Timeline



May 17, 2015:

11:31 PM Changeset in webkit [184449] by Carlos Garcia Campos
  • 8 edits
    1 copy in trunk/Source/WebKit2

Network Cache: Make Data::adoptMap take the ownership of the file descriptor
https://bugs.webkit.org/show_bug.cgi?id=144950

Reviewed by Antti Koivisto.

It will be required to implement ShareableResource for soup
network backend. Also move the common code of Data to a common
file and add mapToFile(). The mapFile version that receives a file
descriptor has been renamed to adoptAndMapFile().

  • CMakeLists.txt: Add new file to compilation.
  • NetworkProcess/cache/NetworkCacheBlobStorage.cpp:

(WebKit::NetworkCache::BlobStorage::add): Use mapToFile().

  • NetworkProcess/cache/NetworkCacheData.cpp: Added.

(WebKit::NetworkCache::Data::mapToFile): Write the data to the
given file and map it.
(WebKit::NetworkCache::mapFile):
(WebKit::NetworkCache::adoptAndMapFile):
(WebKit::NetworkCache::computeSHA1):
(WebKit::NetworkCache::bytesEqual):

  • NetworkProcess/cache/NetworkCacheData.h:
  • NetworkProcess/cache/NetworkCacheDataCocoa.mm:

(WebKit::NetworkCache::Data::adoptMap): Close the file descriptor.

  • NetworkProcess/cache/NetworkCacheDataSoup.cpp:

(WebKit::NetworkCache::Data::Data): Use a constructor that
receives a file descriptor instead of the one receiving
Backing. If the file descriptor is not -1 then the Data is a map.
(WebKit::NetworkCache::MapWrapper::~MapWrapper): Also close the
file descriptor.
(WebKit::NetworkCache::Data::adoptMap): Pass the file descriptor
to the MapWrapper and create the Data passing the file descriptor.

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::openAndMapContentExtension): Use mapFile that receives a
file path.
(API::compiledToFile): Use adoptAndMapFile() and don't close the
descriptor.

11:26 PM Changeset in webkit [184448] by benjamin@webkit.org
  • 6 edits in trunk/Source

Do not use fastMallocGoodSize anywhere
https://bugs.webkit.org/show_bug.cgi?id=145103

Reviewed by Michael Saboff.

Source/JavaScriptCore:

  • assembler/AssemblerBuffer.h:

(JSC::AssemblerData::AssemblerData):
(JSC::AssemblerData::grow):

Source/WTF:

It is silly we see fastMallocGoodSize in profiles, it does absolutely nothing.

This patch keeps fastMallocGoodSize() around for older code linking
with newer WebKit, but remove any use of it inside WebKit.

  • wtf/FastMalloc.cpp:

(WTF::fastMallocGoodSize):

  • wtf/FastMalloc.h:
  • wtf/Vector.h:

(WTF::VectorBufferBase::allocateBuffer):
(WTF::VectorBufferBase::tryAllocateBuffer):
(WTF::VectorBufferBase::reallocateBuffer):

11:23 PM Changeset in webkit [184447] by benjamin@webkit.org
  • 4 edits
    3 adds in trunk

[JSC] Make StringRecursionChecker faster in the simple cases without any recursion
https://bugs.webkit.org/show_bug.cgi?id=145102

Reviewed by Darin Adler.

Source/JavaScriptCore:

In general, the array targeted by Array.toString() or Array.join() are pretty
simple. In those simple cases, we spend as much time in StringRecursionChecker
as we do on the actual operation.

The reason for this is the HashSet stringRecursionCheckVisitedObjects used
to detect recursion. We are constantly adding and removing objects which
dirty buckets and force constant rehash.

This patch adds a simple shortcut for those simple case: in addition to the HashSet,
we keep a pointer to the root object of the recursion.
In the vast majority of cases, we no longer touch the HashSet at all.

This patch is a 12% progression on the overall score of ArrayWeighted.

  • runtime/StringRecursionChecker.h:

(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::~StringRecursionChecker):

  • runtime/VM.h:

LayoutTests:

Improve the coverage a tiny bit.

  • js/array-string-recursion-expected.txt: Added.
  • js/array-string-recursion.html: Added.
  • js/script-tests/array-string-recursion.js: Added.
11:16 PM Changeset in webkit [184446] by Manuel Rego Casasnovas
  • 3 edits
    2 adds in trunk

[CSS Grid Layout] Add scrollbar width in intrinsic logical widths computation
https://bugs.webkit.org/show_bug.cgi?id=145021

Source/WebCore:

Like for flexboxes we've to take into account the scrollbar logical
width while computing the intrinsic min and max logical widths.

Reviewed by Sergio Villar Senin.

Test: fast/css-grid-layout/compute-intrinsic-widths-scrollbar.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeIntrinsicLogicalWidths): Add scrollbar
logical width.

LayoutTests:

Reviewed by Sergio Villar Senin.

  • fast/css-grid-layout/compute-intrinsic-widths-scrollbar-expected.txt: Added.
  • fast/css-grid-layout/compute-intrinsic-widths-scrollbar.html: Added.
8:39 PM Changeset in webkit [184445] by fpizlo@apple.com
  • 12 edits
    4 adds
    2 deletes in trunk/Source/JavaScriptCore

Insert store barriers late so that IR transformations don't have to worry about them
https://bugs.webkit.org/show_bug.cgi?id=145015

Reviewed by Geoffrey Garen.

We have had three kinds of bugs with store barriers. For the sake of discussion we say
that a store barrier is needed when we have something like:

base.field = value


  • We sometimes fail to realize that we could remove a barrier when value is a non-cell. This might happen if we prove value to be a non-cell even though in the FixupPhase it wasn't predicted non-cell.


  • We sometimes have a barrier in the wrong place after object allocation sinking. We might sink an allocation to just above the store, but that puts it just after the StoreBarrier that FixupPhase inserted.


  • We don't remove redundant barriers across basic blocks.


This comprehensively fixes these issues by doing store barrier insertion late, and
removing the store barrier elision phase. Store barrier insertion uses an epoch-based
algorithm to determine when stores need barriers. Briefly, a barrier is not needed if
base is in the current GC epoch (i.e. was the last object that we allocated or had a
barrier since last GC) or if base has a newer GC epoch than value (i.e. value would have
always been allocated before base). We do conservative things when merging epoch state
between basic blocks, and we only do such inter-block removal in the FTL. FTL also
queries AI to determine what type we've proved about value, and avoids barriers when
value is not a cell. FixupPhase still inserts type checks on some stores, to maximize
the likelihood that this AI-based removal is effective.

Rolling back in after fixing some debug build test failures.

(JSC::DFG::BlockMap::at):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):

  • dfg/DFGEpoch.h:

(JSC::DFG::Epoch::operator<):
(JSC::DFG::Epoch::operator>):
(JSC::DFG::Epoch::operator<=):
(JSC::DFG::Epoch::operator>=):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::speculateForBarrier):
(JSC::DFG::FixupPhase::insertStoreBarrier): Deleted.

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGStoreBarrierElisionPhase.cpp: Removed.
  • dfg/DFGStoreBarrierElisionPhase.h: Removed.
  • dfg/DFGStoreBarrierInsertionPhase.cpp: Added.

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

  • dfg/DFGStoreBarrierInsertionPhase.h: Added.
  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR): Fix an unrelated debug-only bug.

  • tests/stress/load-varargs-then-inlined-call-and-exit.js: Test for that debug-only bug.
  • tests/stress/load-varargs-then-inlined-call-and-exit-strict.js: Strict version of that test.
11:44 AM Changeset in webkit [184444] by youenn.fablet@crf.canon.fr
  • 10 edits in trunk/Source/WebCore

[Streams API] Delegate ReadableStreamReader reference counting to ReadableStream
https://bugs.webkit.org/show_bug.cgi?id=144907

Reviewed by Darin Adler.

Changed the link between readadable stream and reader.
Controller ref()/deref() now increments/decrements its stream ref counter, similarly to ReadableStreamController.
This ensures that even if JS scripts do not keep track of the readable stream,
the readable stream will not be disposed as long as the JS script has access to its reader.

All readers of a given stream are kept by the stream, either in an array (for released readers)
or and in ReadableStream::m_reader for the active reader.
This removes the need for the code synchronizing stream and reader.

As a reader can now already count on its stream, the reader no longer needs to store the error in errored state.
Removal of ReadableJSStream::Reader as closed promise rejection error is directly retrieved from the ReadableStream.
Moved the creation of reader directly in ReadableStream.

Next step should be to remove ReadableStreamReader::m_state and to delegate the handling of ReadableStreamReader closed promise callbacks to ReadableStream.

No change in behavior.

  • Modules/streams/ReadableStream.cpp:

(WebCore::ReadableStream::changeStateToClosed):
(WebCore::ReadableStream::changeStateToErrored):
(WebCore::ReadableStream::getReader):

  • Modules/streams/ReadableStream.h:

(WebCore::ReadableStream::reader):

  • Modules/streams/ReadableStreamReader.cpp:

(WebCore::ReadableStreamReader::clean):
(WebCore::ReadableStreamReader::ref):
(WebCore::ReadableStreamReader::deref):
(WebCore::ReadableStreamReader::closed):
(WebCore::ReadableStreamReader::changeStateToClosed):
(WebCore::ReadableStreamReader::changeStateToErrored):

  • Modules/streams/ReadableStreamReader.h:

(WebCore::ReadableStreamReader::ReadableStreamReader):

  • Modules/streams/ReadableStreamReader.idl:
  • bindings/js/JSReadableStreamCustom.cpp:

(WebCore::JSReadableStream::getReader):

  • bindings/js/JSReadableStreamReaderCustom.cpp:

(WebCore::JSReadableStreamReader::closed):
(WebCore::constructJSReadableStreamReader):

  • bindings/js/ReadableJSStream.cpp:

(WebCore::ReadableJSStream::storeError):
(WebCore::ReadableJSStream::ReadableJSStream): Deleted.

  • bindings/js/ReadableJSStream.h:
10:39 AM Changeset in webkit [184443] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Crash when uploading huge files to YouTube or Google Drive
https://bugs.webkit.org/show_bug.cgi?id=145083
rdar://problem/15468529

Reviewed by Darin Adler.

This fixes the crash, but uploading will fail.

  • fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::start): Tell SubresourceLoader to not store a copy of
all received data, FileReaderLoader has its own buffer.
(WebCore::FileReaderLoader::didReceiveResponse): Fixed a bounds check - not every
64-bit value that doesn't fit into 32 bits is negative. With this, FileReader fails
on huge files right away, as intended.
(WebCore::FileReaderLoader::didReceiveData): Fixed multiple bugs in code that's
executed when size is not available upfront. This is the code that used to crash,
but with the above fix, it's not executed by YouTube.
Not only overflow was handled incorrectly, but even simply growing a buffer for
append was buggy.

10:36 AM Changeset in webkit [184442] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

bisect-builds: Add 'retry' option when prompting whether the bug reproduced
<http://webkit.org/b/145100>

Reviewed by Darin Adler.

  • Scripts/bisect-builds:
  • Add PROMPT_ANSWER_* constants for yes/no/retry/broken prompt.
  • Switch to using PROMPT_RESPONSE_* constants when testing the value of $didReproduceBug.
  • Add do { } while loops to implement 'retry' mode.

(promptForTest):

  • Switch to returning PROMPT_RESPONSE_* constants.
  • Add support for 'retry' response.

May 16, 2015:

5:24 PM Changeset in webkit [184441] by aestes@apple.com
  • 7 edits in trunk/Source/WebKit2

[iOS] WKPDFView should not follow javascript: links
https://bugs.webkit.org/show_bug.cgi?id=145101

Reviewed by Dan Bernstein.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::navigateToPDFLinkWithSimulatedClick): Returned early if url's protocol is javascript:.
(WebKit::WebPageProxy::navigateToURLWithSimulatedClick): Renamed to navigateToPDFLinkWithSimulatedClick to
reflect that this function is exclusively for following PDF links.

  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WKPDFView.mm:

(-[WKPDFView annotation:wasTouchedAtPoint:controller:]):
(-[WKPDFView actionSheetAssistant:openElementAtLocation:]):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::navigateToPDFLinkWithSimulatedClick): Renamed from navigateToURLWithSimulatedClick.
(WebKit::WebPage::navigateToURLWithSimulatedClick): Renamed to navigateToPDFLinkWithSimulatedClick.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
4:24 PM Changeset in webkit [184440] by Alan Bujtas
  • 3 edits
    4 adds in trunk

REGRESSION (Subpixel): Dashed underline is missing when box is positioned at subpixels.
https://bugs.webkit.org/show_bug.cgi?id=145097
rdar://problem/18588415

Reviewed by Simon Fraser.

Dashed and dotted border painting needs clipping in order to properly display corners.
Similarly to solid border's quad calculation, we pixelsnap the border positions before computing the clipping quad values.

Source/WebCore:

Test: fast/borders/dashed-border-on-subpixel-position.html

fast/borders/dotted-border-on-subpixel-position.html

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::clipBorderSidePolygon):

LayoutTests:

  • fast/borders/dashed-border-on-subpixel-position-expected.html: Added.
  • fast/borders/dashed-border-on-subpixel-position.html: Added.
  • fast/borders/dotted-border-on-subpixel-position-expected.html: Added.
  • fast/borders/dotted-border-on-subpixel-position.html: Added.
4:00 PM Changeset in webkit [184439] by Brent Fulgham
  • 4 edits in trunk/Source/WebKit2

[iOS] Remote scrolling tree needs to coordinate scroll snap state during resize/rotations
https://bugs.webkit.org/show_bug.cgi?id=145059
<rdar://problem/20975978>

Reviewed by Simon Fraser.

The web view needs to update its scroll snap point offsets to take into account any
adjustments to the view size caused by content insets. We also need to update the
offstes after device rotation.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView scrollViewWillEndDragging:withVelocity:targetContentOffset:]): Retrieve the proper
computed content inset for the view and incorporate into any scroll snap point adjustments.
(-[WKWebView _updateVisibleContentRects]): If we have active scroll snap points,

  • UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
  • UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::adjustTargetContentOffsetForSnapping): Update to account
for content inset.
(WebKit::RemoteScrollingCoordinatorProxy::shouldSnapForMainFrameScrolling): Also validate that the
active index is valid.
(WebKit::RemoteScrollingCoordinatorProxy::closestSnapOffsetForMainFrameScrolling): Update to track
current active snap offset index.
(WebKit::RemoteScrollingCoordinatorProxy::hasActiveSnapPoint): Added.
(WebKit::RemoteScrollingCoordinatorProxy::nearestActiveSnapPoint): Added. It calculates the proper
scroll position incorporating any snap point and content insets.

2:01 PM Changeset in webkit [184438] by commit-queue@webkit.org
  • 11 edits
    1 move
    1 add
    1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184415.
https://bugs.webkit.org/show_bug.cgi?id=145096

Broke several tests (Requested by msaboff on #webkit).

Reverted changeset:

"Insert store barriers late so that IR transformations don't
have to worry about them"
https://bugs.webkit.org/show_bug.cgi?id=145015
http://trac.webkit.org/changeset/184415

1:00 PM Changeset in webkit [184437] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Remove styleText() and applyStyleText() from InspectorStyle.
https://bugs.webkit.org/show_bug.cgi?id=145093

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-16
Reviewed by Darin Adler.

styleText() and applyStyleText() in InspectorStyle are private aliases for the public
accessors in the same class but are rarely used. I think it would be better off removing
these aliases and updating all the current call sites to use the public accessors directly
as noted in InspectorStyleSheet.h.

No new tests, no behavior change.

  • inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyle::populateAllProperties):

  • inspector/InspectorStyleSheet.h:
12:57 PM Changeset in webkit [184436] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Remove MessageType variant of addMessageToConsole() from ChromeClient.
https://bugs.webkit.org/show_bug.cgi?id=145095

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-16
Reviewed by Darin Adler.

All addMessageToConsole() in ChromeClient are exactly the same thing.
So there is no reason to keep all this methods.

No new tests, no behavior change.

  • page/ChromeClient.h:
  • page/PageConsoleClient.cpp:

(WebCore::PageConsoleClient::messageWithTypeAndLevel):

11:16 AM Changeset in webkit [184435] by weinig@apple.com
  • 12 edits
    1 copy
    2 adds in trunk

Add getElementById to DocumentFragment
https://bugs.webkit.org/show_bug.cgi?id=145094

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Match the latest DOM standard and other browsers by adding getElementById
to DocumentFragment in addition to Document and SVGSVGElement. Add NonElementParentNode
interface that the DOM standard defines.

Test: fast/dom/DocumentFragment/getElementById.html

  • DerivedSources.make:
  • WebCore.xcodeproj/project.pbxproj:

Add NonElementParentNode.idl

  • dom/Document.idl:

Mark Document as implementing NonElementParentNode and remove now redundant getElementById
declaration.

  • dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::getElementById):

  • dom/DocumentFragment.h:

Add implementation of getElementById for DocumentFragments. Add a fast path for ShadowRoots
which can take advantage of the fact that they are TreeScopes to use the elements by id cache
in TreeScrope.

  • dom/DocumentFragment.idl:

Mark DocumentFragment as implementing NonElementParentNode.

  • dom/NonElementParentNode.idl: Copied from Source/WebCore/dom/NonDocumentTypeChildNode.idl.

Added.

  • svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::getElementById):

  • svg/SVGSVGElement.h:
  • svg/SVGSVGElement.idl:

Convert to taking an AtomicString to match other getElementByIds.

LayoutTests:

  • fast/dom/DocumentFragment/getElementById-expected.txt: Added.
  • fast/dom/DocumentFragment/getElementById.html: Added.
6:53 AM Changeset in webkit [184434] by Antti Koivisto
  • 11 edits
    2 adds in trunk

When redirecting to data URL use HTTP response for same origin policy checks
https://bugs.webkit.org/show_bug.cgi?id=145054
rdar://problem/20299050

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Test: http/tests/security/canvas-remote-read-data-url-image-redirect.html

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::notifyFinished):

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::sanitizeScriptError):

  • html/canvas/CanvasRenderingContext.cpp:

(WebCore::CanvasRenderingContext::wouldTaintOrigin):

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::notifyFinished):

  • loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::responseReceived):

  • loader/TextTrackLoader.cpp:

(WebCore::TextTrackLoader::notifyFinished):

  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::isOriginClean):

  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::passesAccessControlCheck):
(WebCore::CachedResource::passesSameOriginPolicyCheck):

Factor repeatedly used same origin policy test into a function.

(WebCore::CachedResource::redirectReceived):

When redirecting to a data URL save the redirect response.

(WebCore::CachedResource::responseForSameOriginPolicyChecks):

In case we got redirected to data use that response instead of the final data response for policy checks.

  • loader/cache/CachedResource.h:

LayoutTests:

  • http/tests/security/canvas-remote-read-data-url-image-redirect-expected.txt: Added.
  • http/tests/security/canvas-remote-read-data-url-image-redirect.html: Added.
12:52 AM Changeset in webkit [184433] by jonlee@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] wireless playback picker button is drawn incorrectly
https://bugs.webkit.org/show_bug.cgi?id=145057
rdar://problem/20877518

Reviewed by Jer Noble.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessTargetPickerButton): This method is
defined in Controller, but is only meant to run on Macs. Override it with
an empty function for iOS.

12:11 AM Changeset in webkit [184432] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[EFL][WK2] Minibrowser : Add search icon to search bar
https://bugs.webkit.org/show_bug.cgi?id=139773

Patch by Tanay C <tanay.c@samsung.com> on 2015-05-16
Reviewed by Gyuyoung Kim.

  • MiniBrowser/efl/main.c:

(search_icon_show): Added.
(search_box_show): Modified.

May 15, 2015:

11:42 PM Changeset in webkit [184431] by rniwa@webkit.org
  • 3 edits in trunk/Tools

run_benchmark should have an option to specify the number of runs
https://bugs.webkit.org/show_bug.cgi?id=145091

Reviewed by Stephanie Lewis.

Added --count option.

  • Scripts/run-benchmark:

(main):

  • Scripts/webkitpy/benchmark_runner/benchmark_runner.py:

(BenchmarkRunner.init):

9:24 PM Changeset in webkit [184430] by Simon Fraser
  • 4 edits
    2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

Re-land r184421 with a fix to check against rects.coverageRect
rather than the stale m_coverageRect.

Test: compositing/visible-rect/backing-change-height-from-zero.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump):

LayoutTests:

Re-land.

  • compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
  • compositing/visible-rect/backing-change-height-from-zero.html: Added.
8:47 PM Changeset in webkit [184429] by Matt Baker
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: empty timeline should not use previous timeline's zoom interval
https://bugs.webkit.org/show_bug.cgi?id=132754

Reviewed by Joseph Pecoraro.

When a timeline recording is started in response to a provisional load, TimelineManager should check whether
the main resource url is changing before loading a new timeline recording. If the main resource is changing,
set the selection start, selection duration, and duration-per-pixel settings of the TimelineOverview to their
default values.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager):
(WebInspector.TimelineManager.prototype.isCapturingPageReload):
(WebInspector.TimelineManager.prototype.capturingStopped):
(WebInspector.TimelineManager.prototype.pageDidLoad):
(WebInspector.TimelineManager.prototype._startAutoCapturing):
Added a property for checking whether auto capture was triggered by a page reload.

  • UserInterface/Views/LinearTimelineOverview.js:

(WebInspector.LinearTimelineOverview):
Increase default selection time to 15 seconds.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
Reset selection and zoom if TimelineManager isn't capturing in response to a page reload.

(WebInspector.TimelineOverview.prototype.reset):
Reset selection and zoom.

(WebInspector.TimelineOverview.prototype._timeRangeSelectionChanged):
(WebInspector.TimelineOverview.prototype._resetSelection):
Added a helper function for resetting selection and zoom to their default values.

8:46 PM Changeset in webkit [184428] by Matt Baker
  • 2 edits in trunk/Source/WebCore

Web Inspector: REGRESSION (r181625): Timeline recording started from console.profile is always empty
https://bugs.webkit.org/show_bug.cgi?id=144882

Reviewed by Joseph Pecoraro.

A timeline recording will always be stopped before the end of the current run loop is observed. Before
dispatching the recording stopped event, any events that are currently in progress should be considered
complete and sent to the frontend.

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStop):

8:00 PM Changeset in webkit [184427] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Timeline data grid displays wrong records after switching between Timelines/Frames mode
https://bugs.webkit.org/show_bug.cgi?id=145084

Reviewed by Timothy Hatcher.

Update timeline sidebar filter whenever the view mode changes.

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if.get if):
(WebInspector.TimelineSidebarPanel.get else):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject):

7:31 PM Changeset in webkit [184426] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Bump image format number to force image regeneration
https://bugs.webkit.org/show_bug.cgi?id=145074

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Base/ImageUtilities.js:
7:24 PM Changeset in webkit [184425] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Don't reset the preview recognizer in [WKContentViewInteraction cleanupInteraction]
https://bugs.webkit.org/show_bug.cgi?id=145081

We shouldn't reset the recognizer in [WKContentViewInteraction cleanupInteraction] since we don't re-add it
back to WKContentView when the process relaunched. Since we already add/remove it when the view is move into/
removed from the window, we don't need reset it in cleanupInteraction.

Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2015-05-15
Reviewed by Dan Bernstein.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView cleanupInteraction]):

6:46 PM Changeset in webkit [184424] by mmaxfield@apple.com
  • 1 edit
    2 adds in trunk/LayoutTests

Test the interaction between font-family and font-weight
https://bugs.webkit.org/show_bug.cgi?id=145078

Reviewed by Dean Jackson.

This test is designed to test the interaction between font-family and font-weight. In particular,
our implementation of font-family accepts PostScript names, which may name a font with a particular
weight. However, there is another CSS property, font-weight, in which the author may also name a
particular weight. Our font selection algorithm takes both of these signals into account when
choosing fonts.

There is currently no good way in JavaScript to find the actual font chosen for some text.
Therefore, the best way to test this aspect of the font selection algorithm is to dump the render
tree, therefore testing glyph advances (which are a property of font weight).

  • platform/mac/fast/text/font-weights-expected.txt: Added.
  • platform/mac/fast/text/font-weights.html: Added.
6:37 PM Changeset in webkit [184423] by commit-queue@webkit.org
  • 4 edits
    2 deletes in trunk

Unreviewed, rolling out r184421.
https://bugs.webkit.org/show_bug.cgi?id=145087

Introduced 42 layout test failures (Requested by rniwa on
#webkit).

Reverted changeset:

"REGRESSION (r183300): Background missing on top links on
apple.com"
https://bugs.webkit.org/show_bug.cgi?id=145079
http://trac.webkit.org/changeset/184421

5:21 PM Changeset in webkit [184422] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r181910): WKWebView incorrectly scales snapshot
https://bugs.webkit.org/show_bug.cgi?id=145076

Patch by James Savage <James Savage> on 2015-05-15
Reviewed by Tim Horton.

We added a fast path to snapshotting using IOSurfaces with
http://trac.webkit.org/changeset/181910 which incorrectly determined
scale and transform and resulted in bad snapshots in some situations.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _snapshotRect:intoImageOfWidth:completionHandler:]):
When snapshotting an IOSurface we need to compute our scale based off of
the rect in the WKWebView coordinates, we also failed to account for
non-zero origins in the snapshot rect. Remove an unused varible while
we're here.

4:29 PM Changeset in webkit [184421] by Simon Fraser
  • 4 edits
    2 adds in trunk

REGRESSION (r183300): Background missing on top links on apple.com
https://bugs.webkit.org/show_bug.cgi?id=145079
rdar://problem/20914252

Reviewed by Tim Horton.

Source/WebCore:

GraphicsLayerCA::setVisibleAndCoverageRects() only set the m_intersectsCoverageRect
flag if the coverage rect changed, but it doesn't if you simply change the size of
the layer.

Instead, always re-evaluate the intersection, and set the CoverageRectChanged bit
if it changes.

Test: compositing/visible-rect/backing-change-height-from-zero.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::shouldSkipLayerInDump): Don't skip any layers in a
debug layer dump, to assist debugging.

LayoutTests:

Composited box that toggles to a non-zero height and dumps layers.

  • compositing/visible-rect/backing-change-height-from-zero-expected.txt: Added.
  • compositing/visible-rect/backing-change-height-from-zero.html: Added.
3:55 PM Changeset in webkit [184420] by weinig@apple.com
  • 13 edits
    2 adds in trunk

Move HTMLElement's children property to ParentNode
https://bugs.webkit.org/show_bug.cgi?id=145072

Reviewed by Chris Dumez.

Source/WebCore:

Match the latest DOM standard and other browsers by moving the children property
to ParentNode, thus exposing it on Element, Document and DocumentFragment.

Test: fast/dom/ParentNode-children.html

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::children):
Moved implementation from HTMLElement to here.

(WebCore::ContainerNode::ensureCachedHTMLCollection):
(WebCore::ContainerNode::cachedHTMLCollection):
Moved implementation from Element to here so that ContainerNode::children
can use it.

(WebCore::ContainerNode::firstElementChild):
(WebCore::ContainerNode::lastElementChild):
(WebCore::ContainerNode::childElementCount):
Remove unnecessary assertions.

  • dom/ContainerNode.h:

Moved declarations from HTMLElement and Element to here.

  • dom/Element.cpp:

(WebCore::Element::ensureCachedHTMLCollection): Deleted.
(WebCore::Element::cachedHTMLCollection): Deleted.

  • dom/Element.h:

Moved to ContainerNode.

  • dom/Node.cpp:

(WebCore::Node::previousElementSibling):
(WebCore::Node::nextElementSibling):
Remove unnecessary assertions.

  • dom/ParentNode.idl:

Moved the children property here from HTMLElement.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::children): Deleted.

  • html/HTMLElement.h:

Moved to ContainerNode.

  • html/HTMLElement.idl:

Get rid of the children property for all bindings except Objective-C which needs
to keep it to avoid changing the public API.

LayoutTests:

  • fast/dom/ParentNode-children-expected.txt: Added.
  • fast/dom/ParentNode-children.html: Added.

Test children on Element, Document and DocumentFragment.

  • fast/dom/xmlserializer-serialize-to-string-exception-expected.txt:

Update results since document.children is no longer undefined.

  • js/dom/dom-static-property-for-in-iteration-expected.txt:

Update results.

3:10 PM WindowsWithoutCygwin edited by mmaxfield@apple.com
(diff)
2:59 PM Changeset in webkit [184419] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

WebCore ASan debug build fails. ERROR: WebCore has a weak external symbol in it.
https://bugs.webkit.org/show_bug.cgi?id=145070

Reviewed by David Kilzer.

Build fix.

  • Configurations/WebCore.unexp:
2:36 PM Changeset in webkit [184418] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Reduce type annotation update frequency
https://bugs.webkit.org/show_bug.cgi?id=145066

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Controllers/TypeTokenAnnotator.js:

Reduce the frequency which could commonly be 16-24ms
to a minimum of 100ms and maximum of 2000ms.

2:31 PM Changeset in webkit [184417] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Prefix force on MouseEvent and add constants for click and force click values
https://bugs.webkit.org/show_bug.cgi?id=145065
-and corresponding-
rdar://problem/20770052

Reviewed by Tim Horton.

(WebCore::MouseEvent::webkitForce):

  • dom/MouseEvent.idl:
2:30 PM Changeset in webkit [184416] by jer.noble@apple.com
  • 8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

  • html/HTMLMediaElement.h:
  • rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

  • rendering/RenderMedia.h:

Drive-by fixes:

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

2:11 PM Changeset in webkit [184415] by fpizlo@apple.com
  • 11 edits
    2 adds
    2 deletes in trunk/Source/JavaScriptCore

Insert store barriers late so that IR transformations don't have to worry about them
https://bugs.webkit.org/show_bug.cgi?id=145015

Reviewed by Geoffrey Garen.

We have had three kinds of bugs with store barriers. For the sake of discussion we say
that a store barrier is needed when we have something like:

base.field = value


  • We sometimes fail to realize that we could remove a barrier when value is a non-cell. This might happen if we prove value to be a non-cell even though in the FixupPhase it wasn't predicted non-cell.


  • We sometimes have a barrier in the wrong place after object allocation sinking. We might sink an allocation to just above the store, but that puts it just after the StoreBarrier that FixupPhase inserted.


  • We don't remove redundant barriers across basic blocks.


This comprehensively fixes these issues by doing store barrier insertion late, and
removing the store barrier elision phase. Store barrier insertion uses an epoch-based
algorithm to determine when stores need barriers. Briefly, a barrier is not needed if
base is in the current GC epoch (i.e. was the last object that we allocated or had a
barrier since last GC) or if base has a newer GC epoch than value (i.e. value would have
always been allocated before base). We do conservative things when merging epoch state
between basic blocks, and we only do such inter-block removal in the FTL. FTL also
queries AI to determine what type we've proved about value, and avoids barriers when
value is not a cell. FixupPhase still inserts type checks on some stores, to maximize
the likelihood that this AI-based removal is effective.

(JSC::DFG::BlockMap::at):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):

  • dfg/DFGEpoch.h:

(JSC::DFG::Epoch::operator<):
(JSC::DFG::Epoch::operator>):
(JSC::DFG::Epoch::operator<=):
(JSC::DFG::Epoch::operator>=):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::speculateForBarrier):
(JSC::DFG::FixupPhase::insertStoreBarrier): Deleted.

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGStoreBarrierElisionPhase.cpp: Removed.
  • dfg/DFGStoreBarrierElisionPhase.h: Removed.
  • dfg/DFGStoreBarrierInsertionPhase.cpp: Added.

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

  • dfg/DFGStoreBarrierInsertionPhase.h: Added.
2:10 PM Changeset in webkit [184414] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[ARM64] Do not fail branchConvertDoubleToInt32 when the result is zero and not negative zero
https://bugs.webkit.org/show_bug.cgi?id=144976

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-05-15
Reviewed by Michael Saboff.

Failing the conversion on zero is pretty dangerous as we discovered on x86.

This patch does not really impact performance significantly because
r184220 removed the zero checks from Kraken. This patch is just to be
on the safe side for cases not covered by existing benchmarks.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):

1:48 PM Changeset in webkit [184413] by achristensen@apple.com
  • 5 edits in trunk/Source

[Content Extensions] Fail to load old content extension files
https://bugs.webkit.org/show_bug.cgi?id=145027

Reviewed by Eric Carlson.

Source/WebCore:

  • contentextensions/DFABytecode.h:

Source/WebKit2:

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::openAndMapContentExtension):

  • UIProcess/API/APIUserContentExtensionStore.h:
1:47 PM Changeset in webkit [184412] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Remove unnecessary forward declarations in PropertyNameArray.h.
https://bugs.webkit.org/show_bug.cgi?id=145058

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Andreas Kling.

No new tests, no behavior change.

  • runtime/PropertyNameArray.h:
1:47 PM Changeset in webkit [184411] by commit-queue@webkit.org
  • 11 edits in trunk/Source/WebInspectorUI

Web Inspector: Fix some possible event listener leakers in content views
https://bugs.webkit.org/show_bug.cgi?id=145068

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

Now that some content views can be closed that weren't closable before, ensure
we clean up after global event listeners that may strongly reference "this".

  • UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView.prototype.closed):

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline.prototype.close):

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView.prototype.closed):

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView.prototype.closed):

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView.prototype.closed):

  • UserInterface/Views/ScriptContentView.js:

(WebInspector.ScriptContentView.prototype.closed):

  • UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView.prototype.closed):

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.close):

  • UserInterface/Views/TextResourceContentView.js:

(WebInspector.TextResourceContentView.prototype.closed):

  • UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid.prototype.closed):
(WebInspector.TimelineDataGrid.prototype.handleEvent):

1:45 PM Changeset in webkit [184410] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Initiator Popovers no longer work in Layout Timeline
https://bugs.webkit.org/show_bug.cgi?id=145067

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-15
Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayoutTimelineDataGrid.js:

(WebInspector.LayoutTimelineDataGrid.prototype.callFramePopoverAnchorElement):
Update the column name, which changed in r183134.

1:45 PM Changeset in webkit [184409] by timothy_horton@apple.com
  • 2 edits in trunk/Tools

Temporarily disable failing API test.

  • TestWebKitAPI/Tests/WebKit2ObjC/ActionMenus.mm:

(TestWebKitAPI::TEST):

1:21 PM Changeset in webkit [184408] by rniwa@webkit.org
  • 4 edits in branches/safari-600.7-branch/Tools

Merge r182018 and r181280.

2015-03-26 Jer Noble <jer.noble@apple.com>

Add --allowed-host support to run-webkit-tests
https://bugs.webkit.org/show_bug.cgi?id=142938

Reviewed by Brent Fulgham.

Accept --allowed-host arguments from run-webkit-tests and pass them through to
DumpRenderTree and WebKitTestRunner.

Drive-by fix: Depending on the value of the --layout-test-dir parameter, layout test results
are placed in the wrong location. The argument is compared with each tests's path, and if a
relative path or a path with '..' was used, results are placed alongside the test. Take the
absolute path of the --layout-test-dir argument, collapsing path components like '..'.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
  • Scripts/webkitpy/port/base.py: (Port.init): (Port.allowed_hosts):
  • Scripts/webkitpy/port/driver.py: (Driver.cmd_line):

2015-03-06 Jer Noble <jer.noble@apple.com>

Add an option to run-webkit-tests to override the LayoutTests/ directory
https://bugs.webkit.org/show_bug.cgi?id=142418

Reviewed by David Kilzer.

Add an arugment to run-webkit-tests which, when set, overrides the port's default LayoutTests
directory. The base port will parse the options during initialization and store the override
location if present. layout_tests_dir() will return this overridden location if set.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py: (parse_args):
  • Scripts/webkitpy/port/base.py: (Port.init): (Port.layout_tests_dir):
1:02 PM Changeset in webkit [184407] by mark.lam@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

JSArray::setLength() should reallocate instead of zero-filling if the reallocation would be small enough.
https://bugs.webkit.org/show_bug.cgi?id=144622

Reviewed by Geoffrey Garen.

When setting the array to a new length that is shorter, we now check if it is worth
just making a new butterfly instead of clearing out the slots in the old butterfly
that resides beyond the new length. If so, we will make a new butterfly instead.

There is no perf differences in the benchmark results. However, this does benefit
the perf of pathological cases where we need to shorten the length of a very large
array, as is the case in tests/mozilla/js1_5/Array/regress-101964.js. With this
patch, we can expect that test to complete in a short time again.

  • runtime/JSArray.cpp:

(JSC::JSArray::setLength):

  • runtime/JSObject.cpp:

(JSC::JSObject::reallocateAndShrinkButterfly):

  • makes a new butterfly with a new shorter length.
  • runtime/JSObject.h:
  • tests/mozilla/js1_5/Array/regress-101964.js:
  • Undo this test change since this patch will prevent us from spending a lot of time clearing a large butterfly.
1:02 PM Changeset in webkit [184406] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Add clang pragmas to ignore

deprecation warnings.

12:30 PM Changeset in webkit [184405] by basile_clement@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

DFGLICMPhase shouldn't create NodeOrigins with forExit but without semantic
https://bugs.webkit.org/show_bug.cgi?id=145062

Reviewed by Filip Pizlo.

We assert in various places (including NodeOrigin::isSet()) that a
NodeOrigin's semantic and forExit must be either both set, or both
unset. However, LICM'ing a node with unset NodeOrigin would only set
forExit, and leave semantic unset. This can for instance happen when a
Phi node is constant-folded into a JSConstant, which in turn gets
LICM'd.

This patch changes DFGLICMPhase to set the NodeOrigin's semantic in
addition to its forExit if semantic was previously unset.

It also adds two validators to DFGValidate.cpp:

  • In both SSA and CPS form, a NodeOrigin semantic and forExit must be either both set or both unset
  • In CPS form, all nodes must have a set NodeOrigin forExit (this is the CPS counterpart to the SSA validator that checks that all nodes must have a set NodeOrigin except possibly for a continuous chunk of nodes at the top of a block)
  • dfg/DFGLICMPhase.cpp:

(JSC::DFG::LICMPhase::attemptHoist):

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::validateCPS):

12:12 PM Changeset in webkit [184404] by commit-queue@webkit.org
  • 6 edits in trunk/Source

Limit alternate fullscreen with linked on or after.
https://bugs.webkit.org/show_bug.cgi?id=144894

Patch by Jeremy Jones <jeremyj@apple.com> on 2015-05-15
Reviewed by Dean Jackson.

Source/WebCore:

  • platform/ios/WebCoreSystemInterfaceIOS.h: add new wkIOSSystemVersion

Source/WebKit/mac:

  • WebView/WebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WebView _preferencesChanged:]):

Source/WebKit2:

  • UIProcess/API/Cocoa/WKWebView.mm:

(shouldAllowAlternateFullscreen): Added.
(-[WKWebView initWithFrame:configuration:]):

12:07 PM Changeset in webkit [184403] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed. Revert part of r184361.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):
HI wants the buttons flipped.

11:44 AM Changeset in webkit [184402] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix trivial typo in TextEncodingDetectorICU.cpp.
https://bugs.webkit.org/show_bug.cgi?id=145055

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-15
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change..

  • platform/text/TextEncodingDetectorICU.cpp:

(WebCore::detectTextEncoding):

11:41 AM Changeset in webkit [184401] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Cyrillic top-level domains are displayed as punycode
https://bugs.webkit.org/show_bug.cgi?id=145024
rdar://problem/17747133
rdar://problem/14116594

Reviewed by Tim Horton.

Handling each TLD in code is annoying, but we can probably survive like this
for a few more years, and maybe we'll think of an entirely different way to deal
with non-ASCII domain labels in the meanwhile.

  • platform/mac/WebCoreNSURLExtras.mm:

(WebCore::isSecondLevelDomainNameAllowedByTLDRules):
(WebCore::allCharactersAllowedByTLDRules):

11:40 AM Changeset in webkit [184400] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Cursor is displayed after full screen video controls fade away.
https://bugs.webkit.org/show_bug.cgi?id=145034.
<rdar://problem/20458604>

Reviewed by Jer Noble.

  • Modules/mediacontrols/mediaControlsApple.css:

(video::-webkit-media-controls-panel):
Unnecessary cursor style is on the control panel while hidden but
the cursor will already be hidden anyways from being auto-hidden.
Causes style to change when controls are hidden,
which causes the cursor to reappear.

11:25 AM Changeset in webkit [184399] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2][Cocoa] Back swipe tab snapshot takes a long time to be removed on bing.com
https://bugs.webkit.org/show_bug.cgi?id=145061
<rdar://problem/20939743>

Reviewed by Tim Horton.

When swiping back from a video search result to the list of video
search results on bing.com, the back swipe gesture tab snapshot takes
~3 seconds to be removed, even though the page gets loaded almost
instantly from PageCache. The tab snapshot should be removed as soon as
the load is done.

The issue is that we only cleared the back swipe gesture tab snapshot
after PageClient::didFinishLoadForMainFrame() has been called. However,
PageClient::didFinishLoadForMainFrame() was only being called by
WebPageProxy if the main frame loaded *without* error. In case the main
frame loaded with an error, only WebPageProxy::didFailLoadForFrame() is
called, not WebPageProxy::didFinishLoadForFrame() and we would fail to
remove the gesture snapshot until the 3 seconds timeout.

This patch calls PageClient::didFinishLoadForMainFrame() from
WebPageProxy::didFailLoadForFrame() so we remove the snapshot in the
error case as well.

The reason didFailLoadForFrame() is being called on bing.com video
search results is because a "ping" load is aborted when the page is
entering PageCache. Aborting any kind of resource load sets a
"cancellation" error on the main document.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFailLoadForFrame):

11:21 AM Changeset in webkit [184398] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove an unused declaration.

  • dfg/DFGSpeculativeJIT.h:
11:09 AM Changeset in webkit [184397] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Remove unused constant-base and constant-value store barrier code in the DFG
https://bugs.webkit.org/show_bug.cgi?id=145039

Reviewed by Andreas Kling.

Just killing dead code.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Deleted.
(JSC::DFG::SpeculativeJIT::writeBarrier): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):

10:58 AM Changeset in webkit [184396] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Checkmark on OFF option of captions sometimes does not appear.
https://bugs.webkit.org/show_bug.cgi?id=145060.
<rdar://problem/19388333>

Reviewed by Eric Carlson.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.buildCaptionMenu):
Audio tracks don’t have an OFF option.
Remove related code to allow OFF option for subtitles to work properly.

10:39 AM Changeset in webkit [184395] by Alan Bujtas
  • 17 edits
    2 adds in trunk

White edge on animating panel on http://rokkosunnyvale.com
https://bugs.webkit.org/show_bug.cgi?id=144986
rdar://problem/20907683

Reviewed by Simon Fraser.

Background image geometry calculation needs to be based on the final painting size of the container
in order to accurately compute tile sizes, repeating positions etc.
The container's size is pixelsnapped at painting using absolute coordinates. This patch
ensures that we snap to the same size while computing background geometry.

Source/WebCore:

Test: fast/images/background-image-size-changes-fractional-position.html

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::paintBoxDecorations):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::paintBoxDecorations):
(WebCore::RenderBox::paintBackground):
(WebCore::RenderBox::getBackgroundPaintedExtent):
(WebCore::RenderBox::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderBox::maskClipRect):
(WebCore::RenderBox::repaintLayerRectsForImage): unable to get absolute coords.

  • rendering/RenderBox.h:
  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintFillLayerExtended):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
(WebCore::RenderBoxModelObject::getGeometryForBackgroundImage):
(WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground):

  • rendering/RenderBoxModelObject.h:
  • rendering/RenderFieldset.cpp:

(WebCore::RenderFieldset::paintBoxDecorations):

  • rendering/RenderImage.cpp:

(WebCore::RenderImage::boxShadowShouldBeAppliedToBackground):
(WebCore::RenderImage::computeBackgroundIsKnownToBeObscured):

  • rendering/RenderImage.h:
  • rendering/RenderLayer.cpp: unable to get absolute coords.

(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateDirectlyCompositedBackgroundImage): currently not used.

  • rendering/RenderObject.h:

(WebCore::RenderObject::computeBackgroundIsKnownToBeObscured):
(WebCore::RenderObject::backgroundIsKnownToBeObscured):

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::paintBoxDecorations):

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::boxShadowShouldBeAppliedToBackground):

  • rendering/RenderTableCell.h:

LayoutTests:

  • fast/backgrounds/hidpi-bitmap-background-repeat-on-subpixel-position-expected.html: progression.
  • fast/images/background-image-size-changes-fractional-position-expected.html: Added.
  • fast/images/background-image-size-changes-fractional-position.html: Added.
10:15 AM Changeset in webkit [184394] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

Crash in RenderFlowThread::popFlowThreadLayoutState() due to mismatched push/pop count
https://bugs.webkit.org/show_bug.cgi?id=145042

Reviewed by David Hyatt.

RenderFlowThread previously used a ListHashSet to store its stack of active objects. This
is problematic because, if the same object is pushed twice, only a single entry of that
object is added to the stack. After this occurs, a matching number of pushes will pop too
many items off the stack, causing a crash when popping a stack with zero items. This
specifically happens in FrameView::layout(), which will push its root renderer on the stack
of active items, and then ask the root to layout(), which will attempt to push itself on the
stack of active items.

Instead of a ListHashSet, use a Vector, which has similar memory characteristics and no
uniqueness requirements.

  • rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::pushFlowThreadLayoutState):
(WebCore::RenderFlowThread::popFlowThreadLayoutState):

  • rendering/RenderFlowThread.h:
9:46 AM Changeset in webkit [184393] by mitz@apple.com
  • 2 edits in trunk/Source/WTF

Build fix for some versions of clang.

  • wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

8:32 AM Changeset in webkit [184392] by commit-queue@webkit.org
  • 2 edits
    1 add in trunk/LayoutTests

[GTK] Gardening 15th May.
https://bugs.webkit.org/show_bug.cgi?id=145047

Unreviewed.

Patch by Marcos Chavarría Teijeiro <mchavarria@igalia.com> on 2015-05-15

  • platform/gtk/TestExpectations:
  • platform/gtk/fast/events/ghostly-mousemoves-in-subframe-expected.txt: Added.
6:53 AM Changeset in webkit [184391] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.8.3

WebKitGTK+ 2.8.3

6:52 AM Changeset in webkit [184390] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.3 release.

.:

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.8.3.
6:50 AM Changeset in webkit [184389] by peavo@outlook.com
  • 3 edits in trunk/Source/WebCore

[Curl] WebSocket platform part is not implemented.
https://bugs.webkit.org/show_bug.cgi?id=144628

Reviewed by Darin Adler.

Add Curl platform code implementation for WebSockets.

  • platform/network/curl/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):
(WebCore::SocketStreamHandle::SocketData::SocketData):

  • platform/network/curl/SocketStreamHandleCurl.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::platformSend):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::readData):
(WebCore::SocketStreamHandle::sendData):
(WebCore::SocketStreamHandle::waitForAvailableData):
(WebCore::SocketStreamHandle::startThread):
(WebCore::SocketStreamHandle::stopThread):
(WebCore::SocketStreamHandle::didReceiveData):
(WebCore::SocketStreamHandle::didOpenSocket):
(WebCore::SocketStreamHandle::createCopy):

5:56 AM Changeset in webkit [184388] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, but the ResourceHandle shouldn't
be cleaned up because it's still used for the download.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::cleanup):

5:49 AM Changeset in webkit [184387] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r184373 - Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position.html: Added.
5:46 AM Changeset in webkit [184386] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r184355 - Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

  • editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

  • editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
  • editing/inserting/insert-table-in-paragraph-crash.html: Added.
5:44 AM Changeset in webkit [184385] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r184346 - String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

  • runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

5:38 AM Changeset in webkit [184384] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r184334 - [GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

  • UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

5:37 AM Changeset in webkit [184383] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184323 - REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:22 AM Changeset in webkit [184382] by Csaba Osztrogonác
  • 6 edits in trunk/Tools

User interruption while running of run-webkit-tests should also generate results.html
https://bugs.webkit.org/show_bug.cgi?id=122154

Patch by Ravi Phaneendra Kasibhatla <r.kasibhatla@samsung.com> on 2015-05-15
Reviewed by Csaba Osztrogonác.

Generation of results.html on execution of run-webkit-tests happens only
on completion of entire layout tests run. It should be created even when
the execution has been interrupted - either by user (by pressing Ctrl+C)
or because of other interruptions (like exit-after-n-failures option).

  • Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:

(LayoutTestRunner.run_tests):

  • Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

  • Scripts/webkitpy/layout_tests/models/test_run_results.py:

(TestRunResults.init):

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(main):

  • Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:

(RunTest.test_keyboard_interrupt):
(MainTest.test_exception_handling):

5:04 AM Changeset in webkit [184381] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184293 - Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

4:59 AM Changeset in webkit [184380] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r184219 - REGRESSION(r175617): Some text doesn't render on internationalculinarycenter.com
https://bugs.webkit.org/show_bug.cgi?id=144917
rdar://problem/20545878

Reviewed by Andreas Kling.

This patch ensures that text stroke width value is taken into account while
calculating visual overflow for simple line layout.
Ceiling the text stroke width value matches the normal text layout behaviour.

Source/WebCore:

Test: fast/text/simple-line-layout-text-stroke-width.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

  • fast/text/simple-line-layout-text-stroke-width-expected.txt: Added.
  • fast/text/simple-line-layout-text-stroke-width.html: Added.
4:54 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:00 AM Changeset in webkit [184379] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[buildbot] Fix the URL of the performance bots
https://bugs.webkit.org/show_bug.cgi?id=145043

Reviewed by Ryosuke Niwa.

  • BuildSlaveSupport/build.webkit.org-config/templates/root.html:
2:50 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
2:22 AM Changeset in webkit [184378] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Fix typo in function name parseFunctionParamters -> parseFunctionParameters
https://bugs.webkit.org/show_bug.cgi?id=145040

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-15
Reviewed by Mark Lam.

  • parser/Parser.h:
  • parser/Parser.cpp:
1:42 AM Changeset in webkit [184377] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r184273 - [EGL][X11] XPixmap created in GLContextEGL::createPixmapContext() is leaked
https://bugs.webkit.org/show_bug.cgi?id=144909

Reviewed by Sergio Villar Senin and Žan Doberšek.

The pixmap is created and passed to eglCreatePixmapSurface(), but
never released. eglCreatePixmapSurface() doesn't take the
ownership of the pixmap, so we should explicitly free it when the
GLContextEGL is destroyed.

  • platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createPixmapContext): Use XUniquePixmap
and transfer the ownership to the context by using the new
constructor that receives a XUniquePixmap&&.
(WebCore::GLContextEGL::createContext): createPixmapContext() is
now only defined for X11.
(WebCore::GLContextEGL::GLContextEGL): New constructor that
receives a XUniquePixmap&&.

  • platform/graphics/egl/GLContextEGL.h: Add new constructor and

initialize the cairo device when defined to simplify constructors.

1:03 AM Changeset in webkit [184376] by Carlos Garcia Campos
  • 5 edits in trunk/Source

REGRESSION(r183861): [SOUP] Downloads are broken when using the Network Process
https://bugs.webkit.org/show_bug.cgi?id=144738

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Add ResourceHandle::releaseForDownload() that releases the current
handle to be used as a download.

  • platform/network/ResourceHandle.h:
  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::ResourceHandle::releaseForDownload):

Source/WebKit2:

When converting the main resource handle to a download, the
NetworkResourceLoader is aborted, and the ResourceHandle is
cleaned up aborting the download operation. We need to use a
different ResourceHandle for the download operation.

  • Shared/Downloads/soup/DownloadSoup.cpp:

(WebKit::Download::startWithHandle): Use ResourceHandle::releaseForDownload()
instead of reusing the given handle.

1:01 AM Changeset in webkit [184375] by rniwa@webkit.org
  • 3 edits in trunk/LayoutTests

Removed failing test expectations from passing tests.

12:05 AM Changeset in webkit [184374] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

[GTK] Fix PlatformDisplayWayland construction error, implement the destructor
https://bugs.webkit.org/show_bug.cgi?id=144997

Reviewed by Carlos Garcia Campos.

The PlatformDisplayWayland constructor is private, so we can't use
std::make_unique<>() to construct an object of this class.

Implement the PlatformDisplayWayland destructor, cleaning out all
the Wayland resources, if present.

  • platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):
(WebCore::PlatformDisplayWayland::PlatformDisplayWayland):
(WebCore::PlatformDisplayWayland::~PlatformDisplayWayland):

May 14, 2015:

10:09 PM Changeset in webkit [184373] by Alan Bujtas
  • 3 edits
    4 adds in trunk

Images on www.fitstylelife.com jiggle on hover.
https://bugs.webkit.org/show_bug.cgi?id=145020
rdar://problem/20885337

Reviewed by Simon Fraser.

This patch ensures that the clipping layer of a composited content is pixel snapped properly.

Source/WebCore:

Tests: compositing/composited-parent-clipping-layer-on-subpixel-position.html

compositing/parent-clipping-layer-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/composited-parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/composited-parent-clipping-layer-on-subpixel-position.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position-expected.html: Added.
  • compositing/parent-clipping-layer-on-subpixel-position.html: Added.
10:07 PM Changeset in webkit [184372] by Chris Dumez
  • 6 edits in trunk/Source/WebCore

Have DOMWindow::createWindow() take references to frames
https://bugs.webkit.org/show_bug.cgi?id=145037

Reviewed by Gyuyoung Kim.

Have DOMWindow::createWindow() take references to frames instead of
pointers as they are expected to be non-null. Also return a RefPtr
instead of a PassRefPtr.

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

  • loader/FrameLoader.cpp:

(WebCore::createWindow):

  • loader/FrameLoader.h:
  • page/DOMWindow.cpp:

(WebCore::DOMWindow::createWindow):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):

  • page/DOMWindow.h:
9:43 PM Changeset in webkit [184371] by Simon Fraser
  • 5 edits
    2 adds in trunk

REGRESSION (r183794): Garbage tiles when body background switches to fixed
https://bugs.webkit.org/show_bug.cgi?id=145032
rdar://problem/20963679

Reviewed by Dean Jackson.

Source/WebCore:

After r183794 (or possibly an earlier commit), we failed to dynamically update
the configuration of layers that handled fixed background attachment on the root.

This would result in unpainted tiles, and non-fixed-background behavior.

Fix by calling RenderLayerCompositor::rootOrBodyStyleChanged() whenever the
style changes on the root or body renderers, and triggering a compositing update
if the fixedness of the background changes. It calls the existing rootBackgroundTransparencyChanged()
if the color changes.

Test: platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
(WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged):

  • rendering/RenderLayerCompositor.h:

LayoutTests:

Test that toggles the attachment of the body background to fixed, then dumps layers.

  • platform/mac-wk2/tiled-drawing/toggle-to-fixed-background-expected.txt: Added.
  • platform/mac-wk2/tiled-drawing/toggle-to-fixed-background.html: Added.
9:39 PM Changeset in webkit [184370] by beidson@apple.com
  • 17 edits in trunk/Source/WebKit2

Rename connectionDidClose and related methods to be more clear.
https://bugs.webkit.org/show_bug.cgi?id=145030

Reviewed by Darin Adler.

These methods were easy to confuse with "Connection::Client::didClose()", yet they
were about something much more explicit: A child process being shut down by the UI Process.

Let's call them as such.

  • Shared/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::shutDownProcess):
(WebKit::ChildProcessProxy::clearConnection): Deleted.
(WebKit::ChildProcessProxy::connectionDidClose): Deleted.

  • Shared/ChildProcessProxy.h:
  • UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::processWillShutDown):

  • UIProcess/Databases/DatabaseProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::processWillShutDown):

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::processWillShutDown):

  • UIProcess/Plugins/PluginProcessProxy.h:
  • UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::webProcessWillShutDown):
(WebKit::WebFrameProxy::disconnect): Deleted.

  • UIProcess/WebFrameProxy.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::webProcessWillShutDown):
(WebKit::WebPageProxy::connectionDidClose): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessLifetimeTracker.cpp:

(WebKit::WebProcessLifetimeTracker::webProcessWillShutDown):
(WebKit::WebProcessLifetimeTracker::connectionDidClose): Deleted.

  • UIProcess/WebProcessLifetimeTracker.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::didClose):
(WebKit::WebProcessProxy::disconnectFramesFromPage):
(WebKit::WebProcessProxy::shouldTerminate):
(WebKit::WebProcessProxy::requestTermination):
(WebKit::WebProcessProxy::connectionDidClose): Deleted.
(WebKit::WebProcessProxy::disconnect): Deleted.

  • UIProcess/WebProcessProxy.h:
9:36 PM Changeset in webkit [184369] by mitz@apple.com
  • 2 edits in trunk/Source/WTF

Reverted r177753, now that <rdar://problem/19347133> is fixed.

Rubber-stamped by Benjamin Poulain.

  • wtf/SaturatedArithmetic.h:

(signedAddOverflows):
(signedSubtractOverflows):

9:14 PM Changeset in webkit [184368] by fpizlo@apple.com
  • 15 edits in trunk/Source/JavaScriptCore

Remove StoreBarrierWithNullCheck, nobody ever generates this.

Rubber stamped by Benjamin Poulain and Michael Saboff.

If we did bring something like this back in the future, we would just use UntypedUse instead
of CellUse to indicate that this is what we want.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::isStoreBarrier):

  • dfg/DFGNodeType.h:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStoreBarrier):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck): Deleted.

8:51 PM Changeset in webkit [184367] by fpizlo@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

PutGlobalVar should reference the global object it's storing into
https://bugs.webkit.org/show_bug.cgi?id=145036

Reviewed by Michael Saboff.

This makes it easier to reason about store barrier insertion and elimination. This changes
the format of PutGlobalVar so that child1 is the global object and child2 is the value.
Previously it just had child1, and that was the value.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):

8:28 PM Changeset in webkit [184366] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

Unreviewed, rolling out r184359 and r184362.
https://bugs.webkit.org/show_bug.cgi?id=145035

Introduced a crash in six media element tests (Requested by
rniwa on #webkit).

Reverted changesets:

"[MediaControls] Refactor media controls & bring improvements
made to iOS controls to Mac."
https://bugs.webkit.org/show_bug.cgi?id=144973
http://trac.webkit.org/changeset/184359

"Unreviewed build fix after r184359; typo."
http://trac.webkit.org/changeset/184362

7:03 PM Changeset in webkit [184365] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Some CFNetwork SPI to reset HSTS hosts added since a date should not be used on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=145025.
and
rdar://problem/20646308.

Patch by Zhuo Li <zachli@apple.com> on 2015-05-14
Reviewed by Alexey Proskuryakov.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate):

5:25 PM Changeset in webkit [184364] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Update the New Tab button disabled state after extra domains are activated
https://bugs.webkit.org/show_bug.cgi?id=145028

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-14
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector.activateExtraDomains):

5:08 PM Changeset in webkit [184363] by Michael Catanzaro
  • 4 edits in trunk

[CMake] Error out when ruby is too old
https://bugs.webkit.org/show_bug.cgi?id=145014

Reviewed by Martin Robinson.

.:

Error out immediately after checking for Ruby if the ruby executable is not found, or if it
is too old.

  • CMakeLists.txt:

Source/JavaScriptCore:

Don't enforce the check for the Ruby executable here; it's now enforced in the top-level
CMakeLists.txt instead.

  • CMakeLists.txt:
4:52 PM Changeset in webkit [184362] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r184359; typo.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

4:40 PM Changeset in webkit [184361] by roger_fong@apple.com
  • 3 edits in trunk/Source/WebCore

Adjust button CSS and positioning in preparation.
https://bugs.webkit.org/show_bug.cgi?id=144973.
<rdar://problem/20306227>

Reviewed by Dean Jackson.

The only visual change here is the swapping of the rewind and play button positions.
Also, position buttons based off of both left and right margins instead of just one of the two.
This allows the controls drop off to work without having to use a spacer element to take the place
of the timeline if the controls are too small.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-time-remaining-display):
(audio:-webkit-full-screen::-webkit-media-controls-toggle-closed-captions-button):
(audio:-webkit-full-screen::-webkit-media-controls-wireless-playback-picker-button):

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.configureInlineControls):

4:35 PM Changeset in webkit [184360] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

MediaControls: controls are live even when invisible
https://bugs.webkit.org/show_bug.cgi?id=145029
<rdar://problem/20865442>

Reviewed by Jer Noble.

When the controls are invisible they should ignore touch/mouse
events.

  • Modules/mediacontrols/mediaControlsiOS.css: Add pointer-events: none where appropriate.

(video::-webkit-media-controls-panel-container):
(video::-webkit-media-controls-panel-background):
(video::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel.paused):

4:27 PM Changeset in webkit [184359] by jer.noble@apple.com
  • 8 edits in trunk/Source/WebCore

[MediaControls] Refactor media controls & bring improvements made to iOS controls to Mac.
https://bugs.webkit.org/show_bug.cgi?id=144973

Reviewed by Dean Jackson.

Pull improvements made to the iOS media controls back into the Mac controls by moving
code from mediaControlsiOS.js into MediaControlsApple.js.

The largest refactored feature is the ability to drop individual controls from the media
controls when the video is too small to contain them. To allow these controls to resize
dynamically, a new "resize" event is fired inside the media element's shadow DOM.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel .dropped): Added; sets "display: none".

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller): Set defaults for new variables.
(Controller.prototype.updateControls): Update the controls width; moved from iOS.js.
(Controller.prototype.handleReadyStateChange): Update the controls; moved from iOS.js.
(Controller.prototype.handleTimeUpdate): Update the progress; moved from iOS.js.
(Controller.prototype.handleTimelineInput): Pause if scrubbing; moved from iOS.js.
(Controller.prototype.handleTimelineChange): Update the progress; moved from iOS.js.
(Controller.prototype.showControls): Update the controls width; moved from iOS.js.
(Controller.prototype.hideControls): Removed _potentiallyScrubbing check; not needed due to changes

to controlsAlwaysVisible().

(Controller.prototype.scheduleUpdateLayoutForDisplayedWidth): Moved from iOS.js.
(Controller.prototype.isControlVisible): Added; checks whether control is parented & not hidden.
(Controller.prototype.updateLayoutForDisplayedWidth): Moved from iOS.js and refactored.
(Controller.prototype.controlsAlwaysVisible): Return true if scrubbing.
(Controller.prototype.updateHasAudio): Check currentPlaybackTargetIsWireless(); moved from iOS.js.
(Controller.prototype.get scrubbing): Simple getter for _scrubbing.
(Controller.prototype.set scrubbing): Check play state if scrubbing; start playback (if necessary)

if not scrubbing.

(Controller.prototype.get pageScaleFactor): Moved from iOS.js.
(Controller.prototype.set pageScaleFactor): Ditto.
(Controller.prototype.handleRootResize): Schedule an update of the contrtols width.

Remove a bunch of newly unnecessary code from the iOS media controls:

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):
(ControllerIOS.prototype.createControls): Remove ivars moved into Apple.js.
(ControllerIOS.prototype.configureInlineControls): Remove spacer; made unnecessary.
(ControllerIOS.prototype.showControls): Deleted.
(ControllerIOS.prototype.updateTime): Deleted.
(ControllerIOS.prototype.handleTimelineTouchStart): Just call "scrubbing = true", handled in Apple.js.
(ControllerIOS.prototype.handleTimelineTouchEnd): Just call "scrubbing = false", handled in Apple.js.
(ControllerIOS.prototype.handleReadyStateChange): Deleted.
(ControllerIOS.prototype.setPlaying): Don't check _timelineIsHidden; not needed.
(ControllerIOS.prototype.get pageScaleFactor): Deleted.
(ControllerIOS.prototype.set pageScaleFactor): Deleted.
(ControllerIOS.prototype.scheduleUpdateLayoutForDisplayedWidth): Deleted.
(ControllerIOS.prototypeupdateLayoutForDisplayedWidth): Deleted.

Fire a "resize" event at the shadow DOM root when layout results in a size change.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged): Fire the "resize" event at the shadow DOM.

  • html/HTMLMediaElement.h:
  • rendering/RenderMedia.cpp:

(WebCore::RenderMedia::layout): Trigger layoutSizeChanged()

  • rendering/RenderMedia.h:

Drive-by fixes:

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls): aria-label text is totally wrong; removed.
(Controller.prototype.updateWirelessPlaybackStatus): Use class-names to hide controls, not inline styles.

3:46 PM Changeset in webkit [184358] by timothy_horton@apple.com
  • 20 edits in trunk

Add a layout mode that scales down the view to try to fit the document
https://bugs.webkit.org/show_bug.cgi?id=145022
<rdar://problem/19790341>

Reviewed by Dean Jackson.

  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setShouldScaleViewToFitDocument):

  • UIProcess/WebPageProxy.h:
  • WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setShouldScaleViewToFitDocument):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setShouldScaleViewToFitDocument):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Plumb shouldScaleViewToFitDocument through to the DrawingArea.

  • UIProcess/mac/WKViewLayoutStrategy.mm:

(+[WKViewLayoutStrategy layoutStrategyWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy initWithPage:view:mode:]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy updateLayout]):
(-[WKViewDynamicSizeComputedFromMinimumDocumentSizeLayoutStrategy willChangeLayoutStrategy]):

  • UIProcess/API/C/WKLayoutMode.h:
  • UIProcess/API/Cocoa/_WKLayoutMode.h:

Add a new layout mode, which just turns on shouldScaleViewToFitDocument,
and otherwise behaves as normal.

  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setShouldScaleViewToFitDocument):
(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):
(WebKit::TiledCoreAnimationDrawingArea::flushLayers):
On every flush where either the document size or view size has changed,
or layout is outstanding, do a layout with fixed layout off to determine
whether the document fits inside the view. If it doesn't, scale it down
to fit. This will require an extra layout for every resize while in the
scaled-down state, but there is potential for future optimization.

  • MiniBrowser/mac/BrowserWindow.xib:
  • MiniBrowser/mac/BrowserWindowController.h:
  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController toggleShrinkToFit:]):
(-[WK2BrowserWindowController toggleUseMinimumViewSize:]): Deleted.
Switch to _WKLayoutModeDynamicSizeComputedFromMinimumDocumentSize.

3:29 PM Changeset in webkit [184357] by Michael Catanzaro
  • 2 edits in trunk/Tools

[CMake] Don't read the LOCATION property of targets
https://bugs.webkit.org/show_bug.cgi?id=145018

Reviewed by Martin Robinson.

Use the TARGET_FILE_DIR generator expression to determine the location of the test injected
bundle, rather than assuming that the LOCATION property of TestWebKitAPIInjectedBundle will
be the same at configure-time as it is at generate-time.

  • TestWebKitAPI/CMakeLists.txt:
2:43 PM Changeset in webkit [184356] by andersca@apple.com
  • 5 edits in trunk/Source/WebKit2

Local storage origins should include origins with transient local storage
https://bugs.webkit.org/show_bug.cgi?id=145017
rdar://problem/10690447

Reviewed by Sam Weinig.

The transient local storage namespaces are used for third party data blocking and will stay
around until the UI process exits so we need to be able to include website data from transient storage
in the website data store APIs.

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::TransientLocalStorageNamespace::origins):
(WebKit::StorageManager::getLocalStorageOrigins):

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):

2:39 PM Changeset in webkit [184355] by rniwa@webkit.org
  • 4 edits
    2 adds in trunk

Crash in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
https://bugs.webkit.org/show_bug.cgi?id=119068

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by makeInsertedContentRoundTrippableWithHTMLTreeBuilder not updating
nodes kept tracked by insertedNodes and moveNodeOutOfAncestor stumbling upon it.

Fixed the bug by updating insertedNodes in makeInsertedContentRoundTrippableWithHTMLTreeBuilder.

Test: editing/inserting/insert-table-in-paragraph-crash.html

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):
(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):

  • editing/ReplaceSelectionCommand.h:

LayoutTests:

Added a test based on https://chromium.googlesource.com/chromium/blink/+/3500267482e60550ce84fadd6c0db883937ce744

  • editing/inserting/insert-table-in-paragraph-crash-expected.txt: Added.
  • editing/inserting/insert-table-in-paragraph-crash.html: Added.
2:32 PM Changeset in webkit [184354] by basile_clement@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

Enforce options coherency
https://bugs.webkit.org/show_bug.cgi?id=144921

Reviewed by Mark Lam.

JavaScriptCore should be failing early when the options are set in such
a way that we don't have a meaningful way to execute JavaScript, rather
than failing for obscure reasons at some point during execution.

This patch adds a new function that checks whether the options are set
in a coherent way, and makes JSC::Options::initialize() crash when the
environment enforces incoherent options.
Client applications able to add or change additional options are
responsible to check for coherency again before starting to actually
execute JavaScript, if any additional options have been set. This is
implemented for the jsc executable in this patch.

  • jsc.cpp:

(CommandLine::parseArguments):

  • runtime/Options.cpp:

(JSC::Options::initialize):
(JSC::Options::ensureOptionsAreCoherent): Added.

  • runtime/Options.h:

(JSC::Options::ensureOptionsAreCoherent): Added.

2:28 PM Changeset in webkit [184353] by mmaxfield@apple.com
  • 13 edits
    1 delete in trunk

[Mac] Expose more font weights for -apple-system
https://bugs.webkit.org/show_bug.cgi?id=144707

Reviewed by Simon Fraser.

Source/WebCore:

Previously, when we parsed a CSS declaration of the form font: keyword; where keyword
is one of caption, icon, menu, message-box, small-caption, -webkit-mini-control, -webkit-small-control,
or -webkit-control (which html.css does for form controls), we would ask the system what the appropriate
system font is, get that font's family name, and synthesize a font-family CSS property for the element.
Then, later when we actually go to look up the font, we would look up the font by family name using this
information. However, this round-tripping of a font through a family name is actually lossy, and is not
guaranteed to preserve system-font-ness (which we use for various things including metrics calculations).

This patch modifies this logic to specify a token family name instead, which the font lookup code special
cases (and reacts by making the appropriate system-font lookup call). This approach is currently how iOS
handles these system fonts; this patch simply brings this approach to OS X.

There is also an added progression here. We used to simply call [NSFont fontWithName:size:] on the system
font family name (which the parser found for us) which entirely disregards weight. This means that we
used to be getting synthesized bold in form controls which ask for a heavy weight. Migrating to this
system-font aware call means that we get the real bold font instead of synthesized bold.

Once this system-font-ness is guaranteed to be preserved between parsing time and font lookup time, we
can safely migrate to using [NSFont systemFontOfSize:weight] instead of [NSFont systemFontOfSize:] on
platforms which support it.

Tests: fast/text/systemFont.html

fast/css/css2-system-fonts.html
fast/forms/select/optgroup-rendering.html
fast/forms/validation-message-appearance.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseSystemFont): Add a comment regarding why we are bothering with expanding out
the font property in the first place.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::FontCascade::primaryFontIsSystemFont): Update to use new system font tokens.

  • platform/graphics/mac/FontCacheMac.mm:

(WebCore::toNSFontWeight): New static method to map font weights to NSFontWeight constants available on
Yosemite and later.
(WebCore::fontWithFamilySpecialCase): Pull all these special-case font token name handling into a
separate function, which returns an Optional.
(WebCore::fontWithFamily):

  • platform/mac/ThemeMac.mm:

(WebCore::ThemeMac::controlFont): Use the font token name instead of the generated system font family
name.

  • platform/spi/mac/NSFontSPI.h: Add [NSFont systemFontWithSize:weight:] and the proper NSFontWeight

constants.

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription): Use the font token names instead of the
generated system font family name.
(WebCore::RenderThemeMac::setFontFromControlSize): Ditto.

LayoutTests:

  • platform/mac/fast/text/systemFont-expected.txt: Update expectations.
  • platform/mac/fast/text/systemFont.html: Update test to include font weights for -apple-system.
  • platform/mac/fast/css/css2-system-fonts-expected.txt: Updated to not hardcode the system font family name.
  • platform/mac-mavericks/fast/css/css2-system-fonts-expected.txt: Ditto.
  • platform/mac/fast/forms/select/optgroup-rendering-expected.txt: Updated to not use synthetic bold.
  • platform/mac/fast/forms/validation-message-appearance-expected.txt: Ditto.
2:24 PM Changeset in webkit [184352] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): [EFL] unresolved reference errors in ARM builds
https://bugs.webkit.org/show_bug.cgi?id=145019

Reviewed by Ryosuke Niwa.

Attempt to fix compile errors in EFL ARM buildbots.
By executing nm, found JSTemplateRegistryKey.cpp.o and TemplateRegistry.cpp.o have
unresolved reference to Structure::get. That is inlined function in StructureInlines.h.

  • runtime/JSTemplateRegistryKey.cpp:
  • runtime/TemplateRegistry.cpp:
2:19 PM Changeset in webkit [184351] by roger_fong@apple.com
  • 4 edits in trunk/Source/WebCore

Add internals setting to disable wireless playback availability for layout tests
https://bugs.webkit.org/show_bug.cgi?id=145012.
<rdar://problem/20946504>

Reviewed by Eric Carlson.

  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::resetToConsistentState):
(WebCore::InternalSettings::setWirelessPlaybackDisabled):

  • testing/InternalSettings.idl:
1:56 PM Changeset in webkit [184350] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

1:38 PM Changeset in webkit [184349] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Small refactoring before implementation of the ES6 arrow function.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-14
Reviewed by Ryosuke Niwa.

  • parser/Parser.h:
  • parser/Parser.cpp:
1:27 PM Changeset in webkit [184348] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.32.2.1

New tag.

12:58 PM Changeset in webkit [184347] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r184337): ASSERT failed in debug builds for tagged templates
https://bugs.webkit.org/show_bug.cgi?id=145013

Reviewed by Filip Pizlo.

Fix the regression introduced by r184337.

  1. JSTemporaryRegistryKey::s_info should inherit the Base::s_info, JSDestructibleObject::s_info.
  1. The first register argument of BytecodeGenerator::emitNode should be a referenced register if it is a temporary register.
  • bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):

  • runtime/JSTemplateRegistryKey.cpp:
12:07 PM Changeset in webkit [184346] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

String.prototype.split() should create efficient substrings.
<https://webkit.org/b/144985>
<rdar://problem/20949344>

Reviewed by Geoffrey Garen.

Teach split() how to make substring JSStrings instead of relying on StringImpl's
substring sharing mechanism. The optimization works by deferring the construction
of a StringImpl until the substring's value is actually needed.

This knocks ~2MB off of theverge.com by avoiding the extra StringImpl allocations.
Out of ~70000 substrings created by split(), only ~2000 of them get reified.

  • runtime/StringPrototype.cpp:

(JSC::jsSubstring):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):

11:17 AM Changeset in webkit [184345] by Beth Dakin
  • 5 edits in trunk/Source

Change range of possible forces for mouseforcechanged DOM event
https://bugs.webkit.org/show_bug.cgi?id=144987
-and corresponding-
rdar://problem/20472802

Reviewed by Tim Horton.

Change to a 0-3 range.
Source/WebCore:

  • platform/PlatformMouseEvent.h:
  • platform/mac/PlatformEventFactoryMac.mm:

(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

Source/WebKit2:

  • Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

11:11 AM Changeset in webkit [184344] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Change the status of ES6 tagged templates to Done in features.json
https://bugs.webkit.org/show_bug.cgi?id=145003

Reviewed by Benjamin Poulain.

Now it's implemented in r184337.

  • features.json:
10:59 AM Changeset in webkit [184343] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32.2-branch/Source

Versioning.

10:55 AM Changeset in webkit [184342] by bshafiei@apple.com
  • 1 copy in branches/safari-601.1.32.2-branch

New Branch.

10:55 AM Changeset in webkit [184341] by mmaxfield@apple.com
  • 9 edits in trunk

Add String literal overloads to equalIgnoringASCIICase()
https://bugs.webkit.org/show_bug.cgi?id=145008

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-05-14
Reviewed by Benjamin Poulain.

Source/WTF:

Create an overload for equalIgnoringASCIICase for string literals.

  • wtf/text/StringImpl.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

  • wtf/text/StringImpl.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

  • wtf/text/StringView.h:

(WTF::equalIgnoringASCIICase): Use a non-templated helper function.

  • wtf/text/StringView.cpp:

(WTF::equalIgnoringASCIICase): Implement it.

  • wtf/text/WTFString.h:

(WTF::equalIgnoringASCIICase): Delegate to StringImpl's implementation.

Tools:

Test changes to WTF.

  • TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(WTF.StringImplEqualIgnoringASCIICaseBasic): Test const char*.
(WTF.StringImplEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

  • TestWebKitAPI/Tests/WTF/StringView.cpp:

(WTF.StringViewEqualIgnoringASCIICaseBasic): Ditto.
(WTF.StringViewEqualIgnoringASCIICaseWithLatin1Characters): Ditto.

10:36 AM Changeset in webkit [184340] by Yusuke Suzuki
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

Introduce SymbolType into SpeculativeTypes
https://bugs.webkit.org/show_bug.cgi?id=142651

Reviewed by Filip Pizlo.

Introduce SpecSymbol type into speculative types.
Previously symbol type is categorized into SpecCellOther.
But SpecCellOther is not intended to be used for such cells.

This patch just introduces SpecSymbol.
It represents the type of target value is definitely the symbol type.
It is the part of SpecCell.

In this patch, we do not introduce SymbolUse tracking.
It will be added in the separate patch.

  • bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromStructure):

  • bytecode/SpeculatedType.h:

(JSC::isSymbolSpeculation):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::setType):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • tests/stress/typeof-symbol.js: Added.
9:37 AM Changeset in webkit [184339] by Manuel Rego Casasnovas
  • 7 edits in trunk/Source/WebCore

Fix typo in RenderBox::instrinsicScrollbarLogicalWidth()
https://bugs.webkit.org/show_bug.cgi?id=144999

Reviewed by Sergio Villar Senin.

Rename RenderBox::instrinsicScrollbarLogicalWidth() to
RenderBox::intrinsicScrollbarLogicalWidth().

No new tests, no behavior changes.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeIntrinsicLogicalWidths):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::intrinsicScrollbarLogicalWidth):
(WebCore::RenderBox::instrinsicScrollbarLogicalWidth): Deleted.

  • rendering/RenderBox.h:
  • rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::computeIntrinsicLogicalWidths):

  • rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths):

9:31 AM Changeset in webkit [184338] by fpizlo@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed, skip js/regress-141098.html. The fix will be tracked in https://bugs.webkit.org/show_bug.cgi?id=145007

9:07 AM Changeset in webkit [184337] by Yusuke Suzuki
  • 24 edits
    11 adds in trunk/Source/JavaScriptCore

[ES6] Implement tagged templates
https://bugs.webkit.org/show_bug.cgi?id=143183

Reviewed by Oliver Hunt.

This patch implements ES6 tagged templates.
In tagged templates, the function takes the template object.

The template object contains the raw and cooked template strings,
so when parsing the tagged templates, we need to tokenize the raw and cooked strings.
While tagged templates require the both strings, the template literal only requires
the cooked strings. So when tokenizing under the template literal context,
we only builds the cooked strings.

As per ES6 spec, the template objects for the same raw strings are shared in the same realm.
The template objects is cached. And every time we evaluate the same tagged templates,
the same (cached) template objects are used.
Since the spec freezes this template objects completely,
we cannot attach some properties to it.
So we can say that it behaves as if the template objects are the primitive values (like JSString).
Since we cannot attach properties, the only way to test the identity of the template object is comparing. (===)
As the result, when there is no reference to the template object, we can garbage collect it
because the user has no way to test that the newly created template object does not equal
to the already collected template object.

So, to implement tagged templates, we implement the following components.

  1. JSTemplateRegistryKey

It holds the template registry key and it does not exposed to users.
TemplateRegistryKey holds the vector of raw and cooked strings with the pre-computed hash value.
When obtaining the template object for the (statically, a.k.a. at the parsing time) given raw string vectors,
we use this JSTemplateRegistryKey as a key to the map and look up the template object from
TemplateRegistry.
JSTemplateRegistryKey is created at the bytecode compiling time and
stored in the CodeBlock as like as JSString content values.

  1. TemplateRegistry

This manages the cached template objects.
It holds the weak map (JSTemplateRegistryKey -> the template object).
The template object is weakly referenced.
So if there is no reference to the template object,
the template object is automatically GC-ed.
When looking up the template object, it searches the cached template object.
If it is found, it is returned to the users.
If there is no cached template objects, it creates the new template object and
stores it with the given template registry key.

(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode): Deleted.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createTaggedTemplate):
(JSC::ASTBuilder::createTemplateLiteral): Deleted.

  • parser/Lexer.cpp:

(JSC::Lexer<T>::setCode):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTrailingTemplateString):
(JSC::Lexer<T>::clear):

  • parser/Lexer.h:

(JSC::Lexer<T>::makeEmptyIdentifier):

  • parser/NodeConstructors.h:

(JSC::TaggedTemplateNode::TaggedTemplateNode):
(JSC::TemplateLiteralNode::TemplateLiteralNode): Deleted.

  • parser/Nodes.h:

(JSC::TemplateLiteralNode::templateStrings):
(JSC::TemplateLiteralNode::templateExpressions):
(JSC::TaggedTemplateNode::templateLiteral):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):

  • parser/Parser.h:
  • parser/ParserArena.h:

(JSC::IdentifierArena::makeEmptyIdentifier):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createTaggedTemplate):
(JSC::SyntaxChecker::createTemplateLiteral): Deleted.

  • runtime/CommonIdentifiers.h:
  • runtime/JSGlobalObject.cpp:

(JSC::getTemplateObject):
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::templateRegistry):

  • runtime/JSTemplateRegistryKey.cpp: Added.

(JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
(JSC::JSTemplateRegistryKey::create):
(JSC::JSTemplateRegistryKey::destroy):

  • runtime/JSTemplateRegistryKey.h: Added.
  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorFreeze):

  • runtime/ObjectConstructor.h:
  • runtime/TemplateRegistry.cpp: Added.

(JSC::TemplateRegistry::TemplateRegistry):
(JSC::TemplateRegistry::getTemplateObject):

  • runtime/TemplateRegistry.h: Added.
  • runtime/TemplateRegistryKey.h: Added.

(JSC::TemplateRegistryKey::isDeletedValue):
(JSC::TemplateRegistryKey::isEmptyValue):
(JSC::TemplateRegistryKey::hash):
(JSC::TemplateRegistryKey::rawStrings):
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::operator==):
(JSC::TemplateRegistryKey::operator!=):
(JSC::TemplateRegistryKey::Hasher::hash):
(JSC::TemplateRegistryKey::Hasher::equal):
(JSC::TemplateRegistryKey::TemplateRegistryKey):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
  • tests/stress/tagged-templates-identity.js: Added.

(shouldBe):

  • tests/stress/tagged-templates-raw-strings.js: Added.

(shouldBe):
(tag):
(testEval):

  • tests/stress/tagged-templates-syntax.js: Added.

(tag):
(testSyntax):
(testSyntaxError):

  • tests/stress/tagged-templates-template-object.js: Added.

(shouldBe):
(tag):

  • tests/stress/tagged-templates-this.js: Added.

(shouldBe):
(tag):

  • tests/stress/tagged-templates.js: Added.

(shouldBe):
(raw):
(cooked):
(Counter):

8:33 AM Changeset in webkit [184336] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Current time marker is always at zero in Rendering Frames ruler
https://bugs.webkit.org/show_bug.cgi?id=144518

Reviewed by Timothy Hatcher.

The current and end time values for the rendering frame timeline overview should always be equal to the frame
number of the last record in the rendering frames timeline.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.updateLayout):

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._recordingTimesUpdated):

3:52 AM Changeset in webkit [184335] by zandobersek@gmail.com
  • 2 edits in trunk

[GTK] Enable plugin-related CMake options and variables for the X11 target only
https://bugs.webkit.org/show_bug.cgi?id=144995

Reviewed by Carlos Garcia Campos.

  • Source/cmake/OptionsGTK.cmake: Plugins are only supported for

the X11 windowing target at the moment, so the following options
and variables should be enabled or disabled accordingly:

  • ENABLE_PLUGIN_PROCESS_GTK2
  • ENABLE_NETSCAPE_PLUGIN_API
  • ENABLE_PLUGIN_PROCESS
2:33 AM Changeset in webkit [184334] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebKit2

[GTK] Add missing ENABLE(NETSCAPE_PLUGIN_API) build guards
https://bugs.webkit.org/show_bug.cgi?id=144994

Reviewed by Carlos Garcia Campos.

This fixes the build when configured with Netscape plugin API
support disabled.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_additional_plugins_directory):
(webkitWebContextGetPluginThread):

  • UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

2:32 AM Changeset in webkit [184333] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WTF

[GTK] RunLoop constructor should properly retrieve or establish the thread-default GMainContext
https://bugs.webkit.org/show_bug.cgi?id=144732

Reviewed by Carlos Garcia Campos.

RunLoop constructor in the GTK implementation should use the
existing thread-default context, create a new one if not on
the main thread, or use the global-default one if on the main
thread.

In RunLoop::run(), the GMainContext should then be pushed as
the thread-default before calling g_main_loop_run(), and popped
off when the main loop stops.

  • wtf/gtk/RunLoopGtk.cpp:

(WTF::RunLoop::RunLoop):
(WTF::RunLoop::run):

12:59 AM Changeset in webkit [184332] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

[EFL] Unskip passing AX tests since r184198

Unreviewed EFL gardening.

  • platform/efl/TestExpectations: Two AX tests have been passed since r184198.
12:57 AM Changeset in webkit [184331] by youenn.fablet@crf.canon.fr
  • 12 edits
    2 adds in trunk

SharedBuffer::createWithContentsOfFile should use map file routines
https://bugs.webkit.org/show_bug.cgi?id=144192

Reviewed by Darin Adler.

Source/WebCore:

Made use of mmap routines within SharedBuffer::createWithContentsOfFile for EFL, GTK and Mac ports.
If mapping is failing, it falls back to the previous version of SharedBuffer::createWithContentsOfFile renamed as
SharedBuffer::createFromReadingFile (using open/read method).
File content is mapped until SharedBuffer is cleared, destroyed or additional content is appended to the SharedBuffer.

A helper class, MappedFileData, is introduced to handle mapped files through calls to open/mmap/munmap/close.

Patch covered by existing layout tests and added unit tests.

  • platform/FileSystem.cpp:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator=):
(WebCore::MappedFileData::~MappedFileData):

  • platform/FileSystem.h:

(WebCore::MappedFileData::MappedFileData):
(WebCore::MappedFileData::operator bool):
(WebCore::MappedFileData::data):
(WebCore::MappedFileData::size):

  • platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::createWithContentsOfFile): Making use of MappedFileData before using createFromReadingFile.
(WebCore::SharedBuffer::size): Checking whether data is coming from a MappedFileData.
(WebCore::SharedBuffer::data): Ditto.
(WebCore::SharedBuffer::append): Ditto.
(WebCore::SharedBuffer::clear): Clearing MappedFileData if needed.
(WebCore::SharedBuffer::copy): Transferring mapped data to buffer if needed.
(WebCore::SharedBuffer::getSomeData):
(WebCore::SharedBuffer::maybeTransferMappedFileData):

  • platform/SharedBuffer.h:
  • platform/gtk/SharedBufferGtk.cpp:

(WebCore::SharedBuffer::createFromReadingFile): renamed from createWithContentsOfFile.

  • platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::createFromReadingFile): Dito.

  • platform/posix/SharedBufferPOSIX.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

  • platform/win/SharedBufferWin.cpp:

(WebCore::SharedBuffer::createFromReadingFile): Ditto.

Tools:

Adding SharedBuffer and FileSystem Unit tests to Mac and GTK, not yet for EFL.

  • TestWebKitAPI/PlatformGTK.cmake:
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebCore/FileSystem.cpp: Added.

(TestWebKitAPI::FileSystemTest::tempFilePath):
(TestWebKitAPI::FileSystemTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

  • TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp: Added.

(TestWebKitAPI::SharedBufferTest::tempFilePath):
(TestWebKitAPI::SharedBufferTest::tempEmptyFilePath):
(TestWebKitAPI::TEST_F):

May 13, 2015:

10:59 PM Changeset in webkit [184330] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[SOUP] Network Cache: NetworkProcess segfault when file system doesn't support xattrs
https://bugs.webkit.org/show_bug.cgi?id=144953

Reviewed by Martin Robinson.

Return early if we fail to get the birthtime xattr.

  • NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::fileTimes):

10:10 PM Changeset in webkit [184329] by Simon Fraser
  • 5 edits in trunk/Source/WebCore

Get the ScriptController from the correct frame for media elements and plug-ins
https://bugs.webkit.org/show_bug.cgi?id=144983
rdar://problem/20692642&19943135

Reviewed by Sam Weinig.

HTMLMediaElement, QuickTimePluginReplacement and HTMLPlugInImageElement were
getting the main frame's ScriptController instead of the one for their frame.
This caused media controls JS to be running in the context of the main frame,
which broke media controls which use getCSSCanvasContext() and -webkit-canvas.

Fix by getting the frame via the element's document.

Also undo r180584 which was working around this bug.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.drawTimelineBackground):

  • Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
(WebCore::QuickTimePluginReplacement::installReplacement):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):

  • html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

9:19 PM Changeset in webkit [184328] by rniwa@webkit.org
  • 12 edits
    1 add in trunk/Source/JavaScriptCore

REGRESSION(r180595): same-callee profiling no longer works
https://bugs.webkit.org/show_bug.cgi?id=144787

Reviewed by Filip Pizlo.

This patch introduces a DFG optimization to use NewObject node when the callee of op_create_this is
always the same JSFunction. This condition doesn't hold when the byte code creates multiple
JSFunction objects at runtime as in: function y() { return function () {} }; new y(); new y();

To enable this optimization, LLint and baseline JIT now store the last callee we saw in the newly
added fourth operand of op_create_this. We use this JSFunction's structure in DFG after verifying
our speculation that the callee is the same. To avoid recompiling the same code for different callee
objects in the polymorphic case, the special value of seenMultipleCalleeObjects() is set in
LLint and baseline JIT when multiple callees are observed.

Tests: stress/create-this-with-callee-variants.js

  • bytecode/BytecodeList.json: Increased the number of operands to 5.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Dump the newly added callee cache.
(JSC::CodeBlock::finalizeUnconditionally): Clear the callee cache if the callee is no longer alive.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCreateThis): Add the instruction to propertyAccessInstructions so that
we can clear the callee cache in CodeBlock::finalizeUnconditionally. Also initialize the newly added
operand.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Implement the optimization. Speculate the actual callee to
match the cache. Use the cached callee's structure if the speculation succeeds. Otherwise, OSR exit.

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this): Go to the slow path to update the cache unless it's already marked
as seenMultipleCalleeObjects() to indicate the polymorphic behavior and/or we've OSR exited here.
(JSC::JIT::emitSlow_op_create_this):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this): Ditto.
(JSC::JIT::emitSlow_op_create_this):

  • llint/LowLevelInterpreter32_64.asm:

(_llint_op_create_this): Ditto.

  • llint/LowLevelInterpreter64.asm:

(_llint_op_create_this): Ditto.

  • runtime/CommonSlowPaths.cpp:

(slow_path_create_this): Set the callee cache to the actual callee if it's not set. If the cache has
been set to a JSFunction* different from the actual callee, set it to seenMultipleCalleeObjects().

  • runtime/JSCell.h:

(JSC::JSCell::seenMultipleCalleeObjects): Added.

  • runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::unvalidatedGet): Removed the compile guard around it.

  • tests/stress/create-this-with-callee-variants.js: Added.
9:07 PM Changeset in webkit [184327] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Fix trivial typos in ApplyBlockElementCommand
https://bugs.webkit.org/show_bug.cgi?id=144984

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Alexey Proskuryakov.

No new tests, no behavior change.

  • editing/ApplyBlockElementCommand.cpp:

(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded):
(WebCore::ApplyBlockElementCommand::endOfNextParagrahSplittingTextNodesIfNeeded): Deleted.

  • editing/ApplyBlockElementCommand.h:
8:07 PM Changeset in webkit [184326] by dbates@webkit.org
  • 13 edits in trunk/Source/WebKit2

Rename ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() to {send, cancel}PrepareToSuspend()
https://bugs.webkit.org/show_bug.cgi?id=144619
<rdar://problem/20812779>

Reviewed by Andy Estes.

The names of the functions ProcessThrottlerClient::{send, cancel}ProcessWillSuspend() are misnomers. These
functions are called when the ProcessThrottler wants to prepare the process that it manages for suspension
and changes its mind, respectively. That is, these functions do not actually correspond to the OS decision
to suspend a process or cancel the suspension of a process, respectively. So, rename these functions and
associated {Network, Web}ProcessProxy message names to better describe their purpose.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::cancelPrepareToSuspend):
(WebKit::NetworkProcess::processWillSuspend): Deleted.
(WebKit::NetworkProcess::cancelProcessWillSuspend): Deleted.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in:
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendCancelPrepareToSuspend):
(WebKit::NetworkProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::NetworkProcessProxy::sendCancelProcessWillSuspend): Deleted.

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::updateAssertion):

  • UIProcess/ProcessThrottlerClient.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcess::actualPrepareToSuspend): Formerly named prepareToSuspend.
(WebKit::WebProcessProxy::sendPrepareToSuspend):
(WebKit::WebProcessProxy::sendCancelPrepareToSuspend):
(WebKit::WebProcessProxy::sendProcessWillSuspend): Deleted.
(WebKit::WebProcessProxy::sendCancelProcessWillSuspend): Deleted.

  • UIProcess/WebProcessProxy.h:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processWillSuspend): Deleted.
(WebKit::WebProcess::cancelProcessWillSuspend): Deleted.

  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in:
6:34 PM Changeset in webkit [184325] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Clean up some possible RefPtr to PassRefPtr churn
https://bugs.webkit.org/show_bug.cgi?id=144779

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Darin Adler.

  • runtime/GenericTypedArrayViewInlines.h:

(JSC::GenericTypedArrayView<Adaptor>::create):
(JSC::GenericTypedArrayView<Adaptor>::createUninitialized):

  • runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):

  • runtime/TypedArrayBase.h:

(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):

  • tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):
Release the last use of a RefPtr as it is passed on.

6:32 PM Changeset in webkit [184324] by commit-queue@webkit.org
  • 37 edits
    3 adds in trunk

ES6: Allow duplicate property names
https://bugs.webkit.org/show_bug.cgi?id=142895

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Introduce new op_put_getter_by_id and op_put_setter_by_id opcodes
that will define a single getter or setter property on an object.

The existing op_put_getter_setter opcode is still preferred for
putting both a getter and setter at the same time but cannot be used
for putting an individual getter or setter which is needed in
some cases.

Add a new slow path when generating bytecodes for a property list
with computed properties, as computed properties are the only time
the list of properties cannot be determined statically.

  • bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

  • fast path for all constant properties
  • slow but paired getter/setter path if there are no computed properties
  • slow path, individual put operation for every property, if there are computed properties
  • parser/Nodes.h:

Distinguish a Computed property from a Constant property.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
Distingish Computed and Constant properties.

(JSC::Parser<LexerType>::parseObjectLiteral):
When we drop into strict mode it is because we saw a getter
or setter, so be more explicit.

(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Eliminate duplicate property syntax error exception.

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::getName):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::getName): Deleted.
No longer used.

  • runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):
When updating a property. If the Accessor attribute changed
update the Structure.

  • runtime/JSObject.cpp:

(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
Called by the opcodes, just perform the same operation that
defineGetter or defineSetter would do.

(JSC::JSObject::putDirectNonIndexAccessor):
This transition is now handled in putDirectInternal.

  • runtime/Structure.h:

Add needed export.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutGetterById):
(JSC::BytecodeGenerator::emitPutSetterById):

  • bytecompiler/BytecodeGenerator.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:

New bytecodes. Modelled after existing op_put_getter_setter.

LayoutTests:

  • js/object-literal-duplicate-properties-expected.txt: Added.
  • js/object-literal-duplicate-properties.html: Added.
  • js/script-tests/object-literal-duplicate-properties.js: Added.

Include a new test all about testing duplicate property names
and their expected cascading results.

  • ietestcenter/Javascript/11.1.5_4-4-b-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-b-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-c-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-c-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-1-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-2-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-3-expected.txt:
  • ietestcenter/Javascript/11.1.5_4-4-d-4-expected.txt:

ES5 behavior for duplciate properties has changed.

  • js/mozilla/strict/11.1.5-expected.txt:
  • js/object-literal-syntax-expected.txt:
  • js/script-tests/object-literal-syntax.js:

Update other tests and values now that duplicate properties
are allowed, and their cascade order behaves correctly.

6:21 PM Changeset in webkit [184323] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESION (r179958): Crash in WebCore::DocumentLoader::detachFromFrame when -[id<WebPolicyDelegate> decidePolicyForMIMEType:request:frame:decisionListener:] fails to call -[id<WebPolicyDecisionListener> download|ignore|use]
<http://webkit.org/b/144975>

Reviewed by Andy Estes.

This change reverts r179958. It changes RELEASE_ASSERT*()
statements back to Debug-only ASSERT*() statements.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::~DocumentLoader):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::detachFromFrame):

5:39 PM Changeset in webkit [184322] by bshafiei@apple.com
  • 5 edits in branches/safari-600.5.17-branch/Source

Versioning.

5:36 PM Changeset in webkit [184321] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32-branch/Source

Versioning.

5:11 PM Changeset in webkit [184320] by rniwa@webkit.org
  • 2 edits in branches/safari-600.7-branch/LayoutTests

Add a Pass/Failure test expectation on
fast/canvas/webgl/tex-image-and-sub-image-2d-with-potentially-subsampled-image.html.

I don't know why this test expectation was not in the branch given it was added back in r174585.
Perhaps it got lost during some merges.

  • platform/mac/TestExpectations:
5:08 PM Changeset in webkit [184319] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.32.2

New tag.

4:57 PM Changeset in webkit [184318] by fpizlo@apple.com
  • 7 edits
    1 add in trunk/Source/JavaScriptCore

Creating a new blank document in icloud pages causes an AI error: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble.
https://bugs.webkit.org/show_bug.cgi?id=144856

Reviewed by Benjamin Poulain.

First I made fixTypeForRepresentation() print out better diagnostics when it dies.

Then I fixed the bug: Node::convertToIdentityOn(Node*) needs to make sure that when it
converts to a representation-changing node, it needs to use one of the UseKinds that such
a node expects. For example, DoubleRep(UntypedUse:) doesn't make sense; it needs to be
something like DoubleRep(NumberUse:) since it will speculate that the input is a number.

  • dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::setBuiltInConstant):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::fixTypeForRepresentation):

  • dfg/DFGAbstractValue.h:
  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

  • dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):

  • tests/stress/cloned-arguments-get-by-val-double-array.js: Added.

(foo):

4:33 PM Changeset in webkit [184317] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r184313.
https://bugs.webkit.org/show_bug.cgi?id=144974

Introduced an assertion failure in class-syntax-
declaration.js, class-syntax-expression.js, and object-
literal-syntax.js (Requested by rniwa on #webkit).

Reverted changeset:

"Small refactoring before ES6 Arrow function implementation."
https://bugs.webkit.org/show_bug.cgi?id=144954
http://trac.webkit.org/changeset/184313

4:18 PM Changeset in webkit [184316] by oliver@apple.com
  • 7 edits in trunk/Source

Source/JavaScriptCore:
Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

One of the simpler cases of this in JavaScriptCore. There
are other cases where we need to guard the derefs but they
are more complex cases.

  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::releaseImpl):

  • inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::releaseImpl):

Source/WTF:

Ensure that all the smart pointer types in WTF clear their pointer before deref
https://bugs.webkit.org/show_bug.cgi?id=143789

Reviewed by Ryosuke Niwa.

In order to prevent use after free bugs caused by destructors
that end up trying to access the smart pointer itself, we should
make sure we always clear the m_ptr field before calling deref.

Essentially the UaF path is:
struct Foo : RefCounted<Foo> {

Wibble* m_wibble;
void doSomething();
~Foo() { m_wibble->doSomethingLikeCleanup(); }

};

struct Wibble {

void doSomethingLikeCleanup()
{

if (m_foo) {

/* if this branch is not here we get a null deref */
m_foo->doSomething();

}

}
void replaceFoo(Foo* foo) { m_foo = foo; }
RefPtr<Foo> m_foo;

};

Wibble* someWibble = /* a Wibble with m_foo->m_refCount == 1 */;

/* and m_foo points to someWibble */;

someWibble->replaceFoo(someOtherFoo);
+ someWibble->m_foo->m_ptr->deref();

+ someWibble->m_foo->m_ptr->~Foo()

+ someWibble->m_foo->m_ptr->m_wibble->doSomethingLikeCleanup()

+ someWibble->m_foo->m_ptr->m_wibble /* someWibble */ ->m_foo->m_ptr /*logically dead*/ ->doSomething()

By clearing m_ptr first we either force a null pointer deref or
we force our code down a path that does not use the dead smart
pointer.

  • wtf/PassRefPtr.h: (WTF::PassRefPtr::~PassRefPtr):
  • wtf/Ref.h: (WTF::Ref::~Ref): (WTF::Ref::operator=):
  • wtf/RefPtr.h: (WTF::RefPtr::~RefPtr):
  • wtf/RetainPtr.h: (WTF::RetainPtr::~RetainPtr): (WTF::RetainPtr<T>::clear):
4:09 PM Changeset in webkit [184315] by Antti Koivisto
  • 31 edits
    5 adds in trunk

Cached CSS image resources don't show up after reloading <http://nightly.webkit.org/start/>
https://bugs.webkit.org/show_bug.cgi?id=144952
Source/WebCore:

rdar://problem/13387307

Reviewed by Oliver Hunt.

This is a symptom of a general problem that we don't revalidate subresources of cached parsed stylesheets.

Fix by tightening the check we perform when choosing to used the cached sheet. If there are expired subresources
we reparse the sheet.

Test: http/tests/cache/stylesheet-sharing.html

  • css/CSSCrossfadeValue.cpp:

(WebCore::CSSCrossfadeValue::traverseSubresources):
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources): Deleted.

Replace hasFailedOrCanceledSubresources with general purpose subresource traversal functions.

  • css/CSSCrossfadeValue.h:
  • css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::traverseSubresources):
(WebCore::CSSFilterImageValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSFilterImageValue.h:
  • css/CSSFontFaceSrcValue.cpp:

(WebCore::CSSFontFaceSrcValue::traverseSubresources):
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSFontFaceSrcValue.h:
  • css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSImageSetValue.h:
  • css/CSSImageValue.cpp:

(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSImageValue.h:
  • css/CSSValue.cpp:

(WebCore::CSSValue::traverseSubresources):
(WebCore::CSSValue::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSValue.h:
  • css/CSSValueList.cpp:

(WebCore::CSSValueList::traverseSubresources):
(WebCore::CSSValueList::hasFailedOrCanceledSubresources): Deleted.

  • css/CSSValueList.h:
  • css/StyleProperties.cpp:

(WebCore::StyleProperties::traverseSubresources):
(WebCore::StyleProperties::hasFailedOrCanceledSubresources): Deleted.

  • css/StyleProperties.h:
  • css/StyleSheetContents.cpp:

(WebCore::traverseSubresourcesInRules):
(WebCore::StyleSheetContents::traverseSubresources):
(WebCore::StyleSheetContents::subresourcesAllowReuse):

Disallow reuse if there are expired subresources.

(WebCore::StyleSheetContents::isLoadingSubresources):

Testing support.

(WebCore::childRulesHaveFailedOrCanceledSubresources): Deleted.
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources): Deleted.

  • css/StyleSheetContents.h:

(WebCore::StyleSheetContents::loadCompleted):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

  • loader/cache/CachedCSSStyleSheet.cpp:

(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):

  • loader/cache/CachedCSSStyleSheet.h:
  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::makeRevalidationDecision):
(WebCore::CachedImage::mustRevalidateDueToCacheHeaders): Deleted.

Move the logging code out from this function (it requires frame access this function doesn't otherwise need)
and refactor to return a decision enum.

  • loader/cache/CachedImage.h:
  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::makeRevalidationDecision):
(WebCore::logResourceRevalidationReason): Deleted.
(WebCore::CachedResource::mustRevalidateDueToCacheHeaders): Deleted.

  • loader/cache/CachedResource.h:

(WebCore::CachedResource::loadFailedOrCanceled):

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::logRevalidation):
(WebCore::logResourceRevalidationDecision):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):

Move logging here.

  • testing/Internals.cpp:

(WebCore::Internals::isSharingStyleSheetContents):
(WebCore::Internals::isStyleSheetLoadingSubresources):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

Reviewed by Oliver Hunt.

  • http/tests/cache/resources/non-shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

  • http/tests/cache/resources/shareable.css: Added.

(#foo):
(#bar):
(#test1):
(#test2):

  • http/tests/cache/resources/stylesheet-html.php: Added.
  • http/tests/cache/stylesheet-sharing-expected.txt: Added.
  • http/tests/cache/stylesheet-sharing.html: Added.
3:27 PM Changeset in webkit [184314] by commit-queue@webkit.org
  • 3 edits in trunk/Tools

[Content Extensions] Test interactions between multiple extensions and multiple domains.
https://bugs.webkit.org/show_bug.cgi?id=144967

Patch by Alex Christensen <achristensen@webkit.org> on 2015-05-13
Reviewed by Benjamin Poulain.

  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:

Xcode wanted to fix an alphabetization issue.

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::TEST_F):
Test interactions that worked but were not explicitly tested before.

3:23 PM Changeset in webkit [184313] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Small refactoring before ES6 Arrow function implementation.
https://bugs.webkit.org/show_bug.cgi?id=144954

Patch by Alexandr Skachkov <gskachkov@gmail.com> on 2015-05-13
Reviewed by Filip Pizlo.

  • parser/Parser.h:
  • parser/Parser.cpp:
3:16 PM Changeset in webkit [184312] by ryuan.choi@navercorp.com
  • 6 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove scaleFactor from SurfaceUpdateInfo
https://bugs.webkit.org/show_bug.cgi?id=144935

Reviewed by Darin Adler.

The members of SurfaceUpdateInfo are only used to update tile except scaleFactor.
So, this patch removes scaleFactor from SurfaceUpdateInfo.
In addition, removes unnecessary parameters in createTile()

No new tests because there is no behavior change.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createTile):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
  • platform/graphics/texmap/coordinated/CoordinatedTile.cpp:

(WebCore::CoordinatedTile::updateBackBuffer):

  • platform/graphics/texmap/coordinated/CoordinatedTile.h:
  • platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:
3:14 PM Changeset in webkit [184311] by fpizlo@apple.com
  • 8 edits
    3 adds in trunk/Source/JavaScriptCore

The liveness pruning done by ObjectAllocationSinkingPhase ignores the possibility of an object's bytecode liveness being longer than its DFG liveness
https://bugs.webkit.org/show_bug.cgi?id=144945

Reviewed by Michael Saboff.

We were making the mistake of using DFG liveness for object allocation sinking decisions.
This is wrong. In fact we almost never want to use DFG liveness directly. The only place
where that makes sense is pruning in DFG AI.

So, I created a CombinedLiveness class that combines the DFG liveness with bytecode
liveness.

In the process of doing this, I realized that the DFGForAllKills definition of combined
liveness at block tail was not strictly right; it was using the bytecode liveness at the
block terminal instead of the union of the bytecode live-at-heads of successor blocks. So,
I changed DFGForAllKills to work in terms of CombinedLiveness.

This allows me to unskip the test I added in r184260. I also added a new test that tries to
trigger this bug more directly.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGCombinedLiveness.cpp: Added.

(JSC::DFG::liveNodesAtHead):
(JSC::DFG::CombinedLiveness::CombinedLiveness):

  • dfg/DFGCombinedLiveness.h: Added.

(JSC::DFG::CombinedLiveness::CombinedLiveness):

  • dfg/DFGForAllKills.h:

(JSC::DFG::forAllKillsInBlock):
(JSC::DFG::forAllLiveNodesAtTail): Deleted.

  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
(JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
(JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):

  • tests/stress/escape-object-in-diamond-then-exit.js: Added.
  • tests/stress/sink-object-past-invalid-check-sneaky.js:
3:07 PM Changeset in webkit [184310] by andersca@apple.com
  • 8 edits in trunk/Source/WebKit2

Don't create a per-pool data store when using the modern API
https://bugs.webkit.org/show_bug.cgi?id=144963
rdar://problem/20331756

Reviewed by Tim Horton.

  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::copy):

  • UIProcess/API/APIProcessPoolConfiguration.h:

Keep track of whether the process pool should have a data store.

  • UIProcess/API/C/WKContext.cpp:

(WKContextGetWebsiteDataStore):

  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):
Update now that WebProcessPool::dataStore() no longer returns a reference.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
Only create a data store if the configuration states that we should.

  • UIProcess/WebProcessPool.h:

Change dataStore() to return a pointer instead of a reference.

3:06 PM Changeset in webkit [184309] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Modernize ContainerNode::childElementCount
https://bugs.webkit.org/show_bug.cgi?id=144930

Patch by Sam Weinig <sam@webkit.org> on 2015-05-13
Reviewed by Darin Adler.

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::childElementCount):
Use std::distance to compute the number of child elements.

  • dom/ElementChildIterator.h:

Add typedefs to make the child element iterators conform STL standards.

2:58 PM Changeset in webkit [184308] by rniwa@webkit.org
  • 5 edits
    2 adds in trunk

REGRESSION(r183770): Crash inside WebEditorClient::shouldApplyStyle when applying underline
https://bugs.webkit.org/show_bug.cgi?id=144949
Source/WebCore:

<rdar://problem/20895753>

Reviewed by Darin Adler.

The crash was caused by the variant of applyStyleToSelection that takes EditingStyle passing
a null pointer to shouldApplyStyle when we're only applying text decoration changes so that
m_mutableStyle in the editing style is null. This didn't reproduce in execCommand since we
wouldn't call shouldApplyStyle in that case. It didn't reproduce in my manual testing because
font panel also sets text shadow, which ends up filling up m_mutableStyle.

Fixed the bug by creating a mutable style properties when one is not provided by EditingStyle.
Also fixed the "FIXME" in the function by converting text decoration changes to a corresponding
text decoration value. The values passed to shouldApplyStyle now matches the old behavior prior
to r183770.

Test: editing/style/underline-by-user.html

  • editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleWithResolvedTextDecorations): Added.

  • editing/EditingStyle.h:
  • editing/Editor.cpp:

(WebCore::Editor::applyStyleToSelection): Use styleWithResolvedTextDecorations to avoid the crash.

LayoutTests:

Reviewed by Darin Adler.

Added a test that emulates underlining of text by the user. Unlike document.execCommand,
testRunner.execCommand simulates a user initiated editing command and therefore invokes
shouldApplyStyle.

  • editing/style/underline-by-user-expected.txt: Added.
  • editing/style/underline-by-user.html: Added.
2:37 PM Changeset in webkit [184307] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.5.17.2

New tag.

2:18 PM Changeset in webkit [184306] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

Work around HTMLMediaElement::documentDidResumeFromPageCache being called twice
https://bugs.webkit.org/show_bug.cgi?id=144969

Reviewed by Alexey Proskuryakov.

  • dom/Document.cpp:

(WebCore::Document::addPlaybackTargetPickerClient): Replace ASSERT with early
return to work around https://webkit.org/b/144970.

2:05 PM Changeset in webkit [184305] by rniwa@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

I skipped a wrong test in r184270. Fix that.
The failure is tracked by webkit.org/b/144947.

  • tests/stress/arith-modulo-node-behaviors.js:
  • tests/stress/arith-mul-with-constants.js:
1:51 PM Changeset in webkit [184304] by timothy_horton@apple.com
  • 7 edits in trunk/Source/WebCore

Going back after resizing causes scroll knob to appear in the middle of the page
https://bugs.webkit.org/show_bug.cgi?id=144968
<rdar://problem/18299827>

Reviewed by Beth Dakin.

  • history/CachedPage.cpp:

(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

  • history/CachedPage.h:

(WebCore::CachedPage::markForContentsSizeChanged):

  • history/PageCache.cpp:

(WebCore::PageCache::markPagesForContentsSizeChanged):

  • history/PageCache.h:

Add a flag that will cause us to call updateContentsSize() after a page
comes out of the page cache, if necessary.

  • page/FrameView.cpp:

(WebCore::FrameView::setContentsSize):

  • page/FrameView.h:

Mark all cached pages for this frame as needing updateContentsSize()
when setContentsSize happens. This will ensure that scrollbar layers
are repositioned when coming out of the page cache.

1:42 PM Changeset in webkit [184303] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

[Mac] Sandbox violation reading SubmitDiagInfo.domains
https://bugs.webkit.org/show_bug.cgi?id=144962
rdar://problem/20719330

Reviewed by Darin Adler.

  • WebProcess/com.apple.WebProcess.sb.in:
1:40 PM Changeset in webkit [184302] by bshafiei@apple.com
  • 3 edits in branches/safari-600.5.17-branch/Source/JavaScriptCore

Merged r184229. rdar://problem/18736465

1:10 PM Changeset in webkit [184301] by bshafiei@apple.com
  • 18 edits in branches/safari-601.1.32-branch

Merged r183976.

1:08 PM Changeset in webkit [184300] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183958.

12:59 PM Changeset in webkit [184299] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Speculative build fix.

  • UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:
12:56 PM Changeset in webkit [184298] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[GTK][CMake] Extra include directory when libnotify is present but disabled
https://bugs.webkit.org/show_bug.cgi?id=144941

Reviewed by Martin Robinson.

Add LIBNOTIFY_INCLUDE_DIRS to WebKit2_INCLUDE_DIRECTORIES only if USE_LIBNOTIFY is true,
rather than checking LIBNOTIFY_FOUND.

  • PlatformGTK.cmake:
12:28 PM Changeset in webkit [184297] by Beth Dakin
  • 18 edits
    1 add in trunk/Source

Need SPI to set the overlay scroll bar style
https://bugs.webkit.org/show_bug.cgi?id=144928
-and corresponding-
rdar://problem/20143614

Reviewed by Anders Carlsson.

Source/WebCore:

New ChromeClient function preferredScrollbarOverlayStyle() will fetch the
scrollbar style that was set via the new SPI.

  • page/ChromeClient.h:

If the preferredScrollbarOverlayStyle() is anything but None, then use it. None is
used to indicate that the normal heuristic should compute the appropriate color.

  • page/FrameView.cpp:

(WebCore::FrameView::recalculateScrollbarOverlayStyle):

  • page/FrameView.h:

Source/WebKit2:

Make scrollbarOverlayStyle a part of the creation parameters.

  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:

New SPI.

  • UIProcess/API/Cocoa/WKViewPrivate.h:
  • UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h: Added.
  • UIProcess/API/mac/WKView.mm:

(-[WKView _setOverlayScrollbarStyle:]):
(-[WKView _overlayScrollbarStyle]):

Store m_scrollbarOverlayStyle on WebPageProxy, and set it to the WebProcess.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::setOverlayScrollbarStyle):

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::overlayScrollbarStyle):

  • WebKit2.xcodeproj/project.pbxproj:

Return WebPage’s scrollbarOverlayStyle().

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::preferredScrollbarOverlayStyle):

  • WebProcess/WebCoreSupport/WebChromeClient.h:

Cache the scrollbarOverlayStyle() here for the WebProcess.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::setScrollbarOverlayStyle):

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::scrollbarOverlayStyle):

  • WebProcess/WebPage/WebPage.messages.in:
12:26 PM Changeset in webkit [184296] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

Scrollbars in overflow regions are not vanishing after scrolling with scroll snap points
https://bugs.webkit.org/show_bug.cgi?id=142521
<rdar://problem/20100706>

Reviewed by Darin Adler.

The scrollbars were not being dismissed because they were not being notified that the wheel
gesture was finished. This was happening because the wheel event 'ended' state has zero
deltaX and deltaY. If the region did not allow stretching, it would exit early, never passing
through the 'handleWheelEventPhase' code that would notify the scrollbar controller that
the gesture had ended.

  • platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::mouseExitedContentArea): The wrong ScrollAnimator method was being
called when the mouse exited the content area.

  • platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::handleWheelEvent): Do not early return when the wheel event has
no change in X or Y coordinate.

12:24 PM Changeset in webkit [184295] by andersca@apple.com
  • 5 edits in trunk/Source/WebKit2

Rename some StorageManager functions to indicate that they work on local storage entries
https://bugs.webkit.org/show_bug.cgi?id=144958
First part of rdar://problem/10690447.

Reviewed by Beth Dakin.

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageDetailsByOrigin):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteAllLocalStorageEntries):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrigins): Deleted.
(WebKit::StorageManager::getStorageDetailsByOrigin): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigin): Deleted.
(WebKit::StorageManager::deleteAllEntries): Deleted.
(WebKit::StorageManager::deleteEntriesForOrigins): Deleted.

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebKeyValueStorageManager.cpp:

(WebKit::WebKeyValueStorageManager::getKeyValueStorageOrigins):
(WebKit::WebKeyValueStorageManager::getStorageDetailsByOrigin):
(WebKit::WebKeyValueStorageManager::deleteEntriesForOrigin):
(WebKit::WebKeyValueStorageManager::deleteAllEntries):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):

12:20 PM Changeset in webkit [184294] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Crash under WebKit::WebInspectorProxy::attachAvailabilityChanged sometimes opening new page
https://bugs.webkit.org/show_bug.cgi?id=144957

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-05-13
Reviewed by Simon Fraser.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::attachAvailabilityChanged):

11:56 AM Changeset in webkit [184293] by hyatt@apple.com
  • 2 edits in trunk/Source/WebCore

Don't compute selection painting info when we don't have selection.
https://bugs.webkit.org/show_bug.cgi?id=144920
<rdar://problem/20919920>

Reviewed by Simon Fraser.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

Just set the selection paint style to the text paint style when we don't have a selection
at all. Computing the selection style takes time in the case where a ::selection pseudo is
used on the page, so we don't want to waste time computing that info unless it's actually
needed.

11:51 AM Changeset in webkit [184292] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

Avoid always running some debug code in type profiling
https://bugs.webkit.org/show_bug.cgi?id=144775

Reviewed by Daniel Bates.

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

11:51 AM Changeset in webkit [184291] by Joseph Pecoraro
  • 36 edits in trunk/Source

Pass String as reference in more places
https://bugs.webkit.org/show_bug.cgi?id=144769

Reviewed by Daniel Bates.

Source/JavaScriptCore:

  • debugger/Breakpoint.h:

(JSC::Breakpoint::Breakpoint):

  • parser/Parser.h:

(JSC::Parser::setErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):

  • parser/ParserError.h:

(JSC::ParserError::ParserError):

  • runtime/RegExp.cpp:

(JSC::RegExpFunctionalTestCollector::outputOneTest):

  • runtime/RegExpObject.cpp:

(JSC::regExpObjectSourceInternal):

  • runtime/TypeProfiler.cpp:

(JSC::TypeProfiler::typeInformationForExpressionAtOffset):

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

  • runtime/TypeProfilerLog.h:
  • tools/FunctionOverrides.cpp:

(JSC::initializeOverrideInfo):

  • inspector/scripts/codegen/generate_objc_conversion_helpers.py:

(ObjCConversionHelpersGenerator._generate_enum_from_protocol_string):

  • inspector/scripts/codegen/objc_generator_templates.py:
  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
  • inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
  • inspector/scripts/tests/expected/enum-values.json-result:
  • inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
  • inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
  • inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-array-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

Rebaseline tests after updating the generator.

Source/WebCore:

  • bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::dumpString):
(WebCore::CloneSerializer::dumpStringObject):

  • dom/DocumentMarkerController.cpp:

(WebCore::DocumentMarkerController::addMarker):

  • dom/DocumentMarkerController.h:
  • inspector/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::assertFrameWithDocumentLoader):

  • inspector/InspectorApplicationCacheAgent.h:
  • inspector/InspectorNodeFinder.cpp:

(WebCore::stripCharacters):
(WebCore::InspectorNodeFinder::InspectorNodeFinder):

  • inspector/InspectorNodeFinder.h:

Source/WebKit2:

  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showMainResourceForFrame):

  • WebProcess/WebPage/WebInspectorUI.h:
11:11 AM Changeset in webkit [184290] by timothy_horton@apple.com
  • 11 edits in trunk/Source

View scale changes are temporarily lost after restoring a page from the page cache
https://bugs.webkit.org/show_bug.cgi?id=144934

Reviewed by Brady Eidson.

  • history/CachedPage.cpp:

(WebCore::CachedPage::CachedPage):
(WebCore::CachedPage::restore):
(WebCore::CachedPage::clear):

  • history/CachedPage.h:

(WebCore::CachedPage::markForDeviceOrPageScaleChanged): Renamed.

  • history/PageCache.cpp:

(WebCore::PageCache::markPagesForDeviceOrPageScaleChanged): Renamed.

  • history/PageCache.h:

Rename PageCache/CachedPage methods to make it more clear that they
will eventually result in calling deviceOrPageScaleFactorChanged().
Also, use modern initialization for CachedPage members.

  • loader/HistoryController.cpp:

(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
(WebCore::HistoryController::restoreScrollPositionAndViewState):
Store the pageScaleFactor on HistoryItem with the view scale factored out,
because the view scale can change while the page is in the page cache, and
WebCore needs a way - without consulting with WebKit2 - to apply the changed
view scale to the cached page scale.

  • page/Page.cpp:

(WebCore::Page::setViewScaleFactor):
(WebCore::Page::setDeviceScaleFactor):

  • page/Page.h:

(WebCore::Page::viewScaleFactor):
Keep track of the viewScaleFactor, and mark all pages in the page cache
as needing to call deviceOrPageScaleFactorChanged and do a full style recalc
when they come back from the page cache.

For now, we expect all callers of setPageScaleFactor (including WebKit2 and
HistoryController) to multiply the viewScale in manually, to avoid the
significant amount of change in WebCore that would be required to keep them
totally separately.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scalePage):
(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::pageScaleFactor):
(WebKit::WebPage::viewScaleFactor):
(WebKit::WebPage::scaleView):

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewScaleFactor): Deleted.
Get rid of m_viewScaleFactor, instead using Page::viewScaleFactor.

10:58 AM Changeset in webkit [184289] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

com.apple.WebKit.WebContent crashed at JavaScriptCore: JSC::CodeBlock::finalizeUnconditionally
https://bugs.webkit.org/show_bug.cgi?id=144933

Changed the RELEASE_ASSERT_NOT_REACHED into an ASSERT. Added some diagnostic messages to
help determine the cause for any crash.

Reviewed by Geoffrey Garen.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finalizeUnconditionally):

10:39 AM Changeset in webkit [184288] by fpizlo@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

REGRESSION(r184260): arguments elimination has stopped working because of Check(UntypedUse:) from SSAConversionPhase
https://bugs.webkit.org/show_bug.cgi?id=144951

Reviewed by Michael Saboff.

There were two issues here:

  • In r184260 we expected a small number of possible use kinds in Check nodes, and UntypedUse was not one of them. That seemed like a sensible assumption because we don't create Check nodes unless it's to have a check. But, SSAConversionPhase was creating a Check that could have UntypedUse. I fixed this. It's cleaner for SSAConversionPhase to follow the same idiom as everyone else and not create tautological checks.


  • It's clearly not very robust to assume that Checks will not be used tautologically. So, this changes how we validate Checks in the escape analyses. We now use willHaveCheck, which catches cases that AI would have already marked as unnecessary. It then also uses a new helper called alreadyChecked(), which allows us to just ask if the check is unnecessary for objects. That's a good fall-back in case AI hadn't run yet.
  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGMayExit.cpp:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):

  • dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

  • dfg/DFGUseKind.h:

(JSC::DFG::alreadyChecked):

  • dfg/DFGVarargsForwardingPhase.cpp:
9:48 AM Changeset in webkit [184287] by Yusuke Suzuki
  • 8 edits
    2 adds in trunk

[ES6] Implement String.raw
https://bugs.webkit.org/show_bug.cgi?id=144330

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Implement String.raw. It is intended to be used with tagged-templates syntax.
To implement ToString abstract operation efficiently,
we introduce @toString bytecode intrinsic. It emits op_to_string directly.

  • CMakeLists.txt:
  • builtins/StringConstructor.js: Added.

(raw):

  • bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):

  • runtime/CommonIdentifiers.h:
  • runtime/StringConstructor.cpp:
  • tests/stress/string-raw.js: Added.

(shouldBe):
(.get shouldBe):
(Counter):

LayoutTests:

Add String.raw.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
2:32 AM Changeset in webkit [184286] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.32-branch/Tools

Merged r184018.

2:31 AM Changeset in webkit [184285] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Minor cleanups to PluginProxy.cpp.
https://bugs.webkit.org/show_bug.cgi?id=144948

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

  1. Remove unnecessary #include.
  2. Remove unnecessary return statement from PluginProxy::paint().

No new tests, no behavior change.

  • WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::paint):

2:23 AM Changeset in webkit [184284] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebCore

Merged r183980. rdar://problem/20769741

2:13 AM Changeset in webkit [184283] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r176631): [EFL] Fullscreen feature doesn't work correctly on MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=144906

Patch by Daegyu Lee <daegyu.lee@navercorp.com> on 2015-05-13
Reviewed by Gyuyoung Kim.

  • UIProcess/CoordinatedGraphics/PageViewportController.cpp:

(WebKit::PageViewportController::updateMinimumScaleToFit): Recover the r176631 condition to
call applyScaleAfterRenderingContents function to apply correct scale.

1:26 AM Changeset in webkit [184282] by bshafiei@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184028. rdar://problem/20210267

12:21 AM Changeset in webkit [184281] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Tools

Merged r183915.

12:10 AM Changeset in webkit [184280] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184241. rdar://problem/20172315

12:09 AM Changeset in webkit [184279] by bshafiei@apple.com
  • 8 edits in branches/safari-601.1.32-branch/Source

Merged r184231. rdar://problem/20923031

12:04 AM Changeset in webkit [184278] by bshafiei@apple.com
  • 12 edits
    3 copies in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184215. rdar://problem/19708579

12:02 AM Changeset in webkit [184277] by bshafiei@apple.com
  • 2 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184125. rdar://problem/19708579

12:01 AM Changeset in webkit [184276] by bshafiei@apple.com
  • 6 edits in branches/safari-601.1.32-branch/Source/WebKit2

Merged r184061. rdar://problem/20856497

Note: See TracTimeline for information about the timeline view.