Timeline



Sep 14, 2015:

11:59 PM Changeset in webkit [189781] by Carlos Garcia Campos
  • 11 edits
    8 adds in releases/WebKitGTK/webkit-2.10

Merge r189469 - ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::get(); update form
association after subtree insertion
https://bugs.webkit.org/show_bug.cgi?id=148919
<rdar://problem/21868036>

Patch by Daniel Bates <dabates@apple.com> on 2015-09-07
Reviewed by Andy Estes.

Source/WebCore:

Currently we update the form association of a form control upon insertion into
the document. Instead we should update the form association of a form control
after its containing subtree is inserted into the document to avoid an assertion
failure when the containing subtree has an element whose id is identical to both
the id of some other element in the document and the name of the form referenced
by the inserted form control.

Tests: fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html

fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html
fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html
fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto): Moved resetFormOwner() from here
to {HTMLFormControlElement, HTMLObjectElement}::finishedInsertingSubtree().

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree
so that HTMLFormControlElement::finishedInsertingSubtree() is called.
(WebCore::HTMLFormControlElement::finishedInsertingSubtree): Added; turn around and
call FormAssociatedElement::resetFormOwner().

  • html/HTMLFormControlElement.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so
that HTMLInputElement::finishedInsertingSubtree() is called and move logic to update radio button
group from here...
(WebCore::HTMLInputElement::finishedInsertingSubtree): to here.

  • html/HTMLInputElement.h:
  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so
that HTMLObjectElement::finishedInsertingSubtree() is called.
(WebCore::HTMLObjectElement::finishedInsertingSubtree): Added; turn around and
call FormAssociatedElement::resetFormOwner().

  • html/HTMLObjectElement.h:
  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::insertedInto): Modified to return the result of
HTMLFormControlElementWithState::insertedInto(), which may schedule a callback after subtree
insertion.

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::insertedInto): Ditto.

LayoutTests:

Add tests to ensure that updating the form association of a form control in a subtree
does not cause an assertion failure.

  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html: Added.
11:53 PM Changeset in webkit [189780] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10

Merge r189445 - XHR2 timeout property should allow late updates
https://bugs.webkit.org/show_bug.cgi?id=98156

Reviewed by Darin Adler.

Source/WebCore:

Adding a timer within XMLHttpRequest to handle timeouts for asynchronous requests.
This allows easy update of the timeout even after request is sent.
Timeout is still handled by the network backend for synchronous requests (Web worker context).

Covered by updated tests.

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::XMLHttpRequest): Adding timeout timer initialization.
(WebCore::XMLHttpRequest::setTimeout): Updating timeout timer state if request is sent.
(WebCore::XMLHttpRequest::createRequest): Starting timeout timer if needed.
(WebCore::XMLHttpRequest::internalAbort): Stopping timeout timer if needed.
(WebCore::XMLHttpRequest::didFail): Adding comment.
(WebCore::XMLHttpRequest::didFinishLoading): Stopping timeout timer if needed.

  • xml/XMLHttpRequest.h:

LayoutTests:

Activating test checking that timeout can be updated after request is sent.

  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides-expected.txt:
  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.js:
  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-worker-overrides-expected.txt:
11:48 PM Changeset in webkit [189779] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189442 - Leak in WebContextInjectedBundleClient::getInjectedBundleInitializationUserData
https://bugs.webkit.org/show_bug.cgi?id=148769

Fix suggested by Zan Dobersek.

Reviewed by Darin Adler.

  • UIProcess/WebContextInjectedBundleClient.cpp:

(WebKit::WebContextInjectedBundleClient::getInjectedBundleInitializationUserData):

11:46 PM Changeset in webkit [189778] by ap@apple.com
  • 3 edits in trunk/LayoutTests

Layout Test http/tests/media/media-document-referer.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=145257

Reviewed by Chris Dumez.

  • http/tests/media/media-document-referer.html: Increase the timeout, one second is not much.
  • platform/gtk/TestExpectations: Fingers crossed, this will help Gtk as well.
11:25 PM Changeset in webkit [189777] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

Unreviewed, EFL gardening on 15th Sep.

Mark tests of css1/box_properties to flaky and tests of editing, fast are set to timeout.

  • platform/efl/TestExpectations:
11:00 PM Changeset in webkit [189776] by Gyuyoung Kim
  • 24 edits in trunk/Source/WebCore

Remove all uses of PassRefPtr in WebCore/xml
https://bugs.webkit.org/show_bug.cgi?id=149114

Reviewed by Darin Adler.

  • dom/DecodedDataDocumentParser.h:
  • dom/DocumentParser.h:
  • dom/RawDataDocumentParser.h:
  • html/FTPDirectoryDocument.cpp:

(WebCore::FTPDirectoryDocumentParser::append):

  • html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::append):

  • html/parser/HTMLDocumentParser.h:
  • html/parser/TextDocumentParser.cpp:

(WebCore::TextDocumentParser::append):

  • html/parser/TextDocumentParser.h:
  • xml/NativeXPathNSResolver.cpp:

(WebCore::NativeXPathNSResolver::NativeXPathNSResolver):

  • xml/NativeXPathNSResolver.h:

(WebCore::NativeXPathNSResolver::create):

  • xml/XMLErrors.cpp:

(WebCore::createXHTMLParserErrorHeader):

  • xml/XMLHttpRequestProgressEventThrottle.cpp:

(WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent):
(WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent):
(WebCore::XMLHttpRequestProgressEventThrottle::dispatchDeferredEvents):

  • xml/XMLHttpRequestProgressEventThrottle.h:
  • xml/XMLSerializer.h:
  • xml/XPathEvaluator.cpp:

(WebCore::XPathEvaluator::createExpression):
(WebCore::XPathEvaluator::createNSResolver):
(WebCore::XPathEvaluator::evaluate):

  • xml/XPathEvaluator.h:
  • xml/XPathNodeSet.h: Fix style errors.

(WebCore::XPath::NodeSet::NodeSet):
(WebCore::XPath::NodeSet::append):

  • xml/XPathPath.cpp:

(WebCore::XPath::Filter::evaluate):
(WebCore::XPath::LocationPath::evaluate):

  • xml/XPathValue.h: ditto.

(WebCore::XPath::Value::Value):
(WebCore::XPath::Value::Data::create):
(WebCore::XPath::Value::Data::Data):

  • xml/XSLTProcessor.cpp:

(WebCore::XSLTProcessor::transformToDocument):
(WebCore::XSLTProcessor::transformToFragment):

  • xml/XSLTProcessor.h:

(WebCore::XSLTProcessor::setXSLStyleSheet):
(WebCore::XSLTProcessor::importStylesheet):

  • xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::append):

  • xml/parser/XMLDocumentParser.h:
9:05 PM Changeset in webkit [189775] by commit-queue@webkit.org
  • 9 edits in trunk/Source/JavaScriptCore

rename callFrameForThrow to callFrameForCatch
https://bugs.webkit.org/show_bug.cgi?id=149136

Patch by Saam barati <sbarati@apple.com> on 2015-09-14
Reviewed by Michael Saboff.

We use "callFrameForThrow" to mean the call frame in
which we're catching the exception. The field name
should accurately represent its purpose by being
named "callFrameForCatch".

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOperations.cpp:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/VM.h:

(JSC::VM::exceptionOffset):
(JSC::VM::callFrameForCatchOffset):
(JSC::VM::targetMachinePCForThrowOffset):
(JSC::VM::callFrameForThrowOffset): Deleted.

8:00 PM Changeset in webkit [189774] by msaboff@apple.com
  • 43 edits
    7 adds in trunk/Source/JavaScriptCore

[ES6] Implement tail calls in the LLInt and Baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=148661

Patch by Basile Clement <basile_clement@apple.com> on 2015-09-14
Reviewed by Filip Pizlo.

This patch introduces two new opcodes, op_tail_call and
op_tail_call_varargs, to perform tail calls, and implements them in the
LLInt and baseline JIT. Their use prevents DFG and FTL compilation for
now. They are currently implemented by sliding the call frame and
masquerading as our own caller right before performing an actual call.

This required to change the operationLink family of operation to return
a SlowPathReturnType instead of a char* in order to distinguish between
exception cases and actual call cases. We introduce a new FrameAction
enum that indicates whether to reuse (non-exceptional tail call) or
keep the current call frame (non-tail call, and exceptional cases).

This is also a semantics change, since the Function.caller property is
now leaking tail calls. Since tail calls are only used in strict mode,
which poisons this property, the only way of seeing this semantics
change is when a sloppy function calls a strict function that then
tail-calls a sloppy function. Previously, the second sloppy function's
caller would have been the strict function (i.e. raises a TypeError
when the .caller attribute is accessed), while it is now the first
sloppy function. Tests have been updated to reflect that.

This also changes the assumptions we make about call frames. In order
to be relatively efficient, we want to be able to compute the frame
size based only on the argument count, which was not possible
previously. To enable this, we now enforce at the bytecode generator,
DFG and FTL level that any space reserved for a call frame is
stack-aligned, which allows to easily compute its size when performing
a tail call. In all the "special call cases" (calls from native code,
inlined cache calls, etc.), we are starting the frame at the current
stack pointer and thus will always have a stack-aligned frame size.

Finally, this patch adds a couple of tests to check that tail calls run
in constant stack space, as well as tests checking that tail calls are
recognized correctly. Those tests use the handy aforementioned leaking
of tail calls through Function.caller to detect tail calls.

Given that this patch only implements tail calls for the LLInt and
Baseline JIT, tail calls are disabled by default. Until changes are
landed for all tiers, tail call testing and use requires the
--enableTailCalls=true or equivalent.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/AbortReason.h:
  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::repatchNearCall):
(JSC::AbstractMacroAssembler::repatchCompact):

  • assembler/CodeLocation.h:

(JSC::CodeLocationNearCall::CodeLocationNearCall):
(JSC::CodeLocationNearCall::callMode):
(JSC::CodeLocationCommon::callAtOffset):
(JSC::CodeLocationCommon::nearCallAtOffset):
(JSC::CodeLocationCommon::dataLabelPtrAtOffset):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::locationOf):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::nearCall):
(JSC::MacroAssemblerARM::nearTailCall):
(JSC::MacroAssemblerARM::call):
(JSC::MacroAssemblerARM::linkCall):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::nearCall):
(JSC::MacroAssemblerARM64::nearTailCall):
(JSC::MacroAssemblerARM64::ret):
(JSC::MacroAssemblerARM64::linkCall):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::linkCall):

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::nearCall):
(JSC::MacroAssemblerMIPS::nearTailCall):
(JSC::MacroAssemblerMIPS::call):
(JSC::MacroAssemblerMIPS::linkCall):
(JSC::MacroAssemblerMIPS::repatchCall):

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::call):
(JSC::MacroAssemblerSH4::nearTailCall):
(JSC::MacroAssemblerSH4::nearCall):
(JSC::MacroAssemblerSH4::linkCall):
(JSC::MacroAssemblerSH4::repatchCall):

  • assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::linkCall):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::breakpoint):
(JSC::MacroAssemblerX86Common::nearTailCall):
(JSC::MacroAssemblerX86Common::nearCall):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::linkCall):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor):
(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::specializationKind):
(JSC::CallLinkInfo::callModeFor):
(JSC::CallLinkInfo::callMode):
(JSC::CallLinkInfo::isTailCall):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::registerPreservationMode):

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):

  • bytecode/CallMode.cpp: Added.

(WTF::printInternal):

  • bytecode/CallMode.h: Added.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCallEval):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitConstructVarargs):

  • bytecompiler/NodesCodegen.cpp:

(JSC::CallArguments::CallArguments):
(JSC::LabelNode::emitBytecode):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):

  • interpreter/Interpreter.h:

(JSC::Interpreter::isCallBytecode):

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):
(JSC::CCallHelpers::prepareForTailCallSlow):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):

  • jit/JITCall32_64.cpp:

(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

  • jit/JITInlines.h:

(JSC::JIT::emitNakedCall):
(JSC::JIT::emitNakedTailCall):
(JSC::JIT::updateTopCallFrame):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.cpp:

(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

  • jit/ThunkGenerators.cpp:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::arityFixupGenerator):
(JSC::unreachableGenerator):
(JSC::baselineGetterReturnThunkGenerator):

  • jit/ThunkGenerators.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
(JSC::CommonSlowPaths::opIn):

  • runtime/Options.h:
  • tests/stress/mutual-tail-call-no-stack-overflow.js: Added.

(shouldThrow):
(sloppyCountdown.even):
(sloppyCountdown.odd):
(strictCountdown.even):
(strictCountdown.odd):
(strictCountdown):
(odd):
(even):

  • tests/stress/tail-call-no-stack-overflow.js: Added.

(shouldThrow):
(strictLoop):
(strictLoopArityFixup1):
(strictLoopArityFixup2):

  • tests/stress/tail-call-recognize.js: Added.

(callerMustBeRun):
(callerMustBeStrict):
(runTests):

  • tests/stress/tail-call-varargs-no-stack-overflow.js: Added.

(shouldThrow):
(strictLoop):

  • tests/stress/tail-calls-dont-overwrite-live-stack.js: Added.

(tail):
(obj.method):
(obj.get fromNative):
(getThis):

7:42 PM Changeset in webkit [189773] by Wenson Hsieh
  • 2 edits in trunk/Source/WebKit2

WKWebView scroll deceleration rate is not being set properly
https://bugs.webkit.org/show_bug.cgi?id=149145
<rdar://problem/22064071>

Reviewed by Simon Fraser.

We are not currently setting the web view's deceleration rate to the correct preferred value because we
are setting the decelerationRate property of the scrollView, which snaps input values to the closer of
two predefined UIKit constants, UIScrollViewDecelerationRateFast and UIScrollViewDecelerationRateNormal.
To fix this, we directly set the horizontal and vertical scroll deceleration factors to the preferred
value.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView scrollViewWillBeginDragging:]): Directly set the scroll view's deceleration factor without

going through the decelerationRate property.

7:28 PM Changeset in webkit [189772] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/events/frame-scroll-fake-mouse-move.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=149140

Reviewed by Darin Adler.

  • fast/events/frame-scroll-fake-mouse-move.html:
7:13 PM Changeset in webkit [189771] by Dewei Zhu
  • 6 edits in trunk/Source/WebCore

Polish code for r189579.
https://bugs.webkit.org/show_bug.cgi?id=149131

Reviewed by Chris Dumez.

Use more self-explaining function name "characterSetWithUTF8Fallback" instead of
"characterSetForBindings". Optimize the way to get text encoding.

  • dom/Document.cpp:

(WebCore::Document::characterSetWithUTF8Fallback):
(WebCore::Document::encoding): Deleted.
(WebCore::Document::characterSetForBindings): Deleted.

  • dom/Document.h:

(WebCore::Document::encoding):
(WebCore::Document::textEncoding):

  • dom/Document.idl:
  • loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::createDecoderIfNeeded):

  • loader/FormSubmission.cpp:

(WebCore::encodingFromAcceptCharset):

7:07 PM WebKitIDL edited by Chris Dumez
Drop [IsIndex] (diff)
6:48 PM Changeset in webkit [189770] by Chris Dumez
  • 25 edits in trunk

Drop non-standard [IsIndex] WebKit IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=149122
<rdar://problem/22547139>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline several W3C DOM tests now that more checks are passing.

  • web-platform-tests/dom/nodes/CharacterData-deleteData-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-replaceData-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-substringData-expected.txt:

Source/WebCore:

Drop non-standard [IsIndex] WebKit IDL extended attribute. This attribute
causes us to throw an IndexSizeError if the input value is negative. Web
IDL supports no such thing. Instead Web IDL supports:

  1. Default behavior: the input value wraps around if it does not fit.
  2. [EnforceRange]: A TypeError is thrown if the input value does not fit [1].
  3. [Clamp]: The input value will be clamped if it does not fit [2].

Our bindings generator supports all three. We don't need the non-standard
[IsIndex].

We previously used [IsIndex] in places where we're supposed to wrap around
as per Web IDL. Therefore, we threw for negative values but other browsers
don't. For e.g., CharacterData.substringData(offset, -1) is supposed to
return the substring from offset to the end of the string. It does so in
Firefox and Chrome. However, WebKit was throwing an Exception.

This change impacts the CharacterData and the SVGTextContentElement
API. The compatibility risk is low because we were throwing an exception
for negative values and we now wrap the value around instead, as other
browsers do.

No new tests, already covered by existing tests.

[1] https://heycam.github.io/webidl/#EnforceRange
[2] https://heycam.github.io/webidl/#Clamp

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck): Deleted.

  • bindings/scripts/IDLAttributes.txt:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::jsTestEventTargetPrototypeFunctionItem):

  • bindings/scripts/test/TestEventTarget.idl:
  • dom/CharacterData.cpp:

(WebCore::CharacterData::deleteData):
(WebCore::CharacterData::replaceData):

  • dom/CharacterData.idl:
  • dom/ClientRectList.idl:
  • svg/SVGTextContentElement.cpp:

(WebCore::SVGTextContentElement::getSubStringLength):
(WebCore::SVGTextContentElement::selectSubString):

  • svg/SVGTextContentElement.idl:

LayoutTests:

  • dom/html/level1/core/hc_characterdataindexsizeerrdeletedatacountnegative-expected.txt:
  • dom/html/level1/core/hc_characterdataindexsizeerrreplacedatacountnegative-expected.txt:
  • dom/html/level1/core/hc_characterdataindexsizeerrsubstringcountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrdeletedatacountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrreplacedatacountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrsubstringcountnegative-expected.txt:

Rebaseline outdated DOM tests that are now failing.

  • svg/custom/getSubStringLength-expected.txt:
  • svg/custom/script-tests/getSubStringLength.js:
  • svg/custom/script-tests/selectSubString.js:
  • svg/custom/selectSubString-expected.txt:

Update existing SVG tests that were expecting an exception if the nchars
parameter in the SVGTextContentElement API is negative. I have verified
that Chrome and Firefox do not throw for these either.

6:36 PM Changeset in webkit [189769] by mmaxfield@apple.com
  • 5 edits
    11 adds in trunk/LayoutTests

Add tests for control characters being rendered visibly
https://bugs.webkit.org/show_bug.cgi?id=149142

Reviewed by Alexey Proskuryakov.

According to [1] and [2], all browsers are migrating to rendering control characters. This patch
adds tests for this behavior. Because we do not implement the behavior yet [3], these tests are
marked as failing.

[1] http://logs.csswg.org/irc.w3.org/css/2015-02-08/#e520447
[2] https://lists.w3.org/Archives/Public/www-style/2015Sep/0076.html
[3] https://bugs.webkit.org/show_bug.cgi?id=149128

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/TestExpectations:
  • platform/mac/TestExpectations:
  • fast/text/control-characters/visible-control-characters-1-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-1.html: Added.
  • fast/text/control-characters/visible-control-characters-2-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-2.html: Added.
  • fast/text/control-characters/visible-control-characters-3-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-3.html: Added.
  • fast/text/control-characters/visible-control-characters-2-expected-mismatch.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-2.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-3-expected-mismatch.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-3.xhtml: Added.
6:21 PM Changeset in webkit [189768] by mmaxfield@apple.com
  • 4 edits in trunk

WebKitTestRunner declarative language setting is broken for iOS
https://bugs.webkit.org/show_bug.cgi?id=149119

Unreviewed.

Tools:

In all of the patches on webkit.org/b/189669, my patch to get this working on iOS was
lost in the final version which got committed. This simply implements the existing
OS X behavior on iOS.

  • WebKitTestRunner/InjectedBundle/ios/InjectedBundleIOS.mm:

(WTR::InjectedBundle::platformInitialize):

LayoutTests:

  • platform/ios-simulator/TestExpectations:
5:58 PM Changeset in webkit [189767] by Dewei Zhu
  • 2 edits in trunk/Tools

Unreviewed, add myself to committers list.

  • Scripts/webkitpy/common/config/contributors.json:
5:55 PM Changeset in webkit [189766] by fpizlo@apple.com
  • 22 edits
    2 adds in trunk/Source/JavaScriptCore

LLInt get/put inline caches shouldn't use tons of opcodes
https://bugs.webkit.org/show_bug.cgi?id=149106

Reviewed by Geoffrey Garen.

Our LLInt get/put inline caches currently use separate opcodes to reduce branching. For
example, instead of having get_by_id branch on the kind of offset (inline or
out-of-line), we have two get_by_id instructions: get_by_id and get_by_id_out_of_line.
But the problem with this approach is that it doesn't scale. In the property type
inference work (https://bugs.webkit.org/show_bug.cgi?id=148610), we need each kind of put
inline cache to support 11 different kinds of type checks. It seemed ridiculous to add 60
new put_by_id opcodes (there are currently 6 variants of put_by_id, so after adding type
checks, we'd have 6 * 11 = 66 variants of put_by_id).

So, this patch completely changes the strategy to mostly using branching inside the
opcode implementation. It's unlikely to have a performance effect. For example, the long
road to generational GC caused a seemingly prohibitive regression in LLInt inline caches,
and yet nobody noticed. The regression was because the inline cache was in terms of the
structure, not the structure ID, so the code was doing a structure ID table lookup. If we
didn't notice that, then we probably won't notice a couple new branches. (Also, this
patch fixes that regression - the code no longer does such lookups except in the one
unavoidable case in put_by_id transition chain checking.)

This patch also turns the isDirect operand of put_by_id into a flags field. I will use
this flags field to encode the desired type check in bug 148610.

This patch has no effect on performance according to run-jsc-benchmarks.

Relanding this patch with LLInt fixes for non-x86. Previous attempts to fix non-x86 LLInt
build also caused every 64-bit test to crash on every platform. So the patch got rolled
out. This fixes the non-x86 LLInt build while also ensuring that 64-bit platforms don't
crash.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

  • bytecode/Instruction.h:

(JSC::Instruction::Instruction):

  • bytecode/PutByIdFlags.cpp: Added.

(WTF::printInternal):

  • bytecode/PutByIdFlags.h: Added.
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedInstruction::UnlinkedInstruction):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
5:30 PM Changeset in webkit [189765] by Chris Dumez
  • 17 edits in trunk

Document.createNodeIterator(null) / Document.createTreeWalker(null) should throw a TypeError
https://bugs.webkit.org/show_bug.cgi?id=149126
<rdar://problem/22564891>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C test now that a new check is passing.

  • web-platform-tests/dom/traversal/TreeWalker-basic-expected.txt:

Source/WebCore:

Document.createNodeIterator(null) / Document.createTreeWalker(null)
should throw a TypeError:
https://dom.spec.whatwg.org/#interface-document

This is because the parameter is not nullable and Web IDL says we
should throw a TypeError in this case.

Firefox and Chrome throw an exception in this case. This patch
aligns our behavior with the specification and other major browsers.

No new tests, already covered by existing W3C test.

  • dom/Document.cpp:

(WebCore::Document::createNodeIterator):
(WebCore::Document::createTreeWalker):

  • dom/Document.h:
  • dom/Document.idl:
  • dom/NodeIterator.cpp:

(WebCore::NodeIterator::NodeIterator):

  • dom/NodeIterator.h:

(WebCore::NodeIterator::create):

  • dom/Traversal.cpp:

(WebCore::NodeIteratorBase::NodeIteratorBase):

  • dom/Traversal.h:
  • dom/TreeWalker.cpp:

(WebCore::TreeWalker::TreeWalker):

  • dom/TreeWalker.h:

(WebCore::TreeWalker::create):

LayoutTests:

Update existing tests to add test coverage for this case.

  • fast/dom/createNodeIterator-parameters-expected.txt:
  • fast/dom/createNodeIterator-parameters.html:
  • fast/dom/createTreeWalker-parameters-expected.txt:
  • fast/dom/createTreeWalker-parameters.html:
5:29 PM Changeset in webkit [189764] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix Windows clean build after r189746

  • WebCore.vcxproj/copyForwardingHeaders.cmd:

Copy headers from new legacy directory.

5:27 PM Changeset in webkit [189763] by BJ Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: tab bar stutters when moving mouse after closing tab
https://bugs.webkit.org/show_bug.cgi?id=149138

Reviewed by Joseph Pecoraro.

The tab bar lacked the 'static-layout' class between when the Promise microtask
ran and the beginning of the requestAnimationFrame. This caused a flash of
tabs that are way too wide.

Re-add the static-layout class immediately after measuring the 'after' tab size.
This code should probably just manually compute tab sizes since flexbox
layout is quite slow and our measurement code here forces layout several times.

  • UserInterface/Views/TabBar.js:
5:17 PM Changeset in webkit [189762] by Chris Dumez
  • 13 edits in trunk

window.HTMLDetailsElement should exist
https://bugs.webkit.org/show_bug.cgi?id=149139

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:
  • web-platform-tests/html/semantics/interactive-elements/the-details-element/details-expected.txt:
  • web-platform-tests/html/semantics/interfaces-expected.txt:

Source/WebCore:

window.HTMLDetailsElement should exist:
https://html.spec.whatwg.org/multipage/forms.html#the-details-element

Drop the [NoInterfaceObject] IDL extended attribute in WebKit to
address the problem.

No new tests, already covered by existing tests.

  • html/HTMLDetailsElement.idl:

LayoutTests:

Rebaseline test now that HTMLDetailsElement is exposed on the global
Window object.

  • platform/efl/js/dom/global-constructors-attributes-expected.txt:
  • platform/gtk/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
  • platform/win/js/dom/global-constructors-attributes-expected.txt:
5:10 PM Changeset in webkit [189761] by BJ Burg
  • 5 edits in trunk

Web Inspector: backend command promises are not rejected when a protocol error occurs
https://bugs.webkit.org/show_bug.cgi?id=141403

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Fix a few corner cases for how InspectorBackend delivers command failures.

  • UserInterface/Protocol/InspectorBackend.js:

(InspectorBackend.Command.prototype.deliverFailure): Added.
(InspectorBackend.Command.prototype._invokeWithArguments):

If argument-checking fails, return a rejected promise or invoke the supplied callback
on a zero-delay setTimeout to ensure that the reply is asynchronous.

LayoutTests:

Expand coverage of an existing protocol layer test to cover success and failure modes.

  • inspector/protocol/inspector-backend-invocation-return-value-expected.txt:
  • inspector/protocol/inspector-backend-invocation-return-value.html:
4:44 PM Changeset in webkit [189760] by commit-queue@webkit.org
  • 22 edits
    2 deletes in trunk/Source/JavaScriptCore

Unreviewed, rolling out r189751, r189752, and r189754.
https://bugs.webkit.org/show_bug.cgi?id=149143

caused crashes everywhere (Requested by alexchristensen on
#webkit).

Reverted changesets:

"LLInt get/put inline caches shouldn't use tons of opcodes"
https://bugs.webkit.org/show_bug.cgi?id=149106
http://trac.webkit.org/changeset/189751

"Unreviewed, fix non-x86 LLInt build."
http://trac.webkit.org/changeset/189752

"Unreviewed, really fix non-x86 LLInt build without also
breaking everything else."
http://trac.webkit.org/changeset/189754

4:40 PM Changeset in webkit [189759] by BJ Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: middle-clicking a tab in the tab bar should close it
https://bugs.webkit.org/show_bug.cgi?id=149135

Reviewed by Joseph Pecoraro.

This matches the behavior of the tab bar in Safari and other browsers.

  • UserInterface/Views/TabBar.js:

(WebInspector.TabBar.prototype._handleMouseDown):
(WebInspector.TabBar.prototype._handleClick):

4:31 PM Changeset in webkit [189758] by mmaxfield@apple.com
  • 3 edits in trunk/LayoutTests

Test gardening after r189670

Unreviewed.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
4:27 PM Changeset in webkit [189757] by Wenson Hsieh
  • 1 edit
    7 adds in trunk/Websites/webkit.org

Add scroll snap blog post resources.

  • blog-files/scroll-snap/overflow-normal.mp4: Added.
  • blog-files/scroll-snap/snap-2d-rotated.mp4: Added.
  • blog-files/scroll-snap/snap-2d.mp4: Added.
  • blog-files/scroll-snap/snap-coordinates-centered.mp4: Added.
  • blog-files/scroll-snap/snap-coordinates.mp4: Added.
  • blog-files/scroll-snap/snap-repeat-100.mp4: Added.
4:23 PM Changeset in webkit [189756] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Fix AppleWin CMake build
https://bugs.webkit.org/show_bug.cgi?id=149137

Patch by Alex Christensen <achristensen@webkit.org> on 2015-09-14
Reviewed by Brent Fulgham.

  • PlatformAppleWin.cmake:

Spell Inband correctly.

  • css/makegrammar.pl:

Add quotes so bison can be in a directory with spaces in it.

4:21 PM Changeset in webkit [189755] by Wenson Hsieh
  • 1 edit
    21 adds in trunk/Websites/webkit.org

Add scroll snap demo directory and files.

  • demos/scroll-snap/images/1.png: Added.
  • demos/scroll-snap/images/10.png: Added.
  • demos/scroll-snap/images/11.png: Added.
  • demos/scroll-snap/images/12.png: Added.
  • demos/scroll-snap/images/13.png: Added.
  • demos/scroll-snap/images/14.png: Added.
  • demos/scroll-snap/images/15.png: Added.
  • demos/scroll-snap/images/16.png: Added.
  • demos/scroll-snap/images/2.png: Added.
  • demos/scroll-snap/images/3.png: Added.
  • demos/scroll-snap/images/4.png: Added.
  • demos/scroll-snap/images/5.png: Added.
  • demos/scroll-snap/images/6.png: Added.
  • demos/scroll-snap/images/7.png: Added.
  • demos/scroll-snap/images/8.png: Added.
  • demos/scroll-snap/images/9.png: Added.
  • demos/scroll-snap/images/bluecross.svg: Added.
  • demos/scroll-snap/images/corner.svg: Added.
  • demos/scroll-snap/index.html: Added.
3:40 PM Changeset in webkit [189754] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, really fix non-x86 LLInt build without also breaking everything else.

  • llint/LowLevelInterpreter64.asm:
3:25 PM Changeset in webkit [189753] by mitz@apple.com
  • 4 edits in trunk/Source/WebKit2

Consolidate touch event code dealing with force.

Reviewed by Beth Dakin.

  • Shared/WebEvent.h:

(WebKit::WebPlatformTouchPoint::state):
(WebKit::WebPlatformTouchPoint::setForce):
(WebKit::WebPlatformTouchPoint::force):

  • Shared/ios/NativeWebTouchEventIOS.mm:

(WebKit::positionForCGPoint):
(WebKit::NativeWebTouchEvent::extractWebTouchPoint):
(WebKit::NativeWebTouchEvent::NativeWebTouchEvent):

  • Shared/ios/WebPlatformTouchPointIOS.cpp:

(WebKit::WebPlatformTouchPoint::encode):
(WebKit::WebPlatformTouchPoint::decode):

3:25 PM Changeset in webkit [189752] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix non-x86 LLInt build.

  • llint/LowLevelInterpreter64.asm:
3:10 PM Changeset in webkit [189751] by fpizlo@apple.com
  • 22 edits
    2 adds in trunk/Source/JavaScriptCore

LLInt get/put inline caches shouldn't use tons of opcodes
https://bugs.webkit.org/show_bug.cgi?id=149106

Reviewed by Geoffrey Garen.

Our LLInt get/put inline caches currently use separate opcodes to reduce branching. For
example, instead of having get_by_id branch on the kind of offset (inline or
out-of-line), we have two get_by_id instructions: get_by_id and get_by_id_out_of_line.
But the problem with this approach is that it doesn't scale. In the property type
inference work (https://bugs.webkit.org/show_bug.cgi?id=148610), we need each kind of put
inline cache to support 11 different kinds of type checks. It seemed ridiculous to add 60
new put_by_id opcodes (there are currently 6 variants of put_by_id, so after adding type
checks, we'd have 6 * 11 = 66 variants of put_by_id).

So, this patch completely changes the strategy to mostly using branching inside the
opcode implementation. It's unlikely to have a performance effect. For example, the long
road to generational GC caused a seemingly prohibitive regression in LLInt inline caches,
and yet nobody noticed. The regression was because the inline cache was in terms of the
structure, not the structure ID, so the code was doing a structure ID table lookup. If we
didn't notice that, then we probably won't notice a couple new branches. (Also, this
patch fixes that regression - the code no longer does such lookups except in the one
unavoidable case in put_by_id transition chain checking.)

This patch also turns the isDirect operand of put_by_id into a flags field. I will use
this flags field to encode the desired type check in bug 148610.

This patch has no effect on performance according to run-jsc-benchmarks.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

  • bytecode/Instruction.h:

(JSC::Instruction::Instruction):

  • bytecode/PutByIdFlags.cpp: Added.

(WTF::printInternal):

  • bytecode/PutByIdFlags.h: Added.
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedInstruction::UnlinkedInstruction):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
2:27 PM Changeset in webkit [189750] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix after r189746

  • WebCore.vcxproj/WebCoreIncludeCommon.props:

Include new legacy directory.

2:22 PM Changeset in webkit [189749] by achristensen@apple.com
  • 25 edits in trunk

Progress towards CMake on Mac.
https://bugs.webkit.org/show_bug.cgi?id=149123

Reviewed by Chris Dumez.

.:

  • Source/cmake/OptionsMac.cmake:
  • Source/cmake/WebKitFeatures.cmake:

Defined and enabled some more features needed on Mac.

  • Source/cmake/WebKitMacros.cmake:

Objective C bindings need special changes when generating:
Some of the bindings do not generate a .mm file but the header is needed.
Some of the bindings do generate a .mm file that doesn't compile but the header is needed.
In order to handle these cases, it is necessary to change the GENERATE_BINDINGS macro just for ObjC.

Source/JavaScriptCore:

  • CMakeLists.txt:

Make forwarding headers for the replay subdirectory.

  • PlatformMac.cmake:

Make forwarding headers for the generated inspector headers.
They should eventually either be packaged correctly with JavaScriptCore headers and included correctly.

Source/WebCore:

  • CMakeLists.txt:

Added some more files.

  • PlatformMac.cmake:

Added more files and listed the strange ObjC bindings.

  • contentextensions/DFACombiner.cpp:
  • contentextensions/DFACombiner.h:

Added preprocessor protection.

  • platform/FileSystem.h:

Include utility. It's needed to compile the different configurations.

  • platform/ScrollAnimator.cpp:

ScrollAnimator is an abstract class on Mac. Don't compile it.

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

FontAntialiasingStateSaver.h is only used on iOS.

  • rendering/RenderThemeMac.mm:

config.h needs to be outside the #if !PLATFORM(IOS) to compile correctly without precompiled headers.

Source/WebKit:

  • CMakeLists.txt:
  • PlatformMac.cmake:

Added more sources, make non-c99 sources compile as objc++

  • PlatformWin.cmake:

Moved WebCoreTestSupport sources and includes to CMakeLists.txt to share.

Source/WebKit/mac:

  • WebView/WebPDFDocumentExtras.mm:

(appendValuesInPDFNameSubtreeToVector):

  • WebView/WebPDFView.mm:

Removed cmake include quirks that are not needed when we include things correctly from Quartz.framework/Frameworks.

Source/WebKit2:

  • PlatformMac.cmake:

Added some more sources.

2:16 PM Changeset in webkit [189748] by mitz@apple.com
  • 3 edits in trunk/Source/WebKit2

[iOS] Stop importing WebKitAdditions/WKContentViewInteraction.mm
https://bugs.webkit.org/show_bug.cgi?id=149127

Reviewed by Beth Dakin.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView setupInteraction]):

2:15 PM Changeset in webkit [189747] by Yusuke Suzuki
  • 3 edits
    41 adds in trunk/Source/JavaScriptCore

[ES6] Cache the resolution result in JSModuleRecord
https://bugs.webkit.org/show_bug.cgi?id=148896

Reviewed by Saam Barati.

The resolveExport operation is frequently called. For example,

  1. When instantiating the module environment, we call it for each exported name and imported name.
  2. When linking the imported module environment to the code block, we call it to resolve the resolution.
  3. When looking up the property from the namespace object, we call it to look up the original module for the imported binding.
  4. When creating the namespace object, we need to collect all the exported names from the module and need to resolve them by calling resolveExport.

However, resolveExport takes some cost. It traces the imported modules and resolves the reference
queried by the original module.

The resolveExport operation is pure function; given a module record and an export name,
it always returns the same result. So we cache resolution results in the module record to avoid
repeated resolveExport calls with the same arguments.
Here, we only cache the correctly resolved references, since,

  1. We rarely looked up the non-correctly-resolved ones. In the linking phase, attempting to resolve non-correctly-resolved ones throws a syntax error. So only namespace object creation phase does it in a syntax valid script.
  2. This strategy limits the size of the cache map. The number of the correctly exported bindings is defined by the modules' code. So the size does not become infinitely large.

Currently, the all modules cannot be linked twice. For example,

graph 1

-> (A) -> (B)

graph 2

-> (C) -> (A) -> (B)

We cannot test the behavior now because when executing the graph 2, (A) and (B) are already linked,
it raises an error in the current loader spec. But it should be allowed[1] since it will occur when
there is multiple module tag in WebCore.

[1]: https://github.com/whatwg/loader/issues/41

  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::ResolveQuery::Hash::hash):
(JSC::JSModuleRecord::ResolveQuery::Hash::equal):
(JSC::JSModuleRecord::cacheResolution):
(JSC::ResolveQueryHash::hash): Deleted.
(JSC::ResolveQueryHash::equal): Deleted.
(JSC::resolveExportLoop): Deleted.

  • runtime/JSModuleRecord.h:
  • tests/modules/caching-should-not-make-ambiguous.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/A.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/B.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/C.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/D.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/main.js: Added.
  • tests/modules/different-view.js: Added.

(from.string_appeared_here.shouldThrow):

  • tests/modules/different-view/A.js: Added.
  • tests/modules/different-view/B.js: Added.
  • tests/modules/different-view/C.js: Added.
  • tests/modules/different-view/D.js: Added.
  • tests/modules/different-view/E.js: Added.
  • tests/modules/different-view/main.js: Added.
  • tests/modules/fallback-ambiguous.js: Added.

(from.string_appeared_here.shouldThrow):

  • tests/modules/fallback-ambiguous/A.js: Added.
  • tests/modules/fallback-ambiguous/B.js: Added.
  • tests/modules/fallback-ambiguous/C.js: Added.
  • tests/modules/fallback-ambiguous/D.js: Added.
  • tests/modules/fallback-ambiguous/E.js: Added.
  • tests/modules/fallback-ambiguous/main.js: Added.
  • tests/modules/self-star-link.js: Added.
  • tests/modules/self-star-link/A.js: Added.
  • tests/modules/self-star-link/B.js: Added.
  • tests/modules/self-star-link/C.js: Added.
  • tests/modules/self-star-link/D.js: Added.
  • tests/modules/self-star-link/E.js: Added.
  • tests/modules/uncacheable-when-see-star.js: Added.
  • tests/modules/uncacheable-when-see-star/A-pre.js: Added.
  • tests/modules/uncacheable-when-see-star/A.js: Added.
  • tests/modules/uncacheable-when-see-star/B.js: Added.
  • tests/modules/uncacheable-when-see-star/C.js: Added.
  • tests/modules/uncacheable-when-see-star/D.js: Added.
  • tests/modules/uncacheable-when-see-star/E-pre.js: Added.
  • tests/modules/uncacheable-when-see-star/E.js: Added.
  • tests/modules/uncacheable-when-see-star/main1.js: Added.
  • tests/modules/uncacheable-when-see-star/main2.js: Added.
2:01 PM Changeset in webkit [189746] by beidson@apple.com
  • 38 edits
    20 copies
    21 moves
    3 adds in trunk/Source

Rename current concrete IDB implementation to "Legacy".
https://bugs.webkit.org/show_bug.cgi?id=149118

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

This patch makes IDL bindings abstract.
It then renames the current concrete implementations of the bindings from "IDB" to "Legacy".
Finally it moves those files and their support classes to a "legacy" subfolder.

  • CMakeLists.txt:
  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
  • Modules/indexeddb/IDBAny.cpp:
  • Modules/indexeddb/IDBAny.h:
  • Modules/indexeddb/IDBCursor.cpp:
  • Modules/indexeddb/IDBCursor.h:
  • Modules/indexeddb/IDBCursor.idl:
  • Modules/indexeddb/IDBCursorWithValue.cpp:
  • Modules/indexeddb/IDBCursorWithValue.h:
  • Modules/indexeddb/IDBCursorWithValue.idl:
  • Modules/indexeddb/IDBDatabase.cpp:
  • Modules/indexeddb/IDBDatabase.h:
  • Modules/indexeddb/IDBDatabase.idl:
  • Modules/indexeddb/IDBFactory.cpp:
  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBFactory.idl:
  • Modules/indexeddb/IDBIndex.cpp:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndex.idl:
  • Modules/indexeddb/IDBObjectStore.cpp:
  • Modules/indexeddb/IDBObjectStore.h:
  • Modules/indexeddb/IDBObjectStore.idl:
  • Modules/indexeddb/IDBOpenDBRequest.cpp:
  • Modules/indexeddb/IDBOpenDBRequest.h:
  • Modules/indexeddb/IDBOpenDBRequest.idl:
  • Modules/indexeddb/IDBRequest.cpp:
  • Modules/indexeddb/IDBRequest.h:
  • Modules/indexeddb/IDBRequest.idl:
  • Modules/indexeddb/IDBTransaction.cpp:
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/indexeddb/IDBTransaction.idl:
  • Modules/indexeddb/IDBVersionChangeEvent.cpp:
  • Modules/indexeddb/IDBVersionChangeEvent.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCallbacks.h.
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackend.cpp.
  • Modules/indexeddb/legacy/IDBCursorBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackend.h.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackendOperations.cpp.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackendOperations.h.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseBackend.cpp.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseBackend.h.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacks.h.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacksImpl.cpp.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacksImpl.h.
  • Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Renamed from Source/WebCore/Modules/indexeddb/IDBFactoryBackendInterface.h.
  • Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingDeleteCall.h.
  • Modules/indexeddb/legacy/IDBPendingOpenCall.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingOpenCall.h.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingTransactionMonitor.cpp.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingTransactionMonitor.h.
  • Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackend.cpp.
  • Modules/indexeddb/legacy/IDBTransactionBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackend.h.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackendOperations.cpp.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackendOperations.h.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionCoordinator.cpp.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionCoordinator.h.
  • Modules/indexeddb/legacy/LegacyAny.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBAny.cpp.
  • Modules/indexeddb/legacy/LegacyAny.h: Added.
  • Modules/indexeddb/legacy/LegacyCursor.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBCursor.cpp.
  • Modules/indexeddb/legacy/LegacyCursor.h: Copied from Source/WebCore/Modules/indexeddb/IDBCursor.h.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.h: Copied from Source/WebCore/Modules/indexeddb/IDBCursorWithValue.h.
  • Modules/indexeddb/legacy/LegacyDatabase.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBDatabase.cpp.
  • Modules/indexeddb/legacy/LegacyDatabase.h: Copied from Source/WebCore/Modules/indexeddb/IDBDatabase.h.
  • Modules/indexeddb/legacy/LegacyFactory.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.cpp.
  • Modules/indexeddb/legacy/LegacyFactory.h: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.h.
  • Modules/indexeddb/legacy/LegacyIndex.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBIndex.cpp.
  • Modules/indexeddb/legacy/LegacyIndex.h: Added.
  • Modules/indexeddb/legacy/LegacyObjectStore.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBObjectStore.cpp.
  • Modules/indexeddb/legacy/LegacyObjectStore.h: Copied from Source/WebCore/Modules/indexeddb/IDBObjectStore.h.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBOpenDBRequest.cpp.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Copied from Source/WebCore/Modules/indexeddb/IDBOpenDBRequest.h.
  • Modules/indexeddb/legacy/LegacyRequest.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBRequest.cpp.
  • Modules/indexeddb/legacy/LegacyRequest.h: Copied from Source/WebCore/Modules/indexeddb/IDBRequest.h.
  • Modules/indexeddb/legacy/LegacyTransaction.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBTransaction.cpp.
  • Modules/indexeddb/legacy/LegacyTransaction.h: Copied from Source/WebCore/Modules/indexeddb/IDBTransaction.h.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBVersionChangeEvent.cpp.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Copied from Source/WebCore/Modules/indexeddb/IDBVersionChangeEvent.h.
  • WebCore.xcodeproj/project.pbxproj:
  • WebCore.vcxproj/WebCore.vcxproj:

Source/WebKit2:

  • CMakeLists.txt:
1:36 PM Changeset in webkit [189745] by Chris Dumez
  • 3 edits
    2 deletes in trunk

Disable PICTURE_SIZES on AppleWin
https://bugs.webkit.org/show_bug.cgi?id=149125

Reviewed by Alexey Proskuryakov.

WebKitLibraries:

  • win/tools/vsprops/FeatureDefines.props:

LayoutTests:

  • platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/srcset/parse-a-srcset-attribute-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/srcset/select-an-image-source-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/update-the-source-set-expected.txt: Removed.
11:30 AM Changeset in webkit [189744] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

Implement the arithmetic instructions for floats in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149102

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-14
Reviewed by Geoffrey Garen.

This patch implements the arithmetic instructions for floats (float32)
in WebAssembly by converting the float operands to doubles, performing
the equivalent double instructions, and converting the result back to
float. The asm.js spec says that "As proved in 'When is double rounding
innocuous?' (Figueroa 1995), both the 32- and 64-bit versions of
standard arithmetic operations produce equivalent results when given
32-bit inputs and coerced to 32-bit outputs."
(http://asmjs.org/spec/latest/#floatish)

This patch also pads WebAssembly call frames by maxFrameExtentForSlowPathCall,
so that there is no need to adjust the stack pointer every time we make
a slow path call.

  • tests/stress/wasm-arithmetic-float32.js:
  • tests/stress/wasm/arithmetic-float32.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::buildUnaryF32):
(JSC::WASMFunctionCompiler::buildBinaryF32):
(JSC::WASMFunctionCompiler::callOperation):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
(JSC::WASMFunctionCompiler::endFunction): Deleted.
(JSC::WASMFunctionCompiler::buildBinaryI32): Deleted.

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseUnaryExpressionF32):
(JSC::WASMFunctionParser::parseBinaryExpressionF32):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildUnaryF32):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF32):

10:58 AM Changeset in webkit [189743] by Carlos Garcia Campos
  • 9 edits
    3 adds in releases/WebKitGTK/webkit-2.10

Merge r189421 - Crash when font completes downloading after calling 2D canvas setText() multiple times
https://bugs.webkit.org/show_bug.cgi?id=148789

Reviewed by Darin Adler.

Source/WebCore:

The CSSFontSelector has a list of clients, and when fonts complete downloading, these
clients get a call back. CanvasRenderingContext2D::State is one such of these clients. However,
the CSSFontSelector may be destroyed and recreated at any time. We were getting into a case
where multiple CSSFontSelectors were thinking that the same CanvasRenderingContext2D::State were
their client. When the CanvasRenderingContext2D::State was destroyed, it only unregistered
itself from one of the CSSFontSelectors, which means the CSSFontSelector left over has a dangling
pointer to it.

The solution is to implement a new helper class, FontProxy, to hold the
CanvasRenderingContext2D::State's font, and maintain the invariant that this object is always
registered to exactly one CSSFontSelector, and this CSSFontSelector is the one which is associated
with the FontProxy's FontCascade object. This patch maintains this invariant, as well as protecting
all access to the State's FontCascade object so no one can reach in and change it without going
through functions which maintain the invariant.

Test: fast/canvas/font-selector-crash.html

  • css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::registerForInvalidationCallbacks):
(WebCore::CSSFontSelector::unregisterForInvalidationCallbacks):
(WebCore::CSSFontSelector::dispatchInvalidationCallbacks):

  • css/CSSFontSelector.h:
  • dom/Document.cpp:

(WebCore::Document::fontsNeedUpdate):
(WebCore::Document::fontSelector):
(WebCore::Document::clearStyleResolver):

  • dom/Document.h:
  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::State::State):
(WebCore::CanvasRenderingContext2D::State::operator=):
(WebCore::CanvasRenderingContext2D::FontProxy::~FontProxy):
(WebCore::CanvasRenderingContext2D::FontProxy::FontProxy):
(WebCore::CanvasRenderingContext2D::FontProxy::update):
(WebCore::CanvasRenderingContext2D::FontProxy::fontsNeedUpdate):
(WebCore::CanvasRenderingContext2D::FontProxy::initialize):
(WebCore::CanvasRenderingContext2D::FontProxy::fontMetrics):
(WebCore::CanvasRenderingContext2D::FontProxy::fontDescription):
(WebCore::CanvasRenderingContext2D::FontProxy::width):
(WebCore::CanvasRenderingContext2D::FontProxy::drawBidiText):
(WebCore::CanvasRenderingContext2D::font):
(WebCore::CanvasRenderingContext2D::setFont):
(WebCore::CanvasRenderingContext2D::measureText):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::State::~State): Deleted.
(WebCore::CanvasRenderingContext2D::State::fontsNeedUpdate): Deleted.
(WebCore::CanvasRenderingContext2D::accessFont): Deleted.

  • html/canvas/CanvasRenderingContext2D.h:
  • platform/graphics/FontSelector.h:

LayoutTests:

  • fast/canvas/font-selector-crash-expected.txt: Added.
  • fast/canvas/font-selector-crash.html: Added.
  • fast/canvas/resources/font-selector-crash.ttf: Added.
10:57 AM Changeset in webkit [189742] by Said Abou-Hallawa
  • 2 edits in trunk/LayoutTests

Unreviewed, skip fast/text/international/system-language for now.
WebKitTestRunner declarative language setting is broken for iOS.

  • platform/ios-simulator/TestExpectations:
10:38 AM Changeset in webkit [189741] by Said Abou-Hallawa
  • 2 edits in trunk/LayoutTests

Unreviewed, expect css3/flexbox/image-percent-max-height.html to fail on iOS.
The test is already expected to fail on mac, windows and gtk.

  • platform/ios-simulator/TestExpectations:
10:31 AM Changeset in webkit [189740] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189354 - Document.body should return the first body / frameset child of the html element
https://bugs.webkit.org/show_bug.cgi?id=148787
<rdar://problem/22566850>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Document.body should return the *first* body / frameset child of the html
element as per the specification:
https://html.spec.whatwg.org/multipage/dom.html#the-body-element-2

Chrome and Firefox both behave correctly. However, WebKit was prioritizing
frameset over body. This patch fixes this.

No new tests, already covered by existing test.

  • dom/Document.cpp:

(WebCore::Document::bodyOrFrameset):

LayoutTests:

Rebaseline test now that a new check is passing.

  • http/tests/w3c/html/dom/documents/dom-tree-accessors/document.body-getter-expected.txt:
10:27 AM Changeset in webkit [189739] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189331 - [Texmap] highp precision should be used conditionally for fragment shaders on OpenGL ES
https://bugs.webkit.org/show_bug.cgi?id=143993

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-03
Reviewed by Martin Robinson.

There are some GPUs that do not support the GL_OES_fragment_precision_high extension. (e.g., Mali-T624)
Therefore, highp precision should be used in shader fragments conditionally using a proper preprocessor,
GL_FRAGMENT_PRECISION_HIGH.
Without this patch, nothing will be displayed on the screen if the running platform doesn't support the
GL_OES_fragment_precision_high extension.

No new tests, covered by existing tests.

  • platform/graphics/texmap/TextureMapperShaderProgram.cpp:
10:25 AM Changeset in webkit [189738] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189282 - document.createEvent("eventname") should do a case-insensitive match on the event name
https://bugs.webkit.org/show_bug.cgi?id=148738
<rdar://problem/22558709>

Reviewed by Andreas Kling.

Source/WebCore:

document.createEvent("eventname") should do a case-insensitive match on the event name:
https://dom.spec.whatwg.org/#dom-document-createevent

WebKit was doing a case-sensitive match. Firefox and Chrome match the specification.

No new tests, already covered by:
http/tests/w3c/dom/nodes/Document-createEvent.html (rebaselined)

  • dom/make_event_factory.pl:

(generateImplementation):

LayoutTests:

Rebaseline test now that some checks are passing.

  • http/tests/w3c/dom/nodes/Document-createEvent-expected.txt:
10:01 AM Changeset in webkit [189737] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189255 - [GStreamer] Simplify linking pads in AudioDestination and correct old comment.
https://bugs.webkit.org/show_bug.cgi?id=148702

Patch by Hyemi Shin <hyemi.sin@samsung.com> on 2015-09-02
Reviewed by Philippe Normand.

Simplify linking src pad of webkitAudioSrc and sink pad of audioConvert
to one line because implementation changed not to use seperate function
to complete building rest of pipelines.
Correct old comment also there is no more wavparse element.

No new tests, no behavior change.

  • platform/audio/gstreamer/AudioDestinationGStreamer.cpp:

(WebCore::AudioDestinationGStreamer::AudioDestinationGStreamer):

10:00 AM Changeset in webkit [189736] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189252 - http/tests/w3c/dom/nodes/Element-matches.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148615

Reviewed by Ryosuke Niwa.

Source/WebCore:

Several newly-imported w3c tests were flaky due to the :target
pseudo-class selectors sometimes giving different results. The
issue seems to be that this type of selector relies on the
Document::cssTarget() element to do the matching. We update
this cssTarget Element in FrameView's scrollToFragment() /
scrollToAnchor(). This is called from
scrollToFragmentWithParentBoundary() which is called by
FrameLoader's finishedParsing() and loadInSameDocument().

In the first one, it is called *after* calling checkComplete()
which fires the onload event. However, in the second method,
it is called *before*. This patch updates finishedParsing()
so that scrollToFragmentWithParentBoundary() is called *before*
firing the onload event, consistently with loadInSameDocument().
This makes sure that JavaScript executed in an onload event
handler will get accurate results for :target pseudo-class
selectors.

No new tests, covered by:
http/tests/w3c/dom/nodes/Element-matches.html
http/tests/w3c/dom/nodes/ParentNode-querySelector-All-xhtml.xhtml

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::finishedParsing):

LayoutTests:

Unskip the tests and rebaseline them now that the target pseudo selector
checks are consistently passing.

  • TestExpectations:
  • http/tests/w3c/dom/nodes/Element-matches-expected.txt:
  • http/tests/w3c/dom/nodes/ParentNode-querySelector-All-expected.txt:
  • http/tests/w3c/dom/nodes/ParentNode-querySelector-All-xhtml-expected.txt:
9:58 AM Changeset in webkit [189735] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189248 - Construct default winding string arguments in CanvasRenderingContext2D from ASCIILiteral objects
https://bugs.webkit.org/show_bug.cgi?id=148441

Reviewed by Darin Adler.

  • html/canvas/CanvasRenderingContext2D.h: Use ASCIILiteral objects to construct

the default values for the winding arguments. This will avoid copying the string
data every time the methods are invoked with the default argument value.

9:30 AM Changeset in webkit [189734] by Chris Dumez
  • 2 edits in trunk/LayoutTests

Unreviewed, rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html on iOS.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
9:24 AM Changeset in webkit [189733] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Border under the styles filter field is clipped
https://bugs.webkit.org/show_bug.cgi?id=149115

Reviewed by Darin Adler.

  • UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content + .options-container > .filter-bar):

9:14 AM Changeset in webkit [189732] by ap@apple.com
  • 3 edits in trunk/LayoutTests

Skip fast/text/international/system-language where unsupported.

  • platform/ios-simulator-wk1/TestExpectations:
  • platform/win/TestExpectations:
9:09 AM Changeset in webkit [189731] by ggaren@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Eden GC should not try to jettison old CodeBlocks in the remembered set
https://bugs.webkit.org/show_bug.cgi?id=149108

Reviewed by Saam Barati.

All we know about objects in the remembered set is that they must be
visited. We don't know whether they're referenced or not because we
won't mark the objects that point to them.

Therefore, it's incorrect for a CodeBlock to consider jettisoning
itself when it's marked as a part of the remembered set: Some
old object might have visited the CodeBlock strongly if given the chance.

I believe this doesn't cause any problems currently because we happen
to visit all strong references to all CodeBlocks elligible for jettison
during every GC.

However, this behavior is a logical oddity that tripped me up, and I
believe it will start causing real problems once we start to jettison
baseline CodeBlocks, since we do not visit all strong references to all
baseline CodeBlocks during every GC.

  • heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::clearMarksForEdenCollection):
(JSC::CodeBlockSet::traceMarked): Be sure to visit the remembered set
strongly, in order to prohibit jettisoning.

(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):

  • heap/CodeBlockSet.h: Track the remembered set during eden GCs.
6:59 AM Changeset in webkit [189730] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189216 - [Cairo][WebGL] Upload the accelerated canvas as a texture by copying via GPU directly
https://bugs.webkit.org/show_bug.cgi?id=148631

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-01
Reviewed by Dean Jackson.

When an accelerated canvas needs to be uploaded as a gl texture, it would be better to copy it to
texture directly via GPU using glCopyTexImage2D.
Note that GPU copy can not always be enabled because, with premultiplyAlpha and flipY unpack option,
it seems hard to be implemented in a way of direct GPU copy.

No new tests because there is no behavior change.

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::texImage2D):

  • platform/graphics/ImageBuffer.cpp:

(WebCore::ImageBuffer::copyToPlatformTexture):

  • platform/graphics/ImageBuffer.h:
  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::copyToPlatformTexture):

6:55 AM Changeset in webkit [189729] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10

Merge r189184 - NodeFilter.SHOW_ALL has wrong value on 32-bit
https://bugs.webkit.org/show_bug.cgi?id=148602

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

NodeFilter.SHOW_ALL has wrong value on 32-bit. This is because
NodeFilter.SHOW_ALL is an unsigned long whose value is 0xFFFFFFFF but
our bindings code is casting it to an intptr_t type which is not wide
enough on 32-bit.

  • create_hash_table:

Add extra curly brackets to initialize the union.

  • runtime/Lookup.h:

Use a union type to store either a struct containing 2 intptr_t members
(value1 / value2) or a large constant of type unsigned long long. When
storing a constant, we only need one of the values so this allows us to
support larger constants without increasing the actual HashTableValue
size.

Source/WebCore:

NodeFilter.SHOW_ALL has wrong value on 32-bit. This is because
NodeFilter.SHOW_ALL is an unsigned long whose value is 0xFFFFFFFF but
our bindings code is casting it to an intptr_t type which is not wide
enough on 32-bit.

No new tests, already covered by fast/dom/node-filter-interface.html
which is now unskipped on Windows / 32bit.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHashTableValueArray):
Generate extra curly brackets to initialize the new union member.
Also cast to long long the constant instead of intptr_t.

  • dom/NodeFilter.h:

Explicitly mark the enum underlying type to be an unsigned long
to make sure it can hold the value for SHOW_ALL on all platforms.
On Windows, it seems the default underlying type is an int for
e.g.

LayoutTests:

Unskip tests that are now passing on Windows / 32bit.

  • platform/win/TestExpectations:
6:55 AM Changeset in webkit [189728] by Gyuyoung Kim
  • 5 edits in trunk/Source

[EFL] Remove create() factory function in EvasGLContext and EvasGLSurface
https://bugs.webkit.org/show_bug.cgi?id=149110

Reviewed by Csaba Osztrogonác.

It is not good implementation we support both create() factory function and public constructor.
In EvasGLContext and EvasGLSurface cases, those have supported both. However create() factory is only
used by EwkView. Thus let's remove the create() function, then EwkView creates EvasGLContext using
std::make_unique<> directly.

Source/WebCore:

  • platform/graphics/efl/EvasGLContext.h:

(WebCore::EvasGLContext::create): Deleted.

  • platform/graphics/efl/EvasGLSurface.h:

(WebCore::EvasGLSurface::create): Deleted.

Source/WebKit2:

  • UIProcess/API/efl/EwkView.cpp:

(EwkView::EwkView):
(EwkView::createGLSurface):

6:29 AM Changeset in webkit [189727] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189177 - Network Cache: Stale content after back navigation
https://bugs.webkit.org/show_bug.cgi?id=148634

Reviewed by Chris Dumez.

Source/WebKit2:

It is possible to get an older version of the previous page when navigating back. This can happen
if the main resource load has not completed before navigating away from the page.

Network cache entry is normally updated when the load completes. In case of cancellation we would leave
any existing entry as-is. However we render incrementally and user might have seen some content from
the partial load already. Navigating back to the cached page could show older version of the content.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::abort):

If a network load is canceled by the client after receiving response but before the load has completed
remove any existing cache entry for it.

LayoutTests:

  • http/tests/cache/disk-cache/disk-cache-302-status-code.html:
  • http/tests/cache/disk-cache/disk-cache-cancel-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-cancel.html: Added.
  • http/tests/cache/disk-cache/resources/cache-test.js:

Support delayed responses so we can test canceling the load.
Some minor improvements.

(makeHeaderValue):
(generateTestURL):
(loadResource):
(loadResourcesWithOptions):
(generateTests):

  • http/tests/cache/disk-cache/resources/generate-response.cgi:
6:26 AM Changeset in webkit [189726] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189172 - Watchdog timer callback should release the lock before deref'ing the watchdog.
https://bugs.webkit.org/show_bug.cgi?id=148635

Reviewed by Filip Pizlo.

The deref'ing of the watchdog may free it. The lock may not be available to be unlocked
after the deref.

  • runtime/Watchdog.cpp:

(JSC::Watchdog::Watchdog):

6:25 AM Changeset in webkit [189725] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189170 - [Freetype] FontCache::strengthOfFirstAlias leaks an FcPattern
https://bugs.webkit.org/show_bug.cgi?id=148624

Reviewed by Martin Robinson.

Using the normal RefPtr constructor causes the FcPattern to be reffed one extra time. Even
though the FcPattern is intentionally leaked to FcFontSetAdd down below, the FcPattern has
its own refcount and now it's screwed up. Just completely stop using RefPtr for these
FcPatterns, since the potential for confusion regarding leakRef combined with Fontconfig
refcounting far outweighs the benefit of using a smart pointer.

  • platform/graphics/freetype/FontCacheFreeType.cpp:

(WebCore::strengthOfFirstAlias):

6:22 AM Changeset in webkit [189724] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WTF

Merge r189151 - [WTF] Improve a ParkingLot::parkConditionally() comment for a libstdc++ workaround
https://bugs.webkit.org/show_bug.cgi?id=148571

Reviewed by Filip Pizlo.

  • wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionally): Adjust the comment about the workaround for
the libstdc++ std::condition_variable implementation, linking to the WebKit bug
that dissected the problem and the GCC bug that originally reported the problem.

6:20 AM Changeset in webkit [189723] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189133 - JavaScriptCore fails to build using GCC 5
https://bugs.webkit.org/show_bug.cgi?id=147815

Patch by Khem Raj <raj.khem@gmail.com> on 2015-08-28
Reviewed by Filip Pizlo.

  • runtime/JSObject.cpp: Explicitly instantiate all variants of

putByIndexBeyondVectorLengthWithAttributes used by JSArray.cpp.

5:50 AM Changeset in webkit [189722] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189080 - pluginInfo.clientLoadPolicy is used uninitialized in WebContent process
https://bugs.webkit.org/show_bug.cgi?id=148550

Reviewed by Tim Horton.

This fixes flakiness on plugins/plugin-javascript-access.html.

  • Shared/WebCoreArgumentCoders.cpp: (IPC::ArgumentCoder<PluginInfo>::decode):
5:48 AM Changeset in webkit [189721] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189060 - Page does not update when <link> media attribute changes to no longer apply to page
https://bugs.webkit.org/show_bug.cgi?id=148392

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/link-media-attr.html

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::parseAttribute):
When the media attribute changes, recalculate styles if the link is not disabled.

LayoutTests:

  • fast/css/link-media-attr-expected.txt: Added.
  • fast/css/link-media-attr.html: Added.

Add a test to verify that styles change after a link's media attribute changes.

5:47 AM Changeset in webkit [189720] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189058 - Simple line layout: Text jumps sometimes on naughty strings page
https://bugs.webkit.org/show_bug.cgi?id=148399
rdar://problem/22212568

Reviewed by Antti Koivisto.

The x position we set for tab characters during painting should
be the same as if it was set by the inline box tree painting.

Inline box tree computes the distance from the rootbox for each line
and sets this value as the xPos for the TextRun.
Currently simple line layout does not support cases where a line
would have an offset, so this value is always 0.

Source/WebCore:

Test: fast/text/whitespace/simple-line-layout-tab-position.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):

LayoutTests:

  • fast/text/whitespace/simple-line-layout-tab-position-expected.html: Added.
  • fast/text/whitespace/simple-line-layout-tab-position.html: Added.
5:46 AM Changeset in webkit [189719] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.10

Merge r189046 - REGRESSION(r184779): Possible read-after-free in JavaScriptCore/dfg/DFGClobberize.h
https://bugs.webkit.org/show_bug.cgi?id=148411

Reviewed by Geoffrey Garen and Filip Pizlo.

Source/JavaScriptCore:

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

LayoutTests:

  • js/regress-148411-expected.txt: Added.
  • js/regress-148411.html: Added.
  • js/script-tests/regress-148411.js: Added.

(foo):

5:42 AM Changeset in webkit [189718] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189043 - Decode redirected data URLs in web process
https://bugs.webkit.org/show_bug.cgi?id=148386

Reviewed by Zalan Bujtas.

Redirected data URLs still end up to networking layer for decoding. Handle them locally as well.

Covered by existing tests.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::~ResourceLoader):
(WebCore::ResourceLoader::finishNetworkLoad):

Factor to a function.

(WebCore::ResourceLoader::releaseResources):
(WebCore::ResourceLoader::willSendRequestInternal):

When receiving redirect to a data URL end the network load and decode it locally.

(WebCore::ResourceLoader::willSendRequest):

  • loader/ResourceLoader.h:
5:37 AM Changeset in webkit [189717] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189030 - Simple line layout: Use float types wherever possible to match line tree.
https://bugs.webkit.org/show_bug.cgi?id=148444

Reviewed by Antti Koivisto.

To match inline tree output, we should try to match the data types as far as precision goes.

This patch also fixes the confusing mismatch between Run::baseline().x() and Run::rect().x().
They are both supposed to return the left edge of the run. However Run::rect().x() returns a rounded
LayoutUnit of the logical left, while Run::baseline().x() returns the correct logical left.
With this patch

  1. baseline position does not include logical left anymore.
  2. Run::rect().x() does not round the logical left coordinate anymore.
  • rendering/RenderTreeAsText.cpp:

(WebCore::writeSimpleLine):

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):
(WebCore::SimpleLineLayout::collectAbsoluteRects):
(WebCore::SimpleLineLayout::showLineLayoutForFlow):

  • rendering/SimpleLineLayoutResolver.cpp:

(WebCore::SimpleLineLayout::linePosition):
(WebCore::SimpleLineLayout::lineSize):
(WebCore::SimpleLineLayout::RunResolver::Run::rect):
(WebCore::SimpleLineLayout::LineResolver::Iterator::operator*):
(WebCore::SimpleLineLayout::baselinePosition): Deleted.
(WebCore::SimpleLineLayout::RunResolver::Run::baseline): Deleted.

  • rendering/SimpleLineLayoutResolver.h:

(WebCore::SimpleLineLayout::RunResolver::Run::baselinePosition):
(WebCore::SimpleLineLayout::RunResolver::Run::computeBaselinePosition):

5:35 AM Changeset in webkit [189716] by Carlos Garcia Campos
  • 5 edits
    1 copy
    1 add in releases/WebKitGTK/webkit-2.10

Merge r189026 - Subpixel positioned iframe's repaint area calculation problem.
https://bugs.webkit.org/show_bug.cgi?id=148422

When the repaint rect position is floored for iframes, we need
to expand the size so that it still covers the content.

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/repaint/content-inside-subpixel-positioned-iframe.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeRectForRepaint):

LayoutTests:

  • fast/repaint/content-inside-subpixel-positioned-iframe-expected.txt: Added.
  • fast/repaint/content-inside-subpixel-positioned-iframe.html: Copied from LayoutTests/fast/repaint/hidpi-content-inside-iframe-leaves-trails.html.
  • fast/repaint/hidpi-content-inside-iframe-leaves-trails.html:
5:33 AM Changeset in webkit [189715] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Tools

Merge r189014 - Unreviewed, further shorten a test that times out because it's very long running.

I've locally run these tests on repeat for 24 hours and found no genuine
failures, like deadlocks. So, the timeouts are probably because the test
machine is slow and debug is slow. We should just run this test for fewer
iterations.

  • TestWebKitAPI/Tests/WTF/Lock.cpp:

(TestWebKitAPI::TEST):

5:32 AM Changeset in webkit [189714] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189012 - MarkedBlock::allocateBlock will have the wrong allocation size when (sizeof(MarkedBlock) + bytes) is divisible by WTF::pageSize()
https://bugs.webkit.org/show_bug.cgi?id=148500

Reviewed by Mark Lam.

Consider the following scenario:

  • On OS X, WTF::pageSize() is 4*1024 bytes.
  • JSEnvironmentRecord::allocationSizeForScopeSize(6621) == 53000
  • sizeof(MarkedBlock) == 248
  • (248 + 53000) is a multiple of 4*1024.
  • (248 + 53000)/(4*1024) == 13

We will allocate a chunk of memory of size 53248 bytes that looks like this:
0 248 256 53248 53256
[Marked Block | 8 bytes | payload ...... ] 8 bytes |


Our Environment record starts here.


Our last JSValue in the environment record will go from byte 53248 to 53256. But, we don't own this memory.

We need to ensure that we round up sizeof(MarkedBlock) to an
atomSize boundary. We need to do this because the first atom
inside the MarkedBlock will start at the rounded up multiple
of atomSize past MarkedBlock. If we end up with an allocation
that is perfectly aligned to the page size, then we will be short
8 bytes (in the current implementation where atomSize is 16 bytes,
and MarkedBlock is 248 bytes).

  • heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateBlock):

  • tests/stress/heap-allocator-allocates-incorrect-size-for-activation.js: Added.

(use):
(makeFunction):

5:28 AM Changeset in webkit [189713] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189010 - [ThreadedCompositor] Use WTF::Condition together with WTF::Lock
https://bugs.webkit.org/show_bug.cgi?id=148493

Patch by Emanuele Aina <Emanuele Aina> on 2015-08-26
Reviewed by Gyuyoung Kim.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

Replace ThreadCondition::signal() calls with Condition::notifyOne().

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h:

Replace ThreadCondition usage with Condition.

5:27 AM Changeset in webkit [189712] by Carlos Garcia Campos
  • 22 edits
    1 add in releases/WebKitGTK/webkit-2.10

Merge r189009 - watchdog m_didFire state erroneously retained.
https://bugs.webkit.org/show_bug.cgi?id=131082

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The watchdog can fire for 2 reasons:

  1. an external controlling entity (i.e. another thread) has scheduled termination of the script thread via watchdog::terminateSoon().
  2. the allowed CPU time has expired.

For case 1, we're doing away with the m_didFire flag. Watchdog::terminateSoon()
will set the timer deadlines and m_timeLimit to 0, and m_timerDidFire to true.
This will get the script thread to check Watchdog::didFire() and terminate
execution.

Note: the watchdog only guarantees that script execution will terminate as soon
as possible due to a time limit of 0. Once we've exited the VM, the client of the
VM is responsible from keeping a flag to prevent new script execution.

In a race condition, if terminateSoon() is called just after execution has gotten
past the client's reentry check and the client is in the process of re-entering,
the worst that can happen is that we will schedule the watchdog timer to fire
after a period of 0. This will terminate script execution quickly, and thereafter
the client's check should be able to prevent further entry into the VM.

The correctness (i.e. has no race condition) of this type of termination relies
on the termination state being sticky. Once the script thread is terminated this
way, the VM will continue to terminate scripts quickly until the client sets the
time limit to a non-zero value (or clears it which sets the time limit to
noTimeLimit).

For case 2, the watchdog does not alter m_timeLimit. If the CPU deadline has
been reached, the script thread will terminate execution and exit the VM.

If the client of the VM starts new script execution, the watchdog will allow
execution for the specified m_timeLimit. In this case, since m_timeLimit is not
0, the script gets a fresh allowance of CPU time to execute. Hence, terminations
due to watchdog time outs are no longer sticky.

  • API/JSContextRef.cpp:

(JSContextGroupSetExecutionTimeLimit):
(JSContextGroupClearExecutionTimeLimit):

  • API/tests/ExecutionTimeLimitTest.cpp:
  • Add test scenarios to verify that the watchdog is automatically reset by the VM upon throwing the TerminatedExecutionException.

(testResetAfterTimeout):
(testExecutionTimeLimit):

(JSC::DFG::ByteCodeParser::parseBlock):

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):

  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::ensureWatchdog):

  • runtime/VM.h:
  • runtime/VMInlines.h: Added.

(JSC::VM::shouldTriggerTermination):

  • runtime/Watchdog.cpp:

(JSC::Watchdog::Watchdog):
(JSC::Watchdog::setTimeLimit):
(JSC::Watchdog::terminateSoon):
(JSC::Watchdog::didFireSlow):
(JSC::Watchdog::hasTimeLimit):
(JSC::Watchdog::enteredVM):
(JSC::Watchdog::exitedVM):
(JSC::Watchdog::startTimer):
(JSC::Watchdog::stopTimer):
(JSC::Watchdog::hasStartedTimer): Deleted.
(JSC::Watchdog::fire): Deleted.

  • runtime/Watchdog.h:

(JSC::Watchdog::didFire):
(JSC::Watchdog::timerDidFireAddress):

Source/WebCore:

No new tests. The new code is covered by the JSC API tests and an existing test:
fast/workers/worker-terminate-forever.html

  • bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

  • bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::WorkerScriptController):

  • Always create a watchdog for the Web Worker's VM. We need this in order to support Worker.terminate().

(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::scheduleExecutionTermination):
(WebCore::WorkerScriptController::isTerminatingExecution):
(WebCore::WorkerScriptController::forbidExecution):
(WebCore::WorkerScriptController::isExecutionTerminating): Deleted.

  • bindings/js/WorkerScriptController.h:

LayoutTests:

  • fast/workers/worker-terminate-forever-expected.txt:
  • fast/workers/worker-terminate-forever.html:
  • Updated to check if the worker actually did terminate.
5:00 AM Changeset in webkit [189711] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188648 - Add ability to save and restore JSC options.
https://bugs.webkit.org/show_bug.cgi?id=148125

Reviewed by Saam Barati.

  • API/tests/ExecutionTimeLimitTest.cpp:

(testExecutionTimeLimit):

  • Employ the new options getter/setter to run watchdog tests for each of the execution engine tiers.
  • Also altered the test scripts to be in a function instead of global code. This is one of 2 changes needed to give them an opportunity to be FTL compiled. The other is to add support for compiling CheckWatchdogTimer in the FTL (which will be addressed in a separate patch).
  • jsc.cpp:

(CommandLine::parseArguments):

  • runtime/Options.cpp:

(JSC::parse):

  • Add the ability to clear a string option with a nullptr value. This is needed to restore a default string option value which may be null.

(JSC::OptionRange::init):

  • Add the ability to clear a range option with a null value. This is needed to restore a default range option value which may be null.

(JSC::Options::initialize):
(JSC::Options::dumpOptionsIfNeeded):

  • Factor code to dump options out to dumpOptionsIfNeeded() since we will need that logic elsewhere.

(JSC::Options::setOptions):

  • Parse an options string and set each of the specified options.

(JSC::Options::dumpAllOptions):
(JSC::Options::dumpAllOptionsInALine):
(JSC::Options::dumpOption):
(JSC::Option::dump):

  • Refactored so that the underlying dumper dumps to a StringBuilder instead of stderr. This lets us reuse this code to serialize all the options into a single string for dumpAllOptionsInALine().
  • runtime/Options.h:

(JSC::OptionRange::rangeString):

4:11 AM Changeset in webkit [189710] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Merge r188987 - Use WorkQueue::concurrentApply in FEConvolveMatrix
https://bugs.webkit.org/show_bug.cgi?id=148490

Reviewed by Tim Horton.

Using WorkQueue::concurrentApply lets us simplify the code a lot, and measurements show
no difference in performance. The striding has been slightly tweaked to make more sense
(we no longer divide up the remainder across some of the iterations, instead we just process
it separately last).

  • platform/graphics/filters/FEConvolveMatrix.cpp:

(WebCore::FEConvolveMatrix::platformApplySoftware):
(WebCore::FEConvolveMatrix::setInteriorPixelsWorker): Deleted.

  • platform/graphics/filters/FEConvolveMatrix.h:
4:01 AM Changeset in webkit [189709] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WTF

Merge r188981 - Add and implement WorkQueue::concurrentApply
https://bugs.webkit.org/show_bug.cgi?id=148488

Reviewed by Geoffrey Garen.

WorkQueue::concurrentApply is modeled after dispatch_apply, and on Cocoa it uses dispatch_apply directly.
For other ports there's a generic concurrentApply implemented using our threading primitives.

  • wtf/NeverDestroyed.h:

(WTF::LazyNeverDestroyed::operator->):

  • wtf/WorkQueue.cpp:

(WTF::WorkQueue::concurrentApply):

  • wtf/WorkQueue.h:
  • wtf/cocoa/WorkQueueCocoa.cpp:

(WTF::WorkQueue::concurrentApply):

3:40 AM Changeset in webkit [189708] by svillar@igalia.com
  • 5 edits
    4 adds in trunk

min-width/height should default to auto for grid items
https://bugs.webkit.org/show_bug.cgi?id=146021

Reviewed by Darin Adler.

Based on Blink's r194408, r194863 and r194887 by <Manuel Rego Casasnovas>.

Source/WebCore:

From the spec (http://dev.w3.org/csswg/css-grid/#grid-items):
"The auto value of min-width and min-height behaves on grid
items in the relevant axis analogously to its behavior on flex
items in the main axis."

From now on the default value for min-width and min-height for
grid items is auto, meaning that in general, grid items won't
shrink bellow their content.

The change is not exactly the same as the one in Blink because
this one takes into account vertical writting modes, something
that was not well handled in the original one.

Tests: fast/css-grid-layout/min-width-height-auto-overflow.html

fast/css-grid-layout/min-width-height-auto.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeLogicalWidthInRegion):
(WebCore::RenderBox::computeLogicalHeight):

LayoutTests:

Apart from the original tests this includes some extra ones to
verify that we behave correctly with vertical writing modes.

  • fast/css-grid-layout/min-width-height-auto-expected.txt: Added.
  • fast/css-grid-layout/min-width-height-auto-overflow-expected.html: Added.
  • fast/css-grid-layout/min-width-height-auto-overflow.html: Added.
  • fast/css-grid-layout/min-width-height-auto.html: Added.
  • fast/css/auto-min-size-expected.txt:
  • fast/css/auto-min-size.html:
3:38 AM Changeset in webkit [189707] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188978 - [JSC] StructureTransitionTable should eagerly deallocate single-transition WeakImpls.
<https://webkit.org/b/148478>

Reviewed by Geoffrey Garen.

Use a WeakHandleOwner to eagerly deallocate StructureTransitionTable's Weak pointers
when it's using the single-transition optimization and the Structure it transitioned
to has been GC'd.

This prevents Structures from keeping WeakBlocks alive longer than necessary when
they've been transitioned away from but are still in use themselves.

  • runtime/Structure.cpp:

(JSC::singleSlotTransitionWeakOwner):
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
(JSC::StructureTransitionTable::add):

  • runtime/StructureTransitionTable.h:

(JSC::StructureTransitionTable::singleTransition): Deleted.
(JSC::StructureTransitionTable::setSingleTransition): Deleted.

3:10 AM Changeset in webkit [189706] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188968 - [Cairo] Accelerated canvas should fall back to non-accelerated canvas on creation failure
https://bugs.webkit.org/show_bug.cgi?id=148476

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-08-26
Reviewed by Brent Fulgham.

Cairo-gl backed surface might fail to be created with large dimensions, e.g., 50x32000, depending on
the gl implementations. In case of Mac port, ImageBufferCG falls back to a software surface when it fails to create
IOSurface, an accelerated surface. Though the unaccelerated surface could be slower, it would be better
to create a working surface than nothing.

Because the max dimensions of gl texture might vary among the OpenGL implementations, below test can't guarantee
the verification of behavior difference depending on the running platform.

Test: fast/canvas/canvas-large-dimensions.html

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::ImageBuffer):

3:08 AM Changeset in webkit [189705] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188961 - [GStreamer] "method" property for the webkitwebsrc element
https://bugs.webkit.org/show_bug.cgi?id=148433

Reviewed by Carlos Garcia Campos.

This new property is sometimes used by the GStreamer uridownloader
when time synchronization is required for DASH. The same property
was added to the souphttpsrc element.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcSetProperty):
(webKitWebSrcGetProperty):
(webKitWebSrcStart):

3:04 AM Changeset in webkit [189704] by Carlos Garcia Campos
  • 2 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188918 - Fix crash due to search field disappearing when showing results menu
https://bugs.webkit.org/show_bug.cgi?id=148410
<rdar://problem/22399850>

Reviewed by Brent Fulgham.

When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
check to make sure the search field has not been hidden before toggling the menu.

Test: fast/forms/search/search-results-hidden-crash.html

  • html/shadow/TextControlInnerElements.cpp:

(WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.

2:57 AM Changeset in webkit [189703] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188849 - [JSC] Reduce the memory usage of BytecodeLivenessAnalysis
https://bugs.webkit.org/show_bug.cgi?id=148353

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-08-23
Reviewed by Darin Adler.

BytecodeLivenessAnalysis easily takes kilobytes of memory for
non trivial blocks and that memory sticks around because
it stored on CodeBlock.

This patch reduces that memory use a bit.

Most of the memory is in the array of BytecodeBasicBlock.
BytecodeBasicBlock is shrunk by:
-Making it not ref-counted.
-Removing m_predecessors, it was only used for debugging and

is usually big.

-Added a shrinkToFit() phase to shrink the vectors once we are

done building the BytecodeBasicBlock.

There are more things we should do in the future:
-Store all the BytecodeBasicBlock direclty in the array.

We know the size ahead of time, this would be a pure win.
The only tricky part is changing m_successors to have the
index of the successor instead of a pointer.

-Stop putting duplicates in m_successors.

  • bytecode/BytecodeBasicBlock.cpp:

(JSC::computeBytecodeBasicBlocks):
(JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
(JSC::linkBlocks): Deleted.

  • bytecode/BytecodeBasicBlock.h:

(JSC::BytecodeBasicBlock::addSuccessor):
(JSC::BytecodeBasicBlock::addPredecessor): Deleted.
(JSC::BytecodeBasicBlock::predecessors): Deleted.

  • bytecode/BytecodeLivenessAnalysis.cpp:

(JSC::getLeaderOffsetForBasicBlock):
(JSC::findBasicBlockWithLeaderOffset):
(JSC::findBasicBlockForBytecodeOffset):
(JSC::stepOverInstruction):
(JSC::computeLocalLivenessForBytecodeOffset):
(JSC::computeLocalLivenessForBlock):
(JSC::BytecodeLivenessAnalysis::dumpResults): Deleted.

  • bytecode/BytecodeLivenessAnalysis.h:
2:46 AM Changeset in webkit [189702] by Manuel Rego Casasnovas
  • 3 edits
    2 adds in trunk

[css-grid] Percentage columns should remove scrollbar's width
https://bugs.webkit.org/show_bug.cgi?id=149116

Reviewed by Sergio Villar Senin.

Source/WebCore:

Currently the calculation of percentage columns was not subtracting the
scrollbar's size.
Fixed RenderGrid::computeUsedBreadthOfSpecifiedLength()
to avoid this problem.

Test: fast/css-grid-layout/grid-percent-track-scrollbar.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

Added test to check the behavior for both columns and rows.
Note that rows (height) were already working fine.

  • fast/css-grid-layout/grid-percent-track-scrollbar-expected.txt: Added.
  • fast/css-grid-layout/grid-percent-track-scrollbar.html: Added.
2:45 AM Changeset in webkit [189701] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188839 - Remove SVGFrameLoaderClient and dataProtocolFrameLoader
https://bugs.webkit.org/show_bug.cgi?id=148370

Reviewed by Darin Adler.

With data protocol handled internally in WebKit these are no longer needed.

This mostly reverts code changes from http://trac.webkit.org/179626 keeping the tests.

  • loader/FrameLoaderClient.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::loadDataURL):
(WebCore::ResourceLoader::setDataBufferingPolicy):
(WebCore::ResourceLoader::dataProtocolFrameLoader): Deleted.

  • loader/ResourceLoader.h:

(WebCore::ResourceLoader::documentLoader):
(WebCore::ResourceLoader::originalRequest):

  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::finishLoading):

  • svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::dataChanged):

  • svg/graphics/SVGImage.h:
  • svg/graphics/SVGImageClients.h:
2:40 AM Changeset in webkit [189700] by Carlos Garcia Campos
  • 20 edits in releases/WebKitGTK/webkit-2.10/Source

Merge r188824 - [JSC] Static hash tables should be 100% compile-time constant.
<https://webkit.org/b/148359>

Reviewed by Michael Saboff.

Source/JavaScriptCore:

We were dirtying the memory pages containing static hash tables the
first time they were used, when a dynamically allocated index-to-key
table was built and cached in the HashTable struct.

It turns out that this "optimization" was completely useless, since
we've long since decoupled static hash tables from the JSC::VM and
we can get the key for an index via HashTable::values[index].m_key!

We also get rid of VM::keywords which was a little wrapper around
a VM-specific copy of JSC::mainTable. There was nothing VM-specific
about it at all, so clients now use JSC::mainTable directly.

After this change all fooHashTable structs end up in DATA const
and no runtime initialization/allocation takes place.

  • create_hash_table:
  • jsc.cpp:
  • parser/Lexer.cpp:

(JSC::isLexerKeyword):
(JSC::Lexer<LChar>::parseIdentifier):
(JSC::Lexer<UChar>::parseIdentifier):
(JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
(JSC::Keywords::Keywords): Deleted.

  • parser/Lexer.h:

(JSC::Keywords::isKeyword): Deleted.
(JSC::Keywords::getKeyword): Deleted.
(JSC::Keywords::~Keywords): Deleted.

  • runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::tryJSONPParse):

  • runtime/Lookup.cpp:

(JSC::HashTable::createTable): Deleted.
(JSC::HashTable::deleteTable): Deleted.

  • runtime/Lookup.h:

(JSC::HashTable::entry):
(JSC::HashTable::ConstIterator::key):
(JSC::HashTable::ConstIterator::skipInvalidKeys):
(JSC::HashTable::copy): Deleted.
(JSC::HashTable::initializeIfNeeded): Deleted.
(JSC::HashTable::begin): Deleted.
(JSC::HashTable::end): Deleted.

  • runtime/VM.cpp:

(JSC::VM::VM): Deleted.

  • runtime/VM.h:
  • testRegExp.cpp:

Source/WebCore:

Adjust WebCore bindings generator for new JSC::HashTable layout
and rebaseline the bindings tests for that change.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHashTable):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:
2:08 AM Changeset in webkit [189699] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188821 - Page::renderTreeSize() does not include anonymous renderers.
https://bugs.webkit.org/show_bug.cgi?id=148352

Reviewed by Andreas Kling.

Anonymous renderes take the document as their node. Instead
of checking whether the node is the document, we could just check
if the RenderView is available.

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::RenderObject):
(WebCore::RenderObject::~RenderObject):

  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView): Deleted.

  • rendering/RenderView.h: Include the RenderView in render tree size as well.
2:04 AM Changeset in webkit [189698] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.10

Merge r189164 - REGRESSION (r188820): fast/dom/HTMLObjectElement/object-as-frame.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148533

Reviewed by Chris Dumez.

Source/WebCore:

<object> element may cause document load event fire too early. By making data URL
loading faster r188820 made this condition more likely to trigger in this test.

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadSubframe):

Post-parsing style recalc may trigger loads for <object> elements. If all other loads have already
completed this may cause load event to fire synchronously from the initial empty document construction.

Fix by preventing load events during subframe initialization. They will be fired if needed by the
subsequent explicit call to FrameLoader::checkCompleted.

LayoutTests:

Unskip.

  • fast/dom/HTMLObjectElement/object-as-frame.html:

Use more logical text in the data url.

  • http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt:
  • http/tests/loading/basic-credentials-sent-automatically-expected.txt:
  • platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt:
  • platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt:
  • webarchive/loading/object-expected.txt:

Update test results.

1:59 AM Changeset in webkit [189697] by Carlos Garcia Campos
  • 13 edits
    2 adds in releases/WebKitGTK/webkit-2.10/Source

Merge r188820 - Decode data URLs in web process
https://bugs.webkit.org/show_bug.cgi?id=148128

Reviewed by Darin Adler.

Source/WebCore:

We currenly send data URLs to networking layer for decoding. This involves a long and slow roundtrip through IPC and API layers.

  • WebCore.xcodeproj/project.pbxproj:
  • loader/ResourceLoadScheduler.cpp:

(WebCore::ResourceLoadScheduler::maybeLoadQuickLookResource): Deleted.

Remove this awkward interface for WebKit2.

  • loader/ResourceLoadScheduler.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::start):
(WebCore::ResourceLoader::loadDataURL):

Load using DataURLDecoder.

  • loader/ResourceLoader.h:

Make start() public and export it so it can be called directly from WebKit2.

  • platform/network/DataURLDecoder.cpp: Added.

(WebCore::DataURLDecoder::decodeQueue):
(WebCore::DataURLDecoder::DecodeTask::DecodeTask):
(WebCore::DataURLDecoder::createDecodeTask):

Parse data URL metadata and initialize the decode task.

(WebCore::DataURLDecoder::decodeBase64):
(WebCore::DataURLDecoder::decodeEscaped):
(WebCore::DataURLDecoder::decode):

Asynchronously decode in a concurrent distpatch queue.

  • platform/network/DataURLDecoder.h: Added.
  • platform/network/ios/QuickLook.h:
  • platform/text/DecodeEscapeSequences.h:

(WebCore::URLEscapeSequence::findEndOfRun):
(WebCore::URLEscapeSequence::decodeRun):

Factor buffer generation to a function.

(WebCore::decodeEscapeSequences):
(WebCore::decodeURLEscapeSequencesAsData):

Add decode function that produces bytes instead of a String.

Source/WebKit2:

  • WebProcess/Network/WebResourceLoadScheduler.cpp:

(WebKit::WebResourceLoadScheduler::scheduleLoad):

Don't send data: loads to the network process, handle them locally.

(WebKit::WebResourceLoadScheduler::startLocalLoad):

Call ResourceLoder::start() directly.

1:47 AM Changeset in webkit [189696] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] pipe-to writable stream tests
https://bugs.webkit.org/show_bug.cgi?id=148296

Reviewed by Darin Adler.

  • streams/reference-implementation/pipe-to-expected.txt: Added.
  • streams/reference-implementation/pipe-to.html: Added.
1:42 AM Changeset in webkit [189695] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188769 - AX: Table with CSS that makes a row anonymous can return NULL from cellForColumnAndRow
https://bugs.webkit.org/show_bug.cgi?id=148293

Patch by Doug Russell <d_russell@apple.com> on 2015-08-21
Reviewed by Chris Fleizach.

When RenderTableRows are anonymous, they may not be added to the accessible data
table's internal row list. However, when calculating the row range for a cell,
we were still accounting for those anonymous sections.
Change how the row range is calculated to directly ask the accessible parent row
for its index. This will ensure it’s more inline with what’s being represented to
the accessibility API.

Source/WebCore:

Test: accessibility/aria-table-content.html

  • accessibility/AccessibilityTableCell.cpp:

(WebCore::AccessibilityTableCell::parentRow):
(WebCore::AccessibilityTableCell::rowIndexRange):

  • accessibility/AccessibilityTableCell.h:

LayoutTests:

  • accessibility/aria-table-content-expected.txt: Added.
  • accessibility/aria-table-content.html: Added.
1:37 AM Changeset in webkit [189694] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188765 - HistoryItems will null CachedPages should never be left in the list of items;
causes crash
https://bugs.webkit.org/show_bug.cgi?id=148237
-and corresponding-
rdar://problem/22356782

Reviewed by Brady Eidson.

Setting the CachedPage to nullptr will destroy the CachedPage, destroy the
FrameView, re-enter layout, and potentially try to modify items in the PageCache
based on that layout. So, we should not modify CachedPage in this way while the
item is still in the list of HistoryItems.

  • history/PageCache.cpp:

(WebCore::PageCache::take):
(WebCore::PageCache::remove):
(WebCore::PageCache::prune):

1:35 AM Changeset in webkit [189693] by calvaris@igalia.com
  • 3 edits in trunk/LayoutTests

[Streams API] Add readable stream templated tests for writable streams
https://bugs.webkit.org/show_bug.cgi?id=148304

Reviewed by Darin Adler.

  • streams/reference-implementation/readable-stream-templated-expected.txt: Added new expectations.
  • streams/reference-implementation/readable-stream-templated.html: New writable stream tests.
1:34 AM Changeset in webkit [189692] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188747 - DFG should have a KnownBooleanUse for cases where we are required to know that the child is a boolean and it's not OK to speculate
https://bugs.webkit.org/show_bug.cgi?id=148286

Reviewed by Benjamin Poulain.

This enables us to ensure that the Branch or LogicalNot after an effectful CompareXYZ can
be marked as !mayExit(). I need that for https://bugs.webkit.org/show_bug.cgi?id=145204.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::observeUseKindOnNode):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::shouldNotHaveTypeCheck):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::boolify):
(JSC::FTL::DFG::LowerDFGToLLVM::lowBoolean):

1:25 AM Changeset in webkit [189691] by Carlos Garcia Campos
  • 3 edits
    8 adds in releases/WebKitGTK/webkit-2.10

Merge r188720 - Overflow check elimination fails for a simple test case
https://bugs.webkit.org/show_bug.cgi?id=147387

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Overflow check elimination was having issues when things got constant-folded, because whereas an
Add or LessThan operation teaches us about relationships between the things being added or
compared, we don't do that when we see a JSConstant. We don't create a relationship between every
JSConstant and every other JSConstant. So, if we constant-fold an Add, we forget the relationships
that it would have had with its inputs.

One solution would be to have every JSConstant create a relationship with every other JSConstant.
This is dangerous, since it would create O(n2) explosion of relationships.

Instead, this patch teaches filtration and merging how to behave "as if" there were inter-constant
relationships. Normally those operations only work on two relationships involving the same node
pair. But now, if we have @x op @c and @x op @d, where @c and @d are different nodes but both are
constants, we will do merging or filtering by grokking the constant values.

This speeds up lots of tests in JSRegress, because it enables overflow check elimination on things
like:

for (var i = 0; i < 100; ++i)

Previously, the fact that this was all constants would throw off the analysis because the analysis
wouldn't "know" that 0 < 100.

  • dfg/DFGIntegerRangeOptimizationPhase.cpp:

LayoutTests:

Added two test cases that previously would have an unnecessary overflow check on an induction
variable. These tests speed up by 10-15% thanks to this change.

Also added .html/expected files for some regress test that didn't have them.

  • js/regress/function-call-expected.txt: Added.
  • js/regress/function-call.html: Added.
  • js/regress/hard-overflow-check-equal-expected.txt: Added.
  • js/regress/hard-overflow-check-equal.html: Added.
  • js/regress/hard-overflow-check-expected.txt: Added.
  • js/regress/hard-overflow-check.html: Added.
  • js/regress/script-tests/hard-overflow-check-equal.js: Added.

(foo):

  • js/regress/script-tests/hard-overflow-check.js: Added.

(foo):

1:05 AM Changeset in webkit [189690] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188672 - Select validation does not correctly work when handling change event
https://bugs.webkit.org/show_bug.cgi?id=145869

Reviewed by Dean Jackson.

Source/WebCore:

When selecting an option in a <select> with validation that also has an onchange listener, calling
checkValidity() for the select within the onchange handler would produce incorrect results and (on
a debug build) crash at an assertion. This is because the change events were being dispatched before
form validity was updated. Making the validation step come before the change event dispatch fixes
this issue.

Test: fast/forms/onchange-select-check-validity.html

  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::selectOption): Update validity before dispatching change events.

LayoutTests:

Tests that checkValidity() returns correct results from within the onchange handler of a
<select> when the validity of the selected option changes.

  • fast/forms/onchange-select-check-validity-expected.txt: Added.
  • fast/forms/onchange-select-check-validity.html: Added.
12:59 AM Changeset in webkit [189689] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add pipe-to-options writable stream tests
https://bugs.webkit.org/show_bug.cgi?id=148297

Reviewed by Darin Adler.

  • streams/reference-implementation/pipe-to-options-expected.txt: Added.
  • streams/reference-implementation/pipe-to-options.html: Added.
12:56 AM Changeset in webkit [189688] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add tests about abort on writable streams
https://bugs.webkit.org/show_bug.cgi?id=148298

Reviewed by Darin Adler.

  • streams/reference-implementation/writable-stream-abort-expected.txt: Added.
  • streams/reference-implementation/writable-stream-abort.html: Added.
12:55 AM Changeset in webkit [189687] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10

Merge r188666 - GraphicsContext3D::activeTexture should not be called with zero-based index
https://bugs.webkit.org/show_bug.cgi?id=148020

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-08-19
Reviewed by Alex Christensen.

Source/WebCore:

GraphicsContext3D::activeTexture should be called with an argument that is greater than or equal to
GraphicsContext3D::TEXTURE0.

Test: fast/canvas/webgl/texture-complete.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::checkTextureCompleteness):

LayoutTests:

Insert WebGLRenderingContext.activeTexture call during the texture complete test to verify
a meaningless change of the active texture doesn't make any gl errors.

  • fast/canvas/webgl/texture-complete.html:
12:53 AM Changeset in webkit [189686] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add general writable streams tests
https://bugs.webkit.org/show_bug.cgi?id=148299

Reviewed by Darin Adler.

  • streams/reference-implementation/writable-stream-expected.txt: Added.
  • streams/reference-implementation/writable-stream.html: Added.
12:51 AM Changeset in webkit [189685] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188659 - Scrollable area container is not properly cleared when page is going into the PageCache
https://bugs.webkit.org/show_bug.cgi?id=148182
<rdar://problem/21969170>

Reviewed by Dean Jackson.

Must be tested manually going back and forth in history several times.

  • history/CachedFrame.cpp:

(WebCore::CachedFrame::CachedFrame): Clear the cached ScrollableAreas from the FrameView.

  • page/FrameView.cpp:

(WebCore::FrameView::clearScrollableAreas): Added.

  • page/FrameView.h:
12:47 AM Changeset in webkit [189684] by ChangSeok Oh
  • 2 edits in trunk/LayoutTests

[GTK] Layout Test media/video-volume-slider.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=149032

Reviewed by Philippe Normand.

  • platform/gtk/TestExpectations: media/video-volume-slider.html is removed.
12:43 AM Changeset in webkit [189683] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebInspectorUI

Merge r188655 - Web Inspector: Uncaught exception in inspector page while handling event DOMStorage.domStorageItemRemoved
https://bugs.webkit.org/show_bug.cgi?id=148191

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-08-19
Reviewed by Brian Burg.

  • UserInterface/Controllers/StorageManager.js:

(WebInspector.StorageManager.prototype.itemsCleared):
(WebInspector.StorageManager.prototype.itemRemoved):
(WebInspector.StorageManager.prototype.itemAdded):
(WebInspector.StorageManager.prototype.itemUpdated):
Check if the DOMStorage for the identifier actually exists.
Due to how the backend emits events, the page may have already
navigated when we get a storage update for the previous page.
In that case, we don't want to create a DOMStorage for the
previous page if it doesn't exist.

Sep 13, 2015:

10:08 PM Changeset in webkit [189682] by Chris Dumez
  • 10 edits in trunk

Improve Node pre-insertion validation when the parent is a Document
https://bugs.webkit.org/show_bug.cgi?id=149109
<rdar://problem/22560436>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/dom/nodes/Node-insertBefore-expected.txt:
  • web-platform-tests/dom/nodes/Node-replaceChild-expected.txt:
  • web-platform-tests/dom/nodes/append-on-Document-expected.txt:
  • web-platform-tests/dom/nodes/prepend-on-Document-expected.txt:

Source/WebCore:

Improve Node pre-insertion validation when the parent is a Document to
match the specification:
https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
https://dom.spec.whatwg.org/#concept-node-replace

This affects the following API: Node.insertBefore(), Node.appendChild(),
Node.replaceChild().

WebKit current fails to do the following checks whenever the parent is a
Document from pre-insertion validation:

  1. If the inserted Node is a DocumentFragment, we should make sure it contains only one Element.

-> This is because a Document can have only one child that is an

Element [1].

2.a. If an Element is inserted, we should make sure it is not inserted

before a DocumentType.

2.b. If a DocumentType is inserted, we should make sure it is not

inserted after an Element.

-> This is because the DocType must come before the optional Element

child [1].

Firefox and Chrome already match the specification here. This patch
aligns WebKit's behavior with those browsers and the specification.

[1] https://dom.spec.whatwg.org/#node-trees

No new tests, already covered by existing W3C tests.

  • dom/ContainerNode.cpp:

(WebCore::checkAcceptChild):
(WebCore::checkAddChild):
(WebCore::checkReplaceChild):
(WebCore::ContainerNode::insertBefore):
(WebCore::ContainerNode::appendChild):
(WebCore::containsConsideringHostElements): Deleted.
(WebCore::checkAcceptChildGuaranteedNodeTypes): Deleted.

  • dom/Document.cpp:

(WebCore::Document::canAcceptChild):
(WebCore::Document::cloneNodeInternal): Deleted.

  • dom/Document.h:
10:06 PM Changeset in webkit [189681] by Chris Dumez
  • 8 edits in trunk

Document.adoptNode() should be able to explicitly adopt a DocumentType node
https://bugs.webkit.org/show_bug.cgi?id=149097
LayoutTests/imported/w3c:

<rdar://problem/22549345>

Reviewed by Ryosuke Niwa.

Rebaseline W3C test now that a new check is passing.

  • web-platform-tests/dom/nodes/Document-adoptNode-expected.txt:

Source/WebCore:

<rdar://problem/22549345>

Reviewed by Ryosuke Niwa.

Document.adoptNode() should be able to explicitly adopt a DocumentType
node as per the latest DOM specification:
https://dom.spec.whatwg.org/#dom-document-adoptnode

Chrome and Firefox match the specidicaiton but WebKit was throwing a
NotSupportedError.

No new tests, already covered by existing test.

  • dom/Document.cpp:

(WebCore::Document::adoptNode): Deleted.

LayoutTests:

Reviewed by Ryosuke Niwa.

Rebaseline DOM3 tests, those seem to be outdated now.

  • dom/xhtml/level3/core/documentadoptnode10-expected.txt:
  • dom/xhtml/level3/core/documentadoptnode11-expected.txt:
  • dom/xhtml/level3/core/documentadoptnode12-expected.txt:
10:03 PM Changeset in webkit [189680] by Chris Dumez
  • 9 edits in trunk

Document.title does not behave according to specification
https://bugs.webkit.org/show_bug.cgi?id=149098

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-01-expected.txt:
  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-02-expected.txt:

Source/WebCore:

Update Document.title to behave according to the latest DOM specification:
https://html.spec.whatwg.org/multipage/dom.html#document.title

In particular, the following Web-Exposed changes were made:

  1. The title Element should be the first title element in the document (in tree order) [1]. Previously, WebKit would use the first title Element *added* to the Document. Document.title returns the text content of the title Element so this change is web-exposed.
  2. If the title Element is replaced after the title has been set by the JS (via the document.title setter), we should update the value returned by the document.title getter. Previously, WebKit would set a flag if the title was explicitly set by JS via document.title setter and later title element changes would not override the title set by the JS. This behavior isn't specified and does not match the behavior of other browsers.

The new behavior is also consistent with the behavior of Firefox and
Chrome.

Some refactoring was made for the sake of clarity now that our
implementation has changed. See details below.

[1] https://html.spec.whatwg.org/multipage/dom.html#the-title-element-2

No new tests, already covered by existing tests.

  • dom/Document.cpp:

(WebCore::Document::updateTitleFromTitleElement):
New convenience method that calls updateTitle() with the text of the
document's current title Element. If there is no title Element, it
clears the title.

(WebCore::Document::updateTitleElement):
Method which updates the Document's title Element whenever a title
Element is added or removed from the Document. Once the title Element
is updated, it takes care of calling updateTitleFromTitleElement() to
update the Document's title.

(WebCore::Document::titleElementAdded):
(WebCore::Document::titleElementRemoved):
(WebCore::Document::titleElementTextChanged):
New Document public API called by HTMLTitleElement / SVGTitleElement
whenever a title Element is added / removed from the Document or
whenever the title element's text has changed. These methods will
take care of calling updateTitleElement() / updateTitleFromTitleElement()
as necessary.
Previously, we would only have 2 methods:

  • setTitleElement() which would be called whenever a title Element was added to the document or when its text had changed. The name was confusing because it would not necessarily set the document's title Element and it would be used both for title element update and a simple title update. This method has been split into 2: titleElementAdded() and titleElementTextChanged().
  • removeTitle() which would be called whenever a title Element was removed. The naming was confusing because it would not necessarily remove the Document's title Element. This is now called titleElementRemoved().
  • html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::insertedInto):
Call the new titleElementAdded() instead of setTitleElement().

(WebCore::HTMLTitleElement::removedFrom):
Call the new titleElementRemoved() instead of removeTitle().

(WebCore::HTMLTitleElement::childrenChanged):
Call the new titleElementTextChanged() instead of
setTitleElement() / removeTitle() as we don't really want
to remove or add a title Element. We merely want to notify
the document that the title element text has changed in
case it is the current title Element of the Document.

(WebCore::HTMLTitleElement::computedTextWithDirection):
Rename textWithDirection() to computedTextWithDirection() to
make it clear it is not a simple getter and make it private
as it is only used to set the m_title member which caches the
computed text.

  • html/HTMLTitleElement.h:

Add new textWithDirection() getter which returns m_title. This
is needed so that Document can query the title of the Element.
Previously, HTMLTitleElement would pass directly m_title to
the Document when calling Document::setTitleElement().

  • svg/SVGTitleElement.cpp:

(WebCore::SVGTitleElement::insertedInto):
Call the new titleElementAdded() instead of setTitleElement().

(WebCore::SVGTitleElement::removedFrom):
Call the new titleElementRemoved() instead of removeTitle().

(WebCore::SVGTitleElement::childrenChanged):
Call the new titleElementTextChanged() instead of
setTitleElement().

9:18 PM Changeset in webkit [189679] by Chris Dumez
  • 8 edits in trunk

document.lastModified should use the user's local time zone
https://bugs.webkit.org/show_bug.cgi?id=149092
LayoutTests/imported/w3c:

<rdar://problem/22567705>

Reviewed by Ryosuke Niwa.

Rebaseline a couple of W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/documents/resource-metadata-management/document-lastModified-01-expected.txt:
  • web-platform-tests/html/dom/documents/resource-metadata-management/document-lastModified-expected.txt:

Source/WebCore:

<rdar://problem/22567705>

Reviewed by Ryosuke Niwa.

document.lastModified should use the user's local time zone:
https://html.spec.whatwg.org/multipage/dom.html#dom-document-lastmodified

Chrome and Firefox comply with the specification but WebKit was using
UTC. This patch aligns WebKit's behavior with the specification and
other browsers.

No new tests, already covered by existing tests.

  • dom/Document.cpp:

(WebCore::Document::lastModified):
(WebCore::Document::setCookieURL): Deleted.

LayoutTests:

Reviewed by Ryosuke Niwa.

Update test so that it converts document.lastModified to UTF before
printing it. This is so that we can consistent layout tests results, no
matter the system's timezone.

  • http/tests/misc/last-modified-parsing-expected.txt:
  • http/tests/resources/last-modified.php:
8:07 PM Changeset in webkit [189678] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

Unreviewed EFL gardening.

Mark fast/text/international/system-language/system-font-punctuation.html to *Missing* since r188377.
Additionally some tests have been passed since r188693. Removed the tests in TestExpectation.

  • platform/efl/TestExpectations:
8:04 PM Changeset in webkit [189677] by Chris Dumez
  • 15 edits
    2 deletes in trunk

Node.baseURI should not return null for detached nodes
https://bugs.webkit.org/show_bug.cgi?id=149104
<rdar://problem/22559535>

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

  • web-platform-tests/dom/nodes/Node-baseURI-expected.txt:

Source/WebCore:

Node.baseURI should not return null for detached nodes. It should return
the node document's base URL. The node document is set when the node is
created so it is valid even if the node is detached [1]:
https://dom.spec.whatwg.org/#dom-node-baseuri

WebKit was traversing the ancestors to find the base URL, which only
works if the node is attached. Also, WebKit was taking into account
the xml:base attribute when computing the baseURI.

Both Chrome and Firefox already dropped support for xml:base:
https://code.google.com/p/chromium/issues/detail?id=341854
https://bugzilla.mozilla.org/show_bug.cgi?id=903372

Firefox complies with the specification. Chrome's baseURI still only
works for attached Nodes as their implementation still traverses the
DOM tree, despite dropping support for xml:base.

This patch drops support xml:base when computing Node.baseURI, as
Firefox, Chrome and the latest DOM specification do. It also makes
Node.baseURI work for detached Nodes by returning the base URL of the
node Document. This means we no longer have to traverse the Node's
ancestors in the DOM tree. This is consistent with the behavior of
Firefox and the latest DOM specification.

This patch does not drop the SVGElement.xmlbase attribute yet. However,
we should probably consider making this change as well given that:

  • The SVG2 specification dropped it
  • Chrome dropped it.
  • It no longers impacts Node.baseURI

[1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=20976

No new tests, already covered by existing test.

  • dom/Document.cpp:

(WebCore::Document::setContent): Deleted.

  • dom/Document.h:

(WebCore::Document::inputCursor): Deleted.

  • dom/DocumentType.cpp:

(WebCore::DocumentType::nodeName): Deleted.

  • dom/DocumentType.h:
  • dom/Element.cpp:

(WebCore::Element::imageSourceURL): Deleted.
(WebCore::Element::rendererIsNeeded): Deleted.
(WebCore::Element::createElementRenderer): Deleted.
(WebCore::Element::insertedInto): Deleted.

  • dom/Element.h:
  • dom/Node.cpp:

(WebCore::Node::baseURI):

  • dom/Node.h:
  • svg/SVGElement.idl:

LayoutTests:

  • dom/xhtml/level3/core/nodegetbaseuri03-expected.txt:

Rebaseline outdated DOM3 test.

  • svg/custom/image-base-uri-expected.txt: Removed.
  • svg/custom/image-base-uri.svg: Removed.

Drop outdated SVG test. SVG2 no longer support xml:base.

7:42 PM Changeset in webkit [189676] by Chris Dumez
  • 14 edits in trunk

CharacterData API parameters should not be optional
https://bugs.webkit.org/show_bug.cgi?id=149101
<rdar://problem/22546954>

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-appendData-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-substringData-expected.txt:

Source/WebCore:

CharacterData API parameters should not be optional as per the DOM
specification:
https://dom.spec.whatwg.org/#characterdata

The parameters are also mandatory in Firefox and Chrome. However,
those parameters are optional in WebKit. When DOMString parameters
were omitted, we would use the "undefined" string instead. When
unsigned long parameters were omitted, we would use 0 instead.
This patch aligns our behavior with the specification and other
major browsers.

No new tests, already covered by existing tests.

  • dom/CharacterData.cpp:

(WebCore::CharacterData::appendData):

  • dom/CharacterData.h:
  • dom/CharacterData.idl:
  • dom/Element.cpp:

(WebCore::Element::mergeWithNextTextNode):

  • dom/Node.cpp:

(WebCore::Node::normalize):

  • xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::exitText):

LayoutTests:

Update existing test to reflect our web-exposed behavior change.

  • fast/dom/non-numeric-values-numeric-parameters-expected.txt:
  • fast/dom/script-tests/non-numeric-values-numeric-parameters.js:
7:36 PM Changeset in webkit [189675] by Gyuyoung Kim
  • 29 edits in trunk/Source

Remove all uses of PassRefPtr in crypto, storage, and history
https://bugs.webkit.org/show_bug.cgi?id=149091

Reviewed by Andreas Kling.

Source/WebCore:

  • crypto/CryptoKeyPair.cpp:

(WebCore::CryptoKeyPair::CryptoKeyPair):

  • crypto/CryptoKeyPair.h:

(WebCore::CryptoKeyPair::create):

  • crypto/SubtleCrypto.h:

(WebCore::SubtleCrypto::create):

  • crypto/gnutls/CryptoKeyRSAGnuTLS.cpp:

(WebCore::CryptoKeyRSA::create):

  • crypto/keys/CryptoKeyAES.cpp:

(WebCore::CryptoKeyAES::generate):

  • crypto/keys/CryptoKeyAES.h:
  • crypto/keys/CryptoKeyHMAC.cpp:

(WebCore::CryptoKeyHMAC::generate):

  • crypto/keys/CryptoKeyHMAC.h:
  • crypto/keys/CryptoKeyRSA.h:
  • crypto/mac/CryptoKeyRSAMac.cpp:

(WebCore::CryptoKeyRSA::create):

  • history/BackForwardController.cpp:

(WebCore::BackForwardController::BackForwardController):

  • history/BackForwardController.h:
  • history/HistoryItem.cpp:

(WebCore::HistoryItem::setStateObject):
(WebCore::HistoryItem::setFormData):

  • history/HistoryItem.h:

(WebCore::HistoryItem::stateObject):

  • loader/EmptyClients.cpp:
  • page/Page.cpp:

(WebCore::Page::Page):

  • storage/Storage.cpp:

(WebCore::Storage::create):
(WebCore::Storage::Storage):

  • storage/Storage.h:
  • storage/StorageArea.h:
  • storage/StorageMap.cpp:

(WebCore::StorageMap::copy):
(WebCore::StorageMap::setItem):
(WebCore::StorageMap::setItemIgnoringQuota):
(WebCore::StorageMap::removeItem):

  • storage/StorageMap.h:
  • storage/StorageNamespace.h:

Source/WebKit:

  • Storage/StorageNamespaceImpl.cpp:

(WebCore::StorageNamespaceImpl::storageArea):

  • Storage/StorageNamespaceImpl.h:

Source/WebKit2:

  • WebProcess/Storage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::storageArea):

  • WebProcess/Storage/StorageNamespaceImpl.h:
12:13 PM Changeset in webkit [189674] by mitz@apple.com
  • 4 edits in trunk/Source/WebKit2

Define HAVE_LINK_PREVIEW in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=149099

Reviewed by Sam Weinig.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/WKImagePreviewViewController.mm:
  • config.h:
10:14 AM WebKitGTK/2.10.x edited by philip.chimento@gmail.com
Clarify [Stable], as discussed on … (diff)
7:02 AM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose r189673 (diff)
7:01 AM Changeset in webkit [189673] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

Webkit Gujarati Translations
https://bugs.webkit.org/show_bug.cgi?id=139530

Unreviewed.

Patch by Ankit Patel <ankit@redhat.com> on 2015-09-13

  • gu.po:

Sep 12, 2015:

11:46 PM Changeset in webkit [189672] by mmaxfield@apple.com
  • 2 edits in trunk/LayoutTests

Another test fix after r189670.

Unreviewed.

  • platform/mac-wk1/TestExpectations:
11:19 PM Changeset in webkit [189671] by mmaxfield@apple.com
  • 2 edits in trunk/LayoutTests

Test fix after r189670.

Unreviewed.

  • platform/mac/TestExpectations:
9:10 PM Changeset in webkit [189670] by mmaxfield@apple.com
  • 5 edits
    8 moves
    5 adds in trunk/LayoutTests

[Cocoa] Add system-language-specific tests
https://bugs.webkit.org/show_bug.cgi?id=148775

Reviewed by Alexey Proskuryakov.

This patch adds (or rewrites) tests to take advantage of our new ability to mock
the system language for testing (https://bugs.webkit.org/show_bug.cgi?id=148671).

It tests these patches:
https://bugs.webkit.org/show_bug.cgi?id=148164
https://bugs.webkit.org/show_bug.cgi?id=147504
https://bugs.webkit.org/show_bug.cgi?id=147862
https://bugs.webkit.org/show_bug.cgi?id=147964

  • fast/text/international/system-language/arabic-glyph-cache-fill-combine-expected.html: Renamed from LayoutTests/fast/text/arabic-glyph-cache-fill-combine-expected.html.
  • fast/text/international/system-language/arabic-glyph-cache-fill-combine.html: Renamed from LayoutTests/fast/text/arabic-glyph-cache-fill-combine.html.
  • fast/text/international/system-language/han-quotes-expected-mismatch.html: Added.
  • fast/text/international/system-language/han-quotes.html: Added.
  • fast/text/international/system-language/hindi-system-font-punctuation-expected.html: Renamed from LayoutTests/fast/text/hindi-system-font-punctuation-expected.html.
  • fast/text/international/system-language/hindi-system-font-punctuation.html: Renamed from LayoutTests/fast/text/hindi-system-font-punctuation.html.
  • fast/text/international/system-language/system-font-punctuation.html: Renamed from LayoutTests/fast/text/system-font-punctuation.html.
  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/fast/text/international/system-language/system-font-punctuation-expected.txt: Renamed from LayoutTests/platform/ios-simulator/fast/text/system-font-punctuation-expected.txt.
  • platform/mac/TestExpectations:
  • platform/mac/fast/text/international/system-language/system-font-punctuation-expected.txt: Renamed from LayoutTests/platform/mac/fast/text/system-font-punctuation-expected.txt.
  • platform/win/TestExpectations:
  • platform/win/fast/text/international/system-language/system-font-punctuation-expected.txt: Renamed from LayoutTests/platform/win/fast/text/system-font-punctuation-expected.txt.
8:47 PM Changeset in webkit [189669] by mmaxfield@apple.com
  • 19 edits
    3 adds in trunk

[Cocoa] Allow testing with the system language
https://bugs.webkit.org/show_bug.cgi?id=148671

Reviewed by Anders Carlsson and Alexey Proskuryakov.

Source/WebKit2:

This patch adds two new SPI functions for setting and retrieving a vector of
override languages to/from the WKContextConfiguration. The implementation of
these functions holds state inside WebProcessPoolConfiguration. Then, when
we launch a process, the WebProcessProxy will inject these override languages
into the ProcessLauncher::LaunchOptions so that the ProcessLauncher can
inject these languages into the XPC Bootstrap message. Then, in the Web
Process's main(), the XPC Boostrap message is read, and the platform
languages are set via NSUserDefaults setting a volatile domain.

  • Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.Development.mm:

(main): Set the volatile domain with NSUserDefaults.

  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::copy):

  • UIProcess/API/APIProcessPoolConfiguration.h: Hold state for the override

languages.

  • UIProcess/API/C/WKContextConfigurationRef.cpp:

(WKContextConfigurationCopyOverrideLanguages): SPI.
(WKContextConfigurationSetOverrideLanguages): Ditto.

  • UIProcess/API/C/WKContextConfigurationRef.h:
  • UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService): Inject the languages into the XPC Bootstrap
message.

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::getLaunchOptions): Inject the override languages
into the ProcessLauncher::LaunchOptions.

Tools:

React to tests marked with language=lang1,lang2,etc in their header.
Once this information is parsed, pass it to
WKContextConfigurationSetOverrideLanguages().

  • WebKitTestRunner/InjectedBundle/mac/InjectedBundleMac.mm:

(WTR::InjectedBundle::platformInitialize): Don't clobber the language
list.

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::createWebViewWithOptions): Call
WKContextConfigurationSetOverrideLanguages().
(WTR::updateTestOptionsFromTestHeader): Inspect the language option.

  • WebKitTestRunner/TestOptions.h:
  • WebKitTestRunner/ios/PlatformWebViewIOS.mm:

(WTR::PlatformWebView::viewSupportsOptions): Cause a differing language
option to restart the web process.

  • WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WTR::PlatformWebView::viewSupportsOptions): Ditto.

LayoutTests:

Add a test for the declarative form of setting the system language.

  • fast/text/international/system-language/declarative-language-expected.txt: Added.
  • fast/text/international/system-language/declarative-language.html: Added.
  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
7:31 PM Changeset in webkit [189668] by mmaxfield@apple.com
  • 16 edits
    1 move in trunk/Tools

[WKTR] Allow changing the WKContextConfiguration between successive tests
https://bugs.webkit.org/show_bug.cgi?id=148833

Reviewed by Tim Horton.

Previously, we were creating a single WKContext and it lived for the life of the entire test runner.
However, there are certain tests which require specifying options in this object. This patch makes
our existing code for recreating the test runner web view also recreate the WKContext.

As such, our options to the view are now options to the WKContextConfiguration. This patch renames the
class.

  • WebKitTestRunner/ContextConfigurationOptions.h: Renamed from Tools/WebKitTestRunner/ViewOptions.h.
  • WebKitTestRunner/PlatformWebView.h:

(WTR::PlatformWebView::options):

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::initialize):
(WTR::TestController::generateContextConfiguration):
(WTR::TestController::generatePageConfiguration):
(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::updateContextConfigurationOptionsFromTestHeader):
(WTR::TestController::contextConfigurationOptionsForTest):
(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):
(WTR::updateViewOptionsFromTestHeader): Deleted.
(WTR::TestController::viewOptionsForTest): Deleted.

  • WebKitTestRunner/TestController.h:

(WTR::TestController::injectedBundlePath):
(WTR::TestController::testPluginDirectory):

  • WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
  • WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):

  • WebKitTestRunner/efl/PlatformWebViewEfl.cpp:

(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):

  • WebKitTestRunner/efl/TestControllerEfl.cpp:

(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

  • WebKitTestRunner/gtk/PlatformWebViewGtk.cpp:

(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):

  • WebKitTestRunner/gtk/TestControllerGtk.cpp:

(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

  • WebKitTestRunner/ios/PlatformWebViewIOS.mm:

(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):

  • WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

  • WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):

  • WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

6:15 PM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose more translation updates (diff)
6:14 PM Changeset in webkit [189667] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

Updated Spanish translation
https://bugs.webkit.org/show_bug.cgi?id=145550

Unreviewed.

Patch by Francisco Serrador <fserrador@gmail.com> on 2015-09-12

  • es.po:
6:11 PM Changeset in webkit [189666] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

Updated Slovenian translation
https://bugs.webkit.org/show_bug.cgi?id=123080

Unreviewed.

Patch by Matej Urbančič <mateju@svn.gnome.org> on 2015-09-12

  • sl.po:
6:08 PM Changeset in webkit [189665] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

Webkit Tamil translations updated
https://bugs.webkit.org/show_bug.cgi?id=139478

Unreviewed.

Patch by Shantha kumar <shkumar@redhat.com> on 2015-09-12

  • ta.po:
4:59 PM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose r189663, r189664 (diff)
4:56 PM Changeset in webkit [189664] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

[l10n] Updated Bulgarian translation
https://bugs.webkit.org/show_bug.cgi?id=142611

Unreviewed.

Patch by Zahari Yurukov <zahari.yurukov@gmail.com> on 2015-09-12

  • bg.po:
4:54 PM Changeset in webkit [189663] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/platform/gtk/po

[l10n] Updated Polish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148475

Unreviewed.

Patch by Piotr Drąg <piotrdrag@gmail.com> on 2015-09-12

  • pl.po:
4:27 PM Changeset in webkit [189662] by Michael Catanzaro
  • 1 edit in trunk/Source/WebCore/platform/gtk/po/ChangeLog

[GTK] [l10n] Updated Turkish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148362

Unreviewed.

Patch by Muhammet Kara <muhammetk@gmail.com> on 2015-09-12

  • tr.po: Added.
4:21 PM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose r189661 (diff)
4:20 PM Changeset in webkit [189661] by Michael Catanzaro
  • 1 edit
    1 add in trunk/Source/WebCore/platform/gtk/po

[GTK] [l10n] Updated Turkish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148362

Unreviewed.

  • tr.po: Added.
2:52 PM Changeset in webkit [189660] by Chris Dumez
  • 15 edits in trunk

window.EventTarget should exist
https://bugs.webkit.org/show_bug.cgi?id=149085
<rdar://problem/22546774>

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/dom/interface-objects-expected.txt:
  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Drop [NoInterfaceObject] for the EventTarget interface to match Chrome,
Firefox and the specification:
https://dom.spec.whatwg.org/#interface-eventtarget

No new tests, already covered by existing tests.

  • dom/EventTarget.idl:

LayoutTests:

Update / rebaseline existing test as window.EventTarget now exists.

  • fast/dom/dom-constructors-expected.txt:
  • fast/dom/dom-constructors.html:
2:49 PM Changeset in webkit [189659] by ap@apple.com
  • 3 edits in trunk/Source/WebKit2

[iOS] Allow UDP networking
https://bugs.webkit.org/show_bug.cgi?id=149081
rdar://problem/22291743

Reviewed by Sam Weinig.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
1:52 PM Changeset in webkit [189658] by fpizlo@apple.com
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

REGRESSION(r189585): run-perf-tests Speedometer fails with a console error
https://bugs.webkit.org/show_bug.cgi?id=149066

Reviewed by Michael Saboff.

The bug here was that the new IC code was calling actionForCell() more than once. That's
illegal, since when actionForCell() returns RetryCacheLater, it means that it changed some
object's Structure. The Repatch code was doing things like "if (actionForCell(blah) ==
AttemptToCache)" in more than one place, so that if the first such expression was false, then
we'd fall through to the next one. It's possible for the first call to return RetryCacheLater,
in which case our view of the world just got clobbered and we need to return, and then the
second call will probably return AttemptToCache because it *thinks* that we had bailed the last
time and we're now in a future IC invocation.

The solution is to cache the actionForCell() result. This is a bit tricky, because we need to
do this after we check if we're in a proxy.

Debugging bugs like these requires adding ad hoc bisection code in various places. We already
had the basic hooks for this. This patch makes those hooks a bit more useful. In the case of
the LLInt->JIT tier-up hooks, it adds a CodeBlock* argument so that we can bisect based on the
CodeBlock. In the case of Repatch, it puts the Options::forceICFailure() check in a helper
function that also takes ExecState*, which allows us to bisect on either CodeBlock or
CodeOrigin.

  • jit/Repatch.cpp:

(JSC::actionForCell):
(JSC::forceICFailure):
(JSC::tryCacheGetByID):
(JSC::tryCachePutByID):
(JSC::tryRepatchIn):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::shouldJIT):
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • tests/stress/retry-cache-later.js:
12:02 PM Changeset in webkit [189657] by commit-queue@webkit.org
  • 5 edits
    2 adds in trunk/Source/WebKit2

Web Inspector: Extract InspectorFrontendAPI dispatching from WebInspectorUI
https://bugs.webkit.org/show_bug.cgi?id=149089

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-12
Reviewed by Brian Burg.

  • CMakeLists.txt:
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/WebPage/WebInspectorFrontendAPIDispatcher.cpp: Added.

(WebKit::WebInspectorFrontendAPIDispatcher::WebInspectorFrontendAPIDispatcher):
(WebKit::WebInspectorFrontendAPIDispatcher::reset):
(WebKit::WebInspectorFrontendAPIDispatcher::frontendLoaded):
(WebKit::WebInspectorFrontendAPIDispatcher::dispatchCommand):
(WebKit::WebInspectorFrontendAPIDispatcher::dispatchMessageAsync):
(WebKit::WebInspectorFrontendAPIDispatcher::evaluateExpressionOnLoad):

  • WebProcess/WebPage/WebInspectorFrontendAPIDispatcher.h: Added.
  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::WebInspectorUI):
(WebKit::WebInspectorUI::establishConnection):
(WebKit::WebInspectorUI::frontendLoaded):
(WebKit::WebInspectorUI::setDockSide):
(WebKit::WebInspectorUI::setDockingUnavailable):
(WebKit::WebInspectorUI::showConsole):
(WebKit::WebInspectorUI::showResources):
(WebKit::WebInspectorUI::showMainResourceForFrame):
(WebKit::WebInspectorUI::startPageProfiling):
(WebKit::WebInspectorUI::stopPageProfiling):
(WebKit::WebInspectorUI::didSave):
(WebKit::WebInspectorUI::didAppend):
(WebKit::WebInspectorUI::sendMessageToFrontend):
(WebKit::WebInspectorUI::evaluateCommandOnLoad): Deleted.
(WebKit::WebInspectorUI::evaluateExpressionOnLoad): Deleted.
(WebKit::WebInspectorUI::evaluatePendingExpressions): Deleted.

  • WebProcess/WebPage/WebInspectorUI.h:

(WebKit::WebInspectorUI::evaluateCommandOnLoad): Deleted.

11:53 AM Changeset in webkit [189656] by ap@apple.com
  • 1 edit
    2 adds
    1 delete in branches/safari-601-branch/LayoutTests

Re-add Mavericks result with the correct path.

  • platform/mac-mavericks/platform/mac/accessibility: Added.
  • platform/mac-mavericks/platform/mac/accessibility/selection-sync-expected.txt: Added.
  • platform/mac-mavericks/platform/mac/accessibilityselection-sync-expected.txt: Removed.
11:31 AM Changeset in webkit [189655] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

Web Inspector: Move Already Generic Inspector Page Context Menu to Generic Setup
https://bugs.webkit.org/show_bug.cgi?id=149088

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-12
Reviewed by Brian Burg.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::getContextMenuFromProposedMenu):
(WebKit::WebInspectorProxy::eagerlyCreateInspectorPage):

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::getContextMenuFromProposedMenu): Deleted.
(WebKit::WebInspectorProxy::platformCreateInspectorPage):

10:44 AM Changeset in webkit [189654] by BJ Burg
  • 24 edits in trunk/Source

Web Inspector: disambiguate inspected/frontend controllers and pages in backend code
https://bugs.webkit.org/show_bug.cgi?id=149071

Reviewed by Joseph Pecoraro.

Source/WebCore:

Be consistent about prefixing pages, inspector controllers, and window controllers
with either "frontend" or "inspected", as appropriate. This change makes obvious some bugs
in the frontend connection code, which are tracked by https://webkit.org/b/149006.

No new tests, no behavior change.

  • WebCore.order:
  • inspector/InspectorClient.h:
  • inspector/InspectorController.cpp:

(WebCore::InspectorController::inspectedPageDestroyed):
(WebCore::InspectorController::show):
(WebCore::InspectorController::close):

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::InspectorFrontendClientLocal):
(WebCore::InspectorFrontendClientLocal::~InspectorFrontendClientLocal):
(WebCore::InspectorFrontendClientLocal::canAttachWindow):
(WebCore::InspectorFrontendClientLocal::changeAttachedWindowHeight):
(WebCore::InspectorFrontendClientLocal::changeAttachedWindowWidth):
(WebCore::InspectorFrontendClientLocal::openInNewTab):
(WebCore::InspectorFrontendClientLocal::restoreAttachedWindowHeight):
(WebCore::InspectorFrontendClientLocal::showMainResourceForFrame):
(WebCore::InspectorFrontendClientLocal::isUnderTest):

  • inspector/InspectorFrontendClientLocal.h:
  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::freePage):

  • loader/EmptyClients.h:

Source/WebKit/ios:

  • WebCoreSupport/WebInspectorClientIOS.mm:

(WebInspectorClient::WebInspectorClient):
(WebInspectorClient::inspectedPageDestroyed): Renamed.
(WebInspectorClient::openLocalFrontend): Renamed.
(WebInspectorClient::closeLocalFrontend): Renamed.
(WebInspectorClient::inspectorDestroyed): Deleted.
(WebInspectorClient::openInspectorFrontend): Deleted.
(WebInspectorClient::closeInspectorFrontend): Deleted.
(WebInspectorClient::showInspectorIndication):
(WebInspectorClient::hideInspectorIndication):
(WebInspectorClient::didSetSearchingForNode):
(WebInspectorFrontendClient::WebInspectorFrontendClient):

Source/WebKit/mac:

Be consistent about prefixing pages, inspector controllers, and window controllers
with either "frontend" or "inspected", as appropriate. This change makes obvious some bugs
in the frontend connection code, which are tracked by https://webkit.org/b/149006.

  • WebCoreSupport/WebInspectorClient.h:
  • WebCoreSupport/WebInspectorClient.mm:

(WebInspectorClient::WebInspectorClient): Renamed.
(WebInspectorClient::inspectedPageDestroyed): Renamed.
(WebInspectorClient::openLocalFrontend): Renamed.
(WebInspectorClient::closeLocalFrontend): Renamed.
(WebInspectorClient::didSetSearchingForNode):
(WebInspectorFrontendClient::WebInspectorFrontendClient):
(WebInspectorFrontendClient::attachAvailabilityChanged):
(WebInspectorFrontendClient::canAttach):
(WebInspectorFrontendClient::frontendLoaded):
(WebInspectorFrontendClient::startWindowDrag):
(WebInspectorFrontendClient::bringToFront):
(WebInspectorFrontendClient::closeWindow):
(WebInspectorFrontendClient::disconnectFromBackend):
(WebInspectorFrontendClient::attachWindow):
(WebInspectorFrontendClient::detachWindow):
(WebInspectorFrontendClient::setAttachedWindowHeight):
(WebInspectorFrontendClient::setToolbarHeight):
(WebInspectorFrontendClient::updateWindowTitle):
(WebInspectorFrontendClient::save):
(WebInspectorFrontendClient::append):
(-[WebInspectorWindowController init]):
(-[WebInspectorWindowController initWithInspectedWebView:isUnderTest:]):
(-[WebInspectorWindowController dealloc]):
(-[WebInspectorWindowController frontendWebView]):
(-[WebInspectorWindowController close]):
(-[WebInspectorWindowController showWindow:]):
(-[WebInspectorWindowController setAttachedWindowHeight:]):
(-[WebInspectorWindowController destroyInspectorView]):
(-[WebInspectorWindowController webView:runOpenPanelForFileButtonWithResultListener:allowMultipleFiles:]):
(WebInspectorClient::inspectorDestroyed): Deleted.
(WebInspectorClient::openInspectorFrontend): Deleted.
(WebInspectorClient::closeInspectorFrontend): Deleted.
(-[WebInspectorWindowController webView]): Deleted.

  • WebInspector/WebInspector.h:
  • WebInspector/WebInspector.mm:

(-initWithInspectedWebView:): Renamed.
(-inspectedWebViewClosed): Renamed.
(-showWindow):
(-close:):
(-evaluateInFrontend:script:):
(-releaseFrontend):
(-initWithWebView:): Deleted.
(-webViewClosed): Deleted.

  • WebView/WebView.mm:

(-[WebView _close]):
(-[WebView inspector]):

Source/WebKit/win:

Be consistent about prefixing pages, inspector controllers, and window controllers
with either "frontend" or "inspected", as appropriate. This change makes obvious some bugs
in the frontend connection code, which are tracked by https://webkit.org/b/149006.

  • WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorClient::inspectedPageDestroyed): Renamed.
(WebInspectorClient::openLocalFrontend): Renamed.
(WebInspectorClient::closeLocalFrontend): Renamed.
(WebInspectorClient::inspectorDestroyed): Deleted.
(WebInspectorClient::openInspectorFrontend): Deleted.
(WebInspectorClient::closeInspectorFrontend): Deleted.

(WebInspector::createInstance):
(WebInspector::WebInspector):
(WebInspector::inspectedWebViewClosed): Renamed.
(WebInspector::show):
(WebInspector::close):
(WebInspector::isJavaScriptProfilingEnabled):
(WebInspector::setJavaScriptProfilingEnabled):
(WebInspector::evaluateInFrontend):
(WebInspector::webViewClosed): Deleted.

(WebView::close):

Source/WebKit2:

  • WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::inspectedPageDestroyed): Renamed.
(WebKit::WebInspectorClient::openLocalFrontend): Renamed.
(WebKit::WebInspectorClient::closeLocalFrontend): Renamed.
(WebKit::WebInspectorClient::inspectorDestroyed): Deleted.
(WebKit::WebInspectorClient::openInspectorFrontend): Deleted.
(WebKit::WebInspectorClient::closeInspectorFrontend): Deleted.

  • WebProcess/WebCoreSupport/WebInspectorClient.h:
10:33 AM Changeset in webkit [189653] by Chris Dumez
  • 7 edits in trunk

ChildNode.replaceWith() without argument should replace the node with an empty DocumentFragment
https://bugs.webkit.org/show_bug.cgi?id=149073
<rdar://problem/22547801>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

  • web-platform-tests/dom/nodes/ChildNode-replaceWith-expected.txt:

Source/WebCore:

ChildNode.replaceWith() without argument should replace the node with
an empty DocumentFragment, as per the specification:
https://dom.spec.whatwg.org/#dom-childnode-replacewith
https://dom.spec.whatwg.org/#converting-nodes-into-a-node

Previously, WebKit did not do anything in this case. This patch fixes
it.

No new tests, already covered by existing test.

  • dom/Node.cpp:

(WebCore::Node::replaceWith):

LayoutTests:

Fix / rebaseline test now that our behavior has changed.

  • fast/dom/ChildNode-replaceWith-expected.txt:
  • fast/dom/ChildNode-replaceWith.html:
8:58 AM Changeset in webkit [189652] by ap@apple.com
  • 9 edits
    1 copy in branches/safari-601-branch/LayoutTests

Roll out r189649, and just have custom results for Mavericks instead.

  • platform/mac-mavericks/platform/mac/accessibilityselection-sync-expected.txt: Copied from LayoutTests/platform/mac/accessibility/selection-sync-expected.txt.
  • platform/mac/accessibility/removing-textarea-after-edit-crash-expected.txt:
  • platform/mac/accessibility/removing-textarea-after-edit-crash.html:
  • platform/mac/accessibility/select-element-selection-with-optgroups.html:
  • platform/mac/accessibility/selected-rows-table.html:
  • platform/mac/accessibility/selection-notification-focus-change.html:
  • platform/mac/accessibility/selection-sync-expected.txt:
  • platform/mac/accessibility/selection-sync.html:
  • platform/mac/accessibility/setting-attributes-is-asynchronous.html:
1:47 AM Changeset in webkit [189651] by Gyuyoung Kim
  • 12 edits in trunk/Source

Remove all uses of PassRefPtr in WebCore/plugins
https://bugs.webkit.org/show_bug.cgi?id=149055

Reviewed by Darin Adler.

  • plugins/DOMMimeType.cpp:

(WebCore::DOMMimeType::DOMMimeType):
(WebCore::DOMMimeType::enabledPlugin):

  • plugins/DOMMimeType.h:

(WebCore::DOMMimeType::create):

  • plugins/DOMMimeTypeArray.cpp:

(WebCore::DOMMimeTypeArray::item):

  • plugins/DOMMimeTypeArray.h:
  • plugins/DOMPlugin.cpp:

(WebCore::DOMPlugin::item):

  • plugins/DOMPlugin.h:
  • plugins/DOMPluginArray.cpp:

(WebCore::DOMPluginArray::item):

  • plugins/DOMPluginArray.h:
  • plugins/PluginViewBase.h:

(WebCore::PluginViewBase::bindingInstance):

1:45 AM Changeset in webkit [189650] by Gyuyoung Kim
  • 11 edits in trunk/Source/WebCore

Remove all uses of PassRefPtr in WebCore/accessibility and WebCore/fileapi
https://bugs.webkit.org/show_bug.cgi?id=149059

Reviewed by Darin Adler.

  • accessibility/AXObjectCache.cpp:
  • accessibility/AccessibilityObject.cpp:

(WebCore::rangeClosestToRange):
(WebCore::AccessibilityObject::rangeOfStringClosestToRangeInDirection):
(WebCore::AccessibilityObject::selectionRange):
(WebCore::AccessibilityObject::selectText):

  • accessibility/AccessibilityObject.h:
  • accessibility/ios/AXObjectCacheIOS.mm:
  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _convertToDOMRange:]):
(-[WebAccessibilityObjectWrapper textMarkerForPosition:]):

  • accessibility/mac/AXObjectCacheMac.mm:
  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper _textMarkerForIndex:]):

  • fileapi/FileList.h:

(WebCore::FileList::append):

  • fileapi/WebKitBlobBuilder.cpp:

(WebCore::BlobBuilder::append):

  • fileapi/WebKitBlobBuilder.h:

Sep 11, 2015:

11:02 PM Changeset in webkit [189649] by ap@apple.com
  • 8 edits in branches/safari-601-branch/LayoutTests

Merge r189221.

2015-09-01 Alexey Proskuryakov <ap@apple.com>

Clean up asynchronous behavior in some accessibility tests
https://bugs.webkit.org/show_bug.cgi?id=148682

Reviewed by Darin Adler.

  • platform/mac/accessibility/removing-textarea-after-edit-crash-expected.txt:
  • platform/mac/accessibility/removing-textarea-after-edit-crash.html:
  • platform/mac/accessibility/select-element-selection-with-optgroups.html:
  • platform/mac/accessibility/selected-rows-table.html:
  • platform/mac/accessibility/selection-notification-focus-change.html:
  • platform/mac/accessibility/selection-sync-expected.txt:
  • platform/mac/accessibility/selection-sync.html:
  • platform/mac/accessibility/setting-attributes-is-asynchronous.html:
10:28 PM Changeset in webkit [189648] by ap@apple.com
  • 2 edits in branches/safari-601-branch/LayoutTests

Update Mavericks test results after r189611.

This change wasn't needed on trunk because the behavior changed was masked by r189221.

  • platform/mac/accessibility/selection-sync-expected.txt:
9:47 PM Changeset in webkit [189647] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark http/tests/cache/disk-cache/disk-cache-cancel.html as flaky for
https://bugs.webkit.org/show_bug.cgi?id=149087

  • platform/wk2/TestExpectations:
6:51 PM Changeset in webkit [189646] by commit-queue@webkit.org
  • 23 edits
    2 adds in trunk

SVGColor custom text format is different from the CSS color custom text format
https://bugs.webkit.org/show_bug.cgi?id=148879

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-09-11
Reviewed by Daniel Bates.

Source/WebCore:

Implement the serialization of a CSS color value as it is described in
<https://drafts.csswg.org/cssom/#serializing-css-values>. Add the new
function Color::cssText() which is refactored from the existing function
Color::serialized(). Use the new function for serializing the SVGColor
always and also for Color but only when the alpha component is not 1.

Test: svg/css/computed-style-rgb-color.html

  • css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText): Move the code
for serializing the color from this function to Color::cssText().

  • platform/graphics/Color.cpp:

(WebCore::Color::serialized): Call Color::cssText() if the alpha component
is not 1 and delete the repeated code.

(WebCore::Color::cssText):

  • platform/graphics/Color.h: Add the new function to the header file.
  • svg/SVGColor.cpp:

(WebCore::SVGColor::customCSSText): Call Color::cssText() always instead
of calling Color::serialized() for serializing the SVGColor.

LayoutTests:

  • fast/css/getComputedStyle/computed-style-expected.txt:
  • fast/css/getComputedStyle/computed-style-without-renderer-expected.txt:
  • fast/css/parse-color-int-or-percent-crash.html:
  • platform/mac/svg/webarchive/svg-script-subresouces-expected.txt:
  • svg/css/case-sensitive-tags-expected.txt:
  • svg/css/case-sensitive-tags.html:
  • svg/css/getComputedStyle-basic-expected.txt:
  • svg/css/script-tests/svg-attribute-parser-mode.js:
  • svg/css/svg-attribute-parser-mode-expected.txt:
  • svg/dom/SVGColor-expected.txt:
  • svg/dom/SVGPaint-expected.txt:
  • svg/dom/SVGStyleElement/disable-svg-style-element-expected.txt:
  • svg/dom/SVGStyleElement/script-tests/disable-svg-style-element.js:
  • svg/dom/script-tests/SVGColor.js:
  • svg/dom/script-tests/SVGPaint.js:
  • svg/webarchive/svg-script-subresouces-expected.webarchive:
  • transitions/svg-transitions-expected.txt:

Fix expected results for existing tests

  • svg/css/computed-style-rgb-color-expected.txt: Added.
  • svg/css/computed-style-rgb-color.html: Added.

Ensure that the correct format is returned when getComputedStyle() is
called for an SVG color.

5:57 PM Changeset in webkit [189645] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

Implement the relational instructions for floats in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149080

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-11
Reviewed by Geoffrey Garen.

This patch implements the relational instructions for floats (float32)
in WebAssembly by converting float operands to doubles and then
comparing them using the existing double comparison instructions in the
macro assembler.

  • tests/stress/wasm-relational.js:
  • tests/stress/wasm/relational.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildRelationalF32):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseRelationalF32ExpressionI32):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildRelationalF32):

5:53 PM Changeset in webkit [189644] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

5:49 PM Changeset in webkit [189643] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

5:47 PM Changeset in webkit [189642] by commit-queue@webkit.org
  • 15 edits
    4 adds in trunk

AX: ARIA 1.1 @aria-current
https://bugs.webkit.org/show_bug.cgi?id=146012

Patch by Nan Wang <n_wang@apple.com> on 2015-09-11
Reviewed by Chris Fleizach.

Source/JavaScriptCore:

Updated inspector to support aria-current.

  • inspector/protocol/DOM.json:

Source/WebCore:

Tests: accessibility/aria-current.html

inspector/dom/getAccessibilityPropertiesForNode_ariaCurrent.html

Added support for ARIA 1.1 aria-current.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::invalidStatus):
(WebCore::AccessibilityObject::ariaCurrentState):
(WebCore::AccessibilityObject::hasTagName):

  • accessibility/AccessibilityObject.h:
  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

  • html/HTMLAttributeNames.in:
  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

Source/WebInspectorUI:

Added support for ARIA 1.1 aria-current.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Models/DOMNode.js:
  • UserInterface/Views/DOMNodeDetailsSidebarPanel.js:

LayoutTests:

  • accessibility/aria-current-expected.txt: Added.
  • accessibility/aria-current.html: Added.
  • inspector/dom/getAccessibilityPropertiesForNode_ariaCurrent-expected.txt: Added.
  • inspector/dom/getAccessibilityPropertiesForNode_ariaCurrent.html: Added.
  • platform/gtk/TestExpectations:
  • platform/win/TestExpectations:
5:38 PM Changeset in webkit [189641] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.46.23

New tag.

5:38 PM Changeset in webkit [189640] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.2.4

New tag.

5:15 PM Changeset in webkit [189639] by msaboff@apple.com
  • 2 edits in trunk/Tools

LayoutTestHelper crashes if a color profile isn't set for a 3rd party monitor
https://bugs.webkit.org/show_bug.cgi?id=149083

Reviewed by Alexey Proskuryakov.

Check to make sure that we have a valid factoryProfile CFDictionaryRef before using it.

  • DumpRenderTree/mac/LayoutTestHelper.m:

(colorProfileURLForDisplay):

4:55 PM Changeset in webkit [189638] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overridesexpires.html as flaky for
https://bugs.webkit.org/show_bug.cgi?id=149082

4:05 PM Changeset in webkit [189637] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Another build fix.

  • UIProcess/mac/ViewSnapshotStore.h:

(WebKit::ViewSnapshot::size):
(WebKit::ViewSnapshot::imageSizeInBytes):

3:52 PM Changeset in webkit [189636] by Dewei Zhu
  • 2 edits in trunk/LayoutTests

Update test for bug 148971
https://bugs.webkit.org/show_bug.cgi?id=149076

Reviewed by Chris Dumez.

  • platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Updated.
3:31 PM Changeset in webkit [189635] by Beth Dakin
  • 4 edits in trunk/Source/WebKit2

Still need view snapshotting code for non-IOSurface for the sim
https://bugs.webkit.org/show_bug.cgi?id=149077

Reviewed by Tim Horton.

This fixes the simulator build.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _takeViewSnapshot]):
(-[WKWebView _zoomToPoint:atScale:animated:]):

  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::beginSwipeGesture):
(WebKit::ViewGestureController::removeSwipeSnapshot):

  • UIProcess/mac/ViewSnapshotStore.h:

(WebKit::ViewSnapshot::setDeviceScaleFactor):
(WebKit::ViewSnapshot::deviceScaleFactor):
(WebKit::ViewSnapshot::surface):
(WebKit::ViewSnapshot::imageSizeInBytes):
(WebKit::ViewSnapshot::size):

  • UIProcess/mac/ViewSnapshotStore.mm:

(WebKit::ViewSnapshotStore::singleton):
(WebKit::ViewSnapshotStore::snapshottingContext):
(WebKit::ViewSnapshotStore::didAddImageToSnapshot):
(WebKit::ViewSnapshotStore::discardSnapshotImages):
(WebKit::ViewSnapshot::create):
(WebKit::ViewSnapshot::ViewSnapshot):
(WebKit::ViewSnapshot::~ViewSnapshot):
(WebKit::ViewSnapshot::setSurface):
(WebKit::ViewSnapshot::hasImage):
(WebKit::ViewSnapshot::clearImage):
(WebKit::ViewSnapshot::asLayerContents):

2:40 PM Changeset in webkit [189634] by Sukolsak Sakshuwong
  • 1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Unreviewed, moved myself to the list of committers.

  • Scripts/webkitpy/common/config/contributors.json:
2:34 PM Changeset in webkit [189633] by keith_miller@apple.com
  • 3 edits
    1 add in trunk/Source/WTF

cryptographicallyRandomValuesFromOS should use CCRandomCopyBytes when available.
https://bugs.webkit.org/show_bug.cgi?id=148439

Reviewed by Alexey Proskuryakov.

Recently, we switched to using arc4random_buf on Darwin but further research indicates that
arc4random_buf has the same behavior we had before and thus we were just pushing the problem
further down the stack. CCRandomCopyBytes, however, appears to be more advanced and has much
better error handling than we had before.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/OSRandomSource.cpp:

(WTF::cryptographicallyRandomValuesFromOS):

  • wtf/spi/darwin/CommonCryptoSPI.h: Added.
2:33 PM Changeset in webkit [189632] by Chris Dumez
  • 28 edits
    2 adds
    4 deletes in trunk

DOMTokenList update steps for classList don't follow the spec
https://bugs.webkit.org/show_bug.cgi?id=148589
<rdar://problem/22547443>

Reviewed by Ryosuke Niwa and Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C tests for DOMTokenList now that more checks are passing.

  • web-platform-tests/dom/lists/DOMTokenList-stringifier-expected.txt:
  • web-platform-tests/dom/nodes/Element-classlist-expected.txt:

Source/WebCore:

Update our DOMTokenList implementation to behave according to
the latest DOM specification:
https://dom.spec.whatwg.org/#interface-domtokenlist

In particular, the following changes were made:

  • The stringifier now returns the result of the ordered set serializer for tokens. This means that we drop duplicate spaces and extra spaces [1][2][3].
  • DOMSettableTokenList.value now returns the result of the ordered set serializer for tokens [4] as well.
  • When the DOMTokenList's tokens are updated and there is an associated Element attribute, we set the attribute value to be the the ordered set serializer for tokens. This is according to the DOMTokenList update steps in the specification [6]. Chrome does not match the specification either.

Edge browser behaves according to the specification already. Firefox was
implementing this via [7] but no recent progress. This makes the JS API
nicer to use and interest was shown by jQuery Team.

The following refactoring was done:

  • Merge ClassList / RelList into a single AttributeDOMTokenList class as their code is mostly duplicated and the only thing that changes is which attribute is associated (class vs rel). AttributeDOMTokenList now keeps the attribute name as a member so it could be used for any attribute. AttributeDOMTokenList overrides DOMTokenList's updateAfterTokenChange() to do update the attribute's value as per [6].
  • We no longer use a SpaceSplitString for the internal representation as we need to sanitize the tokens (drop duplicates and extra spaces). DOMTokenList now has an internal Vector<AtomicString> containing the tokens that is constructed from the algorithm in [2]. As a result, most of the logic is now in DOMTokenList instead of its subclasses which means that most methods are no longer virtual. We only have one virtual function named updateAfterTokenChange() to do the update steps as AttributeDOMTokenList needs to update the associated attribute.

This change does not seem to impact Dromaeo.

[1] https://dom.spec.whatwg.org/#concept-ordered-set-serializer
[2] https://dom.spec.whatwg.org/#ordered%20sets
[3] https://dom.spec.whatwg.org/#stringification-behavior
[4] https://dom.spec.whatwg.org/#dom-domsettabletokenlist-value
[5] https://dom.spec.whatwg.org/#dom-domtokenlist-contains (step 2)
[6] https://dom.spec.whatwg.org/#concept-DTL-update
[7] https://bugzilla.mozilla.org/show_bug.cgi?id=869788

No new tests, already covered by existing tests.

  • dom/Element.cpp:

(WebCore::Element::classAttributeChanged):
When the class attribute changes, make sure to update the associated
classList if there is one. We could do this lazily if it turns out
to be a performance problem. However, chances are this is not as
classList is rarely used and we only need to update the classList if
it was ever accessed by JS for this Element.

(WebCore::Element::insertedInto):
Drop call to clearClassListValueForQuirksMode() as we no longer need
to maintain a separate SpaceSplitString for classes when in quirks
mode. This is because AttributeDOMTokenList now has its own Vector
of classes in their original cases. It therefore no longer relies on
Element::classNames() which has its case folded when in quirks mode.

(WebCore::Element::classList):
Return a AttributeDOMTokenList instead of a ClassList.

  • html/AttributeDOMTokenList.h: Added.
  • html/AttributeDOMTokenList.cpp: Added.

(WebCore::AttributeDOMTokenList::AttributeDOMTokenList):
Call DOMTokenList::setValue() using the attribute's value so that
DOMTokenList can initialize its token Vector.

(WebCore::AttributeDOMTokenList::attributeValueChanged):
If the attribute value was changed by somebody else that the
AttributeDOMTokenList, call DOMTokenList::setValue() so that it
can update its token Vector.

(WebCore::AttributeDOMTokenList::updateAfterTokenChange):
This is called whenever the token Vector is changed via JS. In
this case, we update the associated attribute's value.

  • html/ClassList.cpp: Removed.
  • html/ClassList.h: Removed.

Now merged into AttributeDOMTokenList.

  • html/DOMSettableTokenList.cpp:
  • html/DOMSettableTokenList.h:

Get rid of most of the code as most of the logic is now in
DOMTokenList parent class.

  • html/DOMTokenList.cpp:

(WebCore::DOMTokenList::validateToken):
Use a String parameter instead of an AtomicString as this method does
not need the input the be an AtomicString. This avoid atomizing
String unnecessarily.

(WebCore::DOMTokenList::validateTokens):
Use a modern loop.

(WebCore::DOMTokenList::contains):
No longer use containsInternal() virtual function. We can now check
the internal token Vector.

(WebCore::DOMTokenList::add):
Now update the internal Vector. Use a modern loop and try to minimize
Vector capacity reallocation.

(WebCore::DOMTokenList::remove):
Now update the internal Vector.

(WebCore::DOMTokenList::toggle):
Now update the internal Vector and refactor the code so that it is
structured exactly as the algorithm in the specification for
clarity.

(WebCore::DOMTokenList::value):
Now return the result of the ordered set serializer for tokens. This
method is used for:

  • The DOMSettableTokenList.value() getter
  • The DOMTokenList stringifier
  • As attribute value when updating the associated attribute in AttributeDOMTokenList.

(WebCore::DOMTokenList::setValue):
Update the internal Vector using the algorithm in [2].

  • html/DOMTokenList.h:

(WebCore::DOMTokenList::length):
No longer virtual, now returns the size of the internal token Vector.

(WebCore::DOMTokenList::item):
No longer virtual, now returns the token at the given index in the
internal Vector.

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::relList):
Now return a AttributeDOMTokenList.

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::relList):
Now return a AttributeDOMTokenList.

  • html/RelList.cpp: Removed.
  • html/RelList.h: Removed.

Now merged into AttributeDOMTokenList.

LayoutTests:

Update / rebaseline existing tests as our behavior changed.

  • fast/dom/HTMLElement/class-list-expected.txt:
  • fast/dom/HTMLElement/class-list-quirks-expected.txt:
  • fast/dom/HTMLElement/script-tests/class-list.js:
  • fast/dom/HTMLOutputElement/dom-settable-token-list-expected.txt:
  • fast/dom/HTMLOutputElement/htmloutputelement-expected.txt:
  • fast/dom/HTMLOutputElement/htmloutputelement.html:
  • fast/dom/HTMLOutputElement/script-tests/dom-settable-token-list.js:
  • fast/dom/rel-list-expected.txt:
  • fast/dom/rel-list.html:
2:28 PM Changeset in webkit [189631] by achristensen@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed gardening to make Windows bot green.

  • platform/win/TestExpectations:

imported/w3c/web-platform-tests/html/dom/interfaces.html is newly imported and fails on Windows.

2:28 PM Changeset in webkit [189630] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Build fix

  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::beginSwipeGesture):
(WebKit::ViewGestureController::removeSwipeSnapshot):

2:26 PM Changeset in webkit [189629] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark svg/animations/svgboolean-animation-1 as flaky for
https://bugs.webkit.org/show_bug.cgi?id=149072

2:24 PM Changeset in webkit [189628] by Beth Dakin
  • 4 edits in trunk/Source/WebKit2

Should use CARenderServerRenderLayerWithTransform for snapshots on iOS
https://bugs.webkit.org/show_bug.cgi?id=149069
-and corresponding-
rdar://problem/19726953

Reviewed by Tim Horton.

This will let us own the backing IOSurface, which will let us share more code
with Mac.

Use CARenderServerRenderLayerWithTransform

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _takeViewSnapshot]):
(-[WKWebView _zoomToPoint:atScale:animated:]):

We can eliminate things needed for the slot-based API.

  • UIProcess/mac/ViewSnapshotStore.h:

(WebKit::ViewSnapshot::setDeviceScaleFactor):
(WebKit::ViewSnapshot::deviceScaleFactor):
(WebKit::ViewSnapshot::surface):
(WebKit::ViewSnapshot::imageSizeInBytes):
(WebKit::ViewSnapshot::size):

  • UIProcess/mac/ViewSnapshotStore.mm:

(WebKit::ViewSnapshotStore::singleton):
(WebKit::ViewSnapshotStore::didAddImageToSnapshot):
(WebKit::ViewSnapshotStore::discardSnapshotImages):
(WebKit::ViewSnapshot::create):
(WebKit::ViewSnapshot::ViewSnapshot):
(WebKit::ViewSnapshot::~ViewSnapshot):
(WebKit::ViewSnapshot::setSurface):
(WebKit::ViewSnapshot::hasImage):
(WebKit::ViewSnapshot::clearImage):
(WebKit::ViewSnapshot::asLayerContents):
(WebKit::ViewSnapshotStore::snapshottingContext): Deleted.

2:23 PM Changeset in webkit [189627] by Sukolsak Sakshuwong
  • 1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Unreviewed, added myself to the list of contributors.

  • Scripts/webkitpy/common/config/contributors.json:
11:59 AM Changeset in webkit [189626] by timothy_horton@apple.com
  • 2 edits in trunk/LayoutTests

fast/hidpi/image-set-without-specified-width.html flakily tries to install multiple callbacks for the same event
https://bugs.webkit.org/show_bug.cgi?id=149067

Reviewed by Alexey Proskuryakov.

  • fast/hidpi/image-set-without-specified-width.html:

Wait until we've successfully set the deviceScaleFactor
before reloading the page; otherwise, we can end up trying to set it
again after the reload (and depending on how long it takes the callback
to return, again, and again, and again...)

11:44 AM Changeset in webkit [189625] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

There should be a defaultSpotCheck-like mode that doesn't run the MaximalFlushInsertionPhase in run-jsc-stress-tests
https://bugs.webkit.org/show_bug.cgi?id=149058

Patch by Saam barati <sbarati@apple.com> on 2015-09-11
Reviewed by Geoffrey Garen.

  • Scripts/run-jsc-stress-tests:
11:40 AM Changeset in webkit [189624] by commit-queue@webkit.org
  • 12 edits
    2 adds in trunk/Source/JavaScriptCore

Add initial support for floats in WebAsssembly
https://bugs.webkit.org/show_bug.cgi?id=149062

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-11
Reviewed by Geoffrey Garen.

Implement the ConstantPoolIndex, Immediate, GetLocal, and GetGlobal
instructions for floats (float32) in WebAssembly.

  • tests/stress/wasm-arithmetic-float32.js: Added.

(shouldBe):

  • tests/stress/wasm-globals.js:
  • tests/stress/wasm-type-conversion.js:
  • tests/stress/wasm/arithmetic-float32.wasm: Added.
  • tests/stress/wasm/globals.wasm:
  • tests/stress/wasm/type-conversion.wasm:
  • wasm/WASMConstants.h:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildSetLocal):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::buildImmediateF32):
(JSC::WASMFunctionCompiler::buildGetLocal):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpression):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseConstantPoolIndexExpressionF32):
(JSC::WASMFunctionParser::parseImmediateExpressionF32):
(JSC::WASMFunctionParser::parseGetLocalExpressionF32):
(JSC::WASMFunctionParser::parseGetGlobalExpressionF32):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildImmediateF32):

  • wasm/WASMReader.cpp:

(JSC::WASMReader::readOpExpressionF32):

  • wasm/WASMReader.h:
10:35 AM Changeset in webkit [189623] by ggaren@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

2015-09-11 Geoffrey Garen <ggaren@apple.com>

Try to fix the CLOOP build.

Unreviewed.

  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::finalizeBaselineJITInlineCaches): (JSC::CodeBlock::finalizeUnconditionally):
9:56 AM Changeset in webkit [189622] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

[EFL] Fix WASM build
https://bugs.webkit.org/show_bug.cgi?id=149065

Reviewed by Darin Adler.

  • wasm/WASMFunctionParser.cpp:
9:21 AM Changeset in webkit [189621] by ap@apple.com
  • 2 edits in trunk/LayoutTests

El Capitan test result gardening.

  • platform/mac/TestExpectations: Remove a test that should pass now.
9:08 AM Changeset in webkit [189620] by ggaren@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

JavaScriptCore should discard optimized code after some time
https://bugs.webkit.org/show_bug.cgi?id=149048

Reviewed by Michael Saboff.

This patch adds a new jettison type -- JettisonDueToOldAge -- and starts
using it for DFG and FTL code. Baseline and LLInt code will come in a
follow-up patch.

The primary goal is to save memory. Some popular websites leave about 10MB
of dead code sitting around immediately after they finish loading.

Throwing away code periodically might also save us from profiling
pathologies that lead to performance dead ends.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::visitAggregate): Updated for rename, and removed a
stale comment.

(JSC::CodeBlock::shouldVisitStrongly): Renamed to shouldVisitStrongly
because the practical effect of this function is to trigger a call to
visitStrongly.

(JSC::CodeBlock::isKnownToBeLiveDuringGC): Check the
m_visitStronglyHasBeenCalled flag instead of
shouldImmediatelyAssumeLivenessDuringScan / shouldVisitStrongly because
m_visitStronglyHasBeenCalled can be set by anybody even if the CodeBlock
would not otherwise visit itself strongly.

(JSC::CodeBlock::shouldJettisonDueToWeakReference): New helper function
for readability.

(JSC::CodeBlock::shouldJettisonDueToOldAge): New helper function that
tells if a CodeBlock is old enough for deletion.

(JSC::CodeBlock::determineLiveness): There's no need to check
shouldImmediatelyAssumeLivenessDuringScan here because we will not call
this function if shouldImmediatelyAssumeLivenessDuringScan is true.
Also, it's just not clear -- if someone chooses to call this function --
that it would be safe to ignore them simply because
shouldImmediatelyAssumeLivenessDuringScan was true.

(JSC::CodeBlock::finalizeLLIntInlineCaches): Moved code out into a helper
function to make the main function more readable.

(JSC::CodeBlock::finalizeBaselineJITInlineCaches): Ditto.

(JSC::CodeBlock::finalizeUnconditionally): Added code for jettisoning a
CodeBlock if it is too old. Moved large sections of code into helper
functions to aid readability in this function.

(JSC::CodeBlock::jettison): Account for the fact that we might jettison
a CodeBlock without OSR exit and without requiring a stack shoot-down.

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::setInstallTime):
(JSC::CodeBlock::timeSinceInstall): Track CodeBlock age to help us
decide when to delete.

  • jit/JITCode.h:

(JSC::JITCode::timeToLive): Static limits on CodeBlock lifetime. I got
these numbers from the place where numbers come from.

  • profiler/ProfilerJettisonReason.cpp:

(WTF::printInternal):

  • profiler/ProfilerJettisonReason.h: Updated for new jettison type.
  • runtime/Executable.cpp:

(JSC::ScriptExecutable::installCode): Record install time so that we
can measure how old a CodeBlock is.

9:05 AM Changeset in webkit [189619] by ap@apple.com
  • 2 edits in branches/safari-601-branch/LayoutTests

Test result gardening - correct the paths for the branch.

  • platform/mac/TestExpectations:
7:51 AM Changeset in webkit [189618] by Chris Dumez
  • 10 edits in trunk

Element.tagName should be upper-case for HTML elements in HTML documents
https://bugs.webkit.org/show_bug.cgi?id=148843
<rdar://problem/22559081>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:
  • web-platform-tests/dom/nodes/Element-tagName-expected.txt:
  • web-platform-tests/dom/nodes/Node-nodeName-expected.txt:
  • web-platform-tests/html/semantics/tabular-data/the-table-element/table-insertRow-expected.txt:

Source/WebCore:

Element.tagName should be upper-case for HTML elements in HTML documents,
as per the DOM specification:
https://dom.spec.whatwg.org/#dom-element-tagname

Previously, WebKit would fail to upper-case the tagname if the element's
tag had a prefix. This patch corrects this. This aligns our behavior with
Firefox, Chrome and IE.

No new tests, already covered by existing tests.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::nodeName):

LayoutTests:

Update / rebaseline test now that our behavior has changed.

  • fast/dom/Node/initial-values-expected.txt:
  • fast/dom/Node/script-tests/initial-values.js:
7:50 AM Changeset in webkit [189617] by Chris Dumez
  • 6 edits in trunk

document.body = "text" should throw a TypeError, not a HierarchyRequestError
https://bugs.webkit.org/show_bug.cgi?id=149057
<rdar://problem/22567157>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline test now that a new check is passing.

  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.body-setter-01-expected.txt:

Source/WebCore:

document.body = "text" should throw a TypeError, not a
HierarchyRequestError:
https://html.spec.whatwg.org/multipage/dom.html#dom-document-body

This is because "text" is a DOMString and it cannot be converted into an
HTMLElement?. Therefore, the WebIDL specification says we should throw a
TypeError in this case.

Chrome and Firefox throw the right exception.

No new tests, already covered by existing test.

  • dom/Document.idl:

LayoutTests:

Rebaseline test as we now throw a different exception.

  • fast/dom/setter-type-enforcement-expected.txt:
6:03 AM WebKitGTK/2.8.x edited by clopez@igalia.com
(diff)
2:16 AM Changeset in webkit [189616] by akling@apple.com
  • 74 edits in trunk/Source

[JSC] Weak should only accept cell pointees.
<https://webkit.org/b/148955>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Since WeakImpls only support pointing to JSCell derived objects,
enforce that at compile time by having the API use JSCell* instead of JSValue.

WeakHandleOwner callbacks now get JSCell& and JSCell*& respectively instead
of wrapping the cell pointer in a Handle<Unknown>.

Also added a static_assert so Weak<T> can't be instantiated with a T that's
not convertible to JSCell.

  • API/JSAPIWrapperObject.mm:

(JSAPIWrapperObjectHandleOwner::finalize):
(JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
(JSC::JSAPIWrapperObject::finishCreation):

  • API/JSManagedValue.mm:

(JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
(JSManagedValueHandleOwner::finalize):

  • builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::finalize):

  • builtins/BuiltinExecutables.h:
  • heap/Heap.cpp:

(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize):

  • heap/Heap.h:
  • heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):

  • heap/WeakHandleOwner.cpp:

(JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
(JSC::WeakHandleOwner::finalize):

  • heap/WeakHandleOwner.h:
  • heap/WeakImpl.h:

(JSC::WeakImpl::WeakImpl):
(JSC::WeakImpl::state):
(JSC::WeakImpl::cell):
(JSC::WeakImpl::asWeakImpl):
(JSC::WeakImpl::jsValue): Deleted.

  • heap/WeakInlines.h:

(JSC::Weak<T>::Weak):
(JSC::>):
(JSC::Weak<T>::operator):
(JSC::Weak<T>::get):
(JSC::Weak<T>::was):

  • heap/WeakSet.h:
  • heap/WeakSetInlines.h:

(JSC::WeakSet::allocate):
(JSC::WeakBlock::finalize):

  • jit/JITThunks.cpp:

(JSC::JITThunks::finalize):

  • jit/JITThunks.h:
  • jsc.cpp:

(WTF::ElementHandleOwner::isReachableFromOpaqueRoots): Deleted.

  • runtime/JSCell.h:

(JSC::jsCast):

  • runtime/RegExpCache.cpp:

(JSC::RegExpCache::finalize):

  • runtime/RegExpCache.h:
  • runtime/Structure.cpp:

(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):

Source/WebCore:

Update WebCore bindings for the new Weak and Weak-related signatures.

  • bindings/js/JSCSSRuleListCustom.cpp:

(WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSCSSValueCustom.cpp:

(WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
(WebCore::JSCSSValueOwner::finalize):

  • bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSCallbackData.h:
  • bindings/js/JSMutationObserverCustom.cpp:

(WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSNodeCustom.cpp:

(WebCore::isReachableFromDOM):
(WebCore::JSNodeOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSNodeListCustom.cpp:

(WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSTextTrackCueCustom.cpp:

(WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):

  • bindings/js/WebCoreTypedArrayController.cpp:

(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):

  • bindings/js/WebCoreTypedArrayController.h:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestActiveDOMObjectOwner::finalize):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize):

  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomNamedGetterOwner::finalize):

  • bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventConstructorOwner::finalize):

  • bindings/scripts/test/JS/JSTestEventConstructor.h:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTargetOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventTargetOwner::finalize):

  • bindings/scripts/test/JS/JSTestEventTarget.h:
  • bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestExceptionOwner::finalize):

  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestGenerateIsReachableOwner::finalize):

  • bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestInterfaceOwner::finalize):

  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestMediaQueryListListenerOwner::finalize):

  • bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNamedConstructorOwner::finalize):

  • bindings/scripts/test/JS/JSTestNamedConstructor.h:
  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:

(WebCore::JSTestNondeterministicOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNondeterministicOwner::finalize):

  • bindings/scripts/test/JS/JSTestNondeterministic.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::JSTestObjOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestObjOwner::finalize):

  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverloadedConstructorsOwner::finalize):

  • bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverrideBuiltinsOwner::finalize):

  • bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):

  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestTypedefsOwner::finalize):

  • bindings/scripts/test/JS/JSTestTypedefs.h:
  • bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::JSattributeOwner::isReachableFromOpaqueRoots):
(WebCore::JSattributeOwner::finalize):

  • bindings/scripts/test/JS/JSattribute.h:
  • bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::JSreadonlyOwner::isReachableFromOpaqueRoots):
(WebCore::JSreadonlyOwner::finalize):

  • bindings/scripts/test/JS/JSreadonly.h:
  • bridge/runtime_root.cpp:

(JSC::Bindings::RootObject::finalize):

  • bridge/runtime_root.h:

Source/WebKit2:

  • WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::finalize):

  • WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
12:17 AM Changeset in webkit [189615] by bshafiei@apple.com
  • 4 edits in tags/Safari-601.1.56.2

Merged r189598. rdar://problem/22657165

12:15 AM Changeset in webkit [189614] by bshafiei@apple.com
  • 4 edits
    2 copies in tags/Safari-601.1.56.2

Merged r189483. rdar://problem/22657165

12:12 AM Changeset in webkit [189613] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.56.2/Source

Versioning.

12:08 AM Changeset in webkit [189612] by bshafiei@apple.com
  • 4 edits in branches/safari-601-branch

Merged r189598. rdar://problem/22657171

12:07 AM Changeset in webkit [189611] by bshafiei@apple.com
  • 4 edits
    2 copies in branches/safari-601-branch

Merged r189483. rdar://problem/22657171

12:01 AM Changeset in webkit [189610] by bshafiei@apple.com
  • 11 edits
    8 copies in branches/safari-601-branch

Merged r189469. rdar://problem/22316524

12:01 AM Changeset in webkit [189609] by bshafiei@apple.com
  • 11 edits
    8 copies in branches/safari-601.1.46-branch

Merged r189469. rdar://problem/22422752

Sep 10, 2015:

11:13 PM Changeset in webkit [189608] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

11:12 PM Changeset in webkit [189607] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

11:08 PM Changeset in webkit [189606] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.56.2

New tag.

10:54 PM Changeset in webkit [189605] by bshafiei@apple.com
  • 4 edits in tags/Safari-601.1.56.0.1/Source/WebKit/win

Merge patch for rdar://problem/22633105.

10:51 PM Changeset in webkit [189604] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.56.0.1/Source

Versioning.

10:48 PM Changeset in webkit [189603] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.56.0.1

New tag.

6:43 PM Changeset in webkit [189602] by commit-queue@webkit.org
  • 1 edit
    2 deletes in trunk/Source/WebKit2

Web Inspector: Remove unused files
https://bugs.webkit.org/show_bug.cgi?id=149049

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-10
Reviewed by Brian Burg.

  • WebProcess/WebPage/efl/WebInspectorEfl.cpp: Removed.
  • WebProcess/WebPage/gtk/WebInspectorGtk.cpp: Removed.
6:42 PM Changeset in webkit [189601] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebKit2

WebInspectorUI should have a WebPage reference
https://bugs.webkit.org/show_bug.cgi?id=149046

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-10
Reviewed by Geoffrey Garen.

  • WebProcess/WebPage/WebInspectorUI.cpp:
  • WebProcess/WebPage/WebInspectorUI.h:

(WebKit::WebInspectorUI::page): Deleted.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::inspectorUI):

6:39 PM Changeset in webkit [189600] by commit-queue@webkit.org
  • 5 edits in trunk

Unreviewed, rolling out r189595.
https://bugs.webkit.org/show_bug.cgi?id=149052

The tests still fail (Requested by ap on #webkit).

Reverted changeset:

"Spurious output on Windows tests: AQMEIOManager::FindIOUnit:
error -1"
https://bugs.webkit.org/show_bug.cgi?id=142929
http://trac.webkit.org/changeset/189595

6:37 PM Changeset in webkit [189599] by commit-queue@webkit.org
  • 6 edits in trunk/Source/JavaScriptCore

Implement switch statements in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149051

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch implements switch statements in WebAssembly using the
JSC::BinarySwitch class.

  • tests/stress/wasm-control-flow.js:
  • tests/stress/wasm/control-flow.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildSwitch):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseSwitchStatement):

  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildSwitch):

5:55 PM Changeset in webkit [189598] by Chris Fleizach
  • 4 edits in trunk

AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields
https://bugs.webkit.org/show_bug.cgi?id=148891

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Asychronous focus setting DOES work on Yosemite, just not Mavericks.

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]):
(-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):

LayoutTests:

Mark accessibility focus tests as passing on Yosemite.

  • platform/mac/TestExpectations:
4:19 PM Changeset in webkit [189597] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.2

New tag.

4:07 PM Changeset in webkit [189596] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Structure should be able to tell you if it had ever been a dictionary
https://bugs.webkit.org/show_bug.cgi?id=149047

Reviewed by Mark Lam.

Introduces the hasBeenDictionary flag to Structure, which tells you if this structure or
any of its ancestors is a dictionary. We already implicitly tracked this for DFG
watchpoint optimizations, so this is mainly just decoupling that existing logic from
watchpoints. Having Structure::hasBeenDictionary() enables some of the heuristics in the
property type inference work (https://bugs.webkit.org/show_bug.cgi?id=148610).

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::dump):

  • runtime/Structure.h:
3:59 PM Changeset in webkit [189595] by ap@apple.com
  • 5 edits in trunk

Spurious output on Windows tests: AQMEIOManager::FindIOUnit: error -1
https://bugs.webkit.org/show_bug.cgi?id=142929

Reviewed by Brent Fulgham.

Tools:

Silence the logging. We'll track fixing the root cause in Radar.

  • Scripts/webkitpy/port/mac.py:

(MacPort.stderr_patterns_to_strip): Added a FIXME.

  • Scripts/webkitpy/port/win.py:

(WinPort.logging_patterns_to_strip): Added.

LayoutTests:

  • platform/win/TestExpectations: Unskip some newly added tests that are affected.

We still skip the whole media directory - updating the results and unskipping those
tests would be a separate project.

3:15 PM Changeset in webkit [189594] by hyatt@apple.com
  • 8 edits
    4 adds in trunk

[New Block-Inside-Inline Model] Self-collapsing block check needs to account for anonymous inline blocks
https://bugs.webkit.org/show_bug.cgi?id=149042

Reviewed by Dean Jackson.

Source/WebCore:

Added new tests in fast/block/inside-inlines/

  • rendering/InlineFlowBox.cpp:
  • rendering/InlineFlowBox.h:

(WebCore::InlineFlowBox::anonymousInlineBlock):
Add a new accessor to get the anonymousInlineBlock() for lines that wrap them.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::childrenPreventSelfCollapsing):
(WebCore::RenderBlock::isSelfCollapsingBlock):
isSelfCollapsingBlock() now calls a virtual method that checks lines/children called childrenPreventSelfCollapsing.
This lets us farm out the lines check to the derived RenderBlockFlow class.

  • rendering/RenderBlock.h:

(WebCore::RenderBlock::childrenPreventSelfCollapsing):
Added new virtual method for checking children.

  • rendering/RenderBlockFlow.cpp:
  • rendering/RenderBlockFlow.h:

(WebCore::RenderBlockFlow::childrenPreventSelfCollapsing):
Overridden to ensure that blocks can still be self-collapsing if they only contain anonymous inline-block lines that
are also self-collapsing.

LayoutTests:

  • fast/block/inside-inlines/new-model/self-collapsing-test-expected.html: Added.
  • fast/block/inside-inlines/new-model/self-collapsing-test.html: Added.
  • fast/block/inside-inlines/self-collapsing-test-expected.html: Added.
  • fast/block/inside-inlines/self-collapsing-test.html: Added.
2:54 PM Changeset in webkit [189593] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Styles sidebar says Media: all when it should say Media: screen
https://bugs.webkit.org/show_bug.cgi?id=148436

Patch by Devin Rousso <Devin Rousso> on 2015-09-10
Reviewed by Timothy Hatcher.

Removed filter that prevented "Media: screen" from being displayed.

  • UserInterface/Views/RulesStyleDetailsPanel.js:

(WebInspector.RulesStyleDetailsPanel.prototype.refresh.insertMediaOrInheritanceLabel):
(WebInspector.RulesStyleDetailsPanel.prototype.refresh.filteredMediaList): Deleted.

2:28 PM Changeset in webkit [189592] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

Web Inspector: WebInspectorUI does not need to be an API::Object
https://bugs.webkit.org/show_bug.cgi?id=149045

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-10
Reviewed by Timothy Hatcher.

  • Shared/API/APIObject.h:
  • WebProcess/WebPage/WebInspectorUI.h:
2:24 PM Changeset in webkit [189591] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix Windows file loading in JSC shell after r189583
https://bugs.webkit.org/show_bug.cgi?id=148917

Should load the script files with the binary mode.
Since these loading functions are only used for the simple test scripts,
we just use ftell / fseek now.

  • jsc.cpp:

(fillBufferWithContentsOfFile):

2:13 PM Changeset in webkit [189590] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Prefer calling ContentViewContainer.updateLayout directly
https://bugs.webkit.org/show_bug.cgi?id=149041

Reviewed by Timothy Hatcher.

Cleaned up two places where a parent view duplicated logic encapsulated by ContentViewContainer.

  • UserInterface/Views/ClusterContentView.js:

(WebInspector.ClusterContentView.prototype.updateLayout):

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype.updateLayout):

2:06 PM Changeset in webkit [189589] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

Web Inspector: Remove unused member in WebPage
https://bugs.webkit.org/show_bug.cgi?id=149040

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-10
Reviewed by Brian Burg.

  • WebProcess/WebPage/WebPage.cpp:
  • WebProcess/WebPage/WebPage.h:
1:50 PM Changeset in webkit [189588] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r189575): Appears to break ARM64 linux builds
https://bugs.webkit.org/show_bug.cgi?id=149044

Reviewed by Filip Pizlo.

Changed the use of the ARM64 "fp", a register alias, to be "x29", the real register name.

  • llint/LowLevelInterpreter.asm:
1:13 PM Changeset in webkit [189587] by dbates@webkit.org
  • 3 edits in trunk/Source/WebKit2

sendProcessWillSuspendImminently uses a wrong message flag
https://bugs.webkit.org/show_bug.cgi?id=148995

Reviewed by Alexey Proskuryakov.

Remove use of flag IPC::InterruptWaitingIfSyncMessageArrives as it does not make
sense when sending a sync message.

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently):

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::sendProcessWillSuspendImminently):

12:49 PM Changeset in webkit [189586] by fpizlo@apple.com
  • 29 edits
    2 moves
    1 add
    5 deletes in trunk

There should be one stub hanging off an inline cache that contains code for all of the cases, rather than forming a linked list consisting of one stub per case
https://bugs.webkit.org/show_bug.cgi?id=148717

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This is a major rewrite of the JSC get/put/in inline caches (ICs), motivated by the need to add
fancy new kinds of inline caches for property type inference (https://webkit.org/b/148610).

Previously, our inline caches had some problems that made them difficult to work with. It was
impossible to change any code that was previously generated by the IC except by blowing the
whole IC away, the ICs scaled poorly if there were many cases, and there was a lot of duplicate
and ad hoc code.

Impossible to regenerate a previously generated stub: Say that some access (o.f = v) causes our
IC code to emit some stub; let's call it stub1. Then later we find that we need to emit a
different stub, stub2, where we think that stub2 might subsume stub1. We say that stub2
subsumes stub1 if failing to execute stub2 to completion means that we are guaranteed to fail
to execute stub1 to completion. This could happen in trunk if stub2 has the same base structure
as stub1 but different prototype conditions. It could happen with property type inference if
stub2 has a looser type check on v than stub1 did. Currently, if this happened, we would emit
stub2 and have its slow path jump to stub1. Hence, we would still end up executing the checks
of stub1 before falling through to the slow path. This gets bad when there are many stubs.
Stub1 might be in front of a bunch of other stubs, so when we add stub2, we will end up
executing both stub2's and stub1's checks before falling through to the other stubs. It would
be better if we could remove stub1 from the list at this point. But since stub1 could be linked
to from a different stub that we had already generated, we'd have to have a way of patching
stubs or regenerating them from scratch. This is currenty impossible because we just don't keep
around enough meta-data to mess with a stub after it's generated. After this change, we never
link new stubs onto a linked list of pre-existing stubs; instead each IC will have one stub
hanging off of it and we always regenerate that one stub from scratch. That one stub contains
either a BinarySwitch or a branch cascade to select one of the AccessCases. Each AccessCase is
an object that describes everything we need to regenerate it in the future. This means that
when we add a new case to an IC stub, we can figure out which previous cases this one subsumes.

Poor scalability when there are many cases: Previously, the cases of a polymorphic inline cache
formed a linked list of branches. This meant that the complexity of an inline cache grew
linearly with the number of cases. This change turns this into a BinarySwitch in most cases,
leading to logarithmic scaling.

Duplicate code between get, put, and in: The code for op_get_by_id, op_put_by_id, and op_in
inline caches grew independently and ended up having a lot of duplicate code. We had the worst
kinds of duplicate code. In some cases, the code was copy-pasted. In other cases, we wrote code
that felt like it was new despite the fact that it was logically identical to code that was
already written elsewhere. The main sources of duplication were in selecting a scratch
register, checking all of the ObjectPropertyConditions and the base structure, the pro forma
involved in generating a stub, and the data structures needed to describe all of the access
cases. This change deduplicates all of that code. Now, all of those ICs use the same classes:
the PolymorphicAccess and AccessCase. There is code in those classes that handles all of the
common things, and for the most part the only code that actually specializes for the kind of
access is in some switch statement in AccessCase::generate().

Special-casing of array length and string length: Previously, array.length and string.length
were handled in an ad hoc manner in the get_by_id repatching code. The handling was separate
from the polymorphic get_by_id handling, which meant that we could not handle polymorphic
length accesses if one of the length cases was either array or string length. For example, if
you had "o.length" where the length was either array length or a vanilla length property, then
the get_by_id inline cache would either emit a monomorphic stub for array length, or a
monomorphic stub for the vanilla length property, but never a polymorphic stub (or list) that
could do both. This change addresses this problem by folding array length and string length
into the polymorphic get_by_id code.

This was meant to be a perf-neutral change to enable property type inference, but it ended up
being a 1% Octane speed-up, mainly because of a 14% speed-up in raytrace. This isn't too
surprising, since that test does use inline caches a lot and this change makes inline caches
more scalable.

This also fixes and adds a test for a BinarySwitch bug. BinarySwitch had an optimization for
consecutive integer cases. Using it on typed array structures triggers this bug. It's a hard
bug to trigger any other way because our other switch optimizations will usually use a jump
table in case of consecutive integers.

(JSC::MacroAssemblerCodePtr::dumpWithName):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::getByValInfoMap):
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::findStubInfo):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::stubInfoBegin):
(JSC::CodeBlock::stubInfoEnd):

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

  • bytecode/PolymorphicAccess.cpp: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.cpp.

(JSC::AccessGenerationState::addWatchpoint):
(JSC::AccessGenerationState::restoreScratch):
(JSC::AccessGenerationState::succeed):
(JSC::AccessCase::AccessCase):
(JSC::AccessCase::get):
(JSC::AccessCase::replace):
(JSC::AccessCase::transition):
(JSC::AccessCase::setter):
(JSC::AccessCase::in):
(JSC::AccessCase::getLength):
(JSC::AccessCase::~AccessCase):
(JSC::AccessCase::fromStructureStubInfo):
(JSC::AccessCase::clone):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::alternateBase):
(JSC::AccessCase::canReplace):
(JSC::AccessCase::dump):
(JSC::AccessCase::visitWeak):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerateWithCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::~GetByIdAccess): Deleted.
(JSC::GetByIdAccess::fromStructureStubInfo): Deleted.
(JSC::GetByIdAccess::visitWeak): Deleted.
(JSC::PolymorphicGetByIdList::PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::from): Deleted.
(JSC::PolymorphicGetByIdList::~PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::currentSlowPathTarget): Deleted.
(JSC::PolymorphicGetByIdList::addAccess): Deleted.
(JSC::PolymorphicGetByIdList::isFull): Deleted.
(JSC::PolymorphicGetByIdList::isAlmostFull): Deleted.
(JSC::PolymorphicGetByIdList::didSelfPatching): Deleted.
(JSC::PolymorphicGetByIdList::visitWeak): Deleted.

  • bytecode/PolymorphicAccess.h: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h.

(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessCase::type):
(JSC::AccessCase::offset):
(JSC::AccessCase::viaProxy):
(JSC::AccessCase::structure):
(JSC::AccessCase::newStructure):
(JSC::AccessCase::conditionSet):
(JSC::AccessCase::additionalSet):
(JSC::AccessCase::customSlotBase):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessCase::RareData::RareData):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):
(JSC::PolymorphicAccess::operator[]):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::isSet): Deleted.
(JSC::GetByIdAccess::operator!): Deleted.
(JSC::GetByIdAccess::type): Deleted.
(JSC::GetByIdAccess::structure): Deleted.
(JSC::GetByIdAccess::conditionSet): Deleted.
(JSC::GetByIdAccess::stubRoutine): Deleted.
(JSC::GetByIdAccess::doesCalls): Deleted.
(JSC::PolymorphicGetByIdList::isEmpty): Deleted.
(JSC::PolymorphicGetByIdList::size): Deleted.
(JSC::PolymorphicGetByIdList::at): Deleted.
(JSC::PolymorphicGetByIdList::operator[]): Deleted.

  • bytecode/PolymorphicAccessStructureList.h: Removed.
  • bytecode/PolymorphicGetByIdList.cpp: Removed.
  • bytecode/PolymorphicGetByIdList.h: Removed.
  • bytecode/PolymorphicPutByIdList.cpp: Removed.
  • bytecode/PolymorphicPutByIdList.h: Removed.
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeForStubInfo):

  • bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):

  • bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initPutByIdReplace):
(JSC::StructureStubInfo::initStub):
(JSC::StructureStubInfo::setSeen):
(JSC::getStructureStubInfoCodeOrigin):
(JSC::isGetByIdAccess): Deleted.
(JSC::isPutByIdAccess): Deleted.
(JSC::isInAccess): Deleted.
(JSC::StructureStubInfo::initGetByIdList): Deleted.
(JSC::StructureStubInfo::initPutByIdTransition): Deleted.
(JSC::StructureStubInfo::initPutByIdList): Deleted.
(JSC::StructureStubInfo::initInList): Deleted.
(JSC::StructureStubInfo::addWatchpoint): Deleted.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIn):

  • ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

  • jit/AccessorCallJITStubRoutine.cpp: Removed.
  • jit/AccessorCallJITStubRoutine.h: Removed.
  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::branchIfEmpty):
(JSC::AssemblyHelpers::branchStructure):
(JSC::AssemblyHelpers::boxBooleanPayload):
(JSC::AssemblyHelpers::boxBoolean):
(JSC::AssemblyHelpers::boxInt32):

  • jit/BinarySwitch.cpp:

(JSC::BinarySwitch::BinarySwitch):
(JSC::BinarySwitch::build):
(JSC::BinarySwitch::Case::dump):
(JSC::BinarySwitch::BranchCode::dump):

  • jit/BinarySwitch.h:

(JSC::BinarySwitch::Case::operator<):
(JSC::BinarySwitch::BranchCode::BranchCode):

  • jit/JIT.h:
  • jit/JITInlineCacheGenerator.cpp:

(JSC::garbageStubInfo):
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):

  • jit/JITInlineCacheGenerator.h:

(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITInlineCacheGenerator::stubInfo):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITByIdGenerator::reportSlowPathCall):

  • jit/JITOperations.cpp:
  • jit/Repatch.cpp:

(JSC::repatchCall):
(JSC::repatchByIdSelfAccess):
(JSC::resetGetByIDCheckAndLoad):
(JSC::resetPutByIDCheckAndLoad):
(JSC::replaceWithJump):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::appropriateGenericPutByIdFunction):
(JSC::appropriateOptimizingPutByIdFunction):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::checkObjectPropertyCondition): Deleted.
(JSC::checkObjectPropertyConditions): Deleted.
(JSC::emitRestoreScratch): Deleted.
(JSC::linkRestoreScratch): Deleted.
(JSC::toString): Deleted.
(JSC::kindFor): Deleted.
(JSC::customFor): Deleted.
(JSC::generateByIdStub): Deleted.
(JSC::patchJumpToGetByIdStub): Deleted.
(JSC::tryBuildGetByIDList): Deleted.
(JSC::buildGetByIDList): Deleted.
(JSC::appropriateListBuildingPutByIdFunction): Deleted.
(JSC::emitPutReplaceStub): Deleted.
(JSC::emitPutTransitionStub): Deleted.
(JSC::tryBuildPutByIdList): Deleted.
(JSC::buildPutByIdList): Deleted.

  • jit/ScratchRegisterAllocator.cpp:

(JSC::ScratchRegisterAllocator::lock):
(JSC::ScratchRegisterAllocator::allocateScratch):

  • jit/ScratchRegisterAllocator.h:

(JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):

  • jsc.cpp:

(GlobalObject::finishCreation):
(functionQuit):
(functionAbort):
(functionFalse1):
(functionFalse2):

  • runtime/Options.h:
  • tests/stress/array-message-passing.js: Added.

(window.addEventListener):
(window.postMessage):
(window._handleEvents):
(testPassed):
(testFailed):
(classCompare):
(bufferCompare):
(viewCompare):
(typedArrayCompare):
(dataViewCompare):
(dataViewCompare2):
(dataViewCompare3):
(createBuffer):
(createTypedArray):
(createTypedArrayOverBuffer):
(new.DataView):
(testList.testList.concat.basicBufferTypes.map):
(doneTest):

Source/WTF:

Beef up dumping a bit.

  • wtf/PrintStream.h:

(WTF::pointerDump):
(WTF::printInternal):

12:36 PM Changeset in webkit [189585] by ggaren@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

CodeBlock::codeType() doesn't need to compute anything
https://bugs.webkit.org/show_bug.cgi?id=149039

Reviewed by Michael Saboff.

CodeBlock already has an m_codeType data member.

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::codeType):
(JSC::CodeBlock::putByIdContext):

12:34 PM Changeset in webkit [189584] by commit-queue@webkit.org
  • 7 edits
    2 adds in trunk/Source/JavaScriptCore

Implement global variables in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149031

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch implements global variables in WebAssembly. There are two
types of global variables in the current format that we use (the format
used by <https://github.com/WebAssembly/polyfill-prototype-1>): internal
global variables and imported global variables. This patch does not yet
import values for imported global variables. It will be done in a
subsequent patch.

  • tests/stress/wasm-globals.js: Added.

(shouldBe):

  • tests/stress/wasm/globals.wasm: Added.
  • wasm/JSWASMModule.h:

(JSC::JSWASMModule::globalVariables):

  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildSetGlobal):
(JSC::WASMFunctionCompiler::buildGetGlobal):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseSetGlobalStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildSetGlobal):
(JSC::WASMFunctionSyntaxChecker::buildGetGlobal):

  • wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::parseGlobalSection):

12:19 PM Changeset in webkit [189583] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

Consider long module path name case in Windows
https://bugs.webkit.org/show_bug.cgi?id=148917

Reviewed by Alex Christensen.

The local file system module loader in the JSC shell manages the module files by the absolute path.
However, in Windows, _MAX_PATH is defined as 260. So if the path like the current working directory or the path to the module is long,
it will be truncated by the API and it fail to open the file.
In JSC tests in Apple Windows buildbot, since the current working directory is long enough, the tests failed.

This patch introduces the following 3 tweaks.

  1. When retrieving the current working path, we use GetCurrentDirectoryW instead of _getcwd. GetCurrentDirectoryW allows the long path while _getcwd automatically truncate the result by the _MAX_PATH.
  1. Before opening the module file, we prepend "
    ?\" to the path. It converts the local file path to the long UNC path which allows longer path names.
  1. Since Windows ASCII API accepts the characters in the current code page, we use the Unicode APIs like _wfopen instead.

And enable the once disabled module tests in Windows.

Since this functionality is the part of the JSC shell to run the module tests, it is now implemented in jsc.cpp.

  • jsc.cpp:

(stringFromUTF):
(jscSource):
(extractDirectoryName):
(currentWorkingDirectory):
(convertShebangToJSComment):
(fillBufferWithContentsOfFile):
(fetchScriptFromLocalFileSystem):
(fetchModuleFromLocalFileSystem):
(GlobalObject::moduleLoaderFetch):
(functionRun):
(functionLoad):
(functionReadFile):
(functionCheckSyntax):
(functionLoadModule):
(runWithScripts):
(runInteractive):

  • tests/modules.yaml:
12:01 PM Changeset in webkit [189582] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk/Source/JavaScriptCore

Convert arguments to WebAssembly functions to the declared types
https://bugs.webkit.org/show_bug.cgi?id=149033

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch checks the types of arguments to WebAssembly functions and
converts them to the declared types. This is necessary because:

  • For example, if a function expects an argument of type double and we pass 1.0 to it, it will get a JSValue of an integer, not a double.
  • We should follow asm.js's behavior for now, because we want to be able to test WebAssembly apps against asm.js apps. asm.js does type coercion on arguments by using int|0, Math.fround(float), and +double.
  • jit/JITOperations.h:
  • tests/stress/wasm-type-conversion.js: Added.

(shouldBe):
(two.valueOf):

  • tests/stress/wasm/type-conversion.wasm: Added.
  • wasm/WASMFunctionCompiler.h:

(JSC::operationConvertJSValueToInt32):
(JSC::operationConvertJSValueToDouble):
(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::appendCallSetResult):
(JSC::WASMFunctionCompiler::callOperation):
(JSC::WASMFunctionCompiler::loadValueAndConvertToInt32):
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble):

11:57 AM Changeset in webkit [189581] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
https://bugs.webkit.org/show_bug.cgi?id=148794

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

Checking bad shaders, precision matching and varyings packing are all valid for GL ES too.

Test: webgl/1.0.2/conformance/programs/program-test.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::linkProgram):

11:47 AM Changeset in webkit [189580] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Static variables in GraphicsContext3DOpenGLCommon should be avoided because of the race condition
https://bugs.webkit.org/show_bug.cgi?id=148957

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

There is no guarantee that only one thread calls GraphicsContext3D::compileShader() at a time so it would be
better to use a thread local storage variable rather than use a static variable.

No new tests. No behavioural changes.

  • platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::getCurrentNameHashMapForShader):
(WebCore::setCurrentNameHashMapForShader):
(WebCore::nameHashForShader):
(WebCore::GraphicsContext3D::compileShader):
(WebCore::GraphicsContext3D::mappedSymbolName):

11:15 AM Changeset in webkit [189579] by Dewei Zhu
  • 2 edits in trunk/LayoutTests

Update windows platform expected results for bug 148810.
https://bugs.webkit.org/show_bug.cgi?id=149038

Reviewed by Alexey Proskuryakov.

  • platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Updated.
11:08 AM Changeset in webkit [189578] by Joseph Pecoraro
  • 2 edits in trunk/Source/WebKit2

Unreviewed build fix after r189572.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
Remove the const on the now static methods.

11:04 AM Changeset in webkit [189577] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

JSInternalPromiseDeferred should inherit JSPromiseDeferred
https://bugs.webkit.org/show_bug.cgi?id=149027

Reviewed by Darin Adler.

JSInternalPromiseDeferred is constructed by using JSPromiseDeferred implementation.
So the class info of JSInternalPromiseDeferred should inherit JSPromiseDeferred.

  • runtime/JSInternalPromiseDeferred.cpp:
11:02 AM Changeset in webkit [189576] by Chris Dumez
  • 131 edits in trunk

Node.appendChild(null) / replaceChild(null, null) / removeChild(null) / insertBefore(null, ref) should throw a TypeError
https://bugs.webkit.org/show_bug.cgi?id=148971
<rdar://problem/22560883>
<rdar://problem/22559225>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/dom/nodes/Node-appendChild-expected.txt:
  • web-platform-tests/dom/nodes/Node-insertBefore-expected.txt:
  • web-platform-tests/dom/nodes/Node-removeChild-expected.txt:
  • web-platform-tests/dom/nodes/Node-replaceChild-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Node.appendChild(null) / replaceChild(null, null) / removeChild(null)
and insertBefore(null, ref) should throw a TypeError instead of a
NotFoundError, as per the specification:
https://dom.spec.whatwg.org/#node

The parameters are not nullable so the Web IDL specification says
we should throw a TypeError in this case.

This patch moves the null-checking from ContainerNode to the methods
on Node. The null-checking is supposed to be done by the bindings code
but our generator currently does not support this so we do the null
checking as close to the bindings as possible. The bindings code is
calling the methods on Node. This also makes sure we throw a TypeError
for null-argument when the Node is not a ContainerNode. For e.g.
Text.appendChild(null) should throw a TypeError too.

The methods on ContainerNode now take references insteaad of pointer
parameters now that the null-checking is done at the call site in
Node. This lead to a lot of code update as those methods are used
a lot throughout the code base.

No new tests, already covered by pre-existing layout tests.

Source/WebKit/mac:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call site.

  • WebView/WebFrame.mm:

(-[WebFrame _documentFragmentWithNodesAsParagraphs:]):

Source/WebKit2:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call sites.

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::PDFPlugin):

  • WebProcess/Plugins/PDF/PDFPluginAnnotation.mm:

(WebKit::PDFPluginAnnotation::attach):
(WebKit::PDFPluginAnnotation::~PDFPluginAnnotation):

  • WebProcess/Plugins/PDF/PDFPluginChoiceAnnotation.mm:

(WebKit::PDFPluginChoiceAnnotation::createAnnotationElement):

LayoutTests:

Update / rebaseline tests now that we throw a different exception type.

  • fast/dom/Document/replaceChild-null-oldChild-expected.txt:
  • fast/dom/Document/script-tests/replaceChild-null-oldChild.js:
  • fast/dom/Node/fragment-mutation-expected.txt:
  • fast/dom/Node/fragment-mutation.html:
  • fast/dom/incompatible-operations-expected.txt:
  • fast/dom/incompatible-operations.html:
  • fast/dom/move-nodes-across-documents.html:
  • fast/dom/processing-instruction-appendChild-exceptions-expected.txt:
  • fast/dom/processing-instruction-appendChild-exceptions.xhtml:
  • fast/dom/setter-type-enforcement-expected.txt:
  • fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt:
  • fast/inspector-support/uncaught-dom8-exception.html:
10:47 AM Changeset in webkit [189575] by msaboff@apple.com
  • 58 edits
    4 adds
    4 deletes in trunk/Source/JavaScriptCore

Add support for Callee-Saves registers
https://bugs.webkit.org/show_bug.cgi?id=148666

Reviewed by Filip Pizlo.

We save platform callee save registers right below the call frame header,
in the location(s) starting with VirtualRegister 0. This local space is
allocated in the bytecode compiler. This space is the maximum space
needed for the callee registers that the LLInt and baseline JIT use,
rounded up to a stack aligned number of VirtualRegisters.
The LLInt explicitly saves and restores the registers in the macros
preserveCalleeSavesUsedByLLInt and restoreCalleeSavesUsedByLLInt.
The JITs saves and restores callee saves registers by what registers
are included in m_calleeSaveRegisters in the code block.

Added handling of callee save register restoration to exception handling.
The basic flow is when an exception is thrown or one is recognized to
have been generated in C++ code, we save the current state of all
callee save registers to VM::calleeSaveRegistersBuffer. As we unwind
looking for the corresponding catch, we copy the callee saves from call
frames to the same VM::calleeSaveRegistersBuffer. This is done for all
call frames on the stack up to but not including the call frame that has
the corresponding catch block. When we process the catch, we restore
the callee save registers with the contents of VM::calleeSaveRegistersBuffer.
If there isn't a catch, then handleUncaughtException will restore callee
saves before it returns back to the calling C++.

Eliminated callee saves registers as free registers for various thunk
generators as the callee saves may not have been saved by the function
calling the thunk.

Added code to transition callee saves from one VM's format to the another
as part of OSR entry and OSR exit.

Cleaned up the static RegisterSet's including adding one for LLInt and
baseline JIT callee saves and one to be used to allocate local registers
not including the callee saves or other special registers.

Moved ftl/FTLRegisterAtOffset.{cpp,h} to jit/RegisterAtOffset.{cpp,h}.
Factored out the vector of RegisterAtOffsets in ftl/FTLUnwindInfo.{cpp,h}
into a new class in jit/RegisterAtOffsetList.{cpp,h}.
Eliminted UnwindInfo and changed UnwindInfo::parse() into a standalone
function named parseUnwindInfo. That standalone function now returns
the callee saves RegisterAtOffsetList. This is stored in the CodeBlock
and used instead of UnwindInfo.

Turned off register preservation thunks for outgoing calls from FTL
generated code. THey'll be removed in a subsequent patch.

Changed specialized thinks to save and restore the contents of
tagTypeNumberRegister and tagMaskRegister as they can be called by FTL
compiled functions. We materialize those tag registers for the thunk's
use and then restore the prior contents on function exit.

Also removed the arity check fail return thunk since it is now the
caller's responsibility to restore the stack pointer.

Removed saving of callee save registers and materialization of special
tag registers for 64 bit platforms from vmEntryToJavaScript and
vmEntryToNative.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • ftl/FTLJITCode.h:
  • ftl/FTLRegisterAtOffset.cpp: Removed.
  • ftl/FTLRegisterAtOffset.h: Removed.
  • ftl/FTLUnwindInfo.cpp:

(JSC::FTL::parseUnwindInfo):
(JSC::FTL::UnwindInfo::UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::~UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::parse): Deleted.
(JSC::FTL::UnwindInfo::dump): Deleted.
(JSC::FTL::UnwindInfo::find): Deleted.
(JSC::FTL::UnwindInfo::indexOf): Deleted.

  • ftl/FTLUnwindInfo.h:

(JSC::RegisterAtOffset::dump):

  • jit/RegisterAtOffset.cpp: Added.
  • jit/RegisterAtOffset.h: Added.

(JSC::RegisterAtOffset::RegisterAtOffset):
(JSC::RegisterAtOffset::operator!):
(JSC::RegisterAtOffset::reg):
(JSC::RegisterAtOffset::offset):
(JSC::RegisterAtOffset::offsetAsIndex):
(JSC::RegisterAtOffset::operator==):
(JSC::RegisterAtOffset::operator<):
(JSC::RegisterAtOffset::getReg):

  • jit/RegisterAtOffsetList.cpp: Added.

(JSC::RegisterAtOffsetList::RegisterAtOffsetList):
(JSC::RegisterAtOffsetList::sort):
(JSC::RegisterAtOffsetList::dump):
(JSC::RegisterAtOffsetList::find):
(JSC::RegisterAtOffsetList::indexOf):

  • jit/RegisterAtOffsetList.h: Added.

(JSC::RegisterAtOffsetList::clear):
(JSC::RegisterAtOffsetList::size):
(JSC::RegisterAtOffsetList::at):
(JSC::RegisterAtOffsetList::append):
Move and refactored use of FTLRegisterAtOffset to RegisterAtOffset.
Added RegisterAtOffset and RegisterAtOffsetList to build configurations.
Remove FTLRegisterAtOffset files.

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setUpCallFromFTL):
Turned off FTL register preservation thunks.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::setCalleeSaveRegisters):
(JSC::roundCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
(JSC::CodeBlock::calleeSaveRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::numberOfDFGCompiles):
Methods to manage a set of callee save registers. Also to allocate the appropriate
number of VirtualRegisters for callee saves.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::allocateCalleeSaveSpace):

  • bytecompiler/BytecodeGenerator.h:

Allocate the appropriate number of VirtualRegisters for callee saves needed by LLInt or baseline JIT.

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compileExceptionHandlers):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGJITCompiler.h:
  • interpreter/Interpreter.cpp:

(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::usedRegisters):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

  • ftl/FTLCompile.cpp:

(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):

  • ftl/FTLLink.cpp:

(JSC::FTL::link):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

  • ftl/FTLThunks.cpp:

(JSC::FTL::osrExitGenerationThunkGenerator):

  • jit/ArityCheckFailReturnThunks.cpp: Removed.
  • jit/ArityCheckFailReturnThunks.h: Removed.
  • jit/JIT.cpp:

(JSC::JIT::emitEnterOptimizationCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):

  • jit/JITCall32_64.cpp:

(JSC::JIT::emit_op_ret):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITExceptions.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_loop_hint):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):

  • jit/JITOperations.cpp:
  • jit/Repatch.cpp:

(JSC::generateByIdStub):

  • jit/ThunkGenerators.cpp:
  • llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::arityFixupGenerator):

  • runtime/CommonSlowPaths.cpp:

(JSC::setupArityCheckData):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
Emit code to save and restore callee save registers and materialize tagTypeNumberRegister
and tagMaskRegister.
Handle callee saves when tiering up.
Copy callee saves register contents to VM::calleeSaveRegistersBuffer at beginning of
exception processing.
Process callee save registers in frames when unwinding from an exception.
Restore callee saves register contents from VM::calleeSaveRegistersBuffer on catch.
Use appropriate register set to make sure we don't allocate a callee save register when
compiling a thunk.
Helper to populate tagTypeNumberRegister and tagMaskRegister with the appropriate
constants.
Removed arity fixup return thunks.

  • dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
Restore callee saves from the DFG and save the appropriate ones for the baseline JIT.
Materialize the tag registers on 64 bit platforms.

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
New helpers to save and restore callee saves as well as materialize the tag registers
contents.

  • jit/FPRInfo.h:
  • jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
Updated to include FP callee save registers. Added number of callee saves registers and
cleanup register aliases that collide with callee save registers.

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
Uses new stubUnavailableRegisters register set to limit what registers are available for
temporaries.

  • jit/RegisterSet.cpp:

(JSC::RegisterSet::stubUnavailableRegisters):
(JSC::RegisterSet::calleeSaveRegisters):
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):

  • jit/RegisterSet.h:

New register sets with the callee saves used by various tiers as well as one listing registers
not availble to stub code.

  • jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::loadDoubleArgument):
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters):
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):

  • jit/ThunkGenerators.cpp:

(JSC::nativeForGenerator):
Changed to save and restore existing tag register contents as the may contain other values.
After saving the existing values, we materialize the tag constants.

  • jit/TempRegisterSet.h:

(JSC::TempRegisterSet::getFPRByIndex):
(JSC::TempRegisterSet::getFreeFPR):
(JSC::TempRegisterSet::setByIndex):

  • offlineasm/arm64.rb:
  • offlineasm/registers.rb:

Added methods for floating point registers to support callee save FP registers.

  • jit/JITArithmetic32_64.cpp:

(JSC::JIT::emit_op_mod):
Removed unnecessary #if CPU(X86_64) check to this 32 bit only file.

  • offlineasm/x86.rb:

Fixed Windows callee saves naming.

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

(JSC::VM::calleeSaveRegistersBufferOffset):
(JSC::VM::getAllCalleeSaveRegistersMap):
Provide a RegisterSaveMap that has all registers that might be saved. Added a callee save buffer to be
used for OSR exit and for exception processing in a future patch.

10:31 AM Changeset in webkit [189574] by ap@apple.com
  • 2 edits in branches/safari-601-branch/LayoutTests

Test result gardening.

  • platform/mac/TestExpectations:
10:30 AM Changeset in webkit [189573] by aestes@apple.com
  • 3 edits in trunk/Tools

[iOS] Teach run-webkit-tests how to parse simulator runtimes when version numbers contain a revision
https://bugs.webkit.org/show_bug.cgi?id=149022

Reviewed by Daniel Bates.

Simulator runtime versions can contain a revision number (e.g. 8.4.1), but the regex for matching runtimes
did not account for this.

  • Scripts/webkitpy/xcode/simulator.py:

(Simulator): Optionally matched a revision at the end of a runtime version number.

  • Scripts/webkitpy/xcode/simulator_unittest.py: Added a test.
10:27 AM Changeset in webkit [189572] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebKit2

Web Inspector: Make WebInspectorProxy inspectorURL path methods static
https://bugs.webkit.org/show_bug.cgi?id=149021

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-10
Reviewed by Brian Burg.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::didRelaunchInspectorPageProcess):
(WebKit::isMainOrTestInspectorPage):
(WebKit::decidePolicyForNavigationAction):
(WebKit::WebInspectorProxy::eagerlyCreateInspectorPage):
(WebKit::WebInspectorProxy::createInspectorPage):

  • UIProcess/WebInspectorProxy.h:
  • UIProcess/efl/WebInspectorProxyEfl.cpp:

(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

  • UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

10:11 AM Changeset in webkit [189571] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

ModuleProgramExecutable should provide CodeBlock to ScriptExecutable::forEachCodeBlock
https://bugs.webkit.org/show_bug.cgi?id=149028

Reviewed by Michael Saboff.

ModuleProgramExecutable should provide CodeBlock since ModuleProgramExecutable inherits
ScriptExecutable.

  • bytecode/CodeBlock.h:

(JSC::ScriptExecutable::forEachCodeBlock):

10:08 AM Changeset in webkit [189570] by aestes@apple.com
  • 3 edits in trunk/Tools

[iOS] Teach run-webkit-tests how to parse simctl list when a tvOS SDK is installed
https://bugs.webkit.org/show_bug.cgi?id=149029
<rdar://problem/22432624>

Reviewed by Daniel Bates.

  • Scripts/webkitpy/xcode/simulator.py:

(Simulator): Taught to parse tvOS runtimes.

  • Scripts/webkitpy/xcode/simulator_unittest.py: Added tests.
9:26 AM Changeset in webkit [189569] by beidson@apple.com
  • 2 edits in trunk/LayoutTests

Mark some more W3C IDB tests as flaky.
https://bugs.webkit.org/show_bug.cgi?id=148713

Reviewed by NOBODY.

  • platform/wk2/TestExpectations:
8:50 AM Changeset in webkit [189568] by dbates@webkit.org
  • 5 edits
    2 adds in trunk

Write a test to ensure we don't regress processing of tasks when page defers loading
https://bugs.webkit.org/show_bug.cgi?id=135882
<rdar://problem/22550497>

Reviewed by Darin Adler.

Source/WebCore:

Towards adding a test for <https://bugs.webkit.org/show_bug.cgi?id=135688>, add a window.internals
function, setPageDefersLoading, to enable and disable whether the page defers loading.

Test: storage/websql/success-callback-when-page-defers-loading.html

  • testing/Internals.cpp:

(WebCore::Internals::resetToConsistentState): Reset defers loading for the page to false.
(WebCore::Internals::setPageDefersLoading): Added.

  • testing/Internals.h:
  • testing/Internals.idl: Added IDL declaration setPageDefersLoading.

LayoutTests:

Add a test to ensure we do not regress <https://bugs.webkit.org/show_bug.cgi?id=135688>.

  • storage/websql/success-callback-when-page-defers-loading-expected.txt: Added.
  • storage/websql/success-callback-when-page-defers-loading.html: Added.
8:00 AM WebKitGTK/2.10.x edited by Michael Catanzaro
Change some bug links to trac links (diff)
4:58 AM Changeset in webkit [189567] by svillar@igalia.com
  • 29 edits
    2 adds in trunk

min-width/height should default to auto for flexbox items
https://bugs.webkit.org/show_bug.cgi?id=146020

Reviewed by David Hyatt.

Based on Blink's r193665, r194062, r194887 and r195930 by <cbiesinger@chromium.org>.

Source/WebCore:

As specified here
http://dev.w3.org/csswg/css-flexbox/#min-size-auto the default
value of min-{width|height} is auto for flex items.

In case this patch breaks any website (as it's changing the
default value of those properties) the fix is likely to add:

min-width: 0;
min-height: 0;

to any relevant flexitems.

Test: css3/flexbox/min-size-auto.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::isFlexOrGrid): New helper method to identify grids and flexs.
(WebCore::ComputedStyleExtractor::propertyValue): Return auto
for flex items if min-width/height is auto.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):

  • html/shadow/SliderThumbElement.cpp:
  • rendering/RenderBox.cpp:

(WebCore::RenderBox::constrainLogicalHeightByMinMax):
(WebCore::RenderBox::constrainContentBoxLogicalHeightByMinMax):
(WebCore::RenderBox::computeLogicalWidthInRegionUsing):
(WebCore::RenderBox::computeLogicalHeight):
(WebCore::RenderBox::computeLogicalHeightUsing):
(WebCore::RenderBox::computeContentLogicalHeight):
(WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
(WebCore::RenderBox::computeReplacedLogicalWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthUsing):
(WebCore::RenderBox::computeReplacedLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::RenderBox::availableLogicalHeightUsing):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalWidthUsing):
(WebCore::RenderBox::computePositionedLogicalHeight):
(WebCore::RenderBox::computePositionedLogicalHeightUsing):

  • rendering/RenderBox.h:
  • rendering/RenderButton.h:
  • rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):

  • rendering/RenderFlexibleBox.h:

(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):

  • rendering/RenderFullScreen.h:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

  • rendering/RenderMediaControlElements.h:
  • rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::adjustInnerStyle): Do not longer set
the min-width explicitly.

  • rendering/RenderMenuList.h:
  • rendering/RenderMultiColumnSet.cpp:

(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):

  • rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):

  • rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):

  • rendering/RenderSlider.h:
  • rendering/RenderTextControl.h:
  • rendering/RenderTextControlSingleLine.cpp:

(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Do not longer set
the min-width explicitly.

  • rendering/mathml/RenderMathMLBlock.h:
  • rendering/style/RenderStyle.h:

LayoutTests:

  • TestExpectations: Removed passing flexbox tests.
  • css3/flexbox/csswg/flex-flow-007.html: Added min-height: 0px.
  • css3/flexbox/flexbox-baseline.html: Ditto.
  • css3/flexbox/min-size-auto-expected.txt: Added.
  • css3/flexbox/min-size-auto.html: Added.
  • css3/flexbox/preferred-widths-orthogonal.html: Added min-height: 0px.
  • fast/css/auto-min-size-expected.txt: Check default computed

styles for min-width/height for flex items.

  • fast/css/auto-min-size.html: Ditto.
2:10 AM Changeset in webkit [189566] by ChangSeok Oh
  • 4 edits in trunk

[GTK] Volume bar is broken
https://bugs.webkit.org/show_bug.cgi?id=145639

Reviewed by Philippe Normand.

Source/WebCore:

The ControlPart enum values' order has mismatched the one of values in CSSValueKeywords.in
after r180965. The MediaVolumeSliderPart should be prior to the MediaVolumeSliderContainerpart.

Tests: media/click-volume-bar-not-pausing.html

media/volume-bar-empty-when-muted.html

  • platform/ThemeTypes.h:

LayoutTests:

Unblock relevant tests. media/click-volume-bar-not-pausing.html, media/volume-bar-empty-when-muted.html

  • platform/gtk/TestExpectations:
Note: See TracTimeline for information about the timeline view.