

7 edits
2 adds in branches/safari-601.1.32-branch

Merge r183943. rdar://problem/19913748

8:51 PM Changeset in webkit [184241] by jhoneycutt@apple.com

2 edits in trunk/Source/WebKit2

Crash when using <input type=file>

<https://bugs.webkit.org/show_bug.cgi?id=144939>
<rdar://problem/20172315>

Reviewed by Andy Estes.

UIProcess/ios/forms/WKFileUploadPanel.mm:

Use a RefPtr to hold the WebOpenPanelResultListenerProxy, because the
WKFileUploadPanel can outlive it.

8:45 PM Changeset in webkit [184240] by rniwa@webkit.org

3 edits in branches/safari-600.7-branch/LayoutTests

Added prefixes in the test added in r182985 (merged in r183180) since we don't support unprefixed versions in this branch.

compositing/animation/animation-backing.html:
platform/mac-wk2/TestExpectations: Removed merge conflict lines.

8:42 PM Changeset in webkit [184239] by jdiggs@igalia.com

1 edit
1 add in trunk/LayoutTests

AX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
https://bugs.webkit.org/show_bug.cgi?id=144936

Unreviewed gardening.

Adding the platform-specific expectations for Windows now that the
accessibility tree is being correctly generated for this test.

platform/win/accessibility/aria-menubar-menuitems-expected.txt: Added.

8:22 PM Changeset in webkit [184238] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r183937. rdar://problem/20458697

8:22 PM Changeset in webkit [184237] by dburkart@apple.com

3 edits in branches/safari-601.1.32-branch/Source/WebCore

Merge r183927. rdar://problem/20854785

8:15 PM Changeset in webkit [184236] by dburkart@apple.com

2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merge r183911. rdar://problem/20702435

8:15 PM Changeset in webkit [184235] by dburkart@apple.com

15 edits in branches/safari-601.1.32-branch/Source

Merge r183909. rdar://problem/18894598

8:08 PM Changeset in webkit [184234] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Mac build fix after r184228.

bindings/scripts/CodeGeneratorJS.pm:

8:02 PM Changeset in webkit [184233] by dburkart@apple.com

4 edits in branches/safari-601.1.32-branch

Merge r183942. rdar://problem/20049088

8:02 PM Changeset in webkit [184232] by dburkart@apple.com

5 edits
2 adds in branches/safari-601.1.32-branch

Merge r183894. rdar://problem/20049088

7:01 PM Changeset in webkit [184231] by Simon Fraser

8 edits in trunk/Source

Turn antialiased font dilation off by default
https://bugs.webkit.org/show_bug.cgi?id=144940
rdar://problem/20923031

Reviewed by Sam Weinig.
Source/WebCore:

Turn antialised font dilation off by default.

page/Settings.cpp:

(WebCore::Settings::Settings):

platform/graphics/FontCascade.cpp:

Source/WebKit/mac:

Turn antialised font dilation off by default.

WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Source/WebKit2:

Turn antialised font dilation off by default.

Shared/WebPreferencesDefinitions.h:
UIProcess/API/C/WKPreferencesRefPrivate.h:

6:52 PM Changeset in webkit [184230] by benjamin@webkit.org

2 edits in trunk/Source/JavaScriptCore

Fix the iteration count of arith-modulo-node-behaviors.js

tests/stress/arith-modulo-node-behaviors.js:

No need for big numbers for the real testing.

6:47 PM Changeset in webkit [184229] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Windows: Cannot use HANDLE from GetCurrentThread() to get the CONTEXT of another thread.
https://bugs.webkit.org/show_bug.cgi?id=144924

Reviewed by Alex Christensen.

The present stack scanning code in the Windows port is expecting that the
GetCurrentThread() API will provide a unique HANDLE for each thread. The code
then saves and later uses that HANDLE with GetThreadContext() to get the
runtime state of the target thread from the GC thread. According to
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683182(v=vs.85).aspx,
GetCurrentThread() does not provide this unique HANDLE that we expect:

"The function cannot be used by one thread to create a handle that can
be used by other threads to refer to the first thread. The handle is
always interpreted as referring to the thread that is using it. A
thread can create a "real" handle to itself that can be used by other
threads, or inherited by other processes, by specifying the pseudo
handle as the source handle in a call to the DuplicateHandle function."

As a result of this, GetCurrentThread() always returns the same HANDLE value, and
we end up never scanning the stacks of other threads because we wrongly think that
they are all equal (in identity) to the scanning thread. This, in turn, results
in crashes due to objects that are incorrectly collected.

The fix is to call DuplicateHandle() to create a HANDLE that we can use. The
MachineThreads::Thread class already accurately tracks the period of time when
we need that HANDLE for the VM. Hence, the life-cycle of the HANDLE can be tied
to the life-cycle of the MachineThreads::Thread object for the corresponding thread.

heap/MachineStackMarker.cpp:

(JSC::getCurrentPlatformThread):
(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::Thread::~Thread):
(JSC::MachineThreads::Thread::suspend):
(JSC::MachineThreads::Thread::resume):
(JSC::MachineThreads::Thread::getRegisters):

6:47 PM Changeset in webkit [184228] by achristensen@apple.com

18 edits in trunk/Source/WebCore

Don't export all JS bindings classes.
https://bugs.webkit.org/show_bug.cgi?id=144932

Reviewed by Dan Bernstein.

This change is good if it compiles and links successfully.

bindings/scripts/CodeGeneratorJS.pm:

(ExportLabelForClass):
Add a list of the JS bindings classes that need WEBCORE_EXPORT to prevent exporting too many symbols from WebCore.

bindings/scripts/test/JS/JSTestActiveDOMObject.h:
bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
bindings/scripts/test/JS/JSTestEventConstructor.h:
bindings/scripts/test/JS/JSTestEventTarget.h:
bindings/scripts/test/JS/JSTestException.h:
bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
bindings/scripts/test/JS/JSTestNamedConstructor.h:
bindings/scripts/test/JS/JSTestNode.h:
bindings/scripts/test/JS/JSTestNondeterministic.h:
bindings/scripts/test/JS/JSTestObj.h:
bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
bindings/scripts/test/JS/JSTestTypedefs.h:
bindings/scripts/test/JS/JSattribute.h:
bindings/scripts/test/JS/JSreadonly.h:

Update bindings tests to remove WEBCORE_EXPORT from most of the tests,
but keep one test with WEBCORE_EXPORT and one test with WEBCORE_TESTSUPPORT_EXPORT.

6:43 PM Changeset in webkit [184227] by jdiggs@igalia.com

2 edits in trunk/LayoutTests

AX: [Win] REGRESSION(r184213) breaks aria-menubar-menuitems.html
https://bugs.webkit.org/show_bug.cgi?id=144936

Reviewed by Chris Fleizach.

Use focusedElement + childAtIndex rather than accessibleElementById
as the latter seems to be failing, and the former worked on Windows
to get the menubar in the original version of this test.

accessibility/aria-menubar-menuitems.html: Modified.

5:57 PM Changeset in webkit [184226] by Brent Fulgham

2 edits in trunk/Source/WebCore

[Win] Update DXSDK_DIR settings for build system.

Unreviewed build fix.

WebCore.vcxproj/WebCore.proj: Add DXSDK_DIR definition for builder.

5:30 PM Changeset in webkit [184225] by Gyuyoung Kim

25 edits in trunk/Source/WebCore

Return Ref instead of PassRefPtr in create() factory functions of WebCore/dom
https://bugs.webkit.org/show_bug.cgi?id=144904

Reviewed by Andreas Kling.

We return Ref when we're sure if pointer can't be null. If not, we use RefPtr instead PassRefPtr.

No new tests, no behavior changes.

dom/AutocompleteErrorEvent.h:
dom/DOMNamedFlowCollection.h:

(WebCore::DOMNamedFlowCollection::create):

dom/MessageChannel.h:

(WebCore::MessageChannel::create):

dom/MessagePort.h:
dom/MutationObserver.cpp:

(WebCore::MutationObserver::create):

dom/MutationObserver.h:
dom/NamedFlowCollection.h:
dom/NodeFilter.h:

(WebCore::NodeFilter::create):

dom/NodeIterator.h:

(WebCore::NodeIterator::create):

dom/ProcessingInstruction.cpp:

(WebCore::ProcessingInstruction::create):

dom/ProcessingInstruction.h:
dom/ScriptedAnimationController.h:

(WebCore::ScriptedAnimationController::create):

dom/SecurityPolicyViolationEvent.h:
dom/StaticNodeList.h:
dom/TemplateContentDocumentFragment.h:
dom/Touch.cpp:

(WebCore::Touch::cloneWithNewTarget):

dom/Touch.h:

(WebCore::Touch::create):

dom/TouchEvent.h:
dom/TouchList.h:

(WebCore::TouchList::create):

dom/TreeWalker.h:

(WebCore::TreeWalker::create):

dom/WebKitNamedFlow.cpp:

(WebCore::WebKitNamedFlow::create):

dom/WebKitNamedFlow.h:
dom/default/PlatformMessagePortChannel.cpp:

(WebCore::PlatformMessagePortChannel::create):

dom/default/PlatformMessagePortChannel.h:

(WebCore::PlatformMessagePortChannel::MessagePortQueue::create):

4:13 PM Changeset in webkit [184224] by Matt Baker

2 edits in trunk/Source/WebCore

Web Inspector: REGRESSION (r181625): Timeline recording started from console.profile is always empty
https://bugs.webkit.org/show_bug.cgi?id=144882

Reviewed by Brian Burg.

A timeline recording will always be stopped before the end of the current run loop is observed. Before
dispatching the recording stopped event, the last run loop record must be completed and sent to the frontend
to prevent it from being discarded.

inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStop):

3:06 PM Changeset in webkit [184223] by dbates@webkit.org

7 edits in trunk/Source/WebKit2

Make {Network, Web}ProcessProxy inherit from ProcessThrottleClient privately
https://bugs.webkit.org/show_bug.cgi?id=144886

Reviewed by Darin Adler.

{Network, Web}ProcessProxy are implemented in terms of ProcessThrottleClient, an
interface that defines the callbacks that ProcessThrottler makes to a client. We
do not want to allow arbitrary callers to make use of the interface ProcessThrottleClient.
So, we should use private inheritance to represent the relationship between
{Network, Web}ProcessProxy and ProcessThrottleClient instead of public inheritance.

Additionally make ProcessThrottler a instance variable of {Network, Web}ProcessProxy instead
of holding a smart pointer to a ProcessThrottler instance because we always want to
have a ProcessThrottler for each instance of {Network, Web}ProcessProxy.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::NetworkProcessProxy): Update code to work now that m_throttler
is an instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.
(WebKit::NetworkProcessProxy::didFinishLaunching): Update code to access functions of
m_throttler by reference instead of by pointer.
(WebKit::NetworkProcessProxy::didCancelProcessSuspension): Ditto.
(WebKit::NetworkProcessProxy::processReadyToSuspend): Ditto.
(WebKit::NetworkProcessProxy::setIsHoldingLockedFiles): Ditto.

UIProcess/Network/NetworkProcessProxy.h: Inherit from ProcessThrottleClient privately.

(WebKit::NetworkProcessProxy::throttler): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.

UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler): Update code to work now that m_process is
a lvalue reference instead of a pointer.
(WebKit::ProcessThrottler::updateAssertion): Ditto.
(WebKit::ProcessThrottler::assertionWillExpireImminently): Ditto.

UIProcess/ProcessThrottler.h: Ditto.
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::WebProcessProxy): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.
(WebKit::WebProcessProxy::didFinishLaunching): Update code to access functions of
m_throttler by reference instead of by pointer.
(WebKit::WebProcessProxy::processReadyToSuspend): Ditto.
(WebKit::WebProcessProxy::didCancelProcessSuspension): Ditto.
(WebKit::WebProcessProxy::setIsHoldingLockedFiles): Ditto.

UIProcess/WebProcessProxy.h: Inherit from ProcessThrottleClient privately.

(WebKit::WebProcessProxy::throttler): Update code to work now that m_throttler is an
instance of ProcessThrottler instead of a smart pointer to a ProcessThrottler instance.

2:50 PM Changeset in webkit [184222] by rniwa@webkit.org

2 edits in trunk/Tools

Fix the previous commit, which made both bubbles green.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/StatusLineView.css:

(.status-line.good .bubble):
(.status-line.bad .bubble):
(.status-line.good .message):

2:30 PM Changeset in webkit [184221] by rniwa@webkit.org

2 edits in trunk/Tools

People with Deuteranopia can't tell red and green apart on bot watcher's dashboard
https://bugs.webkit.org/show_bug.cgi?id=144929

Reviewed by Eric Carlson.

Tweaked colors as I see fit.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/StatusLineView.css:

(.status-line.good .bubble):
(.status-line.bad .bubble):

2:28 PM Changeset in webkit [184220] by benjamin@webkit.org

3 edits
1 add in trunk/Source/JavaScriptCore

[JSC] Make the NegZero backward propagated flags of ArithMod stricter
https://bugs.webkit.org/show_bug.cgi?id=144897

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-12
Reviewed by Geoffrey Garen.

The NegZero flags of ArithMod were the same as ArithDiv: both children were
marked as needing to handle NegativeZero.

Lucky for us, ArithMod is quite a bit different than ArithDiv.

First, the sign of the result is completely independent from
the sign of the divisor. A zero on the divisor always produces a NaN.
That's great, we can remove the NodeBytecodeNeedsNegZero
from the flags propagated to child2.

Second, the sign of the result is always the same as the sign of
the dividend. A dividend of zero produces a zero of same sign
unless the divisor is zero (in which case the result is NaN).
This is great too: we can just pass the flags we got into
ArithMod.

With those two out of the way, we can make a faster version of ArithRound
for Kraken's oscillator. Since we no longer care about negative zero,
rounding becomes cast<int32>(value + 0.5). This gives ~3% faster runtime
on the benchmark.

Unfortunatelly, most of the time is spent in FTL and the same optimization
does not apply well just yet: rdar://problem/20904149.

dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::BackwardsPropagationPhase::propagate):
Never add NodeBytecodeNeedsNegZero unless needed by the users of this node.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRound):
Faster Math.round() when negative zero is not important.

tests/stress/arith-modulo-node-behaviors.js: Added.

(moduloWithNegativeZeroDividend):
(moduloWithUnusedNegativeZeroDividend):
(moduloWithNegativeZeroDivisor):

2:24 PM Changeset in webkit [184219] by Alan Bujtas

3 edits
2 adds in trunk

REGRESSION(r175617): Some text doesn't render on internationalculinarycenter.com
https://bugs.webkit.org/show_bug.cgi?id=144917
rdar://problem/20545878

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/text/simple-line-layout-text-stroke-width.html

rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

fast/text/simple-line-layout-text-stroke-width-expected.txt: Added.
fast/text/simple-line-layout-text-stroke-width.html: Added.

2:20 PM Changeset in webkit [184218] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Refactor MachineStackMarker.cpp so that it's easier to reason about MachineThreads::Thread.
https://bugs.webkit.org/show_bug.cgi?id=144925

Reviewed by Michael Saboff.

Currently, the code in MachineStackMarker.cpp is written as a bunch of functions that
operate on the platformThread value in the MachineThreads::Thread struct. Instead, we
can apply better OO encapsulation and convert all these functions into methods of the
MachineThreads::Thread struct.

This will also make it easier to reason about the fix for
https://bugs.webkit.org/show_bug.cgi?id=144924 later.

heap/MachineStackMarker.cpp:

(JSC::getCurrentPlatformThread):
(JSC::MachineThreads::Thread::createForCurrentThread):
(JSC::MachineThreads::Thread::operator!=):
(JSC::MachineThreads::Thread::operator==):
(JSC::MachineThreads::addCurrentThread):
(JSC::MachineThreads::removeThreadIfFound):
(JSC::MachineThreads::Thread::suspend):
(JSC::MachineThreads::Thread::resume):
(JSC::MachineThreads::Thread::getRegisters):
(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::freeRegisters):
(JSC::MachineThreads::Thread::captureStack):
(JSC::MachineThreads::tryCopyOtherThreadStack):
(JSC::MachineThreads::tryCopyOtherThreadStacks):
(JSC::equalThread): Deleted.
(JSC::suspendThread): Deleted.
(JSC::resumeThread): Deleted.
(JSC::getPlatformThreadRegisters): Deleted.
(JSC::otherThreadStackPointer): Deleted.
(JSC::freePlatformThreadRegisters): Deleted.
(JSC::otherThreadStack): Deleted.

2:04 PM Changeset in webkit [184217] by rniwa@webkit.org

4 edits in trunk/Source/JavaScriptCore

Array.slice should have a fast path like Array.splice
https://bugs.webkit.org/show_bug.cgi?id=144901

Reviewed by Geoffrey Garen.

Add a fast memcpy path to Array.prototype.slice as done for Array.prototype.splice.
In Kraken, this appears to be 30% win on stanford-crypto-ccm and 10% win on stanford-crypto-pbkdf2.

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSlice):

runtime/JSArray.cpp:

(JSC::JSArray::fastSlice): Added.

runtime/JSArray.h:

2:02 PM Changeset in webkit [184216] by ap@apple.com

2 edits in trunk/Source/WebCore

Build fix.

platform/spi/cf/CFNetworkSPI.h:

1:46 PM Changeset in webkit [184215] by andersca@apple.com

12 edits
3 copies in trunk/Source/WebKit2

Production builds should link against the shims directly
https://bugs.webkit.org/show_bug.cgi?id=144922
rdar://problem/19708579

Reviewed by Dan Bernstein.

Configurations/NetworkService.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against SecItemShim.dylib where possible.

Configurations/PluginProcessShim.xcconfig:

Set the install name and install path.

Configurations/PluginService.32.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against PluginProcessShim.dylib where possible.

Configurations/PluginService.64.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against PluginProcessShim.dylib where possible.

Configurations/SecItemShim.xcconfig:

Set the install name and install path.

Configurations/WebContentService.xcconfig:

Point to an Info.plist that has DYLD_INSERT_LIBRARIES set on 10.10 and earlier.
Link directly against WebProcessShim.dylib where possible.

Configurations/WebProcessShim.xcconfig:

Set the install name and install path.

NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX-10.9-10.10.plist: Copied from Source/WebKit2/NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX.plist.
NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64-10.9-10.10.Info.plist: Copied from Source/WebKit2/PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist.
PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

WebKit2.xcodeproj/project.pbxproj:

Add new files.

WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX-10.9-10.10.plist: Copied from Source/WebKit2/WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX.plist.
WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-OSX.plist:

Add an Info.plist for 10.9 and 10.10 and remove DYLD_INSERT_LIBRARIES from the non-legacy plist.

12:49 PM Changeset in webkit [184214] by Brent Fulgham

2 edits in trunk/Source/WebCore

ROLLOUT [Win] Unreviewed build fix for older DirectX build environments.

platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:

12:44 PM Changeset in webkit [184213] by jdiggs@igalia.com

9 edits
2 adds
2 deletes in trunk

AX: [ATK] ARIA menu items should not have anonymous block children
https://bugs.webkit.org/show_bug.cgi?id=144653

Reviewed by Chris Fleizach.

Source/WebCore:

Exclude anonymous block children of menu items from the accessible tree
for ATK. Exclude list markers from the accessibility tree if the parent
is not being exposed as an accessible list item.

No new tests. Instead, modified the existing tests to reflect the correct
behavior.

accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):

accessibility/atk/AccessibilityObjectAtk.cpp:

(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

LayoutTests:

The existing test was not cross-platform friendly and was rewritten as
part of the fix for this bug. New expectations were generated for Mac,
Efl, and Gtk. The shared expectations and the Windows expectations were
removed so as not to break the Win port. The search-predicate test also
was updated because it included an ARIA treeitem which had a listmarker
child it should not have, and no longer has as a result of the bug fix.

accessibility/aria-menubar-menuitems-expected.txt: Removed. Platform hierarchies vary vastly.
accessibility/aria-menubar-menuitems.html: Rewritten to work better as a shared test.
platform/efl/accessibility/aria-menubar-menuitems-expected.txt: Added.
platform/gtk/accessibility/aria-menubar-menuitems-expected.txt: Added.
platform/mac/accessibility/aria-menubar-menuitems-expected.txt: Modified as result of rewrite.
platform/mac/accessibility/search-predicate.html: Modified to reflect correct treeitem children.
platform/mac/accessibility/search-predicate-expected.txt: Modified to reflect correct treeitem children.
platform/win/accessibility/aria-menubar-menuitems-expected.txt: Removed. New file should be generated.
resources/accessibility-helper.js: Added an argument so dumpAccessibilityTree can print title rather than value.

(dumpAccessibilityTree):

12:42 PM Changeset in webkit [184212] by ap@apple.com

3 edits in trunk/Source/WebKit2

Undo a mistaken part of r184211.

UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::cookieStorageDirectory):
UIProcess/WebProcessPool.h:

cookieStorageDirectory() is used on iOS, so bring it back.

12:37 PM Changeset in webkit [184211] by ap@apple.com

19 edits in trunk

[Mac] Share cookie storage between UI process and secondary processes
https://bugs.webkit.org/show_bug.cgi?id=144820
rdar://problem/20572830

Reviewed by Darin Adler.

Source/WebCore:

platform/network/mac/CookieJarMac.mm:
platform/spi/cf/CFNetworkSPI.h:

Moved SPIs into an SPI header, so that WebKit2 could use them too without duplication.

Source/WebKit2:

Pass a cookie storage descriptor that includes file path as well as other data that
CFNetwork needs to use the same cookies storage as in another process (session cookies
are still separate).

While at it, started to clean up code that passes cookie storage path. It was mostly
dead and unimplemented, only used in child processes when USE(SECCOMP_FILTERS) was enabled.

NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

Shared/Network/NetworkProcessCreationParameters.h:
Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::WebProcessPool::platformInitializeNetworkProcess):
(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess):
(WebKit::WebProcessPool::createNewWebProcess):
(WebKit::WebProcessPool::cookieStorageDirectory):

UIProcess/WebProcessPool.h:
UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::platformDefaultCookieStorageDirectory): Deleted.

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

WebKitTestRunner/TestController.cpp: (WTR::TestController::initialize):

Don't set cookie storage directory, as it's a no-op, we use an ephemeral session
for testing.

12:29 PM Changeset in webkit [184210] by Chris Dumez

5 edits in trunk/Source

[WK2] Log using diagnostic logging how far back in history we navigate
https://bugs.webkit.org/show_bug.cgi?id=144919
<rdar://problem/20920043>

Reviewed by Gavin Barraclough.

Source/WebCore:

Add diagnostic logging keys for logging back history navigation delta.

page/DiagnosticLoggingKeys.cpp:

(WebCore::DiagnosticLoggingKeys::deltaKey):
(WebCore::DiagnosticLoggingKeys::backNavigationKey):

page/DiagnosticLoggingKeys.h:

Source/WebKit2:

Log using diagnostic logging how far back in history we navigate.
When a back navigation or a backward indexed navigation occurs, we
log the delta: (HistoryListSize - 1) - NewHistoryItemIndex.

UIProcess/WebBackForwardList.cpp:

(WebKit::WebBackForwardList::goToItem):

12:23 PM Changeset in webkit [184209] by jacob_nielsen@apple.com

9 edits in trunk/Tools

Fix internal build configuration issues
https://bugs.webkit.org/show_bug.cgi?id=144762

Reviewed by David Kilzer.

Modifies DumpRenderTree's xcconfig files to use SDK selectors.

DumpRenderTree/mac/Configurations/Base.xcconfig:
DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
DumpRenderTree/mac/Configurations/DumpRenderTree.xcconfig:
DumpRenderTree/mac/Configurations/DumpRenderTreeApp.xcconfig:
DumpRenderTree/mac/Configurations/DumpRenderTreeLibrary.xcconfig:
DumpRenderTree/mac/Configurations/ImageDiff.xcconfig:
DumpRenderTree/mac/Configurations/LayoutTestHelper.xcconfig:
DumpRenderTree/mac/Configurations/TestNetscapePlugIn.xcconfig:

11:40 AM Changeset in webkit [184208] by yoav@yoav.ws

4 edits in trunk/Source/WebCore

Avoid CSSPrimitiveValue allocation when parsing sizes
https://bugs.webkit.org/show_bug.cgi?id=144910

Reviewed by Darin Adler.

Turn non-calc length calculation logic into a static method,
so that it can be called without a CSSPrimitiveValue object.
Then, call that method to calculate the default source-size length.

No new tests, since no functionality change.

css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::computeLengthDouble): Split out the logic for everything that's not calc into a static method.
(WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble): Static length computation logic for everything that is not calc.

css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isFontRelativeLength): Turn into static.

css/SourceSizeList.cpp:

(WebCore::defaultLength): Use the new static method to compute the length.
(WebCore::computeLength): Use the calc length computation methods directly.

11:07 AM Changeset in webkit [184207] by Brent Fulgham

2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix for older DirectX build environments.

platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: Switch back to our

d3d stub header to avoid build failures on July 2004 DXSDK build environments.

11:01 AM Changeset in webkit [184206] by fpizlo@apple.com

5 edits
2 adds in trunk/Source/JavaScriptCore

OSR availability analysis would be more scalable (and correct) if it did more liveness pruning
https://bugs.webkit.org/show_bug.cgi?id=143078

Reviewed by Andreas Kling.

In https://bugs.webkit.org/show_bug.cgi?id=144883, we found an example of where liveness
pruning is actually necessary. Well, not quite: we just need to prune out keys from the
heap availability map where the base node doesn't dominate the point where we are asking
for availability. If we don't do this, then eventually the IR gets corrupt because we'll
insert PutHints that reference the base node in places where the base node doesn't
dominate. But if we're going to do any pruning, then it makes sense to prune by bytecode
liveness. This is the strongest possible pruning we can do, and it should be sound. We
shouldn't have a node available for a virtual register if that register is live and the
node doesn't dominate.

Making this work meant reusing the prune-to-liveness algorithm from the FTL backend. So, I
abstracted this a bit better. You can now availabilityMap.pruneByLiveness(graph, origin).

dfg/DFGAvailabilityMap.cpp:

(JSC::DFG::AvailabilityMap::pruneHeap):
(JSC::DFG::AvailabilityMap::pruneByLiveness):
(JSC::DFG::AvailabilityMap::prune): Deleted.

dfg/DFGAvailabilityMap.h:
dfg/DFGOSRAvailabilityAnalysisPhase.cpp:

(JSC::DFG::OSRAvailabilityAnalysisPhase::run):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::buildExitArguments):

tests/stress/liveness-pruning-needed-for-osr-availability.js: Added. This is a proper regression test.
tests/stress/liveness-pruning-needed-for-osr-availability-eager.js: Added. This is the original reduced test case, requires eager-no-cjit to fail prior to this changeset.

10:30 AM Changeset in webkit [184205] by ap@apple.com

2 edits in trunk/LayoutTests

fast/frames/flattening/iframe-flattening-resize-event-count.html times out on Yosemite WK2
https://bugs.webkit.org/show_bug.cgi?id=144155

platform/mac-wk2/TestExpectations: Marking as flaky for now.

9:41 AM Changeset in webkit [184204] by eric.carlson@apple.com

7 edits in trunk/Source/WebCore

[Mac] Refine media playback target client configuration
https://bugs.webkit.org/show_bug.cgi?id=144892

Reviewed by Brent Fulgham.

Client and target picker state changes fequently happen several times in quick succession, so
don't react to immediately so we can batch callbacks to the web process.

Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::ClientState::ClientState): Store the client as a reference rather than a pointer
because it can never be NULL.
(WebCore::ClientState::operator == ): New.
(WebCore::WebMediaSessionManager::addPlaybackTargetPickerClient): Schedule the initial client
configuration and a target configuration check.
(WebCore::WebMediaSessionManager::removePlaybackTargetPickerClient): Schedule a target monitoring
update, and a target configuration check.
(WebCore::WebMediaSessionManager::removeAllPlaybackTargetPickerClients): Ditto.
(WebCore::WebMediaSessionManager::showPlaybackTargetPicker): Schedule a target monitoring update.
(WebCore::WebMediaSessionManager::clientStateDidChange): If the client whose state has changed
can play to a target, tell it to start using the target even if it isn't playing as long as
no other client is actively using a target.
(WebCore::WebMediaSessionManager::setPlaybackTarget): Configure clients after a pause.
(WebCore::WebMediaSessionManager::configureNewClients): New, do new client configuration.
(WebCore::WebMediaSessionManager::configurePlaybackTargetClients): New, configure target clients.
(WebCore::WebMediaSessionManager::scheduleDelayedTask): Schedule the timer.
(WebCore::WebMediaSessionManager::taskTimerFired): Execute delayed tasks.
(WebCore::WebMediaSessionManager::find):

Modules/mediasession/WebMediaSessionManager.h:

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMuted): Call updateMediaState.
(WebCore::HTMLMediaElement::setPlaying): Ditto.
(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Ditto.
(WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Expand logging.
(WebCore::HTMLMediaElement::updateMediaState): New, don't broadcast a media state change
unless something actually changed.

html/HTMLMediaElement.h:

html/HTMLMediaSession.cpp:

(WebCore::HTMLMediaSession::externalOutputDeviceAvailableDidChange): Update logging.
(WebCore::HTMLMediaSession::setShouldPlayToPlaybackTarget): Ditto.
(WebCore::HTMLMediaSession::mediaEngineUpdated): Cleanup.

platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker): Remove the call to
deprecated API and the "-Wdeprecated-declarations".

9:25 AM Changeset in webkit [184203] by weinig@apple.com

6 edits in trunk/Source/WebKit2

ChildProcess should take an os_activity
https://bugs.webkit.org/show_bug.cgi?id=141781

Reviewed by Ryosuke Niwa.

DatabaseProcess/EntryPoint/mac/XPCService/DatabaseServiceEntryPoint.mm:

(DatabaseServiceInitializer):

NetworkProcess/EntryPoint/mac/XPCService/NetworkServiceEntryPoint.mm:

(NetworkServiceInitializer):

PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:

(PluginServiceInitializer):

WebProcess/EntryPoint/mac/XPCService/WebContentServiceEntryPoint.mm:

(WebContentServiceInitializer):
Start an os_activity in the initializer for each XPC service.

config.h:

Add HAVE_OS_ACTIVITY where available.

7:31 AM Changeset in webkit [184202] by ddkilzer@apple.com

3 edits in trunk/Tools

Switch to launching iOS Simulator using bundle ID
<rdar://problem/20916096>

This is required to fix the layout tests on internal bots.

Scripts/webkitdirs.pm:

(relaunchIOSSimulator): Switch to use bundle ID to launch iOS
Simulator. Add FIXME.
(quitIOSSimulator): Add FIXME.

Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run): Switch to use bundle ID to
launch iOS Simulator. Add FIXME.
(IOSSimulatorPort.check_sys_deps): Add FIXME.

7:22 AM Changeset in webkit [184201] by peavo@outlook.com

2 edits in trunk/Tools

Fix run-javascriptcore-tests step on the WinCairo bot
https://bugs.webkit.org/show_bug.cgi?id=144866

Reviewed by Csaba Osztrogonác.

Catch exception when failing to create soft link, so we can fall back to copy.

Scripts/run-jsc-stress-tests:

6:28 AM Changeset in webkit [184200] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ debug build after r184197.

UIProcess/gtk/RedirectedXCompositeWindow.cpp: Add missing include.

5:01 AM Changeset in webkit [184199] by jdiggs@igalia.com

10 edits in trunk

AX: [GTK] Defer to WebCore Accessibility for table exposure
https://bugs.webkit.org/show_bug.cgi?id=144896

Reviewed by Chris Fleizach.

Source/WebCore:

Stop unconditionally exposing all HTMLTableElement nodes as AccessibilityTables
for WebKitGtk.

No new tests. Several existing tests already cover table exposure. They have
been updated accordingly.

accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::computeIsTableExposableThroughAccessibility):

LayoutTests:

Several platform tests are testing accessibility of tables. In order to ensure
that those tables continue to be exposed as tables, a border was added so that
they are not judged to be layout tables. For the remainder of the tests, the
expectations were updated to reflect the fact that layout tables are no longer
exposed as AccessibilityTables in WebKitGtk.

platform/gtk/accessibility/caret-offsets.html: Added border to table.
platform/gtk/accessibility/table-detection-expected.txt: Updated to reflect new behavior.
platform/gtk/accessibility/table-hierarchy-expected.txt: Updated to reflect new behavior.
platform/gtk/accessibility/table-one-cell-expected.txt: Updated to reflect new behavior.
platform/gtk/accessibility/table-with-rules-expected.txt: Updated to reflect new behavior.
platform/gtk/accessibility/text-for-range-table-cells.html: Added border to table.
platform/gtk/accessibility/text-for-table.html: Added border to table.

4:59 AM Changeset in webkit [184198] by jdiggs@igalia.com

6 edits in trunk

[GTK][WK2] rowAtIndex is not implemented in DRT/WKTR
https://bugs.webkit.org/show_bug.cgi?id=116971

Reviewed by Chris Fleizach.

Source/WebCore:

Because ATK lacks API to directly get an accessible row via its index,
the implementation of rowAtIndex gets a cell in the indexed row and
returns the parent row. The failing test continued to fail because
AccessibilityARIAGridCell::parentTable called parentObjectUnignored at
most twice, the second call in place to handle rows which are included
in the tree. However, given a well-formed ARIA grid with a rowgroup that
is interactive, that rowgroup also needs to be in the tree necessitating
parentObjectUnignored be called a third time to get to the grid. Given a
poorly-formed ARIA grid, there may additional objects which pass the test
for inclusion standing in between the cell and grid necessitating more
calls still. Therefore, ascend the hierarchy to find the parent grid.

No new tests. The failing test now passes.

accessibility/AccessibilityARIAGridCell.cpp:

(WebCore::AccessibilityARIAGridCell::parentTable):

Tools:

Implement rowAtIndex for ATK.

WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::rowAtIndex):

LayoutTests:

platform/gtk/TestExpectations: Removed previously-failing test.

4:11 AM Changeset in webkit [184197] by Carlos Garcia Campos

21 edits
3 adds in trunk/Source

[X11] Add XUniquePtr and XUniqueResource to automatically free X resources
https://bugs.webkit.org/show_bug.cgi?id=144521

Reviewed by Darin Adler.

Source/WebCore:

Add XUniquePtr as a template alias of std:unique_ptr to handle X
resources using pointers and XUniqueResource as a new class to
handle X resources using a long unsigned identifier. This
simplifies the code and makes it more difficult to leak X resources.

PlatformEfl.cmake: Add new files to compilation.
PlatformGTK.cmake: Ditto.
platform/graphics/cairo/BackingStoreBackendCairoX11.cpp:

(WebCore::BackingStoreBackendCairoX11::BackingStoreBackendCairoX11):
Remove the display member, and use XUnique for Pixmap and GC.
(WebCore::BackingStoreBackendCairoX11::~BackingStoreBackendCairoX11):
Remove code to explicitly free Pixmap and GC.
(WebCore::BackingStoreBackendCairoX11::scroll):

platform/graphics/cairo/BackingStoreBackendCairoX11.h:
platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::createWindowContext): Use XUnique and the
new constructor that receives a XID, since there's no longer
conflict with the one receiving a Pbuffer.
(WebCore::GLContextGLX::createPbufferContext): Use XUnique and the
new constructor that receives a XUniqueGLXPbuffer&&.
(WebCore::GLContextGLX::createPixmapContext):
(WebCore::GLContextGLX::createContext):
(WebCore::GLContextGLX::GLContextGLX):
(WebCore::GLContextGLX::~GLContextGLX): Remove code to explicitly
free X resources.
(WebCore::GLContextGLX::makeContextCurrent):
(WebCore::GLContextGLX::cairoDevice):
(WebCore::GLContextGLX::platformContext):

platform/graphics/glx/GLContextGLX.h:
platform/graphics/surfaces/egl/EGLXSurface.cpp:

(WebCore::EGLXTransportSurfaceClient::EGLXTransportSurfaceClient):
(WebCore::EGLXTransportSurfaceClient::destroy):
(WebCore::EGLXTransportSurfaceClient::prepareTexture):

platform/graphics/surfaces/egl/EGLXSurface.h:
platform/graphics/surfaces/glx/GLXConfigSelector.h:

(WebCore::GLXConfigSelector::findMatchingConfig): Use XUnique
instead of the custom std::unique X11Deleter.
(WebCore::GLXConfigSelector::findMatchingConfigWithVisualId): Ditto.

platform/graphics/surfaces/glx/GLXSurface.cpp:

(WebCore::GLXTransportSurface::GLXTransportSurface): Ditto.
(WebCore::GLXOffScreenSurface::initialize):

platform/graphics/surfaces/glx/X11Helper.cpp:

(WebCore::X11Helper::createOffScreenWindow): Ditto.
(WebCore::X11Helper::createPixmap): Ditto.

platform/graphics/surfaces/glx/X11Helper.h:
platform/graphics/x11/XUniquePtr.h: Remove X11Deleter.

(WebCore::XPtrDeleter::operator()):

platform/graphics/x11/XUniqueResource.cpp: Added.

(WebCore::XUniqueResource<XResource::Colormap>::deleteXResource):
(WebCore::XUniqueResource<XResource::Damage>::deleteXResource):
(WebCore::XUniqueResource<XResource::Pixmap>::deleteXResource):
(WebCore::XUniqueResource<XResource::Window>::deleteXResource):
(WebCore::XUniqueResource<XResource::GLXPbuffer>::deleteXResource):
(WebCore::XUniqueResource<XResource::GLXPixmap>::deleteXResource):

platform/graphics/x11/XUniqueResource.h: Added.

(WebCore::XUniqueResource::XUniqueResource):
(WebCore::XUniqueResource::operator=):
(WebCore::XUniqueResource::~XUniqueResource):
(WebCore::XUniqueResource::get):
(WebCore::XUniqueResource::release):
(WebCore::XUniqueResource::reset):
(WebCore::XUniqueResource::operator!):
(WebCore::XUniqueResource::operator UnspecifiedBoolType*):

Source/WebKit2:

Use XUniquePtr and XUniqueResource to free X resources.

PlatformEfl.cmake: Add Source/WebCore/platform/graphics/x11 dir

to the include dir list.

PlatformGTK.cmake: Ditto.
UIProcess/cairo/BackingStoreCairo.cpp:

(WebKit::BackingStore::createBackend): Do not pass the display to
the BackingStoreBackendCairoX11 constructor.

UIProcess/gtk/RedirectedXCompositeWindow.cpp:

(WebKit::RedirectedXCompositeWindow::RedirectedXCompositeWindow):
(WebKit::RedirectedXCompositeWindow::~RedirectedXCompositeWindow):
(WebKit::RedirectedXCompositeWindow::resize):
(WebKit::RedirectedXCompositeWindow::cleanupPixmapAndPixmapSurface):
(WebKit::RedirectedXCompositeWindow::surface):

UIProcess/gtk/RedirectedXCompositeWindow.h:

(WebKit::RedirectedXCompositeWindow::windowID):

WebProcess/Plugins/Netscape/NetscapePlugin.h:
WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:

(WebKit::NetscapePlugin::platformPostInitializeWindowless):
(WebKit::NetscapePlugin::platformDestroy):
(WebKit::NetscapePlugin::platformGeometryDidChange):
(WebKit::NetscapePlugin::platformPaint):

3:17 AM Changeset in webkit [184196] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.8.2

WebKitGTK+ 2.8.2

3:17 AM Changeset in webkit [184195] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.2 release.

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

gtk/NEWS: Add release notes for 2.8.2.

3:16 AM Changeset in webkit [184194] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Unreviewed. Fix the build with RESOURCE_TIMING disabled.

loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::isolatedCopy):

2:53 AM Changeset in webkit [184193] by zandobersek@gmail.com

18 edits in trunk/Source/WebCore

Move TransformOperation-based classes off of PassRefPtr
https://bugs.webkit.org/show_bug.cgi?id=144876

Reviewed by Darin Adler.

Remove uses of PassRefPtr from the TransformOperation class and its
derivatives, operating on Ref and RefPtr objects instead.

platform/graphics/transforms/IdentityTransformOperation.h:
platform/graphics/transforms/Matrix3DTransformOperation.cpp:

(WebCore::Matrix3DTransformOperation::blend):

platform/graphics/transforms/Matrix3DTransformOperation.h:
platform/graphics/transforms/MatrixTransformOperation.cpp:

(WebCore::MatrixTransformOperation::blend):

platform/graphics/transforms/MatrixTransformOperation.h:
platform/graphics/transforms/PerspectiveTransformOperation.cpp:

(WebCore::PerspectiveTransformOperation::blend):

platform/graphics/transforms/PerspectiveTransformOperation.h:
platform/graphics/transforms/RotateTransformOperation.cpp:

(WebCore::RotateTransformOperation::blend):

platform/graphics/transforms/RotateTransformOperation.h:
platform/graphics/transforms/ScaleTransformOperation.cpp:

(WebCore::ScaleTransformOperation::blend):

platform/graphics/transforms/ScaleTransformOperation.h:
platform/graphics/transforms/SkewTransformOperation.cpp:

(WebCore::SkewTransformOperation::blend):

platform/graphics/transforms/SkewTransformOperation.h:
platform/graphics/transforms/TransformOperation.h:
platform/graphics/transforms/TransformOperations.cpp:

(WebCore::TransformOperations::blendByMatchingOperations):

platform/graphics/transforms/TranslateTransformOperation.cpp:

(WebCore::TranslateTransformOperation::blend):

platform/graphics/transforms/TranslateTransformOperation.h:

2:36 AM Changeset in webkit [184192] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r184170 - Workaround for Cortex-A53 erratum 843419
https://bugs.webkit.org/show_bug.cgi?id=144680

Reviewed by Michael Saboff.

This patch is about to give simple workaround for Cortex-A53 erratum 843419.
It inserts nops after ADRP instruction to avoid wrong address accesses.

assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::adrp):
(JSC::ARM64Assembler::nopCortexA53Fix843419):

2:35 AM Changeset in webkit [184191] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184154 - Clean up redundant resources in case of failure in GLContextEGL context creation methods
https://bugs.webkit.org/show_bug.cgi?id=144878

Reviewed by Martin Robinson.

GLContextEGL::createWindowContext() and GLContextEGL::createPixmapContext() methods
should clean up the freshly-created resources when prematurely returning due to a
failure.

platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createWindowContext):
(WebCore::GLContextEGL::createPixmapContext):

2:25 AM Changeset in webkit [184190] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184104 - WebContent crash under com.apple.WebCore: WebCore::WebKitCSSResourceValue::isCSSValueNone const + 6
https://bugs.webkit.org/show_bug.cgi?id=144870
rdar://problem/20727702

Reviewed by Simon Fraser.

No repro but we are seeing null pointer crashes like this:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff92da5706 WebCore::WebKitCSSResourceValue::isCSSValueNone() const + 6
1 com.apple.WebCore 0x00007fff93382b48 WebCore::MaskImageOperation::isCSSValueNone() const + 24
2 com.apple.WebCore 0x00007fff92e0475e WebCore::FillLayer::hasNonEmptyMaskImage() const + 30

platform/graphics/MaskImageOperation.cpp:

(WebCore::MaskImageOperation::MaskImageOperation):
(WebCore::MaskImageOperation::isCSSValueNone):

This would crash like this if both m_styleImage and m_cssMaskImageValue are null.
There are no obvious guarantees that this doesn't happen. Two of the constructor variants allow it
and there is setImage which may turn m_styleImage null later too.

Fix by making null m_cssMaskImageValue always signify CSSValueNone.

(WebCore::MaskImageOperation::cssValue):

2:24 AM Changeset in webkit [184189] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r184097 - AX: Crash at WebCore::AccessibilityMenuList::addChildren()
https://bugs.webkit.org/show_bug.cgi?id=144860

Reviewed by Mario Sanchez Prada.

Source/WebCore:

There were some unsafe pointer accesses in AccessibilityMenuList code that needed to be cleaned up.

Test: accessibility/menu-list-crash2.html

accessibility/AccessibilityMenuList.cpp:

(WebCore::AccessibilityMenuList::addChildren):

LayoutTests:

accessibility/menu-list-crash2-expected.txt: Added.
accessibility/menu-list-crash2.html: Added.

2:23 AM Changeset in webkit [184188] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r184072 - [GTK] WorkQueue objects are not released
https://bugs.webkit.org/show_bug.cgi?id=144824

Reviewed by Žan Doberšek.

Do not keep a reference of the WorkQueue for the entire life of
its worker thread, since every task scheduled on the WorkQueue
already takes a reference. Instead, take a reference of the main
loop to make sure that when the worker thread starts, the main
loop hasn't been released to avoid runtime warnings (see
webkit.org/b/140998). Also removed the g_main_context_pop_thread_default()
from the thread body, since the thread-specific context queue will
be freed anyway when the thread exits.
If the WorkQueue is released early, before the thread has started,
schedule a main loop quit in the context, to make sure it will
be the first thing run by the main loop and the thread will exit.

wtf/WorkQueue.h: Remove unused event loop mutex.
wtf/gtk/WorkQueueGtk.cpp:

(WTF::WorkQueue::platformInitialize):
(WTF::WorkQueue::platformInvalidate):

2:17 AM Changeset in webkit [184187] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184070 - Reduce TransformationMatrix copies in WebKitCSSMatrix operations
https://bugs.webkit.org/show_bug.cgi?id=144795

Reviewed by Darin Adler.

Instead of copying the TransformationMatrix member, performing
the operation on it and then copying it again when creating
the new WebKitCSSMatrix object, copy it just once by first
creating the new WebKitCSSMatrix object and then performing
the operation on that object's TransformationMatrix directly.

css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::multiply):
(WebCore::WebKitCSSMatrix::translate):
(WebCore::WebKitCSSMatrix::scale):
(WebCore::WebKitCSSMatrix::rotate):
(WebCore::WebKitCSSMatrix::rotateAxisAngle):
(WebCore::WebKitCSSMatrix::skewX):
(WebCore::WebKitCSSMatrix::skewY):

2:17 AM Changeset in webkit [184186] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184005 - Crashes in SocketStreamHandleBase::close
https://bugs.webkit.org/show_bug.cgi?id=144767
rdar://problem/20486538

Reviewed by Brady Eidson.

This is a speculative fix, I could not reproduce the crash.

Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::processFrame):

Normally, processOutgoingFrameQueue() closes the handle in the end when called in
OutgoingFrameQueueClosing state. But there is no definitive protection against
processing two CLOSE frames, in which case we'd try to close the handle twice.

platform/network/cf/SocketStreamHandleCFNet.cpp:

(WebCore::SocketStreamHandle::readStreamCallback): Passing empty data to the client
results in the socket being closed, which makes no sense here.

2:16 AM Changeset in webkit [184185] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r183959 - Release assert in com.apple.WebKit.WebContent under JavaScriptCore: JSC::JSONProtoFuncStringify
https://bugs.webkit.org/show_bug.cgi?id=144758

Reviewed by Andreas Kling.

This was an out-of-memory error when trying to shrink a string builder.
bmalloc was missing the optimization that allowed realloc() to shrink
without copying. So, let's add it.

bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate): Added Large and XLarge cases for
shrinking without copying. This isn't possible for small and medium
objects, and probably not very profitable, either.

bmalloc/Heap.cpp:

(bmalloc::Heap::findXLarge):
(bmalloc::Heap::deallocateXLarge):

bmalloc/Heap.h: Refactored this code to return a reference to an

XLarge range. This makes the code reusable, and also makes it easier
for realloc() to update metadata.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::split): Allow allocated objects to split because
that's what realloc() wants to do, and there's nothing intrinsically
wrong with it.

2:02 AM Changeset in webkit [184184] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r183950 - REGRESSION (r164449): Subpixel rendering: http://www.apple.com/iphone-6/ "Faster wireless." image displays vertical black line on 1x displays at specific window width.
https://bugs.webkit.org/show_bug.cgi?id=144723
rdar://problem/18307094

Reviewed by Simon Fraser.

This patch ensures that the backing store's graphics layer is always positioned on a device pixel boundary.

While calculating the backing store's graphics layer location, its ancestor layer's compositing bounds is taken into account.
However the compositing bounds is an unsnapped value, so in order to place the graphics layer properly,
we need to pixel align the ancestor compositing bounds before using it to adjust the child's graphics layer position.

Source/WebCore:

Test: compositing/ancestor-compositing-layer-is-on-subpixel-position.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

compositing/ancestor-compositing-layer-is-on-subpixel-position-expected.html: Added.
compositing/ancestor-compositing-layer-is-on-subpixel-position.html: Added.
platform/mac/compositing/layer-creation/overlap-animation-container-expected.txt: progression.

2:01 AM Changeset in webkit [184183] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r183948 - Fix sizes crash and add invalid value tests.
https://bugs.webkit.org/show_bug.cgi?id=144739

Reviewed by Darin Adler.

Source/WebCore:

Make sure that only CSS length are allowed when the sizes parser is calling computeLength.
Also make sure that for invalid lengths, the 100vw default is used instead.

Test: fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html

css/SourceSizeList.cpp:

(WebCore::computeLength):
(WebCore::defaultLength):
(WebCore::parseSizesAttribute):

LayoutTests:

Add tests that make sure that invalid values are properly handled, and a 100vw
source-size length is being used for srcset and for intrinsic dimension calculation.

fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt: Added.
fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html: Added.

2:00 AM Changeset in webkit [184182] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r183941 - Add PLUGIN_ARCHITECTURE(X11) around m_frameRectInWindowCoordinates in NetscapePlugin.
https://bugs.webkit.org/show_bug.cgi?id=144490

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-07
Reviewed by Darin Adler.

m_frameRectInWindowCoordinates in NetscapePlugin is currently being used only for
the windowed plugins, and the windowed plugins are only supported on X11. So we can
guard it with PLUGIN_ARCHITECTURE(X11).

No new tests, no behavior change.

WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::geometryDidChange):

WebProcess/Plugins/Netscape/NetscapePlugin.h:

1:57 AM Changeset in webkit [184181] by Carlos Garcia Campos

4 edits
1 add in releases/WebKitGTK/webkit-2.8

Merge r183933 - Fix a couple of cases where the backForwardListState's currentIndex is not set correctly in WebBackForwardList::backForwardListState().
https://bugs.webkit.org/show_bug.cgi?id=144666

Reviewed by Darin Adler.

UIProcess/WebBackForwardList.cpp:

(WebKit::WebBackForwardList::backForwardListState):
If the first item is filtered out and the currentIndex is 0, don't decrement currentIndex.
If all the items are filtered out, set currentIndex to the uninitialized value.

Tools:
Add a test for WKPageCopySessionState() with filtering.
https://bugs.webkit.org/show_bug.cgi?id=144666

Reviewed by Darin Adler.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2/WKPageCopySessionStateWithFiltering.cpp: Added.

(TestWebKitAPI::didFinishLoadForFrame):
(TestWebKitAPI::setPageLoaderClient):
(TestWebKitAPI::filterFirstItemCallback):
(TestWebKitAPI::filterAllItemsCallback):
(TestWebKitAPI::createSessionStates):
(TestWebKitAPI::TEST):

1:56 AM Changeset in webkit [184180] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r183921 - [GTK] Clean up RunLoop implementation
https://bugs.webkit.org/show_bug.cgi?id=144729

Reviewed by Carlos Garcia Campos.

Clean up the RunLoop implementation for the GTK port,
removing unnecessary methods and using simpler variable names.

Nested GMainLoops in RunLoop::run() are now created for the
RunLoop's GMainContext, and not for the default context (enforced
through the null argument to g_main_loop_new()).

wtf/RunLoop.h:
wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::~RunLoop):
(WTF::RunLoop::run):
(WTF::RunLoop::stop):
(WTF::RunLoop::wakeUp):
(WTF::RunLoop::TimerBase::start):
(WTF::RunLoop::innermostLoop): Deleted.
(WTF::RunLoop::pushNestedMainLoop): Deleted.
(WTF::RunLoop::popNestedMainLoop): Deleted.

1:53 AM Changeset in webkit [184179] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183891 - Avoid copies in scrollOffsetForFixedPosition() and inline it.
https://bugs.webkit.org/show_bug.cgi?id=144709

Reviewed by Simon Fraser.

page/FrameView.cpp:

(WebCore::FrameView::frameScaleFactor):
Added so that scrollOffsetForFixedPosition() can be inlined without having to
reference Frame's implementation.

(WebCore::FrameView::scrollOffsetForFixedPosition): Deleted.
Moved this to the header.

page/FrameView.h:

Inline scrollOffsetForFixedPosition() and get rid of all the copying
it was doing.

1:48 AM Changeset in webkit [184178] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183887 - RenderLayer::currentTransform computes a pixel snapped rect it doesn't use.
https://bugs.webkit.org/show_bug.cgi?id=144708

Reviewed by Simon Fraser.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::currentTransform):

Only compute a pixel snapped rect if we actually end up needing it. The common case
is that this rect is not needed, so pushing it inside the two if statements
speeds up the common case.

1:47 AM Changeset in webkit [184177] by Carlos Garcia Campos

10 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183885 - Optimize topLeftLocationOffset() addition in updateLayerPosition
https://bugs.webkit.org/show_bug.cgi?id=144704

Reviewed by Dean Jackson.

page/FrameView.cpp:

(WebCore::FrameView::FrameView):

page/FrameView.h:

Move the hasFlippedBlocks bit to FrameView instead of RenderView. Works better for inlining
the check in any renderer header, and it also makes more sense conceptually, since the RenderView
itself could be a flipped block.

rendering/RenderBox.cpp:

(WebCore::RenderBox::layoutOverflowRectForPropagation):
Change over to the FrameView bit.

rendering/RenderBox.h:

(WebCore::RenderBox::applyTopLeftLocationOffset):
Add a new inlined function that can apply the top left location offset to a point without
multiple LayoutSize creations and copies. It invokes a helper for flipping that is not
inlined only in the case where actual flipped blocks exist in the render tree.

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::updateFromStyle):
Set the bit on the FrameView now instead of the RenderView.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::updateLayerPosition):
Call the new applyTopLeftLocationOffset function so that the point can have offsets added
in without any extra copies.

(WebCore::RenderLayer::calculateClipRects):

rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::rangeIntersectsRect):
Switch over to the bit on the FrameView.

rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):

rendering/RenderView.h:

Get rid of the bit on the RenderView.

1:38 AM Changeset in webkit [184176] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183879 - Optimize relativePositionOffset() to avoid doing unnecessary work
https://bugs.webkit.org/show_bug.cgi?id=144698

Reviewed by Simon Fraser.

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::relativePositionOffset):

Patch relativePositionOffset to avoid doing unnecessary work in the common case where
all values of top/left/right/bottom are either auto or fixed. We no longer fetch
containingBlock() into a local always, but instead just invoke the function only
when necessary.

Also avoid computing the percentage-relative maximum for the top/right/bottom/left lengths
when they are fixed values, since that maximum won't be examined at all.

1:37 AM Changeset in webkit [184175] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r183861 - NetworkResourceLoader::cleanup() should clear ResourceHandle client pointer.
https://bugs.webkit.org/show_bug.cgi?id=144641
rdar://problem/20250960

Reviewed by David Kilzer.

NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::cleanup):

Clear the client pointer.

Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::useCredentialForChallenge):
(WebKit::AuthenticationManager::continueWithoutCredentialForChallenge):
(WebKit::AuthenticationManager::cancelChallenge):
(WebKit::AuthenticationManager::performDefaultHandling):
(WebKit::AuthenticationManager::rejectProtectionSpaceAndContinue):
Updated comments, which were not accurate, at least on Mac.

1:35 AM Changeset in webkit [184174] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183855 - EventHandler::m_eventHandlerWillResetCapturingMouseEventsElement is incorrectly initialized
https://bugs.webkit.org/show_bug.cgi?id=144583

Reviewed by Daniel Bates.

page/EventHandler.cpp:

(WebCore::EventHandler::EventHandler): The
m_eventHandlerWillResetCapturingMouseEventsElement is a boolean,
so initialize it to false, instead of to nullptr.

1:34 AM Changeset in webkit [184173] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183800 - [GTK] Async operations running in the WorkQueue thread should schedule their sources to the WorkQueue main lopp
https://bugs.webkit.org/show_bug.cgi?id=144541

Reviewed by Žan Doberšek.

Source/WTF:

They are currently sent to the main thread run loop, because we
are not setting the WorkQueue main context as the default one in
the worker thread.

wtf/gtk/WorkQueueGtk.cpp:

(WTF::WorkQueue::platformInitialize): Call
g_main_context_push_thread_default() to set the WorkQueue main
context as the default of the thread before running the main loop,
and g_main_context_pop_thread_default() when the main loop quits.

1:29 AM Changeset in webkit [184172] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183788 - RenderWidget::setWidgetGeometry() can end up destroying *this*.
https://bugs.webkit.org/show_bug.cgi?id=144601

Reviewed by Andreas Kling.

This is a speculative fix to ensure we don't crash on an invalid *this* renderer
while flattening the current iframe.
Calling RenderWidget::setWidgetGeometry() can result in destroying the current renderer.
While it is not a issue in case of normal layout flow as widget positions are updated at post layout,
frame flattening initiates this action in the middle of layout.
This patch re-introduces refcount model for RenderWidgets so that the renderer is protected during layout
when frame flattening is in use.

rendering/RenderFrameBase.cpp:

(WebCore::RenderFrameBase::layoutWithFlattening): Let's be paranoid about child view.

rendering/RenderObject.cpp:

(WebCore::RenderObject::destroy):

rendering/FrameView.cpp:

(WebCore::FrameView::layout):

rendering/RenderView.h:
rendering/RenderWidget.cpp:

(WebCore::RenderWidget::~RenderWidget):

rendering/RenderWidget.h:

(WebCore::RenderWidget::ref):
(WebCore::RenderWidget::deref):

1:15 AM Changeset in webkit [184171] by Carlos Garcia Campos

6 edits
3 adds in releases/WebKitGTK/webkit-2.8

Merge r183781 - Crash at com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::createWindow + 185
https://bugs.webkit.org/show_bug.cgi?id=144597
<rdar://problem/20361579>

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/dom/Window/window-open-activeWindow-null-frame.html

In our implementation of window.open(), we make sure that the window
which window.open() is called has a frame. However, we did not have the
same check for the activeDOMWindow (i.e. the lexicalGlobalObject) causing
us to crash in WebCore::createWindow() when dereferencing it.

This patch updates WebCore::createWindow() takes a reference to the
openerFrame instead of a pointer to make it clear the implementation
expects it to be non-null. A null check is then added for the frame
at the call site: DOMWindow::createWindow().

inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

loader/FrameLoader.cpp:

(WebCore::isDocumentSandboxed):
(WebCore::FrameLoader::submitForm):
(WebCore::createWindow):
Take a reference to openerFrame instead of a pointer as the
implementation expects it to be non-null.

loader/FrameLoader.h:
page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
Add null check for activeFrame before passing it to
WebCore::createWindow().

LayoutTests:

Add a layout test to cover the case where window.open() is called on a
window that is different than the activeDOMWindow and where the
activeDOMWindow does not have a frame.

fast/dom/Window/resources/test-frame.html: Added.
fast/dom/Window/window-open-activeWindow-null-frame-expected.txt: Added.
fast/dom/Window/window-open-activeWindow-null-frame.html: Added.

1:15 AM Changeset in webkit [184170] by loki@webkit.org

2 edits in trunk/Source/JavaScriptCore

Workaround for Cortex-A53 erratum 843419
https://bugs.webkit.org/show_bug.cgi?id=144680

Reviewed by Michael Saboff.

This patch is about to give simple workaround for Cortex-A53 erratum 843419.
It inserts nops after ADRP instruction to avoid wrong address accesses.

assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::adrp):
(JSC::ARM64Assembler::nopCortexA53Fix843419):

1:06 AM Changeset in webkit [184169] by Carlos Garcia Campos

6 edits
4 adds in releases/WebKitGTK/webkit-2.8

Merge r183765 - REGRESSION (r178156): CSS Parser incorrectly rejects valid calc() in padding-right property
https://bugs.webkit.org/show_bug.cgi?id=144584
<rdar://problem/20796829>

Reviewed by Darin Adler.

Source/WebCore:

The CSS parser was rejecting calculated values at parsing time if it
considered the value was negative and the CSS property did not allow
negative values. However, doing so at this point will not always work
because we don't necessarily know the font-size yet (for e.g. for
calc(0.5em - 2px). Also, rejecting negative calculated values is not
the right behavior as the the specification. The specification says
we should clamp:
http://dev.w3.org/csswg/css-values-3/#calc-range

This patch updates validateCalculationUnit() to stop marking the value
as invalid if it is negative. Instead, let the CSSCalcValue's permitted
range clamp the value as needed.

This bug was causing the bottom graphic on aldentrio.com to not be
rendered properly.

Test: fast/css/negative-calc-values.html

fast/css/padding-calc-value.html

css/CSSParser.cpp:

(WebCore::CSSParser::validateCalculationUnit):

LayoutTests:

fast/css/negative-calc-values-expected.txt: Added.
fast/css/negative-calc-values.html: Added.

Add a layout test that assigns negative calc() values to properties
whose values cannot be negative to verify that values are clamped as
per the specification:
http://dev.w3.org/csswg/css-values-3/#calc-range

fast/css/padding-calc-value-expected.txt: Added.
fast/css/padding-calc-value.html: Added.

Add a layout test to test that using calc(.5em - 2px) for padding-right
CSS property works as intended. It used to be resolved as 0px instead
of "2*font-size - 2px".

fast/css/text-shadow-calc-value-expected.txt:
fast/css/text-shadow-calc-value.html:

Update test to match what the specification says:
http://dev.w3.org/csswg/css-values-3/#calc-range
"width: calc(5px - 10px);" is equivalent to "width: 0px;" since widths
smaller than 0px are not allowed.

1:03 AM Changeset in webkit [184168] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8

Merge r183741 - [cmake] Disable GNU Gold linker on Cortex A53
https://bugs.webkit.org/show_bug.cgi?id=144382

Reviewed by Carlos Garcia Campos.

Source/cmake/OptionsCommon.cmake:

1:00 AM Changeset in webkit [184167] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r183740 - [ARM] Don't compare unsigned chars to EOF (-1)
https://bugs.webkit.org/show_bug.cgi?id=144439

Reviewed by Geoffrey Garen.

Source/WebCore:

platform/linux/MemoryPressureHandlerLinux.cpp:

(WebKit::nextToken): Don't cast return value of fgetc() to char.

Source/WebKit2:

Shared/linux/WebMemorySamplerLinux.cpp:

(WebKit::nextToken): Don't cast return value of fgetc() to char.

12:59 AM Changeset in webkit [184166] by ryuan.choi@navercorp.com

3 edits in trunk

Linker fails without -DDEVELOPER_MODE=ON
https://bugs.webkit.org/show_bug.cgi?id=144117

Reviewed by Gyuyoung Kim.

Source/cmake/OptionsEfl.cmake:

Remove fvisibility flags. linker script will cover the functionality for ewebkit2.so in release mode,

Source/cmake/eflsymbols.filter: Updated symbol patterns which should be exposed for ewebkit2.

12:58 AM Changeset in webkit [184165] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183729 - [GTK] API tests crashing on debug builds due to extra unref
https://bugs.webkit.org/show_bug.cgi?id=144508

Reviewed by Mario Sanchez Prada.

The problem is that we were assuming that when a new DOMWindow is
created, the DOM object cache was notified about the previous
DOMWindow being destroyed before objects for the new DOMWindow are
added to the cache. However, that's not always the case and we
only create a DOMWindowObserver for the first DOMWindow. We need
to keep a pointer to the DOMWindow being observed to clear() the
cache and create a new DOMWindowObserver when it changes in the
Frame.

Fixes crashes in several unit tests in debug builds.

bindings/gobject/DOMObjectCache.cpp:

12:57 AM Changeset in webkit [184164] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r183706 - Reproducible crash removing name attribute from <img> node
<https://webkit.org/b/144371>
<rdar://problem/17198583>

Reviewed by Darin Adler.

Source/WebCore:

The problem here was with HTMLImageElement::getNameAttribute(), which relies
on Element::hasName() to avoid slow attribute lookups when the attribute
is already known not to be present. Unfortunately hasName() uses an ElementData
flag that wasn't getting updated until after the call to parseAttribute().

This patch fixes the issue by moving the code that updates the hasName() flag
before the parseAttribute() virtual dispatch.

Test: fast/dom/HTMLImageElement/remove-name-id-attribute-from-image.html

dom/Element.cpp:

(WebCore::Element::attributeChanged):

LayoutTests:

fast/dom/HTMLImageElement/remove-name-id-attribute-from-image-expected.txt: Added.
fast/dom/HTMLImageElement/remove-name-id-attribute-from-image.html: Added.

12:55 AM Changeset in webkit [184163] by Carlos Garcia Campos

12 edits
1 add in releases/WebKitGTK/webkit-2.8

Merge r183698 - Back/forward navigation to an error page in Safari breaks the back-forward list
https://bugs.webkit.org/show_bug.cgi?id=144501

Reviewed by Darin Adler.

Test: TestWebKitAPI/Tests/WebKit2Cocoa/LoadAlternateHTMLString.mm

Normally, loading substitute data (such as an error page) creates a new back-forward list
item. FrameLoader has a mechanism that detects when a substitute data load occurs during
handling of a provisional load error and prevents the creation of a new back-forwards list
item in that case if the unreachable URL is the same as the failing provisional URL. This
mechanism was broken in WebKit2, where handling the provisional load error is asynchronous.

The fix is to capture some state (namely, the failing provisional URL) when dispatching the
load error and allow it to be restored when loading the substitute data.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::FrameLoader): Removed initialization of
m_delegateIsHandlingProvisionalLoadError.
(WebCore::FrameLoader::shouldReloadToHandleUnreachableURL): Instead of checking
m_delegateIsHandlingProvisionalLoadError and if true using the provisional document loader’s
URL, check m_provisionalLoadErrorBeingHandledURL.
(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Instead of checking and setting
m_delegateIsHandlingProvisionalLoadError, use m_provisionalLoadErrorBeingHandledURL.

loader/FrameLoader.h:

(WebCore::FrameLoader::provisionalLoadErrorBeingHandledURL): Added this getter. The client
can call this from its override of dispatchDidFailProvisionalLoad and store the result.
(WebCore::FrameLoader::setProvisionalLoadErrorBeingHandledURL): Added this setter. The
client can call this prior to loading substitute data if it’s done as part of handling a
previously-dispatched didFailProvisionalLoad.

Source/WebKit2:
WebKit2 part of <rdar://problem/8636045> Back/forward navigation to an error page in Safari breaks the back-forward list
https://bugs.webkit.org/show_bug.cgi?id=144501

Reviewed by Darin Adler.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::loadAlternateHTMLString): If this is called during
didFailProvisionalLoadForFrame, send back the provisional URL captured at the time of
failure.
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame): Get the provisioinal URL and keep
it in new member variable m_failingProvisionalLoadURL for the duration of the client’s
handling of this message.

UIProcess/WebPageProxy.h:

UIProcess/WebPageProxy.messages.in: Added provisionalURL parameter to

DidFailProvisionalLoadForFrame.

WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidFailProvisionalLoad): Send the URL for this error
to the UI process.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::loadAlternateHTMLString): Temporarily restore the loader’s state to
reflect the provisional load error being handled.

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in: Added provisionalLoadErrorURL parameter to

LoadAlternateHTMLString.

12:40 AM Changeset in webkit [184162] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183648 - DOM bindings should not be using a reference type to point to a temporary object
https://bugs.webkit.org/show_bug.cgi?id=144474

Reviewed by Beth Dakin.

The DOM bindings will currently try and use a local reference to point
to a temporary object. This currently works as a by product of the compiler's
stack layout. This patch removes the dependency on undefined behaviour
by ensuring that we use a value rather than reference type.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck):
(GetNativeTypeForCallbacks):

12:35 AM Changeset in webkit [184161] by jinwoo7.song@samsung.com

5 edits in trunk/LayoutTests

[EFL] Rebaseline some editing tests

Also add some missing baselines.

platform/efl/editing/execCommand/5142012-1-expected.png:
platform/efl/editing/execCommand/5142012-1-expected.txt:
platform/efl/editing/inserting/insert-at-end-02-expected.png:
platform/efl/editing/inserting/insert-at-end-02-expected.txt:

12:16 AM Changeset in webkit [184160] by Carlos Garcia Campos

5 edits
3 adds in releases/WebKitGTK/webkit-2.8

Merge r183646 - Javascript using WebSQL can create their own WebKit info table.
<rdar://problem/20688792> and https://bugs.webkit.org/show_bug.cgi?id=144466

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/alter-to-info-table.html

Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::DatabaseBackendBase::databaseInfoTableName): Return the info table name.
(WebCore::fullyQualifiedInfoTableName): Append "main." to the info table name.
(WebCore::DatabaseBackendBase::DatabaseBackendBase): Use the fully qualified name.
(WebCore::DatabaseBackendBase::performOpenAndVerify): Ditto.
(WebCore::DatabaseBackendBase::getVersionFromDatabase): Ditto.
(WebCore::DatabaseBackendBase::setVersionInDatabase): Ditto.

LayoutTests:

storage/websql/alter-to-info-table-expected.txt: Added.
storage/websql/alter-to-info-table.html: Added.
storage/websql/alter-to-info-table.js: Added.

12:15 AM Changeset in webkit [184159] by youenn.fablet@crf.canon.fr

8 edits in trunk

[Streams API] ReadableStream reader should not be disposable when having pending promises
https://bugs.webkit.org/show_bug.cgi?id=144869

Reviewed by Darin Adler.

Source/WebCore:

Made error promise callback to take a ref to the reader so that the reader is not disposed as long as the promise callback is not resolved.

Covered by tests added to streams/readable-stream-gc.html.

Modules/streams/ReadableStreamReader.cpp:

(WebCore::ReadableStreamReader::ReadableStreamReader): Moved initialize() call outside constructor as it can ref/unref.
(WebCore::ReadableStreamReader::releaseStreamAndClean): Added protector.

Modules/streams/ReadableStreamReader.h:
bindings/js/JSReadableStreamReaderCustom.cpp:

(WebCore::JSReadableStreamReader::closed): Lambda for error now takes a ref to the reader.

bindings/js/ReadableJSStream.cpp:

(WebCore::ReadableJSStream::Reader::create): Calling initialize() after adoptRef().

LayoutTests:

streams/readable-stream-gc.html:
streams/readable-stream-gc-expected.txt:

12:12 AM Changeset in webkit [184158] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r183636 - Avoid containingBlock() calls when no writing mode flipping is needed.
https://bugs.webkit.org/show_bug.cgi?id=144407

Reviewed by Simon Fraser.

Add a bool to RenderView that indicates whether or not any flipped blocks have been
added to the view. Once tainted, the view just stays dirty forever. If no flipped
blocks are ever seen, we can then optimize away calls to containingBlock().

The motivation for this patch is to improve layer position updating, which makes many
calls to topLeftLocationOffset(), one of the functions that can be optimized by this
change.

rendering/RenderBox.cpp:

(WebCore::RenderBox::layoutOverflowRectForPropagation):

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::updateFromStyle):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):

rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::rangeIntersectsRect):

rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):

rendering/RenderView.h:

12:07 AM Changeset in webkit [184157] by Carlos Garcia Campos

2 edits
1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r183564 - Safari WebKit crash when loading Google Spreadsheet.
https://bugs.webkit.org/show_bug.cgi?id=144020

Reviewed by Filip Pizlo.

The bug is that the object allocation sinking phase did not account for a case
where a property of a sunken object is only initialized on one path and not
another. As a result, on the path where the property is not initialized, we'll
encounter an Upsilon with a BottomValue (which is not allowed by definition).

The fix is to use a JSConstant(undefined) as the bottom value instead (of
BottomValue). If the property is uninitialized, it should still be accessible
and have the value undefined.

dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

tests/stress/object-allocation-sinking-with-uninitialized-property-on-one-path.js: Added.

(foo):
(foo2):

12:03 AM Changeset in webkit [184156] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r183538 - Fix crash in WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock().
https://bugs.webkit.org/show_bug.cgi?id=140261

Patch by Hyungwook Lee <hyungwook.lee@navercorp.com> on 2015-04-29
Reviewed by Darin Adler.

Source/WebCore:

We need to check whether RenderObject is valid in RenderView::fooSubtreeSelection functions
because invalid object has caused a crash. This patch adds isValidObjectForNewSelection(), and use it.

rendering/RenderView.cpp:

(WebCore::isValidObjectForNewSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

LayoutTests:

editing/execCommand/crash-140261-expected.txt: Added.
editing/execCommand/crash-140261.html: Added.

12:01 AM Changeset in webkit [184155] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r183504 - Properly reset deleted count when clearing HashTables.
https://bugs.webkit.org/show_bug.cgi?id=144343

Reviewed by Andreas Kling.

wtf/HashTable.h:

(WTF::KeyTraits>::clear):
Reset m_deletedCount, which appears to have been forgotten.

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed