Timeline



Jul 19, 2015:

11:38 PM Changeset in webkit [187018] by timothy_horton@apple.com
  • 8 edits
    1 add
    2 deletes in trunk

Make shrink-wrapping test a ref-test instead of pixel-test
https://bugs.webkit.org/show_bug.cgi?id=147081

Reviewed by Sam Weinig.

Source/WebCore:

Nobody runs pixel tests.

  • svg/SVGPathUtilities.cpp:

(WebCore::pathIteratorForBuildingString):
(WebCore::buildStringFromPath):

  • svg/SVGPathUtilities.h:

Add a helper that turns a Path into a SVG path string.

  • testing/Internals.cpp:

(WebCore::Internals::pathStringWithShrinkWrappedRects):

  • testing/Internals.h:
  • testing/Internals.idl:

Have the internals shrink-wrap method return an SVG path instead of a DOMPath.

LayoutTests:

  • fast/shrink-wrap/rect-shrink-wrap-expected.html: Added.
  • fast/shrink-wrap/rect-shrink-wrap-expected.png: Removed.
  • fast/shrink-wrap/rect-shrink-wrap-expected.txt: Removed.
  • fast/shrink-wrap/rect-shrink-wrap.html:

SVG all the things.

4:37 PM Changeset in webkit [187017] by Yusuke Suzuki
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

In strict mode, Object.keys(arguments) includes "length"
https://bugs.webkit.org/show_bug.cgi?id=147071

Reviewed by Darin Adler.

ClonedAguments didn't set the "length" with DontEnum.

  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createByCopyingFrom):

  • tests/stress/arguments-length-always-dont-enum.js: Added.

(shouldBe):
(argsSloppy):
(argsStrict):

4:10 PM Changeset in webkit [187016] by commit-queue@webkit.org
  • 5 edits in trunk

new Date(NaN).toJSON() must return null instead of throwing a TypeError
https://bugs.webkit.org/show_bug.cgi?id=141115

Patch by Jordan Harband <ljharb@gmail.com> on 2015-07-19
Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

  • runtime/DatePrototype.cpp:

(JSC::dateProtoFuncToJSON):

LayoutTests:

  • js/dom/JSON-stringify-expected.txt:
  • js/resources/JSON-stringify.js:
3:27 PM Changeset in webkit [187015] by Michael Catanzaro
  • 2 edits in trunk/Tools

[GTK] Enable seccomp filter API tests
https://bugs.webkit.org/show_bug.cgi?id=140071

Reviewed by Žan Doberšek.

These tests will now be run by the run-gtk-tests script.

  • TestWebKitAPI/PlatformGTK.cmake:
12:31 PM Changeset in webkit [187014] by saambarati1@gmail.com
  • 3 edits
    3 adds in trunk

Parser::parseFunctionInfo hits RELEASE_ASSERT for Arrow Functions
https://bugs.webkit.org/show_bug.cgi?id=147090

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

ArrowFunction's have there ParserFunctionInfo "name" field to
be a non-null pointer. This is obviously allowed and valid except we
had a RELEASE_ASSERT that claimed otherwise. This is a mistake.

Note: ArrowFunction's will never actually have a function name;
there ParserFunctionInfo "name" field will be the empty string.
This is not be mistaken with the name field being a null pointer.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):

LayoutTests:

  • js/arrowfunction-strict-mode-expected.txt: Added.
  • js/arrowfunction-strict-mode.html: Added.
  • js/script-tests/arrowfunction-strict-mode.js: Added.

(foo):

12:14 PM Changeset in webkit [187013] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

Unreviewed, placate -Wmismatched-tags after r187011

It's basically bug #146990 again. Oops.

  • WebProcess/gtk/SeccompFiltersWebProcessGtk.h:
9:57 AM Changeset in webkit [187012] by saambarati1@gmail.com
  • 77 edits
    6 adds in trunk

[ES6] Add support for block scope const
https://bugs.webkit.org/show_bug.cgi?id=31813

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

'const' is now implemented in an ES6 spec compliant manner.
'const' variables are always block scoped and always live
either on the stack or in a JSLexicalEnvironment. 'const'
variables never live on the global object.

Inside the BytecodeGenerator, when assigning to a stack
'const' variable or a LocalClosureVar 'const' variable,
we will emit code that just throws a type error.
When assigning to a ClosureVar const variable, CodeBlock linking
will ensure that we perform a dynamic lookup of that variable so
that put_to_scope's slow path throws a type error.

The old 'const' implementation has been removed in this patch.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::variableForLocalEntry):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::isArgumentNumber):
(JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::variablePerSymbolTable): Deleted.
(JSC::BytecodeGenerator::emitInitGlobalConst): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::Variable::Variable):
(JSC::Variable::isReadOnly):
(JSC::Variable::isSpecial):
(JSC::Variable::isConst):
(JSC::BytecodeGenerator::thisRegister):
(JSC::BytecodeGenerator::emitTypeOf):
(JSC::BytecodeGenerator::emitIn):

  • bytecompiler/NodesCodegen.cpp:

(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::CommaNode::emitBytecode):
(JSC::BindingNode::bindValue):
(JSC::ConstDeclNode::emitCodeSingle): Deleted.
(JSC::ConstDeclNode::emitBytecode): Deleted.
(JSC::ConstStatementNode::emitBytecode): Deleted.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const): Deleted.

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const): Deleted.

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createDeclarationStatement):
(JSC::ASTBuilder::createEmptyVarExpression):
(JSC::ASTBuilder::createDebugger):
(JSC::ASTBuilder::appendStatement):
(JSC::ASTBuilder::createVarStatement): Deleted.
(JSC::ASTBuilder::createLetStatement): Deleted.
(JSC::ASTBuilder::createConstStatement): Deleted.
(JSC::ASTBuilder::appendConstDecl): Deleted.

  • parser/NodeConstructors.h:

(JSC::CommaNode::CommaNode):
(JSC::SourceElements::SourceElements):
(JSC::SwitchNode::SwitchNode):
(JSC::BlockNode::BlockNode):
(JSC::ConstStatementNode::ConstStatementNode): Deleted.
(JSC::ConstDeclNode::ConstDeclNode): Deleted.

  • parser/Nodes.h:

(JSC::ConstDeclNode::hasInitializer): Deleted.
(JSC::ConstDeclNode::ident): Deleted.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseVariableDeclaration):
(JSC::Parser<LexerType>::parseWhileStatement):
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::createBindingPattern):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseDefaultValueForDestructuringPattern):
(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseTryStatement):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseConstDeclaration): Deleted.
(JSC::Parser<LexerType>::parseConstDeclarationList): Deleted.

  • parser/Parser.h:

(JSC::isEvalNode):
(JSC::isEvalNode<EvalNode>):
(JSC::isArguments):
(JSC::isEval):
(JSC::isEvalOrArgumentsIdentifier):
(JSC::Scope::Scope):
(JSC::Scope::declareCallee):
(JSC::Scope::declareVariable):
(JSC::Scope::declareLexicalVariable):
(JSC::Scope::hasDeclaredVariable):
(JSC::Scope::allowsVarDeclarations):
(JSC::Scope::allowsLexicalDeclarations):
(JSC::Scope::declareParameter):
(JSC::Scope::declareBoundParameter):
(JSC::Parser::destructuringKindFromDeclarationType):
(JSC::Parser::assignmentContextFromDeclarationType):
(JSC::Parser::isEvalOrArguments):
(JSC::Parser::currentScope):
(JSC::Parser::popScope):
(JSC::Parser::declareVariable):
(JSC::Parser::hasDeclaredVariable):
(JSC::Parser::setStrictMode):
(JSC::Parser::strictMode):
(JSC::Parser::isValidStrictMode):
(JSC::Parser::declareParameter):
(JSC::Parser::declareBoundParameter):
(JSC::Parser::breakIsValid):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createForOfLoop):
(JSC::SyntaxChecker::createEmptyStatement):
(JSC::SyntaxChecker::createDeclarationStatement):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createVarStatement): Deleted.
(JSC::SyntaxChecker::createLetStatement): Deleted.

  • parser/VariableEnvironment.h:

(JSC::VariableEnvironmentEntry::isCaptured):
(JSC::VariableEnvironmentEntry::isConst):
(JSC::VariableEnvironmentEntry::isVar):
(JSC::VariableEnvironmentEntry::isLet):
(JSC::VariableEnvironmentEntry::setIsCaptured):
(JSC::VariableEnvironmentEntry::setIsConst):
(JSC::VariableEnvironmentEntry::setIsVar):
(JSC::VariableEnvironmentEntry::setIsLet):
(JSC::VariableEnvironmentEntry::isConstant): Deleted.
(JSC::VariableEnvironmentEntry::setIsConstant): Deleted.

  • runtime/Executable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::defineOwnProperty):
(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addFunction):
(JSC::lastInPrototypeChain):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::addVar):
(JSC::JSGlobalObject::addConst): Deleted.

  • runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::symbolTablePut):

  • tests/stress/const-and-with-statement.js: Added.

(truth):
(assert):
(shouldThrowInvalidConstAssignment):
(.):

  • tests/stress/const-exception-handling.js: Added.

(truth):
(assert):
(.):

  • tests/stress/const-loop-semantics.js: Added.

(truth):
(assert):
(shouldThrowInvalidConstAssignment):
(.):

  • tests/stress/const-not-strict-mode.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

  • tests/stress/const-semantics.js: Added.

(truth):
(assert):
(shouldThrowInvalidConstAssignment):
(.):

  • tests/stress/const-tdz.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

Source/WebInspectorUI:

"const" variables do not live on the global object and are only
accessible within the "Program" they're defined in. Therefore,
the WebInspector global must be defined as "var" and not "const".

  • UserInterface/Base/WebInspector.js:

LayoutTests:

"const" variables do not live on the global object. They
are only available in the "Program" (read: JavaScript file or
script tag) that they're defined in. Tests have been updated
accordingly to switch the "const" variables assumed to be globals
into "var"s. "var" declared variables in the top level scope
of a program do live on the global object.

  • fast/canvas/webgl/compressed-tex-image.html:
  • fast/dom/event-handler-attributes.html:
  • fast/forms/listbox-visible-size.html:
  • js/arguments-expected.txt:
  • js/arrowfunction-syntax-errors-expected.txt:
  • js/const-expected.txt:
  • js/const-without-initializer-expected.txt:
  • js/constant-count-expected.txt:
  • js/dom/inc-const-valueOf-expected.txt:
  • js/dom/script-tests/inc-const-valueOf.js:

(testPreIncConstVarWithAssign):

  • js/function-toString-parentheses-expected.txt:
  • js/kde/const-expected.txt:
  • js/kde/resources/const.js:
  • js/parser-syntax-check-expected.txt:
  • js/script-tests/arguments.js:

(argumentsVarUndefined):
(argumentsConst):
(argumentCalleeInException):
(argumentsConstUndefined): Deleted.

  • js/script-tests/class-syntax-declaration.js:

(A):

  • js/script-tests/class-syntax-expression.js:
  • js/script-tests/const-without-initializer.js:
  • js/script-tests/const.js:

(shouldThrowInvalidConstAssignment):
(assert):
(f):
(tryCatch1):
(tryCatch2):
(with1):
(with2):
(.):

  • js/script-tests/constant-count.js:

(f):

  • js/script-tests/function-dot-arguments.js:

(assignConstInitTest2.g):
(assignConstInitTest2):

  • js/script-tests/function-toString-parentheses.js:
  • js/script-tests/parser-syntax-check.js:
  • sputnik/Conformance/07_Lexical_Conventions/7.5_Tokens/7.5.3_Future_Reserved_Words/S7.5.3_A1.6-expected.txt:
  • sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A3.1_T7-expected.txt:
  • sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A3.1_T8-expected.txt:
  • sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A3.1_T9-expected.txt:
  • sputnik/Conformance/08_Types/8.4_The_String_Type/S8.4_A13_T3-expected.txt:
  • sputnik/Conformance/08_Types/8.4_The_String_Type/S8.4_A14_T3-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T1-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T2-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T3-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T4-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T6-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T7-expected.txt:
  • sputnik/Conformance/12_Statement/12.2_Variable_Statement/S12.2_A8_T8-expected.txt:
  • transforms/3d/hit-testing/composited-hit-test.html:
  • transforms/3d/hit-testing/coplanar-with-camera.html:
  • transforms/3d/hit-testing/hover-rotated-negative-z.html:
  • transforms/3d/hit-testing/hover-rotated-with-children-negative-z.html:
  • transforms/3d/hit-testing/negative-zoffset-hit-test.html:
  • transforms/3d/hit-testing/overlapping-layers-hit-test.html:
  • transforms/3d/hit-testing/perspective-clipped.html:
  • transforms/3d/hit-testing/rotated-hit-test-with-child.html:
  • transforms/3d/hit-testing/rotated-hit-test.html:
  • transforms/3d/hit-testing/rotated-hit-test2.html:
  • transitions/resources/transition-test-helpers.js:

(roundNumber):

9:32 AM Changeset in webkit [187011] by Michael Catanzaro
  • 7 edits
    2 adds in trunk

[GTK] Add seccomp filters support
https://bugs.webkit.org/show_bug.cgi?id=110014

Reviewed by Žan Doberšek.

.:

Find needed compiler and linker flags for libseccomp.

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

Allow building with ENABLE_SECCOMP_FILTERS=ON. Based on work by Thiago Marcos P. Santos.

  • PlatformGTK.cmake: Support ENABLE_SECCOMP_FILTERS build option.
  • WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp: Added.

(WebKit::SeccompFiltersWebProcessGtk::SeccompFiltersWebProcessGtk):
(WebKit::SeccompFiltersWebProcessGtk::platformInitialize):

  • WebProcess/gtk/SeccompFiltersWebProcessGtk.h: Added.
  • WebProcess/soup/WebProcessSoup.cpp:

(WebKit::WebProcess::platformInitializeWebProcess): Initialize default
GTK+ web process seccomp filters.

Tools:

Add libseccomp to jhbuild modulesets.

  • gtk/jhbuild.modules:
6:16 AM Changeset in webkit [187010] by ddkilzer@apple.com
  • 5 edits in trunk/Source/WebKit/win

REGRESSION (r187002): Broke the Windows build: Reduce PassRefPtr in WebKit2 - 3
<https://bugs.webkit.org/show_bug.cgi?id=146995>

Attempt to fix the Windows build.

  • WebCoreSupport/WebFrameLoaderClient.cpp:

(WebFrameLoaderClient::createDocumentLoader):
(WebFrameLoaderClient::createFrame):
(WebFrameLoaderClient::createPlugin):

  • WebCoreSupport/WebFrameLoaderClient.h:
  • WebDocumentLoader.cpp:

(WebDocumentLoader::create):

  • WebDocumentLoader.h:
5:35 AM Changeset in webkit [187009] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r187008): CGPathCreateMutableCopyByTransformingPath() is not available on Windows
<https://bugs.webkit.org/show_bug.cgi?id=147077>

  • platform/graphics/cg/PathCG.cpp:

(WebCore::Path::transform): Restore less efficient code path
for Windows.

Jul 18, 2015:

9:38 PM Changeset in webkit [187008] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Simplify Path(CG)::transform/translate
https://bugs.webkit.org/show_bug.cgi?id=147077

Reviewed by Simon Fraser.

No new tests; no behavior change.

  • platform/graphics/cg/PathCG.cpp:

(WebCore::Path::translate):
(WebCore::Path::transform):
Use CGPathCreateMutableCopyByTransformingPath to do the copy and transform
in a single call instead of two.

Make use of transform() to implement translate() instead of duplicating the code.
Move the two functions near each other.

(WebCore::Path::boundingRect):
Remove irrelevant reference to Snow Leopard.

8:37 PM Changeset in webkit [187007] by Simon Fraser
  • 3 edits in trunk/Tools

MiniBrowser window title is just "Window" when page has no <title>
https://bugs.webkit.org/show_bug.cgi?id=147076

Reviewed by Tim Horton.

Make MiniBrowser windows show the filename from the URL if we never get a title changed
notification.

  • MiniBrowser/mac/WK1BrowserWindowController.m:

(-[WK1BrowserWindowController updateTitle:]):
(-[WK1BrowserWindowController webView:didCommitLoadForFrame:]):
(-[WK1BrowserWindowController webView:didReceiveTitle:forFrame:]):

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController updateTitle:]):
(-[WK2BrowserWindowController observeValueForKeyPath:ofObject:change:context:]):
(-[WK2BrowserWindowController webView:didCommitNavigation:]):

7:14 PM Changeset in webkit [187006] by mrajca@apple.com
  • 5 edits
    2 adds in trunk

Media Session: Add support for 'Content' interruption types
https://bugs.webkit.org/show_bug.cgi?id=147042

Reviewed by Eric Carlson.

Tests: Added media/session/content-interruptions

  • Modules/mediasession/MediaSession.cpp:

(WebCore::MediaSession::handleIndefinitePauseInterruption): Indefinitely pause the session by pausing media

elements and removing them from the set of active participating elements.

  • Modules/mediasession/MediaSession.h:
  • Modules/mediasession/MediaSessionManager.cpp:

(WebCore::MediaSessionManager::didReceiveStartOfInterruptionNotification): Implemented support for 'Content'

interruption types as described in 4.5.2.

6:36 PM Changeset in webkit [187005] by mrajca@apple.com
  • 2 edits in trunk/Source/WebCore

Media Session: add support for telephony interruptions
https://bugs.webkit.org/show_bug.cgi?id=147016

Reviewed by Eric Carlson.

  • platform/audio/mac/MediaSessionInterruptionProviderMac.mm:

(WebCore::callDidBeginRinging): Forward this event to media sessions as a 'Transient' interruption.
(WebCore::MediaSessionInterruptionProviderMac::beginListeningForInterruptions):
(WebCore::MediaSessionInterruptionProviderMac::stopListeningForInterruptions):

6:30 PM Changeset in webkit [187004] by mrajca@apple.com
  • 7 edits in trunk/Source/WebCore

Media Session: add infrastructure for testing interruptions
https://bugs.webkit.org/show_bug.cgi?id=147060

Reviewed by Eric Carlson.

  • Modules/mediasession/MediaSession.h: Export methods to be used with tests.
  • Modules/mediasession/MediaSessionManager.h: Ditto.
  • bindings/scripts/CodeGeneratorJS.pm: JSMediaSession needs to be marked with WEBCORE_EXPORT so it works with JSInternals.
  • testing/Internals.cpp:

(WebCore::Internals::sendMediaSessionStartOfInterruptionNotification): Let tests send interruptions to MediaSessionManager.
(WebCore::Internals::sendMediaSessionEndOfInterruptionNotification): Ditto.
(WebCore::Internals::mediaSessionCurrentState): Expose the current state of media sessions to tests.

  • testing/Internals.h:
  • testing/Internals.idl: Add interfaces for sending interruptions from JS tests.
5:36 PM Changeset in webkit [187003] by saambarati1@gmail.com
  • 4 edits
    1 add in trunk/Source/JavaScriptCore

lexical scoping is broken with respect to "break" and "continue"
https://bugs.webkit.org/show_bug.cgi?id=147063

Reviewed by Filip Pizlo.

Bug #142944 which introduced "let" and lexical scoping
didn't properly hook into the bytecode generator's machinery
for calculating scope depth deltas for "break" and "continue". This
resulted in the bytecode generator popping an incorrect number
of scopes when lexical scopes were involved.

This patch fixes this problem and generalizes this machinery a bit.
This patch also renames old functions in a sensible way that is more
coherent in a world with lexical scoping.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::newLabelScope):
(JSC::BytecodeGenerator::emitProfileType):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::popLexicalScope):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::resolveType):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitGetParentScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::emitPopWithOrCatchScope):
(JSC::BytecodeGenerator::emitPopScopes):
(JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
(JSC::BytecodeGenerator::localScopeDepth):
(JSC::BytecodeGenerator::labelScopeDepth):
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitPushFunctionNameScope):
(JSC::BytecodeGenerator::pushScopedControlFlowContext):
(JSC::BytecodeGenerator::popScopedControlFlowContext):
(JSC::BytecodeGenerator::emitPushCatchScope):
(JSC::BytecodeGenerator::currentScopeDepth): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::hasFinaliser):
(JSC::BytecodeGenerator::scopeDepth): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ContinueNode::trivialTarget):
(JSC::BreakNode::trivialTarget):
(JSC::ReturnNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::TryNode::emitBytecode):

  • tests/stress/lexical-scoping-break-continue.js: Added.

(assert):
(.):

5:16 PM Changeset in webkit [187002] by Gyuyoung Kim
  • 86 edits in trunk/Source

Reduce PassRefPtr in WebKit2 - 3
https://bugs.webkit.org/show_bug.cgi?id=146995

Reviewed by Daniel Bates.

To remove PassRefPtr, this patch reduces use of PassRefPtr in WebKit2.
Because some uses depend on WebCore, WebCore, WK1 ports are modified as well.

Source/WebCore:

  • loader/EmptyClients.cpp:

(WebCore::EmptyChromeClient::createPopupMenu):
(WebCore::EmptyChromeClient::createSearchPopupMenu):
(WebCore::EmptyFrameLoaderClient::createDocumentLoader):
(WebCore::EmptyFrameLoaderClient::createFrame):
(WebCore::EmptyFrameLoaderClient::createPlugin):

  • loader/EmptyClients.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::init):
(WebCore::FrameLoader::load):
(WebCore::FrameLoader::loadWithNavigationAction):
(WebCore::FrameLoader::reloadWithOverrideEncoding):
(WebCore::FrameLoader::reload):

  • loader/FrameLoaderClient.h:
  • loader/ResourceLoadScheduler.cpp:

(WebCore::ResourceLoadScheduler::scheduleSubresourceLoad):
(WebCore::ResourceLoadScheduler::schedulePluginStreamLoad):

  • loader/ResourceLoadScheduler.h:
  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::create):

  • loader/SubresourceLoader.h:
  • page/ChromeClient.h:
  • platform/graphics/texmap/TextureMapperBackingStore.h:
  • platform/graphics/texmap/TextureMapperLayer.h:

(WebCore::TextureMapperLayer::texture):

  • platform/graphics/texmap/TextureMapperSurfaceBackingStore.cpp:

(WebCore::TextureMapperSurfaceBackingStore::texture):

  • platform/graphics/texmap/TextureMapperSurfaceBackingStore.h:
  • platform/graphics/texmap/TextureMapperTile.h:

(WebCore::TextureMapperTile::texture):

  • platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:

(WebCore::TextureMapperTiledBackingStore::texture):

  • platform/graphics/texmap/TextureMapperTiledBackingStore.h:
  • storage/StorageNamespace.h:

Source/WebKit/mac:

  • WebCoreSupport/WebFrameLoaderClient.h:
  • WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::createDocumentLoader):

Source/WebKit/win:

  • WebCoreSupport/WebFrameLoaderClient.cpp:

(WebFrameLoaderClient::createDocumentLoader):

  • WebCoreSupport/WebFrameLoaderClient.h:

Source/WebKit2:

  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::getOrCreateUniqueIDBDatabase):

  • DatabaseProcess/DatabaseProcess.h:
  • PluginProcess/PluginControllerProxy.cpp:

(WebKit::PluginControllerProxy::takeInitializationReply):

  • PluginProcess/PluginControllerProxy.h:
  • Shared/CoordinatedGraphics/CoordinatedBackingStore.cpp:

(WebKit::CoordinatedBackingStore::texture):

  • Shared/CoordinatedGraphics/CoordinatedBackingStore.h:

(WebKit::CoordinatedBackingStore::create):

  • Shared/CoordinatedGraphics/WebCoordinatedSurface.cpp:

(WebKit::WebCoordinatedSurface::create):
(WebKit::WebCoordinatedSurface::createWithSurface):

  • Shared/CoordinatedGraphics/WebCoordinatedSurface.h:
  • UIProcess/API/APILoaderClient.h:

(API::LoaderClient::webCryptoMasterKey):

  • UIProcess/API/APINavigationClient.h:

(API::NavigationClient::webCryptoMasterKey):

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageLoaderClient):
(WKPageSetPageNavigationClient):

  • UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::createPopupMenuProxy):
(WebKit::PageClientImpl::createContextMenuProxy):
(WebKit::PageClientImpl::createColorPicker):

  • UIProcess/API/gtk/PageClientImpl.h:
  • UIProcess/Authentication/WebCredential.h:
  • UIProcess/Authentication/WebProtectionSpace.h:
  • UIProcess/AutoCorrectionCallback.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::NavigationClient::webCryptoMasterKey):

  • UIProcess/CoordinatedGraphics/WebView.cpp:

(WebKit::WebView::createPopupMenuProxy):
(WebKit::WebView::createContextMenuProxy):
(WebKit::WebView::createColorPicker):

  • UIProcess/CoordinatedGraphics/WebView.h:
  • UIProcess/PageClient.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/efl/WebViewEfl.cpp:

(WebKit::WebViewEfl::createPopupMenuProxy):
(WebKit::WebViewEfl::createContextMenuProxy):
(WebKit::WebViewEfl::createColorPicker):

  • UIProcess/efl/WebViewEfl.h:
  • UIProcess/ios/PageClientImplIOS.h:
  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::createPopupMenuProxy):
(WebKit::PageClientImpl::createContextMenuProxy):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::dataSelectionForPasteboard):

  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::createPopupMenuProxy):
(WebKit::PageClientImpl::createContextMenuProxy):
(WebKit::PageClientImpl::createColorPicker):

  • UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::dataSelectionForPasteboard):

  • WebProcess/Network/WebResourceLoadScheduler.cpp:

(WebKit::WebResourceLoadScheduler::scheduleSubresourceLoad):
(WebKit::WebResourceLoadScheduler::schedulePluginStreamLoad):

  • WebProcess/Network/WebResourceLoadScheduler.h:
  • WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::fromNPP):
(WebKit::NetscapePlugin::snapshot):
(WebKit::NetscapePlugin::liveResourceData):

  • WebProcess/Plugins/Netscape/NetscapePlugin.h:
  • WebProcess/Plugins/Plugin.h:
  • WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::snapshot):
(WebKit::PluginProxy::liveResourceData):

  • WebProcess/Plugins/PluginProxy.h:
  • WebProcess/Storage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::storageArea):
(WebKit::StorageNamespaceImpl::copy):

  • WebProcess/Storage/StorageNamespaceImpl.h:
  • WebProcess/WebCoreSupport/SessionStateConversion.cpp:

(WebKit::toHistoryItem):

  • WebProcess/WebCoreSupport/SessionStateConversion.h:
  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::createPopupMenu):
(WebKit::WebChromeClient::createSearchPopupMenu):

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::createDocumentLoader):
(WebKit::WebFrameLoaderClient::createFrame):
(WebKit::WebFrameLoaderClient::createPlugin):

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::create):
(WebKit::WebPage::createDocumentLoader):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::lookupTextAtLocation):

4:54 PM Changeset in webkit [187001] by Simon Fraser
  • 2 edits in trunk/Source/WebKit2

Scroll position jumps when scrolling scaling pages down in split view
https://bugs.webkit.org/show_bug.cgi?id=147072
rdar://problem/21769577

Reviewed by Sam Weinig.

When apple.com/music is in Split View at a reduced scale, scrolling the page
can cause unwanted scroll jumps. This happened because we'd enter
TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() with a pending
layout, so run the autosizing logic. When scrolled near the bottom, the unconstrained
layout resulted in a shorter document, which truncated the scroll position. The
scaled layout then restored the longer document, but it also restored that
truncated scroll position.

Forcing a layout is sufficient to fix the bug for this page, and doing a single
layout (which will happen anyway) is preferable to running the autosize logic
if layout happens to be dirty.

I was not able to make a test to reproduce the problem. Entering
scaleViewToFitDocumentIfNeeded() with pending layout was triggerable
using a transform transition, but I was not able to reproduce incorrect
scroll position restoration.

  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded):

4:41 PM Changeset in webkit [187000] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

inspector/console/command-line-api.html is slow on Debug Yosemite WK2

<http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=inspector%2Fconsole%2Fcommand-line-api.html>

  • platform/mac-wk2/TestExpectations: Mark test as slow on Debug

Yosemite WK2:

  • inspector/console/command-line-api.html
4:32 PM Changeset in webkit [186999] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

http/tests/cache/disk-cache/disk-cache-disable.html is flaky on Release Yosemite WK2

<http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fcache%2Fdisk-cache%2Fdisk-cache-disable.html>

  • platform/mac-wk2/TestExpectations: Mark test as flaky on

Release Yosemite WK2:

  • http/tests/cache/disk-cache/disk-cache-disable.html
4:32 PM Changeset in webkit [186998] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

media/restore-from-page-cache.html is flaky on Debug Mavericks

<https://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=media%2Frestore-from-page-cache.html>

When the test fails, the computed width and height is
300px × 150px instead of the expected 320px × 240px.

  • platform/mac/TestExpectations: Mark test as flaky on Debug Mavericks:
  • media/restore-from-page-cache.html
2:21 PM Changeset in webkit [186997] by commit-queue@webkit.org
  • 4 edits
    1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r186996.
https://bugs.webkit.org/show_bug.cgi?id=147070

Broke JSC tests (Requested by smfr on #webkit).

Reverted changeset:

"lexical scoping is broken with respect to "break" and
"continue""
https://bugs.webkit.org/show_bug.cgi?id=147063
http://trac.webkit.org/changeset/186996

1:12 PM Changeset in webkit [186996] by saambarati1@gmail.com
  • 4 edits
    1 add in trunk/Source/JavaScriptCore

lexical scoping is broken with respect to "break" and "continue"
https://bugs.webkit.org/show_bug.cgi?id=147063

Reviewed by Filip Pizlo.

Bug #142944 which introduced "let" and lexical scoping
didn't properly hook into the bytecode generator's machinery
for calculating scope depth deltas for "break" and "continue". This
resulted in the bytecode generator popping an incorrect number
of scopes when lexical scopes were involved.

This patch fixes this problem and generalizes this machinery a bit.
This patch also renames old functions in a sensible way that is more
coherent in a world with lexical scoping.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::newLabelScope):
(JSC::BytecodeGenerator::emitProfileType):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::popLexicalScope):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::resolveType):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitGetParentScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::emitPopWithOrCatchScope):
(JSC::BytecodeGenerator::emitPopScopes):
(JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
(JSC::BytecodeGenerator::localScopeDepth):
(JSC::BytecodeGenerator::labelScopeDepth):
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitPushFunctionNameScope):
(JSC::BytecodeGenerator::pushScopedControlFlowContext):
(JSC::BytecodeGenerator::popScopedControlFlowContext):
(JSC::BytecodeGenerator::emitPushCatchScope):
(JSC::BytecodeGenerator::currentScopeDepth): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::hasFinaliser):
(JSC::BytecodeGenerator::scopeDepth): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ContinueNode::trivialTarget):
(JSC::BreakNode::trivialTarget):
(JSC::ReturnNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::TryNode::emitBytecode):

  • tests/stress/lexical-scoping-break-continue.js: Added.

(assert):
(.):

12:48 PM Changeset in webkit [186995] by Alan Bujtas
  • 2 edits in trunk/LayoutTests

[Win] Skip input range repaint test.

  • platform/win/TestExpectations:
7:22 AM Changeset in webkit [186994] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

REGRESSION (r186981): fast/repaint/block-inputrange-repaint.html is starting out life as flaky

<https://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=fast%2Frepaint%2Fblock-inputrange-repaint.html>

  • fast/repaint/block-inputrange-repaint.html:
  • Use setTimeout() to give WebKit time to repaint.
6:54 AM Changeset in webkit [186993] by ddkilzer@apple.com
  • 4 edits in trunk/LayoutTests

REGRESSION (r186905,r186992): Incorrect results for platform/{gtk,efl,win}/fast/shrink-wrap/rect-shrink-wrap-expected.txt

  • platform/efl/fast/shrink-wrap/rect-shrink-wrap-expected.txt:
  • platform/gtk/fast/shrink-wrap/rect-shrink-wrap-expected.txt:
  • platform/win/fast/shrink-wrap/rect-shrink-wrap-expected.txt:
  • Update to correct expected results.
5:54 AM Changeset in webkit [186992] by ddkilzer@apple.com
  • 1 edit
    4 adds in trunk/LayoutTests

REGRESSION (r186858): GTK and EFL ports don't composite <canvas> elements

See also r186905 for Windows.

  • platform/efl/fast/shrink-wrap/rect-shrink-wrap-expected.txt: Added.
  • platform/gtk/fast/shrink-wrap/rect-shrink-wrap-expected.txt: Added.
5:30 AM Changeset in webkit [186991] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r186976): Use piFloat instead of M_PI

Attempt to fix the following build failure:

PathUtilities.cpp(183): error C2065: 'M_PI' : undeclared identifier [...\Source\WebCore\WebCore.vcxproj\WebCore.vcxproj]

  • platform/graphics/PathUtilities.cpp:

(WebCore::walkGraphAndExtractPolygon): Use piFloat since M_PI is
not defined on Windows.

5:20 AM Changeset in webkit [186990] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r186976): Windows build broke due to missing definition of M_PI

Attempt to fix the following build failure:

PathUtilities.cpp(182): error C2065: 'M_PI' : undeclared identifier [...\Source\WebCore\WebCore.vcxproj\WebCore.vcxproj]

  • platform/graphics/PathUtilities.cpp: Include <wtf/MathExtras.h>.
5:19 AM Changeset in webkit [186989] by ddkilzer@apple.com
  • 3 edits in branches/safari-600.1.4.17-branch/LayoutTests

Merge r186988. rdar://problem/21709404

5:07 AM Changeset in webkit [186988] by ddkilzer@apple.com
  • 3 edits in trunk/LayoutTests

REGRESSION (r186982): http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html and loader/meta-refresh-disabled.html fail

Part of:
<https://bugs.webkit.org/show_bug.cgi?id=147044>
<rdar://problem/21567820>

  • http/tests/contentdispositionattachmentsandbox/form-submission-disabled-expected.txt:
  • Fix line number of console message.
  • loader/meta-refresh-disabled-expected.txt:
  • Add newly expected console message.

Jul 17, 2015:

11:32 PM Changeset in webkit [186987] by commit-queue@webkit.org
  • 2 edits in trunk

Bring back the GNU ar check to create thin archives on non-Linux systems
https://bugs.webkit.org/show_bug.cgi?id=146681

Patch by Ting-Wei Lan <Ting-Wei Lan> on 2015-07-17
Reviewed by Martin Robinson.

We already use GNU ar thin archive feature to save time and disk space
on creating static archives, but it is only enabled on Linux. Without
this feature, the debug build of WebCore can be larger than 4 GiB,
which can cause error because GNU ar format uses 32-bit integer to
store offsets in the symbol table. This patch is similar to
https://bugs.webkit.org/show_bug.cgi?id=128596.

  • Source/cmake/OptionsCommon.cmake:
10:51 PM Changeset in webkit [186986] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

DFG should have some obvious mitigations against watching structures that are unprofitable to watch
https://bugs.webkit.org/show_bug.cgi?id=147034

Reviewed by Mark Lam and Michael Saboff.

This implements two guards against the DFG watching structures that are likely to fire
their watchpoints:

  • Don't watch dictionaries or any structure that had a dictionary in its past. Dictionaries can be flattened, and then they can transform back to dictionaries.


  • Don't watch structures whose past structures were transitioned-away from while their transition watchpoints were being watched. This property gives us monotonicity: if we recompile because we watched structure S1 of object O, then we won't make the same mistake again when object O has structure S2, S3, and so on.


This is a 1.5% speed-up on Kraken. It does penalize some Octane tests, but it also seems to
help some of them, so on Octane it's basically neutral.

  • bytecode/Watchpoint.h:

(JSC::WatchpointSet::invalidate):
(JSC::WatchpointSet::isBeingWatched):
(JSC::WatchpointSet::addressOfState):
(JSC::WatchpointSet::addressOfSetIsNotEmpty):
(JSC::InlineWatchpointSet::touch):
(JSC::InlineWatchpointSet::isBeingWatched):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::createStructure):
(JSC::JSGlobalObject::registerWeakMap):

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::didTransitionFromThisStructure):

  • runtime/Structure.h:
10:49 PM Changeset in webkit [186985] by fpizlo@apple.com
  • 8 edits
    2 deletes in trunk/Source/JavaScriptCore

Remove DFG::DesiredWriteBarriers because it's just a very difficult way of saying "please barrier the machine code block owner"
https://bugs.webkit.org/show_bug.cgi?id=147030

Reviewed by Andreas Kling.

All of the users of DesiredWriteBarriers were just using it to request that Plan
finalization executes a barrier on codeBlock->ownerExecutable. Indeed, that's the only
owning cell in the heap that compilation affects. So, we might as well just have Plan
unconditionally execute that barrier and then we don't need DesiredWriteBarriers at
all.

(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

  • dfg/DFGDesiredWriteBarriers.cpp: Removed.
  • dfg/DFGDesiredWriteBarriers.h: Removed.
  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::registerFrozenValues):

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::reallyAdd):
(JSC::DFG::Plan::notifyCompiling):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
(JSC::DFG::Plan::checkLivenessAndVisitChildren):
(JSC::DFG::Plan::cancel):

  • dfg/DFGPlan.h:
10:20 PM Changeset in webkit [186984] by Alan Bujtas
  • 3 edits
    2 adds in trunk

REGRESSION (r169105): Do not assign a renderer to multiple selection subtrees.
https://bugs.webkit.org/show_bug.cgi?id=147038
rdar://problem/21819351

Reviewed by David Kilzer.

A renderer should never be assigned to multiple selection subtrees. (Currently RenderObject maintains the last selection state.)
RenderView::applySubtreeSelection() loops from the start to the end of the selection to find renderers that are inside the selection.
However, in case of regions (when multiple selection roots are present) traversing the renderer tree by calling RenderObject::nextInPreOrder() could
end up going across selection roots.
This patch ensures that we assign renderers to a specific selection only when the current selection root and the renderer's selection root match.

Source/WebCore:

Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2.html

  • rendering/RenderView.cpp:

(WebCore::SelectionIterator::SelectionIterator):
(WebCore::SelectionIterator::current):
(WebCore::SelectionIterator::checkForSpanner):
(WebCore::RenderView::applySubtreeSelection):

LayoutTests:

  • fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2-expected.txt: Added.
  • fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2.html: Added.
9:44 PM Changeset in webkit [186983] by aestes@apple.com
  • 12 edits
    17 adds in branches/safari-600.1.4.17-branch

Merge r186982. rdar://problem/21709404

8:47 PM Changeset in webkit [186982] by aestes@apple.com
  • 12 edits
    17 adds in trunk

[iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment
https://bugs.webkit.org/show_bug.cgi?id=147044
rdar://problem/21567820

Reviewed by Brady Eidson.

Source/WebCore:

In addition to placing resources fetched with 'Content-Disposition: attachment' in a unique origin,
this change does the following:

  • Switches the sandbox type from SandboxOrigin to SandboxAll, which enforces the same restrictions as <iframe sandbox>.
  • Disables processing of <meta http-equiv> elements.
  • Disables loading of cross-origin subframes.

Tests: http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html

http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html
http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html
http/tests/contentdispositionattachmentsandbox/plugins-disabled.html
http/tests/contentdispositionattachmentsandbox/scripts-disabled.html

  • dom/Document.cpp:

(WebCore::Document::processHttpEquiv): Switched to calling Document::httpEquivPolicy(). Logged an error to the console for policies other than Enabled.
(WebCore::Document::initSecurityContext): Switched sandbox enforcement from SandboxOrigin to SandboxAll.
(WebCore::Document::httpEquivPolicy): Returned a HttpEquivPolicy based on shouldEnforceContentDispositionAttachmentSandbox() and Settings::httpEquivEnabled().
(WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Returned true if Settings::contentDispositionAttachmentSandboxEnabled()
and the document was fetched as an attachment.

  • dom/Document.h:
  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::canRequest): When requesting a subframe main resource when the parent frame enforces an attachment sandbox,
only continue if the parent frame's SecurityOrigin allows the request.

  • page/Settings.in: Added contentDispositionAttachmentSandboxEnabled with an initial value of false.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]): Enabled Content-Disposition: attachment sandbox on iOS.

Source/WebKit2:

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage): Enabled Content-Disposition: attachment sandbox on iOS.

Tools:

  • WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::decidePolicyForResponse): Only log the message about attachments if the custom policy delegate is enabled.
This matches the behavior of DumpRenderTree.

LayoutTests:

  • http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt: Added.
  • http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html: Added.
  • http/tests/contentdispositionattachmentsandbox/form-submission-disabled-expected.txt: Added.
  • http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html: Added.
  • http/tests/contentdispositionattachmentsandbox/http-equiv-disabled-expected.txt: Added.
  • http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html: Added.
  • http/tests/contentdispositionattachmentsandbox/plugins-disabled-expected.html: Added.
  • http/tests/contentdispositionattachmentsandbox/plugins-disabled.html: Added.
  • http/tests/contentdispositionattachmentsandbox/resources/cross-origin-frames-frame.php: Added.
  • http/tests/contentdispositionattachmentsandbox/resources/form-submission-frame.php: Added.
  • http/tests/contentdispositionattachmentsandbox/resources/http-equiv-frame.php: Added.
  • http/tests/contentdispositionattachmentsandbox/resources/plugins-frame.php: Added.
  • http/tests/contentdispositionattachmentsandbox/resources/scripts-frame.php: Added.
  • http/tests/contentdispositionattachmentsandbox/scripts-disabled-expected.txt: Added.
  • http/tests/contentdispositionattachmentsandbox/scripts-disabled.html: Added.
8:46 PM Changeset in webkit [186981] by Alan Bujtas
  • 3 edits
    2 adds in trunk

(display: block)input range's thumb disappears when moved.
https://bugs.webkit.org/show_bug.cgi?id=146896
<rdar://problem/21787807>

Reviewed by Simon Fraser.

Since the thumb is positioned after the layout for the input (shadow) subtree is finished, the repaint rects
issued during the layout will not cover the re-positioned thumb.
We need to issue a repaint soon after the thumb is re-positioned.

Source/WebCore:

Test: fast/repaint/block-inputrange-repaint.html

  • html/shadow/SliderThumbElement.cpp:

(WebCore::RenderSliderContainer::layout):

LayoutTests:

  • fast/repaint/block-inputrange-repaint-expected.txt: Added.
  • fast/repaint/block-inputrange-repaint.html: Added.
8:16 PM Changeset in webkit [186980] by Simon Fraser
  • 3 edits in trunk/Source/WebCore

Attempt to fix the build.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::webkitCurrentPlaybackTargetIsWireless):

  • html/HTMLMediaElement.h:
5:30 PM Changeset in webkit [186979] by dino@apple.com
  • 3 edits in trunk/Source/WebCore

Picture in Picture interacts poorly with AirPlay/HDMI
https://bugs.webkit.org/show_bug.cgi?id=147061
<rdar://problem/19192076>

Reviewed by Tim Horton.

When we are actively playing to an external target, the
picture in picture button should be hidden.

Also, the availability of picture in picture is also
dependent on AirPlay, so that we don't auto-pip when
we're displaying on a TV.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.configureInlineControls): Call the update function.
(ControllerIOS.prototype.updatePictureInPictureButton): Add or remove a hidden class.

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::allowsPictureInPicture): Check Airplay status.

5:20 PM Changeset in webkit [186978] by timothy_horton@apple.com
  • 6 edits in trunk/Source

[iOS] TextIndicator has a large forehead when line-height > 1
https://bugs.webkit.org/show_bug.cgi?id=147058
<rdar://problem/21643094>

Reviewed by Dean Jackson.

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::getClippedVisibleTextRectangles):

  • editing/FrameSelection.h:

Add a parameter controlling whether getClippedVisibleTextRectangles
returns selection-height rects (including extra line-height) or text-height
rects (including only the text height). Plumb it down.

  • page/TextIndicator.cpp:

(WebCore::TextIndicator::createWithRange):
(WebCore::TextIndicator::createWithSelectionInFrame):
Use the tighter text-height rects on iOS, where there's no selection highlight to cover up.
Remove an assertion that is no longer always true, and which is mostly obsoleted by the
fact that we don't let FrameSnapshotting code arbitrarily decide the rect to snapshot anymore.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getPositionInformation):
Apply a review comment that I left myself and then forgot about.

4:59 PM Changeset in webkit [186977] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] Implement selectionInteractionAssistant accessor.
https://bugs.webkit.org/show_bug.cgi?id=147054
rdar://problem/20864286

Reviewed by Tim Horton.

One more change to adopt the new selection interaction
model on iOS.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView selectionInteractionAssistant]):

4:55 PM Changeset in webkit [186976] by timothy_horton@apple.com
  • 9 edits in trunk

Improve rect shrink-wrapping algorithm
https://bugs.webkit.org/show_bug.cgi?id=147037
<rdar://problem/21643094>

Reviewed by Simon Fraser.

  • platform/graphics/FloatPoint.h:

(WebCore::areEssentiallyEqual):
Added; implementation is the same as FloatSize's.

  • platform/graphics/PathUtilities.cpp:

(WebCore::FloatPointGraph::FloatPointGraph):
(WebCore::FloatPointGraph::~FloatPointGraph):
(WebCore::FloatPointGraph::Node::Node):
(WebCore::FloatPointGraph::Node::nextPoints):
(WebCore::FloatPointGraph::Node::addNextPoint):
(WebCore::FloatPointGraph::Node::isVisited):
(WebCore::FloatPointGraph::Node::visit):
(WebCore::FloatPointGraph::Node::reset):
(WebCore::FloatPointGraph::reset):
(WebCore::FloatPointGraph::findOrCreateNode):
(WebCore::findLineSegmentIntersection):
(WebCore::addIntersectionPoints):
(WebCore::walkGraphAndExtractPolygon):
(WebCore::findUnvisitedPolygonStartPoint):
(WebCore::unitePolygons):
(WebCore::edgesForRect):
(WebCore::PathUtilities::pathWithShrinkWrappedRects):
(WebCore::addShrinkWrapRightCorner): Deleted.
(WebCore::addShrinkWrapLeftCorner): Deleted.
(WebCore::addShrinkWrappedPathForRects): Deleted.
(WebCore::rectsIntersectOrTouch): Deleted.
(WebCore::findSetContainingRect): Deleted.
Add a new implementation of shrink-wrap, which is significantly more
generic than the old one, which assumed a top-down progression of rects.

This version uses polygon intersection to find the path around the
set of rects, and then follows said path and adds appropriately-sized
arcs for the corners.

The polygon intersection algorithm first finds all the intersection points
between all of the rects, then builds a graph of edges outward from one point.
It then traverses the graph, choosing at each point the next edge which
has not been visited and has the greatest interior angle, recording the polygon as it goes.

If at the end of the traversal we have not returned to the initial node,
we give up on shrink-wrapping and just use a bounding box around the rects.

If any of the original rects have not been visited at all, we repeat the traversal
starting with that rect, making an additional polygon (since we removed completely contained
rects before we started, having not visited the rect at all means that it's not connected
to the others).

Once we have a set of united polygons, we follow each one, determining the ideal (always
equal in width and height, never more than half the length of either edge, so that we always
have a smooth curve) arc radius and projecting it onto the edge, and then
adding an arc between the end of the previous path and beginning of the next.

Because the shrink-wrap algorithm is fairly expensive, if there are more than 20 rects,
we fall back to a bounding box. Given the current use cases, this is more than enough
rects, but can certainly be adjusted in the future if needed.

  • testing/Internals.cpp:

(WebCore::Internals::pathWithShrinkWrappedRects):

  • testing/Internals.h:
  • testing/Internals.idl:

Add a radius parameter.

  • fast/shrink-wrap/rect-shrink-wrap-expected.png:
  • fast/shrink-wrap/rect-shrink-wrap.html:

Add a radius parameter to testRects, defaulting to 8.

Add an offset parameter to testRects, making it easier to slide
the rect sets around.

Add some more test cases.

4:47 PM Changeset in webkit [186975] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.41

New tag.

4:32 PM Changeset in webkit [186974] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

AX: iframe within table cell is inaccessible to VoiceOver
https://bugs.webkit.org/show_bug.cgi?id=147001
<rdar://problem/21106945>

Patch by Nan Wang <n_wang@apple.com> on 2015-07-17
Reviewed by Chris Fleizach.

Source/WebCore:

When a table cell is created before its parent table determines if it should be ignored or not,
the table cell may cache the wrong role. Fix that by allowing each table cell to update its role
after the table makes this determination.

Test: accessibility/iframe-within-cell.html

  • accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::addChildren):
(WebCore::AccessibilityTable::addChildrenFromSection):

LayoutTests:

  • accessibility/iframe-within-cell-expected.txt: Added.
  • accessibility/iframe-within-cell.html: Added.
4:32 PM Changeset in webkit [186973] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1-branch/Source

Versioning.

4:26 PM Changeset in webkit [186972] by bshafiei@apple.com
  • 5 edits in branches/safari-600.8-branch/Source

Versioning.

4:26 PM Changeset in webkit [186971] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

style.fontFamily accessor crashes on unstyled node created from DOMParser().parseFromString()
https://bugs.webkit.org/show_bug.cgi?id=147026
<rdar://problem/21864487>

Reviewed by Andreas Kling.

Source/WebCore:

Font CSS properties are a little special because they are used as indices into caches.
Normally, StyleResolver gives all nodes a default font family, so our cache works correctly.
However, if the document doesn't have a Settings object, StyleResolver wasn't doing this.
Documents created from DOMParser().parseFromString() don't have a Settings object.

Test: fast/text/crash-font-family-parsed.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::defaultStyleForElement):
(WebCore::StyleResolver::initializeFontStyle): Set a font family even if we don't have a
Settings object.

LayoutTests:

  • fast/text/crash-font-family-parsed-expected.txt: Added.
  • fast/text/crash-font-family-parsed.html: Added.
4:18 PM Changeset in webkit [186970] by Yusuke Suzuki
  • 2 edits
    1 move in trunk/LayoutTests

Unreviewed, rename test file from promise-resolve-non-dom.js to promise-resolve-in-non-dom.js
https://bugs.webkit.org/show_bug.cgi?id=146828

This is the simple follow up patch.
When executing the JSC stress tests, script-tests's file name and the expectation file name should be equal.

  • js/promise-resolve-in-non-dom.html:
  • js/script-tests/promise-resolve-in-non-dom.js: Renamed from LayoutTests/js/script-tests/promise-resolve-non-dom.js.

(value.then):

  • js/script-tests/promise-resolve-non-dom.js:

(value.then): Deleted.

4:05 PM Changeset in webkit [186969] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r186964): Crash in WebKit2.CloseFromWithinCreatePage
https://bugs.webkit.org/show_bug.cgi?id=147055

Reviewed by Alex Christensen.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::createNewPage): Grab the main frame’s URL before calling out to the
client, who may destroy the frame.

4:01 PM Changeset in webkit [186968] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

Video posters disappear once media has loaded
https://bugs.webkit.org/show_bug.cgi?id=147045

Reviewed by Simon Fraser.

Source/WebCore:

After r184932, all video elements are composited. However, there is logic in
RenderLayerBacking::updateConfiguration() which adds the video layer to the page
if the video is composited, without checking first to see if it should actually
do so.

Test: compositing/video/poster.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateConfiguration):

LayoutTests:

  • compositing/video/poster-expected.html: Added.
  • compositing/video/poster.html: Added.
3:54 PM Changeset in webkit [186967] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.8.4

New tag.

3:40 PM Changeset in webkit [186966] by Yusuke Suzuki
  • 11 edits
    6 adds in trunk

Integrate automatic microtask draining into JSC framework and re-enable Promise
https://bugs.webkit.org/show_bug.cgi?id=146828

Reviewed by Sam Weinig.

Source/JavaScriptCore:

Add automatic microtask draining system into JSC framework.
When the depth of VM lock becomes 0, before this, we drain the queued microtasks.
Enqueuing behavior can be injected by the JSGlobalObject's method table.
It is utilized in WebCore to post the microtask to WebCore's event loop.

In the case of JSC interactive shell, VM depth is always greater than 0.
So we manually drains the queued microtasks after evaluating the written line.

Since now JSC framework has the microtask queue, we can drain the queued microtasks.
So re-enable the Promise in the JSC framework context.

  • API/JSContextRef.cpp:

(javaScriptRuntimeFlags): Deleted.

  • API/tests/testapi.c:

(main):

  • API/tests/testapi.mm:

(testObjectiveCAPIMain):

  • jsc.cpp:

(runInteractive):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::queueMicrotask):

  • runtime/JSLock.cpp:

(JSC::JSLock::willReleaseLock):

  • runtime/VM.cpp:

(JSC::VM::queueMicrotask):
(JSC::VM::drainMicrotasks):
(JSC::QueuedTask::run):

  • runtime/VM.h:

(JSC::QueuedTask::QueuedTask):

LayoutTests:

Add Promise tests mainly focusing on microtasks.
They can be executed in JSC shell. So they are locate in js/ directory (not js/dom).

  • js/promise-nested-microtasks-expected.txt: Added.
  • js/promise-nested-microtasks.html: Added.
  • js/promise-resolve-in-non-dom-expected.txt: Added.
  • js/promise-resolve-in-non-dom.html: Added.
  • js/script-tests/promise-nested-microtasks.js: Added.

(Promise.resolve.then):

  • js/script-tests/promise-resolve-non-dom.js: Added.

(value.then):

  • resources/standalone-post.js:
2:47 PM Changeset in webkit [186965] by commit-queue@webkit.org
  • 4 edits in trunk

[Content Extensions] Term::isUniversalTransition() incorrectly expects the end-of-line assertion in character sets
https://bugs.webkit.org/show_bug.cgi?id=147032

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-07-17
Reviewed by Alex Christensen.

Source/WebCore:

  • contentextensions/Term.h:

(WebCore::ContentExtensions::Term::isUniversalTransition):
The universal transition is not supposed to account for the end-of-line assertion,
it should be a transition matching any character.

Here, we were counting 128 transitions, the 127 characters plus the
transition on zero we are using for EOL.

The end result is Term::isUniversalTransition() was completely useless.
The only code using it is the pattern simplificaton phase. That part
was not working correclty and was allowing useless ".*" in the patterns.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

Test that the useless terms are eliminated by counting
the number of NFA nodes generated.

2:16 PM Changeset in webkit [186964] by mitz@apple.com
  • 10 edits
    1 add in trunk

Source/WebCore:
WebCore part of <rdar://problem/21803781> The external URL policy is not reported correctly in navigation actions that create new windows
https://bugs.webkit.org/show_bug.cgi?id=147040

Reviewed by Dean Jackson.

Test: TestWebKitAPI/Tests/WebKit2Cocoa/ShouldOpenExternalURLsInNewWindowActions.mm

  • loader/FrameLoader.cpp:

(WebCore::shouldOpenExternalURLsPolicyToApply): Pulled the logic out of
applyShouldOpenExternalURLsPolicyToNewDocumentLoader into this new helper.
(WebCore::FrameLoader::loadURL): When targeting a new frame, apply the external URLs policy
to the action passed to checkNewWindowPolicy.
(WebCore::FrameLoader::applyShouldOpenExternalURLsPolicyToNewDocumentLoader): Call the new
helper function.
(WebCore::createWindow): Include the external URL policy in the action passed to
createWindow.

Source/WebKit2:
WebKit2 part of <rdar://problem/21803781> The external URL policy is not reported correctly in navigation actions that create new windows
https://bugs.webkit.org/show_bug.cgi?id=147040

Reviewed by Dean Jackson.

  • UIProcess/Cocoa/UIDelegate.mm:

(WebKit::UIDelegate::UIClient::createNewPage): Disallow App Links if the new page is for the
same protocol, host and port as the main frame of this page.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForNavigationAction): Disallow App Links if
m_shouldSuppressAppLinksInNextNavigationPolicyDecision is set, and reset it. See below for
when we set it.
(WebKit::WebPageProxy::decidePolicyForNewWindowAction): Disallow App Links if the new window
is for the same protocol, host and port as the main frame of this page.
(WebKit::WebPageProxy::createNewPage): Make the new page disallow App Links in the first
policy decision if it is for the same protocol, host and port as the main frame of this
page.

  • UIProcess/WebPageProxy.h: Added m_shouldSuppressAppLinksInNextNavigationPolicyDecision

member variable.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::createWindow): Pass the shouldOpenExternalURLsPolicy.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction): Ditto.

Tools:
Tests for <rdar://problem/21803781> The external URL policy is not reported correctly in navigation actions that create new windows
https://bugs.webkit.org/show_bug.cgi?id=147040

Reviewed by Dean Jackson.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/ShouldOpenExternalURLsInNewWindowActions.mm: Added.

(-[ShouldOpenExternalURLsInNewWindowActionsController webView:decidePolicyForNavigationAction:decisionHandler:]):
(-[ShouldOpenExternalURLsInNewWindowActionsController webView:didFinishNavigation:]):
(-[ShouldOpenExternalURLsInNewWindowActionsController webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:]):
(TEST):

12:35 PM Changeset in webkit [186963] by andersca@apple.com
  • 2 edits in trunk/Source/WebCore

ScrollView.h should be self-contained
https://bugs.webkit.org/show_bug.cgi?id=147004

Reviewed by Sam Weinig.

  • platform/ScrollView.h:
12:23 PM Changeset in webkit [186962] by bshafiei@apple.com
  • 33 edits in tags/Safari-601.1.36.2

Merged r186881. rdar://problem/21822278

12:00 PM Changeset in webkit [186961] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Rolling r186895 back in, in its entirety.
https://bugs.webkit.org/show_bug.cgi?id=146976

Rubberstamped by Tim Horton.

  • platform/network/cf/CookieJarCFNet.cpp:

(WebCore::createCookies): Use new CFNetwork SPI.

11:50 AM Changeset in webkit [186960] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.36.2/Source

Versioning.

11:48 AM Changeset in webkit [186959] by saambarati1@gmail.com
  • 65 edits in trunk

Function parameters should be parsed in the same parser arena as the function body
https://bugs.webkit.org/show_bug.cgi?id=145995

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

This patch changes how functions are parsed in JSC. A function's
parameters are now parsed in the same arena as the function itself.
This allows us to arena allocate all destructuring AST nodes and
the FunctionParameters node. This will help make implementing ES6
default parameter values sane.

A source code that represents a function now includes the text of the function's
parameters. The starting offset is at the opening parenthesis of the parameter
list or at the starting character of the identifier for arrow functions that
have single arguments and don't start with parenthesis.

For example:

"function (param1, param2) { ... }"


| This offset used to be the starting offset of a function's SourceCode


| This is the new starting offset for a function's SourceCode.

This requires us to change how some offsets are calculated
and also requires us to report some different line numbers for internal
metrics that use a SourceCode's starting line and column numbers.

This patch also does a bit of cleanup with regards to how
functions are parsed in general (especially arrow functions).
It removes some unnecessary #ifdefs and the likes for arrow
to make things clearer and more deliberate.

  • API/JSScriptRef.cpp:

(parseScript):

  • builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createExecutableInternal):

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
(JSC::UnlinkedFunctionExecutable::visitChildren):
(JSC::UnlinkedFunctionExecutable::parameterCount): Deleted.

  • bytecode/UnlinkedCodeBlock.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::DestructuringAssignmentNode::emitBytecode):
(JSC::assignDefaultValueIfUndefined):
(JSC::ArrayPatternNode::collectBoundIdentifiers):
(JSC::DestructuringPatternNode::~DestructuringPatternNode): Deleted.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createClassExpr):
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createFunctionBody):
(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createElementList):
(JSC::ASTBuilder::createFormalParameterList):
(JSC::ASTBuilder::appendParameter):
(JSC::ASTBuilder::createClause):
(JSC::ASTBuilder::createClauseList):
(JSC::ASTBuilder::createFuncDeclStatement):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createForOfLoop):
(JSC::ASTBuilder::isResolve):
(JSC::ASTBuilder::createDestructuringAssignment):
(JSC::ASTBuilder::createArrayPattern):
(JSC::ASTBuilder::appendArrayPatternSkipEntry):
(JSC::ASTBuilder::appendArrayPatternEntry):
(JSC::ASTBuilder::appendArrayPatternRestEntry):
(JSC::ASTBuilder::finishArrayPattern):
(JSC::ASTBuilder::createObjectPattern):
(JSC::ASTBuilder::appendObjectPatternEntry):
(JSC::ASTBuilder::createBindingLocation):
(JSC::ASTBuilder::setEndOffset):

  • parser/Lexer.cpp:

(JSC::Lexer<T>::Lexer):
(JSC::Lexer<T>::nextTokenIsColon):
(JSC::Lexer<T>::setTokenPosition):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::clear):

  • parser/Lexer.h:

(JSC::Lexer::setIsReparsingFunction):
(JSC::Lexer::isReparsingFunction):
(JSC::Lexer::lineNumber):
(JSC::Lexer::setIsReparsing): Deleted.
(JSC::Lexer::isReparsing): Deleted.

  • parser/NodeConstructors.h:

(JSC::TryNode::TryNode):
(JSC::FunctionParameters::FunctionParameters):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrayPatternNode::ArrayPatternNode):
(JSC::ObjectPatternNode::ObjectPatternNode):
(JSC::BindingNode::BindingNode):
(JSC::DestructuringAssignmentNode::DestructuringAssignmentNode):
(JSC::ParameterNode::ParameterNode): Deleted.
(JSC::ArrayPatternNode::create): Deleted.
(JSC::ObjectPatternNode::create): Deleted.
(JSC::BindingNode::create): Deleted.

  • parser/Nodes.cpp:

(JSC::ProgramNode::ProgramNode):
(JSC::EvalNode::EvalNode):
(JSC::FunctionBodyNode::FunctionBodyNode):
(JSC::FunctionBodyNode::finishParsing):
(JSC::FunctionNode::FunctionNode):
(JSC::FunctionNode::finishParsing):
(JSC::FunctionParameters::create): Deleted.
(JSC::FunctionParameters::FunctionParameters): Deleted.
(JSC::FunctionParameters::~FunctionParameters): Deleted.

  • parser/Nodes.h:

(JSC::ProgramNode::startColumn):
(JSC::ProgramNode::endColumn):
(JSC::EvalNode::startColumn):
(JSC::EvalNode::endColumn):
(JSC::FunctionParameters::size):
(JSC::FunctionParameters::at):
(JSC::FunctionParameters::append):
(JSC::FuncExprNode::body):
(JSC::DestructuringPatternNode::~DestructuringPatternNode):
(JSC::DestructuringPatternNode::isBindingNode):
(JSC::DestructuringPatternNode::emitDirectBinding):
(JSC::ArrayPatternNode::appendIndex):
(JSC::ObjectPatternNode::appendEntry):
(JSC::BindingNode::boundProperty):
(JSC::BindingNode::divotStart):
(JSC::BindingNode::divotEnd):
(JSC::DestructuringAssignmentNode::bindings):
(JSC::FuncDeclNode::body):
(JSC::ParameterNode::pattern): Deleted.
(JSC::ParameterNode::nextParam): Deleted.
(JSC::FunctionParameters::patterns): Deleted.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::~Parser):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::allowAutomaticSemicolon):
(JSC::Parser<LexerType>::parseSourceElements):
(JSC::Parser<LexerType>::createBindingPattern):
(JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBodySourceElements):
(JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
(JSC::Parser<LexerType>::parseSwitchClauses):
(JSC::Parser<LexerType>::parseSwitchDefaultClause):
(JSC::Parser<LexerType>::parseBlockStatement):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::stringForFunctionMode):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::parseArrowFunctionExpression):
(JSC::operatorString):
(JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBody): Deleted.

  • parser/Parser.h:

(JSC::Parser::positionBeforeLastNewline):
(JSC::Parser::locationBeforeLastToken):
(JSC::Parser::findCachedFunctionInfo):
(JSC::Parser::isofToken):
(JSC::Parser::isEndOfArrowFunction):
(JSC::Parser::isArrowFunctionParamters):
(JSC::Parser::tokenStart):
(JSC::Parser::isLETMaskedAsIDENT):
(JSC::Parser::autoSemiColon):
(JSC::Parser::setEndOfStatement):
(JSC::Parser::canRecurse):
(JSC::Parser<LexerType>::parse):
(JSC::parse):

  • parser/ParserFunctionInfo.h:
  • parser/ParserModes.h:

(JSC::functionNameIsInScope):

  • parser/SourceCode.h:

(JSC::makeSource):
(JSC::SourceCode::subExpression):
(JSC::SourceCode::subArrowExpression): Deleted.

  • parser/SourceProviderCache.h:

(JSC::SourceProviderCache::get):

  • parser/SourceProviderCacheItem.h:

(JSC::SourceProviderCacheItem::endFunctionToken):
(JSC::SourceProviderCacheItem::usedVariables):
(JSC::SourceProviderCacheItem::writtenVariables):
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::SyntaxChecker):
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionBody):
(JSC::SyntaxChecker::createArrowFunctionExpr):
(JSC::SyntaxChecker::setFunctionNameStart):
(JSC::SyntaxChecker::createArguments):
(JSC::SyntaxChecker::createPropertyList):
(JSC::SyntaxChecker::createElementList):
(JSC::SyntaxChecker::createFormalParameterList):
(JSC::SyntaxChecker::appendParameter):
(JSC::SyntaxChecker::createClause):
(JSC::SyntaxChecker::createClauseList):

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

  • runtime/Completion.cpp:

(JSC::checkSyntax):

  • runtime/Executable.cpp:

(JSC::ProgramExecutable::checkSyntax):

  • tests/controlFlowProfiler/conditional-expression.js:

(testConditionalFunctionCall):

LayoutTests:

  • fast/profiler/anonymous-event-handler-expected.txt:
  • fast/profiler/anonymous-function-called-from-different-contexts-expected.txt:
  • fast/profiler/anonymous-function-calls-built-in-functions-expected.txt:
  • fast/profiler/anonymous-function-calls-eval-expected.txt:
  • fast/profiler/anonymous-functions-with-display-names-expected.txt:
  • fast/profiler/apply-expected.txt:
  • fast/profiler/built-in-function-calls-anonymous-expected.txt:
  • fast/profiler/built-in-function-calls-user-defined-function-expected.txt:
  • fast/profiler/call-expected.txt:
  • fast/profiler/calling-the-function-that-started-the-profiler-from-another-scope-expected.txt:
  • fast/profiler/compare-multiple-profiles-expected.txt:
  • fast/profiler/constructor-expected.txt:
  • fast/profiler/dead-time-expected.txt:
  • fast/profiler/document-dot-write-expected.txt:
  • fast/profiler/event-handler-expected.txt:
  • fast/profiler/execution-context-and-eval-on-same-line-expected.txt:
  • fast/profiler/inline-event-handler-expected.txt:
  • fast/profiler/many-calls-in-the-same-scope-expected.txt:
  • fast/profiler/multiple-and-different-scoped-anonymous-function-calls-expected.txt:
  • fast/profiler/multiple-and-different-scoped-function-calls-expected.txt:
  • fast/profiler/multiple-anonymous-functions-called-from-the-same-function-expected.txt:
  • fast/profiler/multiple-frames-expected.txt:
  • fast/profiler/named-functions-with-display-names-expected.txt:
  • fast/profiler/nested-anonymous-functon-expected.txt:
  • fast/profiler/nested-start-and-stop-profiler-expected.txt:
  • fast/profiler/one-execution-context-expected.txt:
  • fast/profiler/profile-calls-in-included-file-expected.txt:
  • fast/profiler/profile-with-no-title-expected.txt:
  • fast/profiler/profiling-from-a-nested-location-but-stop-profiling-outside-the-nesting-expected.txt:
  • fast/profiler/profiling-from-a-nested-location-expected.txt:
  • fast/profiler/simple-event-call-expected.txt:
  • fast/profiler/simple-no-level-change-expected.txt:
  • fast/profiler/start-and-stop-profiler-multiple-times-expected.txt:
  • fast/profiler/start-and-stop-profiling-in-the-same-function-expected.txt:
  • fast/profiler/stop-profiling-after-setTimeout-expected.txt:
  • fast/profiler/stop-then-function-call-expected.txt:
  • fast/profiler/two-execution-contexts-expected.txt:
  • fast/profiler/user-defined-function-calls-built-in-functions-expected.txt:
  • fast/profiler/window-dot-eval-expected.txt:
  • js/dom/script-start-end-locations-expected.txt:
11:46 AM Changeset in webkit [186958] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.36.2

New tag.

11:28 AM Changeset in webkit [186957] by commit-queue@webkit.org
  • 7 edits
    9 adds in trunk

[Content Extensions] CSS-display-none rules are not working properly
https://bugs.webkit.org/show_bug.cgi?id=147024

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-07-17
Reviewed by Sam Weinig.

Source/WebCore:

There were 2 bugs prevening rules with css-display-none and a url-filter from working
correctly.

First, ContentExtensions::serializeActions() was merging selectors regardless of their
trigger. All the CSS Selectors would be grouped together and applied regardless of which
rule apply.

That problem was fixed by grouping CSS rules by trigger. We want all the undistinguishable
CSS rules to be merged. The trigger makes 2 rules dinstinguishable as one rule can apply
on a page while the next rule does not. The simplest approach is to group by trigger.

The second problem had to do with rules added before the document is created.
When accumulating those rules, we were only keeping the last one. The reason was that
DocumentLoader::addPendingContentExtensionDisplayNoneSelector() would only keep a single
selector list by extension.

This is fixed by keeping a vector of all the rules that apply.

Tests: http/tests/contentextensions/css-display-none-with-different-case-sensitivity-are-not-merged.html

http/tests/contentextensions/css-display-none-with-different-triggers-are-not-merged.html
http/tests/contentextensions/two-distinguishable-css-display-none-rules-on-main-resource.html

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::serializeActions):

  • contentextensions/ContentExtensionRule.h:

(WebCore::ContentExtensions::Trigger::isEmpty):
(WebCore::ContentExtensions::TriggerHash::hash):
(WebCore::ContentExtensions::TriggerHash::equal):
(WebCore::ContentExtensions::TriggerHashTraits::constructDeletedValue):
(WebCore::ContentExtensions::TriggerHashTraits::isDeletedValue):
(WebCore::ContentExtensions::TriggerHashTraits::emptyValue):
(WebCore::ContentExtensions::TriggerHashTraits::isEmptyValue):

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad): Deleted.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::commitData):
(WebCore::DocumentLoader::addPendingContentExtensionDisplayNoneSelector):

  • loader/DocumentLoader.h:

LayoutTests:

  • http/tests/contentextensions/css-display-none-with-different-case-sensitivity-are-not-merged-expected.txt: Added.
  • http/tests/contentextensions/css-display-none-with-different-case-sensitivity-are-not-merged.html: Added.
  • http/tests/contentextensions/css-display-none-with-different-case-sensitivity-are-not-merged.html.json: Added.
  • http/tests/contentextensions/css-display-none-with-different-triggers-are-not-merged-expected.txt: Added.
  • http/tests/contentextensions/css-display-none-with-different-triggers-are-not-merged.html: Added.
  • http/tests/contentextensions/css-display-none-with-different-triggers-are-not-merged.html.json: Added.
  • http/tests/contentextensions/two-distinguishable-css-display-none-rules-on-main-resource-expected.txt: Added.
  • http/tests/contentextensions/two-distinguishable-css-display-none-rules-on-main-resource.html: Added.
  • http/tests/contentextensions/two-distinguishable-css-display-none-rules-on-main-resource.html.json: Added.
11:24 AM Changeset in webkit [186956] by timothy_horton@apple.com
  • 9 edits in trunk/Source

iOS TextIndicators include text that is not supposed to be indicated
https://bugs.webkit.org/show_bug.cgi?id=147028
<rdar://problem/21643094>

Reviewed by Sam Weinig.

Paint the selection and background, but not other foregrounds, for iOS TextIndicators.

  • page/FrameSnapshotting.cpp:

(WebCore::snapshotFrameRect):

  • page/FrameSnapshotting.h:

Add a new snapshot option where we'll paint backgrounds and the selected
foreground and nothing else.
Pass the new snapshot option through as a paint behavior.

  • page/TextIndicator.cpp:

(WebCore::TextIndicator::createWithRange):
Implement the incantations necessary to make a temporary selection
change not get sent to the UI process and actually have WebCore know about it
and accurately respond to questions about it.

(WebCore::TextIndicator::createWithSelectionInFrame):
Paint selection and backgrounds on iOS.

  • rendering/PaintPhase.h:
  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayerContents):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::selectionColor):
Add a new paint behavior, SelectionAndBackgroundsOnly, which behaves
the same as selection only except it allows backgrounds to paint.

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::shouldCreateTransientPaintingSnapshot):

11:11 AM Changeset in webkit [186955] by mark.lam@apple.com
  • 25 edits in trunk

Remove leak of objects between isolated worlds on custom events, message events, and pop state events.
https://bugs.webkit.org/show_bug.cgi?id=118884

Reviewed by Filip Pizlo and Mark Lam.
Patch by Keith Miller <keith_miller@apple.com>.

Source/WebCore:

Tests: fast/events/event-leak-objects.html

fast/events/event-properties-gc.html

Fixes an issue where objects passed as certain properties of events could cross isolated worlds. This
was fixed by checking that any object passed by an event must be serializable or originate from the same
isolated world as the one it is currently being accessed in. In the case of MessageEvents and PopStateEvents we
cache the values of the data and state properties, respectively, as they may be a deserialized object. In case
an object was deserialized in a world with elevated privileges we also check the cached value is from the same
world, if it is from a different world we recompute it. For testing purposes, I added a new function to Internals
that determines whether a JSObject originated in the current world.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/DOMWrapperWorld.h:

(WebCore::worldForDOMObject):

  • bindings/js/JSBindingsAllInOne.cpp:
  • bindings/js/JSCustomEventCustom.cpp: Copied from Source/WebCore/dom/CustomEvent.cpp.

(WebCore::JSCustomEvent::detail):

  • bindings/js/JSMessageEventCustom.cpp:

(WebCore::JSMessageEvent::data):

  • bindings/js/JSPopStateEventCustom.cpp:

(WebCore::JSPopStateEvent::state):

  • dom/CustomEvent.cpp:

(WebCore::CustomEvent::initCustomEvent):
(WebCore::CustomEvent::trySerializeDetail):

  • dom/CustomEvent.h:
  • dom/CustomEvent.idl:
  • dom/MessageEvent.cpp:

(WebCore::MessageEvent::initMessageEvent):
(WebCore::MessageEvent::trySerializeData):

  • dom/MessageEvent.h:
  • dom/PopStateEvent.cpp:

(WebCore::PopStateEvent::trySerializeState):

  • dom/PopStateEvent.h:
  • testing/Internals.cpp:

(WebCore::Internals::isFromCurrentWorld):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

These tests ensure ensure objects are not leaked across isolated worlds and that those properties are not prematurely
garbage collected.

  • fast/events/constructors/custom-event-constructor-expected.txt:
  • fast/events/constructors/custom-event-constructor.html:
  • fast/events/event-leak-objects-expected.txt: Added.
  • fast/events/event-leak-objects.html: Added.
  • fast/events/event-properties-gc-expected.txt: Added.
  • fast/events/event-properties-gc.html: Added.
2:23 AM Changeset in webkit [186954] by Carlos Garcia Campos
  • 7 edits in trunk/Source

[GTK] Cleanup PasteboardHelper
https://bugs.webkit.org/show_bug.cgi?id=147035

Reviewed by Žan Doberšek.

Source/WebCore:

It's actually a singleton, but the API suggests you can create
your own or use the default one, but the default one should be the
only one. Rename PasteboardHelper::defaultPasteboardHelper() as
PasteboardHelper::singleton() and make it non-copyable and never
destroyed.

  • platform/gtk/PasteboardGtk.cpp:

(WebCore::Pasteboard::writePlainText): Use PasteboardHelper::singleton().
(WebCore::Pasteboard::write): Ditto.
(WebCore::Pasteboard::writePasteboard): Ditto.
(WebCore::Pasteboard::clear): Ditto.
(WebCore::Pasteboard::canSmartReplace): Ditto.
(WebCore::Pasteboard::read): Ditto.
(WebCore::Pasteboard::hasData): Ditto.
(WebCore::Pasteboard::types): Ditto.
(WebCore::Pasteboard::readString): Ditto.
(WebCore::Pasteboard::readFilenames): Ditto.

  • platform/gtk/PasteboardHelper.cpp:

(WebCore::PasteboardHelper::singleton): Renamed as singleton, also
use NeverDestroyed and return a reference instead of a pointer.
(WebCore::PasteboardHelper::PasteboardHelper): Do all
initializations here and remove the initialization static flag,
since this is a real singleton now. Also use
gdk_atom_intern_static_string() to initialize the atoms instead of
gdk_atom_intern().
(WebCore::PasteboardHelper::targetList):
(WebCore::PasteboardHelper::targetListForDataObject):
(WebCore::getClipboardContentsCallback):

  • platform/gtk/PasteboardHelper.h:

Source/WebKit2:

Use PasteboardHelper::singleton() instead of
PasteboardHelper::defaultPasteboardHelper().

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseConstructed):

  • UIProcess/gtk/DragAndDropHandler.cpp:

(WebKit::DragAndDropHandler::startDrag):
(WebKit::DragAndDropHandler::fillDragData):
(WebKit::DragAndDropHandler::dataObjectForDropData):
(WebKit::DragAndDropHandler::requestDragData):

Jul 16, 2015:

11:24 PM Changeset in webkit [186953] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601.1-branch/Source/WebKit2

Merge r186808. rdar://problem/21801544

11:15 PM Changeset in webkit [186952] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebInspectorUI

Merge r186926. rdar://problem/21868062

11:15 PM Changeset in webkit [186951] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebInspectorUI

Merge r186925. rdar://problem/21868413

11:15 PM Changeset in webkit [186950] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebKit2

Merge r186924. rdar://problem/21669802

11:15 PM Changeset in webkit [186949] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/JavaScriptCore

Merge r186920. rdar://problem/21764196

11:15 PM Changeset in webkit [186948] by matthew_hanson@apple.com
  • 4 edits in branches/safari-601.1-branch/Source

Merge r186919. rdar://problem/21834578

11:15 PM Changeset in webkit [186947] by matthew_hanson@apple.com
  • 34 edits in branches/safari-601.1-branch

Merge r186881. rdar://problem/21822278

11:15 PM Changeset in webkit [186946] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186799. rdar://problem/20542574

11:15 PM Changeset in webkit [186945] by matthew_hanson@apple.com
  • 7 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186798. rdar://problem/20542574

10:33 PM Changeset in webkit [186944] by matthew_hanson@apple.com
  • 3 edits
    2 adds in branches/safari-601.1-branch

Merge r186911. rdar://problem/21822541

10:33 PM Changeset in webkit [186943] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601.1-branch/Source/WebKit/mac

Merge r186909. rdar://problem/21802456

10:33 PM Changeset in webkit [186942] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186895. rdar://problem/21692212

10:33 PM Changeset in webkit [186941] by matthew_hanson@apple.com
  • 9 edits in branches/safari-601.1-branch/Source/WebKit2

Merge r186887. rdar://problem/21692212

10:33 PM Changeset in webkit [186940] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186879. rdar://problem/21758704

10:33 PM Changeset in webkit [186939] by matthew_hanson@apple.com
  • 6 edits in branches/safari-601.1-branch/Source

Merge r186878. rdar://problem/21758722

10:33 PM Changeset in webkit [186938] by matthew_hanson@apple.com
  • 4 edits
    3 adds in branches/safari-601.1-branch

Merge r186868. rdar://problem/21758704

10:32 PM Changeset in webkit [186937] by matthew_hanson@apple.com
  • 5 edits
    2 adds in branches/safari-601.1-branch

Merge r186865. rdar://problem/21823835

10:32 PM Changeset in webkit [186936] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186857. rdar://problem/21840845

10:32 PM Changeset in webkit [186935] by matthew_hanson@apple.com
  • 4 edits
    4 adds in branches/safari-601.1-branch

Merge r186840. rdar://problem/21823681

10:32 PM Changeset in webkit [186934] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186837. rdar://problem/21774358

10:32 PM Changeset in webkit [186933] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebCore

Merge r186828. rdar://problem/19925709

10:32 PM Changeset in webkit [186932] by matthew_hanson@apple.com
  • 5 edits
    2 adds in branches/safari-601.1-branch

Merge r186827. rdar://problem/21736723

10:32 PM Changeset in webkit [186931] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebKit2

Merge r186814. rdar://problem/21605505

10:32 PM Changeset in webkit [186930] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1-branch/Source/WebKit2

Merge r186812. rdar://problem/21818117

10:32 PM Changeset in webkit [186929] by matthew_hanson@apple.com
  • 4 edits
    15 adds in branches/safari-601.1-branch

Merge r186807. rdar://problem/21782350

10:32 PM Changeset in webkit [186928] by matthew_hanson@apple.com
  • 5 edits in branches/safari-601.1-branch/Source

Merge r186786. rdar://problem/9222837

8:59 PM Changeset in webkit [186927] by commit-queue@webkit.org
  • 4 edits in trunk/Tools

webkit-patch uses incorrect credentials from keychain to login until account lockout
https://bugs.webkit.org/show_bug.cgi?id=146923

Patch by Dean Johnson <dean_johnson@apple.com> on 2015-07-16
Reviewed by Daniel Bates.

When webkit-patch upload asks for login credentials for bugs.webkit.org, if you
provide incorrect credentials then ask for them to be saved to the keychain
webkit-patch will then use those incorrect credentials until 5 total attempts
have been made to log in. This will lock the user out of Bugzilla for a
half hour.

  • Scripts/webkitpy/common/net/bugzilla/bugzilla.py:

(Bugzilla.authenticate): Added argument to read_credentials() that
passes in whether or not to use stored credentials.

  • Scripts/webkitpy/common/net/credentials.py:

(Credentials.read_credentials): Added optional argument 'use_stored_credentials'
that specifies whether or not to use credentials stored on the system. If it
does, we do not auto-fill credentials since either the credentials caused
the failure, or they weren't used in the first place so there is no reason
to try and use them again if a failure happened.

  • Scripts/webkitpy/common/net/credentials_unittest.py: Added unit test for newly added

use_stored_credentials argument.
(test_do_not_use_stored_credentials): Added unit test to make sure functions that
retrieve username/password information from the local system (environment, Git, keychain,
keyring) are never called. It also tests that we get back our mocked username and password.
(test_do_not_use_stored_credentials.MockKeyring): Mock keyring
(test_do_not_use_stored_credentials.MockKeyring.get_password): Assert this is never called.
(test_do_not_use_stored_credentials.FakeCredentials): Mock credentials
(test_do_not_use_stored_credentials.FakeCredentials._credentials_from_keychain): Assert this
is never called.
(test_do_not_use_stored_credentials.FakeCredentials._credentials_from_environment): Ditto
(test_do_not_use_stored_credentials.FakeCredentials._offer_to_store_credentials_in_keyring): Ditto
(test_do_not_use_stored_credentials.FakeUser): Mock the User class
(test_do_not_use_stored_credentials.FakeUser.prompt): Returns a username to assert against.
(test_do_not_use_stored_credentials.FakeUser.prompt_password): Returns a password to assert
against.

8:59 PM Changeset in webkit [186926] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION (r186218) ScriptTimelineRecord attempts to access null property
https://bugs.webkit.org/show_bug.cgi?id=147025

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-07-16
Reviewed by Timothy Hatcher.

The issue here was two ScriptTimelineRecord's were created for the same
profile payload. When the first ScriptTimelineRecord processed the
payload to create a Profile we modified the payload, then when the
second ScriptTimelineRecord tries to process the payload the data is
in an unexpected state and it crashes.

The solution here is to stash the result on the payload, so when the
payload is shared we can just immediately jump to the resulting Profile.
The longer term solution will be to share higher level objects and not
attempt to process the payload multiple times. That is tracked by:
<https://webkit.org/b/147029> Web Inspector: Better share objects generated from timeline events (Records)

  • UserInterface/Models/ScriptTimelineRecord.js:

(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload):
When processing the profile payload, store the Profile on the payload
so if another ScriptTimelineRecord has that payload they can avoid
re-processing it.

8:55 PM Changeset in webkit [186925] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Total Size of Resources number in dashboard is wrong (does not update during load)
https://bugs.webkit.org/show_bug.cgi?id=147027

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-07-16
Reviewed by Timothy Hatcher.

  • UserInterface/Models/DefaultDashboard.js:

(WebInspector.DefaultDashboard.prototype._resourceSizeDidChange):
Restore implementation of callback from r183328 to update total resource
size as resources are downloaded.

8:55 PM Changeset in webkit [186924] by Matt Baker
  • 2 edits in trunk/Source/WebKit2

[Mac] Web Inspector toolbar can be covered by the Safari tab bar when docked to the right
https://bugs.webkit.org/show_bug.cgi?id=146994

Reviewed by Timothy Hatcher.

WebInspectorProxy contained logic which ignored the next frame change notification from the inspected view,
whenever it updated the frames of both the Inspector view and inspected view. This patch removes that logic,
as it prevented the Inspector's frame from being adjusted after changes to the browser's top content inset.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(-[WKWebInspectorProxyObjCAdapter ignoreNextInspectedViewFrameDidChange]): Deleted.
(-[WKWebInspectorProxyObjCAdapter inspectedViewFrameDidChange:]): Deleted.
(WebKit::WebInspectorProxy::inspectedViewFrameDidChange): Deleted.

8:33 PM Changeset in webkit [186923] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, fix build for newer LLVMs.

  • llvm/LLVMHeaders.h:
  • llvm/library/LLVMExports.cpp:
7:56 PM Changeset in webkit [186922] by Gyuyoung Kim
  • 2 edits in trunk/Tools

Unreviewed, remove my redundant email information.

  • Scripts/webkitpy/common/config/contributors.json:
7:45 PM Changeset in webkit [186921] by hyungwook.lee@navercorp.com
  • 2 edits in trunk/Tools

Unreviewed. Add Hyungwook Lee as a committer.

  • Scripts/webkitpy/common/config/contributors.json:
7:27 PM Changeset in webkit [186920] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

RegExp::match() should set m_state to ByteCode if compilation fails.
https://bugs.webkit.org/show_bug.cgi?id=147023

Reviewed by Michael Saboff.

A RegExp has a YarrCodeBlock that has 4 MacroAssemblerCodeRefs for compiled code.
If one of these compilations succeeds, RegExp::m_state will be set to JITCode.
Subsequently, if RegExp tries to compile another one of these but fails, m_state
will be left untouched i.e. it still says JITCode. As a result, when
RegExp::match() later tries to execute the non-existant compiled code, it will
crash.

The fix is to downgrade m_state to ByteCode if RegExp ever fails to compile.
This failure should be rare. We'll do the minimal work here to fix the issue and
keep an eye on the perf bots. If perf regresses, we can do some optimization work then.

This issue is difficult to test for since it either requires a low memory condition
to trigger a failed RegExp compilation at the right moment, or for the RegExp to
succeed compilation in the MatchedOnly mode but fail in IncludeSubpatterns mode.
Instead, I manually tested it by instrumenting RegExp::compile() to fail once in every
10 compilation attempts.

  • runtime/RegExp.cpp:

(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):

5:29 PM Changeset in webkit [186919] by commit-queue@webkit.org
  • 4 edits in trunk/Source

Web Inspector: [Mac] Save dialog not working when inspector is docked
https://bugs.webkit.org/show_bug.cgi?id=146991

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-07-16
Reviewed by Sam Weinig.

Source/WebKit/mac:

  • WebCoreSupport/WebInspectorClient.mm:

(WebInspectorFrontendClient::save):
(-[WebInspectorWindowController webView:runOpenPanelForFileButtonWithResultListener:allowMultipleFiles:]):
When the window is nil (docked) use a non-window version of running the dialog.

Source/WebKit2:

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::runOpenPanel):
(WebKit::WebInspectorProxy::platformSave):
When the window is nil (docked) use a non-window version of running the dialog.

4:36 PM Changeset in webkit [186918] by mrajca@apple.com
  • 5 edits in trunk/Source/WebCore

Media Session: handle 'Transient' and 'Transient Solo' interruption events https://bugs.webkit.org/show_bug.cgi?id=146840

Reviewed by Eric Carlson.

  • Modules/mediasession/MediaSession.cpp:

(WebCore::MediaSession::handleDuckInterruption): Added stub.
(WebCore::MediaSession::handleUnduckInterruption): Added stub.
(WebCore::MediaSession::handlePauseInterruption): Pause active media elements. We use our helper method to do this

"safely" since pausing a media element can change the collection we're iterating.

(WebCore::MediaSession::handleUnpauseInterruption): Unpause active media elements. We use our helper method to do this

"safely" since unpausing a media element can change the collection we're iterating.

(WebCore::MediaSession::togglePlayback): Factored out "safe" iteration into a helper method elsewhere.
(WebCore::MediaSession::safelyIterateActiveMediaElements): Safely iterate through the collection of active media

elements.

  • Modules/mediasession/MediaSession.h:
  • Modules/mediasession/MediaSessionManager.cpp:

(WebCore::MediaSessionManager::MediaSessionManager): On Mac, register for platform-specific interruptions.
(WebCore::MediaSessionManager::didReceiveStartOfInterruptionNotification): Implemented section 4.5.2 of Media Session spec.
(WebCore::MediaSessionManager::didReceiveEndOfInterruptionNotification): Ditto.

  • Modules/mediasession/MediaSessionManager.h:
4:22 PM Changeset in webkit [186917] by mrajca@apple.com
  • 2 edits
    6 adds in trunk/Source/WebCore

Media Session: add support for platform-specific interruption providers
https://bugs.webkit.org/show_bug.cgi?id=147008

Reviewed by Eric Carlson.

  • WebCore.xcodeproj/project.pbxproj: Include new source files.
  • platform/mediasession/MediaSessionInterruptionProvider.cpp: Added base class to be used by MediaSessionManager to listen for interruption notifications.

(WebCore::MediaSessionInterruptionProvider::MediaSessionInterruptionProvider): Begin listening for interruptions

upon construction.

(WebCore::MediaSessionInterruptionProvider::~MediaSessionInterruptionProvider): Stop listening for interruptions

before destruction.

(WebCore::MediaSessionInterruptionProvider::beginListeningForInterruptions): To be overridden by subclasses.
(WebCore::MediaSessionInterruptionProvider::stopListeningForInterruptions): To be overridden by subclasses.

  • platform/mediasession/MediaSessionInterruptionProvider.h: Added.

(WebCore::MediaSessionInterruptionProviderClient::~MediaSessionInterruptionProviderClient):
(WebCore::MediaSessionInterruptionProvider::client):

  • platform/mediasession/mac/MediaSessionInterruptionProviderMac.h: Added for providing Mac-specific interruptions.

(WebCore::MediaSessionInterruptionProviderMac::~MediaSessionInterruptionProviderMac):

  • platform/mediasession/mac/MediaSessionInterruptionProviderMac.mm: Added stubs.

(WebCore::MediaSessionInterruptionProviderMac::beginListeningForInterruptions):
(WebCore::MediaSessionInterruptionProviderMac::stopListeningForInterruptions):

4:14 PM Changeset in webkit [186916] by timothy_horton@apple.com
  • 10 edits in trunk/Source

Add shrink-wrapped link highlights
https://bugs.webkit.org/show_bug.cgi?id=147021
<rdar://problem/21643094>

Reviewed by Enrica Casucci.

  • Shared/InteractionInformationAtPosition.cpp:

(WebKit::InteractionInformationAtPosition::encode):
(WebKit::InteractionInformationAtPosition::decode):

  • Shared/InteractionInformationAtPosition.h:

Add a TextIndicator to InteractionInformationAtPosition.
Make use of some new C++ features.

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView willPresentPreviewViewController:forPosition:inSourceView:]):
(-[WKContentView didDismissPreviewViewController:committing:]):
Make use of the TextIndicator (if we have one) to show a shrink-wrapped
snapshot of the link.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getPositionInformation):
Build a TextIndicator for the link if possible.

  • WebCore.xcodeproj/project.pbxproj:
  • page/TextIndicator.cpp:

(WebCore::TextIndicator::createWithRange):
(WebCore::TextIndicator::createWithSelectionInFrame):

  • page/TextIndicator.h:

Add a margin parameter to TextIndicator; this inflates each text rect
by the given amount.

Use snapshotFrameRect instead of snapshotSelection because we really
want an image that exactly fits textBoundingRectInDocumentCoordinates,
and snapshotSelection comes up with selection rects in different ways,
especially on iOS (where it comes up with nothing!).

For now, avoid forcing black text or painting only the selection on iOS.
Eventually, we should have TextIndicator options for these things that
are then respected at the presentation layer.

3:57 PM Changeset in webkit [186915] by Wenson Hsieh
  • 2 edits in trunk/Tools

Added myself to the list of contributors.

Reviewed by Brent Fulgham.

  • Scripts/webkitpy/common/config/contributors.json:
3:50 PM Changeset in webkit [186914] by Lucas Forschler
  • 3 edits in branches/safari-601.1-branch/Source/WebCore

Merged r186764. rdar://problem/9222837

3:27 PM Changeset in webkit [186913] by mrajca@apple.com
  • 12 edits in trunk/Source

Media Session: remove plumbing for delivering start/end-of-interruption events
https://bugs.webkit.org/show_bug.cgi?id=147005

Reviewed by Eric Carlson.

Instead of receiving interruptions through WebKit, we will provide platform-specific implementations in WebCore
so the same behavior is available to all clients.

WebCore:

  • Modules/mediasession/MediaSessionEvents.h:
  • page/Page.cpp:
  • page/Page.h:

WebKit:

  • UIProcess/API/C/WKPage.cpp:
  • UIProcess/API/C/WKPagePrivate.h:
  • UIProcess/WebPageProxy.cpp:
  • UIProcess/WebPageProxy.h:
  • WebProcess/WebPage/WebPage.cpp:
  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
3:08 PM Changeset in webkit [186912] by achristensen@apple.com
  • 8 edits in trunk

[Content Extensions] Cache domain actions
https://bugs.webkit.org/show_bug.cgi?id=146817

Reviewed by Benjamin Poulain.

Source/WebCore:

Right now we run regular expressions on the domain every time we have any rules that match with if-domain or unless-domain.
This caches the results of running regular expressions on the domain of the main document's url so we only need to
run those regular expressions when the main document changes domain. We also spend less time adding unused actions into HashSets.

All behavior is covered by existing api tests, but I added some to explicitly test if-domain and unless-domain with multiple load types.

  • contentextensions/ContentExtension.cpp:

(WebCore::ContentExtensions::ContentExtension::globalDisplayNoneStyleSheet):
(WebCore::ContentExtensions::ContentExtension::cachedDomainActions):

  • contentextensions/ContentExtension.h:

(WebCore::ContentExtensions::ContentExtension::identifier):
(WebCore::ContentExtensions::ContentExtension::compiledExtension):

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):

  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::getJumpDistance):
(WebCore::ContentExtensions::matchesDomain):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpretAppendAction):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpretTestFlagsAndAppendAction):
(WebCore::ContentExtensions::DFABytecodeInterpreter::actionsForDefaultStylesheetFromDFARoot):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpretWithDomains):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):

  • contentextensions/DFABytecodeInterpreter.h:

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::TEST_F):
Test if-domain and unless-domain with multiple load types.

2:54 PM Changeset in webkit [186911] by Simon Fraser
  • 3 edits
    2 adds in trunk

Fix disappearing position:fixed elements in fixed layout mode
https://bugs.webkit.org/show_bug.cgi?id=147019

Reviewed by Tim Horton.
Source/WebCore:

Test: compositing/fixed-with-fixed-layout.html

When in fixed layout mode, and being scaled down, viewportConstrainedVisibleContentRect() is
the wrong thing to use to determine if position:fixed elements are clipped out. In this case,
use the simpler document bounds (before scaling).

In the long term, there needs to be an equivalent of viewportConstrainedVisibleContentRect()
that gives an appropriate rect that can be used here.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForPosition):

LayoutTests:

Test with four fixed elements in fixed layout mode.

  • compositing/fixed-with-fixed-layout-expected.txt: Added.
  • compositing/fixed-with-fixed-layout.html: Added.
2:51 PM Changeset in webkit [186910] by benjamin@webkit.org
  • 12 edits
    1 add in trunk

[Content extensions] Combine suffixes when generating NFAs
https://bugs.webkit.org/show_bug.cgi?id=146961

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-07-16
Reviewed by Alex Christensen.

Source/WebCore:

In this patch, I add a mechanism very similar to the prefix tree
but for the suffix (called a reverse suffix tree here).

The idea is here is to reuse the existing NFA nodes when generating
a chain of suffix Term that were already generated previously.
When generating a disjunction ending with the same suffix, we now
have the same trailing NFA nodes for both sides of the disjunction.

Mixing the prefix and suffix generation can be tricky, we do not want
transitions from a pattern to creep into the suffix of an other.

To avoid any conflict, the rules here are very simple:
-Only use the reverse suffix tree for terms without actions

up to a leaf term with actions.

This rule ensure that no action will accidentally make its way
to an other rule by resuing a vertex of the reverse suffix tree.

-Only use the reverse suffix tree for chains of terms in which

each term only has zero or one following term.

With this condition, when taking any vertex of the reverse suffix
tree, there is only one edge that move out of that vertex when reading
from left to right.
For any vertex, there is only one possible string generated
left-to-right, a single suffix.

This is overly restrictive but it is fast, easier to verify, and it works
well in practice.
For all the more complicated cases, we can count on the Minimizer to
find a better solution.

With all the simple suffixes merged, our NFAs are smaller, which
let us combine more patterns.
The DFAs are also smaller and faster to produce since their size
is relative to the NFA sizes.

Overall, I get the following gains:
-Chris's test case:

compile time -40%.
bytecode size -14%.

-Armand's test case:

compile time -53%.
bytecode size -13%.

  • WebCore.xcodeproj/project.pbxproj:
  • contentextensions/CombinedURLFilters.cpp:

(WebCore::ContentExtensions::ActiveSubtree::ActiveSubtree):
(WebCore::ContentExtensions::generateInfixUnsuitableForReverseSuffixTree):
(WebCore::ContentExtensions::generateSuffixWithReverseSuffixTree):
(WebCore::ContentExtensions::clearReverseSuffixTree):
(WebCore::ContentExtensions::generateNFAForSubtree):

  • contentextensions/DFA.cpp:

(WebCore::ContentExtensions::DFA::debugPrintDot):
Forgot to close a tag, dot was not happy.

  • contentextensions/HashableActionList.h: Added.

(WebCore::ContentExtensions::HashableActionList::HashableActionList):
(WebCore::ContentExtensions::HashableActionList::isEmptyValue):
(WebCore::ContentExtensions::HashableActionList::isDeletedValue):
(WebCore::ContentExtensions::HashableActionList::operator==):
(WebCore::ContentExtensions::HashableActionList::operator!=):
(WebCore::ContentExtensions::HashableActionListHash::hash):
(WebCore::ContentExtensions::HashableActionListHash::equal):
We need a way to group reverse suffix tree by their terminal actions.
This new hash structure lets us find unique vertex for a list of actions
in any order.

  • contentextensions/ImmutableNFANodeBuilder.h:

(WebCore::ContentExtensions::ImmutableNFANodeBuilder::isValid):
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::nodeId):
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::addTransition):
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::addEpsilonTransition):
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::ImmutableNFANodeBuilder): Deleted.
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::~ImmutableNFANodeBuilder): Deleted.
(WebCore::ContentExtensions::ImmutableNFANodeBuilder::operator=): Deleted.

  • contentextensions/Term.h:

(WebCore::ContentExtensions::Term::generateGraph):
(WebCore::ContentExtensions::Term::generateSubgraphForAtom):
Node building changes a bit.

Previously, it was assumed nodes are always built from left to right.
Getting the node on the right was done by providing the left node and the term
doing the transition.

Now we have both left to right and right to left generation.

The right-to-left has a specific property: no edge can be added after
it's initial term (rule 2 of our reverse suffix tree). This simplifies
things a bit since we can finalize all the nodes in the suffix tree.
All we need is to keep their ID to be able to link new nodes
to the reverse suffix tree.

Source/WTF:

  • wtf/Vector.h:

(WTF::minCapacity>::Vector):
(WTF::=):
Copying a vector with a different inline capacity was broken due to
the addition of MinimumCapacity.

This feature was needed by this patch so I fixed WTF.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::compareContents):

  • TestWebKitAPI/Tests/WebCore/DFAMinimizer.cpp:
2:50 PM Changeset in webkit [186909] by Simon Fraser
  • 3 edits in trunk/Source/WebKit/mac

[iOS] Expose contentsSizeRespectingOverflow() via WebView so UIWebView can use it
https://bugs.webkit.org/show_bug.cgi?id=146924
WebKit part of rdar://problem/21802456

Reviewed by Tim Horton.

Expose the FrameView's contentsSizeRespectingOverflow() via WebView, for use
by UIKit.

  • WebView/WebView.mm:

(-[WebView _contentsSizeRespectingOverflow]):

  • WebView/WebViewPrivate.h:
2:40 PM Changeset in webkit [186908] by Andres Gomez
  • 3 edits in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Further optimize the weight and time icons taken back to the toolbar dashboard for the GTK+ port
https://bugs.webkit.org/show_bug.cgi?id=147010

SVG images optimized with a combination of sed replacements, the
usage of the scour tool (http://www.codedread.com/scour/) and a
forked version of the svgo tool (https://github.com/tanty/svgo).

Also, added the class attribute to the shape elements following
the convention used in Apple's images.

Reviewed by Martin Robinson.

  • UserInterface/Images/gtk/Time.svg: Optimized.
  • UserInterface/Images/gtk/Weight.svg: Optimized.
1:24 PM Changeset in webkit [186907] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Rolling out part of r186895 until rdar://problem/21861167 is resolved.
https://bugs.webkit.org/show_bug.cgi?id=146976

  • platform/network/cf/CookieJarCFNet.cpp:

(WebCore::createCookies): Don’t use this new SPI quite yet.

1:19 PM Changeset in webkit [186906] by fpizlo@apple.com
  • 25 edits in trunk

Unreviewed, roll out http://trac.webkit.org/changeset/186903. It broke the build.

Source/WebCore:

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/DOMWrapperWorld.h:

(WebCore::currentWorld):
(WebCore::worldForDOMObject): Deleted.

  • bindings/js/JSBindingsAllInOne.cpp:
  • bindings/js/JSCustomEventCustom.cpp:

(WebCore::JSCustomEvent::detail): Deleted.

  • bindings/js/JSMessageEventCustom.cpp:

(WebCore::JSMessageEvent::data):

  • bindings/js/JSPopStateEventCustom.cpp:

(WebCore::JSPopStateEvent::state):

  • dom/CustomEvent.cpp:

(WebCore::CustomEvent::initCustomEvent):
(WebCore::CustomEvent::eventInterface):
(WebCore::CustomEvent::trySerializeDetail): Deleted.

  • dom/CustomEvent.h:
  • dom/CustomEvent.idl:
  • dom/MessageEvent.cpp:

(WebCore::MessageEvent::initMessageEvent):
(WebCore::MessageEvent::data):
(WebCore::MessageEvent::trySerializeData): Deleted.

  • dom/MessageEvent.h:
  • dom/PopStateEvent.cpp:

(WebCore::PopStateEvent::create):
(WebCore::PopStateEvent::eventInterface):
(WebCore::PopStateEvent::trySerializeState): Deleted.

  • dom/PopStateEvent.h:
  • testing/Internals.cpp:

(WebCore::Internals::deserializeBuffer):
(WebCore::Internals::setUsesOverlayScrollbars):
(WebCore::Internals::isFromCurrentWorld): Deleted.

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • fast/events/constructors/custom-event-constructor-expected.txt:
  • fast/events/constructors/custom-event-constructor.html:
  • fast/events/event-leak-objects-expected.txt:
  • fast/events/event-leak-objects.html:
  • fast/events/event-properties-gc-expected.txt:
  • fast/events/event-properties-gc.html:
1:07 PM Changeset in webkit [186905] by timothy_horton@apple.com
  • 1 edit
    2 adds in trunk/LayoutTests

Rebaseline test for Windows.

  • platform/win/fast/shrink-wrap: Added.
  • platform/win/fast/shrink-wrap/rect-shrink-wrap-expected.txt: Added.
1:06 PM Changeset in webkit [186904] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r186464): [SOUP] ASSERTION FAILED: !m_messageReceiverMapCount when closing any tab
https://bugs.webkit.org/show_bug.cgi?id=147006

Reviewed by Anders Carlsson.

Remove the message receiver before it is deallocated.

  • UIProcess/Network/CustomProtocols/soup/CustomProtocolManagerProxySoup.cpp:

(WebKit::CustomProtocolManagerProxy::~CustomProtocolManagerProxy):

12:30 PM Changeset in webkit [186903] by fpizlo@apple.com
  • 20 edits
    5 adds in trunk

Remove leak of objects between isolated worlds on custom events, message events, and pop state events.
https://bugs.webkit.org/show_bug.cgi?id=118884

Patch by Keith Miller <keith_miller@apple.com> on 2015-07-16
Reviewed by Filip Pizlo.

Source/WebCore:

Tests: fast/events/event-leak-objects.html

fast/events/event-properties-gc.html

Fixes an issue where objects passed as certain properties of events could cross isolated worlds. This
was fixed by checking that any object passed by an event must be serializable or originate from the same
isolated world as the one it is currently being accessed in. In the case of MessageEvents and PopStateEvents we
cache the values of the data and state properties, respectively, as they may be a deserialized object. In case
an object was deserialized in a world with elevated privileges we also check the cached value is from the same
world, if it is from a different world we recompute it. For testing purposes, I added a new function to Internals
that determines whether a JSObject originated in the current world.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/DOMWrapperWorld.h:

(WebCore::worldForDOMObject):

  • bindings/js/JSBindingsAllInOne.cpp:
  • bindings/js/JSCustomEventCustom.cpp: Copied from Source/WebCore/dom/CustomEvent.cpp.

(WebCore::JSCustomEvent::detail):

  • bindings/js/JSMessageEventCustom.cpp:

(WebCore::JSMessageEvent::data):

  • bindings/js/JSPopStateEventCustom.cpp:

(WebCore::JSPopStateEvent::state):

  • dom/CustomEvent.cpp:

(WebCore::CustomEvent::initCustomEvent):
(WebCore::CustomEvent::trySerializeDetail):

  • dom/CustomEvent.h:
  • dom/CustomEvent.idl:
  • dom/MessageEvent.cpp:

(WebCore::MessageEvent::initMessageEvent):
(WebCore::MessageEvent::trySerializeData):

  • dom/MessageEvent.h:
  • dom/PopStateEvent.cpp:

(WebCore::PopStateEvent::trySerializeState):

  • dom/PopStateEvent.h:
  • testing/Internals.cpp:

(WebCore::Internals::isFromCurrentWorld):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

These tests ensure ensure objects are not leaked across isolated worlds and that those properties are not prematurely
garbage collected.

  • fast/events/constructors/custom-event-constructor-expected.txt:
  • fast/events/constructors/custom-event-constructor.html:
  • fast/events/event-leak-objects-expected.txt: Added.
  • fast/events/event-leak-objects.html: Added.
  • fast/events/event-properties-gc-expected.txt: Added.
  • fast/events/event-properties-gc.html: Added.
12:16 PM Changeset in webkit [186902] by bshafiei@apple.com
  • 5 edits in branches/safari-600.1.4.17-branch/Source

Versioning.

11:31 AM Changeset in webkit [186901] by Andres Gomez
  • 1 edit
    1 add in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new Network icon for the GTK+ port
https://bugs.webkit.org/show_bug.cgi?id=147002

Reviewed by Martin Robinson.

  • UserInterface/Images/gtk/Network.svg: Added.

Icon for the new Network tab.

11:23 AM Changeset in webkit [186900] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

Mark fast/canvas/canvas-too-large-to-draw.html as crashing on El Capitan

Fix is tracked by <rdar://problem/21857102>.

  • platform/mac/TestExpectations: Mark test as crashing:
  • fast/canvas/canvas-too-large-to-draw.html
10:52 AM Changeset in webkit [186899] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit

[Win] Unreviewed gardening.

  • WebKit.vcxproj/WebKit/WebKit.vcxproj.filters: Move file into the

appropriate category in the project.

10:42 AM Changeset in webkit [186898] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit/win

[Win] Gross workaround to fix build after r186858.

  • WebView.cpp:

(WebView::unused5): Force export of WebCore symbol through
WebKit.dll.

10:39 AM Changeset in webkit [186897] by beidson@apple.com
  • 2 edits in trunk/Source/WebKit2

Review feedback followup for:
REGRESSION(r186088): Crash under WebKit::WebPageProxy::didFailLoadForFrame
<rdar://problem/21692212> and https://bugs.webkit.org/show_bug.cgi?id=146988

  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::refView): CFRetain instead of Obj-C retain.
(WebKit::PageClientImpl::derefView): CFRelease instead of Obj-C release.

10:26 AM Changeset in webkit [186896] by Andres Gomez
  • 1 edit
    1 add in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new composite record icon for the GTK+ port
https://bugs.webkit.org/show_bug.cgi?id=146998

Reviewed by Martin Robinson.

  • UserInterface/Images/gtk/TimelineRecordComposite.svg: Added.

New composite record icon.

10:25 AM Changeset in webkit [186895] by beidson@apple.com
  • 3 edits in trunk/Source/WebCore

WebKit document.cookie mis-parsing.
rdar://problem/21715050 and https://bugs.webkit.org/show_bug.cgi?id=146976

Reviewed by Sam Weinig.

  • platform/network/cf/CookieJarCFNet.cpp:

(WebCore::createCookies): Use new SPI if available.
(WebCore::setCookiesFromDOM):

  • platform/spi/cf/CFNetworkSPI.h:
10:21 AM Changeset in webkit [186894] by andersca@apple.com
  • 19 edits in trunk/Source/WebCore

Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
https://bugs.webkit.org/show_bug.cgi?id=146984

Reviewed by Daniel Bates.

  • contentextensions/DFA.h:
  • dom/ContextDestructionObserver.h:
  • dom/DeviceOrientationData.h:
  • dom/ExceptionCodePlaceholder.h:
  • editing/cocoa/HTMLConverter.h:
  • html/track/AudioTrack.h:
  • loader/FrameLoaderStateMachine.h:
  • loader/appcache/ApplicationCacheHost.h:
  • loader/cache/CachedResourceHandle.h:
  • platform/URL.h:
  • platform/animation/Animation.h:
  • platform/audio/AudioHardwareListener.h:
  • platform/audio/AudioSession.h:
  • platform/graphics/transforms/AffineTransform.h:
  • platform/network/Credential.h:
  • platform/network/CredentialBase.h:
  • platform/network/ResourceHandleClient.h:
  • platform/network/mac/AuthenticationMac.h:
8:34 AM Changeset in webkit [186893] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[Linux] Seccomp: fix -Wmismatched-tags
https://bugs.webkit.org/show_bug.cgi?id=146990

Reviewed by Žan Doberšek.

WebProcessCreationParameters is a struct nowadays, not a class, so declare it appropriately.

  • Shared/linux/SeccompFilters/SyscallPolicy.h:
3:29 AM Changeset in webkit [186892] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r185415): [GTK] Browsers crash when an input method is enabled
https://bugs.webkit.org/show_bug.cgi?id=146639

Reviewed by Žan Doberšek.

In r185415 I assumed that preedit signals were always emitted
after a keypress was handled by the WebView. However, some input
methods handle the keyboard events before the WebView, and preedit
signals are emitted but no key event has been handled by the
WebView. So, instead of asserting when filter key event completion
handler is nullptr, we should check whether the current event was
generated for a WebView filter request or not. In case the
completion handler is nullptr, we send the event directly to the
page, instead of going through the WebView, since there won't be
editing commands for those events anyway.

  • UIProcess/gtk/InputMethodFilter.cpp:

(WebKit::InputMethodFilter::handleKeyboardEvent):
(WebKit::InputMethodFilter::handleKeyboardEventWithCompositionResults):

1:57 AM Changeset in webkit [186891] by commit-queue@webkit.org
  • 4 edits
    2 adds
    2 deletes in trunk

Web Inspector: update $$() to return an Array
https://bugs.webkit.org/show_bug.cgi?id=146964

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-07-16
Reviewed by Brian Burg.

Source/WebCore:

Test: inspector/console/command-line-api.html

  • inspector/CommandLineAPIModuleSource.js:

Update $$(...) to return an array.
Also InjectedScriptHost.type was renamed to subtype
a while ago.

LayoutTests:

  • inspector/console/command-line-api-expected.txt: Added.
  • inspector/console/command-line-api.html: Added.

Add back a command line api test.

  • platform/efl/inspector/console/command-line-api-expected.txt: Removed.
  • platform/mac/inspector/console/command-line-api-expected.txt: Removed.

Remove old platform expected results for the old version of this test.

  • platform/win/TestExpectations:

Speculatively skipping on Windows since other inspector/console tests are skipped.

Jul 15, 2015:

11:36 PM Changeset in webkit [186890] by timothy_horton@apple.com
  • 3 edits in trunk/Source/WebCore

Move indicator rect uniting code to TextIndicatorWindow instead of TextIndicator
https://bugs.webkit.org/show_bug.cgi?id=146992
<rdar://problem/21643094>

Reviewed by Daniel Bates.

Having to unite all the rects if any overlap is an implementation
detail of the Mac TextIndicatorWindow presentation, not a fundamental
property of TextIndicator.

Other TextIndicator presentations might be able to handle overlapping
rects more effectively, so we shouldn't lose information unless we need to.

This also avoids having a second copy of some constants!

  • page/TextIndicator.cpp:

(WebCore::outsetIndicatorRectIncludingShadow): Deleted.
(WebCore::textIndicatorsForTextRectsOverlap): Deleted.
(WebCore::TextIndicator::TextIndicator): Deleted.

  • page/mac/TextIndicatorWindow.mm:

(outsetIndicatorRectIncludingShadow):
(textIndicatorsForTextRectsOverlap):
(-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]):

11:04 PM Changeset in webkit [186889] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebKit2

Unreviewed. Follow up to r186887 for GTK+.

Add GTK+ implementation of PageClientImpl::refView/derefView.

  • UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::refView):
(WebKit::PageClientImpl::derefView):

  • UIProcess/API/gtk/PageClientImpl.h:
10:31 PM Changeset in webkit [186888] by Carlos Garcia Campos
  • 7 edits in trunk

[GTK] Input method filter is always enabled when the view is focused
https://bugs.webkit.org/show_bug.cgi?id=146965

Reviewed by Martin Robinson.

Source/WebKit2:

It should only be enabled when the view is focused and there's an
editable element focused. In r138544, when input methods were
implemented, the message SetInputMethodState was added, but it was
never used. Instead, the notifyFocusIn method of the IM filter
enables the input method unconditionally. We should actually use
the SetInputMethodState message to enable/disable input methods
when editable elements are focused/unfocused.

  • UIProcess/gtk/InputMethodFilter.cpp:

(WebKit::InputMethodFilter::setEnabled): Call notifyFocusedIn/Out
when inputs methods are enabled/disabled instead of notifying the
IM context directly.
(WebKit::InputMethodFilter::setCursorRect): Do not update the
cursor position if input methods are didabled.
(WebKit::InputMethodFilter::notifyFocusedIn): Do nothing when
input methods are disabled. Do not enable input methods
uncontionally here.
(WebKit::InputMethodFilter::notifyFocusedOut): Do not disable
input methods uncontionally here.

  • WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::setInputMethodState): Call
WebPage::setInputMethodState() for GTK platform.

  • WebProcess/WebPage/WebPage.h: Add setInputMethodState() for GTK platform.
  • WebProcess/WebPage/gtk/WebPageGtk.cpp:

(WebKit::WebPage::setInputMethodState): Update input method state
and send SetInputMethodState message to the UI process if state changed.

Tools:

Use setEnabled() instead of notifyFocusedIn() to enable input methods.

  • TestWebKitAPI/Tests/WebKit2/gtk/InputMethodFilter.cpp:

(TestWebKitAPI::TestInputMethodFilter::TestInputMethodFilter):

9:03 PM Changeset in webkit [186887] by beidson@apple.com
  • 9 edits in trunk/Source/WebKit2

REGRESSION(r186088): Crash under WebKit::WebPageProxy::didFailLoadForFrame
<rdar://problem/21692212> and https://bugs.webkit.org/show_bug.cgi?id=146988

Reviewed by Sam Weinig.

When a loader delegate callback results in the WKView getting deallocated, then the PageClient
is also destroyed.

WebPageProxy then (often) turns around and uses the PageClient anyways.

Tried to write a TestWebKitAPI test for this, but only didFailLoadForFrame appears to obviously
be vulnerable, and there seems to be no way to reproduce that failure case under TestWebKitAPI.

  • UIProcess/PageClient.h: Add ref/derefView.
  • UIProcess/API/gtk/PageClientImpl.h: Stub them out.
    • UIProcess/efl/WebViewEfl.h: Stub them out.
  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::refView): [m_wkView retain]
(WebKit::PageClientImpl::derefView): [m_wkView release]

  • UIProcess/ios/PageClientImplIOS.h:
  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::refView): Retain all 3 views.
(WebKit::PageClientImpl::derefView): Release all 3 views.

  • UIProcess/WebPageProxy.cpp:

(WebKit::PageClientProtector::PageClientProtector): Calls refView() on the PageClient.
(WebKit::PageClientProtector::~PageClientProtector): Calls derefView() on the PageClient.
(WebKit::WebPageProxy::didChangeBackForwardList): All methods that make m_loaderClient or

m_pageClient callouts get a protector at their head.

(WebKit::WebPageProxy::willGoToBackForwardListItem):
(WebKit::WebPageProxy::shouldKeepCurrentBackForwardListItemInList):
(WebKit::WebPageProxy::findPlugin):
(WebKit::WebPageProxy::didCreateMainFrame):
(WebKit::WebPageProxy::didCreateSubframe):
(WebKit::WebPageProxy::didStartProgress):
(WebKit::WebPageProxy::didChangeProgress):
(WebKit::WebPageProxy::didFinishProgress):
(WebKit::WebPageProxy::didDestroyNavigation):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrame):
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
(WebKit::WebPageProxy::didChangeProvisionalURLForFrame):
(WebKit::WebPageProxy::didFailProvisionalLoadForFrame):
(WebKit::WebPageProxy::didCommitLoadForFrame):
(WebKit::WebPageProxy::didFinishDocumentLoadForFrame):
(WebKit::WebPageProxy::didFinishLoadForFrame):
(WebKit::WebPageProxy::didFailLoadForFrame):
(WebKit::WebPageProxy::didSameDocumentNavigationForFrame):
(WebKit::WebPageProxy::didReceiveTitleForFrame):
(WebKit::WebPageProxy::didFirstLayoutForFrame):
(WebKit::WebPageProxy::didFirstVisuallyNonEmptyLayoutForFrame):
(WebKit::WebPageProxy::didLayoutForCustomContentProvider):
(WebKit::WebPageProxy::didLayout):
(WebKit::WebPageProxy::didRemoveFrameFromHierarchy):
(WebKit::WebPageProxy::didDisplayInsecureContentForFrame):
(WebKit::WebPageProxy::didRunInsecureContentForFrame):
(WebKit::WebPageProxy::didDetectXSSForFrame):
(WebKit::WebPageProxy::frameDidBecomeFrameSet):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::decidePolicyForResponse):
(WebKit::WebPageProxy::decidePolicyForResponseSync):
(WebKit::WebPageProxy::unableToImplementPolicy):
(WebKit::WebPageProxy::didNavigateWithNavigationData):
(WebKit::WebPageProxy::didPerformClientRedirect):
(WebKit::WebPageProxy::didPerformServerRedirect):
(WebKit::WebPageProxy::didUpdateHistoryTitle):
(WebKit::WebPageProxy::wrapCryptoKey):
(WebKit::WebPageProxy::unwrapCryptoKey):
(WebKit::WebPageProxy::navigationGestureDidBegin):
(WebKit::WebPageProxy::navigationGestureWillEnd):
(WebKit::WebPageProxy::navigationGestureDidEnd):
(WebKit::WebPageProxy::willRecordNavigationSnapshot):

7:42 PM Changeset in webkit [186886] by Michael Catanzaro
  • 2 edits in trunk/Tools

[EFL] Bump libseccomp version to 2.2.3
https://bugs.webkit.org/show_bug.cgi?id=146980

Reviewed by Gyuyoung Kim.

  • efl/jhbuild.modules:
7:08 PM Changeset in webkit [186885] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.1.4.17.2

New tag.

7:03 PM Changeset in webkit [186884] by ryuan.choi@navercorp.com
  • 4 edits in trunk/Source/WebCore

[CoordinatedGraphics] Remove setContentsScale from TiledBackingStore
https://bugs.webkit.org/show_bug.cgi?id=146921

Reviewed by Gyuyoung Kim.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::createBackingStore):
(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

  • platform/graphics/texmap/coordinated/TiledBackingStore.cpp:

(WebCore::TiledBackingStore::TiledBackingStore):
(WebCore::TiledBackingStore::setContentsScale): Deleted.

  • platform/graphics/texmap/coordinated/TiledBackingStore.h:
6:55 PM Changeset in webkit [186883] by matthew_hanson@apple.com
  • 5 edits in branches/safari-600.8-branch/Source

Versioning

6:52 PM Changeset in webkit [186882] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-600.8.3

New Tag.

6:45 PM Changeset in webkit [186881] by Brent Fulgham
  • 34 edits in trunk

[Win] Maintain consistent COM Interfaces
https://bugs.webkit.org/show_bug.cgi?id=146983
<rdar://problem/21822278>

Reviewed by Dean Jackson.

Source/WebKit/win:

Keep WebKit's COM interface compatible with software
linked against earlier WebKit releases:

  1. Update IDL to present the same interface as earlier releases of WebKit.
  2. Add new interface objects (i.g., IWebFrame2) extending earlier interfaces when adding new methods.
  3. Update our internal software to use the correct interface objects.
  • DefaultPolicyDelegate.cpp:

(DefaultPolicyDelegate::decidePolicyForNavigationAction):

  • Interfaces/IWebEditingDelegate.idl:
  • Interfaces/IWebFrame.idl:
  • Interfaces/IWebPreferencesPrivate.idl:
  • Interfaces/IWebSecurityOrigin.idl:
  • Interfaces/IWebUIDelegatePrivate.idl:
  • Interfaces/IWebViewPrivate.idl:
  • Interfaces/WebKit.idl:
  • WebCoreSupport/WebEditorClient.cpp:

(WebEditorClient::shouldInsertNode):

  • WebFrame.cpp:

(WebFrame::updateBackground):
(WebFrame::isMainFrame):

  • WebFrame.h:
  • WebPreferences.cpp:

(WebPreferences::initializeDefaultSettings):
(WebPreferences::QueryInterface):
(WebPreferences::setMockScrollbarsEnabled):
(WebPreferences::screenFontSubstitutionEnabled):
(WebPreferences::setScreenFontSubstitutionEnabled):
(WebPreferences::hyperlinkAuditingEnabled):
(WebPreferences::unused4):
(WebPreferences::shouldPaintNativeControls):
(WebPreferences::setShouldPaintNativeControls):
(WebPreferences::setDeveloperExtrasEnabled):
(WebPreferences::authorAndUserStylesEnabled):
(WebPreferences::inApplicationChromeMode):

  • WebPreferences.h:
  • WebSecurityOrigin.cpp:

(WebSecurityOrigin::QueryInterface):
(WebSecurityOrigin::setQuota):
(WebSecurityOrigin::initWithURL):

  • WebSecurityOrigin.h:
  • WebView.cpp:

(WebView::QueryInterface):
(WebView::notifyPreferencesChanged):
(WebView::selectedRangeForTesting):
(WebView::setLoadResourcesSerially):

  • WebView.h:

Tools:

Update DumpRenderTree and WinLauncher to use the properly
versioned COM interface objects.

  • DumpRenderTree/win/AccessibilityControllerWin.cpp:

(AccessibilityController::rootElement):

  • DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):
(resetWebViewToConsistentStateBeforeTesting):
(runTest):
(createWebViewAndOffscreenWindow):

  • DumpRenderTree/win/EditingDelegate.cpp:

(EditingDelegate::QueryInterface):
(EditingDelegate::shouldEndEditingInDOMRange):
(EditingDelegate::shouldInsertNode):

  • DumpRenderTree/win/EditingDelegate.h:
  • DumpRenderTree/win/EventSender.cpp:

(scalePageByCallback):

  • DumpRenderTree/win/FrameLoadDelegate.cpp:

(FrameLoadDelegate::didCommitLoadForFrame):

  • DumpRenderTree/win/TestRunnerWin.cpp:

(TestRunner::callShouldCloseOnWebView):
(TestRunner::applicationCacheDiskUsageForOrigin):
(TestRunner::clearApplicationCacheForOrigin):
(TestRunner::setDefersLoading):
(TestRunner::setDomainRelaxationForbiddenForURLScheme):
(TestRunner::setTabKeyCyclesThroughElements):
(TestRunner::setValueForUser):
(TestRunner::dispatchPendingLoadRequests):
(TestRunner::setWindowIsKey):
(TestRunner::execCommand):
(TestRunner::addOriginAccessWhitelistEntry):
(TestRunner::removeOriginAccessWhitelistEntry):
(TestRunner::addUserScript):
(TestRunner::addUserStyleSheet):
(TestRunner::showWebInspector):
(TestRunner::closeWebInspector):
(TestRunner::evaluateInWebInspector):
(TestRunner::setSerializeHTTPLoads):

  • DumpRenderTree/win/TextInputControllerWin.cpp:

(TextInputController::setMarkedText):
(TextInputController::hasMarkedText):
(TextInputController::unmarkText):
(TextInputController::markedRange):
(TextInputController::insertText):
(TextInputController::firstRectForCharacterRange):
(TextInputController::selectedRange):

  • DumpRenderTree/win/UIDelegate.h:

(UIDelegate::unused2):
(UIDelegate::unused3):
(UIDelegate::webViewScrolled):
(UIDelegate::webViewShouldInterruptJavaScript):
(UIDelegate::webViewReceivedFocus):
(UIDelegate::unused4): Deleted.

  • TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp:

(TestWebKitAPI::WebViewDestructionWithHostWindow::SetUp):

  • WinLauncher/PageLoadTestClient.cpp:

(PageLoadTestClient::didStartProvisionalLoad):

  • WinLauncher/WinLauncher.cpp:

(WinLauncher::init):

  • WinLauncher/WinLauncher.h:
  • WinLauncher/WinLauncherWebHost.cpp:

(WinLauncherWebHost::didFinishLoadForFrame):
(WinLauncherWebHost::didFirstLayoutInFrame):

  • WinLauncher/WinLauncherWebHost.h:
6:25 PM Changeset in webkit [186880] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

[Win] Fix armv7 build.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState): The 64-bit argument
version of poke is not available on armv7 builds.

6:13 PM Changeset in webkit [186879] by dino@apple.com
  • 3 edits in trunk/Source/WebCore

Tag WebGL layers with sRGB colorspace
https://bugs.webkit.org/show_bug.cgi?id=146986
<rdar://problem/21758704>

Fix the build on older El Capitan releases.

  • platform/graphics/mac/WebGLLayer.mm:

(-[WebGLLayer initWithGraphicsContext3D:]):

  • platform/spi/cocoa/QuartzCoreSPI.h:
6:00 PM Changeset in webkit [186878] by weinig@apple.com
  • 6 edits in trunk/Source

Color match plug-ins
<rdar://problem/21758722>
https://bugs.webkit.org/show_bug.cgi?id=146987

Reviewed by Dean Jackson.

Source/WebCore:

  • platform/spi/cocoa/QuartzCoreSPI.h:

Add colorMatchUntaggedContent property.

Source/WebKit2:

  • Platform/mac/LayerHostingContext.h:
  • Platform/mac/LayerHostingContext.mm:

(WebKit::LayerHostingContext::setColorMatchUntaggedContent):
(WebKit::LayerHostingContext::colorMatchUntaggedContent):
Add setter/getter for color matching untagged content.

  • PluginProcess/mac/PluginControllerProxyMac.mm:

(WebKit::PluginControllerProxy::updateLayerHostingContext):
Have plug-ins CAContext's color match untagged colors into sRGB.

5:33 PM Changeset in webkit [186877] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Resizing TimelineRuler selection on both sides doesn't work with snapping enabled
https://bugs.webkit.org/show_bug.cgi?id=146970

Reviewed by Brian Burg.

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._handleSelectionHandleMouseMove):
Use snapped current time value when setting selection bounds.

5:31 PM Changeset in webkit [186876] by Brent Fulgham
  • 2 edits in trunk/Source/JavaScriptCore

[Win] 64-bit Build Failure
https://bugs.webkit.org/show_bug.cgi?id=146989

Reviewed by Mark Lam.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState): Add missing
declaration for 64-bit type on 4-argument register machines (like
Windows).

5:29 PM Changeset in webkit [186875] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Another build fix after r186858.

  • html/canvas/DOMPath.h: Don't use WEBCORE_EXPORT on the

overall class and the destructor declaration.

5:06 PM Changeset in webkit [186874] by Lucas Forschler
  • 6 edits in branches/safari-601.1-branch

Merged r186826.

4:57 PM Changeset in webkit [186873] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.8-branch/Source/WebKit2

Merge r186838. rdar://problem/21716363

4:57 PM Changeset in webkit [186872] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.8-branch/Source/WebCore

Merge r186863. rdar://problem/21714843

4:31 PM Changeset in webkit [186871] by matthew_hanson@apple.com
  • 8 edits in branches/safari-600.8-branch/Source/WebCore

Merge r186533. rdar://problem/21533137

4:13 PM Changeset in webkit [186870] by commit-queue@webkit.org
  • 4 edits in trunk/Tools

Many test failures in scm_unittest.py
https://bugs.webkit.org/show_bug.cgi?id=143967

Patch by Dean Johnson <dean_johnson@apple.com> on 2015-07-15
Reviewed by Daniel Bates.

  • Scripts/webkitpy/common/checkout/scm/detection.py:

(SCMDetector.detect_scm_system): Paths with symlinks are now resolved to
absolute canonical file paths. Two mutually exclusive issues cause this
to be a problem.

1) Python's os.path.relpath() function does not return correct relative
paths between two filepaths that point to the same file, if symlinks are
involved.

On Mac, /tmp points to /private/tmp
ex. os.path.relpath('/tmp', '/private/tmp')

returns '../../tmp'

What we want is actually just '.'
2) Git does not allow file paths to trace outside of
the Git repository. This means that if you have a repository in
/tmp and you refer to that repository when invoking a git command as
../tmp, Git will produce errors about working outside of the repository.

  • Scripts/webkitpy/common/checkout/scm/git.py: Over time Git has changed

its default behavior and such, needed to be updated.
(Git.changed_files): '--' was added into the command so that patch_directories
were taken as positional arguments.

  • Scripts/webkitpy/common/checkout/scm/scm_unittest.py: Changed tests and setup

in the GitSVNTest class to more closely emulate the version of Git that the tests
assumed a system had. Also fixed a small side-effect from the absolute canonical
path fix in SCMDetector.detect_scm_system
(SVNTestRepository.setup): A relative filepath was previously passed as the
checkout root to SCMDetector.detect_scm_system, but is now cleaned to
an absolute canonical path before being passed in. The failing test
was a "sanity check" that the svn.checkout_root and scm.checkout_root
were the same.
(GitSVNTest._setup_git_checkout):

1) Added "--prefix " option to git clone since Git changed its default
behavior in version 2.0.
2) The branch master was renamed to trunk to more closely emulate what
tests expected when they were written.

(GitSVNTest.test_changed_files_local_plus_working_copy): Two of the three
original tests failed because the tests expected the trunk branch
to produce its parent's commit, whereas Git merely provides the HEAD commit
for a given branch (trunk in this case). Based on other tests written
in the same commit, it appears these tests were failing from the point they
were written.

4:04 PM Changeset in webkit [186869] by matthew_hanson@apple.com
  • 4 edits in branches/safari-600.8-branch/Source

Merge r186559. rdar://problem/21716363

4:00 PM Changeset in webkit [186868] by dino@apple.com
  • 4 edits
    3 adds in trunk

Tag WebGL layers with sRGB colorspace
https://bugs.webkit.org/show_bug.cgi?id=146986
<rdar://problem/21758704>

Reviewed by Simon Fraser.

Source/WebCore:

Label a CAOpenGLLayer as using the sRGB colorspace,
like the rest of our page content.

Test: fast/canvas/webgl/match-page-color-space.html

  • platform/graphics/mac/WebGLLayer.mm:

(-[WebGLLayer initWithGraphicsContext3D:]): Set the colorspace property on the layer.
(-[WebGLLayer copyCGLPixelFormatForDisplayMask:]):
(-[WebGLLayer drawInCGLContext:pixelFormat:forLayerTime:displayTime:]):
(-[WebGLLayer copyImageSnapshotWithColorSpace:]):

LayoutTests:

Add a test that embeds a WebGL canvas inside a solid div. Since both
have the same color, the canvas should seemlessly disappear into
the surrounding div.

  • fast/canvas/webgl/match-page-color-space-expected.html: Added.
  • fast/canvas/webgl/match-page-color-space.html: Added.
  • platform/mac-mavericks/TestExpectations: Skip this test.
  • platform/mac-yosemite/TestExpectations: Added. Skip this test.
3:42 PM Changeset in webkit [186867] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

[Win] Unreviewed build fix after r186858.

Add missing DOMPath and PathUtilities files to project.

  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
3:39 PM Changeset in webkit [186866] by andersca@apple.com
  • 4 edits in trunk/Source/WebCore

Headers that look for NSGEOMETRY_TYPES_SAME_AS_CGGEOMETRY_TYPES should import NSGeometry.h
https://bugs.webkit.org/show_bug.cgi?id=146982

Reviewed by Tim Horton.

  • platform/graphics/FloatPoint.h:
  • platform/graphics/IntPoint.h:
  • platform/graphics/IntSize.h:
3:33 PM Changeset in webkit [186865] by commit-queue@webkit.org
  • 5 edits
    2 adds in trunk

Scroll snapping to elements is broken for main frame scrolling
https://bugs.webkit.org/show_bug.cgi?id=146957

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Brent Fulgham.

Source/WebCore:

Fixes the case of elements with scroll snap coordinates in a scroll snapping mainframe by changing
RenderBox::findEnclosingScrollableContainer to return the body's RenderBox when all enclosing elements
are not overflow scrollable but the mainframe can scroll.

Test: css3/scroll-snap/scroll-snap-coordinate-mainframe.html

  • page/FrameView.h: Export isScrollable so that the Internals API can use it.
  • rendering/RenderBox.cpp: Include MainFrame.h.

(WebCore::RenderBox::findEnclosingScrollableContainer): Changed to return the body's RenderBox if

none of its parent elements are overflow scrolling.

  • testing/Internals.cpp:

(WebCore::Internals::scrollSnapOffsets): Updated to return snap offsets for the body element,

allowing us to call window.internals.scrollSnapOffsets(document.body).

LayoutTests:

Tests that basic scroll snap coordinates in the mainframe works.

  • css3/scroll-snap/scroll-snap-coordinate-mainframe-expected.txt: Added.
  • css3/scroll-snap/scroll-snap-coordinate-mainframe.html: Added.
3:30 PM Changeset in webkit [186864] by matthew_hanson@apple.com
  • 13 edits
    1 add in branches/safari-600.8-branch/Source

Merge r186781. rdar://problem/21708063

3:22 PM Changeset in webkit [186863] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

WebKit document.cookie mis-parsing.
rdar://problem/21715050 and https://bugs.webkit.org/show_bug.cgi?id=146976

Reviewed by Sam Weinig.

  • platform/network/mac/CookieJarMac.mm:

(WebCore::setCookiesFromDOM): Use new CFNetwork SPI when available.

2:54 PM Changeset in webkit [186862] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[WinCairo] font fallback not working
https://bugs.webkit.org/show_bug.cgi?id=146595

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-07-15
Reviewed by Myles C. Maxfield.

A Win32 API, GetGlyphIndices(), is not used properly, so any glyphs are considered existing in a font and it prevents the font fall back mechanism from working.

I think a specific font should be newly installed on the test machine to test this case but I have no idea how can it be done.

  • platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:

(WebCore::GlyphPage::fill):

2:46 PM Changeset in webkit [186861] by Michael Catanzaro
  • 4 edits in trunk/Source/WebKit2

[GTK] Rename PACKAGE_LOCALE_DIR to LOCALEDIR
https://bugs.webkit.org/show_bug.cgi?id=146975

Reviewed by Martin Robinson.

  • PlatformGTK.cmake:
  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_class_init):

  • WebProcess/gtk/WebProcessMainGtk.cpp:
2:41 PM Changeset in webkit [186860] by saambarati1@gmail.com
  • 81 edits
    14 adds in trunk

[ES6] implement block scoping to enable 'let'
https://bugs.webkit.org/show_bug.cgi?id=142944

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

(JSC::BuiltinExecutables::createExecutableInternal):

  • bytecode/BytecodeList.json:

This patch adds a new opcode and removes op_pop_scope:
1) op_get_parent_scope returns the parent scope but doesn't
implicitly write that scope into the scope register. op_pop_scope
is now reduced to op_get_parent_scope followed by op_mov.

  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::stronglyVisitStrongReferences):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::addStringSwitchJumpTable):
(JSC::CodeBlock::stringSwitchJumpTable):
(JSC::CodeBlock::symbolTable):
(JSC::CodeBlock::evalCodeCache):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::replaceConstant):
op_put_to_scope for LocalClosureVar now takes as an argument
the constant index for the Symbol Table it will be putting into.
This argument is only used to communicate from the BytecodeGenerator
to CodeBlock linking time and it is not present in the linked bytecode.

op_put_to_scope for non LocalClosureVar takes, at the same index, an
argument that represents the local scope depth which it uses for
JSScope::abstractResolve to know how many scopes it needs to skip.
Again, this is not in the linked code.
op_get_from_scope and op_resolve_scope also take as an argument
the local scope depth to use in JSScope::abstractResolve. Again,
this is not used in the linked code.

  • bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
(JSC::EvalCodeCache::clear):
(JSC::EvalCodeCache::isCacheable):
When direct eval is called and passed a scope that
corresponds to a lexical scope, we can't safely cache
that code because we won't be able to guarantee
that the cached code is always executed in the same scope.
Consider this example:
function foo() {

let x = 20;
eval("x;");
if (b) {

let x = 30;
if (b) {

let y = 40;
eval("x;")

}

}

}

We can't reuse resolution depth when linking get_from_scope in evals.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
(JSC::UnlinkedFunctionExecutable::parameterCount):

  • bytecode/UnlinkedCodeBlock.h:

Unlinked functions now know the variables that were under TDZ in their parent
scope.

(JSC::UnlinkedCodeBlock::symbolTable):
(JSC::UnlinkedCodeBlock::setSymbolTable):
(JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
(JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
(JSC::UnlinkedCodeBlock::vm):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):
(JSC::BytecodeGenerator::newRegister):
(JSC::BytecodeGenerator::reclaimFreeRegisters):
(JSC::BytecodeGenerator::newBlockScopeVariable):
(JSC::BytecodeGenerator::newTemporary):
(JSC::BytecodeGenerator::emitProfileType):
(JSC::BytecodeGenerator::emitLoadGlobalObject):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::popLexicalScope):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::variablePerSymbolTable):
(JSC::BytecodeGenerator::variableForLocalEntry):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::initializeVariable):
(JSC::BytecodeGenerator::emitTDZCheck):
(JSC::BytecodeGenerator::needsTDZCheck):
(JSC::BytecodeGenerator::emitTDZCheckIfNecessary):
(JSC::BytecodeGenerator::liftTDZCheckIfPossible):
(JSC::BytecodeGenerator::getVariablesUnderTDZ):
(JSC::BytecodeGenerator::emitNewObject):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitGetParentScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::emitDebugHook):
(JSC::BytecodeGenerator::pushFinallyContext):
(JSC::BytecodeGenerator::pushIteratorCloseContext):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::emitPopScopes):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
(JSC::BytecodeGenerator::currentScopeDepth):
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitPushCatchScope):
(JSC::BytecodeGenerator::beginSwitch):
(JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
(JSC::BytecodeGenerator::emitEnumeration):

  • bytecompiler/BytecodeGenerator.h:

(JSC::Variable::Variable):
(JSC::Variable::isResolved):
(JSC::Variable::symbolTableConstantIndex):
(JSC::Variable::ident):
(JSC::BytecodeGenerator::ignoredResult):
(JSC::BytecodeGenerator::tempDestination):
(JSC::BytecodeGenerator::lastOpcodeID):
(JSC::BytecodeGenerator::makeFunction):
(JSC::BytecodeGenerator::symbolTable):
(JSC::BytecodeGenerator::shouldOptimizeLocals): Deleted.
(JSC::BytecodeGenerator::canOptimizeNonLocals): Deleted.
The heart of the changes in this patch are in the bytecode generator.
The bytecode generator now keeps a stack of tuples of
{symbol table, scope register, flag indicating catch or with scope, symbol table index in constant pool}
that models the runtime scope stack. This symbol table stack is used
in resolving local variables.

Also, the bytecode generator handles pushing and popping of lexical scopes.
This is relatively straight forward:
Captured 'let' variables end up in the JSLexicalEnvironment scope and non-captured
variables end up on the stack. Some trickiness is involved in generating
code for 'for' loops that have captured variables (I'm talking about variables in the loop
header, not the loop body). Each iteration of the for loop ends up with
its own JSLexicalEnvironment. Static code must be generated in such a way
to create this runtime behavior. This is done by emitting instructions to
push and pop a lexical scope at the end of each loop and copying values
from the previous loop's scope into the new scope. This code must also
ensure that each loop iteration's scope refers to the same underlying
SymbolTable so that no scope is accidentally mistaken as being a singleton scope.

When the debugger is enabled, all lexically defined variables will end up in the
JSLexicalEnvironment.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::BlockNode::emitBytecode):
(JSC::ExprStatementNode::emitBytecode):
(JSC::DeclarationStatement::emitBytecode):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::EmptyLetExpression::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ForInNode::emitMultiLoopBytecode):
(JSC::ForOfNode::emitBytecode):
(JSC::SwitchNode::emitBytecode):
(JSC::BindingNode::bindValue):
(JSC::VarStatementNode::emitBytecode): Deleted.

  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluate):

  • debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::getOwnPropertySlot):
(JSC::DebuggerScope::put):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGNode.h:

(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::initializationValueForActivation):
(JSC::DFG::Node::containsMovHint):

  • dfg/DFGObjectAllocationSinkingPhase.cpp:

CreateActivation nodes now have a second OpInfo that tracks the
initial value that needs to be placed in the activation. This initial value
is also used in allocation sinking to create proper bottom values for all
scope variables.

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCreateActivation):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_pop_scope): Deleted.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_push_with_scope):
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_pop_scope): Deleted.

  • jit/JITOperations.cpp:

(JSC::canAccessArgumentIndexQuickly):

  • jit/JITOperations.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createSourceElements):
(JSC::ASTBuilder::funcDeclarations):
(JSC::ASTBuilder::features):
(JSC::ASTBuilder::numConstants):
(JSC::ASTBuilder::createConditionalExpr):
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createClassDeclStatement):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createIfStatement):
(JSC::ASTBuilder::createForLoop):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createForOfLoop):
(JSC::ASTBuilder::isBindingNode):
(JSC::ASTBuilder::createEmptyStatement):
(JSC::ASTBuilder::createDeclarationStatement):
(JSC::ASTBuilder::createVarStatement):
(JSC::ASTBuilder::createLetStatement):
(JSC::ASTBuilder::createEmptyVarExpression):
(JSC::ASTBuilder::createEmptyLetExpression):
(JSC::ASTBuilder::createReturnStatement):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
(JSC::ASTBuilder::appendStatement):
(JSC::ASTBuilder::createCommaExpr):
(JSC::ASTBuilder::appendObjectPatternEntry):
(JSC::ASTBuilder::createBindingLocation):
(JSC::ASTBuilder::setEndOffset):
(JSC::ASTBuilder::Scope::Scope):
(JSC::ASTBuilder::makeAssignNode):
(JSC::ASTBuilder::varDeclarations): Deleted.
(JSC::ASTBuilder::addVar): Deleted.

  • parser/Keywords.table:
  • parser/NodeConstructors.h:

(JSC::ReadModifyResolveNode::ReadModifyResolveNode):
(JSC::AssignResolveNode::AssignResolveNode):
(JSC::ExprStatementNode::ExprStatementNode):
(JSC::DeclarationStatement::DeclarationStatement):
(JSC::EmptyVarExpression::EmptyVarExpression):
(JSC::EmptyLetExpression::EmptyLetExpression):
(JSC::IfElseNode::IfElseNode):
(JSC::WhileNode::WhileNode):
(JSC::ForNode::ForNode):
(JSC::CaseBlockNode::CaseBlockNode):
(JSC::SwitchNode::SwitchNode):
(JSC::ConstDeclNode::ConstDeclNode):
(JSC::BlockNode::BlockNode):
(JSC::EnumerationNode::EnumerationNode):
(JSC::ForInNode::ForInNode):
(JSC::ForOfNode::ForOfNode):
(JSC::ObjectPatternNode::create):
(JSC::BindingNode::create):
(JSC::BindingNode::BindingNode):
(JSC::VarStatementNode::VarStatementNode): Deleted.

  • parser/Nodes.cpp:

(JSC::ScopeNode::ScopeNode):
(JSC::ScopeNode::singleStatement):
(JSC::ProgramNode::ProgramNode):
(JSC::EvalNode::EvalNode):
(JSC::FunctionNode::FunctionNode):
(JSC::FunctionNode::finishParsing):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

  • parser/Nodes.h:

(JSC::VariableEnvironmentNode::VariableEnvironmentNode):
(JSC::VariableEnvironmentNode::lexicalVariables):
(JSC::ScopeNode::usesThis):
(JSC::ScopeNode::needsActivationForMoreThanVariables):
(JSC::ScopeNode::needsActivation):
(JSC::ScopeNode::hasCapturedVariables):
(JSC::ScopeNode::captures):
(JSC::ScopeNode::varDeclarations):
(JSC::ScopeNode::functionStack):
(JSC::ScopeNode::neededConstants):
(JSC::ProgramNode::startColumn):
(JSC::ProgramNode::endColumn):
(JSC::EvalNode::startColumn):
(JSC::EvalNode::endColumn):
(JSC::BindingNode::boundProperty):
(JSC::BindingNode::divotStart):
(JSC::BindingNode::divotEnd):
(JSC::ScopeNode::capturedVariableCount): Deleted.
(JSC::ScopeNode::capturedVariables): Deleted.
(JSC::ScopeNode::varStack): Deleted.
There is a new class called 'VariableEnvironmentNode' that has the
necessary fields to model a lexical scope. Multiple AST nodes now
also inherit from VariableEnvironmentNode.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::didFinishParsing):
(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseVariableDeclaration):
(JSC::Parser<LexerType>::parseWhileStatement):
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::createBindingPattern):
(JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseConstDeclarationList):
(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseBreakStatement):
(JSC::Parser<LexerType>::parseContinueStatement):
(JSC::Parser<LexerType>::parseSwitchStatement):
(JSC::Parser<LexerType>::parseTryStatement):
(JSC::Parser<LexerType>::parseBlockStatement):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClassDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseVarDeclaration): Deleted.
(JSC::Parser<LexerType>::parseVarDeclarationList): Deleted.

  • parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::setIsFunction):
(JSC::Scope::isFunction):
(JSC::Scope::isFunctionBoundary):
(JSC::Scope::setIsLexicalScope):
(JSC::Scope::isLexicalScope):
(JSC::Scope::declaredVariables):
(JSC::Scope::finalizeLexicalEnvironment):
(JSC::Scope::computeLexicallyCapturedVariablesAndPurgeCandidates):
(JSC::Scope::declareCallee):
(JSC::Scope::declareVariable):
(JSC::Scope::declareLexicalVariable):
(JSC::Scope::hasDeclaredVariable):
(JSC::Scope::hasLexicallyDeclaredVariable):
(JSC::Scope::hasDeclaredParameter):
(JSC::Scope::declareWrite):
(JSC::Scope::preventAllVariableDeclarations):
(JSC::Scope::preventVarDeclarations):
(JSC::Scope::allowsVarDeclarations):
(JSC::Scope::allowsLexicalDeclarations):
(JSC::Scope::declareParameter):
(JSC::Scope::declareBoundParameter):
(JSC::Scope::useVariable):
(JSC::Scope::setNeedsFullActivation):
(JSC::Scope::needsFullActivation):
(JSC::Scope::hasDirectSuper):
(JSC::Scope::setNeedsSuperBinding):
(JSC::Scope::collectFreeVariables):
(JSC::Scope::getCapturedVars):
(JSC::Scope::copyCapturedVariablesToVector):
(JSC::Parser::AutoCleanupLexicalScope::AutoCleanupLexicalScope):
(JSC::Parser::AutoCleanupLexicalScope::~AutoCleanupLexicalScope):
(JSC::Parser::AutoCleanupLexicalScope::setIsValid):
(JSC::Parser::AutoCleanupLexicalScope::isValid):
(JSC::Parser::AutoCleanupLexicalScope::setPopped):
(JSC::Parser::AutoCleanupLexicalScope::scope):
(JSC::Parser::currentScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::popScope):
(JSC::Parser::declareVariable):
(JSC::Parser::hasDeclaredVariable):
(JSC::Parser::hasDeclaredParameter):
(JSC::Parser::declareWrite):
(JSC::Parser::findCachedFunctionInfo):
(JSC::Parser::isFunctionBodyNode):
(JSC::Parser::continueIsValid):
(JSC::Parser::pushLabel):
(JSC::Parser::popLabel):
(JSC::Parser::getLabel):
(JSC::Parser::isLETMaskedAsIDENT):
(JSC::Parser<LexerType>::parse):
(JSC::Scope::preventNewDecls): Deleted.
(JSC::Scope::allowsNewDecls): Deleted.
(JSC::Scope::getCapturedVariables): Deleted.
There are basic parser changes that now allow for the 'let'
keyword. The trickiest change is how we will still treat 'let'
as an identifier for sloppy-mode code sometimes. For example,
"var let = ..." is allowed but "let let" or "const let" is not.

The most significant change to the parser made for this patch
is appropriating the Scope struct to also also model a lexical
scope. Changes were made in how we track captured variables to
account for this. In general, I think some of this code could
benefit from a slight refactoring to make things cleaner.

  • parser/ParserTokens.h:
  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createNewExpr):
(JSC::SyntaxChecker::createConditionalExpr):
(JSC::SyntaxChecker::createAssignResolve):
(JSC::SyntaxChecker::createEmptyVarExpression):
(JSC::SyntaxChecker::createEmptyLetExpression):
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createClassDeclStatement):
(JSC::SyntaxChecker::createBlockStatement):
(JSC::SyntaxChecker::createExprStatement):
(JSC::SyntaxChecker::createIfStatement):
(JSC::SyntaxChecker::createForLoop):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createForOfLoop):
(JSC::SyntaxChecker::createEmptyStatement):
(JSC::SyntaxChecker::createVarStatement):
(JSC::SyntaxChecker::createLetStatement):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createTryStatement):
(JSC::SyntaxChecker::createSwitchStatement):
(JSC::SyntaxChecker::createWhileStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createDoWhileStatement):
(JSC::SyntaxChecker::createGetterOrSetterProperty):
(JSC::SyntaxChecker::appendStatement):
(JSC::SyntaxChecker::combineCommaNodes):
(JSC::SyntaxChecker::evalCount):
(JSC::SyntaxChecker::appendBinaryExpressionInfo):
(JSC::SyntaxChecker::operatorStackPop):
(JSC::SyntaxChecker::addVar): Deleted.

  • parser/VariableEnvironment.cpp: Added.

(JSC::VariableEnvironment::markVariableAsCapturedIfDefined):
(JSC::VariableEnvironment::markVariableAsCaptured):
(JSC::VariableEnvironment::markAllVariablesAsCaptured):
(JSC::VariableEnvironment::hasCapturedVariables):
(JSC::VariableEnvironment::captures):
(JSC::VariableEnvironment::swap):

  • parser/VariableEnvironment.h: Added.

(JSC::VariableEnvironmentEntry::isCaptured):
(JSC::VariableEnvironmentEntry::isConstant):
(JSC::VariableEnvironmentEntry::isVar):
(JSC::VariableEnvironmentEntry::isLet):
(JSC::VariableEnvironmentEntry::setIsCaptured):
(JSC::VariableEnvironmentEntry::setIsConstant):
(JSC::VariableEnvironmentEntry::setIsVar):
(JSC::VariableEnvironmentEntry::setIsLet):
(JSC::VariableEnvironmentEntry::clearIsVar):
(JSC::VariableEnvironment::begin):
(JSC::VariableEnvironment::end):
(JSC::VariableEnvironment::add):
(JSC::VariableEnvironment::size):
(JSC::VariableEnvironment::contains):
(JSC::VariableEnvironment::remove):
VariableEnvironment is a new class that keeps track
of the static environment in the parser and the bytecode generator.
VariableEnvironment behaves like SymbolTable but for the bytecode generator.
It keeps track of variable types, i.e, if a variable is a "var", "let", "const"
and whether or not its captured.

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

  • runtime/CodeCache.h:

(JSC::CodeCache::clear):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:
  • runtime/ExceptionHelpers.cpp:

(JSC::createErrorForInvalidGlobalAssignment):
(JSC::createTDZError):
(JSC::throwOutOfMemoryError):

  • runtime/ExceptionHelpers.h:
  • runtime/Executable.cpp:

(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::initializeGlobalProperties):

  • runtime/Executable.h:
  • runtime/JSCJSValue.h:

(JSC::jsUndefined):
(JSC::jsTDZValue):
(JSC::jsBoolean):

  • runtime/JSEnvironmentRecord.h:

(JSC::JSEnvironmentRecord::finishCreationUninitialized):
(JSC::JSEnvironmentRecord::finishCreation):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createEvalCodeBlock):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::weakRandomInteger):

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

  • runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::symbolTableGet):

  • runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::create):

  • runtime/JSScope.cpp:

(JSC::JSScope::resolve):
(JSC::JSScope::abstractResolve):
(JSC::JSScope::collectVariablesUnderTDZ):
(JSC::JSScope::isLexicalScope):
(JSC::resolveModeName):

  • runtime/JSScope.h:
  • runtime/PropertySlot.h:

(JSC::PropertySlot::setValue):

  • runtime/SymbolTable.cpp:

(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneScopePart):

  • runtime/SymbolTable.h:

SymbolTable now uses an extra bit to know if it corresponds
to a "let"-like environment or not.

  • runtime/WriteBarrier.h:

(JSC::WriteBarrierBase<Unknown>::get):
(JSC::WriteBarrierBase<Unknown>::clear):
(JSC::WriteBarrierBase<Unknown>::setUndefined):
(JSC::WriteBarrierBase<Unknown>::setStartingValue):
(JSC::WriteBarrierBase<Unknown>::isNumber):
(JSC::WriteBarrierBase<Unknown>::isObject):
(JSC::WriteBarrierBase<Unknown>::isNull):

  • tests/stress/activation-sink-default-value-tdz-error.js: Added.

(shouldThrowTDZ):
(bar):
(foo.cap):

  • tests/stress/activation-sink-osrexit-default-value-tdz-error.js: Added.

(shouldThrowTDZ):
(bar):

  • tests/stress/lexical-let-and-with-statement.js: Added.

(truth):
(assert):
(.):

  • tests/stress/lexical-let-exception-handling.js: Added.

(truth):
(assert):
(.):

  • tests/stress/lexical-let-global-not-captured-variables.js: Added.

(truth):
(assert):
(foo):
(.let.capY):

  • tests/stress/lexical-let-loop-semantics.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

  • tests/stress/lexical-let-not-strict-mode.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

  • tests/stress/lexical-let-semantics.js: Added.

(truth):
(assert):
(let.globalFunction):
(let.retGlobalNumberCaptured):
(let.setGlobalNumberCaptured):
(.):

  • tests/stress/lexical-let-tdz.js: Added.

(truth):
(assert):
(shouldThrowTDZ):
(.):

LayoutTests:

  • js/dom/reserved-words-as-property-expected.txt:
  • js/keywords-and-reserved_words-expected.txt:
  • js/let-syntax-expected.txt: Added.
  • js/let-syntax.html: Added.
  • js/reserved-words-strict-expected.txt:
  • js/script-tests/keywords-and-reserved_words.js:
  • js/script-tests/let-syntax.js: Added.

(truth):
(assert):
(hasSyntaxError):
(shouldHaveSyntaxError):
(shouldNotHaveSyntaxError):
(shouldHaveSyntaxErrorStrictOnly):

  • js/script-tests/reserved-words-strict.js:
  • js/script-tests/statement-list-item-syntax-errors.js:

(testSyntax):
(runTests):

  • js/statement-list-item-syntax-errors-expected.txt:
2:29 PM Changeset in webkit [186859] by andersca@apple.com
  • 8 edits in trunk/Source

Make JavaScriptCore SPI headers used by WebCore SPI headers self-contained
https://bugs.webkit.org/show_bug.cgi?id=146978

Reviewed by Dan Bernstein.

Source/JavaScriptCore:

  • debugger/DebuggerPrimitives.h:
  • disassembler/Disassembler.h:
  • heap/Weak.h:
  • inspector/InspectorValues.h:
  • runtime/JSCJSValue.h:

Source/WTF:

  • wtf/ExportMacros.h:
2:19 PM Changeset in webkit [186858] by timothy_horton@apple.com
  • 12 edits
    7 adds in trunk

Factor rect shrink-wrapping code out of RenderThemeMac for future reuse
https://bugs.webkit.org/show_bug.cgi?id=146973
<rdar://problem/21643094>

Reviewed by Anders Carlsson.

Test: fast/shrink-wrap/rect-shrink-wrap.html

  • WebCore.xcodeproj/project.pbxproj:

Add DOMPath.cpp and PathUtilities.{h, cpp}.

  • bindings/js/JSDOMBinding.h:

(WebCore::NativeValueTraits<double>::nativeValue):
Make it possible to use sequence<double> in IDL files.

  • bindings/scripts/CodeGeneratorJS.pm:

Export JSDOMPath for use in Internals.

  • html/canvas/DOMPath.cpp: Added.

(WebCore::DOMPath::~DOMPath):

  • html/canvas/DOMPath.h:

Out-of-line the DOMPath destructor so as not to anger the bindings
integrity checker (otherwise, the address of the DOMPath destructor
is different in WebCoreTestSupport and WebCore, causing us to fail
the vtable equality test).

  • platform/graphics/Path.h:

Forward declare FloatRect instead of including it unnecessarily.
Export ensurePlatformPath().

  • platform/graphics/PathUtilities.cpp: Added.

(WebCore::addShrinkWrapRightCorner):
(WebCore::addShrinkWrapLeftCorner):
(WebCore::addShrinkWrappedPathForRects):
These parts are extracted from RenderThemeMac, with two changes:

+ support for arbitrarily-aligned rects

(the other version assumed they were horizontally center-aligned)

+ support for overlapping rects

(the other version assumed they touched but did not overlap)

There are still things missing:

+ support for a fallback when the shape is too hard to shrink-wrap

And things broken:

+ if the distance between two edges is smaller than the corner radius,

we'll end up with a sharp edge in the path

Both of these cases are covered in the layout test and can be improved.

(WebCore::rectsIntersectOrTouch):
Rect intersection with <= instead of <.

(WebCore::contiguousRectGroupsFromRects):
Given a set of rects, find all of the contiguous regions. We'll
shrink-wrap each region independently.

(WebCore::PathUtilities::pathWithShrinkWrappedRects):

  • platform/graphics/PathUtilities.h: Added.

Add PathUtilities, where the shrink-wrapping code lives.

  • rendering/RenderThemeMac.mm:

(WebCore::paintAttachmentTitleBackground):
(WebCore::addAttachmentTitleBackgroundRightCorner): Deleted.
(WebCore::addAttachmentTitleBackgroundLeftCorner): Deleted.
Remove shrink-wrapping implementation and make use of the one in PathUtilities.

  • testing/Internals.cpp:

(WebCore::Internals::pathWithShrinkWrappedRects):

  • testing/Internals.h:
  • testing/Internals.idl:

Expose pathWithShrinkWrappedRects to tests via Internals.
It takes a sequence<double> where every four values are the x, y, w, h
of a rect, and returns a DOMPath which can be used with Canvas.

  • fast/shrink-wrap/rect-shrink-wrap-expected.png: Added.
  • fast/shrink-wrap/rect-shrink-wrap-expected.txt: Added.
  • fast/shrink-wrap/rect-shrink-wrap.html: Added.

Add a test of both working and broken (indicated by comments in the test)
shrink-wrapping cases.

2:07 PM Changeset in webkit [186857] by enrica@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Should look for RTF and RTFD pasteboard types before plain text.
https://bugs.webkit.org/show_bug.cgi?id=146971
rdar://problem/21840845

Reviewed by Sam Weinig.

The list of pasteboard types returned by supportedPasteboardTypes
determines the order in which WebKit looks for data in the pasteboard
to create a fragment. The incorrect order could make plain text to
be preferred over rich format.

  • platform/ios/PasteboardIOS.mm:

(WebCore::Pasteboard::supportedPasteboardTypes):

2:06 PM Changeset in webkit [186856] by andersca@apple.com
  • 2 edits in trunk/Source/WebCore

Private headers that include project headers should also be project headers
https://bugs.webkit.org/show_bug.cgi?id=146974

Reviewed by Dan Bernstein.

Since these headers can't be included by WebKit anyway they shouldn't be installed.

  • WebCore.xcodeproj/project.pbxproj:
2:05 PM Changeset in webkit [186855] by matthew_hanson@apple.com
  • 28 edits
    4 adds in branches/safari-600.8-branch

Merge r186763. rdar://problem/21707917

1:49 PM Changeset in webkit [186854] by eric.carlson@apple.com
  • 6 edits in trunk/Source/WebCore

[Mac] AirPlay route is not always set automatically
https://bugs.webkit.org/show_bug.cgi?id=146969

Reviewed by Jer Noble.

  • Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::WebMediaSessionManager::configurePlaybackTargetClients): Return early if there are

no clients. Make the first client in the vector automatically play to the target if there
is no other match and there is an active route.

(WebCore::WebMediaSessionManager::watchdogTimerFired): Call picker.invalidatePlaybackTargets,

not stopMonitoringPlaybackTargets.

  • platform/graphics/MediaPlaybackTargetPicker.cpp:

(WebCore::MediaPlaybackTargetPicker::invalidatePlaybackTargets): New.

  • platform/graphics/MediaPlaybackTargetPicker.h:
  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::stopMonitoringPlaybackTargets): Do nothing, AirPlay

automatically stops monitoring when appropriate and release the picker also releases
the output context, which drops the route.

(WebCore::MediaPlaybackTargetPickerMac::invalidatePlaybackTargets): New.

1:36 PM Changeset in webkit [186853] by andersca@apple.com
  • 1 edit
    5 deletes in trunk/Source/WebCore

Remove forwarding headers that no longer point to valid headers
https://bugs.webkit.org/show_bug.cgi?id=146972

Reviewed by Tim Horton.

  • ForwardingHeaders/heap/AllocationSpace.h: Removed.
  • ForwardingHeaders/runtime/IntegralTypedArrayBase.h: Removed.
  • ForwardingHeaders/runtime/PrototypeFunction.h: Removed.
  • ForwardingHeaders/runtime/StorageBarrier.h: Removed.
  • ForwardingHeaders/runtime/TypedArrayBase.h: Removed.
1:34 PM Changeset in webkit [186852] by Michael Catanzaro
  • 3 edits in trunk/Source/WebKit2

[GTK] Rename LIBEXECDIR to PKGLIBEXECDIR
https://bugs.webkit.org/show_bug.cgi?id=140070

Reviewed by Martin Robinson.

The path that's currently stored in LIBEXECDIR is one level lower than
the real LIBEXECDIR, which we are going to need. Introduce PKGLIBEXECDIR
so that we can use LIBEXECDIR for the real LIBEXECDIR in the future.

  • PlatformGTK.cmake:
  • Shared/gtk/ProcessExecutablePathGtk.cpp:

(WebKit::findWebKitProcess):

11:32 AM Changeset in webkit [186851] by basile_clement@apple.com
  • 2 edits in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Change sizeof(Register) to sizeof(void*)

Rubber-stamped by Michael Saboff.

sizeof(void*) is the actual size of a pointer on the current
architecture, while sizeof(Register) is the size of a 64-bit JS slot.
They are the technically the same since FTL only works on 64-bit
architectures, but we should still use the semantically correct one.

  • ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::emit):

11:02 AM Changeset in webkit [186850] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

[Mac][WK2] Videos should only have access to cookies when -[NSURLRequest HTTPShouldHandleCookies] is YES
https://bugs.webkit.org/show_bug.cgi?id=146763
<rdar://problem/21736994>

Reviewed by Darin Adler.

We should only fetch cookies from the Network process when -[NSURLRequest HTTPShouldHandleCookies] is YES.
This makes us more closely match the behavior of the CFNetwork implementation of
-[NSURLSessionLocal {_copyCookiesForRequestUsingAllAppropriateStorageSemantics, _getCookieHeadersForTask:completionHandler}].

  • Shared/mac/CookieStorageShim.mm:

(-[WKNSURLSessionLocal _copyCookiesForRequestUsingAllAppropriateStorageSemantics:]):
(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

10:52 AM Changeset in webkit [186849] by enrica@apple.com
  • 7 edits in trunk/Source/WebKit2

[iOS] Add support for updateSelectionWithExtentPoint:withBoundary.
https://bugs.webkit.org/show_bug.cgi?id=146951
rdar://problem/20864286

Reviewed by Tim Horton.

Add implementation for new method used by text selection
engine on iOS. The new function modifies the selection near the given point
and snaps it at the boundary of the specified granularity.

  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView updateSelectionWithExtentPoint:completionHandler:]):
(-[WKContentView updateSelectionWithExtentPoint:withBoundary:completionHandler:]):
(-[WKContentView _characterBeforeCaretSelection]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::updateSelectionWithExtentPoint):
(WebKit::WebPageProxy::updateSelectionWithExtentPointAndBoundary):
(WebKit::WebPageProxy::requestDictationContext):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::rangeForGranularityAtPoint):
(WebKit::WebPage::selectTextWithGranularityAtPoint):
(WebKit::WebPage::updateSelectionWithExtentPointAndBoundary):

10:42 AM Changeset in webkit [186848] by basile_clement@apple.com
  • 3 edits in branches/jsc-tailcall/Source/JavaScriptCore

jsc-tailcall: Only non-constructors functions are candidate for tail calls
https://bugs.webkit.org/show_bug.cgi?id=146967

Reviewed by Saam Barati.

Previously, we were emitting tail calls in any ScopeNode. This is
wrong: we should only be emitting tail calls in FunctionNodes that are
not ES6 constructors.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ScopeNode::emitStatementsBytecode):
(JSC::FunctionNode::emitBytecode):

  • parser/Nodes.h:
9:04 AM Changeset in webkit [186847] by matthew_hanson@apple.com
  • 10 edits
    2 adds in branches/safari-600.8-branch

Merge r186744. rdar://problem/21716371

9:04 AM Changeset in webkit [186846] by matthew_hanson@apple.com
  • 14 edits in branches/safari-600.8-branch/Source/WebKit2

Merge r186804. rdar://problem/21716368

9:04 AM Changeset in webkit [186845] by matthew_hanson@apple.com
  • 6 edits
    12 adds in branches/safari-600.8-branch

Merge r186793. rdar://problem/21707880

9:04 AM Changeset in webkit [186844] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.8-branch/LayoutTests

Merge r186790. rdar://problem/21708063

9:04 AM Changeset in webkit [186843] by matthew_hanson@apple.com
  • 8 edits
    8 adds in branches/safari-600.8-branch

Merge r186749. rdar://problem/21532770

9:04 AM Changeset in webkit [186842] by matthew_hanson@apple.com
  • 3 edits
    2 adds in branches/safari-600.8-branch

Merge r186747. rdar://problem/21716398

9:04 AM Changeset in webkit [186841] by matthew_hanson@apple.com
  • 4 edits
    2 adds in branches/safari-600.8-branch

Merge r186746. rdar://problem/21716391

9:02 AM Changeset in webkit [186840] by commit-queue@webkit.org
  • 4 edits
    4 adds in trunk

Negative scroll snap repeat values cause web process to hang indefinitely
https://bugs.webkit.org/show_bug.cgi?id=146953
Source/WebCore:

<rdar://problem/21823681>

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Simon Fraser.

Fixed dangerous behavior caused by setting -scroll-snap-points-x or -y to negative or very small
positive values. In the case of negative or 0 repeats, the web process would hang indefinitely. In
the case of very small positive values, a massive amount of memory could potentially be allocated
just to store snap offsets.

Tests: css3/scroll-snap/scroll-snap-negative-repeat.html

css3/scroll-snap/scroll-snap-subpixel-repeat.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseNonElementSnapPoints): Changed to consider negative snap repeat values as invalid CSS.

  • page/scrolling/AxisScrollSnapOffsets.cpp:

(WebCore::updateFromStyle): Changed to threshold non-negative snap repeat values to 1px.

LayoutTests:

Patch by Wenson Hsieh <Wenson Hsieh> on 2015-07-15
Reviewed by Simon Fraser.

The first test case checks that setting -scroll-snap-points-x or -y to a negative value
will not cause the web process to hang. The second test case (in a similar vein) checks
that tiny subpixel snap repeats generate a reasonable number of snap offsets.

  • css3/scroll-snap/scroll-snap-negative-repeat-expected.txt: Added.
  • css3/scroll-snap/scroll-snap-negative-repeat.html: Added.
  • css3/scroll-snap/scroll-snap-subpixel-repeat-expected.txt: Added.
  • css3/scroll-snap/scroll-snap-subpixel-repeat.html: Added.
9:01 AM Changeset in webkit [186839] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[Linux] SeccompBrokerClient should cache arbitrary file descriptors
https://bugs.webkit.org/show_bug.cgi?id=140068

Reviewed by Žan Doberšek.

If malloc() attempts to open /proc/sys/vm/overcommit_memory in a SIGSYS
signal handler, the SeccompBroker will attempt to recursively broker the
open() syscall. Generalize the existing code that already handles the
similar case where malloc() opens /sys/devices/system/cpu/online to
handle this situation as well.

  • Shared/linux/SeccompFilters/SeccompBroker.cpp:

(WebKit::SIGSYSHandler):
(WebKit::SeccompBrokerClient::SeccompBrokerClient):
(WebKit::SeccompBrokerClient::~SeccompBrokerClient):
(WebKit::SeccompBrokerClient::handleIfOpeningCachedFile):
(WebKit::SeccompBrokerClient::cacheFile):
(WebKit::SeccompBrokerClient::handleIfOpeningOnlineCPUCount): Deleted.

7:47 AM Changeset in webkit [186838] by ddkilzer@apple.com
  • 2 edits in branches/safari-600.1.4.17-branch/Source/WebKit2

REGRESSION (r186559): Follow-up fix to merge r183861 for <rdar://problem/21716677>

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::cleanup): Restore call to
deref() so we don't leak the NetworkResourceLoader.

7:22 AM Changeset in webkit [186837] by dino@apple.com
  • 3 edits in trunk/Source/WebCore

Placeholder colors should be system grays
https://bugs.webkit.org/show_bug.cgi?id=146955
<rdar://problem/21774358>

Reviewed by Sam Weinig.

Update the PiP and Airplay placards to use the correct shades
of gray.

  • Modules/mediacontrols/mediaControlsApple.css: No need to specify the

font here, nor have rules for Picture in Picture, which isn't available
on OS X.
(audio::-webkit-media-controls-time-remaining-display): We should specify
font style here.
(video:-webkit-full-screen::-webkit-media-controls-panel): Drive-by cleanup.
(audio::-webkit-media-controls-wireless-playback-status): Use a gray background
and system gray for text and artwork.
(audio::-webkit-media-controls-wireless-playback-status.small): Ditto.
(audio::-webkit-media-controls-picture-in-picture-button): Deleted (not on OS X).
(audio::-webkit-media-controls-wireless-playback-text-top): Deleted use of background color.
(audio::-webkit-media-controls-wireless-playback-text-bottom): Ditto..

  • Modules/mediacontrols/mediaControlsiOS.css: Use a gray background

and system gray for text and artwork.
(audio::-webkit-media-controls-wireless-playback-status):
(audio::-webkit-media-controls-wireless-playback-text-top):
(audio::-webkit-media-controls-wireless-playback-status.picture-in-picture):

7:15 AM Changeset in webkit [186836] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

http/tests/misc/large-js-program.php crashes slowly in Debug builds on Windows

Fix is tracked by <rdar://problem/21816197>.

After r186813, the test was found to also crash in Debug builds
on Windows; it just needed more time to do so:

<https://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fmisc%2Flarge-js-program.php>

  • platform/win/TestExpectations: Mark test as slow and crashing:
  • http/tests/misc/large-js-program.php
6:34 AM Changeset in webkit [186835] by ChangSeok Oh
  • 3 edits in trunk/Source/WebKit2

[GTK] Accelerated compositing is enabled by MiniBrowser in Wayland
https://bugs.webkit.org/show_bug.cgi?id=146827

Reviewed by Žan Doberšek.

WebKit2Gtk+ does not currently support accelerated compositing. For the reason,
we forcedly disable it in webkitWebViewBaseCreateWebPage. However, when we launch
MiniBrowser in wayland, the unsupported feature is re-enabled since the existing
setting is overwritten by a newly created one. Here the default value for
accelerated compositing is true. We can fix this by moving the code disabling
accelerated composition to WebPreferences::platformInitializeStore() so that
we make sure the accelerated compositing is always disabled for wayland.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseCreateWebPage): Deleted.

  • UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformInitializeStore):

1:33 AM Changeset in webkit [186834] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

Fixed build fix.

  • Platform/spi/ios/SafariServicesSPI.h:
Note: See TracTimeline for information about the timeline view.