Timeline



Sep 18, 2015:

10:00 PM Changeset in webkit [190010] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Update Mac expectations for http/tests/cache/iframe-304-crash.html.
This test is flaky everywhere, not just on Mavericks and Yosemite.

  • platform/mac-wk2/TestExpectations:
9:48 PM Changeset in webkit [190009] by commit-queue@webkit.org
  • 21 edits in trunk

Unreviewed, rolling out r189908.
https://bugs.webkit.org/show_bug.cgi?id=149368

Broke run-webkit-tests --pixel (Requested by ap on #webkit).

Reverted changeset:

"printing does not use minimum page zoom factor"
https://bugs.webkit.org/show_bug.cgi?id=108507
http://trac.webkit.org/changeset/189908

9:18 PM Changeset in webkit [190008] by rniwa@webkit.org
  • 4 edits
    2 adds in trunk

Inserting or removing slot elements can cause a crash
https://bugs.webkit.org/show_bug.cgi?id=149365

Reviewed by Antti Koivisto.

Source/WebCore:

HTMLSlotElement::insertedInto and removedFrom were doing completely non-sensical.

Since insertedInto and removedFrom are called on an element whenever it or its ancestor is inserted into
or removed from a container node, we can't always call addSlotElementByName removeSlotElementByName when
those functions are called. Instead, we need to check whether this slot has been inserted into or removed
from a container node that resides inside a shadow root.

Also reverted r189906 since the change was made upon a bogus assumption I had made.

Test: fast/shadow-dom/slot-removal-crash.html

  • dom/Element.cpp:

(WebCore::Element::insertedInto): Added comments.
(WebCore::Element::removedFrom): Ditto.
(WebCore::Element::addShadowRoot): Reverted r189906.
(WebCore::Element::removeShadowRoot): Ditto.

  • html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::insertedInto): When the insertion point's tree scope is different from ours,
the insertion happened to our shadow host or its ancestor. There is nothing to be done in that case since
the shadow tree was not modified (in particular, our relationship with our shadow root never changed).
We also don't do anything if we got inserted into a parent which is not inside a shadow tree.

(WebCore::HTMLSlotElement::removedFrom): Since Container::removeBetween sets the tree scope before this
function is getting called, we can't compare this element's treeScope with that of the "insertion" point.
They're always different regardless of whether the insertion point was in the same shadow tree to which
we belong or its shadow host's. However, since a node removed from a shadow tree is put into document's
tree scope before this function is called and InShadowTree flag is unset in Node::removedFrom at the end
of this function, this slot element is definitely being removed from its shadow root when isInShadowTree()
is true and the newly set tree scope is of the document. So call removeSlotElementByName if and only if
that condition holds.

(WebCore::HTMLSlotElement::getDistributedNodes): Explicitly check that we're inside a shadow root.

LayoutTests:

Added regression tests.

  • fast/shadow-dom/slot-removal-crash.html: Added.
7:53 PM Changeset in webkit [190007] by rniwa@webkit.org
  • 4 edits in trunk/Source/WebCore

REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149364

Reviewed by Antti Koivisto.

Since the tree scope is set to that of Document's inside removeBetween when a node is removed from a shadow tree,
oldScope != &treeScope() was already true inside Element::removedFrom. This can introduce an inconsistency in
DocumentOrderedMap which could result in a crash. Fixed the bug by checking it against document(), which is the
behavior we had prior to r150187.

Also added a consistency check in DocumentOrderedMap to catch bugs like this.

No new tests. New assertions fail in existing tests without this fix.

  • dom/DocumentOrderedMap.cpp:

(WebCore::DocumentOrderedMap::add):
(WebCore::DocumentOrderedMap::remove):
(WebCore::DocumentOrderedMap::get):

  • dom/DocumentOrderedMap.h:
  • dom/Element.cpp:

(WebCore::Element::removedFrom):

7:31 PM Changeset in webkit [190006] by Antti Koivisto
  • 4 edits
    2 adds in trunk

Don't create renderers for children of shadow host
https://bugs.webkit.org/show_bug.cgi?id=149363

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/css-scoping-shadow-root-hides-children.html

  • dom/ShadowRoot.h:
  • style/StyleResolveTree.cpp:

(WebCore::Style::attachRenderTree):
(WebCore::Style::resolveShadowTree):
(WebCore::Style::resolveChildren):
(WebCore::Style::resolveTree):

LayoutTests:

  • fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-root-hides-children.html: Added.
7:18 PM Changeset in webkit [190005] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Remove duplicate code in the WebAssembly parser
https://bugs.webkit.org/show_bug.cgi?id=149361

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Saam Barati.

Refactor the methods for parsing GetLocal and GetGlobal in WebAssembly
to remove duplicate code.

  • wasm/WASMFunctionParser.cpp:

(JSC::nameOfType):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):
(JSC::WASMFunctionParser::parseGetLocalExpression):
(JSC::WASMFunctionParser::parseGetGlobalExpression):
(JSC::WASMFunctionParser::parseGetLocalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF64): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64): Deleted.

  • wasm/WASMFunctionParser.h:
6:26 PM Changeset in webkit [190004] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Refactor common code between GetCatchHandlerFunctor and UnwindFunctor
https://bugs.webkit.org/show_bug.cgi?id=149276

Reviewed by Mark Lam.

There is currently code copy-pasted between these
two functors. Lets not do that. It's better to write
a function, even if the function is small.

I also did a bit of renaming to make the intent of the
unwindCallFrame function clear. The name of the function
didn't really indicate what it did. It decided if it was
okay to unwind further, and it also notified the debugger.
I've renamed the function to notifyDebuggerOfUnwinding.
And I've inlined the logic of deciding if it's okay
to unwind further into UnwindFunctor itself.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::isOpcode):
(JSC::getStackFrameCodeType):
(JSC::Interpreter::stackTraceAsString):
(JSC::findExceptionHandler):
(JSC::GetCatchHandlerFunctor::GetCatchHandlerFunctor):
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
(JSC::unwindCallFrame): Deleted.

6:25 PM Changeset in webkit [190003] by Darin Adler
  • 13 edits
    2 deletes in trunk/Source/WebCore

Refine and simplify some color-related code
https://bugs.webkit.org/show_bug.cgi?id=148961

Reviewed by Anders Carlsson.

Refactoring code that seems to be covered by existing tests.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseColor): Handle the empty string efficiently so that
callers don't need to do that.

  • platform/graphics/Color.h: Started adding comments about deprecation.

Added RGBA class for future use whenever we need an RGBA quadruplet rather than
a color with a color space. Added FIXME about future evoluation of the classes here.
Added OptionalColor so we can start removing the "invalid color" feature from Color.
Added roundAndClampColorChannel function.

  • svg/ColorDistance.cpp: Removed.
  • svg/ColorDistance.h: Removed.
  • CMakeLists.txt: Removed ColorDistance.
  • WebCore.vcxproj/WebCore.vcxproj: Ditto.
  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • svg/SVGAllInOne.cpp: Ditto.
  • svg/SVGAnimatedColor.cpp:

(WebCore::SVGAnimatedColorAnimator::SVGAnimatedColorAnimator): Changed to take
a reference instead of a pointer.
(WebCore::SVGAnimatedColorAnimator::constructFromString): Simplified since the
SVGColor::colorFromRGBColorString will handle the empty string.
(WebCore::SVGAnimatedColorAnimator::addAnimatedTypes): Moved the code to add the
RGB channels of two colors here from ColorDistance::addColors since this is the
only place it was used.
(WebCore::currentColor): Refactored adjustForCurrentColor function into this.
Helper for the code below.
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): Refactored to use
the new currentColor function and replaced the use of the ColorDistance::clampColor
function here with a bit of code here in the one place it was used.
(WebCore::SVGAnimatedColorAnimator::calculateDistance): Moved the distance algorithm
here from ColorDistance::distance.

  • svg/SVGAnimatedColor.h: Removed unneeded forward declaration, changed constructor

to take references instead of pointers, and made all class member functions private.

  • svg/SVGAnimatedType.cpp:

(WebCore::SVGAnimatedType::setValueAsString): Removed special case for empty string,
since SVGColor::colorFromRGBColorString does the same thing.

  • svg/SVGAnimatorFactory.h:

(WebCore::SVGAnimatorFactory::create): Pass references rather tha pointers to the
SVGAnimatedColorAnimator constructor.

  • svg/SVGColor.cpp:

(WebCore::SVGColor::colorFromRGBColorString): Added more FIXMEs about the future of
this function.
(WebCore::SVGColor::setRGBColor): Fixed confusing verb tense.
(WebCore::SVGColor::customCSSText): Use ASCII literal for an ASCII literal.

5:31 PM Changeset in webkit [190002] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

Implement the arithmetic instructions for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148945

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements the arithmetic instructions for doubles (float64)
in WebAssembly.

  • tests/stress/wasm-arithmetic-float64.js:
  • tests/stress/wasm/arithmetic-float64.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildUnaryF64):
(JSC::WASMFunctionCompiler::buildBinaryF64):
(JSC::WASMFunctionCompiler::callOperation):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildUnaryF64):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF32):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF64):

4:57 PM Changeset in webkit [190001] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

UserMediaClientMock leaks every test run
https://bugs.webkit.org/show_bug.cgi?id=149358

Reviewed by Tim Horton.

  • platform/mock/UserMediaClientMock.h: Implement pageDestroyed.
4:51 PM Changeset in webkit [190000] by achristensen@apple.com
  • 1 edit in trunk/Source/WebCore/ChangeLog

190,000!

4:51 PM Changeset in webkit [189999] by msaboff@apple.com
  • 14 edits
    8 adds in trunk/Source/JavaScriptCore

[ES6] Tail call fast path should efficiently reuse the frame's stack space
https://bugs.webkit.org/show_bug.cgi?id=148662

Patch by Basile Clement <basile_clement@apple.com> on 2015-09-18
Reviewed by Geoffrey Garen.

This introduces a new class (CallFrameShuffler) that is responsible for
efficiently building the new frames when performing a tail call. In
order for Repatch to know about the position of arguments on the
stack/registers (e.g. for polymorphic call inline caches), we store a
CallFrameShuffleData in the CallLinkInfo. Otherwise, the JIT and DFG
compiler are now using CallFrameShuffler instead of
CCallHelpers::prepareForTailCallSlow() to build the frame for a tail
call.

When taking a slow path, we still build the frame as if doing a regular
call, because we could throw an exception and need the caller's frame
at that point. This means that for virtual calls, we don't benefit from
the efficient frame move for now.

(JSC::ARMv7Assembler::firstRegister):
(JSC::ARMv7Assembler::lastRegister):
(JSC::ARMv7Assembler::firstFPRegister):
(JSC::ARMv7Assembler::lastFPRegister):

  • assembler/AbortReason.h:
  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setFrameShuffleData):
(JSC::CallLinkInfo::frameShuffleData):

  • bytecode/ValueRecovery.h:

(JSC::ValueRecovery::inRegister):

  • dfg/DFGGenerationInfo.h:

(JSC::DFG::GenerationInfo::recovery):

  • jit/CachedRecovery.cpp: Added.

(JSC::CachedRecovery::loadsIntoFPR):
(JSC::CachedRecovery::loadsIntoGPR):

  • jit/CachedRecovery.h: Added.

(JSC::CachedRecovery::CachedRecovery):
(JSC::CachedRecovery::targets):
(JSC::CachedRecovery::addTarget):
(JSC::CachedRecovery::removeTarget):
(JSC::CachedRecovery::clearTargets):
(JSC::CachedRecovery::setWantedJSValueRegs):
(JSC::CachedRecovery::setWantedFPR):
(JSC::CachedRecovery::boxingRequiresGPR):
(JSC::CachedRecovery::boxingRequiresFPR):
(JSC::CachedRecovery::recovery):
(JSC::CachedRecovery::setRecovery):
(JSC::CachedRecovery::wantedJSValueRegs):
(JSC::CachedRecovery::wantedFPR):

  • jit/CallFrameShuffleData.cpp: Added.

(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):

  • jit/CallFrameShuffleData.h: Added.
  • jit/CallFrameShuffler.cpp: Added.

(JSC::CallFrameShuffler::CallFrameShuffler):
(JSC::CallFrameShuffler::dump):
(JSC::CallFrameShuffler::getCachedRecovery):
(JSC::CallFrameShuffler::setCachedRecovery):
(JSC::CallFrameShuffler::spill):
(JSC::CallFrameShuffler::emitDeltaCheck):
(JSC::CallFrameShuffler::prepareForSlowPath):
(JSC::CallFrameShuffler::prepareForTailCall):
(JSC::CallFrameShuffler::tryWrites):
(JSC::CallFrameShuffler::performSafeWrites):
(JSC::CallFrameShuffler::prepareAny):

  • jit/CallFrameShuffler.h: Added.

(JSC::CallFrameShuffler::lockGPR):
(JSC::CallFrameShuffler::acquireGPR):
(JSC::CallFrameShuffler::releaseGPR):
(JSC::CallFrameShuffler::snapshot):
(JSC::CallFrameShuffler::setCalleeJSValueRegs):
(JSC::CallFrameShuffler::assumeCalleeIsCell):
(JSC::CallFrameShuffler::canBox):
(JSC::CallFrameShuffler::ensureBox):
(JSC::CallFrameShuffler::ensureLoad):
(JSC::CallFrameShuffler::canLoadAndBox):
(JSC::CallFrameShuffler::updateRecovery):
(JSC::CallFrameShuffler::clearCachedRecovery):
(JSC::CallFrameShuffler::addCachedRecovery):
(JSC::CallFrameShuffler::numLocals):
(JSC::CallFrameShuffler::getOld):
(JSC::CallFrameShuffler::setOld):
(JSC::CallFrameShuffler::firstOld):
(JSC::CallFrameShuffler::lastOld):
(JSC::CallFrameShuffler::isValidOld):
(JSC::CallFrameShuffler::argCount):
(JSC::CallFrameShuffler::getNew):
(JSC::CallFrameShuffler::setNew):
(JSC::CallFrameShuffler::addNew):
(JSC::CallFrameShuffler::firstNew):
(JSC::CallFrameShuffler::lastNew):
(JSC::CallFrameShuffler::isValidNew):
(JSC::CallFrameShuffler::newAsOld):
(JSC::CallFrameShuffler::getFreeRegister):
(JSC::CallFrameShuffler::getFreeGPR):
(JSC::CallFrameShuffler::getFreeFPR):
(JSC::CallFrameShuffler::hasFreeRegister):
(JSC::CallFrameShuffler::ensureRegister):
(JSC::CallFrameShuffler::ensureGPR):
(JSC::CallFrameShuffler::ensureFPR):
(JSC::CallFrameShuffler::addressForOld):
(JSC::CallFrameShuffler::isUndecided):
(JSC::CallFrameShuffler::isSlowPath):
(JSC::CallFrameShuffler::addressForNew):
(JSC::CallFrameShuffler::dangerFrontier):
(JSC::CallFrameShuffler::isDangerNew):
(JSC::CallFrameShuffler::updateDangerFrontier):
(JSC::CallFrameShuffler::hasOnlySafeWrites):

  • jit/CallFrameShuffler32_64.cpp: Added.

(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):

  • jit/CallFrameShuffler64.cpp: Added.

(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):

  • jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

  • jit/RegisterMap.cpp:

(JSC::RegisterMap::RegisterMap):
(JSC::GPRMap::GPRMap):
(JSC::FPRMap::FPRMap):

  • jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

4:46 PM Changeset in webkit [189998] by jacob_nielsen@apple.com
  • 3 edits in trunk/LayoutTests

Adds more flaky tests to TestExpecations for iOS and WK2

  • platform/ios-simulator/TestExpectations:
  • platform/wk2/TestExpectations:
4:45 PM Changeset in webkit [189997] by aestes@apple.com
  • 4 edits
    2 adds in trunk

[iOS] did{Start,Finish}LoadForQuickLookDocumentInMainFrame is never called on WKNavigationDelegate
https://bugs.webkit.org/show_bug.cgi?id=149360

Reviewed by Tim Horton.

Source/WebKit2:

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::didStartLoadForQuickLookDocumentInMainFrame): Called on m_navigationDelegate if non-null.
(WebKit::WebPageProxy::didFinishLoadForQuickLookDocumentInMainFrame): Ditto.

Tools:

Added an API test.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/QuickLook.mm: Added.

(-[QuickLookNavigationDelegate _webView:didStartLoadForQuickLookDocumentInMainFrameWithFileName:uti:]):
(-[QuickLookNavigationDelegate _webView:didFinishLoadForQuickLookDocumentInMainFrame:]):
(-[QuickLookNavigationDelegate webView:didFinishNavigation:]):
(TEST):

  • TestWebKitAPI/ios/pages.pages: Added.
4:43 PM Changeset in webkit [189996] by sbarati@apple.com
  • 1 edit
    6 adds in trunk/LayoutTests

add a regress test for richards with try/catch.
https://bugs.webkit.org/show_bug.cgi?id=149301

Reviewed by Filip Pizlo.

This adds two variants of Octane/richards benchmark using
try/catch. One try/catch variant that actually throws.
Another that never throws. I've included try/catch inside
every function and every loop.

  • js/regress/richards-empty-try-catch-expected.txt: Added.
  • js/regress/richards-empty-try-catch.html: Added.
  • js/regress/richards-try-catch-expected.txt: Added.
  • js/regress/richards-try-catch.html: Added.
  • js/regress/script-tests/richards-empty-try-catch.js: Added.

(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

  • js/regress/script-tests/richards-try-catch.js: Added.

(randomException):
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

4:37 PM Changeset in webkit [189995] by sbarati@apple.com
  • 42 edits
    20 adds in trunk

Implement try/catch in the DFG.
https://bugs.webkit.org/show_bug.cgi?id=147374

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements try/catch inside the DFG JIT.
It also prevents tier up to the FTL for any functions
that have an op_catch in them that are DFG compiled.

This patch accomplishes implementing try/catch inside
the DFG by OSR exiting to op_catch when an exception is thrown.
We can OSR exit from an exception inside the DFG in two ways:
1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2) We have an exception when returing from a callOperation

In the case of (1), we get to the OSR exit from genericUnwind because
the exception was thrown in a child call frame. This means these
OSR exits must act as defacto op_catches (even though we will still OSR
exit to a baseline op_catch). That means they must restore the stack pointer
and call frame.

In the case of (2), we can skip genericUnwind because we know the exception
check will take us to a particular OSR exit. Instead, we link these
exception checks as jumps to a particular OSR exit.

Both types of OSR exits will exit into op_catch inside the baseline JIT.
Because they exit to op_catch, these OSR exits must set callFrameForCatch
to the proper call frame pointer.

We "handle" all exceptions inside the machine frame of the DFG code
block. This means the machine code block is responsible for "catching"
exceptions of any inlined frames' try/catch. OSR exit will then exit to
the proper baseline CodeBlock after reifying the inlined frames
(DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to).
Also, genericUnwind will never consult an inlined call frame's CodeBlock to
see if they can catch the exception because they can't. We always unwind to the
next machine code block frame. The DFG CodeBlock changes how the exception
handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks.

So, when consulting call sites that throw, we keep track of the CallSiteIndex,
and the HandlerInfo for the corresponding baseline exception handler for
that particular CallSiteIndex (if an exception at that call site will be caught).
Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
(The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
at from genericUnwind).

Also, each OSR exit will know if it acting as an exception handler, and
whether or not it will be arrived at from genericUnwind. When we know we
will arrive at an OSR exit from genericUnwind, we set the corresponding
HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.

This patch also introduces a new Phase inside the DFG that ensures
that DFG CodeBlocks that handle exceptions take the necessary
steps to keep live variables at "op_catch" live according the
OSR exit value recovery machinery. We accomplish this by flushing
all live op_catch variables to the stack when inside a "try" block.

(JSC::CodeBlock::handlerForBytecodeOffset):
(JSC::CodeBlock::handlerForIndex):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::clearExceptionHandlers):
(JSC::CodeBlock::appendExceptionHandler):

  • bytecode/PreciseJumpTargets.cpp:

(JSC::computePreciseJumpTargets):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::lastCallSite):
(JSC::DFG::CommonData::shrinkToFit):

  • dfg/DFGCommonData.h:
  • dfg/DFGGraph.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
(JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
(JSC::DFG::JITCompiler::blockHeads):
(JSC::DFG::JITCompiler::exceptionCheck): Deleted.

  • dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.

(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
(JSC::DFG::performLiveCatchVariablePreservationPhase):

  • dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
  • dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::setPatchableCodeOffset):

  • dfg/DFGOSRExit.h:

(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):

  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):

  • dfg/DFGOSRExitCompilerCommon.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGSlowPathGenerator.h:

(JSC::DFG::SlowPathGenerator::SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::generate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

  • interpreter/Interpreter.cpp:

(JSC::GetCatchHandlerFunctor::operator()):
(JSC::UnwindFunctor::operator()):

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):
(JSC::StackVisitor::readFrame):

  • interpreter/StackVisitor.h:

(JSC::StackVisitor::operator*):
(JSC::StackVisitor::operator->):

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitCount):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::addressOfCallFrameForCatch):
(JSC::VM::exception):
(JSC::VM::addressOfException):

  • tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.

(f):
(bar):
(Foo):

  • tests/stress/es6-for-of-loop-exception.js: Added.

(assert):
(shouldThrowInvalidConstAssignment):
(baz):
(foo):

  • tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(bar):
(foo):

  • tests/stress/exception-dfg-not-strict-equal.js: Added.

(foo):
(o.valueOf):
(o.toString):
(assert):
(shouldDoSomethingInFinally):
(catch):

  • tests/stress/exception-dfg-operation-read-value.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(foo):

  • tests/stress/exception-dfg-throw-from-catch-block.js: Added.

(assert):
(baz):
(bar):
(foo):

LayoutTests:

  • js/regress/raytrace-with-empty-try-catch-expected.txt: Added.
  • js/regress/raytrace-with-empty-try-catch.html: Added.
  • js/regress/raytrace-with-try-catch-expected.txt: Added.
  • js/regress/raytrace-with-try-catch.html: Added.
  • js/regress/script-tests/raytrace-with-empty-try-catch.js: Added.

(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

  • js/regress/script-tests/raytrace-with-try-catch.js: Added.

(randomException):
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

  • js/regress/script-tests/v8-raytrace-with-empty-try-catch.js: Added.

(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

  • js/regress/script-tests/v8-raytrace-with-try-catch.js: Added.

(randomException):
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

  • js/regress/v8-raytrace-with-empty-try-catch-expected.txt: Added.
  • js/regress/v8-raytrace-with-empty-try-catch.html: Added.
  • js/regress/v8-raytrace-with-try-catch-expected.txt: Added.
  • js/regress/v8-raytrace-with-try-catch.html: Added.
4:19 PM Changeset in webkit [189994] by n_wang@apple.com
  • 7 edits in trunk

AX: Implement ARIA 1.1 @aria-current on iOS
https://bugs.webkit.org/show_bug.cgi?id=149297

Reviewed by Chris Fleizach.

Source/WebCore:

Added support for iOS to query for aria-current status.
Also, enabled aria-current.html test on iOS.

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityInvalidStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIACurrentStatus]):
(-[WebAccessibilityObjectWrapper accessibilityMathRootIndexObject]):

Tools:

Added support to test aria-current on iOS.

  • DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::stringAttributeValue):

  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::stringAttributeValue):

LayoutTests:

  • platform/ios-simulator/TestExpectations:
4:06 PM Changeset in webkit [189993] by commit-queue@webkit.org
  • 13 edits
    2 adds in trunk/Source/JavaScriptCore

Implement linear memory instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149326

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements linear memory instructions in WebAssembly.[1] To
use the linear memory, an ArrayBuffer must be passed to loadWebAssembly().

Notes:

  • We limit the ArrayBuffer's byte length to 231 - 1. This enables us to use only one comparison (unsigned greater than) to check for out-of-bounds access.
  • There is no consensus yet on what should happen when an out-of-bounds access occurs.[2] For now, we throw an error when that happens.
  • In asm.js, a heap access looks like this: int32Array[i >> 2]. Note that ">> 2" is part of the syntax and is required. pack-asmjs will produce bytecodes that look something like "LoadI32, i" (not "LoadI32, ShiftRightI32, i, 2"). The requirement of the shift operator prevents unaligned accesses in asm.js. (There is a proposal to support unaligned accesses in the future version of asm.js using DataView.[3]) The WebAssembly spec allows unaligned accesses.[4] But since we use asm.js for testing, we follow asm.js's behaviors for now.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#linear-memory
[2]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#out-of-bounds
[3]: https://wiki.mozilla.org/Javascript:SpiderMonkey:OdinMonkey#Possible_asm.js_extensions_that_don.27t_require_new_JS_features
[4]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#alignment

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jsc.cpp:

(GlobalObject::finishCreation):
(functionLoadWebAssembly):

  • tests/stress/wasm-linear-memory.js: Added.

(shouldBe):
(shouldThrow):

  • tests/stress/wasm/linear-memory.wasm: Added.
  • wasm/JSWASMModule.cpp:

(JSC::JSWASMModule::JSWASMModule):
(JSC::JSWASMModule::visitChildren):

  • wasm/JSWASMModule.h:

(JSC::JSWASMModule::create):
(JSC::JSWASMModule::arrayBuffer):
(JSC::JSWASMModule::JSWASMModule): Deleted.

  • wasm/WASMConstants.h:
  • wasm/WASMFunctionCompiler.h:

(JSC::sizeOfMemoryType):
(JSC::WASMFunctionCompiler::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildLoad):
(JSC::WASMFunctionCompiler::buildStore):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseMemoryAddress):
(JSC::WASMFunctionParser::parseLoad):
(JSC::WASMFunctionParser::parseStore):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionSyntaxChecker::buildLoad):
(JSC::WASMFunctionSyntaxChecker::buildStore):

  • wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::WASMModuleParser):
(JSC::WASMModuleParser::parseModule):
(JSC::parseWebAssembly):
(JSC::WASMModuleParser::parse): Deleted.

  • wasm/WASMModuleParser.h:
4:05 PM Changeset in webkit [189992] by achristensen@apple.com
  • 2 edits in trunk/WebKitLibraries

Remove last required use of WEBKIT_LIBRARIES environment variable on Windows
https://bugs.webkit.org/show_bug.cgi?id=149355

Reviewed by Brent Fulgham.

  • win/tools/scripts/auto-version.pl:

Use the directory of $0 (the currently executed perl script) to find the perl script instead of an environment variable.
This makes it possible to build WebKit on Windows without environment variables.

4:03 PM Changeset in webkit [189991] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix Windows tests after switch to CMake.

  • testing/js/WebCoreTestSupportPrefix.h:

Include cmakeconfig.h before wtf/Platform.h like we do in all the other precompiled headers
to have consistent features defined.

3:36 PM Changeset in webkit [189990] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r189526): Nightlies don't work on Mavericks
https://bugs.webkit.org/show_bug.cgi?id=149215

Reviewed by Daniel Bates.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::SQLiteDatabase): Fixed the check to work when cross-compiling
for 10.9 with 10.10 SDK.
(WebCore::SQLiteDatabase::disableThreadingChecks): Removed an obsolete version check -
WebCore has an #error elsewhere making sure that the version is higher than that.
(WebCore::SQLiteDatabase::authorizerFunction): Ditto.

3:30 PM Changeset in webkit [189989] by jacob_nielsen@apple.com
  • 2 edits in trunk/LayoutTests

REGRESSION: http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=132388

3:26 PM Changeset in webkit [189988] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

CMake clean build fix after r189971.

  • CMakeLists.txt:

Remove Entity.idl.

3:25 PM Changeset in webkit [189987] by Antti Koivisto
  • 16 edits in trunk/Source/WebCore

Support style isolation in shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149353

Reviewed by Ryosuke Niwa.

Allow ShadowRoots to have their own StyleResolvers.

This patch just adds the mechanism, all shadow roots still use the document resolver.

  • css/StyleResolver.h:

(WebCore::StyleResolverParentPusher::push):
(WebCore::StyleResolverParentPusher::~StyleResolverParentPusher):

  • dom/Element.cpp:

(WebCore::Element::absoluteLinkURL):
(WebCore::Element::styleResolver):

Helper function for getting the right StyleResolver for the element.

(WebCore::Element::resolveStyle):

Helper function for resolving element style.

  • dom/Element.h:
  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::~ShadowRoot):
(WebCore::ShadowRoot::styleResolver):
(WebCore::ShadowRoot::cloneNode):

  • dom/ShadowRoot.h:

(WebCore::ShadowRoot::resetStyleInheritance):

  • editing/EditingStyle.cpp:

(WebCore::styleFromMatchedRulesForElement):

  • html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::computedTextWithDirection):

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::setFont):

  • inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::getMatchedStylesForNode):

  • page/animation/KeyframeAnimation.cpp:

(WebCore::KeyframeAnimation::KeyframeAnimation):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::getUncachedPseudoStyle):
(WebCore::RenderElement::containingBlockForFixedPosition):

  • rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::checkRegionStyle):
(WebCore::RenderNamedFlowFragment::computeStyleInRegion):

  • style/StyleResolveTree.cpp:

(WebCore::Style::styleForElement):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::customStyleForRenderer):
(WebCore::SVGElement::animatedSMILStyleProperties):

  • svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

2:37 PM Changeset in webkit [189986] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Snapshots broken on iOS
https://bugs.webkit.org/show_bug.cgi?id=149354

Reviewed by Tim Horton.

We need to send the IOSurface to ViewSnapshot::create() for this to work.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _takeViewSnapshot]):

2:30 PM Changeset in webkit [189985] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

[Win] Fix bindings tests after r189934.

Reviewed by Brent Fulgham.

  • bindings/scripts/preprocessor.pm:

(applyPreprocessor):
Bindings tests use /usr/bin/gcc from cygwin, which requires different flags.
If we're using gcc to preprocess, use it like we did before r189934.

2:29 PM Changeset in webkit [189984] by commit-queue@webkit.org
  • 8 edits in trunk/Source/JavaScriptCore

Implement type conversion instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149340

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Mark Lam.

This patch implements some type conversion instructions in WebAssembly.
The WebAssembly spec has a lot more type conversion instructions than
what are available in asm.js.[1] We only implement the ones that are in
asm.js for now because we can only test those.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md

  • tests/stress/wasm-type-conversion.js:
  • tests/stress/wasm/type-conversion.wasm:
  • wasm/WASMConstants.h:
  • wasm/WASMFunctionCompiler.h:

(JSC::operationConvertUnsignedInt32ToDouble):
(JSC::WASMFunctionCompiler::buildConvertType):
(JSC::WASMFunctionCompiler::callOperation):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseConvertType):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildConvertType):

2:08 PM Changeset in webkit [189983] by jacob_nielsen@apple.com
  • 2 edits in trunk/LayoutTests

line-break-language-sensitive tests should be marked as flaky
https://bugs.webkit.org/show_bug.cgi?id=149349

  • platform/ios-simulator/TestExpectations:
2:05 PM Changeset in webkit [189982] by eric.carlson@apple.com
  • 18 edits
    4 adds
    2 deletes in trunk

[MediaStream] Finish implementing MediaDevices.enumerateDevices
https://bugs.webkit.org/show_bug.cgi?id=149322
<rdar://problem/22750866>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: fast/mediastream/MediaDevices-enumerateDevices.html

  • CMakeLists.txt: Add MediaDevicesRequest.cpp
  • Modules/mediastream/MediaDeviceInfo.h: Add MediaDeviceInfoVector typedef.
  • Modules/mediastream/MediaDevices.cpp:

(WebCore::MediaDevices::enumerateDevices): Use MediaDevicesRequest.

  • Modules/mediastream/MediaDevices.h: EnumerateDevicePromise -> EnumerateDevicesPromise.
  • Modules/mediastream/MediaDevices.idl:
  • Modules/mediastream/MediaDevicesRequest.cpp: Added.

(WebCore::MediaDevicesRequest::create):
(WebCore::MediaDevicesRequest::MediaDevicesRequest):
(WebCore::MediaDevicesRequest::~MediaDevicesRequest):
(WebCore::MediaDevicesRequest::securityOrigin):
(WebCore::MediaDevicesRequest::contextDestroyed):
(WebCore::MediaDevicesRequest::start):
(WebCore::MediaDevicesRequest::didCompleteRequest):
(WebCore::MediaDevicesRequest::requestOrigin):

  • Modules/mediastream/MediaDevicesRequest.h: Added.
  • Modules/mediastream/MediaStreamTrackSourcesRequest.cpp:

(WebCore::MediaStreamTrackSourcesRequest::MediaStreamTrackSourcesRequest):
(WebCore::MediaStreamTrackSourcesRequest::didCompleteRequest):

  • Modules/mediastream/MediaStreamTrackSourcesRequest.h:
  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::enumerateDevices): Deleted.

  • Modules/mediastream/UserMediaRequest.h:
  • WebCore.xcodeproj/project.pbxproj: Add MediaDevicesRequest.cpp
  • platform/mediastream/MediaDevicesPrivate.cpp: Removed.
  • platform/mediastream/MediaDevicesPrivate.h: Removed.
  • platform/mediastream/MediaStreamCreationClient.h:
  • platform/mediastream/MediaStreamTrackSourcesRequestClient.h:

(WebCore::MediaStreamTrackSourcesRequestClient::~MediaStreamTrackSourcesRequestClient):

  • platform/mediastream/mac/AVCaptureDeviceManager.h:
  • platform/mediastream/mac/AVCaptureDeviceManager.mm:

(WebCore::AVCaptureDeviceManager::verifyConstraintsForMediaType): Optionally take an

AVCaptureSession instead of always allocating one.

(WebCore::AVCaptureDeviceManager::bestSourcesForTypeAndConstraints): Pass the AVCaptureSession

to verifyConstraintsForMediaType.

  • platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):

  • platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):

LayoutTests:

  • fast/mediastream/MediaDevices-enumerateDevices-expected.txt: Added.
  • fast/mediastream/MediaDevices-enumerateDevices.html: Added.
1:57 PM Changeset in webkit [189981] by ap@apple.com
  • 2 edits in trunk/Tools

iOS WebKitTestRunner frequently crashes in WKContextGetIconDatabase
https://bugs.webkit.org/show_bug.cgi?id=149352

Reviewed by Simon Fraser.

  • WebKitTestRunner/TestController.cpp: (WTR::TestController::~TestController):

m_context can be null. This may indicate a bug in webkitpy too, but
WebKitTestRunner should handle this situation nicely, there is nothing intrinsically
wrong with opening and immediately closing it.

1:55 PM Changeset in webkit [189980] by jacob_nielsen@apple.com
  • 2 edits in trunk/LayoutTests

Updates to include change to iOS test expectations after bug 149187

  • platform/ios-simulator/js/dom/constructor-length-expected.txt:
1:37 PM Changeset in webkit [189979] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

WebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with GuardMalloc when preparing to suspend
https://bugs.webkit.org/show_bug.cgi?id=149350

Reviewed by Antti Koivisto.

in MemoryPressureHandler::releaseCriticalMemory(), iterate over a copy of
Document::allDocuments() instead of iterating over allDocuments() directly.
Also make sure the Documents are ref'd inside the copy.

This is needed because clearing the StyleResolver of a Document may cause
Documents to be unref'd and removed from the allDocument() HashSet.

No new tests, already covered by existing tests.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseCriticalMemory):

1:31 PM Changeset in webkit [189978] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix.

Non-cmake build does not include quotes in the file path, so a search
operation always failed.

  • bindings/scripts/preprocessor.pm:

(applyPreprocessor):

1:00 PM Changeset in webkit [189977] by dbates@webkit.org
  • 2 edits in trunk/Tools

isGitSVNDirectory() returns true when Git is not installed
https://bugs.webkit.org/show_bug.cgi?id=149351

Reviewed by Alexey Proskuryakov.

Fixes an issue where VCSUtils::isGitSVNDirectory() returns true for any arbitrary directory if
Git is not installed on the machine.

  • Scripts/VCSUtils.pm:

(isGitSVNDirectory): Ensure that git config --get svn-remote.svn.fetch 2>& 1 exits with
status code 0 (success).

12:31 PM Changeset in webkit [189976] by Chris Dumez
  • 4 edits in trunk

REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them
https://bugs.webkit.org/show_bug.cgi?id=149317
<rdar://problem/22521514>

Reviewed by Tim Horton.

Source/WebCore:

Disable on Mavericks a PageCache optimization from r182449 which lets
into PageCache pages that only have certain types of pending loads
(images and XHR). This is because it has been determined via bisection
that this change is the one that introduced the bug on Mavericks.

  • loader/DocumentLoader.cpp:

(WebCore::areAllLoadersPageCacheAcceptable):

LayoutTests:

Skip a couple of PageCache layout tests on Mavericks now that a PageCache
optimization has been disabled.

  • platform/mac/TestExpectations:
11:35 AM Changeset in webkit [189975] by Alan Bujtas
  • 2 edits in trunk/LayoutTests

Unreviewed iOS gardening.

  • platform/ios-simulator/TestExpectations:
11:23 AM Changeset in webkit [189974] by Brent Fulgham
  • 8 edits in trunk/Source

[Win] Use tiled drawing for main background layer
https://bugs.webkit.org/show_bug.cgi?id=149347
<rdar://problem/22759632>

Reviewed by Alex Christensen.

Source/WebCore:

Turn on tiled drawing for the root layer when using
accelerated compositing on Windows.

  • page/Frame.h: Export the 'isMainFrame' method so that

it can be used by WebKit.dll.

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::getDebugBorderInfo): Use a full
pixel width on Windows, since it doesn't support High DPI (yet).

  • platform/graphics/ca/win/PlatformCALayerWin.cpp:

(PlatformCALayerWin::create): Use nullptr.
(toCACFFilterType): Ditto.
(layerTreeHostForLayer): Ditto.
(PlatformCALayer::platformCALayer): Ditto.

(PlatformCALayerWin::PlatformCALayerWin): Use the correct contents scaling

factor for new layers.
(PlatformCALayerWin::animationForKey): Use nullptr.

  • platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:

(WebTiledBackingLayerWin::displayCallback): Update assertion to
recognize LayerTypePageTiledBackingLayer as a valid layer to be used
in this display routine.

Source/WebKit/win:

Instruct WebCore to use tiled drawing for the root layer
of the display.

  • WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::shouldUseTiledBackingForFrameView): Added.

  • WebCoreSupport/WebChromeClient.h:
11:00 AM Changeset in webkit [189973] by achristensen@apple.com
  • 3 edits in trunk/Tools

Prevent build-webkit from building four times on Windows
https://bugs.webkit.org/show_bug.cgi?id=149336

Reviewed by Brent Fulgham.

  • Scripts/build-webkit:

Move the Windows code out of the for loop iterating over each subdirectory to be build.
They're built all at once.

  • Scripts/webkitdirs.pm:

(buildVisualStudioProject):
(cmakeGeneratedBuildfile):
Don't generate the Visual Studio solution if it already exists.
It will run CMake again if necessary.

11:00 AM Changeset in webkit [189972] by achristensen@apple.com
  • 3 edits
    1 add in trunk

Fix tests on Windows after switching to CMake.
https://bugs.webkit.org/show_bug.cgi?id=149339

Reviewed by Brent Fulgham.

.:

  • Source/PlatformWin.cmake: Added to copy WebInspectorUI.

Source/JavaScriptCore:

  • shell/PlatformWin.cmake:

Build testapi and testRegExp (which doesn't seem to be used any more).

10:23 AM Changeset in webkit [189971] by Chris Dumez
  • 40 edits in trunk

Drop support for Entity Node type
https://bugs.webkit.org/show_bug.cgi?id=149239

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that a new check is passing.

  • web-platform-tests/dom/historical-expected.txt:

Source/WebCore:

Drop support for Entity DOM type. This legacy type has been dropped in
DOM4:

Chrome [1] and Firefox [2] already dropped it. There is currently no
way to construct an Entity Node in WebKit.

[1] https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/k3tZGP2EANc
[2] https://developer.mozilla.org/en-US/docs/Web/API/Entity

No new tests, already covered by existing W3C test.

  • DerivedSources.cpp:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/gobject/WebKitDOMPrivate.cpp:

(WebKit::wrap): Deleted.

  • bindings/js/JSNodeCustom.cpp:

(WebCore::createWrapperInline): Deleted.

  • bindings/objc/DOM.mm:

(kitClass): Deleted.

  • dom/Document.cpp:

(WebCore::Document::importNode): Deleted.
(WebCore::Document::adoptNode): Deleted.
(WebCore::Document::childTypeAllowed): Deleted.
(WebCore::Document::canAcceptChild): Deleted.

  • dom/Entity.h:
  • dom/Entity.idl:
  • dom/Node.cpp:

(WebCore::Node::isDefaultNamespace): Deleted.
(WebCore::Node::lookupPrefix): Deleted.
(WebCore::Node::lookupNamespaceURI): Deleted.
(WebCore::appendTextContent): Deleted.
(WebCore::Node::setTextContent): Deleted.

  • dom/Node.h:
  • dom/Range.cpp:

(WebCore::lengthOfContentsInNode): Deleted.
(WebCore::Range::processContentsBetweenOffsets): Deleted.
(WebCore::Range::insertNode): Deleted.
(WebCore::Range::checkNodeWOffset): Deleted.
(WebCore::Range::checkNodeBA): Deleted.
(WebCore::Range::selectNode): Deleted.
(WebCore::Range::selectNodeContents): Deleted.
(WebCore::Range::surroundContents): Deleted.

  • editing/MarkupAccumulator.cpp:

(WebCore::MarkupAccumulator::appendStartMarkup): Deleted.

  • xml/XPathUtil.cpp:

(WebCore::XPath::isValidContextNode): Deleted.

Source/WebKit2:

Stop handling the Entity node type.

  • WebProcess/InjectedBundle/API/mac/WKDOMInternals.mm:

LayoutTests:

Rebaseline / update layout tests now that we no longer expose the
Entity type to the Web.

  • fast/dom/Window/get-set-properties-expected.txt:
  • fast/dom/Window/get-set-properties.html:
  • fast/dom/Window/resources/window-properties.js:
  • fast/dom/Window/window-lookup-precedence-expected.txt:
  • fast/dom/dom-constructors-expected.txt:
  • fast/dom/dom-constructors.html:
  • platform/gtk/fast/dom/Window/window-lookup-precedence-expected.txt:
  • platform/mac/fast/dom/Window/window-lookup-precedence-expected.txt:
10:16 AM Changeset in webkit [189970] by BJ Burg
  • 32 edits in trunk/Source

ASSERT(!m_frontendRouter->hasLocalFrontend()) when running Web Inspector tests
https://bugs.webkit.org/show_bug.cgi?id=149006
Source/JavaScriptCore:

Reviewed by Joseph Pecoraro.

Prior to disconnecting, we need to know how many frontends remain connected.

  • inspector/InspectorFrontendRouter.h: Add frontendCount().

Source/WebCore:

Reviewed by Joseph Pecoraro.

The patch fixes two defects:

(1) the stub inspector frontend is not closed reliably when a test times out
(2) frontend clients and channels are sometimes connected to the wrong controllers

When an inspector test times out, the test runner requests (via the inspected page's controller)
that the inspector close. But, the stub frontend works independently of InspectorClient,
so the inspected page's InspectorController cannot close the stub frontend. The assertion
failed because the stub frontend's channel was still connected to the inspected page's controller.

The fix is to route requests for the inspector window to close through the FrontendClient's
closeWindow() method rather than InspectorClient, so that the stub frontend can react.
The other code paths (i.e., through close() and closeLocalFrontend()) have been removed.

Now that the stub frontend eagerly closes its channel before the Page gets GC'd, several
methods invoked during test teardown must be reordered to avoid using dangling pointers.

The stub frontend in Internals has been rewritten to properly disconnect itself
from both the frontend and inspected page's inspector controllers.

While fixing this bug, I noticed that we are inconsistent about which inspector controller
(the inspected page's or the frontend page's) receives the FrontendClient and which takes
FrontendChannels. It is now the case for all configurations that the FrontendClient is
connected to the frontend page's inspector controller, and FrontendChannels are connected
to the inspected page's inspector controller. In the WK2 case, the Inspector Process
has an attached frontend client, and its inspected Web Process has frontend channels.

No new tests, covered by existing tests.

  • inspector/InspectorClient.h:
  • inspector/InspectorController.cpp:

(WebCore::InspectorController::~InspectorController):
(WebCore::InspectorController::inspectedPageDestroyed):

This method is called from Page::~Page, so we should disconnect all frontends now
before subframes are detached from the page, making InspectorController inaccessible.

(WebCore::InspectorController::disconnectFrontend):

The teardown branch was never being run before, because we never disconnected the
frontend's channel correctly. Some agents use the overlay during teardown, so notify
agents before releasing the overlay page.

(WebCore::InspectorController::disconnectAllFrontends):

The actions from close() are inlined and rearranged here, similar to disconnectFrontend.
We have to notify agents before removing InspectorClient as some agents make use of it.

(WebCore::InspectorController::close): Deleted.
(WebCore::InspectorController::show): This assertion is vacuously true now.

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::inspectedPage): Added. Used by stub frontend.

  • inspector/InspectorFrontendClientLocal.h:

(WebCore::InspectorFrontendClientLocal::frontendPage): Added.

  • loader/EmptyClients.h:
  • page/Page.cpp:

(WebCore::Page::~Page):

Notify inspector before detaching frames, otherwise it will not be possible to
cleanly disconnect the stub frontend's channel.

  • testing/Internals.cpp:

Rewrite the stub frontend to better encapsulate its setup and teardown logic.

(WebCore::InspectorStubFrontend::frontendPage): Added.
(WebCore::InspectorStubFrontend::InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::~InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::closeWindow): Added.
(WebCore::InspectorStubFrontend::sendMessageToFrontend): Added.
(WebCore::Internals::openDummyInspectorFrontend):
(WebCore::Internals::closeDummyInspectorFrontend):
(WebCore::InspectorFrontendClientDummy::~InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendClientDummy::InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::~InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::sendMessageToFrontend): Deleted.

  • testing/Internals.h:

Source/WebKit/ios:

Reviewed by Joseph Pecoraro.

  • WebCoreSupport/WebInspectorClientIOS.mm:

(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.

Source/WebKit/mac:

Reviewed by Joseph Pecoraro.

WK1 WebInspectorClient was connecting to the wrong controllers. Fix this, and
remove extra code paths for closing the frontend.

  • WebCoreSupport/WebInspectorClient.h:
  • WebCoreSupport/WebInspectorClient.mm:

(-[WebInspectorWindowController destroyInspectorView]):

Disconnect the FrontendClient from the frontend page's inspector controller.
Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.

  • WebInspector/WebInspector.mm:

(-inspectedWebViewClosed):

Make sure to close ourself if the inspected page closes.

(-close:):

Go through the frontend instead of InspectorController.

  • WebInspector/WebInspectorFrontend.h:
  • WebInspector/WebInspectorFrontend.mm:

(-[WebInspectorFrontend close]):

Source/WebKit/win:

Reviewed by Joseph Pecoraro.

  • WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorFrontendClient::destroyInspectorView):

Disconnect the FrontendClient from the frontend page's inspector controller.
Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorFrontendClient::onClose):
(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.

  • WebCoreSupport/WebInspectorClient.h: Drive-by cleanup for class declarations.
  • WebInspector.cpp:

(WebInspector::close):

Go through the frontend instead of InspectorController.

Source/WebKit2:

<rdar://problem/22654257>
<rdar://problem/22631369>

Reviewed by Joseph Pecoraro.

Stop using InspectorController to close the frontend page. Go through
the FrontendClient instead. Reduce redundant code paths.

This change seems to fix some recent crashes that were seen when
closing Safari with Web Inspector open. These were caused by the frontend
channel not being disconnected at the right time.

  • WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::inspectedPageDestroyed):
(WebKit::WebInspectorClient::closeLocalFrontend): Deleted.

  • WebProcess/WebCoreSupport/WebInspectorClient.h:
  • WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::close):

  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::establishConnection):

Save a pointer to the frontend's InspectorController since we may
need to use it while the page is being destructed and its getter
is no longer accessible.

(WebKit::WebInspectorUI::closeWindow):

Explicitly remove the frontend client when closing the frontend.

  • WebProcess/WebPage/WebInspectorUI.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::inspector):

Allow clients to specify whether an inspector should be eagerly created.
Without this, we may accidentally create an instance during teardown.

  • WebProcess/WebPage/WebPage.h:
9:53 AM Changeset in webkit [189969] by Chris Dumez
  • 9 edits
    3 adds in trunk

classList.toggle(name, force) treats undefined force argument as false
https://bugs.webkit.org/show_bug.cgi?id=148582
<rdar://problem/22545600>

Reviewed by Ryosuke Niwa.

Source/WebCore:

classList.toggle(name, force) treats undefined force argument as false.
However, according to the Web IDL specification, we should treat undefined
as if the value was missing for optional parameters that do not have a
default value:
https://heycam.github.io/webidl/#dfn-overload-resolution-algorithm (Step 14.4).

For optional parameters that have a default value, undefined should be
converted into the default value. This is supported as of r189957.

In this patch, we use custom bindings to provide a spec-compliant version
of DOMTokenList.toggle(). Unfortunately, adding such support in the
bindings generator would be a non-trivial task (I guess, we would have to
generalize using WTF::Optional<> type for all optional parameters in our
implementation. Also we cannot use the default value support added in
r189957 because the toggle() implementation needs to be able to
distinguish all 3 states for the 'force' parameter: true, false or
missing.

The new behavior matches the behavior of Firefox and the specification.

Test: fast/dom/Element/class-list-toggle.html

  • CMakeLists.txt:
  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSBindingsAllInOne.cpp:
  • bindings/js/JSDOMTokenListCustom.cpp: Added.

(WebCore::JSDOMTokenList::toggle):

  • html/DOMTokenList.h:
  • html/DOMTokenList.idl:

LayoutTests:

Add decent test coverage for DOMTokenList.toggle() via Element.classList.

  • fast/dom/Element/class-list-toggle-expected.txt: Added.
  • fast/dom/Element/class-list-toggle.html: Added.
9:43 AM WebInspectorCodingStyleGuide edited by BJ Burg
update arrow function guidance (diff)
9:38 AM Changeset in webkit [189968] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

Explicitly specify builtin JS files dependency
https://bugs.webkit.org/show_bug.cgi?id=149323

Reviewed by Alex Christensen.

JSCBuiltins.{h,cpp} in CMakeLists.txt and DerivedSources.make just depend on the builtins directory.
As a result, even if we modify builtins/*.js code, regenerating JSCBuiltins.{h,cpp} does not occur.
As the same to the cpp sources, let's list up the JS files explicitly.

  • CMakeLists.txt:
  • DerivedSources.make:
9:21 AM Changeset in webkit [189967] by msaboff@apple.com
  • 19 edits
    3 deletes in trunk/Source/JavaScriptCore

Remove register preservation and restoration stub code
https://bugs.webkit.org/show_bug.cgi?id=149335

Reviewed by Mark Lam.

Delete the register preservation and restoration thunks and related plumbing.

Much of this change is removing the unneeded RegisterPreservationMode parameter
from various functions.

(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::isLinked):
(JSC::CallLinkInfo::setUpCallFromFTL):
(JSC::CallLinkInfo::registerPreservationMode): Deleted.

  • ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::initializeAddressForCall):
(JSC::FTL::JITCode::addressForCall):

  • ftl/FTLJITCode.h:
  • ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

  • jit/JITCode.cpp:

(JSC::JITCode::execute):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::addressForCall):
(JSC::NativeJITCode::initializeCodeRef):
(JSC::NativeJITCode::addressForCall):
(JSC::DirectJITCode::ensureWrappers): Deleted.

  • jit/JITCode.h:

(JSC::JITCode::jitTypeFor):
(JSC::JITCode::executableAddress):

  • jit/JITOperations.cpp:
  • jit/RegisterPreservationWrapperGenerator.cpp: Removed.
  • jit/RegisterPreservationWrapperGenerator.h: Removed.
  • jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

  • jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

  • jit/ThunkGenerators.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::entryOSR):
(JSC::LLInt::setUpCall):

  • runtime/Executable.cpp:

(JSC::ExecutableBase::clearCode):
(JSC::ScriptExecutable::installCode):
(JSC::WebAssemblyExecutable::prepareForExecution):

  • runtime/Executable.h:

(JSC::ExecutableBase::generatedJITCodeFor):
(JSC::ExecutableBase::entrypointFor):
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):

  • runtime/RegisterPreservationMode.h: Removed.
7:20 AM WebKitGTK/2.10.x edited by clopez@igalia.com
(diff)
7:07 AM WebKitGTK/2.10.x edited by clopez@igalia.com
(diff)
6:27 AM Changeset in webkit [189966] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Fix build with --no-indexed-database after r189831
https://bugs.webkit.org/show_bug.cgi?id=149342

Patch by Emanuele Aina <Emanuele Aina> on 2015-09-18
Reviewed by Csaba Osztrogonác.

  • WebProcess/Databases/WebDatabaseProvider.h:

Add ENABLE(INDEXED_DATABASE) guard around supportsModernIDB().

Sep 17, 2015:

11:04 PM Changeset in webkit [189965] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebInspectorUI

Web Inspector: Simplify some functional callbacks
https://bugs.webkit.org/show_bug.cgi?id=149333

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-17
Reviewed by Brian Burg.

  • UserInterface/Controllers/LogManager.js:

(WebInspector.LogManager.prototype.messageWasAdded):

  • UserInterface/Models/Color.js:

(WebInspector.Color):

  • UserInterface/Models/Geometry.js:

(WebInspector.CubicBezier.fromCoordinates):

  • UserInterface/Models/ObjectPreview.js:

(WebInspector.ObjectPreview.fromPayload):

  • UserInterface/Models/TypeDescription.js:

(WebInspector.TypeDescription.fromPayload):

  • UserInterface/Protocol/RemoteObject.js:

(WebInspector.RemoteObject.prototype.getCollectionEntries):
(WebInspector.RemoteObject.prototype.getCollectionEntries.): Deleted.

  • UserInterface/Views/TextEditor.js:

(WebInspector.TextEditor.prototype.get markers):
(WebInspector.TextEditor.prototype.markersAtPosition):

10:06 PM Changeset in webkit [189964] by commit-queue@webkit.org
  • 18 edits in trunk/Source

Web Inspector: Remove unused canClearBrowserCookies / canClearBrowserCache protocol methods
https://bugs.webkit.org/show_bug.cgi?id=149307

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-17
Reviewed by Brian Burg.

Source/JavaScriptCore:

  • inspector/protocol/Network.json:

Remove unused protocol methods.

Source/WebCore:

  • inspector/InspectorClient.h:

(WebCore::InspectorClient::canClearBrowserCache): Deleted.
(WebCore::InspectorClient::clearBrowserCache): Deleted.
(WebCore::InspectorClient::canClearBrowserCookies): Deleted.
(WebCore::InspectorClient::clearBrowserCookies): Deleted.
These were unimplemented by any ports.

  • inspector/CommandLineAPIHost.cpp:
  • inspector/InspectorController.cpp:

(WebCore::InspectorController::InspectorController):

  • inspector/InspectorResourceAgent.cpp:

(WebCore::InspectorResourceAgent::InspectorResourceAgent):
(WebCore::InspectorResourceAgent::canClearBrowserCache): Deleted.
(WebCore::InspectorResourceAgent::clearBrowserCache): Deleted.
(WebCore::InspectorResourceAgent::canClearBrowserCookies): Deleted.
(WebCore::InspectorResourceAgent::clearBrowserCookies): Deleted.

  • inspector/InspectorResourceAgent.h:
  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):

  • inspector/InspectorTimelineAgent.h:
  • inspector/WorkerInspectorController.cpp:

(WebCore::WorkerInspectorController::WorkerInspectorController):
Remove uses of InspectorClient where it is no longer needed.

Source/WebInspectorUI:

  • UserInterface/Protocol/Legacy/7.0/InspectorBackendCommands.js:
  • UserInterface/Protocol/Legacy/8.0/InspectorBackendCommands.js:
  • UserInterface/Protocol/Legacy/9.0/InspectorBackendCommands.js:
  • Versions/Inspector-iOS-7.0.json:
  • Versions/Inspector-iOS-8.0.json:
  • Versions/Inspector-iOS-9.0.json:

Retroactively remove the protocol methods as they were unused
in these earlier versions as well.

9:48 PM Changeset in webkit [189963] by commit-queue@webkit.org
  • 2 edits
    8 deletes in trunk/LayoutTests

Unreviewed, rolling out r189962.
https://bugs.webkit.org/show_bug.cgi?id=149334

These new tests uncovered a crash (Requested by ap on
#webkit).

Reverted changeset:

"Add some tests for shadow DOM rendering"
https://bugs.webkit.org/show_bug.cgi?id=149330
http://trac.webkit.org/changeset/189962

8:08 PM Changeset in webkit [189962] by rniwa@webkit.org
  • 2 edits
    8 adds in trunk/LayoutTests

Add some tests for shadow DOM rendering
https://bugs.webkit.org/show_bug.cgi?id=149330

Reviewed by Antti Koivisto.

Added some ref tests for new shadow DOM API rendering with failing expectations everywhere.

  • fast/shadow-dom/css-scoping-shadow-invisible-slot-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-invisible-slot.html: Added.
  • fast/shadow-dom/css-scoping-shadow-rendering-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-rendering.html: Added.
  • fast/shadow-dom/css-scoping-shadow-slot-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-slot.html: Added.
  • fast/shadow-dom/css-scoping-shadow-with-rules-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-with-rules.html: Added.
  • platform/mac/TestExpectations:
7:56 PM Changeset in webkit [189961] by commit-queue@webkit.org
  • 41 edits
    26 deletes in trunk

Unreviewed, rolling out r189938, r189952, and r189956.
https://bugs.webkit.org/show_bug.cgi?id=149329

Broke Web Workers (Requested by ap on #webkit).

Reverted changesets:

"Implement try/catch in the DFG."
https://bugs.webkit.org/show_bug.cgi?id=147374
http://trac.webkit.org/changeset/189938

"CLoop build fix after r189938."
http://trac.webkit.org/changeset/189952

"add a regress test for richards with try/catch."
https://bugs.webkit.org/show_bug.cgi?id=149301
http://trac.webkit.org/changeset/189956

7:55 PM Changeset in webkit [189960] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Update features.json for Shadow DOM and Web Components
https://bugs.webkit.org/show_bug.cgi?id=149249

Reviewed by Antti Koivisto.

Updated the status of Shadow DOM and made myself the point of contact for shadow DOM and web components.

  • features.json:
6:58 PM Changeset in webkit [189959] by Simon Fraser
  • 6 edits in trunk/Tools

[iOS WK2] WTR fails to set the key window in the UIKit sense
https://bugs.webkit.org/show_bug.cgi?id=149325

Reviewed by Tim Horton.

-[WebKitTestRunnerWindow isKeyWindow] just returned _platformWebView->windowIsKey().
This causes UIKit to bypass code that actually sets the key window, resulting in
[UIAppliation sharedApplication].keyWindow always being nil.

Fix by PlatformWebView::setWindowIsKey() actually call -makeKeyWindow, and having
-[WebKitTestRunnerWindow isKeyWindow] call super.

  • WebKitTestRunner/PlatformWebView.h:

(WTR::PlatformWebView::setWindowIsKey): Deleted.

  • WebKitTestRunner/efl/PlatformWebViewEfl.cpp:

(WTR::PlatformWebView::setWindowIsKey):

  • WebKitTestRunner/gtk/PlatformWebViewGtk.cpp:

(WTR::PlatformWebView::setWindowIsKey):

  • WebKitTestRunner/ios/PlatformWebViewIOS.mm:

(-[WebKitTestRunnerWindow isKeyWindow]):
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::~PlatformWebView):
(WTR::PlatformWebView::setWindowIsKey):

  • WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WTR::PlatformWebView::setWindowIsKey):

6:58 PM Changeset in webkit [189958] by Simon Fraser
  • 6 edits in trunk/Tools

[iOS WK2] When loading viewport tests, use the normal web page viewport configuration
https://bugs.webkit.org/show_bug.cgi?id=149321

Reviewed by Tim Horton.

InjectedBundlePage::platformDidStartProvisionalLoadForFrame() unconditionally
enabled the "testing" viewport configuration, which disables page scaling.

If we're running viewport tests, we want the normal web page configuration.
Do that by passing a flag in the dictionary sent to InjectedBundle::beginTesting(),
based on whether the test is in a "viewport" directory.

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::beginTesting):

  • WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm:

(WTR::InjectedBundlePage::platformDidStartProvisionalLoadForFrame): Deleted.

  • WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::shouldLogFrameLoadDelegates):
(WTR::TestInvocation::shouldLogHistoryClientCallbacks):
(WTR::TestInvocation::shouldMakeViewportFlexible):
(WTR::TestInvocation::invoke):

  • WebKitTestRunner/TestInvocation.h:
  • WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::platformConfigureViewForTest):
(WTR::shouldMakeViewportFlexible): Deleted.

6:48 PM Changeset in webkit [189957] by Chris Dumez
  • 16 edits in trunk

[WebIDL] Add support for default parameter values
https://bugs.webkit.org/show_bug.cgi?id=149263
<rdar://problem/22545600>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more NodeIterator / TreeWalker
checks are passing.

  • web-platform-tests/dom/traversal/NodeIterator-expected.txt:
  • web-platform-tests/dom/traversal/TreeWalker-basic-expected.txt:

Source/WebCore:

Add support for default parameter values to our Web IDL parser and JS
bindings generator. This allows the bindings to convert undefined to
the parameter's default value for optional parameters:
https://heycam.github.io/webidl/#dfn-optional-argument-default-value

Previously, our bindings generator would just convert undefined to
0 / false / "undefined" for optional parameters, depending on the
parameter type.

This patch uses the new default parameter support to fix a bug in
document.createNodeIterator() / document.createTreeWalker()'s handling
of the whatToShow parameter:
https://dom.spec.whatwg.org/#document

WebKit currently was undefined to 0 in this case, even though it should
use the parameter's default value: OxFFFFFFFF.

I am planning to go through other optional parameters in a follow-up
patch and add default values where needed.

No new tests, already covered by existing layout tests and
added bindings tests coverage.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck):

  • bindings/scripts/IDLParser.pm:

(parseOptionalOrRequiredArgument):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

(webkit_dom_test_obj_method_with_optional_arg_and_default_value):
(webkit_dom_test_obj_method_with_optional_string_and_default_value):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArgAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringAndDefaultValue):

  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:

(-[DOMTestObj methodWithOptionalArgAndDefaultValue:]):
(-[DOMTestObj methodWithOptionalStringAndDefaultValue:]):

  • bindings/scripts/test/TestObj.idl:
  • dom/Document.idl:

LayoutTests:

Rebaseline several NodeIterator / TreeWalker tests now that more checks
are passing.

  • fast/dom/createNodeIterator-parameters-expected.txt:
  • fast/dom/createTreeWalker-parameters-expected.txt:
6:34 PM Changeset in webkit [189956] by sbarati@apple.com
  • 1 edit
    6 adds in trunk/LayoutTests

add a regress test for richards with try/catch.
https://bugs.webkit.org/show_bug.cgi?id=149301

Reviewed by Filip Pizlo.

This adds two variants of Octane/richards benchmark using
try/catch. One try/catch variant that actually throws.
Another that never throws. I've included try/catch inside
every function and every loop.

  • js/regress/richards-empty-try-catch-expected.txt: Added.
  • js/regress/richards-empty-try-catch.html: Added.
  • js/regress/richards-try-catch-expected.txt: Added.
  • js/regress/richards-try-catch.html: Added.
  • js/regress/script-tests/richards-empty-try-catch.js: Added.

(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

  • js/regress/script-tests/richards-try-catch.js: Added.

(randomException):
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

6:12 PM Changeset in webkit [189955] by dino@apple.com
  • 2 edits in trunk

Spell Jon's name correctly. I expect payback for this mistake.

6:09 PM Changeset in webkit [189954] by dino@apple.com
  • 4 edits
    2 adds in trunk

Multi-hop reference cycles not detected.
https://bugs.webkit.org/show_bug.cgi?id=149181

Reviewed by John Honeycutt.

Source/WebCore:

SVG's cycle detection was not picking up a
case where an element was drawing a pattern, that
referenced another pattern, that referenced another
pattern, that referenced the original pattern.

The issue was that we were forgetting to check the
children of the renderer itself, rather than just
the children of the referenced renderers.

Found by running a test from Blink.

I also took the opportunity to clean up the debugging
code that logs cycle detection.

Test: svg/custom/pattern-3-step-cycle.html

  • platform/Logging.h: Add a new SVG channel. I can't believe we

didn't already have one!

  • rendering/svg/SVGResourcesCycleSolver.cpp:

(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): Check the referenced
resources for cycles.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Logging update.

LayoutTests:

Test comes from:
https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/svg/custom/pattern-3-step-cycle.html

  • svg/custom/pattern-3-step-cycle-expected.txt: Added.
  • svg/custom/pattern-3-step-cycle.html: Added.
6:09 PM Changeset in webkit [189953] by dino@apple.com
  • 3 edits
    2 adds in trunk

Cyclic resources were not detected if the reference had deep containers
https://bugs.webkit.org/show_bug.cgi?id=149182

Reviewed by John Honeycutt.

Source/WebCore:

During our examination of the SVG rendering tree looking for cycles,
if a resource pointed to something that had a nested structure, and
one of the parent nodes in that structure was a container object
without resources itself, we were not looking into the children.

Test: svg/custom/pattern-content-cycle-w-resourceless-container.html

  • rendering/svg/SVGResourcesCycleSolver.cpp:

(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): We should still
check all children resources, but not exit early if there are none. Instead
we should recurse into any children.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Changes to some debug
code that no longer compiled (it's still off by default, but at least
it will work now).

LayoutTests:

This test was ported from Blink. I believe it originally
came from:
https://code.google.com/p/chromium/issues/detail?id=351713

  • svg/custom/pattern-content-cycle-w-resourceless-container-expected.txt: Added.
  • svg/custom/pattern-content-cycle-w-resourceless-container.html: Added.
5:55 PM Changeset in webkit [189952] by rniwa@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

CLoop build fix after r189938.

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::unwindToMachineCodeBlockFrame):

5:50 PM Changeset in webkit [189951] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION(r188871): 50% regression in page load time of Wikipedia home page
https://bugs.webkit.org/show_bug.cgi?id=149320

Reviewed by Daniel Bates.

This is due to <rdar://problem/22144016> about how language-specific
font fallback is an order of magnitude slower than regular non-language-
specific font-fallback. This performance problem has been fixed, but not
for iOS 9.

No new tests because there is no correctness change.

  • platform/graphics/ios/FontCacheIOS.mm:

(WebCore::platformLookupFallbackFont):

5:47 PM Changeset in webkit [189950] by rniwa@webkit.org
  • 21 edits
    1 copy
    10 adds in trunk

Source/WebCore:
Add HTMLSlotElement, Element.slot, and NonDocumentTypeChildNode.assignedSlot
https://bugs.webkit.org/show_bug.cgi?id=149241

Reviewed by Antti Koivisto.

Implement the slotting algorithm and related features: slot element, slot attribute, and assignedSlot
as specified by https://w3c.github.io/webcomponents/spec/shadow/#slotting-algorithm
as of 8bf56e8ea5521a7a911efd1cabeb2be0d5c3ca74.

The slotting algorithm is implemented by the newly introduced SlotAssignment class which is created on
demand by ShadowRoot when a HTMLSlotElement is inserted into the shadow root. SlotAssignment contains
a HashMap of a slot name to SlotInfo structure, which holds the number of slot elements of the said name,
the first element if it's known, and an ordered list of the assigned nodes.

When there is exactly one slot element of a given name, "element" returns the slot element in O(1).
When another slot of the same name is inserted into the same shadow tree, we increment "elementCount" and
set "element" to nullptr since we don't know which slot element comes first in the tree order without O(n)
tree traversal, which is lazily done in resolveAllSlotElements.

Observe that SlotInfo's "element" can be nullptr in two occasions: (1) when there is no slot element of
the given name (SlotAssignment::assignSlots may insert such an entry), and (2) when there are more than
one slot elements of the same name and we haven't run resolveAllSlotElements.

Resolving assigned nodes, on the other hand, is always O(n) unless all assignments are up to date, and
lazily computed by assignSlots. This is because inserting or removing a node doesn't tell us the relative
ordering of the node with respect to other nodes assigned to the same slot. For example, let's say we have
child nodes (A, B, C, D) and (A, D) are assigned to slot Alpha and (B, C) are assigned to slot Beta. If we
insert a new node E between nodes B and C and this node is assigned to slot Alpha, then we must create an
ordered list (A, E, D) for slot Alpha. Unfortunately, determining where to insert E in this list can cost
O(n) child traversal in the worst case.

Tests: fast/shadow-dom/HTMLSlotElement-interface.html

fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html

  • CMakeLists.txt:
  • DerivedSources.cpp:
  • DerivedSources.make:
  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • WebCore.xcodeproj/project.pbxproj:
  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Invalidate the slot assignments when slot attribute is changed.
(WebCore::Element::childrenChanged): Ditto for when a child node is inserted or removed. We can avoid it
when there is no default slot and only text nodes are removed or added in the future.

  • dom/Element.idl: Added slot attribute on Element.
  • dom/Node.cpp:

(WebCore::Node::assignedSlot): Added. Returns the assigned slot if the slot is in an open shadow tree.

  • dom/Node.h:
  • dom/NonDocumentTypeChildNode.idl: Added assignedSlot. Only expose in JS for now to avoid generating

the binding code for HTMLSlotElement in other languages.

  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::findAssignedSlot): Added. Forwards it to the implementation in SlotAssignment.
(WebCore::ShadowRoot::addSlotElementByName): Ditto.
(WebCore::ShadowRoot::removeSlotElementByName): Ditto.
(WebCore::ShadowRoot::invalidateSlotAssignments): Ditto.
(WebCore::ShadowRoot::assignedNodesForSlot): Ditto.

  • dom/ShadowRoot.h:

(WebCore::ShadowRoot): Added m_slotAssignments as a member.

  • dom/SlotAssignment.cpp: Added.

(WebCore::treatNullAsEmpty): Added. See https://w3c.github.io/webcomponents/spec/shadow/#dfn-default-slot
(WebCore::SlotAssignment::findAssignedSlot): Find the slot element to which a given node is assigned.
Since there could be multiple slot elements of the same name (or lack thereof), call findFirstSlotElement
to find the first slot element.
(WebCore::SlotAssignment::addSlotElementByName): Added. Called when a new slot element is inserted into
the associated shadow tree. When a slot element's name is changed, removeSlotElementByName is called on
with the old name before addSlotElementByName is called with the new name.
(WebCore::SlotAssignment::removeSlotElementByName): Ditto for removal.
(WebCore::SlotAssignment::assignedNodesForSlot): Added. Finds the ordered list of assigned nodes for
a given slot element. When there are multiple slot elements of the same name, we return the list only if
SlotInfo::element matches the argument.
(WebCore::SlotAssignment::findFirstSlotElement): Added. Resolves SlotInfo::element if needed.
(WebCore::SlotAssignment::resolveAllSlotElements): Finds SlotInfo::element for all slots. We resolve all
slots simultaneously to avoid doing O(number of nodes) tree traversal for O(number of slots) to avoid
the worst case O(n2) behavior when all nodes in the shadow tree are slot elements of the same name.
(WebCore::SlotAssignment::assignSlots): Added. Computes the slot assignments by traversing each child
of the shadow host and adding to the appropriate SlotInfo::assignedNodes, creating a new entry if needed.

  • dom/SlotAssignment.h: Added.

(WebCore::SlotAssignment::SlotAssignment):
(WebCore::SlotAssignment::invalidate):
(WebCore::SlotAssignment::SlotInfo::SlotInfo):
(WebCore::SlotAssignment::SlotInfo::hasSlotElements):
(WebCore::SlotAssignment::SlotInfo::hasDuplicatedSlotElements):
(WebCore::SlotAssignment::SlotInfo::shouldResolveSlotElement):

  • html/HTMLAttributeNames.in: Added slot attribute.
  • html/HTMLSlotElement.cpp: Added.

(WebCore::HTMLSlotElement::create):
(WebCore::HTMLSlotElement::HTMLSlotElement):
(WebCore::HTMLSlotElement::insertedInto): Calls addSlotElementByName.
(WebCore::HTMLSlotElement::removedFrom): Calls removeSlotElementByName. Because the element had already
been removed from the shadow tree, we can't use containingShadowRoot() to find the ShadowRoot here.
(WebCore::HTMLSlotElement::attributeChanged): Calls removeSlotElementByName and addSlotElementByName.
(WebCore::HTMLSlotElement::getDistributedNodes): Returns an ordered list of the assigned nodes.

  • html/HTMLSlotElement.h: Added.
  • html/HTMLSlotElement.idl: Added.
  • html/HTMLTagNames.in: Added slot element.

LayoutTests:
Add HTMLSlotElement and NonDocumentTypeChildNode.assignedSlot
https://bugs.webkit.org/show_bug.cgi?id=149241

Reviewed by Antti Koivisto.

Added new conformance tests and rebaselined tests as needed.

In particular, inspector/model/remote-object.html was rebaselined since "assignedSlot" now appears as one of the first five
properties on Comment node that this test outputs.

  • fast/shadow-dom/HTMLSlotElement-interface-expected.txt: Added.
  • fast/shadow-dom/HTMLSlotElement-interface.html: Added.
  • fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot-expected.txt: Added.
  • fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html: Added.
  • js/dom/dom-static-property-for-in-iteration-expected.txt:
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/inspector/model: Added.
  • platform/mac/inspector/model/remote-object-expected.txt: Copied from LayoutTests/inspector/model/remote-object-expected.txt.
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
5:46 PM Changeset in webkit [189949] by Chris Dumez
  • 4 edits in trunk/Source/WebCore

Regression(r189881): release assertion hit in toJS(ExecState*, JSDOMGlobalObject*, DocumentFragment*)
https://bugs.webkit.org/show_bug.cgi?id=149281

Reviewed by Ryosuke Niwa.

After r189881, we started generating a toJS() function for DocumentFragment
as an optimization. DocumentFragment has a subclass (ShadowRoot) but the
default toJS() implementation should have still been acceptable given that
the subclass is not web-exposed and therefore does not have a JS wrapper.

However, the ShadowRoot interface was introduced shortly after in r189841
and to toJS() implementation for DocumentFragment is now invalid. This
patch introduces a ShadowRoot-aware custom implementation of toJS() for
DocumentFragment to address the problem.

No new tests, already covered by:
plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html

  • bindings/js/JSDocumentFragmentCustom.cpp:

(WebCore::createNewDocumentFragmentWrapper):
(WebCore::toJSNewlyCreated):
(WebCore::toJS):
Provide a ShadowRoot-aware custom implementation of toJS() /
toJSNewlyCreated() for DocumentFragment.

  • bindings/js/JSNodeCustom.cpp:

(WebCore::createWrapperInline):
Fix bug in toJS() implementation for Node as it was not handling
ShadowRoots properly either.

  • dom/DocumentFragment.idl:

Use [CustomToJSObject] so we can provide our own custom implementation
of toJS().

5:44 PM Changeset in webkit [189948] by Simon Fraser
  • 3 edits
    1 add in trunk/Tools

Give iOS WebKitTestRunner a launch storyboard
https://bugs.webkit.org/show_bug.cgi?id=149314

Reviewed by Dan Bates.

Add a launch storyboard to iOS WebKitTestRunner so that Springboard recognizes
that it's been built for specific device configurations, and puts the window
at the top of the screen. This simplifies coordinate conversions in a future patch.

  • WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
  • WebKitTestRunner/WebKitTestRunnerApp/WebKitTestRunnerApp-Info.plist:
  • WebKitTestRunner/ios/Launch.storyboard: Added.
5:16 PM Changeset in webkit [189947] by Alan Bujtas
  • 23 edits in trunk/LayoutTests

CSS WG multicol-1 tests failures with 1px differences due to baseline difference.
https://bugs.webkit.org/show_bug.cgi?id=149245

Reviewed by Ryosuke Niwa.

Turn off font-aliasing for multicol tests where the reference tests' inline content
end up on a different baseline (fractional difference). (It's not considered a bug, they don't
necessarily match.)

LayoutTests/imported/w3c:

  • css/css-multicol-1/multicol-basic-001-expected.html:
  • css/css-multicol-1/multicol-basic-001.html:
  • css/css-multicol-1/multicol-basic-002-expected.html:
  • css/css-multicol-1/multicol-basic-002.html:
  • css/css-multicol-1/multicol-basic-003-expected.html:
  • css/css-multicol-1/multicol-basic-003.html:
  • css/css-multicol-1/multicol-basic-004-expected.html:
  • css/css-multicol-1/multicol-basic-004.html:
  • css/css-multicol-1/multicol-rule-002-expected.xht:
  • css/css-multicol-1/multicol-rule-002.xht:
  • css/css-multicol-1/multicol-rule-px-001-expected.xht:
  • css/css-multicol-1/multicol-rule-px-001.xht:
  • css/css-multicol-1/multicol-rule-stacking-001-expected.xht:
  • css/css-multicol-1/multicol-rule-stacking-001.xht:
  • css/css-multicol-1/multicol-shorthand-001-expected.xht:
  • css/css-multicol-1/multicol-shorthand-001.xht:
  • css/css-multicol-1/multicol-span-all-block-sibling-003-expected.xht:
  • css/css-multicol-1/multicol-span-all-block-sibling-003.xht:
  • css/css-multicol-1/multicol-span-all-margin-nested-firstchild-001-expected.xht:
  • css/css-multicol-1/multicol-span-all-margin-nested-firstchild-001.xht:

LayoutTests:

5:03 PM Changeset in webkit [189946] by commit-queue@webkit.org
  • 6 edits in trunk/Source/JavaScriptCore

Convert return values from JavaScript functions to the expected types in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149200

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-17
Reviewed by Mark Lam.

When a WebAssembly function calls a JavaScript function, there is no
guarantee that the JavaScript function will always return values of the
type we expect. This patch converts the return values to the expected
types.

(The reverse is also true: When a WebAssembly function is called from a
JavaScript function, there is no guarantee that the arguments to the
WebAssembly function will always be of the types we expect. We have
fixed this in Bug 149033.)

We don't need to type check the return values if the callee is a
WebAssembly function. We don't need to type check the arguments if the
caller is a WebAssembly function. This optimization will be
implemented in the future. See https://bugs.webkit.org/show_bug.cgi?id=149310

  • tests/stress/wasm-type-conversion.js:
  • tests/stress/wasm/type-conversion.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
(JSC::WASMFunctionCompiler::convertValueToInt32):
(JSC::WASMFunctionCompiler::convertValueToDouble):
(JSC::WASMFunctionCompiler::convertDoubleToValue):
(JSC::WASMFunctionCompiler::loadValueAndConvertToInt32): Deleted.
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble): Deleted.

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseCallInternalExpressionI32): Deleted.

  • wasm/WASMFunctionParser.h:
4:53 PM Changeset in webkit [189945] by Antti Koivisto
  • 10 edits in trunk/Source/WebCore

De-template ContainerNodeAlgorithms
https://bugs.webkit.org/show_bug.cgi?id=149286

Reviewed by Andreas Kling.

These are always used with ContainerNode/Node.

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::removeDetachedChildren):
(WebCore::destroyRenderTreeIfNeeded):
(WebCore::ContainerNode::takeAllChildrenFrom):
(WebCore::ContainerNode::insertBeforeCommon):
(WebCore::ContainerNode::appendChildCommon):

Make append a member for consistency with insert.

(WebCore::ContainerNode::notifyChildInserted):
(WebCore::ContainerNode::notifyChildRemoved):
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::appendChild):
(WebCore::ContainerNode::parserAppendChild):

Also make rest of these ownership-taking functions take Ref<>&&.

  • dom/ContainerNode.h:

(WebCore::NoEventDispatchAssertion::NoEventDispatchAssertion):
(WebCore::ContainerNode::setFirstChild):

  • dom/ContainerNodeAlgorithms.cpp:

(WebCore::notifyChildNodeRemoved):
(WebCore::addChildNodesToDeletionQueue):
(WebCore::removeDetachedChildrenInContainer):
(WebCore::collectFrameOwners):
(WebCore::assertConnectedSubrameCountIsConsistent):
(WebCore::disconnectSubframes):

  • dom/ContainerNodeAlgorithms.h:

(WebCore::removeDetachedChildrenInContainer): Deleted.
(WebCore::appendChildToContainer): Deleted.
(WebCore::Private::NodeRemovalDispatcher::dispatch): Deleted.
(WebCore::Private::addChildNodesToDeletionQueue): Deleted.

  • html/parser/HTMLConstructionSite.cpp:

(WebCore::insert):
(WebCore::executeInsertTask):
(WebCore::executeReparentTask):
(WebCore::executeInsertAlreadyParsedChildTask):

  • html/track/WebVTTParser.cpp:

(WebCore::WebVTTTreeBuilder::constructTreeFromToken):

  • xml/XMLErrors.cpp:

(WebCore::XMLErrors::appendErrorMessage):
(WebCore::createXHTMLParserErrorHeader):
(WebCore::XMLErrors::insertErrorMessageBlock):

  • xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::enterText):
(WebCore::toString):

  • xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::XMLDocumentParser::startElementNs):
(WebCore::XMLDocumentParser::processingInstruction):
(WebCore::XMLDocumentParser::cdataBlock):
(WebCore::XMLDocumentParser::comment):

4:30 PM Changeset in webkit [189944] by Beth Dakin
  • 3 edits in trunk/Source/WebKit2

Heavy taps on links are sometimes interpreted as the preview gesture
https://bugs.webkit.org/show_bug.cgi?id=149304
-and corresponding-
rdar://problem/22689258

Reviewed by Tim Horton.

If the preview gesture starts and stop and less than 250 milliseconds have
passed, then call _attemptClickAtLocation to treat it as a normal tap.

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _interactionShouldBeginFromPreviewItemController:forPosition:]):
(-[WKContentView _interactionStartedFromPreviewItemController:]):
(-[WKContentView _interactionStoppedFromPreviewItemController:]):

4:28 PM Changeset in webkit [189943] by mmaxfield@apple.com
  • 4 edits in trunk/Tools

Update licence in r189890
https://bugs.webkit.org/show_bug.cgi?id=149306

Reviewed by Dean Jackson.

  • FontWithFeatures/FontWithFeatures/FontCreator.cpp:
  • FontWithFeatures/FontWithFeatures/FontCreator.h:
  • FontWithFeatures/FontWithFeatures/main.cpp:
4:22 PM Changeset in webkit [189942] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Block Objective-C exceptions in DictionaryLookup
https://bugs.webkit.org/show_bug.cgi?id=149256

Reviewed by Anders Carlsson.

  • editing/mac/DictionaryLookup.mm:

(WebCore::DictionaryLookup::rangeForSelection):
(WebCore::DictionaryLookup::rangeAtHitTestResult):
(WebCore::expandSelectionByCharacters):
(WebCore::DictionaryLookup::stringForPDFSelection):
(WebCore::showPopupOrCreateAnimationController):
(WebCore::DictionaryLookup::hidePopup):
It is possible for Lookup to throw an exception if one of its
related services dies for some reason. This shouldn't take down
our UI process, so block the exceptions.

3:26 PM Changeset in webkit [189941] by Yusuke Suzuki
  • 14 edits in trunk/Source

[ES6] Add more fine-grained APIs and additional hooks to control module loader from WebCore
https://bugs.webkit.org/show_bug.cgi?id=149129

Reviewed by Saam Barati.

No behavior change.

Source/JavaScriptCore:

Module tag <script type="module> will be executed asynchronously.
But we would like to fetch the resources before when the postTask-ed task is performed.
So instead of 1 API that fetch, instantiate and execute the module,
we need 2 fine-grained APIs.

  1. Fetch and initialize a module, but not execute it yet.
  2. Link and execute a module specified by the key (this will be invoked asynchronously).

And to instrument the script execution (like reporting the execution time of the module to
the inspector), we need a hook to inject code around an execution of a module body.

  • builtins/ModuleLoaderObject.js:

(moduleEvaluation):
(loadAndEvaluateModule):
(loadModule):
(linkAndEvaluateModule):

  • jsc.cpp:

(functionLoadModule):
(runWithScripts):

  • runtime/Completion.cpp:

(JSC::identifierToJSValue):
(JSC::createSymbolForEntryPointModule):
(JSC::rejectPromise):
(JSC::loadAndEvaluateModule):
(JSC::loadModule):
(JSC::linkAndEvaluateModule):
(JSC::evaluateModule): Deleted.

  • runtime/Completion.h:
  • runtime/JSGlobalObject.cpp:
  • runtime/JSGlobalObject.h:
  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::evaluate):
(JSC::JSModuleRecord::execute): Deleted.

  • runtime/JSModuleRecord.h:
  • runtime/ModuleLoaderObject.cpp:

(JSC::ModuleLoaderObject::loadAndEvaluateModule):
(JSC::ModuleLoaderObject::linkAndEvaluateModule):
(JSC::ModuleLoaderObject::evaluate):
(JSC::moduleLoaderObjectEvaluate):

  • runtime/ModuleLoaderObject.h:

Source/WebCore:

  • bindings/js/JSDOMWindowBase.cpp:
  • bindings/js/JSWorkerGlobalScopeBase.cpp:
3:19 PM Changeset in webkit [189940] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.46.24

New tag.

3:19 PM Changeset in webkit [189939] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.2.5

New tag.

3:02 PM Changeset in webkit [189938] by sbarati@apple.com
  • 41 edits
    20 adds in trunk

Implement try/catch in the DFG.
https://bugs.webkit.org/show_bug.cgi?id=147374

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements try/catch inside the DFG JIT.
It also prevents tier up to the FTL for any functions
that have an op_catch in them that are DFG compiled.

This patch accomplishes implementing try/catch inside
the DFG by OSR exiting to op_catch when an exception is thrown.
We can OSR exit from an exception inside the DFG in two ways:
1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2) We have an exception when returing from a callOperation

In the case of (1), we get to the OSR exit from genericUnwind because
the exception was thrown in a child call frame. This means these
OSR exits must act as defacto op_catches (even though we will still OSR
exit to a baseline op_catch). That means they must restore the stack pointer
and call frame.

In the case of (2), we can skip genericUnwind because we know the exception
check will take us to a particular OSR exit. Instead, we link these
exception checks as jumps to a particular OSR exit.

Both types of OSR exits will exit into op_catch inside the baseline JIT.
Because they exit to op_catch, these OSR exits must set callFrameForCatch
to the proper call frame pointer.

We "handle" all exceptions inside the machine frame of the DFG code
block. This means the machine code block is responsible for "catching"
exceptions of any inlined frames' try/catch. OSR exit will then exit to
the proper baseline CodeBlock after reifying the inlined frames
(DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to).
Also, genericUnwind will never consult an inlined call frame's CodeBlock to
see if they can catch the exception because they can't. We always unwind to the
next machine code block frame. The DFG CodeBlock changes how the exception
handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks.

So, when consulting call sites that throw, we keep track of the CallSiteIndex,
and the HandlerInfo for the corresponding baseline exception handler for
that particular CallSiteIndex (if an exception at that call site will be caught).
Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
(The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
at from genericUnwind).

Also, each OSR exit will know if it acting as an exception handler, and
whether or not it will be arrived at from genericUnwind. When we know we
will arrive at an OSR exit from genericUnwind, we set the corresponding
HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.

This patch also introduces a new Phase inside the DFG that ensures
that DFG CodeBlocks that handle exceptions take the necessary
steps to keep live variables at "op_catch" live according the
OSR exit value recovery machinery. We accomplish this by flushing
all live op_catch variables to the stack when inside a "try" block.

(JSC::CodeBlock::handlerForBytecodeOffset):
(JSC::CodeBlock::handlerForIndex):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::clearExceptionHandlers):
(JSC::CodeBlock::appendExceptionHandler):

  • bytecode/PreciseJumpTargets.cpp:

(JSC::computePreciseJumpTargets):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::lastCallSite):
(JSC::DFG::CommonData::shrinkToFit):

  • dfg/DFGCommonData.h:
  • dfg/DFGGraph.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
(JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
(JSC::DFG::JITCompiler::blockHeads):
(JSC::DFG::JITCompiler::exceptionCheck): Deleted.

  • dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.

(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
(JSC::DFG::performLiveCatchVariablePreservationPhase):

  • dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
  • dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::setPatchableCodeOffset):

  • dfg/DFGOSRExit.h:

(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):

  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):

  • dfg/DFGOSRExitCompilerCommon.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGSlowPathGenerator.h:

(JSC::DFG::SlowPathGenerator::SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::generate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

  • interpreter/Interpreter.cpp:

(JSC::GetCatchHandlerFunctor::operator()):
(JSC::UnwindFunctor::operator()):

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):
(JSC::StackVisitor::readFrame):

  • interpreter/StackVisitor.h:

(JSC::StackVisitor::operator*):
(JSC::StackVisitor::operator->):

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitCount):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/VM.h:

(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::addressOfCallFrameForCatch):
(JSC::VM::exception):
(JSC::VM::addressOfException):

  • tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.

(f):
(bar):
(Foo):

  • tests/stress/es6-for-of-loop-exception.js: Added.

(assert):
(shouldThrowInvalidConstAssignment):
(baz):
(foo):

  • tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(bar):
(foo):

  • tests/stress/exception-dfg-not-strict-equal.js: Added.

(foo):
(o.valueOf):
(o.toString):
(assert):
(shouldDoSomethingInFinally):
(catch):

  • tests/stress/exception-dfg-operation-read-value.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(foo):

  • tests/stress/exception-dfg-throw-from-catch-block.js: Added.

(assert):
(baz):
(bar):
(foo):

LayoutTests:

  • js/regress/raytrace-with-empty-try-catch-expected.txt: Added.
  • js/regress/raytrace-with-empty-try-catch.html: Added.
  • js/regress/raytrace-with-try-catch-expected.txt: Added.
  • js/regress/raytrace-with-try-catch.html: Added.
  • js/regress/script-tests/raytrace-with-empty-try-catch.js: Added.

(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

  • js/regress/script-tests/raytrace-with-try-catch.js: Added.

(randomException):
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

  • js/regress/script-tests/v8-raytrace-with-empty-try-catch.js: Added.

(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

  • js/regress/script-tests/v8-raytrace-with-try-catch.js: Added.

(randomException):
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

  • js/regress/v8-raytrace-with-empty-try-catch-expected.txt: Added.
  • js/regress/v8-raytrace-with-empty-try-catch.html: Added.
  • js/regress/v8-raytrace-with-try-catch-expected.txt: Added.
  • js/regress/v8-raytrace-with-try-catch.html: Added.
3:02 PM Changeset in webkit [189937] by mark.lam@apple.com
  • 2 edits in trunk/Tools

Add the ability to skip JIT stress tests in run-javascriptcore-tests.
https://bugs.webkit.org/show_bug.cgi?id=149285

Reviewed by Saam Barati.

Just need to add an option to pass --no-jit to run-jsc-stress-test.

  • Scripts/run-javascriptcore-tests:

(runJSCStressTests):

2:48 PM Changeset in webkit [189936] by achristensen@apple.com
  • 2 edits in trunk

Fix Windows EWS build after r189934.

  • Source/cmake/OptionsWin.cmake:

Use WEBKIT_LIBRARIES environment variable if it exists.
We have the WebKitLibraries directory separate from the repository copy on the EWS bots.

2:27 PM Changeset in webkit [189935] by fpizlo@apple.com
  • 2 edits in trunk/Source/WTF

Unreviewed, revert unintended change.

  • benchmarks/LockSpeedTest.cpp:

(main):

2:26 PM Changeset in webkit [189934] by commit-queue@webkit.org
  • 7 edits in trunk

Switch AppleWin build to use CMake
https://bugs.webkit.org/show_bug.cgi?id=149163

Patch by Alex Christensen <achristensen@webkit.org> on 2015-09-17
Reviewed by Brent Fulgham.

Source/WebCore:

  • bindings/scripts/preprocess-idls.pl:

(CygwinPathIfNeeded):
(WriteFileIfChanged):

  • bindings/scripts/preprocessor.pm:

(applyPreprocessor):
Fix new cygwin quirks. Cygwin is now using some paths from CMake.

Tools:

  • Scripts/build-webkit:
  • Scripts/run-api-tests:

(runTest):
(listAllTests):
(prepareEnvironmentForRunningTestTool):
(testToolPaths):
(testToolPath): Deleted.
Run the API tests as separate executables on Windows.
It used to be TestWebKitAPI.exe, and it is now TestWTF.exe, TestWebCore.exe, and TestWebKit.exe.

  • Scripts/webkitdirs.pm:

(checkRequiredSystemConfig):
(jhbuildWrapperPrefixIfNeeded):
(generateBuildSystemFromCMakeProject):
Fix configuration quirks.

2:26 PM Changeset in webkit [189933] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION: Web Inspector: Double clicking on an attribute second time doesn't work
https://bugs.webkit.org/show_bug.cgi?id=149259

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-17
Reviewed by Timothy Hatcher.

  • UserInterface/Views/DOMTreeElement.js:

Be sure to clear the editing state when committed, even if the value did not change.

2:23 PM Changeset in webkit [189932] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

After restoring tabs, swipes back to fast loading pages hang for 3 seconds
https://bugs.webkit.org/show_bug.cgi?id=148764
<rdar://problem/22568860>

Reviewed by Beth Dakin.

  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::endSwipeGesture):
Don't wait for the render tree size threshold if we don't have one.

2:22 PM Changeset in webkit [189931] by Alan Bujtas
  • 3 edits in trunk/Source/WebCore

Remove integral snapping functions from InlineBox class.
https://bugs.webkit.org/show_bug.cgi?id=136419

Reviewed by Simon Fraser.

We should not integral snap inlines during layout time.

Covered by existing tests.

  • rendering/InlineBox.h:

(WebCore::InlineBox::pixelSnappedLogicalLeft): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalRight): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalTop): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalBottom): Deleted.

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::placeBoxesInBlockDirection):
(WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
(WebCore::InlineFlowBox::addBorderOutsetVisualOverflow):
(WebCore::InlineFlowBox::addTextBoxVisualOverflow):

2:15 PM Changeset in webkit [189930] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Skip a media test that fails when an AppleTV is around.

This will be fixed soon by https://bugs.webkit.org/show_bug.cgi?id=148912

  • platform/mac/TestExpectations:
1:39 PM Changeset in webkit [189929] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

0.0 should really be 0.0
https://bugs.webkit.org/show_bug.cgi?id=149283

Reviewed by Mark Lam.

A while ago (http://trac.webkit.org/changeset/180813) we introduced the idea that if the
user wrote a number with a decimal point (like "0.0") then we should treat that number as
a double. That's probably a pretty good idea. But, we ended up doing it inconsistently.
The DFG would indeed treat such a number as a double by consulting the
SourceCodeRepresentation, but the other execution engines would still see Int32:0.

This patch makes it consistent.

This is necessary for property type inference to perform well. Otherwise, a store of a
constant would change type from the baseline engine to the DFG, which would then cause
a storm of property type invalidations and recompilations.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addConstantValue):

1:26 PM Changeset in webkit [189928] by fpizlo@apple.com
  • 4 edits
    1 add in trunk/Source

stress/exit-from-getter.js.ftl-eager occasionally traps in debug
https://bugs.webkit.org/show_bug.cgi?id=149096

Reviewed by Geoffrey Garen.

JS calls to getters/setters in get/put inline caches need to reset SP after the call, as our
calling convention requires.

  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate): Fix the bug.

  • ftl/FTLLink.cpp:

(JSC::FTL::link): Adds some verbiage about why the FTL stack offset logic is correct.

  • tests/stress/getter-arity.js: Added. Other tests would flaky crash before the patch. This test instacrashes before the patch.
1:18 PM Changeset in webkit [189927] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

[WinCairo] Compile error, include file not found.
https://bugs.webkit.org/show_bug.cgi?id=149282

Patch by Per Arne Vollan <peavo@outlook.com> on 2015-09-17
Reviewed by Alex Christensen.

  • PlatformWin.cmake:

Copy forwarding headers from new legacy directory, fixing CMake clean builds since r189746.

12:46 PM Changeset in webkit [189926] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r189287): 2.5% PLT regression
https://bugs.webkit.org/show_bug.cgi?id=149277
<rdar://problem/22657219>

Reviewed by Anders Carlsson.

  • UIProcess/API/mac/WKView.mm:

(-[WKView _takeViewSnapshot]):
Don't take an extra unused snapshot.

12:42 PM Changeset in webkit [189925] by commit-queue@webkit.org
  • 6 edits in trunk/Tools

Added toggle options for hiding and showing certain platform families on the dashboard.
https://bugs.webkit.org/show_bug.cgi?id=148403

Patch by Dean Johnson <dean_johnson@apple.com> on 2015-09-17
Reviewed by David Kilzer.

This patch removes "hiddenPlatforms" from use in the code and local storage. We also removed
individual hide/show buttons for platforms because we've added toggle options to hide/show entire
families. Examples of these are "mac", "ios", and "linux". "Show All Platforms" was also removed
in lieu of an "all" button in the toggle menu.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Main.js:

(parsePlatformFamily): Helper function to parse out a platform family.
(initPlatformsByFamily): Initializes platformsByFamily, which organizes platforms on the
page by platformsByFamily[<family>] = <list of platforms belonging to that family>.
(updateToggleButtons): Updates the status of the toggle buttons.
(updateHiddenPlatforms): Changed to work with the new implementation of hiding/showing platforms.
(documentReady): Added creation of toggle buttons.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/MetricsMain.js:

(unhiddenQueues): Updated to search by platform family instead of the individual platform name.
(documentReady): Changed hiddenPlatforms => hiddenPlatformFamilies.
(updateHiddenPlatforms): Deleted. After removing the individual hide button code,
this did the exact same thing as the updateHiddenPlatforms in Scripts/Main.js so it was removed.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/QueueView.js:

(QueueView): Updated to use hiddenPlatformFamilies.
(QueueView.prototype._updateHiddenState): Updated to use hiddenPlatformFamilies.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Settings.js:

(Settings.prototype.toggleHiddenPlatformFamily): Renamed function and some variables.
(Settings.prototype.clearHiddenPlatformFamilies): Now uses hiddenPlatformFamilies for events.
(Settings.prototype.toggleHiddenPlatform): Deleted.
(Settings.prototype.clearHiddenPlatforms): Deleted.
(Settings.prototype.toggleShowPlatformFamily): Deleted.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/Main.css:

(div.cellButton, div.accessibilityButton, div.platformFamilyToggleButton):
(div.cellButton.unhide, div.accessibilityButton.unhide, div.platformFamilyToggleButton.unhide):
(.settings-visible div.settingsWrapper.hide, .settings-visible div.settingsWrapper):
(table.queue-grid tr.headers th):
(div.settingsWrapper.hide):
(div.settingsWrapper):
(div.familyToggleWrapper):
(div.platformFamilyToggleButton):
(div.platformFamilyShowToggleButton:not(:last-child)):
(div.familyShown):
(div.accessibilityButton):
(div.cellButton, div.accessibilityButton): Added platformFamilyToggleButton class.
(div.cellButton.unhide, div.accessibilityButton.unhide): Added platformFamilyToggleButton class.
(.settings-visible div.accessibilityButton.hide, .settings-visible div.accessibilityButton.unhide): Added
platformFamilyToggleButton and settingsWrapper class.
(.accessibilityButton): Deleted.

12:29 PM Changeset in webkit [189924] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Make Find / Save keyboard shortcuts work better globally
https://bugs.webkit.org/show_bug.cgi?id=149198

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-17
Reviewed by Brian Burg.

Previously find/save keyboard shortcuts required the user have the
ContentView in the ContentBrowser focused. That means nothing would
happen if you clicked / focused in the Sidebars. This change considers
the keyboard shortcuts globally, like Copy.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
Add global find and save keyboard shortcuts.

(WebInspector._focusChanged):
It is often useful to have the currentFocusedElement know if it is
in a TextEditor or other CodeMirror editor. When editable the <textarea>
is selected and not updating focused element.

(WebInspector._focusedContentBrowser):
(WebInspector._focusedContentView):
Provide helpers for getting a good approximation of the current focused
or visible content view that users would expect to be interacting with.
Since the focus event may not fire when clicking around to elements
like the <body>. Rather than make it explicitly focusable, check the
document.activeElement, and if it is body aim for the main content
browser instead of the currentFocusedElement which may be stale.
Likewise, if the QuickConsole is focused and the split console is
showing, treat it like the split browser is focused.

(WebInspector._focusedOrVisibleContentBrowser):
(WebInspector._focusedOrVisibleContentView):
If nothing is focused, default to the main content browser.

(WebInspector._find):
Pass on to the ContentView which typically handles Find
by showing its find banner.

(WebInspector._save):
(WebInspector._saveAs):
Check and save the current ContentView if supported.

  • UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype.get supportsSearch):
(WebInspector.LogContentView.prototype.handleFindEvent):
Add custom find handling for LogContentView from the routed through the
BrowserController instead of special event handlers in the controller.

(WebInspector.LogContentView.prototype.get supportsSave):
(WebInspector.LogContentView.prototype.save): Deleted.
(WebInspector.LogContentView.prototype.saveAs): Deleted.

  • UserInterface/Controllers/JavaScriptLogViewController.js:

(WebInspector.JavaScriptLogViewController): Deleted.
(WebInspector.JavaScriptLogViewController.prototype._handleFindShortcut): Deleted.
(WebInspector.JavaScriptLogViewController.prototype._save): Deleted.
(WebInspector.JavaScriptLogViewController.prototype._saveAs): Deleted.
Special save handling is no longer needed in the log view controller.

  • UserInterface/Views/ContentBrowser.js:

(WebInspector.ContentBrowser.prototype.handleFindEvent):
(WebInspector.ContentBrowser): Deleted.
(WebInspector.ContentBrowser.prototype._save): Deleted.
(WebInspector.ContentBrowser.prototype._saveAs): Deleted.
(WebInspector.ContentBrowser.prototype._showFindBanner): Deleted.
Save functionality moved globally, find functionality moved to a
public method called like copy event handling.

12:28 PM Changeset in webkit [189923] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Inactive window may cause many layers to be created due to Dashboard opacity
https://bugs.webkit.org/show_bug.cgi?id=149274

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-17
Reviewed by Brian Burg.

The dashboard container gets an opacity when the window is inactive. Combined
with the animating debugger continue button this caused a cascade of slightly
overlapping content causing a cascade of a lot of small layers. The simple
approach taken here is to stop the slight pulse animation when the window
is inactive.

  • UserInterface/Views/DebuggerDashboardView.css:

(body.window-inactive .dashboard.debugger .navigation-bar .item.button > .glyph):

12:22 PM Changeset in webkit [189922] by timothy_horton@apple.com
  • 3 edits
    2 adds in trunk

Add a test ensuring that scrolling in the middle of a page can't start a swipe gesture
https://bugs.webkit.org/show_bug.cgi?id=148904

Reviewed by Myles Maxfield.

  • swipe/main-frame-pinning-requirement.html: Added.
  • WebKitTestRunner/TestController.cpp:

(WTR::parseBooleanTestHeaderValue):
(WTR::updateViewOptionsFromTestHeader):
Check for the key "useThreadedScrolling".
Add some code to check for "true" and "false" for boolean options.

(WTR::TestController::viewOptionsForTest):
Apply the test's overrides last, even after the platform's.

12:00 PM Changeset in webkit [189921] by timothy_horton@apple.com
  • 4 edits in trunk/Source/WebCore

Delete some dead code
https://bugs.webkit.org/show_bug.cgi?id=149255

Reviewed by Dan Bernstein.

No new tests, just cleanup.

  • platform/RuntimeApplicationChecksIOS.h:
  • platform/RuntimeApplicationChecksIOS.mm:

(WebCore::applicationIsEpicurious): Deleted.
(WebCore::applicationIsMASH): Deleted.
Nothing uses these application checks anymore.

  • platform/ios/SoundIOS.mm:

(WebCore::systemBeep):
What a beep should be on iOS, I don't know.
What it should not be is a NSLog.

11:30 AM Changeset in webkit [189920] by saambarati1@gmail.com
  • 19 edits in trunk/Source

Interpreter::unwind() shouldn't be responsible for filtering out uncatchable exceptions
https://bugs.webkit.org/show_bug.cgi?id=149228

Reviewed by Mark Lam.

Source/JavaScriptCore:

op_catch is now responsible for filtering exceptions that
aren't catchable. When op_catch encounters an uncatchable
exception, it will call back into genericUnwind and throw
the exception further down the call stack. This is necessary
in a later patch that will implement exception handling
in the DFG, and part of that patch includes exception
handling that doesn't go through genericUnwind. The DFG try/catch
patch will not go through genericUnwind when it knows that
an exception check after a callOperation will be caught inside the
machine frame or any inlined frames. This patch enables that
patch by destroying the notion that all exception handling must
filter through genericUnwind.

This patch maintains compatibility with the debugger and
profiler by ensuring we notify the debugger when an
exception is thrown inside VM::throwException and not
in genericUnwind. It also notifies the profiler that we've
potentially changed call frames inside op_catch.

  • debugger/Debugger.cpp:

(JSC::Debugger::pauseIfNeeded):

  • interpreter/Interpreter.cpp:

(JSC::unwindCallFrame):
(JSC::getStackFrameCodeType):
(JSC::UnwindFunctor::operator()):
(JSC::Interpreter::unwind):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
(JSC::checkedReturn):

  • interpreter/Interpreter.h:

(JSC::SuspendExceptionScope::SuspendExceptionScope):
(JSC::SuspendExceptionScope::~SuspendExceptionScope):
(JSC::Interpreter::sampler):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):
(JSC::JIT::callOperationNoExceptionCheck):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::llint_throw_stack_overflow_error):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/ExceptionHelpers.cpp:

(JSC::isTerminatedExecutionException):

  • runtime/VM.cpp:

(JSC::VM::throwException):

  • runtime/VM.h:

(JSC::VM::targetMachinePCForThrowOffset):
(JSC::VM::restorePreviousException):
(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::exception):
(JSC::VM::addressOfException):
(JSC::VM::setException):

Source/WebCore:

No new tests, already covered by current tests. This is not an observable behavior change.

  • bindings/js/JSNodeFilterCustom.cpp:

(WebCore::JSNodeFilter::acceptNode):

11:22 AM Changeset in webkit [189919] by peavo@outlook.com
  • 4 edits in trunk/Source/WebKit/win

[Win][HighDPI] Windowed plugins have incorrect placement.
https://bugs.webkit.org/show_bug.cgi?id=149090

Reviewed by Alex Christensen.

We have to scale plugin dimensions with device scale factor.

  • Plugins/PluginView.cpp:

(WebCore::PluginView::windowClipRect):

  • Plugins/PluginView.h:
  • Plugins/PluginViewWin.cpp:

(WebCore::PluginView::updatePluginWidget):
(WebCore::PluginView::setNPWindowRect):
(WebCore::PluginView::snapshot):
(WebCore::PluginView::deviceScaleFactor):

10:40 AM Changeset in webkit [189918] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Calling a float function on x86 in WebAssembly incorrectly returns a double
https://bugs.webkit.org/show_bug.cgi?id=149254

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-17
Reviewed by Michael Saboff.

In WebAssembly on x86 (32-bit), when we call a function that returns a
float or a double, we use the FSTP instruction to read the return value
from the FPU register stack. The FSTP instruction converts the value to
single-precision or double-precision floating-point format, depending on
the destination operand. Currently, we always use double as the
destination, which is wrong. This patch uses the correct return type.
This should fix the test errors in tests/stress/wasm-arithmetic-float32.js

  • assembler/X86Assembler.h:

(JSC::X86Assembler::fstps):

  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::appendCallSetResult):
(JSC::WASMFunctionCompiler::callOperation):

10:38 AM Changeset in webkit [189917] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

Save and restore callee save registers in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149247

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-17
Reviewed by Michael Saboff.

Save callee save registers when entering WebAssembly functions
and restore them when returning.

  • jit/RegisterSet.cpp:

(JSC::RegisterSet::webAssemblyCalleeSaveRegisters):

  • jit/RegisterSet.h:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::localAddress):
(JSC::WASMFunctionCompiler::temporaryAddress):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):

10:03 AM Changeset in webkit [189916] by Alan Bujtas
  • 6 edits in trunk

column-rule-style: outset/inset doesn't work
https://bugs.webkit.org/show_bug.cgi?id=148815
Source/WebCore:

<rdar://problem/22582644>

Reviewed by David Hyatt.

https://drafts.csswg.org/css-multicol-1/#crs
The <‘border-style’> values are interpreted as in the collapsing border model.

Unskipped 4 multicolumn tests,

  • rendering/RenderMultiColumnSet.cpp:

(WebCore::RenderMultiColumnSet::paintColumnRules):

  • rendering/RenderTableCell.cpp:

(WebCore::collapsedBorderStyle): Deleted.

  • rendering/style/RenderStyle.h:

(WebCore::collapsedBorderStyle):

LayoutTests:

Reviewed by David Hyatt.

https://drafts.csswg.org/css-multicol-1/#crs
The <‘border-style’> values are interpreted as in the collapsing border model.

9:51 AM Changeset in webkit [189915] by achristensen@apple.com
  • 2 edits in trunk/LayoutTests

Make Windows tests green.

  • platform/win/TestExpectations:

Skip new IndexedDB test on Windows after r189879 because IndexedDB is not enabled on Windows yet.
Also skip new accessibility test after r189862 because stringValue is not implemented.

8:51 AM Changeset in webkit [189914] by Chris Dumez
  • 5 edits in trunk

Range.deleteContents cannot delete DocType
https://bugs.webkit.org/show_bug.cgi?id=148773
<rdar://problem/22571280>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that more checks are passing.

  • web-platform-tests/dom/ranges/Range-deleteContents-expected.txt:

Source/WebCore:

Range.deleteContents() was not able to delete a DocumentType Node, and
was throwing a HIERARCHY_REQUEST_ERR. The DOM specification does not
say we should throw in such case:
https://dom.spec.whatwg.org/#dom-range-deletecontents

However, Range.extractContents() should still throw an exception
if any of the contained children in a DocumentType Node:
https://dom.spec.whatwg.org/#concept-range-extract (Step 12)

No new tests, already covered by existing test.

  • dom/Range.cpp:

(WebCore::Range::deleteContents):
(WebCore::Range::extractContents):
(WebCore::Range::checkDeleteExtract):

  • dom/Range.h:
8:33 AM Changeset in webkit [189913] by eric.carlson@apple.com
  • 10 edits in trunk/Source/WebCore

[Mac MediaStream] Cleanup capture source classes
https://bugs.webkit.org/show_bug.cgi?id=149233

Reviewed by Jer Noble.

  • platform/cf/CoreMediaSoftLink.cpp: Soft-link CMAudioFormatDescriptionGetStreamBasicDescription, CMSampleBufferGetAudioBufferListWithRetainedBlockBuffer, and CMSampleBufferGetNumSamples.
  • platform/cf/CoreMediaSoftLink.h:
  • platform/mediastream/mac/AVAudioCaptureSource.h:

(WebCore::AVAudioCaptureSource::Observer::~Observer):

  • platform/mediastream/mac/AVAudioCaptureSource.mm:

(WebCore::AVAudioCaptureSource::AVAudioCaptureSource): Initialize m_inputDescription.
(WebCore::AVAudioCaptureSource::capabilities): 0 -> nullptr.
(WebCore::AVAudioCaptureSource::addObserver): New, add an observer and tell it to prepare.
(WebCore::AVAudioCaptureSource::removeObserver): New.
(WebCore::operator==): Compare AudioStreamBasicDescription.
(WebCore::operator!=):
(WebCore::AVAudioCaptureSource::captureOutputDidOutputSampleBufferFromConnection): Call

observer->prepare when passed a new stream description, call observer->process.

  • platform/mediastream/mac/AVCaptureDeviceManager.mm:

(WebCore::refreshCaptureDeviceList): Set m_groupID and m_localizedName.
(WebCore::AVCaptureDeviceManager::sessionSupportsConstraint): Invalid constraint names should

be ignored, so return true when passed one.

(WebCore::AVCaptureDeviceManager::getSourcesInfo): This just didn't work, fix it.
(WebCore::AVCaptureDeviceManager::verifyConstraintsForMediaType): Optional constraints are

optional so they don't need to be validated.

(WebCore::AVCaptureDeviceManager::bestSourcesForTypeAndConstraints): m_audioSource -> m_audioAVMediaCaptureSource,

m_videoSource -> m_videoAVMediaCaptureSource.

(WebCore::AVCaptureDeviceManager::sourceWithUID): Ditto.

  • platform/mediastream/mac/AVMediaCaptureSource.h:

(WebCore::AVMediaCaptureSource::session):
(WebCore::AVMediaCaptureSource::device):
(WebCore::AVMediaCaptureSource::currentStates):
(WebCore::AVMediaCaptureSource::constraints):
(WebCore::AVMediaCaptureSource::statesDidChanged):
(WebCore::AVMediaCaptureSource::createWeakPtr):
(WebCore::AVMediaCaptureSource::buffer): Deleted.
(WebCore::AVMediaCaptureSource::setBuffer): Deleted.

  • platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::AVMediaCaptureSource): Initilize m_weakPtrFactory.
(WebCore::AVMediaCaptureSource::scheduleDeferredTask): New, call a function asynchronously on

the main thread.

(-[WebCoreAVMediaCaptureSourceObserver captureOutput:didOutputSampleBuffer:fromConnection:]): Don't

dispatch calls to the main thread, let the derived classes do that if necessary.

  • platform/mediastream/mac/AVVideoCaptureSource.h:

(WebCore::AVVideoCaptureSource::width):
(WebCore::AVVideoCaptureSource::height):
(WebCore::AVVideoCaptureSource::previewLayer):
(WebCore::AVVideoCaptureSource::currentFrameSampleBuffer):

  • platform/mediastream/mac/AVVideoCaptureSource.mm:

(WebCore::AVVideoCaptureSource::setFrameRateConstraint): Remove unwanted logging.
(WebCore::AVVideoCaptureSource::setupCaptureSession): Configure the AVCaptureVideoDataOutput so

it delivers 32-bit BGRA samples.

(WebCore::AVVideoCaptureSource::calculateFramerate): Return bool to signal if the frame rate

changed.

(WebCore::AVVideoCaptureSource::processNewFrame): New. Process sample buffer, invalidate cached

image, signal when characteristics change.

(WebCore::AVVideoCaptureSource::captureOutputDidOutputSampleBufferFromConnection): Schedule

call to processNewFrame on the main thread so we do all video processing on main thread.

(WebCore::AVVideoCaptureSource::currentFrameImage): Create and return a CVImageBuffer of the

current video frame.

(WebCore::AVVideoCaptureSource::paintCurrentFrameInContext): Draw the current frame to a context.

7:42 AM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose r189912 (diff)
6:00 AM Changeset in webkit [189912] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[GTK] Crash in WebKit::BackingStore::createBackend running under Wayland
https://bugs.webkit.org/show_bug.cgi?id=147453

Reviewed by Carlos Garcia Campos.

Except when running on X11, this function always crashes if called before the web view is
realized, as gdk_window_create_similar_surface will return null in that case. Avoid this by
simply realizing the widget before calling that.

Thanks to Carlos Garnacho for some debugging help.

  • UIProcess/cairo/BackingStoreCairo.cpp:

(WebKit::BackingStore::createBackend):

5:13 AM Changeset in webkit [189911] by svillar@igalia.com
  • 20 edits
    4 adds in trunk

[CSS Grid Layout] Using automatic (instead of min-content) minimums for 'auto' tracks
https://bugs.webkit.org/show_bug.cgi?id=142329

Reviewed by Darin Adler.

Based on Blink's r198697 by <svillar@igalia.com> and r200478 by <jfernandez@igalia.com>

Source/WebCore:

More precisely (syntax-wise), this would allow 'auto' to be used within the
minmax() function (it's currently forbidden) and have the 'auto' keyword map
to minmax(auto, auto) instead of minmax(min-content, max-content).

  • As a minimum, 'auto' would mean "use the specified minimum size, or if

that is auto, treat as 0 or min-content per Flexbox rules".

  • As a maximum, 'auto' would mean "use the max-content size".

Regarding the implementation, a new phase is added to the track sizing
algorithm called ResolveIntrinsicMinimums (the former ResolveIntrinsicMinimums
is now called ResolveContentBasedMinimums which does not include 'auto'
resolution) which will be run before any other. This phase uses the minimum
size of grid items (as specified by min-width/height).

Tests: fast/css-grid-layout/grid-automatic-minimum-for-auto-columns.html

fast/css-grid-layout/grid-automatic-minimum-for-auto-rows.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseGridBreadth):

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfMinLength):
(WebCore::RenderGrid::computeUsedBreadthOfMaxLength):
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::trackSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::shouldProcessTrackForTrackSizeComputationPhase):
(WebCore::RenderGrid::trackShouldGrowBeyondGrowthLimitsForTrackSizeComputationPhase):
(WebCore::RenderGrid::markAsInfinitelyGrowableForTrackSizeComputationPhase):
(WebCore::RenderGrid::updateTrackSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):

  • rendering/RenderGrid.h:
  • rendering/style/GridTrackSize.h:

(WebCore::GridTrackSize::minTrackBreadth):
(WebCore::GridTrackSize::maxTrackBreadth):
(WebCore::GridTrackSize::cacheMinMaxTrackBreadthTypes):
(WebCore::GridTrackSize::hasIntrinsicMinTrackBreadth):
(WebCore::GridTrackSize::hasAutoMinTrackBreadth):
(WebCore::GridTrackSize::hasAutoMaxTrackBreadth):
(WebCore::GridTrackSize::hasMaxContentOrAutoMaxTrackBreadth):
(WebCore::GridTrackSize::hasAutoOrMinContentMinTrackBreadthAndIntrinsicMaxTrackBreadth):
(WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth): Deleted.

LayoutTests:

New tests to verify that auto is a valid keyword inside
minmax. Updated the expectations of existing tests to
reflect the new status of auto.

  • fast/css-grid-layout/grid-auto-columns-rows-get-set-expected.txt:
  • fast/css-grid-layout/grid-auto-columns-rows-get-set.html:
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-columns-expected.txt: Added.
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-columns.html: Added.
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-rows-expected.txt: Added.
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-rows.html: Added.
  • fast/css-grid-layout/grid-columns-rows-get-set-expected.txt:
  • fast/css-grid-layout/grid-columns-rows-get-set-multiple-expected.txt:
  • fast/css-grid-layout/grid-columns-rows-get-set-multiple.html:
  • fast/css-grid-layout/grid-columns-rows-get-set.html:
  • fast/css-grid-layout/non-grid-columns-rows-get-set-expected.txt:
  • fast/css-grid-layout/non-grid-columns-rows-get-set-multiple-expected.txt:
  • fast/css-grid-layout/non-grid-columns-rows-get-set-multiple.html:
  • fast/css-grid-layout/non-grid-columns-rows-get-set.html:
  • fast/css-grid-layout/resources/grid-columns-rows-get-set-multiple.js:
  • fast/css-grid-layout/resources/grid-columns-rows-get-set.js:
  • fast/css-grid-layout/resources/non-grid-columns-rows-get-set-multiple.js:
  • fast/css-grid-layout/resources/non-grid-columns-rows-get-set.js:
2:13 AM Changeset in webkit [189910] by jfernandez@igalia.com
  • 6 edits
    26 adds in trunk

[CSS Grid Layout] Relayout whenever Box Alignment properties change
https://bugs.webkit.org/show_bug.cgi?id=148070

Reviewed by Darin Adler.

Source/WebCore:

We were Reattaching the styles to the RenderTree whenever Content Alignment
properties (align-items and justify-items) changed their values, since the
Self Alignment properties depend on such values to resolve 'auto' values
during layout.

This patch removes such restriction, since we resolve the auto values
whenever we access the alignment properties. The only thing we need to
do is to mark a grid item for layout whenever the Default Alignment
properties change from/to stretch, since it implies a resize of the grid
items using 'auto' values for the Self Alignment properties.

Tests: fast/css-grid-layout/relayout-align-items-changed.html

fast/css-grid-layout/relayout-align-self-changed.html
fast/css-grid-layout/relayout-justify-items-changed.html
fast/css-grid-layout/relayout-justify-self-changed.html
fast/repaint/align-items-change.html
fast/repaint/align-items-overflow-change.html
fast/repaint/align-self-change.html
fast/repaint/align-self-overflow-change.html
fast/repaint/justify-items-change.html
fast/repaint/justify-items-legacy-change.html
fast/repaint/justify-items-overflow-change.html
fast/repaint/justify-self-change.html
fast/repaint/justify-self-overflow-change.html

  • rendering/RenderGrid.cpp:

(WebCore::defaultAlignmentIsStretch):
(WebCore::RenderGrid::styleDidChange):

  • rendering/RenderGrid.h:
  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::resolveAlignmentOverflow):
(WebCore::RenderStyle::changeRequiresLayout):

  • style/StyleResolveTree.cpp:

(WebCore::Style::determineChange): Deleted.

LayoutTests:

Tests to verify we force a layout of grid container or grid items, as appropriated,
whenever Box Alignment properties change their value.

This patch also adds some repaint tests, so we can ensure we generate the correct
repaint rects as well.

  • fast/css-grid-layout/relayout-align-items-changed-expected.txt: Added.
  • fast/css-grid-layout/relayout-align-items-changed.html: Added.
  • fast/css-grid-layout/relayout-align-self-changed-expected.txt: Added.
  • fast/css-grid-layout/relayout-align-self-changed.html: Added.
  • fast/css-grid-layout/relayout-justify-items-changed-expected.txt: Added.
  • fast/css-grid-layout/relayout-justify-items-changed.html: Added.
  • fast/css-grid-layout/relayout-justify-self-changed-expected.txt: Added.
  • fast/css-grid-layout/relayout-justify-self-changed.html: Added.
  • fast/repaint/align-items-change-expected.txt: Added.
  • fast/repaint/align-items-change.html: Added.
  • fast/repaint/align-items-overflow-change-expected.txt: Added.
  • fast/repaint/align-items-overflow-change.html: Added.
  • fast/repaint/align-self-change-expected.txt: Added.
  • fast/repaint/align-self-change.html: Added.
  • fast/repaint/align-self-overflow-change-expected.txt: Added.
  • fast/repaint/align-self-overflow-change.html: Added.
  • fast/repaint/justify-items-change-expected.txt: Added.
  • fast/repaint/justify-items-change.html: Added.
  • fast/repaint/justify-items-legacy-change-expected.txt: Added.
  • fast/repaint/justify-items-legacy-change.html: Added.
  • fast/repaint/justify-items-overflow-change-expected.txt: Added.
  • fast/repaint/justify-items-overflow-change.html: Added.
  • fast/repaint/justify-self-change-expected.txt: Added.
  • fast/repaint/justify-self-change.html: Added.
  • fast/repaint/justify-self-overflow-change-expected.txt: Added.
  • fast/repaint/justify-self-overflow-change.html: Added.
12:28 AM Changeset in webkit [189909] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION(r188427): Web Inspector: Extra whitespace left behind in styles sidebar after clicking in and out
https://bugs.webkit.org/show_bug.cgi?id=149197

Patch by Devin Rousso <Devin Rousso> on 2015-09-17
Reviewed by Timothy Hatcher.

In r188427, logic was added to preserve the leading whitespace of styles in a CSS file.
An unfortunate side effect of this was that extra newlines in between CSS properties
were treated as valid and left where they were. This is undesired behaviour and often
clutters the styles sidebar. These changes remove the extra newlines.

  • UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype._formattedContent):

12:24 AM Changeset in webkit [189908] by Carlos Garcia Campos
  • 21 edits in trunk

printing does not use minimum page zoom factor
https://bugs.webkit.org/show_bug.cgi?id=108507

Reviewed by Darin Adler.

Source/WebCore:

  • page/PrintContext.cpp:

(WebCore::PrintContext::beginAndComputePageRectsWithPageSize):
Helper function to share common code from numberOfPages() and
spoolAllPagesWithBoundaries().
(WebCore::PrintContext::numberOfPages): Use beginAndComputePageRectsWithPageSize().
(WebCore::PrintContext::spoolAllPagesWithBoundaries): Use
beginAndComputePageRectsWithPageSize() and don't flip the Y axis
for non Cocoa platforms.

  • page/PrintContext.h:

Source/WebKit/mac:

Pass a the frame as a reference instead of using pointers.

  • Misc/WebCoreStatistics.mm:

(-[WebFrame numberOfPagesWithPageWidth:pageHeight:]):
(-[WebFrame printToCGContext:pageWidth:pageHeight:]):

Source/WebKit2:

Add kWKSnapshotOptionsPrinting flag to indicate the snapshot
should be generated in printing mode.

  • Shared/API/c/WKImage.h:
  • Shared/API/c/WKSharedAPICast.h:

(WebKit::toSnapshotOptions):

  • Shared/ImageOptions.h:
  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::numberOfPages): Pass the frame as a
reference instead of a pointer.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::scaledSnapshotWithOptions): In case of printing,
calculate the bitmap height based on the number of pages.
(WebKit::WebPage::snapshotAtSize): In case of printing, use
PrintContext::spoolAllPagesWithBoundaries() and return.

Tools:

WebKitTestRunner always takes the snapshots from the UI process
(expect for IOS), so in the case of printing, the layout in the
web view is not the expected one. When printing, we need to take
the snapshot in the web process and ensure it's rendered with a
PrintContext.

  • WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::dump): When dumping pixels, pass
kWKSnapshotOptionsPrinting option to
WKBundlePageCreateSnapshotWithOptions() when printing. When not
printing, don't even create the snapshot, since it will be ignored
by the UI process that always creates its own from the WebView (expect for IOS platform)

  • WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::dumpResults): Use always the snapshot image
received from the web process if any when comparing pixel
results. Now we only receive a snapshot from the web process in
case of printing, or when platform is IOS. Otherwhise, generate
the snapshot from the WebView as usual.

  • WebKitTestRunner/TestInvocation.h: Add SnapshotResultType enum

parameter to dumpPixelsAndCompareWithExpected, since the snapshot
is created by the caller now, but the CG implementation needs to
know if it's a Web or UI process snapshot.

  • WebKitTestRunner/cairo/TestInvocationCairo.cpp:

(WTR::TestInvocation::dumpPixelsAndCompareWithExpected): Create a
cairo surface for the given image.

  • WebKitTestRunner/cg/TestInvocationCG.cpp:

(WTR::TestInvocation::dumpPixelsAndCompareWithExpected): Create a
CGContext for the given image.

LayoutTests:

Unskip printing reftests that should pass now.

  • platform/gtk/TestExpectations:
  • platform/mac-wk2/TestExpectations:

Sep 16, 2015:

11:51 PM Changeset in webkit [189907] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Reduce Annotation Update Frequency
https://bugs.webkit.org/show_bug.cgi?id=149250

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-16
Reviewed by Saam Barati.

  • UserInterface/Controllers/BasicBlockAnnotator.js:

(WebInspector.BasicBlockAnnotator.prototype._annotateBasicBlockExecutionRanges):

  • UserInterface/Controllers/TypeTokenAnnotator.js:

(WebInspector.BasicBlockAnnotator.prototype.insertAnnotations):
Set a lower bound of 500ms on update frequency for both annotators.

11:12 PM Changeset in webkit [189906] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

removeShadow shouldn't call ChildNodeRemovalNotifier with the shadow host as the removal point
https://bugs.webkit.org/show_bug.cgi?id=149244

Reviewed by Antti Koivisto.

Since a shadow host is in a different tree than nodes in its shadow tree, it's incorrect to call
removedFrom with the shadow host as the removal point. This causes HTMLSlotElement::removedFrom
which will be added in the bug 149241 to call methods on a wrong ShadowRoot.

We still keep the ad-hoc behavior of using the shadow host as the insertion/removal point when
calling insertedInto and removedFrom on the shadow root itself to update the InDocument node flag.
We may want to re-visit this design in the future.

No new tests since I couldn't quite create a reduction. However, tests I'm adding in the bug 149241
will crash without this change.

I separated this patch from the bug 149241 to isolate the high-risk code change here.

  • dom/Element.cpp:

(WebCore::Element::addShadowRoot): Call insertedInto on ShadowRoot, and then call it on all its
children separately with the insertion point set to the shadow root since insertedInto relies on
insertion point's inDocument flag to be true when the shadow host is in the document.
(WebCore::Element::removeShadowRoot): Ditto in the reverse order.

10:40 PM Changeset in webkit [189905] by Gyuyoung Kim
  • 27 edits in trunk/Source/WebCore

Remove all uses of PassRefPtr in WebCore/inspector
https://bugs.webkit.org/show_bug.cgi?id=149156

Reviewed by Darin Adler.

  • inspector/DOMEditor.cpp:

(WebCore::DOMEditor::InsertBeforeAction::InsertBeforeAction):
(WebCore::DOMEditor::ReplaceChildNodeAction::ReplaceChildNodeAction):
(WebCore::DOMEditor::insertBefore):
(WebCore::DOMEditor::replaceChild):

  • inspector/DOMEditor.h:
  • inspector/DOMPatchSupport.cpp:

(WebCore::DOMPatchSupport::removeChildAndMoveToNew):

  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::highlightSelector):

  • inspector/InspectorDatabaseAgent.cpp:

(WebCore::InspectorDatabaseAgent::didOpenDatabase):

  • inspector/InspectorDatabaseAgent.h:
  • inspector/InspectorDatabaseInstrumentation.h:
  • inspector/InspectorDatabaseResource.h:

(WebCore::InspectorDatabaseResource::setDatabase):

  • inspector/InspectorFrontendHost.cpp:

(WebCore::FrontendMenuProvider::create):

  • inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didOpenDatabaseImpl):

  • inspector/InspectorLayerTreeAgent.h:
  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::highlightNodeList):

  • inspector/InspectorOverlay.h:
  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::sharedBufferContent):

  • inspector/InspectorPageAgent.h:
  • inspector/InspectorResourceAgent.cpp:
  • inspector/InspectorTimelineAgent.cpp:

(WebCore::startProfiling):
(WebCore::stopProfiling):
(WebCore::InspectorTimelineAgent::stopFromConsole):

  • inspector/InspectorTimelineAgent.h:
  • inspector/InspectorWorkerResource.h:

(WebCore::InspectorWorkerResource::create):

  • inspector/InstrumentingAgents.h:
  • inspector/NetworkResourcesData.cpp:

(WebCore::createOtherResourceTextDecoder):
(WebCore::NetworkResourcesData::addResourceSharedBuffer):

  • inspector/NetworkResourcesData.h:
  • inspector/TimelineRecordFactory.cpp:

(WebCore::createQuad):

  • inspector/WebInjectedScriptHost.h:
  • inspector/WebInjectedScriptManager.cpp:

(WebCore::WebInjectedScriptManager::WebInjectedScriptManager):

  • inspector/WebInjectedScriptManager.h:
10:22 PM Changeset in webkit [189904] by rniwa@webkit.org
  • 2 edits
    1 move in trunk/LayoutTests

Add failing expectation to css3/font-feature-settings-rendering-2.html on Mavericks.
The test failure is tracked by webkit.org/b/149246.

Also rebaseline js/dom/global-constructors-attributes-idb.html on WK1 after r189879.

  • js/dom/global-constructors-attributes-idb-expected.txt: Replaced with LayoutTests/platform/wk2/js/dom/global-constructors-attributes-idb-expected.txt.
  • platform/mac/TestExpectations:
  • platform/wk2/js/dom/global-constructors-attributes-idb-expected.txt: Removed.
10:15 PM Changeset in webkit [189903] by bshafiei@apple.com
  • 10 edits
    2 copies in branches/safari-601-branch/Source/WebCore

Merged r189821. rdar://problem/22722908

9:40 PM Changeset in webkit [189902] by bshafiei@apple.com
  • 3 edits
    2 copies in branches/safari-601.1.46-branch

Merged r189862. rdar://problem/22710613

9:27 PM Changeset in webkit [189901] by beidson@apple.com
  • 4 edits
    2 adds in trunk

Have window.indexedDB.open return an IDBOpenDBRequest.
https://bugs.webkit.org/show_bug.cgi?id=149234

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/opendatabase-request.html

  • Modules/indexeddb/client/IDBFactoryImpl.cpp:

(WebCore::IDBClient::IDBFactory::open):
(WebCore::IDBClient::IDBFactory::openInternal):

  • Modules/indexeddb/client/IDBFactoryImpl.h:

LayoutTests:

  • storage/indexeddb/modern/opendatabase-request-expected.txt: Added.
  • storage/indexeddb/modern/opendatabase-request.html: Added.
9:04 PM Changeset in webkit [189900] by bshafiei@apple.com
  • 9 edits
    1 delete in branches/safari-601.1.46.7-branch

Merged r188311. rdar://problem/22618975

8:59 PM Changeset in webkit [189899] by bshafiei@apple.com
  • 2 edits
    1 copy in branches/safari-601.1.46.7-branch/Source/JavaScriptCore

Merged r189012. rdar://problem/22619016

8:49 PM Changeset in webkit [189898] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46.7-branch/Source

Versioning.

8:47 PM Changeset in webkit [189897] by bshafiei@apple.com
  • 1 copy in branches/safari-601.1.46.7-branch

New Branch.

8:27 PM Changeset in webkit [189896] by Antti Koivisto
  • 5 edits in trunk/Source/WebCore

Turn ChildNodeInsertion/RemovalNotifier classes into functions
https://bugs.webkit.org/show_bug.cgi?id=149236

Reviewed by Ryosuke Niwa.

Less architecture, more readability.

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::notifyChildInserted):
(WebCore::ContainerNode::notifyChildRemoved):
(WebCore::ContainerNode::removeChildren):

  • dom/ContainerNodeAlgorithms.cpp:

(WebCore::notifyDescendantInsertedIntoDocument):
(WebCore::notifyDescendantInsertedIntoTree):
(WebCore::notifyNodeInsertedIntoDocument):
(WebCore::notifyNodeInsertedIntoTree):
(WebCore::notifyChildNodeInserted):
(WebCore::notifyNodeRemovedFromDocument):
(WebCore::notifyNodeRemovedFromTree):
(WebCore::notifyChildNodeRemoved):
(WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument): Deleted.
(WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoTree): Deleted.
(WebCore::ChildNodeRemovalNotifier::notifyDescendantRemovedFromDocument): Deleted.
(WebCore::ChildNodeRemovalNotifier::notifyDescendantRemovedFromTree): Deleted.

  • dom/ContainerNodeAlgorithms.h:

(WebCore::ChildNodeInsertionNotifier::ChildNodeInsertionNotifier): Deleted.
(WebCore::ChildNodeRemovalNotifier::ChildNodeRemovalNotifier): Deleted.
(WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument): Deleted.
(WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoTree): Deleted.
(WebCore::ChildNodeInsertionNotifier::notify): Deleted.
(WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromDocument): Deleted.
(WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromTree): Deleted.
(WebCore::ChildNodeRemovalNotifier::notify): Deleted.

  • dom/Element.cpp:

(WebCore::Element::addShadowRoot):
(WebCore::Element::removeShadowRoot):
(WebCore::Element::createShadowRoot):

8:00 PM Changeset in webkit [189895] by Gyuyoung Kim
  • 20 edits in trunk/Source/WebCore

Remove all uses of PassRefPtr in WebCore/bindings
https://bugs.webkit.org/show_bug.cgi?id=149207

Reviewed by Darin Adler.

If RefPtr<>&& argument is passed to new variable or other function, we use copyRef() or WTF::move().
copyRef() should be used when the argument continues to be used in following code. If it is final use
inside function, we have to use WTF::move().

  • bridge/NP_jsobject.cpp:
  • bridge/NP_jsobject.h:
  • bridge/c/CRuntimeObject.cpp:

(JSC::Bindings::CRuntimeObject::CRuntimeObject):

  • bridge/c/CRuntimeObject.h:

(JSC::Bindings::CRuntimeObject::create):

  • bridge/c/c_instance.cpp:

(JSC::Bindings::CInstance::CInstance):

  • bridge/c/c_instance.h:

(JSC::Bindings::CInstance::create):

  • bridge/jsc/BridgeJSC.cpp:

(JSC::Bindings::Array::Array):
(JSC::Bindings::Instance::Instance):

  • bridge/jsc/BridgeJSC.h:
  • bridge/objc/ObjCRuntimeObject.h:

(JSC::Bindings::ObjCRuntimeObject::create):

  • bridge/objc/ObjCRuntimeObject.mm:

(JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):

  • bridge/objc/WebScriptObjectProtocol.h:
  • bridge/objc/objc_instance.h:
  • bridge/objc/objc_instance.mm:

(ObjcInstance::ObjcInstance):
(ObjcInstance::create):

  • bridge/objc/objc_runtime.h:
  • bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcArray::ObjcArray):

  • bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::RuntimeObject):

  • bridge/runtime_object.h:
  • bridge/runtime_root.cpp:

(JSC::Bindings::RootObject::create):

  • bridge/runtime_root.h:
6:35 PM Changeset in webkit [189894] by Sukolsak Sakshuwong
  • 1 edit in trunk/Source/JavaScriptCore/jit/JITOperations.cpp

Build fix for WebAssembly after r189884

  • jit/JITOperations.cpp
6:24 PM Changeset in webkit [189893] by Chris Dumez
  • 4 edits in trunk

LayoutTests/imported/w3c:
Element's attribute NS API should treat defined undefined namespace as null
https://bugs.webkit.org/show_bug.cgi?id=149238
<rdar://problem/22562204>

Reviewed by Ryosuke Niwa.

Rebaseline W3C DOM test that one more check is passing.

  • web-platform-tests/dom/nodes/attributes-expected.txt:

Source/WebCore:
Element's attribute NS API should defined treat undefined namespace as null
https://bugs.webkit.org/show_bug.cgi?id=149238
<rdar://problem/22562204>

Reviewed by Ryosuke Niwa.

Element's attribute NS API should treat defined undefined namespace as null
instead of converting it to the "undefined" String. This is because the
namespace parameter is a nullable String as per the DOM spec:

The attribute is nullable and WebIDL says undefined should be converted
to null for nullable parameters:

Firefox follows the specification.

No new tests, already covered by existing test.

  • dom/Element.idl:
6:23 PM Changeset in webkit [189892] by commit-queue@webkit.org
  • 9 edits in trunk/Source/JavaScriptCore

Implement indirect calls in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149100

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-16
Reviewed by Geoffrey Garen.

This patch implement indirect calls for WebAssembly files generated by
pack-asmjs <https://github.com/WebAssembly/polyfill-prototype-1>.
pack-asmjs uses the same indirect call model as asm.js. In asm.js, an
indirect call looks like this:

t[i & n](...)

where t is a variable referring to an array of functions with the same
signature, i is an integer expression, n is an integer that is equal to
(t.length - 1), and t.length is a power of two. pack-asmjs does not
use the '&' operator nor n in the WebAssembly output, but the semantics
is still the same as asm.js.

  • tests/stress/wasm-calls.js:
  • tests/stress/wasm/calls.wasm:
  • wasm/WASMFormat.h:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildCallIndirect):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseCallIndirect):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildCallIndirect):

  • wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::parseFunctionPointerTableSection):
(JSC::WASMModuleParser::parseFunctionDefinitionSection):

6:16 PM Changeset in webkit [189891] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Fix 32-bit build issues in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149240

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-16
Reviewed by Geoffrey Garen.

Fix the syntax error and replace the instructions that are not available on
64-bit platforms.

  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble):

6:15 PM Changeset in webkit [189890] by mmaxfield@apple.com
  • 4 edits
    10 adds in trunk

Create a font which can be used for testing font features
https://bugs.webkit.org/show_bug.cgi?id=149237

Reviewed by Simon Fraser.

Tools:

This patch adds a new project in the Tools/ directory which generates a font which can
be used for testing font features. This is a standalone project consisting of two files:

  1. A file which actually generates the byte vector representing the font. This file has

a single public function: std::vector<uint8_t> generateFont(). This file is not platform
specific, and only relies on the C++ STL.

  1. A file with a main() which calls generateFont() and writes out the font, as well as

uses the font to render some demonstration text into a .png file. This file is platform
specific.

The font itself only supports the following characters:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
However, the shape of these letters are either an X or a check mark.

The letter "A" always is a check mark.
The letter "B" always is an X.
Without any font features turned on, the rest of the letters are shown as X.

Each font feature has an letter associated with it. When the font feature is enabled,
that letter is shown as a check mark. For example, when "smcp" is enabled, "J" is shown
as a check mark.

Here are the mappings of font features to letters:
liga: C
clig: D
dlig: E
hlig: F
calt: G
subs: H
sups: I
smcp: J
c2sc: K
pcap: L
c2pc: M
unic: N
titl: O
onum: P
pnum: Q
tnum: R
frac: S
afrc: T
ordn: U
zero: V
hist: W
jp78: X
jp83: Y
jp90: Z
jp04: a
smpl: b
trad: c
fwid: d
pwid: e
ruby: f

  • FontWithFeatures/FontWithFeatures.xcodeproj/project.pbxproj: Added.
  • FontWithFeatures/FontWithFeatures/FontCreator.cpp: Added.

(integralLog2):
(roundDownToPowerOfTwo):
(isFourByteAligned):
(clampTo):
(append32):
(writeCFFEncodedNumber):
(CFFBuilder::CFFBuilder):
(CFFBuilder::takeResult):
(CFFBuilder::moveTo):
(CFFBuilder::lineTo):
(CFFBuilder::curveToCubic):
(CFFBuilder::closePath):
(CFFBuilder::writePoint):
(generateBoxCharString):
(generateCheckCharString):
(generateXCharString):
(charStringForGlyph):
(Generator::generate):
(Generator::Placeholder::Placeholder):
(Generator::Placeholder::populate):
(Generator::Placeholder::~Placeholder):
(Generator::placeholder):
(Generator::append16):
(Generator::append32):
(Generator::append32BitCode):
(Generator::overwrite16):
(Generator::overwrite32):
(Generator::appendCFFTable):
(Generator::appendSubstitutionSubtable):
(Generator::appendScriptSubtable):
(Generator::appendGSUBTable):
(Generator::appendOS2Table):
(Generator::appendFormat12CMAPTable):
(Generator::appendFormat4CMAPTable):
(Generator::appendCMAPTable):
(Generator::appendHEADTable):
(Generator::appendHHEATable):
(Generator::appendHMTXTable):
(Generator::appendMAXPTable):
(Generator::appendNAMETable):
(Generator::appendPOSTTable):
(Generator::calculateChecksum):
(Generator::appendTable):
(generateFont):

  • FontWithFeatures/FontWithFeatures/FontCreator.h: Added.
  • FontWithFeatures/FontWithFeatures/main.cpp: Added.

(drawTextWithFeature):
(main):

LayoutTests:

  • css3/font-feature-settings-rendering-2-expected.html: Added.
  • css3/font-feature-settings-rendering-2.html: Added.
  • css3/resources/FontWithFeatures.otf: Added.
  • platform/efl/TestExpectations:
  • platform/win/TestExpectations:
5:28 PM Changeset in webkit [189889] by ggaren@apple.com
  • 12 edits in trunk/Source/JavaScriptCore

JavaScriptCore should discard baseline code after some time
https://bugs.webkit.org/show_bug.cgi?id=149220

Reviewed by Saam Barati.

This is a bit more complicated than discarding optimized code because
the engine previously assumed that we would never discard baseline code.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock): Record creation time (and compute time since
creation) instead of install time because CodeBlocks can be installed
more than once, and we don't want to have to worry about edge cases
created by CodeBlocks seeming to get younger.

(JSC::CodeBlock::visitAggregate): Be explicit about only doing the
weak reference fixpoint for optimized CodeBlocks. We used to avoid the
fixpoint for baseline CodeBlocks implicitly, since they would always
visit themselves strongly right away. But now baseline CodeBlocks might
not visit themselves strongly, since they might choose to jettison due
to old age.

(JSC::CodeBlock::shouldVisitStrongly): Add old age as a reason not to
visit ourselves strongly, so that baseline CodeBlocks can jettison due
to old age.

(JSC::CodeBlock::shouldJettisonDueToWeakReference): Be explicit about
only jettisoning optimized CodeBlocks due to weak references so that we
don't confuse ourselves into thinking that we will jettison a baseline
CodeBlock due to weak references.

(JSC::CodeBlock::shouldJettisonDueToOldAge): Updated to use creation time.

(JSC::CodeBlock::visitOSRExitTargets): Clarify a comment and add an
ASSERT to help record some things I discovered while debugging.

(JSC::CodeBlock::jettison): Allow a baseline CodeBlock to jettison. Don't
assume that we have an alternative or a profiler.

(JSC::CodeBlock::install): Deleted.

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::releaseAlternative): Deleted.
(JSC::CodeBlock::setInstallTime): Deleted.
(JSC::CodeBlock::timeSinceInstall): Deleted.

  • dfg/DFGOSRExitPreparation.cpp:

(JSC::DFG::prepareCodeOriginForOSRExit): Simplified the computation of
baseline CodeBlock.

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::checkLivenessAndVisitChildren): Be sure to strongly
visit our inline callframes because we assume that an optimized CodeBlock
will keep its OSR exit targets alive, but the CodeBlock object won't be
able to mark them for itself until compilation has completed (since it
won't have a JITCode object yet).

  • dfg/DFGToFTLDeferredCompilationCallback.cpp:

(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
Updated for interface change.

  • jit/JITCode.h:

(JSC::JITCode::timeToLive): Provide a time to live for interpreter and
baseline code, so they will jettison when old. Use seconds in our
code so that we don't need comments. Make DFG 2X interpreter+baseline,
and FTL 2X DFG+interpreter+baseline, also matching the time we allot
before throwing away all code.

  • jit/JITToDFGDeferredCompilationCallback.cpp:

(JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::jitCompileAndSetHeuristics): Updated for interface change.

  • runtime/Executable.cpp:

(JSC::ScriptExecutable::installCode): Allow our caller to install nullptr,
since we need to do this when jettisoning a baseline CodeBlock. Require
our caller to specify the details of the installation because we can't
rely on a non-null CodeBlock in order to compute them.

(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):

  • runtime/Executable.h:

(JSC::ScriptExecutable::recordParse): Updated for interface change.

  • runtime/Options.h: Renamed the CodeBlock liveness option since it now

controls baseline and optimized code.

5:16 PM Changeset in webkit [189888] by ggaren@apple.com
  • 6 edits
    1 delete in trunk/Source/JavaScriptCore

Remove obsolete code for deleting CodeBlocks
https://bugs.webkit.org/show_bug.cgi?id=149231

Reviewed by Mark Lam.

  • heap/Heap.cpp:

(JSC::Heap::deleteAllCodeBlocks): ASSERT that we're called in a valid
state, and do the compiler waiting ourselves instead of having our
caller do it. This is more appropriate to our new limited use.

(JSC::Heap::collectImpl):
(JSC::Heap::deleteOldCode): Deleted. Don't call deleteAllCodeBlocks
periodically because it's not such a good idea to delete everything
at once, and CodeBlocks now have a more precise individual policy for
when to delete. Also, this function used to fail all or nearly all of
the time because its invariants that we were not executing or compiling
could not be met.

  • heap/Heap.h:
  • jsc.cpp:

(GlobalObject::finishCreation):
(functionDeleteAllCompiledCode): Deleted.

  • tests/stress/deleteAllCompiledCode.js: Removed. Removed this testing

code because it did not do what it thought it did. All of this code
was guaranteed to no-op since it would run JavaScript to call a function
that would return early because JavaScript was running.

  • runtime/VM.cpp:

(JSC::VM::deleteAllCode): This code is simpler now becaue
heap.deleteAllCodeBlocks does some work for us.

  • runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope): Don't delete code on VM entry. This
policy was old, and it dated back to a time when we

(a) couldn't run in the interpreter if compilation failed;

(b) didn't reduce the rate of compilation in response to executable
memory pressure;

(c) didn't throw away individual CodeBlocks automatically.

5:10 PM Changeset in webkit [189887] by Chris Dumez
  • 9 edits in trunk/Source/WebCore

Possible small iOS PLT regression from r189537
https://bugs.webkit.org/show_bug.cgi?id=149232

Reviewed by Ryosuke Niwa.

r189537 may have regressed PLT a bit on iOS. That change added a couple
of extra branches to throw exceptions. This patch marks those branches
as UNLIKELY() as we already do for other similar checks in the JS
bindings.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

(webkit_dom_test_obj_get_property):
(webkit_dom_test_obj_class_init):
(webkit_dom_test_obj_get_strict_type_checking_attribute):
(webkit_dom_test_obj_set_strict_type_checking_attribute):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjStrictTypeCheckingAttribute):
(WebCore::setJSTestObjStrictTypeCheckingAttribute):

  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:

(-[DOMTestObj strictTypeCheckingAttribute]):
(-[DOMTestObj setStrictTypeCheckingAttribute:]):

  • bindings/scripts/test/TestObj.idl:
  • html/HTMLTableElement.cpp:

(WebCore::HTMLTableElement::setTHead):
(WebCore::HTMLTableElement::setTFoot):

4:54 PM Changeset in webkit [189886] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

4:50 PM Changeset in webkit [189885] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.3

New tag.

4:40 PM Changeset in webkit [189884] by msaboff@apple.com
  • 43 edits in trunk/Source/JavaScriptCore

[ES6] Implement tail calls in the LLInt and Baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=148661

Fix for the breakage of Speedometer/Full.html (https://bugs.webkit.org/show_bug.cgi?id=149162).

Reviewed by Filip Pizlo.
Changed SetupVarargsFrame.cpp::emitSetVarargsFrame to align the callframe size to be a
multiple of stackAlignmentRegisters() in addition to the location of the new frame.

Fixed Reviewed by Filip Pizlo.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/AbortReason.h:
  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::repatchNearCall):
(JSC::AbstractMacroAssembler::repatchCompact):

  • assembler/CodeLocation.h:

(JSC::CodeLocationNearCall::CodeLocationNearCall):
(JSC::CodeLocationNearCall::callMode):
(JSC::CodeLocationCommon::callAtOffset):
(JSC::CodeLocationCommon::nearCallAtOffset):
(JSC::CodeLocationCommon::dataLabelPtrAtOffset):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::locationOf):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::nearCall):
(JSC::MacroAssemblerARM::nearTailCall):
(JSC::MacroAssemblerARM::call):
(JSC::MacroAssemblerARM::linkCall):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::nearCall):
(JSC::MacroAssemblerARM64::nearTailCall):
(JSC::MacroAssemblerARM64::ret):
(JSC::MacroAssemblerARM64::linkCall):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::linkCall):

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::nearCall):
(JSC::MacroAssemblerMIPS::nearTailCall):
(JSC::MacroAssemblerMIPS::call):
(JSC::MacroAssemblerMIPS::linkCall):
(JSC::MacroAssemblerMIPS::repatchCall):

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::call):
(JSC::MacroAssemblerSH4::nearTailCall):
(JSC::MacroAssemblerSH4::nearCall):
(JSC::MacroAssemblerSH4::linkCall):
(JSC::MacroAssemblerSH4::repatchCall):

  • assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::linkCall):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::breakpoint):
(JSC::MacroAssemblerX86Common::nearTailCall):
(JSC::MacroAssemblerX86Common::nearCall):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::linkCall):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor):
(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::specializationKind):
(JSC::CallLinkInfo::callModeFor):
(JSC::CallLinkInfo::callMode):
(JSC::CallLinkInfo::isTailCall):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::registerPreservationMode):

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCallEval):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitConstructVarargs):

  • bytecompiler/NodesCodegen.cpp:

(JSC::CallArguments::CallArguments):
(JSC::LabelNode::emitBytecode):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):

  • interpreter/Interpreter.h:

(JSC::Interpreter::isCallBytecode):
(JSC::calleeFrameForVarargs):

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):
(JSC::CCallHelpers::prepareForTailCallSlow):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):

  • jit/JITCall32_64.cpp:

(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

  • jit/JITInlines.h:

(JSC::JIT::emitNakedCall):
(JSC::JIT::emitNakedTailCall):
(JSC::JIT::updateTopCallFrame):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.cpp:

(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

  • jit/SetupVarargsFrame.cpp:

(JSC::emitSetVarargsFrame):

  • jit/ThunkGenerators.cpp:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::arityFixupGenerator):
(JSC::unreachableGenerator):
(JSC::baselineGetterReturnThunkGenerator):

  • jit/ThunkGenerators.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
(JSC::CommonSlowPaths::opIn):

4:25 PM Changeset in webkit [189883] by commit-queue@webkit.org
  • 12 edits in trunk/Source

Web Inspector: Fix common typo "supress" => "suppress"
https://bugs.webkit.org/show_bug.cgi?id=149199

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-16
Reviewed by Gyuyoung Kim.

Source/WebCore:

  • html/shadow/ContentDistributor.h:

(WebCore::ContentDistributor::needsDistribution):

  • page/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation):

  • platform/NotImplemented.h:
  • platform/graphics/ca/win/LayerChangesFlusher.cpp:

(WebCore::LayerChangesFlusher::hookCallback):

  • platform/mac/HIDGamepadProvider.cpp:

(WebCore::HIDGamepadProvider::deviceRemoved):

  • platform/win/makesafeseh.asm:

Source/WebInspectorUI:

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGridNode.prototype.select):
(WebInspector.DataGridNode.prototype.deselect):

  • UserInterface/Views/SearchBar.js:

(WebInspector.SearchBar):

Source/WebKit2:

  • PluginProcess/mac/PluginProcessMac.mm:

(WebKit::PluginProcess::platformInitializeProcess):

4:07 PM WebKitIDL edited by Chris Dumez
ReturnedNewObject -> NewObject (diff)
4:05 PM Changeset in webkit [189882] by commit-queue@webkit.org
  • 4 edits in trunk/Tools

Unreviewed, rolling out r189875 and r189878.
https://bugs.webkit.org/show_bug.cgi?id=149235

cygwin cmake build not ready yet (Requested by alexchristensen
on #webkit).

Reverted changesets:

"Switch AppleWin build to use CMake"
https://bugs.webkit.org/show_bug.cgi?id=149163
http://trac.webkit.org/changeset/189875

"Cygwin build fix after r189875"
http://trac.webkit.org/changeset/189878

4:01 PM Changeset in webkit [189881] by Chris Dumez
  • 60 edits
    4 deletes in trunk/Source/WebCore

WebIDL: Rename [ReturnNewObject] to [NewObject] and use it more consistently in DOM
https://bugs.webkit.org/show_bug.cgi?id=149192

Reviewed by Darin Adler.

Rename [ReturnNewObject] to [NewObject] and use it more consistently in
DOM.

This aligns our IDL extended attribute naming with standard Web IDL:
https://heycam.github.io/webidl/#NewObject

We already have [ReturnNewObject] in most places that the DOM
specification uses [NewObject] but we are missing a few so I'll
fix this as well:
https://dom.spec.whatwg.org/#interface-document

Using [NewObject] lets the bindings generator know that the API in
question always returns new objects and that we can bypass the check
for existing wrappers and directly create a new wrapper for the
returned object.

This patch also adds support for generating the toJSNewlyCreated()
utility function for most types. Previously, to use [ReturnNewObject]
for a new type, you needed to add the type to a hard-coded list in
the bindings generator then provide your own implementation for
toJSNewlyCreated() as custom bindings.

No new-exposed behavior change.

  • bindings/js/JSDocumentCustom.cpp:
  • bindings/js/JSEventCustom.cpp:
  • bindings/js/JSNodeListCustom.cpp:

Add toJSNewlyCreated() custom implementation for Node, Event and
Document, that shares code with the existing toJS() implementation for
those types.

  • bindings/js/JSCDATASectionCustom.cpp: Removed.
  • bindings/js/JSTextCustom.cpp: Removed.
  • bindings/js/JSTouchCustom.cpp: Removed.
  • bindings/js/JSTouchListCustom.cpp: Removed.

Drop several custom bindings files as the bindings generator is
now able to generate the toJSNewlyCreated() utility function for
most types.

  • bindings/scripts/CodeGeneratorJS.pm:
  • Rename [ReturnNewObject] to [NewObject].
  • Generate a toJSNewlyCreated() whenever we generate a toJS() already. Get rid of the hard-coded list of types that need a toJSNewlyCreated().
  • bindings/scripts/IDLAttributes.txt:

Rename [ReturnNewObject] to [NewObject].

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.h:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.h:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.h:
  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:
  • bindings/scripts/test/JS/JSTestNondeterministic.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.h:
  • bindings/scripts/test/JS/JSattribute.cpp:
  • bindings/scripts/test/JS/JSattribute.h:
  • bindings/scripts/test/JS/JSreadonly.cpp:
  • bindings/scripts/test/JS/JSreadonly.h:

Rebaseline bindings tests.

  • dom/Attr.idl:
  • dom/CDATASection.idl:
  • dom/Comment.idl:
  • dom/DocumentFragment.idl:
  • dom/DocumentType.idl:
  • dom/EntityReference.idl:
  • dom/ProcessingInstruction.idl:

Add [JSGenerateToJSObject] so that the bindings generator generates
a toJS() / toJSNewlyCreated() for this type. While it is not strictly
needed, it avoids falling back to using the toJS() from Node which
calls the virtual nodeType() function to determine the node type.
This change was made for efficiency purposes.

  • dom/DOMImplementation.idl:

Rename [ReturnNewObject] to [NewObject] and add it to createHTMLDocument()
as well, as per the specification:
https://dom.spec.whatwg.org/#interface-domimplementation

  • dom/Document.idl:

Rename [ReturnNewObject] to [NewObject] and add it to more operations
as per he DOM specification:
https://dom.spec.whatwg.org/#document

  • dom/Node.idl:

Add [NewObject] to cloneNode() as per the DOM specification:
https://dom.spec.whatwg.org/#node

  • dom/ParentNode.idl:

Add [NewObject] to querySelectorAll() as per the DOM specification:
https://dom.spec.whatwg.org/#parentnode

  • dom/Range.idl:

Add [NewObject] for several operations, as per the DOM specification:
https://dom.spec.whatwg.org/#interface-range

2:04 PM Changeset in webkit [189880] by mmaxfield@apple.com
  • 2 edits in trunk

Unreviewed ChangeLog update

1:45 PM Changeset in webkit [189879] by beidson@apple.com
  • 11 edits
    4 copies
    7 adds in trunk

Have window.indexedDB.deleteDatabase return an IDBOpenDBRequest.
https://bugs.webkit.org/show_bug.cgi?id=149229

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/deletedatabase-request.html

storage/indexeddb/modern/deletedatabase-null-name-exception.html

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • Modules/indexeddb/IDBDatabaseIdentifier.cpp: Added.

(WebCore::IDBDatabaseIdentifier::IDBDatabaseIdentifier):

  • Modules/indexeddb/IDBDatabaseIdentifier.h: Added.

(WebCore::IDBDatabaseIdentifier::IDBDatabaseIdentifier):
(WebCore::IDBDatabaseIdentifier::isHashTableDeletedValue):
(WebCore::IDBDatabaseIdentifier::hash):
(WebCore::IDBDatabaseIdentifier::isValid):
(WebCore::IDBDatabaseIdentifier::operator==):
(WebCore::IDBDatabaseIdentifier::databaseName):
(WebCore::IDBDatabaseIdentifierHash::hash):
(WebCore::IDBDatabaseIdentifierHash::equal):
(WebCore::IDBDatabaseIdentifierHashTraits::isEmptyValue):

  • Modules/indexeddb/client/IDBFactoryImpl.cpp:

(WebCore::IDBClient::shouldThrowSecurityException):
(WebCore::IDBClient::IDBFactory::getDatabaseNames):
(WebCore::IDBClient::IDBFactory::open):
(WebCore::IDBClient::IDBFactory::deleteDatabase):

  • Modules/indexeddb/client/IDBFactoryImpl.h:
  • Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp: Copied from Source/WebCore/Modules/indexeddb/client/IDBFactoryImpl.cpp.

(WebCore::IDBClient::IDBOpenDBRequest::IDBOpenDBRequest):

  • Modules/indexeddb/client/IDBOpenDBRequestImpl.h: Copied from Source/WebCore/Modules/indexeddb/client/IDBFactoryImpl.cpp.

(WebCore::IDBClient::IDBOpenDBRequest::create):

  • Modules/indexeddb/client/IDBRequestImpl.cpp: Copied from Source/WebCore/Modules/indexeddb/client/IDBFactoryImpl.cpp.

(WebCore::IDBClient::IDBRequest::IDBRequest):
(WebCore::IDBClient::IDBRequest::result):
(WebCore::IDBClient::IDBRequest::errorCode):
(WebCore::IDBClient::IDBRequest::error):
(WebCore::IDBClient::IDBRequest::source):
(WebCore::IDBClient::IDBRequest::transaction):
(WebCore::IDBClient::IDBRequest::readyState):
(WebCore::IDBClient::IDBRequest::eventTargetInterface):
(WebCore::IDBClient::IDBRequest::activeDOMObjectName):
(WebCore::IDBClient::IDBRequest::canSuspendForPageCache):

  • Modules/indexeddb/client/IDBRequestImpl.h: Copied from Source/WebCore/Modules/indexeddb/client/IDBFactoryImpl.h.
  • platform/Logging.h:

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]): Enable IDB in WK1.

LayoutTests:

  • platform/mac-wk1/TestExpectations:
  • platform/wk2/TestExpectations:
  • storage/indexeddb/modern/deletedatabase-null-name-exception-expected.txt: Added.
  • storage/indexeddb/modern/deletedatabase-null-name-exception.html: Added.
  • storage/indexeddb/modern/deletedatabase-request-expected.txt: Added.
  • storage/indexeddb/modern/deletedatabase-request.html: Added.
12:55 PM Changeset in webkit [189878] by achristensen@apple.com
  • 3 edits in trunk/Tools

Cygwin build fix after r189875

  • Scripts/build-webkit:
  • Scripts/webkitdirs.pm:

(jhbuildWrapperPrefixIfNeeded):
(generateBuildSystemFromCMakeProject):
Make things work with cygwin and cmake.

12:52 PM Changeset in webkit [189877] by mitz@apple.com
  • 3 edits in trunk/Source/WebKit2

[iOS] Inline implementation of -[WKImagePreviewViewController previewActions]
https://bugs.webkit.org/show_bug.cgi?id=149224

Reviewed by Tim Horton.

  • Platform/spi/ios/UIKitSPI.h: Declare UIViewControllerPreviewAction and its factory method.
  • UIProcess/WKImagePreviewViewController.mm:

(-[WKImagePreviewViewController previewActions]): Moved here.

12:05 PM Changeset in webkit [189876] by Chris Dumez
  • 1 edit
    2 deletes in trunk/LayoutTests

Unreviewed, drop dom/xhtml/level3/core/nodegetbaseuri03.xhtml test.

This test is outdated and we have more recent DOM tests covering
the newly expected behavior.

  • dom/xhtml/level3/core/nodegetbaseuri03.js: Removed.
  • dom/xhtml/level3/core/nodegetbaseuri03.xhtml: Removed.
11:57 AM Changeset in webkit [189875] by achristensen@apple.com
  • 3 edits in trunk/Tools

Switch AppleWin build to use CMake
https://bugs.webkit.org/show_bug.cgi?id=149163

Reviewed by Brent Fulgham.

  • Scripts/build-webkit:

Build with CMake.

  • Scripts/run-api-tests:

(runTest):
(listAllTests):
(prepareEnvironmentForRunningTestTool):
(testToolPaths):
(testToolPath): Deleted.
Run the API tests as separate executables on Windows.
It used to be TestWebKitAPI.exe, and it is now TestWTF.exe, TestWebCore.exe, and TestWebKit.exe.

11:08 AM Changeset in webkit [189874] by ap@apple.com
  • 2 edits in trunk/Tools

Add newer build.webkit.org pages to robots.txt
https://bugs.webkit.org/show_bug.cgi?id=149219

Reviewed by Darin Adler.

Indexing bot watcher's dashboard can't be good.

  • BuildSlaveSupport/build.webkit.org-config/public_html/robots.txt:
10:56 AM WebKitIDL edited by Chris Dumez
Add [Unforgeable] (diff)
10:46 AM Changeset in webkit [189873] by Chris Dumez
  • 10 edits
    2 adds in trunk

Add initial support for [Unforgeable] IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=149147

Reviewed by Darin Adler.

Source/WebCore:

Add initial support for [Unforgeable] IDL extended attribute:
https://heycam.github.io/webidl/#Unforgeable

In particular, attributes marked as unforgeable are now:

  • on the instance rather than the prototype
  • non-configurable. WebKit does not match the Web IDL specification and most properties are currently non-configurable already. However, I added an extra check for [Unforgeable] so that unforgeable attributes stay unconfigurable if we later decide to match the spec and mark properties as configurable.

Operation marked as unforgeable are now non-configurable. However, this
patch does not move them from the prototype to the instance yet. This
needs to be addressed in a follow-up patch as this is a larger change.

This patch also drops support for the undocumented
[OperationsNotDeletable] IDL extended attribute. It is no longer needed
now that we support [Unforgeable] and still support [NotDeletable] for
operations.

Test: fast/dom/unforgeable-attributes.html

  • Modules/plugins/QuickTimePluginReplacement.idl:

Drop [OperationsNotDeletable] on the interface and mark the only
operation on this interface as [NotDeletable]. There is no behavior
change but this allows us to drop support for a non-standard and
undocumented IDL extended attribute.

  • bindings/scripts/CodeGeneratorJS.pm:

(AttributeShouldBeOnInstance):
(GenerateAttributesHashTable):
(GenerateImplementation):
Add initial support for [Unforgeable] IDL extended attribute.

  • bindings/scripts/IDLAttributes.txt:

Add [Unforgeable]. Drop [OperationsNotDeletable].

  • crypto/CryptoKeyPair.idl:

Drop [OperationsNotDeletable] on the interface as this interface has
no operations.

  • dom/Document.idl:
  • page/DOMWindow.idl:
  • page/Location.idl:

Mark attributes / interfaces as [Unforgeable] as per the latest HTML
specification:
https://html.spec.whatwg.org/multipage/dom.html#document
https://html.spec.whatwg.org/multipage/browsers.html#window
https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface

LayoutTests:

New test that verifies that well-known [Unforgeable] attributes
are on the instance rather than the prototype and that they are
non-configurable.

  • fast/dom/unforgeable-attributes-expected.txt: Added.
  • fast/dom/unforgeable-attributes.html: Added.
10:38 AM Changeset in webkit [189872] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Turn off line wrapping in resource text editors
https://bugs.webkit.org/show_bug.cgi?id=149121

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-16
Reviewed by Darin Adler.

  • UserInterface/Views/TextEditor.js:

(WebInspector.TextEditor):

10:35 AM Changeset in webkit [189871] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

[Mac] Allow reading from SubmitDiagInfo.domains in Networking process
https://bugs.webkit.org/show_bug.cgi?id=149176
rdar://problem/22483680

Reviewed by Darin Adler.

  • NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
10:31 AM Changeset in webkit [189870] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Simple line layout: Glitch selecting long text.
https://bugs.webkit.org/show_bug.cgi?id=149204
rdar://problem/22646472

Reviewed by Antti Koivisto.

When long text is split into multiple RenderText objects, we ignore renderer boundaries while
collecting wrapping positions (so that we don't end up wrapping unbreakable fragments at the end of each renderer).
This patch ensures that fragments with hypen character ignore renderer boundaries too.

Source/WebCore:

Test: fast/text/multiple-renderers-with-hypen-on-boundary.html

  • rendering/SimpleLineLayoutTextFragmentIterator.cpp:

(WebCore::SimpleLineLayout::TextFragmentIterator::skipToNextPosition):

LayoutTests:

  • fast/text/multiple-renderers-with-hypen-on-boundary-expected.html: Added.
  • fast/text/multiple-renderers-with-hypen-on-boundary.html: Added.
10:29 AM Changeset in webkit [189869] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/events/mouse-cursor-change.html is flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=149216

Reviewed by Darin Adler.

  • fast/events/mouse-cursor-change.html: Increase the timeout. I don't see a way to make

this test 100% reliable, but this change makes it work in my local testing.

10:24 AM Changeset in webkit [189868] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] Unifiy WebKit2PlatformTouchPoint definition
https://bugs.webkit.org/show_bug.cgi?id=149221

Reviewed by Darin Adler.

  • Shared/WebEventConversion.cpp:

(WebKit::touchEventType):
(WebKit::WebKit2PlatformTouchPoint::WebKit2PlatformTouchPoint):

9:55 AM Changeset in webkit [189867] by achristensen@apple.com
  • 2 edits in trunk/Tools

Rollout r189851 and 189853 because they didn’t actually fix the permissions issue

  • BuildSlaveSupport/built-product-archive:

(unzipArchive):

9:08 AM Changeset in webkit [189866] by Chris Dumez
  • 2 edits in trunk/LayoutTests

Unreviewed, rebaseline W3C html/dom test for iOS after r189842.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
9:01 AM Changeset in webkit [189865] by ap@apple.com
  • 2 edits in trunk/LayoutTests

More test result fixing after r189841.

  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
8:57 AM Changeset in webkit [189864] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark http/tests/css/link-css-disabled-value-with-slow-loading-sheet.html as flaky, because it is.

It was already marked as flaky on mac-wk2.

  • platform/ios-simulator-wk2/TestExpectations:
8:32 AM Changeset in webkit [189863] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Remove stray logging string mistakenly left in r189746.

  • Modules/indexeddb/legacy/LegacyFactory.cpp:

(WebCore::LegacyFactory::deleteDatabase):

8:02 AM Changeset in webkit [189862] by Chris Fleizach
  • 3 edits
    2 adds in trunk

Source/WebCore:
AX: No VoiceOver typing feedback in some search fields
https://bugs.webkit.org/show_bug.cgi?id=149177

Reviewed by Mario Sanchez Prada.

If SearchFieldRole is not marked as a TextControl, it does not end up returning the accessibilityValue,
which is needed to output the right text to VoiceOver.

Test: accessibility/ax-value-with-search.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::isTextControl):

LayoutTests:
AX: No VO typing feedback in some text fields
https://bugs.webkit.org/show_bug.cgi?id=149177

Reviewed by Mario Sanchez Prada.

  • accessibility/ax-value-with-search-expected.txt: Added.
  • accessibility/ax-value-with-search.html: Added.
5:48 AM Changeset in webkit [189861] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[EFL] Fix the help message of separated web process option of MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=149212

Reviewed by Gyuyoung Kim.

  • MiniBrowser/efl/main.c:
3:09 AM Changeset in webkit [189860] by Manuel Rego Casasnovas
  • 3 edits
    2 adds in trunk

[css-grid] Grid container's height should include scrollbar
https://bugs.webkit.org/show_bug.cgi?id=149210

Reviewed by Sergio Villar Senin.

Source/WebCore:

Add scrollbar's size in the grid container's height calculation at
RenderGrid::layoutGridItems().

Test: fast/css-grid-layout/grid-container-margin-border-padding-scrollbar.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::layoutGridItems): Include scrollbarLogicalHeight()
while computing the grid's logical height.

LayoutTests:

Add test to check both height and width (which was already working as
expected) with margins, borders, paddings and scrollbars.

  • fast/css-grid-layout/grid-container-margin-border-padding-scrollbar-expected.txt: Added.
  • fast/css-grid-layout/grid-container-margin-border-padding-scrollbar.html: Added.
3:09 AM Changeset in webkit [189859] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.9.92

WebKitGTK+ 2.9.92

3:08 AM Changeset in webkit [189858] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.9.92 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.9.92.
2:23 AM WebKitGTK/2.10.x edited by Carlos Garcia Campos
(diff)
2:03 AM Changeset in webkit [189857] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189854 - [GTK] Web Process crash recovery no longer works
https://bugs.webkit.org/show_bug.cgi?id=149064

Reviewed by Žan Doberšek.

After a web process crash the new DrawingArea is never resized, so
nothing is rendered into the web view.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseDidRelaunchWebProcess): Queue a widget resize to ensure
the new DrawingAreaProxy is resized.

2:03 AM Changeset in webkit [189856] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189826 - [GTK] Build failure with ACCELERATED_2D_CANVAS when cairo-gl has built with OpenGLESv2 support only.
https://bugs.webkit.org/show_bug.cgi?id=149172

Reviewed by Martin Robinson.

No new tests, no behavior change.

  • platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::cairoDevice):

1:29 AM Changeset in webkit [189855] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

Unreviewed. Fix GObject DOM bindings API break after r189676.

webkit_dom_character_data_append_data() used to raise exceptions.

  • bindings/scripts/CodeGeneratorGObject.pm:

(FunctionUsedToRaiseException):

1:00 AM Changeset in webkit [189854] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[GTK] Web Process crash recovery no longer works
https://bugs.webkit.org/show_bug.cgi?id=149064

Reviewed by Žan Doberšek.

After a web process crash the new DrawingArea is never resized, so
nothing is rendered into the web view.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseDidRelaunchWebProcess): Queue a widget resize to ensure
the new DrawingAreaProxy is resized.

12:19 AM Changeset in webkit [189853] by achristensen@apple.com
  • 2 edits in trunk/Tools

Fix python syntax after r189851.

  • BuildSlaveSupport/built-product-archive:

(unzipArchive):
For loops need a colon.

12:14 AM Changeset in webkit [189852] by rniwa@webkit.org
  • 2 edits in trunk/LayoutTests

Mac rebaseline after r189841.

  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
12:06 AM Changeset in webkit [189851] by achristensen@apple.com
  • 2 edits in trunk/Tools

Fix Windows test bots after changing to non-cygwin build
https://bugs.webkit.org/show_bug.cgi?id=149196

Reviewed by Daniel Bates.

  • BuildSlaveSupport/built-product-archive:

(unzipArchive):
Using different versions of python makes what I think is https://bugs.python.org/issue15795
prevent us from executing files from the archive on the test bots.

Sep 15, 2015:

11:59 PM Changeset in webkit [189850] by commit-queue@webkit.org
  • 3 edits
    2 deletes in trunk

Unreviewed, rolling out r189847.
https://bugs.webkit.org/show_bug.cgi?id=149208

Asserts on all the tests (Requested by ap on #webkit).

Reverted changeset:

"Simple line layout: Glitch selecting long text."
https://bugs.webkit.org/show_bug.cgi?id=149204
http://trac.webkit.org/changeset/189847

11:49 PM Changeset in webkit [189849] by Sukolsak Sakshuwong
  • 1 edit in trunk/Source/JavaScriptCore/jit/JITOperations.cpp

Build fix for WebAssembly after r189848

  • jit/JITOperations.cpp
11:14 PM Changeset in webkit [189848] by msaboff@apple.com
  • 42 edits
    5 deletes in trunk/Source/JavaScriptCore

Rollout r189774 and 189818.

Broke Speedometer/Full.html

Not reviewed.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/AbortReason.h:
  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::repatchNearCall):
(JSC::AbstractMacroAssembler::repatchCompact):

  • assembler/CodeLocation.h:

(JSC::CodeLocationNearCall::CodeLocationNearCall):
(JSC::CodeLocationCommon::callAtOffset):
(JSC::CodeLocationCommon::nearCallAtOffset):
(JSC::CodeLocationCommon::dataLabelPtrAtOffset):
(JSC::CodeLocationNearCall::callMode): Deleted.

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::locationOf):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::nearCall):
(JSC::MacroAssemblerARM::call):
(JSC::MacroAssemblerARM::linkCall):
(JSC::MacroAssemblerARM::nearTailCall): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::nearCall):
(JSC::MacroAssemblerARM64::ret):
(JSC::MacroAssemblerARM64::linkCall):
(JSC::MacroAssemblerARM64::nearTailCall): Deleted.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::linkCall):
(JSC::MacroAssemblerARMv7::nearTailCall): Deleted.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::nearCall):
(JSC::MacroAssemblerMIPS::call):
(JSC::MacroAssemblerMIPS::linkCall):
(JSC::MacroAssemblerMIPS::repatchCall):
(JSC::MacroAssemblerMIPS::nearTailCall): Deleted.

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::call):
(JSC::MacroAssemblerSH4::nearCall):
(JSC::MacroAssemblerSH4::linkCall):
(JSC::MacroAssemblerSH4::repatchCall):
(JSC::MacroAssemblerSH4::nearTailCall): Deleted.

  • assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::linkCall):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::breakpoint):
(JSC::MacroAssemblerX86Common::nearCall):
(JSC::MacroAssemblerX86Common::nearTailCall): Deleted.

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::linkCall):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::specializationKind):
(JSC::CallLinkInfo::registerPreservationMode):
(JSC::CallLinkInfo::isVarargsCallType): Deleted.
(JSC::CallLinkInfo::callModeFor): Deleted.
(JSC::CallLinkInfo::callMode): Deleted.
(JSC::CallLinkInfo::isTailCall): Deleted.
(JSC::CallLinkInfo::isVarargs): Deleted.

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCallEval):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitConstructVarargs):

  • bytecompiler/NodesCodegen.cpp:

(JSC::CallArguments::CallArguments):
(JSC::LabelNode::emitBytecode):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):

  • interpreter/Interpreter.h:

(JSC::Interpreter::isCallBytecode):

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):
(JSC::CCallHelpers::prepareForTailCallSlow): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emit_op_tail_call): Deleted.
(JSC::JIT::emit_op_tail_call_varargs): Deleted.
(JSC::JIT::emitSlow_op_tail_call): Deleted.
(JSC::JIT::emitSlow_op_tail_call_varargs): Deleted.

  • jit/JITCall32_64.cpp:

(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emitSlow_op_tail_call): Deleted.
(JSC::JIT::emitSlow_op_tail_call_varargs): Deleted.
(JSC::JIT::emit_op_tail_call): Deleted.
(JSC::JIT::emit_op_tail_call_varargs): Deleted.

  • jit/JITInlines.h:

(JSC::JIT::emitNakedCall):
(JSC::JIT::updateTopCallFrame):
(JSC::JIT::emitNakedTailCall): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.cpp:

(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

  • jit/ThunkGenerators.cpp:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::arityFixupGenerator):
(JSC::baselineGetterReturnThunkGenerator):
(JSC::unreachableGenerator): Deleted.

  • jit/ThunkGenerators.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
(JSC::CommonSlowPaths::opIn):

  • tests/stress/mutual-tail-call-no-stack-overflow.js: Removed.
  • tests/stress/tail-call-no-stack-overflow.js: Removed.
  • tests/stress/tail-call-recognize.js: Removed.
  • tests/stress/tail-call-varargs-no-stack-overflow.js: Removed.
  • tests/stress/tail-calls-dont-overwrite-live-stack.js: Removed.
11:07 PM Changeset in webkit [189847] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Simple line layout: Glitch selecting long text.
https://bugs.webkit.org/show_bug.cgi?id=149204
rdar://problem/22646472

Reviewed by Antti Koivisto.

When long text is split into multiple RenderText objects, we ignore renderer boundaries while
collecting wrapping positions (so that we don't end up wrapping unbreakable fragments at the end of each renderer).
This patch ensures that fragments with hypen character ignore renderer boundaries too.

Source/WebCore:

Test: fast/text/multiple-renderers-with-hypen-on-boundary.html

  • rendering/SimpleLineLayoutTextFragmentIterator.cpp:

(WebCore::SimpleLineLayout::TextFragmentIterator::skipToNextPosition):

LayoutTests:

  • fast/text/multiple-renderers-with-hypen-on-boundary-expected.html: Added.
  • fast/text/multiple-renderers-with-hypen-on-boundary.html: Added.
10:49 PM Changeset in webkit [189846] by commit-queue@webkit.org
  • 5 edits in trunk/Source/JavaScriptCore

Implement imported global variables in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149206

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-15
Reviewed by Filip Pizlo.

Values can now be imported to a WebAssembly module through properties of
the imports object that is passed to loadWebAssembly(). In order to
avoid any side effect when accessing the imports object, we check that
the properties are data properties. We also check that each value is a
primitive and is not a Symbol. According to the ECMA262 6.0 spec,
calling ToNumber() on a primitive that is not a Symbol should not cause
any side effect.[1]

[1]: http://www.ecma-international.org/ecma-262/6.0/#sec-tonumber

  • tests/stress/wasm-globals.js:
  • tests/stress/wasm/globals.wasm:
  • wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::parseModule):
(JSC::WASMModuleParser::parseGlobalSection):

  • wasm/WASMModuleParser.h:
9:22 PM Changeset in webkit [189845] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Picking unchanged for font-size does not reset back to the unchanged value
https://bugs.webkit.org/show_bug.cgi?id=148351

Patch by Devin Rousso <Devin Rousso> on 2015-09-15
Reviewed by Brian Burg.

Visual number editors now save any new values in the special placeholder element
to display it whenever the "Unchanged" option is selected by the user.

  • UserInterface/Views/VisualStyleNumberInputBox.js:

(WebInspector.VisualStyleNumberInputBox.prototype.set value):
(WebInspector.VisualStyleNumberInputBox.prototype.set units):
(WebInspector.VisualStyleNumberInputBox.prototype._setNumberInputIsEditable):
(WebInspector.VisualStyleNumberInputBox.prototype._keywordChanged):
(WebInspector.VisualStyleNumberInputBox.prototype._valueNumberInputKeyDown.adjustValue):
(WebInspector.VisualStyleNumberInputBox.prototype._valueNumberInputKeyDown):

8:52 PM Changeset in webkit [189844] by commit-queue@webkit.org
  • 8 edits in trunk/Source/JavaScriptCore

Fix asm.js errors in WebAssembly tests
https://bugs.webkit.org/show_bug.cgi?id=149203

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-15
Reviewed by Geoffrey Garen.

Our WebAssembly implementation uses asm.js for testing. Using Firefox to
parse asm.js reveals many errors that are not caught by pack-asmjs. For
example,

  • asm.js does not allow the use of the multiplication operator (*) to multiply two integers, because the result can be so large that some lower bits of precision are lost. Math.imul is used instead.
  • an int variable must be coerced to either signed (via x|0) or unsigned (via x>>>0) before it's returned.
  • tests/stress/wasm-arithmetic-int32.js:
  • tests/stress/wasm-calls.js:
  • tests/stress/wasm-control-flow.js:
  • tests/stress/wasm-globals.js:
  • tests/stress/wasm-locals.js:
  • tests/stress/wasm-relational.js:
  • tests/stress/wasm/control-flow.wasm:
8:46 PM Changeset in webkit [189843] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

GTK+ build fix attempt after r189841.

  • PlatformGTK.cmake:
8:36 PM Changeset in webkit [189842] by Chris Dumez
  • 14 edits in trunk

Document.createElement(localName) does not handle correctly missing or null parameter
https://bugs.webkit.org/show_bug.cgi?id=149184
<rdar://problem/22565070>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/dom/nodes/Document-createElement-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Document.createElement(localName) does not handle correct missing or
null parameter:

As per the specification, the parameter is a non-nullable DOMString and
is mandatory. Therefore, as per Web IDL, we should have the following
behavior:

  1. If the parameter is missing, we should throw an exception
  2. If the parameter is null, we should convert it to the "null" string and create a <null> element.

Chrome and Firefox behave according to the specification. However,
WebKit was doing:

  1. Create a <undefined> element
  2. Throw an InvalidCharacterError

This patch aligns WebKit's behavior with the specification and other
major browsers.

No new tests, already covered by existing tests.

  • dom/Document.idl:

LayoutTests:

Update / rebaseline existing tests now that our behavior has changed.

  • fast/dom/Document/createElementNS-namespace-err-expected.txt:
  • fast/dom/Document/script-tests/createElementNS-namespace-err.js:
  • fast/dom/dom-method-document-change.html:
  • fast/dom/element-removed-while-inserting-parent-crash.html:
  • fast/inspector-support/uncaught-dom3-exception-expected.txt:
7:40 PM Changeset in webkit [189841] by rniwa@webkit.org
  • 52 edits
    8 adds in trunk

Add ShadowRoot interface and Element.prototype.attachShadow
https://bugs.webkit.org/show_bug.cgi?id=149187

Reviewed by Antti Koivisto.

.:

  • Source/cmake/OptionsGTK.cmake:

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Add back ShadowRoot IDL interface and Element.prototype.attachShadow in accordance with
http://w3c.github.io/webcomponents/spec/shadow/ at db27e6e36eab512d86edcdabb33ed27b5751acd7 excluding getSelection(),
elementFromPoint(), elementsFromPoint(), caretPositionFromPoint(), and styleSheets attribute on ShadowRoot interface.

The feature is enabled by default on Mac and iOS ports for testing and disabled by default elsewhere.

Also added HTMLElement::canHaveUserAgentShadowRoot which returns false by default and overridden elsewhere to return true
to distinguish elements for which attachShadow is supposed to throw NotSupported.
See https://w3c.github.io/webcomponents/spec/shadow/#widl-Element-attachShadow-ShadowRoot-ShadowRootInit-shadowRootInitDict

Tests: fast/shadow-dom/Element-interface-attachShadow.html

fast/shadow-dom/Element-interface-shadowRoot-attribute.html
fast/shadow-dom/ShadowRoot-interface.html

  • CMakeLists.txt:
  • Configurations/FeatureDefines.xcconfig:
  • DerivedSources.cpp:
  • DerivedSources.make:
  • PlatformGTK.cmake:
  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • WebCore.xcodeproj/project.pbxproj:
  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

  • dom/Element.cpp:

(WebCore::Element::bindingsOffsetParent):
(WebCore::Element::offsetParent):
(WebCore::Element::addShadowRoot):
(WebCore::Element::createShadowRoot):
(WebCore::Element::attachShadow): Added.
(WebCore::Element::bindingShadowRoot): Added. Returns null unless the attached shadow root is in the "open" mode.

  • dom/Element.h:
  • dom/Element.idl: Added attachShadow and shadowRoot. We only expose these to JS for now since Dictionary argument isn't

supported by other binding code.

  • dom/ShadowRoot.cpp: Removed an unused enum.
  • dom/ShadowRoot.h:

(WebCore::ShadowRoot::Type): Replaced old-style enum "ShadowRootType" by an enum class named "Type". Also added two new
values Open and Closed for author shadow roots.
(WebCore::ShadowRoot::type):

  • dom/ShadowRoot.idl: Added.
  • html/HTMLButtonElement.h:
  • html/HTMLDetailsElement.h:

(HTMLButtonElement::canHaveUserAgentShadowRoot): Ditto.

  • html/HTMLElement.h:

(WebCore::HTMLElement::canHaveUserAgentShadowRoot): Added. Returns false by default.

  • html/HTMLInputElement.h:
  • html/HTMLKeygenElement.h:
  • html/HTMLMarqueeElement.h:
  • html/HTMLMediaElement.h:
  • html/HTMLMeterElement.h:
  • html/HTMLPlugInElement.h:
  • html/HTMLProgressElement.h:
  • html/HTMLSelectElement.h:
  • html/HTMLSummaryElement.h:
  • html/HTMLTextAreaElement.h:
  • html/shadow/InsertionPoint.h:

(ShadowRootWithInsertionPoints::ShadowRootWithInsertionPoints):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::selectionPseudoStyle):

  • rendering/RenderLayer.cpp:

(WebCore::rendererForScrollbar):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::correspondingUseElement):

  • testing/Internals.cpp:

(WebCore::Internals::shadowRootType):

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

  • wtf/FeatureDefines.h:

Tools:

  • Scripts/webkitperl/FeatureList.pm:

LayoutTests:

Add new tests for Shadow DOM with failing expectations on all platforms but Mac.

  • TestExpectations:
  • fast/shadow-dom: Added.
  • fast/shadow-dom/Element-interface-attachShadow-expected.txt: Added.
  • fast/shadow-dom/Element-interface-attachShadow.html: Added.
  • fast/shadow-dom/Element-interface-shadowRoot-attribute-expected.txt: Added.
  • fast/shadow-dom/Element-interface-shadowRoot-attribute.html: Added.
  • fast/shadow-dom/ShadowRoot-interface-expected.txt: Added.
  • fast/shadow-dom/ShadowRoot-interface.html: Added.
  • js/dom/dom-static-property-for-in-iteration-expected.txt:
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/TestExpectations:
  • platform/mac/js/dom/constructor-length-expected.txt:
7:10 PM Changeset in webkit [189840] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed release fix after r189832

  • platform/graphics/ca/win/PlatformCALayerWin.h: The implementation

should exist in Release builds as well.

7:04 PM Changeset in webkit [189839] by commit-queue@webkit.org
  • 3 edits in trunk/Tools

Appscale queue status json output lacks bots
https://bugs.webkit.org/show_bug.cgi?id=149194
<rdar://problem/22171089>

Patch by Aakash Jain <aakash_jain@apple.com> on 2015-09-15
Reviewed by Alexey Proskuryakov.

  • QueueStatusServer/handlers/queuestatusjson.py:

(QueueStatusJSON._bots): Order the results by date so as to get latest events, this was default in AppEngine.

  • QueueStatusServer/index.yaml: Index according to appscale requirements.
6:54 PM Changeset in webkit [189838] by commit-queue@webkit.org
  • 3 edits in trunk/LayoutTests

[WebGL] Only require that the stencil value and write masks have as many bits set as the stencil buffer is deep
https://bugs.webkit.org/show_bug.cgi?id=149174

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-15
Reviewed by Dean Jackson.

Copied the stencil mask related tests from the webgl/1.0.2/resources/webgl_test_files/conformance/state/gl-get-calls.html.

It seems that there is a difference in the way that glGetIntegerV returns an unsigned int type value among
OpenGL implementatios. Some return the whole bits of value(e.g., 0xffffffff -> 0xffffffff), whereas some(e.g., ANGLE)
return a max-int-clamped value(e.g., 0xffffffff -> 0x7fffffff).

It would be good to make this test independent on the OpenGL implementations.

  • fast/canvas/webgl/gl-get-calls-expected.txt:
  • fast/canvas/webgl/gl-get-calls.html:
6:34 PM Changeset in webkit [189837] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

[EFL] Unreviewed gardening 16th Sep.

Mark fast/css, fast/form tests to failure. Besides some tests of imported/w3c/web-platform-tests/html
are marked to pass on EFL port.

  • platform/efl/TestExpectations:
6:31 PM Changeset in webkit [189836] by benjamin@webkit.org
  • 6 edits
    6 adds in trunk

Style invalidation affecting siblings does not work with inline-style changes
https://bugs.webkit.org/show_bug.cgi?id=149189

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-15
Reviewed by Antti Koivisto.

Source/WebCore:

Style::resolveTree() made the assumption that inline style changes only affect
descendants and should not participate in "StyleRecalcAffectsNextSiblingElementStyle".
That was wrong. If the inline style change through CSSOM, it can cause the creation
of a style attribute, which is observable through "StyleRecalcAffectsNextSiblingElementStyle".

This patch removes the incorrect assumption. Style invalidation is always propagated now.

Tests: fast/css/style-attribute-invalidation-propagates-to-counted-siblings.html

fast/css/style-attribute-invalidation-propagates-to-direct-siblings.html
fast/css/style-attribute-invalidation-propagates-to-indirect-siblings.html

  • css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::InlineCSSStyleDeclaration::didMutate): Deleted.

  • dom/StyledElement.cpp:

(WebCore::StyledElement::inlineStyleChanged):

  • dom/StyledElement.h:

(WebCore::StyledElement::invalidateStyleAttribute):
Clean up inline-style invalidation a tiny bit.

  • style/StyleResolveTree.cpp:

(WebCore::Style::resolveTree):
Fix the bug.

LayoutTests:

  • fast/css/style-attribute-invalidation-propagates-to-counted-siblings-expected.txt: Added.
  • fast/css/style-attribute-invalidation-propagates-to-counted-siblings.html: Added.
  • fast/css/style-attribute-invalidation-propagates-to-direct-siblings-expected.txt: Added.
  • fast/css/style-attribute-invalidation-propagates-to-direct-siblings.html: Added.
  • fast/css/style-attribute-invalidation-propagates-to-indirect-siblings-expected.txt: Added.
  • fast/css/style-attribute-invalidation-propagates-to-indirect-siblings.html: Added.
6:14 PM Changeset in webkit [189835] by Wenson Hsieh
  • 2 edits in trunk/Websites/webkit.org

Add anchor tags for scroll snapping examples.

  • demos/scroll-snap/index.html: Added anchor tags.
6:03 PM Changeset in webkit [189834] by commit-queue@webkit.org
  • 12 edits in trunk/Source

Web Inspector: Paused Debugger prevents page reload
https://bugs.webkit.org/show_bug.cgi?id=148174

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-15
Reviewed by Brian Burg.

Source/JavaScriptCore:

  • debugger/Debugger.h:

(JSC::Debugger::suppressAllPauses):
(JSC::Debugger::setSuppressAllPauses):

  • debugger/Debugger.cpp:

(JSC::Debugger::Debugger):
(JSC::Debugger::pauseIfNeeded):

  • inspector/agents/InspectorDebuggerAgent.h:
  • inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::setSuppressAllPauses):
Provide a way to suppress pauses.

Source/WebCore:

When navigating the page while paused, suppress any pausing until the page
has completed navigation. If not paused and navigating, you can still pause
in pagehide and unload handlers or other late page events.

Could not write a reliable test for this at the moment.
InspectorTest.reloadPage has multiple issues with the output,
so I'll investigate making reload tests more reliable later.

  • inspector/InspectorController.h:
  • inspector/InspectorController.cpp:

(WebCore::InspectorController::resume): Deleted.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
We now use existing InspectorInstrumentation functions instead of a method
on InspectorController during load. In dropping the method InspectorController
can drop a member variable no longer used.

  • inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::willStartProvisionalLoad):
Add a new instrumentation hook.

  • inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::willStartProvisionalLoadImpl):
(WebCore::InspectorInstrumentation::didCommitLoadImpl):
When starting or completing main frame navigations, let the PageDebuggerAgent do some work.

  • inspector/PageDebuggerAgent.h:
  • inspector/PageDebuggerAgent.cpp:

(WebCore::PageDebuggerAgent::mainFrameStartedLoading):
(WebCore::PageDebuggerAgent::mainFrameStoppedLoading):
(WebCore::PageDebuggerAgent::mainFrameNavigated):
Suppress pausing if navigating while paused. Otherwise behave as normal.

6:00 PM Changeset in webkit [189833] by Brent Fulgham
  • 17 edits in trunk

[Win] Provide a means for viewing the layer tree
https://bugs.webkit.org/show_bug.cgi?id=149165

Reviewed by Simon Fraser.

Source/WebCore:

Revise the old fprintf logic to generate a string
containing the layer tree so that it can be output
to the debugger (or elsewhere).

  • platform/graphics/ca/PlatformCALayer.h: Rename 'printTree'

to 'printLayerTree', and make it available in release builds.

  • platform/graphics/ca/win/CACFLayerTreeHost.cpp:

(WebCore::CACFLayerTreeHost::printLayerTree): Added. Calls into
the PlatformCALayer implementation.

  • platform/graphics/ca/win/CACFLayerTreeHost.h:
  • platform/graphics/ca/win/PlatformCALayerWin.cpp:

(printIndent): Revise to use two-space indent and use StringBuilder.
(printTransform): Ditto.
(printColor): Added helper function.
(printLayer): Revised to output information on the layer contents.
(PlatformCALayerWin::printLayerTree): Renamed from 'printTree'.
(PlatformCALayerWin::printTree): Deleted.

  • platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:

(PlatformCALayerWinInternal::drawRepaintCounters): Drive-by fix. Match the
cocoa repaint counter logic by not painting counters for the layers that
contain the tile grid.

  • platform/graphics/ca/win/PlatformCALayerWin.h:
  • platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:

(PlatformCALayerWinInternal::drawRepaintCounters):

Source/WebKit/win:

Add a new WebView method "printLayerTree" so that clients
can get a string dump of the current layer tree. Add this
to a new COM interface version so no existing clients break
compatibility.

  • Interfaces/IWebViewPrivate.idl:
  • WebView.cpp:

(WebView::QueryInterface): Recognize the new interface version.
(WebView::printLayerTree): Added. This just calls the WebCore
implementation.

  • WebView.h:

Tools:

Update MiniBrowser with a new Debug menu option that will
dump the current layer tree to the debug console.

  • MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLib.rc:
  • MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibResource.h:
  • MiniBrowser/win/Common.cpp:

(WndProc): Add handler for 'Print Layer Tree' menu option.

  • MiniBrowser/win/MiniBrowser.cpp:

(MiniBrowser::printLayerTree): Added Handler.

  • MiniBrowser/win/MiniBrowser.h:
5:30 PM Changeset in webkit [189832] by mmaxfield@apple.com
  • 6 edits
    2 adds in trunk

Nested isolates can cause an infinite loop when laying out bidi runs
https://bugs.webkit.org/show_bug.cgi?id=149153

Reviewed by David Hyatt.

Source/WebCore:

When traversing bidi runs, we might encounter a run which is supposed to be isolated. In this
situation, we will append a placeholder run in the run list, and remember a pointer to these
isolated runs inside BidiResolver. Then, once we're done traversing the bidi runs, we return
to the isolated runs and handle them separately (and replace the placeholder with the result).

However, due to the fact that our BidiRuns start at leaf nodes, we have to keep track of which
local root of the render tree we were inspecting (to ensure that we visit the same node
multiple times if there are nested isolate spans). We were not correctly keeping track of this
local root, which was leading us to consider the same root multiple times, thereby leading to
an infinite loop.

The solution is simply to keep root information alongside the isolated run information inside
BidiResolver. However, BidiResolver is inside platform/, which means that this new type should
be a template argument, just like how BidiRun itself is a template argument.

This new type, BidiIsolatedRun, holds all the information that our isolate-revisiting logic
needs inside constructBidiRunsForSegment(). It also holds a reference to the placeholder run
which we will replace.

Test: fast/text/international/unicode-bidi-isolate-nested-crash.html

  • platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContext::drawBidiText): BidiIsolatedRun template argument is unused, so pass
in Void.

  • platform/text/BidiResolver.h: Add template argument.

(WebCore::BidiResolver::isolatedRuns):
(WebCore::IsolatedRun>::~BidiResolver):
(WebCore::IsolatedRun>::appendRun):
(WebCore::IsolatedRun>::embed):
(WebCore::IsolatedRun>::checkDirectionInLowerRaiseEmbeddingLevel):
(WebCore::IsolatedRun>::lowerExplicitEmbeddingLevel):
(WebCore::IsolatedRun>::raiseExplicitEmbeddingLevel):
(WebCore::IsolatedRun>::commitExplicitEmbedding):
(WebCore::IsolatedRun>::updateStatusLastFromCurrentDirection):
(WebCore::IsolatedRun>::reorderRunsFromLevels):
(WebCore::IsolatedRun>::createBidiRunsForLine):
(WebCore::IsolatedRun>::setMidpointForIsolatedRun): Use references instead of pointers.
(WebCore::IsolatedRun>::midpointForIsolatedRun): Ditto.
(WebCore::Run>::~BidiResolver): Deleted.
(WebCore::Run>::appendRun): Deleted.
(WebCore::Run>::embed): Deleted.
(WebCore::Run>::checkDirectionInLowerRaiseEmbeddingLevel): Deleted.
(WebCore::Run>::lowerExplicitEmbeddingLevel): Deleted.
(WebCore::Run>::raiseExplicitEmbeddingLevel): Deleted.
(WebCore::Run>::commitExplicitEmbedding): Deleted.
(WebCore::Run>::updateStatusLastFromCurrentDirection): Deleted.
(WebCore::Run>::reorderRunsFromLevels): Deleted.
(WebCore::Run>::createBidiRunsForLine): Deleted.
(WebCore::Run>::setMidpointForIsolatedRun): Deleted.
(WebCore::Run>::midpointForIsolatedRun): Deleted.

  • rendering/InlineIterator.h:

(WebCore::BidiIsolatedRun::BidiIsolatedRun): New type.
(WebCore::addPlaceholderRunForIsolatedInline): Create new type, and include local root
information.
(WebCore::IsolateTracker::addFakeRunIfNecessary): Include local root information.
(WebCore::InlineBidiResolver::appendRun): Ditto.

  • rendering/RenderBlockLineLayout.cpp: Update for new BidiIsolatedRun type.

(WebCore::setUpResolverToResumeInIsolate):
(WebCore::constructBidiRunsForSegment):

  • rendering/line/TrailingObjects.h:

LayoutTests:

  • fast/text/international/unicode-bidi-isolate-nested-crash-expected.html: Added.
  • fast/text/international/unicode-bidi-isolate-nested-crash.html: Added.
5:19 PM Changeset in webkit [189831] by beidson@apple.com
  • 10 edits
    2 copies
    1 add in trunk/Source

Add empty IDBFactory implementation for Modern IDB.
https://bugs.webkit.org/show_bug.cgi?id=149191

Reviewed by Jer Noble.

Source/WebCore:

No new tests (No behavior change).

  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:

(WebCore::DOMWindowIndexedDatabase::indexedDB):

  • Modules/indexeddb/client/IDBFactoryImpl.cpp:

(WebCore::IDBClient::IDBFactory::create):
(WebCore::IDBClient::IDBFactory::IDBFactory):
(WebCore::IDBClient::IDBFactory::getDatabaseNames):
(WebCore::IDBClient::IDBFactory::open):
(WebCore::IDBClient::IDBFactory::deleteDatabase):
(WebCore::IDBClient::IDBFactory::cmp):

  • Modules/indexeddb/client/IDBFactoryImpl.h:
  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • loader/EmptyClients.cpp:
  • page/DatabaseProvider.h:

Source/WebKit:

  • Storage/WebDatabaseProvider.h:

Source/WebKit2:

  • WebProcess/Databases/WebDatabaseProvider.h:
5:16 PM Changeset in webkit [189830] by Antti Koivisto
  • 61 edits in trunk/Source

Split FontDescription into lower and higher level types
https://bugs.webkit.org/show_bug.cgi?id=149036

Reviewed by Darin Adler.

Currently FontDescription is used through the text subsystem. However much of the data it
carries is only needed by FontCascade and text layout but not by the lower level Font/FontCache
layer. This makes code confusing. For example families specified in FontDescription are ignored
at lower levels.

Split it into a low level FontDescription and a high level FontCascadeDescription type:

FontDescription <-> Font
FontCascadeDescription <-> FontCascade

The former only carries information that is needed to instantiate a Font or fetch it from the FontCache.
The latter has additional data for CSS font cascade semantics and other higher level features.

5:05 PM Changeset in webkit [189829] by mmaxfield@apple.com
  • 4 edits in trunk/Source/WebCore

GraphicsContext::drawBidiText()'s BidiResolver should not have isolated runs
https://bugs.webkit.org/show_bug.cgi?id=149193

Reviewed by Anders Carlsson.

There are two users of BidiResolver, one which needs isolated runs (in RenderBlockLineLayout) and
one which doesn't (in GraphicsContext::drawBidiText()). Because of [1], the isolated runs vector
is migrating to a new type outside of platform/. Therefore, only the first user of BidiResolver
should have this member variable.

This is achieved by creating two subclasses of BidiResolver, and using the Curiously Repeating
Template pattern to downcast into specializations.

[1] https://bugs.webkit.org/show_bug.cgi?id=149153

No new tests because there is no behavior change.

  • platform/text/BidiResolver.h:

(WebCore::BidiResolverBase::BidiResolverBase):
(WebCore::BidiResolverBase::increment):
(WebCore::BidiResolverBase::appendRun):
(WebCore::BidiResolverBase::incrementInternal):
(WebCore::IsolateRun>::~BidiResolverWithIsolate):
(WebCore::Subclass>::appendRunInternal):
(WebCore::Subclass>::embed):
(WebCore::Subclass>::checkDirectionInLowerRaiseEmbeddingLevel):
(WebCore::Subclass>::lowerExplicitEmbeddingLevel):
(WebCore::Subclass>::raiseExplicitEmbeddingLevel):
(WebCore::Subclass>::commitExplicitEmbedding):
(WebCore::Subclass>::updateStatusLastFromCurrentDirection):
(WebCore::Subclass>::reorderRunsFromLevels):
(WebCore::Subclass>::createBidiRunsForLine):
(WebCore::Subclass>::setMidpointForIsolatedRun):
(WebCore::Subclass>::midpointForIsolatedRun):
(WebCore::BidiResolver::BidiResolver): Deleted.
(WebCore::BidiResolver::increment): Deleted.
(WebCore::BidiResolver::isolatedRuns): Deleted.
(WebCore::Run>::~BidiResolver): Deleted.
(WebCore::Run>::appendRun): Deleted.
(WebCore::Run>::embed): Deleted.
(WebCore::Run>::checkDirectionInLowerRaiseEmbeddingLevel): Deleted.
(WebCore::Run>::lowerExplicitEmbeddingLevel): Deleted.
(WebCore::Run>::raiseExplicitEmbeddingLevel): Deleted.
(WebCore::Run>::commitExplicitEmbedding): Deleted.
(WebCore::Run>::updateStatusLastFromCurrentDirection): Deleted.
(WebCore::Run>::reorderRunsFromLevels): Deleted.
(WebCore::Run>::createBidiRunsForLine): Deleted.
(WebCore::Run>::setMidpointForIsolatedRun): Deleted.
(WebCore::Run>::midpointForIsolatedRun): Deleted.

  • rendering/InlineIterator.h:

(WebCore::InlineBidiResolver::incrementInternal):
(WebCore::InlineBidiResolver::appendRunInternal):
(WebCore::InlineBidiResolver::increment): Deleted.
(WebCore::InlineBidiResolver::appendRun): Deleted.

  • rendering/line/TrailingObjects.h:
4:44 PM Changeset in webkit [189828] by BJ Burg
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: command-click in NewTabContentView should open new tab without switching to it
https://bugs.webkit.org/show_bug.cgi?id=149173

Reviewed by Joseph Pecoraro.

To allow a user to quickly restore tabs, it should be possible to command-click
all the tabs that are desired without going back through the [+] tab button.

  • UserInterface/Base/Main.js:

(WebInspector.createNewTabWithType): Renamed.

Use an options object and split creating the tab from deleting the
replaced tab and showing the new tab. Add better error checking.

(WebInspector.createNewTab): Deleted.

  • UserInterface/Views/NewTabContentView.js:

(WebInspector.NewTabContentView):
(WebInspector.NewTabContentView.prototype._createNewTabWithType): Renamed.

If the meta key is pressed, don't switch to the new tab or remove this view
unless there are no more tabs that can be created beyond the current one.

(WebInspector.NewTabContentView.prototype._allowableTabTypes): Added.
(WebInspector.NewTabContentView.prototype._createNewTab): Deleted.

4:03 PM WebKitGTK/2.8.x edited by clopez@igalia.com
(diff)
3:10 PM Changeset in webkit [189827] by Chris Dumez
  • 6 edits in trunk

new Event() without parameter should throw
https://bugs.webkit.org/show_bug.cgi?id=149146
<rdar://problem/22565070>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C test now that a new check is passing.

  • web-platform-tests/dom/events/Event-constructors-expected.txt:

Source/WebCore:

new Event() without parameter should throw because the type parameter
is mandatory as per the specification:
https://dom.spec.whatwg.org/#interface-event

Both Firefox and Chrome throw in this case. However, WebKit was
creating an event whose type is the string "undefined". This patch
aligns our behavior with the specification and other major browsers.

No new tests, already covered by existing test.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition):

  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::constructJSTestEventConstructor):

2:50 PM Changeset in webkit [189826] by clopez@igalia.com
  • 2 edits in trunk/Source/WebCore

[GTK] Build failure with ACCELERATED_2D_CANVAS when cairo-gl has built with OpenGLESv2 support only.
https://bugs.webkit.org/show_bug.cgi?id=149172

Reviewed by Martin Robinson.

No new tests, no behavior change.

  • platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::cairoDevice):

2:39 PM Changeset in webkit [189825] by Chris Dumez
  • 11 edits in trunk

Element.getAttributeNS() should return null if the attribute does not exist
https://bugs.webkit.org/show_bug.cgi?id=149180
<rdar://problem/22561011>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C DOM tests now that more checks are passing.

  • web-platform-tests/dom/nodes/attributes-expected.txt:
  • web-platform-tests/dom/nodes/case-expected.txt:

Source/WebCore:

Element.getAttributeNS() should return null if the attribute does not
exist, similarly to what Element.getAttribute() does:

Firefox and Chrome match the specification. However, WebKit was returning
an empty string for getAttributeNS() and null for getAttribute(). This
patch aligns WebKit's behavior with the specification and other browsers.

No new tests, already covered by existing tests.

  • dom/Element.idl:

LayoutTests:

Rebaseline / update existing tests now that our behavior has changed.

  • fast/dom/Element/attribute-uppercase-expected.txt:
  • fast/dom/Element/mozilla-dom-base-tests/test_bug1075702-expected.txt:
  • fast/dom/Element/mozilla-dom-base-tests/test_bug1075702.html:
  • fast/dom/Element/setAttributeNode-overriding-lowercase-values-1-expected.txt:
  • fast/dom/Element/setAttributeNode-overriding-lowercase-values-2-expected.txt:
2:31 PM Changeset in webkit [189824] by rniwa@webkit.org
  • 11 edits in trunk/Source/WebCore

ContentDistribution should be only used for details elements
https://bugs.webkit.org/show_bug.cgi?id=149148

Reviewed by Antti Koivisto.

Extracted ShadowRootWithInsertionPoints out of ShadowRoot for HTMLDetailsElement and HTMLSummaryElement.

We don't add a separate .h and .cpp files since this is a temporary measure until we replace it with
a slot-based shadow DOM implementation.

No new tests. There should be no observable behavioral change.

  • dom/Element.cpp:

(WebCore::Element::addShadowRoot): Removed the call to didShadowBoundaryChange since this function is only
called in ensureUserAgentShadowRoot. Also moved the call to didAddUserAgentShadowRoot for
HTMLDetailsElement's shadow root which uses this function instead of ensureUserAgentShadowRoot.
(WebCore::Element::removeShadowRoot): Removed the call to invalidateDistribution since it's only called by
~Element.
(WebCore::Element::createShadowRoot):
(WebCore::Element::ensureUserAgentShadowRoot): Moved the call didAddUserAgentShadowRoot into addShadowRoot
since HTMLDetailsElement uses a subclass of ShadowRoot.
(WebCore::Element::childrenChanged):
(WebCore::Element::removeAllEventListeners):

  • dom/Element.h:

(Element::addShadowRoot): Made this function a protected member as it's now used by HTMLDetailsElement.

  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::childrenChanged): Deleted.

  • dom/ShadowRoot.h:

(WebCore::ShadowRoot::distributor): Made this a virtual function and return nullptr by default.
(WebCore::ShadowRoot::isOrphan):

  • html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::create): Uses ShadowRootWithInsertionPoints instead of ShadowRoot.

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::runPostTypeUpdateTasks): Removed the call to invalidateDistribution since it's
only relevant for HTMLDetailsElement's shadow DOM.

  • html/HTMLSummaryElement.cpp:

(WebCore::HTMLSummaryElement::create): Uses ShadowRootWithInsertionPoints instead of ShadowRoot.

  • html/shadow/ContentDistributor.cpp:

(WebCore::ContentDistributor::distribute):
(WebCore::ContentDistributor::ensureDistribution):
(WebCore::ContentDistributor::invalidateDistribution):

  • html/shadow/InsertionPoint.cpp:

(WebCore::InsertionPoint::childrenChanged):
(WebCore::InsertionPoint::insertedInto):
(WebCore::InsertionPoint::removedFrom):
(WebCore::findInsertionPointOf):
(WebCore::ShadowRootWithInsertionPoints::childrenChanged): Moved from ShadowRoot.

  • html/shadow/InsertionPoint.h:

(WebCore::ShadowRootWithInsertionPoints::create): Added.
(WebCore::ShadowRootWithInsertionPoints::ShadowRootWithInsertionPoints): Added.

1:42 PM Changeset in webkit [189823] by Chris Dumez
  • 3 edits in trunk/LayoutTests

Unreviewed, rebaseline several W3C HTML tests on iOS after r189762.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/interfaces-expected.txt:
1:00 PM Changeset in webkit [189822] by commit-queue@webkit.org
  • 12 edits in trunk/Source/JavaScriptCore

Implement calls to JavaScript functions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149093

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-15
Reviewed by Filip Pizlo.

This patch implements calls to JavaScript functions in WebAssembly.
WebAssembly functions can only call JavaScript functions that are
imported to their module via an object that is passed into
loadWebAssembly(). References to JavaScript functions are resolved at
the module's load time, just like asm.js.

  • jsc.cpp:

(GlobalObject::finishCreation):
(functionLoadWebAssembly):

  • tests/stress/wasm-calls.js:
  • tests/stress/wasm/calls.wasm:
  • wasm/JSWASMModule.cpp:

(JSC::JSWASMModule::visitChildren):

  • wasm/JSWASMModule.h:

(JSC::JSWASMModule::importedFunctions):

  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildCallImport):

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseCallImport):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildCallInternal):
(JSC::WASMFunctionSyntaxChecker::buildCallImport):
(JSC::WASMFunctionSyntaxChecker::updateTempStackHeightForCall):

  • wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::WASMModuleParser):
(JSC::WASMModuleParser::parse):
(JSC::WASMModuleParser::parseModule):
(JSC::WASMModuleParser::parseFunctionImportSection):
(JSC::WASMModuleParser::getImportedValue):
(JSC::parseWebAssembly):

  • wasm/WASMModuleParser.h:
12:56 PM Changeset in webkit [189821] by Brent Fulgham
  • 11 edits
    2 adds in trunk/Source/WebCore

[Win] Tiled drawing is rendering more times than it should
https://bugs.webkit.org/show_bug.cgi?id=149144
<rdar://problem/22313905>

Reviewed by Simon Fraser.

Provide a more faithful implemenation of the Objective C tiled drawing logic.
(1) Create a new WebTiledBackingLayerWin class that represents a the

container of tiles. This matches the Objective C design.

(2) Move implementation of several methods (e.g., isOpaque) to the internal

class implementation so that the Tile Drawing logic can perform special
handling in these cases.

(3) Remove the duplicated Tiled Drawing logic from PlatformCALayerWinInternal,

since it was just duplicating code in TileController and TileGrid.

(4) Clean up the display callback code to avoid performing incorrect flipping

of the coordinate system.

  • PlatformAppleWin.cmake: Add new WebTiledBackingLayerWin file.
  • WebCore.vcxproj/WebCore.vcxproj: Add the new WebTiledBackingLayerWin files.
  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • platform/graphics/ca/PlatformCALayer.cpp:

(PlatformCALayer::flipContext): Added convenience method.
(PlatformCALayer::drawRepaintIndicator): Ditto.

  • platform/graphics/ca/TileGrid.cpp:

(TileGrid::platformCALayerPaintContents): Flip the context before drawing the repaint
indicator on Windows.

  • platform/graphics/ca/win/PlatformCALayerWin.cpp:

(PlatformCALayerWin::PlatformCALayerWin): Create a WebTiledBackingLayerWin
object if using tiled drawing.
(PlatformCALayerWin::~PlatformCALayerWin):
(PlatformCALayerWin::isOpaque): Move implementation to internal class.
(PlatformCALayerWin::setOpaque): Ditto.
(PlatformCALayerWin::setBorderWidth): Ditto.
(PlatformCALayerWin::setBorderColor): Ditto.
(PlatformCALayerWin::contentsScale): Ditto.
(PlatformCALayerWin::setContentsScale): Ditto.
(PlatformCALayerWin::cornerRadius): Ditto.
(PlatformCALayerWin::tiledBacking): Ditto.
(PlatformCALayerWin::drawTextAtPoint): New helper method to draw repaint counter
text. Needed to work around bug in CG.

  • platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:

(PlatformCALayerWinInternal::PlatformCALayerWinInternal): Remove tiling-logic
related member variables.
(PlatformCALayerWinInternal::~PlatformCALayerWinInternal):
(shouldInvertBeforeDrawingContent): Added convenience method.
(shouldInvertBeforeDrawingRepaintCounters): Ditto.
(PlatformCALayerWinInternal::displayCallback):
(PlatformCALayerWinInternal::drawRepaintCounters): Helper method to
share code between the two layer classes.
(PlatformCALayerWinInternal::internalSetNeedsDisplay): use nullptr.
(PlatformCALayerWinInternal::setNeedsDisplay): Ditto.
(PlatformCALayerWinInternal::setNeedsDisplayInRect): Move tiled code
to WebTiledBackingLayerWin and simplify the remaing code.
(PlatformCALayerWinInternal::setSublayers): Remove tile code.
(PlatformCALayerWinInternal::getSublayers): Ditto.
(PlatformCALayerWinInternal::removeAllSublayers): Ditto.
(PlatformCALayerWinInternal::insertSublayer): Ditto.
(PlatformCALayerWinInternal::sublayerCount): Ditto.
(PlatformCALayerWinInternal::indexOfSublayer): Ditto.
(PlatformCALayerWinInternal::sublayerAtIndex): Ditto.
(PlatformCALayerWinInternal::setBounds): Ditto.
(PlatformCALayerWinInternal::setFrame): Ditto.
(PlatformCALayerWinInternal::isOpaque): Ditto.
(PlatformCALayerWinInternal::setOpaque): Ditto.
(PlatformCALayerWinInternal::contentsScale): Ditto.
(PlatformCALayerWinInternal::setContentsScale): Ditto.
(PlatformCALayerWinInternal::setBorderWidth): Ditto.
(PlatformCALayerWinInternal::setBorderColor): Ditto.
(layerTypeIsTiled): Deleted.
(PlatformCALayerWinInternal::constrainedSize): Deleted.
(PlatformCALayerWinInternal::tileDisplayCallback): Deleted.
(PlatformCALayerWinInternal::addTile): Deleted.
(PlatformCALayerWinInternal::removeTile): Deleted.
(PlatformCALayerWinInternal::tileAtIndex): Deleted.
(PlatformCALayerWinInternal::tileCount): Deleted.
(PlatformCALayerWinInternal::updateTiles): Deleted.
(PlatformCALayerWinInternal::drawTile): Deleted.
(PlatformCALayerWinInternal::createTileController): Deleted.
(PlatformCALayerWinInternal::tiledBacking): Deleted.

  • platform/graphics/ca/win/PlatformCALayerWinInternal.h:

(WebCore::PlatformCALayerWinInternal::owner):

  • platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: Added.

(WebTiledBackingLayerWin::WebTiledBackingLayerWin):
(WebTiledBackingLayerWin::~WebTiledBackingLayerWin):
(DisplayOnMainThreadContext::DisplayOnMainThreadContext):
(redispatchOnMainQueue):
(WebTiledBackingLayerWin::displayCallback):
(WebTiledBackingLayerWin::setNeedsDisplay):
(WebTiledBackingLayerWin::setNeedsDisplayInRect):
(WebTiledBackingLayerWin::setBounds):
(WebTiledBackingLayerWin::isOpaque):
(WebTiledBackingLayerWin::setOpaque):
(WebTiledBackingLayerWin::contentsScale):
(WebTiledBackingLayerWin::setContentsScale):
(WebTiledBackingLayerWin::setBorderWidth):
(WebTiledBackingLayerWin::setBorderColor):
(WebTiledBackingLayerWin::createTileController):
(WebTiledBackingLayerWin::tiledBacking):
(WebTiledBackingLayerWin::invalidate):

  • platform/graphics/ca/win/WebTiledBackingLayerWin.h: Added.
12:47 PM Changeset in webkit [189820] by Csaba Osztrogonác
  • 3 edits in trunk/Source/JavaScriptCore

Fix the !ENABLE(DFG_JIT) build after r188696
https://bugs.webkit.org/show_bug.cgi?id=149158

Reviewed by Yusuke Suzuki.

  • bytecode/GetByIdStatus.cpp:
  • bytecode/GetByIdStatus.h:
12:26 PM Changeset in webkit [189819] by commit-queue@webkit.org
  • 5 edits in trunk/Source/JavaScriptCore

functions that use try/catch will allocate a top level JSLexicalEnvironment even when it is not necessary
https://bugs.webkit.org/show_bug.cgi?id=148169

Patch by Saam barati <sbarati@apple.com> on 2015-09-15
Reviewed by Geoffrey Garen.

We used to do this before we had proper lexical scoping
in the bytecode generator. There is absolutely no reason
why need to allocate a top-level "var" activation when a
function/program uses a "catch" block.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::incConstants):
(JSC::ASTBuilder::usesThis):
(JSC::ASTBuilder::usesArguments):
(JSC::ASTBuilder::usesWith):
(JSC::ASTBuilder::usesEval):
(JSC::ASTBuilder::usesCatch): Deleted.

  • parser/Nodes.h:

(JSC::ScopeNode::isStrictMode):
(JSC::ScopeNode::setUsesArguments):
(JSC::ScopeNode::usesThis):
(JSC::ScopeNode::needsActivation):
(JSC::ScopeNode::hasCapturedVariables):
(JSC::ScopeNode::captures):
(JSC::ScopeNode::needsActivationForMoreThanVariables): Deleted.

  • parser/ParserModes.h:
  • runtime/Executable.h:

(JSC::ScriptExecutable::usesEval):
(JSC::ScriptExecutable::usesArguments):
(JSC::ScriptExecutable::needsActivation):
(JSC::ScriptExecutable::isStrictMode):
(JSC::ScriptExecutable::ecmaMode):

12:00 PM Changeset in webkit [189818] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r189774): CLoop doesn't build after r189774
https://bugs.webkit.org/show_bug.cgi?id=149171

Unreviewed build fix for the C Loop.

Added needed C Loop label opcodes.

  • bytecode/BytecodeList.json:
11:38 AM Changeset in webkit [189817] by hyatt@apple.com
  • 11 edits
    13 adds in trunk

[New Block-Inside-Inline Model] Implement margin collapsing across contiguous anonymous inline blocks.
https://bugs.webkit.org/show_bug.cgi?id=149132

Reviewed by Zalan Bujtas.

Source/WebCore:

Added new tests inside fast/block/inside-inlines/

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::anonymousInlineBlock):
Change this accessor to be more robust and be willing to both recur (in case we ever do decide intermediate line boxes should exist)
and to type check. This is not currently needed, but I'm just being paranoid and future proof.

(WebCore::InlineFlowBox::addToLine):
Again, for thoroughness, I am making sure to propagate the hasAnonymousInlineBlock() bit through to parents. This is only needed
if we build intermediate line boxes for lines with anonymous inline blocks.

(WebCore::InlineFlowBox::placeBoxesInBlockDirection):
Anonymous inline blocks receive a layout via layoutBlockChild, in order to make sure that margin collapsing runs. This means
that unlike other line objects, the position of the child has been determined already. Therefore we simply set the position
of the line box that wraps the anonymous inline block to the already-computed position for that block.

Also patch the code that sets lineTop and lineBottom using the root box's dimensions. We don't really care about the root line
box on anonymous inline block lines and just want to set lineTop and lineBottom to fit the anonymous inline block.

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::collapseMargins):
(WebCore::RenderBlockFlow::collapseMarginsWithChildInfo):
Refactor collapseMargins to call a helper function that can pass in a previous "sibling", and that can handle the child
being null. We do this to perform a margin collapse when anonymous inline blocks run up against regular lines (which is like
collapsing with a sibling block "child").

  • rendering/RenderBlockFlow.h:

Tweak the MarginInfo constructor to take a const RenderBlockFlow. Tweak some line layout methods to pass in the LineLayoutState
so that MarginInfo is available during line layout.

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::createLineBoxes):
When we create a new line box, if it is not an anonymous inline block line and our previous line was, simulate a margin
collapse in order to possibly push the line box down or up. Re-use the pagination adjustment code to rewind line layout
and perform it again if pushed below a float.

(WebCore::constructBidiRunsForSegment):
(WebCore::RenderBlockFlow::layoutRunsAndFloats):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::layoutLineBoxes):
(WebCore::RenderBlockFlow::determineStartPosition):
(WebCore::RenderBlockFlow::matchedEndLine):
(WebCore::RenderBlockFlow::updateRegionForLine):
(WebCore::RenderBlockFlow::marginCollapseLinesFromStart):
Patch line layout to run margin collapsing when anonymous inline blocks are encountered. This involves making sure
margin info and float bottom positions are passed through so that layoutBlockChild can be properly called on
anonymous inline blocks that we encounter.

In addition line layout when it syncs dirty lines has to run margin collapsing on earlier lines in order to make
sure margin info is properly set up at the first dirty line position.

Note that there will be more improvements/changes in this area (dirty line syncing), as the current model is inefficient
when many anonymous inline blocks are scattered throughout a large-scale line box tree.

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::alignBoxesInBlockDirection):
(WebCore::RootInlineBox::ascentAndDescentForBox):
Make sure to rely on the block layout code for the placement of the boxes themselves. Set up the line box code to not have
an effect on ascent/descent.

  • rendering/line/BreakingContext.h:

(WebCore::BreakingContext::BreakingContext):
(WebCore::BreakingContext::handleReplaced):
When we encounter an anonymous inline block, lay it out when it is seen. We have to delay the layout, since we have
to be able to perform it mid-line-layout when the containing block's logical height is at the correct value and all previous
lines are placed. Margin info also has to be current.

  • rendering/line/LineBreaker.cpp:
  • rendering/line/LineBreaker.h:

Patched to pass LineLayoutState through so that the stuff we need to perform block layout is available (margin info and float vars).

  • rendering/line/LineLayoutState.h:

Add the block layout margin and float bottom information to the line layout state so that we have it available when performing
layouts and margin collapses on anonymous inline block children.

LayoutTests:

  • fast/block/inside-inlines/new-model/margin-collapse: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/001-expected.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/001.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/002-expected.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/002.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/003-expected.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/003.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/004-expected.html: Added.
  • fast/block/inside-inlines/new-model/margin-collapse/004.html: Added.
11:36 AM Changeset in webkit [189816] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Watch Expressions uncaught exceptions on page reload
https://bugs.webkit.org/show_bug.cgi?id=149150

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-15
Reviewed by Brian Burg.

Instead of waiting 50ms to Resume, when the page navigates
Resume immediately. This ensures nobody is using a stale
activeCallFrame after the navigation.

Also clean up the manager a bit by removing some deletes.

  • UserInterface/Controllers/DebuggerManager.js:

(WebInspector.DebuggerManager.restoreBreakpointsSoon):
(WebInspector.DebuggerManager.prototype.reset):
(WebInspector.DebuggerManager.prototype.debuggerDidPause):
(WebInspector.DebuggerManager.prototype.debuggerDidResume):
(WebInspector.DebuggerManager.prototype._mainResourceDidChange):
(WebInspector.DebuggerManager.prototype._didResumeInternal):
(WebInspector.DebuggerManager.prototype._associateBreakpointsWithSourceCode):
(WebInspector.DebuggerManager.prototype.debuggerDidResume.delayedWork): Deleted.

11:26 AM Changeset in webkit [189815] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebInspectorUI

Web Inspector: Closing the final inspector tab should be allowed
https://bugs.webkit.org/show_bug.cgi?id=149130

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-09-15
Reviewed by Brian Burg.

Previously we did not allow closing the last inspector tab. Now, we
will allow closing all inspector tabs, and when the last is closed,
present an unclosable New Tab tab, which would then be used to create
a new tab.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
If we have no tabs to restore, show the New Tab tab.

(WebInspector._openDefaultTab):
When the last tab is closed, the tab bar requests we open a default tab.
Open the New Tab tab.

(WebInspector.TabBar.prototype._handleClick):
Disallow closing the single default tab.

(WebInspector._newTabItemClicked):
(WebInspector.showNewTabTab):
Share logic for showing the New Tab tab.

  • UserInterface/Views/NewTabContentView.js:

(WebInspector.NewTabContentView):
Mark the new tab's tab bar item as the "default" tab bar item. It gets
special behavior when it is the single normal tab (cannot be closed).

  • UserInterface/Views/TabBar.css:

(body:not(.window-inactive) .tab-bar > .item:hover > .close):
(body:not(.window-inactive) .tab-bar.single-tab > .item.default-tab:hover > .close):
(.tab-bar.single-tab > .item.default-tab > .close):
(body:not(.window-inactive) .tab-bar:not(.single-tab) > .item:not(.hide-close-button):hover > .close): Deleted.
(.tab-bar > .item.hide-close-button > .close): Deleted.
Update styles to only disable the close button on the
"default-tab" when it is the "single-tab" open. Otherwise
always allow closing tabs.

  • UserInterface/Views/TabBar.js:

(WebInspector.TabBar.prototype.removeTabBarItem):
(WebInspector.TabBar.prototype.hasNormalTab):
(WebInspector.TabBar.prototype._openDefaultTab):
When removing the last normal tab, send an event to open
the default tab.

  • UserInterface/Views/TabBarItem.js:

(WebInspector.TabBarItem.prototype.get default):
(WebInspector.TabBarItem.prototype.get isDefaultTab):
(WebInspector.TabBarItem.prototype.set isDefaultTab):
(WebInspector.TabBarItem.prototype.get hideCloseButton): Deleted.
(WebInspector.TabBarItem.prototype.set hideCloseButton): Deleted.
Switch to marking a tab bar item as the default tab. This tab
will be allowed when it is the single remaining tab. Currently
the default tab is always the "New Tab" tab.

11:18 AM Changeset in webkit [189814] by BJ Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: new tab content view should disallow split console
https://bugs.webkit.org/show_bug.cgi?id=149164

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/NewTabContentView.js:

(WebInspector.NewTabContentView.prototype.get supportsSplitContentBrowser):

11:09 AM Changeset in webkit [189813] by beidson@apple.com
  • 10 edits in trunk/Source/WebCore

Make the IDBAny::Type enum into an enum class.
https://bugs.webkit.org/show_bug.cgi?id=149169.

Reviewed by Oliver Hunt.

No new tests (Cleanup, no behavior change).

  • Modules/indexeddb/IDBAny.h:
  • Modules/indexeddb/legacy/LegacyAny.cpp:

(WebCore::LegacyAny::createInvalid):
(WebCore::LegacyAny::createNull):
(WebCore::LegacyAny::LegacyAny):
(WebCore::LegacyAny::domStringList):
(WebCore::LegacyAny::idbCursor):
(WebCore::LegacyAny::idbCursorWithValue):
(WebCore::LegacyAny::idbDatabase):
(WebCore::LegacyAny::idbFactory):
(WebCore::LegacyAny::idbIndex):
(WebCore::LegacyAny::idbObjectStore):
(WebCore::LegacyAny::idbTransaction):
(WebCore::LegacyAny::scriptValue):
(WebCore::LegacyAny::string):
(WebCore::LegacyAny::integer):
(WebCore::LegacyAny::legacyCursor):
(WebCore::LegacyAny::legacyCursorWithValue):
(WebCore::LegacyAny::legacyDatabase):
(WebCore::LegacyAny::legacyFactory):
(WebCore::LegacyAny::legacyIndex):
(WebCore::LegacyAny::legacyObjectStore):
(WebCore::LegacyAny::legacyTransaction):

  • Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::LegacyCursor):
(WebCore::LegacyCursor::effectiveObjectStore):

  • Modules/indexeddb/legacy/LegacyObjectStore.cpp:
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp:

(WebCore::LegacyOpenDBRequest::dispatchEvent):

  • Modules/indexeddb/legacy/LegacyRequest.cpp:

(WebCore::LegacyRequest::getResultCursor):
(WebCore::effectiveObjectStore):

  • bindings/js/JSIDBAnyCustom.cpp:

(WebCore::toJS):

  • inspector/InspectorIndexedDBAgent.cpp:
  • page/DatabaseProvider.h:
10:48 AM Changeset in webkit [189812] by Michael Catanzaro
  • 1 edit
    1 delete in trunk/Source/WebCore/platform/gtk/po

[GTK] Remove outdated README under po directory
https://bugs.webkit.org/show_bug.cgi?id=149166

Reviewed by Martin Robinson.

  • README: Removed.
10:43 AM Changeset in webkit [189811] by commit-queue@webkit.org
  • 19 edits
    4 adds in trunk

[INTL] Implement supportedLocalesOf on Intl Constructors
https://bugs.webkit.org/show_bug.cgi?id=147599

Patch by Andy VanWagoner <thetalecrafter@gmail.com> on 2015-09-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements all of the abstract operations used by supportedLocalesOf,
except during canonicalization it does not replace redundant tags,
or subtags with their preferred values.

  • icu/unicode/ucal.h: Added.
  • icu/unicode/udat.h: Added.
  • icu/unicode/umisc.h: Added.
  • icu/unicode/unum.h: Added.
  • icu/unicode/utypes.h: Clear the U_SHOW_CPLUSPLUS_API flag to prevent C++ headers from being included.
  • runtime/CommonIdentifiers.h: Adde localeMatcher.
  • runtime/IntlCollatorConstructor.cpp:

(JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Implemented.

  • runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Implemented.

  • runtime/IntlNumberFormatConstructor.cpp:

(JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Implemented.

  • runtime/IntlObject.cpp:

(JSC::canonicalizeLanguageTag):
(JSC::getCanonicalLangTag):
(JSC::getPrivateUseLangTag):
(JSC::getGrandfatheredLangTag):
(JSC::canonicalizeLocaleList):
(JSC::bestAvailableLocale):
(JSC::lookupSupportedLocales):
(JSC::bestFitSupportedLocales):
(JSC::supportedLocales):
(JSC::getIntlStringOption):
(JSC::getIntlBooleanOption):

  • runtime/IntlObject.h:
  • runtime/JSCJSValue.h: Added toLength.
  • runtime/JSCJSValue.cpp: Added toLength.

(JSC::JSValue::toLength): Implement ToLength from ECMA 262 6.0 7.1.15

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::intlCollatorAvailableLocales): Added lazy locale list.
(JSC::JSGlobalObject::intlDateTimeFormatAvailableLocales): Added lazy locale list.
(JSC::JSGlobalObject::intlNumberFormatAvailableLocales): Added lazy locale list.

  • runtime/JSGlobalObject.h:

LayoutTests:

  • js/intl-collator-expected.txt: Added tests for supportedLocalesOf
  • js/intl-datetimeformat-expected.txt: Added tests for supportedLocalesOf
  • js/intl-numberformat-expected.txt: Added tests for supportedLocalesOf
  • js/script-tests/intl-collator.js: Added tests for supportedLocalesOf
  • js/script-tests/intl-datetimeformat.js: Added tests for supportedLocalesOf
  • js/script-tests/intl-numberformat.js: Added tests for supportedLocalesOf
9:36 AM Changeset in webkit [189810] by beidson@apple.com
  • 10 edits in trunk/Source

Move most IDB object encoding/decoding from WebKit2 to WebCore.
https://bugs.webkit.org/show_bug.cgi?id=149152

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Cleanup, no behavior change).

  • Modules/indexeddb/IDBDatabaseMetadata.h:

(WebCore::IDBDatabaseMetadata::encode):
(WebCore::IDBDatabaseMetadata::decode):

  • Modules/indexeddb/IDBIndexMetadata.h:

(WebCore::IDBIndexMetadata::encode):
(WebCore::IDBIndexMetadata::decode):

  • Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::encode):
(WebCore::IDBKeyData::decode):

  • Modules/indexeddb/IDBKeyPath.h:

(WebCore::IDBKeyPath::encode):
(WebCore::IDBKeyPath::decode):

  • Modules/indexeddb/IDBKeyRangeData.h:

(WebCore::IDBKeyRangeData::encode):
(WebCore::IDBKeyRangeData::decode):

  • Modules/indexeddb/IDBObjectStoreMetadata.h:

(WebCore::IDBObjectStoreMetadata::encode):
(WebCore::IDBObjectStoreMetadata::decode):

Source/WebKit2:

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<IDBDatabaseMetadata>::encode): Deleted.
(IPC::ArgumentCoder<IDBDatabaseMetadata>::decode): Deleted.
(IPC::ArgumentCoder<IDBIndexMetadata>::encode): Deleted.
(IPC::ArgumentCoder<IDBIndexMetadata>::decode): Deleted.
(IPC::ArgumentCoder<IDBKeyData>::encode): Deleted.
(IPC::ArgumentCoder<IDBKeyData>::decode): Deleted.
(IPC::ArgumentCoder<IDBKeyPath>::encode): Deleted.
(IPC::ArgumentCoder<IDBKeyPath>::decode): Deleted.
(IPC::ArgumentCoder<IDBKeyRangeData>::encode): Deleted.
(IPC::ArgumentCoder<IDBKeyRangeData>::decode): Deleted.
(IPC::ArgumentCoder<IDBObjectStoreMetadata>::encode): Deleted.
(IPC::ArgumentCoder<IDBObjectStoreMetadata>::decode): Deleted.

  • Shared/WebCoreArgumentCoders.h:
8:51 AM Changeset in webkit [189809] by beidson@apple.com
  • 11 edits in trunk/Source

Make the enum IDBKey::Type into a utility enum class.
https://bugs.webkit.org/show_bug.cgi?id=149149

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Cleanup, no behavior change).

  • Modules/indexeddb/IDBKey.cpp:

(WebCore::IDBKey::isValid):
(WebCore::IDBKey::compare):

  • Modules/indexeddb/IDBKey.h:

(WebCore::IDBKey::createNumber):
(WebCore::IDBKey::createDate):
(WebCore::IDBKey::createMultiEntryArray):
(WebCore::IDBKey::createArray):
(WebCore::IDBKey::type):
(WebCore::IDBKey::array):
(WebCore::IDBKey::string):
(WebCore::IDBKey::date):
(WebCore::IDBKey::number):
(WebCore::IDBKey::compareTypes):
(WebCore::IDBKey::IDBKey):

  • Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::IDBKeyData):
(WebCore::IDBKeyData::maybeCreateIDBKey):
(WebCore::IDBKeyData::isolatedCopy):
(WebCore::IDBKeyData::encode):
(WebCore::IDBKeyData::decode):
(WebCore::IDBKeyData::compare):
(WebCore::IDBKeyData::loggingString):
(WebCore::IDBKeyData::setArrayValue):
(WebCore::IDBKeyData::setStringValue):
(WebCore::IDBKeyData::setDateValue):
(WebCore::IDBKeyData::setNumberValue):

  • Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::IDBKeyData):
(WebCore::IDBKeyData::minimum):
(WebCore::IDBKeyData::maximum):

  • Modules/indexeddb/IndexedDB.h:
  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::idbKeyToJSValue):
(WebCore::createIDBKeyFromValue):
(WebCore::createIDBKeyFromScriptValueAndKeyPath):
(WebCore::generateIndexKeysForValue):

  • inspector/InspectorIndexedDBAgent.cpp:

Source/WebKit2:

  • DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:

(WebKit::UniqueIDBDatabase::putRecordInBackingStore):

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<IDBKeyData>::encode):
(IPC::ArgumentCoder<IDBKeyData>::decode):

8:33 AM Changeset in webkit [189808] by achristensen@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed gardening.

  • platform/win/TestExpectations:

Fix Windows tests after r189769.

8:11 AM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose bug #149064 (diff)
8:01 AM Changeset in webkit [189807] by Csaba Osztrogonác
  • 2 edits in trunk

[cmake] Enable debug fission only if it is supported
https://bugs.webkit.org/show_bug.cgi?id=149161

Reviewed by Martin Robinson.

  • Source/cmake/OptionsCommon.cmake:
7:48 AM Changeset in webkit [189806] by jfernandez@igalia.com
  • 3 edits in trunk/Source/WebCore

[CSS Grid Layout] Using {row, column}-axis terms in alignment related logic
https://bugs.webkit.org/show_bug.cgi?id=148942

Reviewed by Sergio Villar Senin.

This patch changes the names of several functions and variables
defined to implement the alignment logic. We want to use from now
on the terms row-axis and column-axis when referring to the
alignment direction the logic is applied to.

No new tests, no new functionality.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
(WebCore::RenderGrid::findChildLogicalPosition):

  • rendering/RenderGrid.h:
4:06 AM Changeset in webkit [189805] by Sukolsak Sakshuwong
  • 1 edit in trunk/Source/JavaScriptCore/jit/JITOperations.cpp

Build fix after r189774

  • jit/JITOperations.cpp
1:57 AM Changeset in webkit [189804] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10

Merge r189680 - Document.title does not behave according to specification
https://bugs.webkit.org/show_bug.cgi?id=149098

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-01-expected.txt:
  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-02-expected.txt:

Source/WebCore:

Update Document.title to behave according to the latest DOM specification:
https://html.spec.whatwg.org/multipage/dom.html#document.title

In particular, the following Web-Exposed changes were made:

  1. The title Element should be the first title element in the document (in tree order) [1]. Previously, WebKit would use the first title Element *added* to the Document. Document.title returns the text content of the title Element so this change is web-exposed.
  2. If the title Element is replaced after the title has been set by the JS (via the document.title setter), we should update the value returned by the document.title getter. Previously, WebKit would set a flag if the title was explicitly set by JS via document.title setter and later title element changes would not override the title set by the JS. This behavior isn't specified and does not match the behavior of other browsers.

The new behavior is also consistent with the behavior of Firefox and
Chrome.

Some refactoring was made for the sake of clarity now that our
implementation has changed. See details below.

[1] https://html.spec.whatwg.org/multipage/dom.html#the-title-element-2

No new tests, already covered by existing tests.

  • dom/Document.cpp:

(WebCore::Document::updateTitleFromTitleElement):
New convenience method that calls updateTitle() with the text of the
document's current title Element. If there is no title Element, it
clears the title.

(WebCore::Document::updateTitleElement):
Method which updates the Document's title Element whenever a title
Element is added or removed from the Document. Once the title Element
is updated, it takes care of calling updateTitleFromTitleElement() to
update the Document's title.

(WebCore::Document::titleElementAdded):
(WebCore::Document::titleElementRemoved):
(WebCore::Document::titleElementTextChanged):
New Document public API called by HTMLTitleElement / SVGTitleElement
whenever a title Element is added / removed from the Document or
whenever the title element's text has changed. These methods will
take care of calling updateTitleElement() / updateTitleFromTitleElement()
as necessary.
Previously, we would only have 2 methods:

  • setTitleElement() which would be called whenever a title Element was added to the document or when its text had changed. The name was confusing because it would not necessarily set the document's title Element and it would be used both for title element update and a simple title update. This method has been split into 2: titleElementAdded() and titleElementTextChanged().
  • removeTitle() which would be called whenever a title Element was removed. The naming was confusing because it would not necessarily remove the Document's title Element. This is now called titleElementRemoved().
  • html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::insertedInto):
Call the new titleElementAdded() instead of setTitleElement().

(WebCore::HTMLTitleElement::removedFrom):
Call the new titleElementRemoved() instead of removeTitle().

(WebCore::HTMLTitleElement::childrenChanged):
Call the new titleElementTextChanged() instead of
setTitleElement() / removeTitle() as we don't really want
to remove or add a title Element. We merely want to notify
the document that the title element text has changed in
case it is the current title Element of the Document.

(WebCore::HTMLTitleElement::computedTextWithDirection):
Rename textWithDirection() to computedTextWithDirection() to
make it clear it is not a simple getter and make it private
as it is only used to set the m_title member which caches the
computed text.

  • html/HTMLTitleElement.h:

Add new textWithDirection() getter which returns m_title. This
is needed so that Document can query the title of the Element.
Previously, HTMLTitleElement would pass directly m_title to
the Document when calling Document::setTitleElement().

  • svg/SVGTitleElement.cpp:

(WebCore::SVGTitleElement::insertedInto):
Call the new titleElementAdded() instead of setTitleElement().

(WebCore::SVGTitleElement::removedFrom):
Call the new titleElementRemoved() instead of removeTitle().

(WebCore::SVGTitleElement::childrenChanged):
Call the new titleElementTextChanged() instead of
setTitleElement().

1:52 AM WebKitGTK/2.10.x edited by Carlos Garcia Campos
(diff)
1:39 AM Changeset in webkit [189803] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.10

Merge r189679 - document.lastModified should use the user's local time zone
https://bugs.webkit.org/show_bug.cgi?id=149092
LayoutTests/imported/w3c:

<rdar://problem/22567705>

Reviewed by Ryosuke Niwa.

Rebaseline a couple of W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/documents/resource-metadata-management/document-lastModified-01-expected.txt:
  • web-platform-tests/html/dom/documents/resource-metadata-management/document-lastModified-expected.txt:

Source/WebCore:

<rdar://problem/22567705>

Reviewed by Ryosuke Niwa.

document.lastModified should use the user's local time zone:
https://html.spec.whatwg.org/multipage/dom.html#dom-document-lastmodified

Chrome and Firefox comply with the specification but WebKit was using
UTC. This patch aligns WebKit's behavior with the specification and
other browsers.

No new tests, already covered by existing tests.

  • dom/Document.cpp:

(WebCore::Document::lastModified):
(WebCore::Document::setCookieURL): Deleted.

LayoutTests:

Reviewed by Ryosuke Niwa.

Update test so that it converts document.lastModified to UTF before
printing it. This is so that we can consistent layout tests results, no
matter the system's timezone.

  • http/tests/misc/last-modified-parsing-expected.txt:
  • http/tests/resources/last-modified.php:
1:37 AM Changeset in webkit [189802] by Carlos Garcia Campos
  • 14 edits
    2 deletes in releases/WebKitGTK/webkit-2.10

Merge r189677 - Node.baseURI should not return null for detached nodes
https://bugs.webkit.org/show_bug.cgi?id=149104
<rdar://problem/22559535>

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

  • web-platform-tests/dom/nodes/Node-baseURI-expected.txt:

Source/WebCore:

Node.baseURI should not return null for detached nodes. It should return
the node document's base URL. The node document is set when the node is
created so it is valid even if the node is detached [1]:
https://dom.spec.whatwg.org/#dom-node-baseuri

WebKit was traversing the ancestors to find the base URL, which only
works if the node is attached. Also, WebKit was taking into account
the xml:base attribute when computing the baseURI.

Both Chrome and Firefox already dropped support for xml:base:
https://code.google.com/p/chromium/issues/detail?id=341854
https://bugzilla.mozilla.org/show_bug.cgi?id=903372

Firefox complies with the specification. Chrome's baseURI still only
works for attached Nodes as their implementation still traverses the
DOM tree, despite dropping support for xml:base.

This patch drops support xml:base when computing Node.baseURI, as
Firefox, Chrome and the latest DOM specification do. It also makes
Node.baseURI work for detached Nodes by returning the base URL of the
node Document. This means we no longer have to traverse the Node's
ancestors in the DOM tree. This is consistent with the behavior of
Firefox and the latest DOM specification.

This patch does not drop the SVGElement.xmlbase attribute yet. However,
we should probably consider making this change as well given that:

  • The SVG2 specification dropped it
  • Chrome dropped it.
  • It no longers impacts Node.baseURI

[1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=20976

No new tests, already covered by existing test.

  • dom/Document.cpp:

(WebCore::Document::setContent): Deleted.

  • dom/Document.h:

(WebCore::Document::inputCursor): Deleted.

  • dom/DocumentType.cpp:

(WebCore::DocumentType::nodeName): Deleted.

  • dom/DocumentType.h:
  • dom/Element.cpp:

(WebCore::Element::imageSourceURL): Deleted.
(WebCore::Element::rendererIsNeeded): Deleted.
(WebCore::Element::createElementRenderer): Deleted.
(WebCore::Element::insertedInto): Deleted.

  • dom/Element.h:
  • dom/Node.cpp:

(WebCore::Node::baseURI):

  • dom/Node.h:
  • svg/SVGElement.idl:

LayoutTests:

  • dom/xhtml/level3/core/nodegetbaseuri03-expected.txt:

Rebaseline outdated DOM3 test.

  • svg/custom/image-base-uri-expected.txt: Removed.
  • svg/custom/image-base-uri.svg: Removed.

Drop outdated SVG test. SVG2 no longer support xml:base.

1:15 AM Changeset in webkit [189801] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189673 - Webkit Gujarati Translations
https://bugs.webkit.org/show_bug.cgi?id=139530

Unreviewed.

Patch by Ankit Patel <ankit@redhat.com> on 2015-09-13

  • gu.po:
1:14 AM Changeset in webkit [189800] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189667 - Updated Spanish translation
https://bugs.webkit.org/show_bug.cgi?id=145550

Unreviewed.

Patch by Francisco Serrador <fserrador@gmail.com> on 2015-09-12

  • es.po:
1:13 AM Changeset in webkit [189799] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189666 - Updated Slovenian translation
https://bugs.webkit.org/show_bug.cgi?id=123080

Unreviewed.

Patch by Matej Urbančič <mateju@svn.gnome.org> on 2015-09-12

  • sl.po:
1:13 AM Changeset in webkit [189798] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189665 - Webkit Tamil translations updated
https://bugs.webkit.org/show_bug.cgi?id=139478

Unreviewed.

Patch by Shantha kumar <shkumar@redhat.com> on 2015-09-12

  • ta.po:
1:12 AM Changeset in webkit [189797] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189664 - [l10n] Updated Bulgarian translation
https://bugs.webkit.org/show_bug.cgi?id=142611

Unreviewed.

Patch by Zahari Yurukov <zahari.yurukov@gmail.com> on 2015-09-12

  • bg.po:
1:11 AM Changeset in webkit [189796] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189663 - [l10n] Updated Polish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148475

Unreviewed.

Patch by Piotr Drąg <piotrdrag@gmail.com> on 2015-09-12

  • pl.po:
1:10 AM Changeset in webkit [189795] by Carlos Garcia Campos
  • 1 edit in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po/ChangeLog

Merge r189662 - [GTK] [l10n] Updated Turkish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148362

Unreviewed.

Patch by Muhammet Kara <muhammetk@gmail.com> on 2015-09-12

  • tr.po: Added.
1:10 AM Changeset in webkit [189794] by Carlos Garcia Campos
  • 1 edit
    1 add in releases/WebKitGTK/webkit-2.10/Source/WebCore/platform/gtk/po

Merge r189661 - [GTK] [l10n] Updated Turkish translation of WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=148362

Unreviewed.

  • tr.po: Added.
1:07 AM Changeset in webkit [189793] by Carlos Garcia Campos
  • 8 edits
    4 adds in releases/WebKitGTK/webkit-2.10

Merge r189594 - [New Block-Inside-Inline Model] Self-collapsing block check needs to account for anonymous inline blocks
https://bugs.webkit.org/show_bug.cgi?id=149042

Reviewed by Dean Jackson.

Source/WebCore:

Added new tests in fast/block/inside-inlines/

  • rendering/InlineFlowBox.cpp:
  • rendering/InlineFlowBox.h:

(WebCore::InlineFlowBox::anonymousInlineBlock):
Add a new accessor to get the anonymousInlineBlock() for lines that wrap them.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::childrenPreventSelfCollapsing):
(WebCore::RenderBlock::isSelfCollapsingBlock):
isSelfCollapsingBlock() now calls a virtual method that checks lines/children called childrenPreventSelfCollapsing.
This lets us farm out the lines check to the derived RenderBlockFlow class.

  • rendering/RenderBlock.h:

(WebCore::RenderBlock::childrenPreventSelfCollapsing):
Added new virtual method for checking children.

  • rendering/RenderBlockFlow.cpp:
  • rendering/RenderBlockFlow.h:

(WebCore::RenderBlockFlow::childrenPreventSelfCollapsing):
Overridden to ensure that blocks can still be self-collapsing if they only contain anonymous inline-block lines that
are also self-collapsing.

LayoutTests:

  • fast/block/inside-inlines/new-model/self-collapsing-test-expected.html: Added.
  • fast/block/inside-inlines/new-model/self-collapsing-test.html: Added.
  • fast/block/inside-inlines/self-collapsing-test-expected.html: Added.
  • fast/block/inside-inlines/self-collapsing-test.html: Added.
12:59 AM Changeset in webkit [189792] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189587 - sendProcessWillSuspendImminently uses a wrong message flag
https://bugs.webkit.org/show_bug.cgi?id=148995

Reviewed by Alexey Proskuryakov.

Remove use of flag IPC::InterruptWaitingIfSyncMessageArrives as it does not make
sense when sending a sync message.

  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently):

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::sendProcessWillSuspendImminently):

12:56 AM Changeset in webkit [189791] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189581 - [WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
https://bugs.webkit.org/show_bug.cgi?id=148794

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

Checking bad shaders, precision matching and varyings packing are all valid for GL ES too.

Test: webgl/1.0.2/conformance/programs/program-test.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::linkProgram):

12:54 AM Changeset in webkit [189790] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189580 - Static variables in GraphicsContext3DOpenGLCommon should be avoided because of the race condition
https://bugs.webkit.org/show_bug.cgi?id=148957

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

There is no guarantee that only one thread calls GraphicsContext3D::compileShader() at a time so it would be
better to use a thread local storage variable rather than use a static variable.

No new tests. No behavioural changes.

  • platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::getCurrentNameHashMapForShader):
(WebCore::setCurrentNameHashMapForShader):
(WebCore::nameHashForShader):
(WebCore::GraphicsContext3D::compileShader):
(WebCore::GraphicsContext3D::mappedSymbolName):

12:52 AM Changeset in webkit [189789] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Merge r189566 - [GTK] Volume bar is broken
https://bugs.webkit.org/show_bug.cgi?id=145639

Reviewed by Philippe Normand.

Source/WebCore:

The ControlPart enum values' order has mismatched the one of values in CSSValueKeywords.in
after r180965. The MediaVolumeSliderPart should be prior to the MediaVolumeSliderContainerpart.

Tests: media/click-volume-bar-not-pausing.html

media/volume-bar-empty-when-muted.html

  • platform/ThemeTypes.h:

LayoutTests:

Unblock relevant tests. media/click-volume-bar-not-pausing.html, media/volume-bar-empty-when-muted.html

  • platform/gtk/TestExpectations:
12:41 AM Changeset in webkit [189788] by Carlos Garcia Campos
  • 3 edits
    6 adds in releases/WebKitGTK/webkit-2.10

Merge r189560 - CSS general sibling selectors does not work without CSS JIT
https://bugs.webkit.org/show_bug.cgi?id=148987
rdar://problem/22559860

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-09
Reviewed by Andreas Kling.

Source/WebCore:

When traversing with the indirect adjacent combinator, SelectorChecker
was not setting the style invalidation flag on the right element.

Tests: fast/css/indirect-adjacent-style-invalidation-1.html

fast/css/indirect-adjacent-style-invalidation-2.html
fast/css/indirect-adjacent-style-invalidation-3.html

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

LayoutTests:

There are multiple variations of the same tests to test
cases where we JIT and cases without JIT.

  • fast/css/indirect-adjacent-style-invalidation-1-expected.txt: Added.
  • fast/css/indirect-adjacent-style-invalidation-1.html: Added.
  • fast/css/indirect-adjacent-style-invalidation-2-expected.txt: Added.
  • fast/css/indirect-adjacent-style-invalidation-2.html: Added.
  • fast/css/indirect-adjacent-style-invalidation-3-expected.txt: Added.
  • fast/css/indirect-adjacent-style-invalidation-3.html: Added.
12:38 AM Changeset in webkit [189787] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189555 - Setting document.title when there is no title and no head element should no nothing
https://bugs.webkit.org/show_bug.cgi?id=149005
<rdar://problem/22567524>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline tests now that more checks are passing.

  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-01-expected.txt:
  • web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-02-expected.txt:

Source/WebCore:

Setting document.title when there is no title element and no head
element should no nothing:

Firefox and Chrome comply with the specification. However, WebKit
was returning the updated title when querying document.title after
setting it.

No new tests, covered by existing tests.

  • dom/Document.cpp:

(WebCore::Document::setTitle):

12:33 AM Changeset in webkit [189786] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189546 - fast/dom/rtl-scroll-to-leftmost-and-resize.html is a flaky timeout - IPC drops messages
https://bugs.webkit.org/show_bug.cgi?id=148951

Reviewed by Anders Carlsson.

Source/WebKit2:

  • Platform/IPC/Connection.cpp:

(IPC::Connection::waitForMessage): Don't modify m_waitingForMessage without holding
a lock. This is not part of this fix, but seems necessary for correctness.
(IPC::Connection::processIncomingMessage): Don't interrupt a wait that has already succeeded.

LayoutTests:

  • platform/mac-wk2/TestExpectations: Unmark the test (it still fails per platform/mac

expectations, which is unrelated).

12:28 AM Changeset in webkit [189785] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189540 - REGRESSION: Inline-block baseline is wrong when zero-width replaced child is present
https://bugs.webkit.org/show_bug.cgi?id=147452
rdar://problem/21943074

Reviewed by Myles Maxfield.

Source/WebCore:

Added new test in fast/inline-block

Treat zero width replaced elements the same as replaced elements with width. Instead of
clearing floats based off having no committed width, we instead track both committed
width and committed replaced objects. We do this with two new booleans in LineWidth
so that we know when we have uncomitted and committed replaced objects.

  • rendering/line/BreakingContext.h:

(WebCore::BreakingContext::handleReplaced):
(WebCore::BreakingContext::handleText):
(WebCore::BreakingContext::canBreakAtThisPosition):
(WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):

  • rendering/line/LineWidth.cpp:

(WebCore::LineWidth::LineWidth):
(WebCore::LineWidth::commit):
(WebCore::LineWidth::applyOverhang):

  • rendering/line/LineWidth.h:

(WebCore::LineWidth::committedWidth):
(WebCore::LineWidth::availableWidth):
(WebCore::LineWidth::logicalLeftOffset):
(WebCore::LineWidth::hasCommitted):
(WebCore::LineWidth::addUncommittedWidth):
(WebCore::LineWidth::addUncommittedReplacedWidth):

LayoutTests:

  • fast/inline-block/baseline-with-zero-width-replaced-child-expected.html: Added.
  • fast/inline-block/baseline-with-zero-width-replaced-child.html: Added.
12:25 AM Changeset in webkit [189784] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189531 - [JSC] reduce the amount of memory access needed for LivenessAnalysisPhase
https://bugs.webkit.org/show_bug.cgi?id=148414

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-08
Reviewed by Mark Lam.

LivenessAnalysisPhase still causes a huge number of cache miss.
This patch reduces the amount of accesses needed by the HashTables.

  • dfg/DFGBasicBlock.h:
  • dfg/DFGLivenessAnalysisPhase.cpp:

(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::process):

12:20 AM Changeset in webkit [189783] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189526 - Crash when WebCore::SQLiteFileSystem::openDatabase is called from multiple threads
https://bugs.webkit.org/show_bug.cgi?id=143245

Reviewed by Darin Adler.

sqlite3_initialize is documented to be thread-safe, and to be called automatically by the
library when needed, so applications should never need to call it directly. The problem is,
it's not thread-safe: we have documented instances of GNOME Builder, Devhelp, Epiphany, and
cinnamon-screensaver crashing when sqlite3_initialize is called simultaneously in separate
threads (usually inside sqlite3_open). So call it manually, guarded using std::call_once, to
make sure that the library is fully initialized before the first call to sqlite3_open. It's
a good idea to do this regardless, because the documentation says it could be required in
a future release of SQLite. (Though the use of std::call_once should not be needed, and is
only used to attempt to work around the crashes.)

This is a workaround for an SQLite bug that might have been fixed upstream, but the SQLite
developers are not really confident in the thread-safety of this function, and have advised
that we carry the workaround. Seems like a good idea.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::SQLiteDatabase):

12:17 AM Changeset in webkit [189782] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10

Merge r189502 - document.importNode(node, deep): deep's default value should be false
https://bugs.webkit.org/show_bug.cgi?id=148959
<rdar://problem/22558915>

Reviewed by Alexey Proskuryakov.

LayoutTests/imported/w3c:

  • web-platform-tests/dom/nodes/Document-importNode-expected.txt:

Rebaseline now that an additional check is passing.

Source/WebCore:

Switch deep parameter's default value for document.importNode() to
false, as per the latest DOM specification:

Firefox and Chrome follow the specification. However, WebKit was using
"true" for deep's default value.

No new tests, already covered by:
imported/w3c/web-platform-tests/dom/nodes/Document-importNode.html

  • dom/Document.h:

(WebCore::Document::importNode):

LayoutTests:

  • fast/dom/document-importNode-arguments.html:

Explicitly pass deep parameter as the test wants a deep clone.

Sep 14, 2015:

11:59 PM Changeset in webkit [189781] by Carlos Garcia Campos
  • 11 edits
    8 adds in releases/WebKitGTK/webkit-2.10

Merge r189469 - ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::get(); update form
association after subtree insertion
https://bugs.webkit.org/show_bug.cgi?id=148919
<rdar://problem/21868036>

Patch by Daniel Bates <dabates@apple.com> on 2015-09-07
Reviewed by Andy Estes.

Source/WebCore:

Currently we update the form association of a form control upon insertion into
the document. Instead we should update the form association of a form control
after its containing subtree is inserted into the document to avoid an assertion
failure when the containing subtree has an element whose id is identical to both
the id of some other element in the document and the name of the form referenced
by the inserted form control.

Tests: fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html

fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html
fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html
fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto): Moved resetFormOwner() from here
to {HTMLFormControlElement, HTMLObjectElement}::finishedInsertingSubtree().

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree
so that HTMLFormControlElement::finishedInsertingSubtree() is called.
(WebCore::HTMLFormControlElement::finishedInsertingSubtree): Added; turn around and
call FormAssociatedElement::resetFormOwner().

  • html/HTMLFormControlElement.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so
that HTMLInputElement::finishedInsertingSubtree() is called and move logic to update radio button
group from here...
(WebCore::HTMLInputElement::finishedInsertingSubtree): to here.

  • html/HTMLInputElement.h:
  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so
that HTMLObjectElement::finishedInsertingSubtree() is called.
(WebCore::HTMLObjectElement::finishedInsertingSubtree): Added; turn around and
call FormAssociatedElement::resetFormOwner().

  • html/HTMLObjectElement.h:
  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::insertedInto): Modified to return the result of
HTMLFormControlElementWithState::insertedInto(), which may schedule a callback after subtree
insertion.

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::insertedInto): Ditto.

LayoutTests:

Add tests to ensure that updating the form association of a form control in a subtree
does not cause an assertion failure.

  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure-expected.txt: Added.
  • fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html: Added.
11:53 PM Changeset in webkit [189780] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10

Merge r189445 - XHR2 timeout property should allow late updates
https://bugs.webkit.org/show_bug.cgi?id=98156

Reviewed by Darin Adler.

Source/WebCore:

Adding a timer within XMLHttpRequest to handle timeouts for asynchronous requests.
This allows easy update of the timeout even after request is sent.
Timeout is still handled by the network backend for synchronous requests (Web worker context).

Covered by updated tests.

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::XMLHttpRequest): Adding timeout timer initialization.
(WebCore::XMLHttpRequest::setTimeout): Updating timeout timer state if request is sent.
(WebCore::XMLHttpRequest::createRequest): Starting timeout timer if needed.
(WebCore::XMLHttpRequest::internalAbort): Stopping timeout timer if needed.
(WebCore::XMLHttpRequest::didFail): Adding comment.
(WebCore::XMLHttpRequest::didFinishLoading): Stopping timeout timer if needed.

  • xml/XMLHttpRequest.h:

LayoutTests:

Activating test checking that timeout can be updated after request is sent.

  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides-expected.txt:
  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.js:
  • http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-worker-overrides-expected.txt:
11:48 PM Changeset in webkit [189779] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189442 - Leak in WebContextInjectedBundleClient::getInjectedBundleInitializationUserData
https://bugs.webkit.org/show_bug.cgi?id=148769

Fix suggested by Zan Dobersek.

Reviewed by Darin Adler.

  • UIProcess/WebContextInjectedBundleClient.cpp:

(WebKit::WebContextInjectedBundleClient::getInjectedBundleInitializationUserData):

11:46 PM Changeset in webkit [189778] by ap@apple.com
  • 3 edits in trunk/LayoutTests

Layout Test http/tests/media/media-document-referer.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=145257

Reviewed by Chris Dumez.

  • http/tests/media/media-document-referer.html: Increase the timeout, one second is not much.
  • platform/gtk/TestExpectations: Fingers crossed, this will help Gtk as well.
11:25 PM Changeset in webkit [189777] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

Unreviewed, EFL gardening on 15th Sep.

Mark tests of css1/box_properties to flaky and tests of editing, fast are set to timeout.

  • platform/efl/TestExpectations:
11:00 PM Changeset in webkit [189776] by Gyuyoung Kim
  • 24 edits in trunk/Source/WebCore

Remove all uses of PassRefPtr in WebCore/xml
https://bugs.webkit.org/show_bug.cgi?id=149114

Reviewed by Darin Adler.

  • dom/DecodedDataDocumentParser.h:
  • dom/DocumentParser.h:
  • dom/RawDataDocumentParser.h:
  • html/FTPDirectoryDocument.cpp:

(WebCore::FTPDirectoryDocumentParser::append):

  • html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::append):

  • html/parser/HTMLDocumentParser.h:
  • html/parser/TextDocumentParser.cpp:

(WebCore::TextDocumentParser::append):

  • html/parser/TextDocumentParser.h:
  • xml/NativeXPathNSResolver.cpp:

(WebCore::NativeXPathNSResolver::NativeXPathNSResolver):

  • xml/NativeXPathNSResolver.h:

(WebCore::NativeXPathNSResolver::create):

  • xml/XMLErrors.cpp:

(WebCore::createXHTMLParserErrorHeader):

  • xml/XMLHttpRequestProgressEventThrottle.cpp:

(WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent):
(WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent):
(WebCore::XMLHttpRequestProgressEventThrottle::dispatchDeferredEvents):

  • xml/XMLHttpRequestProgressEventThrottle.h:
  • xml/XMLSerializer.h:
  • xml/XPathEvaluator.cpp:

(WebCore::XPathEvaluator::createExpression):
(WebCore::XPathEvaluator::createNSResolver):
(WebCore::XPathEvaluator::evaluate):

  • xml/XPathEvaluator.h:
  • xml/XPathNodeSet.h: Fix style errors.

(WebCore::XPath::NodeSet::NodeSet):
(WebCore::XPath::NodeSet::append):

  • xml/XPathPath.cpp:

(WebCore::XPath::Filter::evaluate):
(WebCore::XPath::LocationPath::evaluate):

  • xml/XPathValue.h: ditto.

(WebCore::XPath::Value::Value):
(WebCore::XPath::Value::Data::create):
(WebCore::XPath::Value::Data::Data):

  • xml/XSLTProcessor.cpp:

(WebCore::XSLTProcessor::transformToDocument):
(WebCore::XSLTProcessor::transformToFragment):

  • xml/XSLTProcessor.h:

(WebCore::XSLTProcessor::setXSLStyleSheet):
(WebCore::XSLTProcessor::importStylesheet):

  • xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::append):

  • xml/parser/XMLDocumentParser.h:
9:05 PM Changeset in webkit [189775] by commit-queue@webkit.org
  • 9 edits in trunk/Source/JavaScriptCore

rename callFrameForThrow to callFrameForCatch
https://bugs.webkit.org/show_bug.cgi?id=149136

Patch by Saam barati <sbarati@apple.com> on 2015-09-14
Reviewed by Michael Saboff.

We use "callFrameForThrow" to mean the call frame in
which we're catching the exception. The field name
should accurately represent its purpose by being
named "callFrameForCatch".

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

  • jit/JITOperations.cpp:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/VM.h:

(JSC::VM::exceptionOffset):
(JSC::VM::callFrameForCatchOffset):
(JSC::VM::targetMachinePCForThrowOffset):
(JSC::VM::callFrameForThrowOffset): Deleted.

8:00 PM Changeset in webkit [189774] by msaboff@apple.com
  • 43 edits
    7 adds in trunk/Source/JavaScriptCore

[ES6] Implement tail calls in the LLInt and Baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=148661

Patch by Basile Clement <basile_clement@apple.com> on 2015-09-14
Reviewed by Filip Pizlo.

This patch introduces two new opcodes, op_tail_call and
op_tail_call_varargs, to perform tail calls, and implements them in the
LLInt and baseline JIT. Their use prevents DFG and FTL compilation for
now. They are currently implemented by sliding the call frame and
masquerading as our own caller right before performing an actual call.

This required to change the operationLink family of operation to return
a SlowPathReturnType instead of a char* in order to distinguish between
exception cases and actual call cases. We introduce a new FrameAction
enum that indicates whether to reuse (non-exceptional tail call) or
keep the current call frame (non-tail call, and exceptional cases).

This is also a semantics change, since the Function.caller property is
now leaking tail calls. Since tail calls are only used in strict mode,
which poisons this property, the only way of seeing this semantics
change is when a sloppy function calls a strict function that then
tail-calls a sloppy function. Previously, the second sloppy function's
caller would have been the strict function (i.e. raises a TypeError
when the .caller attribute is accessed), while it is now the first
sloppy function. Tests have been updated to reflect that.

This also changes the assumptions we make about call frames. In order
to be relatively efficient, we want to be able to compute the frame
size based only on the argument count, which was not possible
previously. To enable this, we now enforce at the bytecode generator,
DFG and FTL level that any space reserved for a call frame is
stack-aligned, which allows to easily compute its size when performing
a tail call. In all the "special call cases" (calls from native code,
inlined cache calls, etc.), we are starting the frame at the current
stack pointer and thus will always have a stack-aligned frame size.

Finally, this patch adds a couple of tests to check that tail calls run
in constant stack space, as well as tests checking that tail calls are
recognized correctly. Those tests use the handy aforementioned leaking
of tail calls through Function.caller to detect tail calls.

Given that this patch only implements tail calls for the LLInt and
Baseline JIT, tail calls are disabled by default. Until changes are
landed for all tiers, tail call testing and use requires the
--enableTailCalls=true or equivalent.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/AbortReason.h:
  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::repatchNearCall):
(JSC::AbstractMacroAssembler::repatchCompact):

  • assembler/CodeLocation.h:

(JSC::CodeLocationNearCall::CodeLocationNearCall):
(JSC::CodeLocationNearCall::callMode):
(JSC::CodeLocationCommon::callAtOffset):
(JSC::CodeLocationCommon::nearCallAtOffset):
(JSC::CodeLocationCommon::dataLabelPtrAtOffset):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::locationOf):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::nearCall):
(JSC::MacroAssemblerARM::nearTailCall):
(JSC::MacroAssemblerARM::call):
(JSC::MacroAssemblerARM::linkCall):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::nearCall):
(JSC::MacroAssemblerARM64::nearTailCall):
(JSC::MacroAssemblerARM64::ret):
(JSC::MacroAssemblerARM64::linkCall):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::linkCall):

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::nearCall):
(JSC::MacroAssemblerMIPS::nearTailCall):
(JSC::MacroAssemblerMIPS::call):
(JSC::MacroAssemblerMIPS::linkCall):
(JSC::MacroAssemblerMIPS::repatchCall):

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::call):
(JSC::MacroAssemblerSH4::nearTailCall):
(JSC::MacroAssemblerSH4::nearCall):
(JSC::MacroAssemblerSH4::linkCall):
(JSC::MacroAssemblerSH4::repatchCall):

  • assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::linkCall):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::breakpoint):
(JSC::MacroAssemblerX86Common::nearTailCall):
(JSC::MacroAssemblerX86Common::nearCall):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::linkCall):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor):
(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::specializationKind):
(JSC::CallLinkInfo::callModeFor):
(JSC::CallLinkInfo::callMode):
(JSC::CallLinkInfo::isTailCall):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::registerPreservationMode):

  • bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):

  • bytecode/CallMode.cpp: Added.

(WTF::printInternal):

  • bytecode/CallMode.h: Added.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCallEval):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitConstructVarargs):

  • bytecompiler/NodesCodegen.cpp:

(JSC::CallArguments::CallArguments):
(JSC::LabelNode::emitBytecode):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):

  • interpreter/Interpreter.h:

(JSC::Interpreter::isCallBytecode):

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::jumpToExceptionHandler):
(JSC::CCallHelpers::prepareForTailCallSlow):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):

  • jit/JITCall32_64.cpp:

(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

  • jit/JITInlines.h:

(JSC::JIT::emitNakedCall):
(JSC::JIT::emitNakedTailCall):
(JSC::JIT::updateTopCallFrame):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.cpp:

(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

  • jit/ThunkGenerators.cpp:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::arityFixupGenerator):
(JSC::unreachableGenerator):
(JSC::baselineGetterReturnThunkGenerator):

  • jit/ThunkGenerators.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
(JSC::CommonSlowPaths::opIn):

  • runtime/Options.h:
  • tests/stress/mutual-tail-call-no-stack-overflow.js: Added.

(shouldThrow):
(sloppyCountdown.even):
(sloppyCountdown.odd):
(strictCountdown.even):
(strictCountdown.odd):
(strictCountdown):
(odd):
(even):

  • tests/stress/tail-call-no-stack-overflow.js: Added.

(shouldThrow):
(strictLoop):
(strictLoopArityFixup1):
(strictLoopArityFixup2):

  • tests/stress/tail-call-recognize.js: Added.

(callerMustBeRun):
(callerMustBeStrict):
(runTests):

  • tests/stress/tail-call-varargs-no-stack-overflow.js: Added.

(shouldThrow):
(strictLoop):

  • tests/stress/tail-calls-dont-overwrite-live-stack.js: Added.

(tail):
(obj.method):
(obj.get fromNative):
(getThis):

7:42 PM Changeset in webkit [189773] by Wenson Hsieh
  • 2 edits in trunk/Source/WebKit2

WKWebView scroll deceleration rate is not being set properly
https://bugs.webkit.org/show_bug.cgi?id=149145
<rdar://problem/22064071>

Reviewed by Simon Fraser.

We are not currently setting the web view's deceleration rate to the correct preferred value because we
are setting the decelerationRate property of the scrollView, which snaps input values to the closer of
two predefined UIKit constants, UIScrollViewDecelerationRateFast and UIScrollViewDecelerationRateNormal.
To fix this, we directly set the horizontal and vertical scroll deceleration factors to the preferred
value.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView scrollViewWillBeginDragging:]): Directly set the scroll view's deceleration factor without

going through the decelerationRate property.

7:28 PM Changeset in webkit [189772] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/events/frame-scroll-fake-mouse-move.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=149140

Reviewed by Darin Adler.

  • fast/events/frame-scroll-fake-mouse-move.html:
7:13 PM Changeset in webkit [189771] by Dewei Zhu
  • 6 edits in trunk/Source/WebCore

Polish code for r189579.
https://bugs.webkit.org/show_bug.cgi?id=149131

Reviewed by Chris Dumez.

Use more self-explaining function name "characterSetWithUTF8Fallback" instead of
"characterSetForBindings". Optimize the way to get text encoding.

  • dom/Document.cpp:

(WebCore::Document::characterSetWithUTF8Fallback):
(WebCore::Document::encoding): Deleted.
(WebCore::Document::characterSetForBindings): Deleted.

  • dom/Document.h:

(WebCore::Document::encoding):
(WebCore::Document::textEncoding):

  • dom/Document.idl:
  • loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::createDecoderIfNeeded):

  • loader/FormSubmission.cpp:

(WebCore::encodingFromAcceptCharset):

7:07 PM WebKitIDL edited by Chris Dumez
Drop [IsIndex] (diff)
6:48 PM Changeset in webkit [189770] by Chris Dumez
  • 25 edits in trunk

Drop non-standard [IsIndex] WebKit IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=149122
<rdar://problem/22547139>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline several W3C DOM tests now that more checks are passing.

  • web-platform-tests/dom/nodes/CharacterData-deleteData-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-replaceData-expected.txt:
  • web-platform-tests/dom/nodes/CharacterData-substringData-expected.txt:

Source/WebCore:

Drop non-standard [IsIndex] WebKit IDL extended attribute. This attribute
causes us to throw an IndexSizeError if the input value is negative. Web
IDL supports no such thing. Instead Web IDL supports:

  1. Default behavior: the input value wraps around if it does not fit.
  2. [EnforceRange]: A TypeError is thrown if the input value does not fit [1].
  3. [Clamp]: The input value will be clamped if it does not fit [2].

Our bindings generator supports all three. We don't need the non-standard
[IsIndex].

We previously used [IsIndex] in places where we're supposed to wrap around
as per Web IDL. Therefore, we threw for negative values but other browsers
don't. For e.g., CharacterData.substringData(offset, -1) is supposed to
return the substring from offset to the end of the string. It does so in
Firefox and Chrome. However, WebKit was throwing an Exception.

This change impacts the CharacterData and the SVGTextContentElement
API. The compatibility risk is low because we were throwing an exception
for negative values and we now wrap the value around instead, as other
browsers do.

No new tests, already covered by existing tests.

[1] https://heycam.github.io/webidl/#EnforceRange
[2] https://heycam.github.io/webidl/#Clamp

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck): Deleted.

  • bindings/scripts/IDLAttributes.txt:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::jsTestEventTargetPrototypeFunctionItem):

  • bindings/scripts/test/TestEventTarget.idl:
  • dom/CharacterData.cpp:

(WebCore::CharacterData::deleteData):
(WebCore::CharacterData::replaceData):

  • dom/CharacterData.idl:
  • dom/ClientRectList.idl:
  • svg/SVGTextContentElement.cpp:

(WebCore::SVGTextContentElement::getSubStringLength):
(WebCore::SVGTextContentElement::selectSubString):

  • svg/SVGTextContentElement.idl:

LayoutTests:

  • dom/html/level1/core/hc_characterdataindexsizeerrdeletedatacountnegative-expected.txt:
  • dom/html/level1/core/hc_characterdataindexsizeerrreplacedatacountnegative-expected.txt:
  • dom/html/level1/core/hc_characterdataindexsizeerrsubstringcountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrdeletedatacountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrreplacedatacountnegative-expected.txt:
  • dom/xhtml/level1/core/hc_characterdataindexsizeerrsubstringcountnegative-expected.txt:

Rebaseline outdated DOM tests that are now failing.

  • svg/custom/getSubStringLength-expected.txt:
  • svg/custom/script-tests/getSubStringLength.js:
  • svg/custom/script-tests/selectSubString.js:
  • svg/custom/selectSubString-expected.txt:

Update existing SVG tests that were expecting an exception if the nchars
parameter in the SVGTextContentElement API is negative. I have verified
that Chrome and Firefox do not throw for these either.

6:36 PM Changeset in webkit [189769] by mmaxfield@apple.com
  • 5 edits
    11 adds in trunk/LayoutTests

Add tests for control characters being rendered visibly
https://bugs.webkit.org/show_bug.cgi?id=149142

Reviewed by Alexey Proskuryakov.

According to [1] and [2], all browsers are migrating to rendering control characters. This patch
adds tests for this behavior. Because we do not implement the behavior yet [3], these tests are
marked as failing.

[1] http://logs.csswg.org/irc.w3.org/css/2015-02-08/#e520447
[2] https://lists.w3.org/Archives/Public/www-style/2015Sep/0076.html
[3] https://bugs.webkit.org/show_bug.cgi?id=149128

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/TestExpectations:
  • platform/mac/TestExpectations:
  • fast/text/control-characters/visible-control-characters-1-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-1.html: Added.
  • fast/text/control-characters/visible-control-characters-2-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-2.html: Added.
  • fast/text/control-characters/visible-control-characters-3-expected-mismatch.html: Added.
  • fast/text/control-characters/visible-control-characters-3.html: Added.
  • fast/text/control-characters/visible-control-characters-2-expected-mismatch.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-2.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-3-expected-mismatch.xhtml: Added.
  • fast/text/control-characters/visible-control-characters-3.xhtml: Added.
6:21 PM Changeset in webkit [189768] by mmaxfield@apple.com
  • 4 edits in trunk

WebKitTestRunner declarative language setting is broken for iOS
https://bugs.webkit.org/show_bug.cgi?id=149119

Unreviewed.

Tools:

In all of the patches on webkit.org/b/189669, my patch to get this working on iOS was
lost in the final version which got committed. This simply implements the existing
OS X behavior on iOS.

  • WebKitTestRunner/InjectedBundle/ios/InjectedBundleIOS.mm:

(WTR::InjectedBundle::platformInitialize):

LayoutTests:

  • platform/ios-simulator/TestExpectations:
5:58 PM Changeset in webkit [189767] by Dewei Zhu
  • 2 edits in trunk/Tools

Unreviewed, add myself to committers list.

  • Scripts/webkitpy/common/config/contributors.json:
5:55 PM Changeset in webkit [189766] by fpizlo@apple.com
  • 22 edits
    2 adds in trunk/Source/JavaScriptCore

LLInt get/put inline caches shouldn't use tons of opcodes
https://bugs.webkit.org/show_bug.cgi?id=149106

Reviewed by Geoffrey Garen.

Our LLInt get/put inline caches currently use separate opcodes to reduce branching. For
example, instead of having get_by_id branch on the kind of offset (inline or
out-of-line), we have two get_by_id instructions: get_by_id and get_by_id_out_of_line.
But the problem with this approach is that it doesn't scale. In the property type
inference work (https://bugs.webkit.org/show_bug.cgi?id=148610), we need each kind of put
inline cache to support 11 different kinds of type checks. It seemed ridiculous to add 60
new put_by_id opcodes (there are currently 6 variants of put_by_id, so after adding type
checks, we'd have 6 * 11 = 66 variants of put_by_id).

So, this patch completely changes the strategy to mostly using branching inside the
opcode implementation. It's unlikely to have a performance effect. For example, the long
road to generational GC caused a seemingly prohibitive regression in LLInt inline caches,
and yet nobody noticed. The regression was because the inline cache was in terms of the
structure, not the structure ID, so the code was doing a structure ID table lookup. If we
didn't notice that, then we probably won't notice a couple new branches. (Also, this
patch fixes that regression - the code no longer does such lookups except in the one
unavoidable case in put_by_id transition chain checking.)

This patch also turns the isDirect operand of put_by_id into a flags field. I will use
this flags field to encode the desired type check in bug 148610.

This patch has no effect on performance according to run-jsc-benchmarks.

Relanding this patch with LLInt fixes for non-x86. Previous attempts to fix non-x86 LLInt
build also caused every 64-bit test to crash on every platform. So the patch got rolled
out. This fixes the non-x86 LLInt build while also ensuring that 64-bit platforms don't
crash.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

  • bytecode/Instruction.h:

(JSC::Instruction::Instruction):

  • bytecode/PutByIdFlags.cpp: Added.

(WTF::printInternal):

  • bytecode/PutByIdFlags.h: Added.
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedInstruction::UnlinkedInstruction):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
5:30 PM Changeset in webkit [189765] by Chris Dumez
  • 17 edits in trunk

Document.createNodeIterator(null) / Document.createTreeWalker(null) should throw a TypeError
https://bugs.webkit.org/show_bug.cgi?id=149126
<rdar://problem/22564891>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C test now that a new check is passing.

  • web-platform-tests/dom/traversal/TreeWalker-basic-expected.txt:

Source/WebCore:

Document.createNodeIterator(null) / Document.createTreeWalker(null)
should throw a TypeError:
https://dom.spec.whatwg.org/#interface-document

This is because the parameter is not nullable and Web IDL says we
should throw a TypeError in this case.

Firefox and Chrome throw an exception in this case. This patch
aligns our behavior with the specification and other major browsers.

No new tests, already covered by existing W3C test.

  • dom/Document.cpp:

(WebCore::Document::createNodeIterator):
(WebCore::Document::createTreeWalker):

  • dom/Document.h:
  • dom/Document.idl:
  • dom/NodeIterator.cpp:

(WebCore::NodeIterator::NodeIterator):

  • dom/NodeIterator.h:

(WebCore::NodeIterator::create):

  • dom/Traversal.cpp:

(WebCore::NodeIteratorBase::NodeIteratorBase):

  • dom/Traversal.h:
  • dom/TreeWalker.cpp:

(WebCore::TreeWalker::TreeWalker):

  • dom/TreeWalker.h:

(WebCore::TreeWalker::create):

LayoutTests:

Update existing tests to add test coverage for this case.

  • fast/dom/createNodeIterator-parameters-expected.txt:
  • fast/dom/createNodeIterator-parameters.html:
  • fast/dom/createTreeWalker-parameters-expected.txt:
  • fast/dom/createTreeWalker-parameters.html:
5:29 PM Changeset in webkit [189764] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix Windows clean build after r189746

  • WebCore.vcxproj/copyForwardingHeaders.cmd:

Copy headers from new legacy directory.

5:27 PM Changeset in webkit [189763] by BJ Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: tab bar stutters when moving mouse after closing tab
https://bugs.webkit.org/show_bug.cgi?id=149138

Reviewed by Joseph Pecoraro.

The tab bar lacked the 'static-layout' class between when the Promise microtask
ran and the beginning of the requestAnimationFrame. This caused a flash of
tabs that are way too wide.

Re-add the static-layout class immediately after measuring the 'after' tab size.
This code should probably just manually compute tab sizes since flexbox
layout is quite slow and our measurement code here forces layout several times.

  • UserInterface/Views/TabBar.js:
5:17 PM Changeset in webkit [189762] by Chris Dumez
  • 13 edits in trunk

window.HTMLDetailsElement should exist
https://bugs.webkit.org/show_bug.cgi?id=149139

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:
  • web-platform-tests/html/semantics/interactive-elements/the-details-element/details-expected.txt:
  • web-platform-tests/html/semantics/interfaces-expected.txt:

Source/WebCore:

window.HTMLDetailsElement should exist:
https://html.spec.whatwg.org/multipage/forms.html#the-details-element

Drop the [NoInterfaceObject] IDL extended attribute in WebKit to
address the problem.

No new tests, already covered by existing tests.

  • html/HTMLDetailsElement.idl:

LayoutTests:

Rebaseline test now that HTMLDetailsElement is exposed on the global
Window object.

  • platform/efl/js/dom/global-constructors-attributes-expected.txt:
  • platform/gtk/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
  • platform/win/js/dom/global-constructors-attributes-expected.txt:
5:10 PM Changeset in webkit [189761] by BJ Burg
  • 5 edits in trunk

Web Inspector: backend command promises are not rejected when a protocol error occurs
https://bugs.webkit.org/show_bug.cgi?id=141403

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Fix a few corner cases for how InspectorBackend delivers command failures.

  • UserInterface/Protocol/InspectorBackend.js:

(InspectorBackend.Command.prototype.deliverFailure): Added.
(InspectorBackend.Command.prototype._invokeWithArguments):

If argument-checking fails, return a rejected promise or invoke the supplied callback
on a zero-delay setTimeout to ensure that the reply is asynchronous.

LayoutTests:

Expand coverage of an existing protocol layer test to cover success and failure modes.

  • inspector/protocol/inspector-backend-invocation-return-value-expected.txt:
  • inspector/protocol/inspector-backend-invocation-return-value.html:
4:44 PM Changeset in webkit [189760] by commit-queue@webkit.org
  • 22 edits
    2 deletes in trunk/Source/JavaScriptCore

Unreviewed, rolling out r189751, r189752, and r189754.
https://bugs.webkit.org/show_bug.cgi?id=149143

caused crashes everywhere (Requested by alexchristensen on
#webkit).

Reverted changesets:

"LLInt get/put inline caches shouldn't use tons of opcodes"
https://bugs.webkit.org/show_bug.cgi?id=149106
http://trac.webkit.org/changeset/189751

"Unreviewed, fix non-x86 LLInt build."
http://trac.webkit.org/changeset/189752

"Unreviewed, really fix non-x86 LLInt build without also
breaking everything else."
http://trac.webkit.org/changeset/189754

4:40 PM Changeset in webkit [189759] by BJ Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: middle-clicking a tab in the tab bar should close it
https://bugs.webkit.org/show_bug.cgi?id=149135

Reviewed by Joseph Pecoraro.

This matches the behavior of the tab bar in Safari and other browsers.

  • UserInterface/Views/TabBar.js:

(WebInspector.TabBar.prototype._handleMouseDown):
(WebInspector.TabBar.prototype._handleClick):

4:31 PM Changeset in webkit [189758] by mmaxfield@apple.com
  • 3 edits in trunk/LayoutTests

Test gardening after r189670

Unreviewed.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
4:27 PM Changeset in webkit [189757] by Wenson Hsieh
  • 1 edit
    7 adds in trunk/Websites/webkit.org

Add scroll snap blog post resources.

  • blog-files/scroll-snap/overflow-normal.mp4: Added.
  • blog-files/scroll-snap/snap-2d-rotated.mp4: Added.
  • blog-files/scroll-snap/snap-2d.mp4: Added.
  • blog-files/scroll-snap/snap-coordinates-centered.mp4: Added.
  • blog-files/scroll-snap/snap-coordinates.mp4: Added.
  • blog-files/scroll-snap/snap-repeat-100.mp4: Added.
4:23 PM Changeset in webkit [189756] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Fix AppleWin CMake build
https://bugs.webkit.org/show_bug.cgi?id=149137

Patch by Alex Christensen <achristensen@webkit.org> on 2015-09-14
Reviewed by Brent Fulgham.

  • PlatformAppleWin.cmake:

Spell Inband correctly.

  • css/makegrammar.pl:

Add quotes so bison can be in a directory with spaces in it.

4:21 PM Changeset in webkit [189755] by Wenson Hsieh
  • 1 edit
    21 adds in trunk/Websites/webkit.org

Add scroll snap demo directory and files.

  • demos/scroll-snap/images/1.png: Added.
  • demos/scroll-snap/images/10.png: Added.
  • demos/scroll-snap/images/11.png: Added.
  • demos/scroll-snap/images/12.png: Added.
  • demos/scroll-snap/images/13.png: Added.
  • demos/scroll-snap/images/14.png: Added.
  • demos/scroll-snap/images/15.png: Added.
  • demos/scroll-snap/images/16.png: Added.
  • demos/scroll-snap/images/2.png: Added.
  • demos/scroll-snap/images/3.png: Added.
  • demos/scroll-snap/images/4.png: Added.
  • demos/scroll-snap/images/5.png: Added.
  • demos/scroll-snap/images/6.png: Added.
  • demos/scroll-snap/images/7.png: Added.
  • demos/scroll-snap/images/8.png: Added.
  • demos/scroll-snap/images/9.png: Added.
  • demos/scroll-snap/images/bluecross.svg: Added.
  • demos/scroll-snap/images/corner.svg: Added.
  • demos/scroll-snap/index.html: Added.
3:40 PM Changeset in webkit [189754] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, really fix non-x86 LLInt build without also breaking everything else.

  • llint/LowLevelInterpreter64.asm:
3:25 PM Changeset in webkit [189753] by mitz@apple.com
  • 4 edits in trunk/Source/WebKit2

Consolidate touch event code dealing with force.

Reviewed by Beth Dakin.

  • Shared/WebEvent.h:

(WebKit::WebPlatformTouchPoint::state):
(WebKit::WebPlatformTouchPoint::setForce):
(WebKit::WebPlatformTouchPoint::force):

  • Shared/ios/NativeWebTouchEventIOS.mm:

(WebKit::positionForCGPoint):
(WebKit::NativeWebTouchEvent::extractWebTouchPoint):
(WebKit::NativeWebTouchEvent::NativeWebTouchEvent):

  • Shared/ios/WebPlatformTouchPointIOS.cpp:

(WebKit::WebPlatformTouchPoint::encode):
(WebKit::WebPlatformTouchPoint::decode):

3:25 PM Changeset in webkit [189752] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix non-x86 LLInt build.

  • llint/LowLevelInterpreter64.asm:
3:10 PM Changeset in webkit [189751] by fpizlo@apple.com
  • 22 edits
    2 adds in trunk/Source/JavaScriptCore

LLInt get/put inline caches shouldn't use tons of opcodes
https://bugs.webkit.org/show_bug.cgi?id=149106

Reviewed by Geoffrey Garen.

Our LLInt get/put inline caches currently use separate opcodes to reduce branching. For
example, instead of having get_by_id branch on the kind of offset (inline or
out-of-line), we have two get_by_id instructions: get_by_id and get_by_id_out_of_line.
But the problem with this approach is that it doesn't scale. In the property type
inference work (https://bugs.webkit.org/show_bug.cgi?id=148610), we need each kind of put
inline cache to support 11 different kinds of type checks. It seemed ridiculous to add 60
new put_by_id opcodes (there are currently 6 variants of put_by_id, so after adding type
checks, we'd have 6 * 11 = 66 variants of put_by_id).

So, this patch completely changes the strategy to mostly using branching inside the
opcode implementation. It's unlikely to have a performance effect. For example, the long
road to generational GC caused a seemingly prohibitive regression in LLInt inline caches,
and yet nobody noticed. The regression was because the inline cache was in terms of the
structure, not the structure ID, so the code was doing a structure ID table lookup. If we
didn't notice that, then we probably won't notice a couple new branches. (Also, this
patch fixes that regression - the code no longer does such lookups except in the one
unavoidable case in put_by_id transition chain checking.)

This patch also turns the isDirect operand of put_by_id into a flags field. I will use
this flags field to encode the desired type check in bug 148610.

This patch has no effect on performance according to run-jsc-benchmarks.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

  • bytecode/Instruction.h:

(JSC::Instruction::Instruction):

  • bytecode/PutByIdFlags.cpp: Added.

(WTF::printInternal):

  • bytecode/PutByIdFlags.h: Added.
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedInstruction::UnlinkedInstruction):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_by_id):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_by_id):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
2:27 PM Changeset in webkit [189750] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix after r189746

  • WebCore.vcxproj/WebCoreIncludeCommon.props:

Include new legacy directory.

2:22 PM Changeset in webkit [189749] by achristensen@apple.com
  • 25 edits in trunk

Progress towards CMake on Mac.
https://bugs.webkit.org/show_bug.cgi?id=149123

Reviewed by Chris Dumez.

.:

  • Source/cmake/OptionsMac.cmake:
  • Source/cmake/WebKitFeatures.cmake:

Defined and enabled some more features needed on Mac.

  • Source/cmake/WebKitMacros.cmake:

Objective C bindings need special changes when generating:
Some of the bindings do not generate a .mm file but the header is needed.
Some of the bindings do generate a .mm file that doesn't compile but the header is needed.
In order to handle these cases, it is necessary to change the GENERATE_BINDINGS macro just for ObjC.

Source/JavaScriptCore:

  • CMakeLists.txt:

Make forwarding headers for the replay subdirectory.

  • PlatformMac.cmake:

Make forwarding headers for the generated inspector headers.
They should eventually either be packaged correctly with JavaScriptCore headers and included correctly.

Source/WebCore:

  • CMakeLists.txt:

Added some more files.

  • PlatformMac.cmake:

Added more files and listed the strange ObjC bindings.

  • contentextensions/DFACombiner.cpp:
  • contentextensions/DFACombiner.h:

Added preprocessor protection.

  • platform/FileSystem.h:

Include utility. It's needed to compile the different configurations.

  • platform/ScrollAnimator.cpp:

ScrollAnimator is an abstract class on Mac. Don't compile it.

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

FontAntialiasingStateSaver.h is only used on iOS.

  • rendering/RenderThemeMac.mm:

config.h needs to be outside the #if !PLATFORM(IOS) to compile correctly without precompiled headers.

Source/WebKit:

  • CMakeLists.txt:
  • PlatformMac.cmake:

Added more sources, make non-c99 sources compile as objc++

  • PlatformWin.cmake:

Moved WebCoreTestSupport sources and includes to CMakeLists.txt to share.

Source/WebKit/mac:

  • WebView/WebPDFDocumentExtras.mm:

(appendValuesInPDFNameSubtreeToVector):

  • WebView/WebPDFView.mm:

Removed cmake include quirks that are not needed when we include things correctly from Quartz.framework/Frameworks.

Source/WebKit2:

  • PlatformMac.cmake:

Added some more sources.

2:16 PM Changeset in webkit [189748] by mitz@apple.com
  • 3 edits in trunk/Source/WebKit2

[iOS] Stop importing WebKitAdditions/WKContentViewInteraction.mm
https://bugs.webkit.org/show_bug.cgi?id=149127

Reviewed by Beth Dakin.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView setupInteraction]):

2:15 PM Changeset in webkit [189747] by Yusuke Suzuki
  • 3 edits
    41 adds in trunk/Source/JavaScriptCore

[ES6] Cache the resolution result in JSModuleRecord
https://bugs.webkit.org/show_bug.cgi?id=148896

Reviewed by Saam Barati.

The resolveExport operation is frequently called. For example,

  1. When instantiating the module environment, we call it for each exported name and imported name.
  2. When linking the imported module environment to the code block, we call it to resolve the resolution.
  3. When looking up the property from the namespace object, we call it to look up the original module for the imported binding.
  4. When creating the namespace object, we need to collect all the exported names from the module and need to resolve them by calling resolveExport.

However, resolveExport takes some cost. It traces the imported modules and resolves the reference
queried by the original module.

The resolveExport operation is pure function; given a module record and an export name,
it always returns the same result. So we cache resolution results in the module record to avoid
repeated resolveExport calls with the same arguments.
Here, we only cache the correctly resolved references, since,

  1. We rarely looked up the non-correctly-resolved ones. In the linking phase, attempting to resolve non-correctly-resolved ones throws a syntax error. So only namespace object creation phase does it in a syntax valid script.
  2. This strategy limits the size of the cache map. The number of the correctly exported bindings is defined by the modules' code. So the size does not become infinitely large.

Currently, the all modules cannot be linked twice. For example,

graph 1

-> (A) -> (B)

graph 2

-> (C) -> (A) -> (B)

We cannot test the behavior now because when executing the graph 2, (A) and (B) are already linked,
it raises an error in the current loader spec. But it should be allowed[1] since it will occur when
there is multiple module tag in WebCore.

[1]: https://github.com/whatwg/loader/issues/41

  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::ResolveQuery::Hash::hash):
(JSC::JSModuleRecord::ResolveQuery::Hash::equal):
(JSC::JSModuleRecord::cacheResolution):
(JSC::ResolveQueryHash::hash): Deleted.
(JSC::ResolveQueryHash::equal): Deleted.
(JSC::resolveExportLoop): Deleted.

  • runtime/JSModuleRecord.h:
  • tests/modules/caching-should-not-make-ambiguous.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/A.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/B.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/C.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/D.js: Added.
  • tests/modules/caching-should-not-make-ambiguous/main.js: Added.
  • tests/modules/different-view.js: Added.

(from.string_appeared_here.shouldThrow):

  • tests/modules/different-view/A.js: Added.
  • tests/modules/different-view/B.js: Added.
  • tests/modules/different-view/C.js: Added.
  • tests/modules/different-view/D.js: Added.
  • tests/modules/different-view/E.js: Added.
  • tests/modules/different-view/main.js: Added.
  • tests/modules/fallback-ambiguous.js: Added.

(from.string_appeared_here.shouldThrow):

  • tests/modules/fallback-ambiguous/A.js: Added.
  • tests/modules/fallback-ambiguous/B.js: Added.
  • tests/modules/fallback-ambiguous/C.js: Added.
  • tests/modules/fallback-ambiguous/D.js: Added.
  • tests/modules/fallback-ambiguous/E.js: Added.
  • tests/modules/fallback-ambiguous/main.js: Added.
  • tests/modules/self-star-link.js: Added.
  • tests/modules/self-star-link/A.js: Added.
  • tests/modules/self-star-link/B.js: Added.
  • tests/modules/self-star-link/C.js: Added.
  • tests/modules/self-star-link/D.js: Added.
  • tests/modules/self-star-link/E.js: Added.
  • tests/modules/uncacheable-when-see-star.js: Added.
  • tests/modules/uncacheable-when-see-star/A-pre.js: Added.
  • tests/modules/uncacheable-when-see-star/A.js: Added.
  • tests/modules/uncacheable-when-see-star/B.js: Added.
  • tests/modules/uncacheable-when-see-star/C.js: Added.
  • tests/modules/uncacheable-when-see-star/D.js: Added.
  • tests/modules/uncacheable-when-see-star/E-pre.js: Added.
  • tests/modules/uncacheable-when-see-star/E.js: Added.
  • tests/modules/uncacheable-when-see-star/main1.js: Added.
  • tests/modules/uncacheable-when-see-star/main2.js: Added.
2:01 PM Changeset in webkit [189746] by beidson@apple.com
  • 38 edits
    20 copies
    21 moves
    3 adds in trunk/Source

Rename current concrete IDB implementation to "Legacy".
https://bugs.webkit.org/show_bug.cgi?id=149118

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

This patch makes IDL bindings abstract.
It then renames the current concrete implementations of the bindings from "IDB" to "Legacy".
Finally it moves those files and their support classes to a "legacy" subfolder.

  • CMakeLists.txt:
  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
  • Modules/indexeddb/IDBAny.cpp:
  • Modules/indexeddb/IDBAny.h:
  • Modules/indexeddb/IDBCursor.cpp:
  • Modules/indexeddb/IDBCursor.h:
  • Modules/indexeddb/IDBCursor.idl:
  • Modules/indexeddb/IDBCursorWithValue.cpp:
  • Modules/indexeddb/IDBCursorWithValue.h:
  • Modules/indexeddb/IDBCursorWithValue.idl:
  • Modules/indexeddb/IDBDatabase.cpp:
  • Modules/indexeddb/IDBDatabase.h:
  • Modules/indexeddb/IDBDatabase.idl:
  • Modules/indexeddb/IDBFactory.cpp:
  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBFactory.idl:
  • Modules/indexeddb/IDBIndex.cpp:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndex.idl:
  • Modules/indexeddb/IDBObjectStore.cpp:
  • Modules/indexeddb/IDBObjectStore.h:
  • Modules/indexeddb/IDBObjectStore.idl:
  • Modules/indexeddb/IDBOpenDBRequest.cpp:
  • Modules/indexeddb/IDBOpenDBRequest.h:
  • Modules/indexeddb/IDBOpenDBRequest.idl:
  • Modules/indexeddb/IDBRequest.cpp:
  • Modules/indexeddb/IDBRequest.h:
  • Modules/indexeddb/IDBRequest.idl:
  • Modules/indexeddb/IDBTransaction.cpp:
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/indexeddb/IDBTransaction.idl:
  • Modules/indexeddb/IDBVersionChangeEvent.cpp:
  • Modules/indexeddb/IDBVersionChangeEvent.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCallbacks.h.
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackend.cpp.
  • Modules/indexeddb/legacy/IDBCursorBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackend.h.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackendOperations.cpp.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Renamed from Source/WebCore/Modules/indexeddb/IDBCursorBackendOperations.h.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseBackend.cpp.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseBackend.h.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacks.h.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacksImpl.cpp.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Renamed from Source/WebCore/Modules/indexeddb/IDBDatabaseCallbacksImpl.h.
  • Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Renamed from Source/WebCore/Modules/indexeddb/IDBFactoryBackendInterface.h.
  • Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingDeleteCall.h.
  • Modules/indexeddb/legacy/IDBPendingOpenCall.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingOpenCall.h.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingTransactionMonitor.cpp.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Renamed from Source/WebCore/Modules/indexeddb/IDBPendingTransactionMonitor.h.
  • Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackend.cpp.
  • Modules/indexeddb/legacy/IDBTransactionBackend.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackend.h.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackendOperations.cpp.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionBackendOperations.h.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionCoordinator.cpp.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Renamed from Source/WebCore/Modules/indexeddb/IDBTransactionCoordinator.h.
  • Modules/indexeddb/legacy/LegacyAny.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBAny.cpp.
  • Modules/indexeddb/legacy/LegacyAny.h: Added.
  • Modules/indexeddb/legacy/LegacyCursor.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBCursor.cpp.
  • Modules/indexeddb/legacy/LegacyCursor.h: Copied from Source/WebCore/Modules/indexeddb/IDBCursor.h.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.h: Copied from Source/WebCore/Modules/indexeddb/IDBCursorWithValue.h.
  • Modules/indexeddb/legacy/LegacyDatabase.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBDatabase.cpp.
  • Modules/indexeddb/legacy/LegacyDatabase.h: Copied from Source/WebCore/Modules/indexeddb/IDBDatabase.h.
  • Modules/indexeddb/legacy/LegacyFactory.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.cpp.
  • Modules/indexeddb/legacy/LegacyFactory.h: Copied from Source/WebCore/Modules/indexeddb/IDBFactory.h.
  • Modules/indexeddb/legacy/LegacyIndex.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBIndex.cpp.
  • Modules/indexeddb/legacy/LegacyIndex.h: Added.
  • Modules/indexeddb/legacy/LegacyObjectStore.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBObjectStore.cpp.
  • Modules/indexeddb/legacy/LegacyObjectStore.h: Copied from Source/WebCore/Modules/indexeddb/IDBObjectStore.h.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBOpenDBRequest.cpp.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Copied from Source/WebCore/Modules/indexeddb/IDBOpenDBRequest.h.
  • Modules/indexeddb/legacy/LegacyRequest.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBRequest.cpp.
  • Modules/indexeddb/legacy/LegacyRequest.h: Copied from Source/WebCore/Modules/indexeddb/IDBRequest.h.
  • Modules/indexeddb/legacy/LegacyTransaction.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBTransaction.cpp.
  • Modules/indexeddb/legacy/LegacyTransaction.h: Copied from Source/WebCore/Modules/indexeddb/IDBTransaction.h.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Copied from Source/WebCore/Modules/indexeddb/IDBVersionChangeEvent.cpp.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Copied from Source/WebCore/Modules/indexeddb/IDBVersionChangeEvent.h.
  • WebCore.xcodeproj/project.pbxproj:
  • WebCore.vcxproj/WebCore.vcxproj:

Source/WebKit2:

  • CMakeLists.txt:
1:36 PM Changeset in webkit [189745] by Chris Dumez
  • 3 edits
    2 deletes in trunk

Disable PICTURE_SIZES on AppleWin
https://bugs.webkit.org/show_bug.cgi?id=149125

Reviewed by Alexey Proskuryakov.

WebKitLibraries:

  • win/tools/vsprops/FeatureDefines.props:

LayoutTests:

  • platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/srcset/parse-a-srcset-attribute-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/srcset/select-an-image-source-expected.txt: Removed.
  • platform/win/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/update-the-source-set-expected.txt: Removed.
11:30 AM Changeset in webkit [189744] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

Implement the arithmetic instructions for floats in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149102

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-14
Reviewed by Geoffrey Garen.

This patch implements the arithmetic instructions for floats (float32)
in WebAssembly by converting the float operands to doubles, performing
the equivalent double instructions, and converting the result back to
float. The asm.js spec says that "As proved in 'When is double rounding
innocuous?' (Figueroa 1995), both the 32- and 64-bit versions of
standard arithmetic operations produce equivalent results when given
32-bit inputs and coerced to 32-bit outputs."
(http://asmjs.org/spec/latest/#floatish)

This patch also pads WebAssembly call frames by maxFrameExtentForSlowPathCall,
so that there is no need to adjust the stack pointer every time we make
a slow path call.

  • tests/stress/wasm-arithmetic-float32.js:
  • tests/stress/wasm/arithmetic-float32.wasm:
  • wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::buildUnaryF32):
(JSC::WASMFunctionCompiler::buildBinaryF32):
(JSC::WASMFunctionCompiler::callOperation):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
(JSC::WASMFunctionCompiler::endFunction): Deleted.
(JSC::WASMFunctionCompiler::buildBinaryI32): Deleted.

  • wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseUnaryExpressionF32):
(JSC::WASMFunctionParser::parseBinaryExpressionF32):

  • wasm/WASMFunctionParser.h:
  • wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildUnaryF32):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF32):

10:58 AM Changeset in webkit [189743] by Carlos Garcia Campos
  • 9 edits
    3 adds in releases/WebKitGTK/webkit-2.10

Merge r189421 - Crash when font completes downloading after calling 2D canvas setText() multiple times
https://bugs.webkit.org/show_bug.cgi?id=148789

Reviewed by Darin Adler.

Source/WebCore:

The CSSFontSelector has a list of clients, and when fonts complete downloading, these
clients get a call back. CanvasRenderingContext2D::State is one such of these clients. However,
the CSSFontSelector may be destroyed and recreated at any time. We were getting into a case
where multiple CSSFontSelectors were thinking that the same CanvasRenderingContext2D::State were
their client. When the CanvasRenderingContext2D::State was destroyed, it only unregistered
itself from one of the CSSFontSelectors, which means the CSSFontSelector left over has a dangling
pointer to it.

The solution is to implement a new helper class, FontProxy, to hold the
CanvasRenderingContext2D::State's font, and maintain the invariant that this object is always
registered to exactly one CSSFontSelector, and this CSSFontSelector is the one which is associated
with the FontProxy's FontCascade object. This patch maintains this invariant, as well as protecting
all access to the State's FontCascade object so no one can reach in and change it without going
through functions which maintain the invariant.

Test: fast/canvas/font-selector-crash.html

  • css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::registerForInvalidationCallbacks):
(WebCore::CSSFontSelector::unregisterForInvalidationCallbacks):
(WebCore::CSSFontSelector::dispatchInvalidationCallbacks):

  • css/CSSFontSelector.h:
  • dom/Document.cpp:

(WebCore::Document::fontsNeedUpdate):
(WebCore::Document::fontSelector):
(WebCore::Document::clearStyleResolver):

  • dom/Document.h:
  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::State::State):
(WebCore::CanvasRenderingContext2D::State::operator=):
(WebCore::CanvasRenderingContext2D::FontProxy::~FontProxy):
(WebCore::CanvasRenderingContext2D::FontProxy::FontProxy):
(WebCore::CanvasRenderingContext2D::FontProxy::update):
(WebCore::CanvasRenderingContext2D::FontProxy::fontsNeedUpdate):
(WebCore::CanvasRenderingContext2D::FontProxy::initialize):
(WebCore::CanvasRenderingContext2D::FontProxy::fontMetrics):
(WebCore::CanvasRenderingContext2D::FontProxy::fontDescription):
(WebCore::CanvasRenderingContext2D::FontProxy::width):
(WebCore::CanvasRenderingContext2D::FontProxy::drawBidiText):
(WebCore::CanvasRenderingContext2D::font):
(WebCore::CanvasRenderingContext2D::setFont):
(WebCore::CanvasRenderingContext2D::measureText):
(WebCore::CanvasRenderingContext2D::drawTextInternal):
(WebCore::CanvasRenderingContext2D::State::~State): Deleted.
(WebCore::CanvasRenderingContext2D::State::fontsNeedUpdate): Deleted.
(WebCore::CanvasRenderingContext2D::accessFont): Deleted.

  • html/canvas/CanvasRenderingContext2D.h:
  • platform/graphics/FontSelector.h:

LayoutTests:

  • fast/canvas/font-selector-crash-expected.txt: Added.
  • fast/canvas/font-selector-crash.html: Added.
  • fast/canvas/resources/font-selector-crash.ttf: Added.
10:57 AM Changeset in webkit [189742] by Said Abou-Hallawa
  • 2 edits in trunk/LayoutTests

Unreviewed, skip fast/text/international/system-language for now.
WebKitTestRunner declarative language setting is broken for iOS.

  • platform/ios-simulator/TestExpectations:
10:38 AM Changeset in webkit [189741] by Said Abou-Hallawa
  • 2 edits in trunk/LayoutTests

Unreviewed, expect css3/flexbox/image-percent-max-height.html to fail on iOS.
The test is already expected to fail on mac, windows and gtk.

  • platform/ios-simulator/TestExpectations:
10:31 AM Changeset in webkit [189740] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189354 - Document.body should return the first body / frameset child of the html element
https://bugs.webkit.org/show_bug.cgi?id=148787
<rdar://problem/22566850>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Document.body should return the *first* body / frameset child of the html
element as per the specification:
https://html.spec.whatwg.org/multipage/dom.html#the-body-element-2

Chrome and Firefox both behave correctly. However, WebKit was prioritizing
frameset over body. This patch fixes this.

No new tests, already covered by existing test.

  • dom/Document.cpp:

(WebCore::Document::bodyOrFrameset):

LayoutTests:

Rebaseline test now that a new check is passing.

  • http/tests/w3c/html/dom/documents/dom-tree-accessors/document.body-getter-expected.txt:
10:27 AM Changeset in webkit [189739] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189331 - [Texmap] highp precision should be used conditionally for fragment shaders on OpenGL ES
https://bugs.webkit.org/show_bug.cgi?id=143993

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-03
Reviewed by Martin Robinson.

There are some GPUs that do not support the GL_OES_fragment_precision_high extension. (e.g., Mali-T624)
Therefore, highp precision should be used in shader fragments conditionally using a proper preprocessor,
GL_FRAGMENT_PRECISION_HIGH.
Without this patch, nothing will be displayed on the screen if the running platform doesn't support the
GL_OES_fragment_precision_high extension.

No new tests, covered by existing tests.

  • platform/graphics/texmap/TextureMapperShaderProgram.cpp:
10:25 AM Changeset in webkit [189738] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189282 - document.createEvent("eventname") should do a case-insensitive match on the event name
https://bugs.webkit.org/show_bug.cgi?id=148738
<rdar://problem/22558709>

Reviewed by Andreas Kling.

Source/WebCore:

document.createEvent("eventname") should do a case-insensitive match on the event name:
https://dom.spec.whatwg.org/#dom-document-createevent

WebKit was doing a case-sensitive match. Firefox and Chrome match the specification.

No new tests, already covered by:
http/tests/w3c/dom/nodes/Document-createEvent.html (rebaselined)

  • dom/make_event_factory.pl:

(generateImplementation):

LayoutTests:

Rebaseline test now that some checks are passing.

  • http/tests/w3c/dom/nodes/Document-createEvent-expected.txt:
10:01 AM Changeset in webkit [189737] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189255 - [GStreamer] Simplify linking pads in AudioDestination and correct old comment.
https://bugs.webkit.org/show_bug.cgi?id=148702

Patch by Hyemi Shin <hyemi.sin@samsung.com> on 2015-09-02
Reviewed by Philippe Normand.

Simplify linking src pad of webkitAudioSrc and sink pad of audioConvert
to one line because implementation changed not to use seperate function
to complete building rest of pipelines.
Correct old comment also there is no more wavparse element.

No new tests, no behavior change.

  • platform/audio/gstreamer/AudioDestinationGStreamer.cpp:

(WebCore::AudioDestinationGStreamer::AudioDestinationGStreamer):

10:00 AM Changeset in webkit [189736] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10

Merge r189252 - http/tests/w3c/dom/nodes/Element-matches.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148615

Reviewed by Ryosuke Niwa.

Source/WebCore:

Several newly-imported w3c tests were flaky due to the :target
pseudo-class selectors sometimes giving different results. The
issue seems to be that this type of selector relies on the
Document::cssTarget() element to do the matching. We update
this cssTarget Element in FrameView's scrollToFragment() /
scrollToAnchor(). This is called from
scrollToFragmentWithParentBoundary() which is called by
FrameLoader's finishedParsing() and loadInSameDocument().

In the first one, it is called *after* calling checkComplete()
which fires the onload event. However, in the second method,
it is called *before*. This patch updates finishedParsing()
so that scrollToFragmentWithParentBoundary() is called *before*
firing the onload event, consistently with loadInSameDocument().
This makes sure that JavaScript executed in an onload event
handler will get accurate results for :target pseudo-class
selectors.

No new tests, covered by:
http/tests/w3c/dom/nodes/Element-matches.html
http/tests/w3c/dom/nodes/ParentNode-querySelector-All-xhtml.xhtml

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::finishedParsing):

LayoutTests:

Unskip the tests and rebaseline them now that the target pseudo selector
checks are consistently passing.

  • TestExpectations:
  • http/tests/w3c/dom/nodes/Element-matches-expected.txt:
  • http/tests/w3c/dom/nodes/ParentNode-querySelector-All-expected.txt:
  • http/tests/w3c/dom/nodes/ParentNode-querySelector-All-xhtml-expected.txt:
9:58 AM Changeset in webkit [189735] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189248 - Construct default winding string arguments in CanvasRenderingContext2D from ASCIILiteral objects
https://bugs.webkit.org/show_bug.cgi?id=148441

Reviewed by Darin Adler.

  • html/canvas/CanvasRenderingContext2D.h: Use ASCIILiteral objects to construct

the default values for the winding arguments. This will avoid copying the string
data every time the methods are invoked with the default argument value.

9:30 AM Changeset in webkit [189734] by Chris Dumez
  • 2 edits in trunk/LayoutTests

Unreviewed, rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html on iOS.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
9:24 AM Changeset in webkit [189733] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Border under the styles filter field is clipped
https://bugs.webkit.org/show_bug.cgi?id=149115

Reviewed by Darin Adler.

  • UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content + .options-container > .filter-bar):

9:14 AM Changeset in webkit [189732] by ap@apple.com
  • 3 edits in trunk/LayoutTests

Skip fast/text/international/system-language where unsupported.

  • platform/ios-simulator-wk1/TestExpectations:
  • platform/win/TestExpectations:
9:09 AM Changeset in webkit [189731] by ggaren@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Eden GC should not try to jettison old CodeBlocks in the remembered set
https://bugs.webkit.org/show_bug.cgi?id=149108

Reviewed by Saam Barati.

All we know about objects in the remembered set is that they must be
visited. We don't know whether they're referenced or not because we
won't mark the objects that point to them.

Therefore, it's incorrect for a CodeBlock to consider jettisoning
itself when it's marked as a part of the remembered set: Some
old object might have visited the CodeBlock strongly if given the chance.

I believe this doesn't cause any problems currently because we happen
to visit all strong references to all CodeBlocks elligible for jettison
during every GC.

However, this behavior is a logical oddity that tripped me up, and I
believe it will start causing real problems once we start to jettison
baseline CodeBlocks, since we do not visit all strong references to all
baseline CodeBlocks during every GC.

  • heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::clearMarksForEdenCollection):
(JSC::CodeBlockSet::traceMarked): Be sure to visit the remembered set
strongly, in order to prohibit jettisoning.

(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):

  • heap/CodeBlockSet.h: Track the remembered set during eden GCs.
6:59 AM Changeset in webkit [189730] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189216 - [Cairo][WebGL] Upload the accelerated canvas as a texture by copying via GPU directly
https://bugs.webkit.org/show_bug.cgi?id=148631

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-01
Reviewed by Dean Jackson.

When an accelerated canvas needs to be uploaded as a gl texture, it would be better to copy it to
texture directly via GPU using glCopyTexImage2D.
Note that GPU copy can not always be enabled because, with premultiplyAlpha and flipY unpack option,
it seems hard to be implemented in a way of direct GPU copy.

No new tests because there is no behavior change.

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::texImage2D):

  • platform/graphics/ImageBuffer.cpp:

(WebCore::ImageBuffer::copyToPlatformTexture):

  • platform/graphics/ImageBuffer.h:
  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::copyToPlatformTexture):

6:55 AM Changeset in webkit [189729] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10

Merge r189184 - NodeFilter.SHOW_ALL has wrong value on 32-bit
https://bugs.webkit.org/show_bug.cgi?id=148602

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

NodeFilter.SHOW_ALL has wrong value on 32-bit. This is because
NodeFilter.SHOW_ALL is an unsigned long whose value is 0xFFFFFFFF but
our bindings code is casting it to an intptr_t type which is not wide
enough on 32-bit.

  • create_hash_table:

Add extra curly brackets to initialize the union.

  • runtime/Lookup.h:

Use a union type to store either a struct containing 2 intptr_t members
(value1 / value2) or a large constant of type unsigned long long. When
storing a constant, we only need one of the values so this allows us to
support larger constants without increasing the actual HashTableValue
size.

Source/WebCore:

NodeFilter.SHOW_ALL has wrong value on 32-bit. This is because
NodeFilter.SHOW_ALL is an unsigned long whose value is 0xFFFFFFFF but
our bindings code is casting it to an intptr_t type which is not wide
enough on 32-bit.

No new tests, already covered by fast/dom/node-filter-interface.html
which is now unskipped on Windows / 32bit.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHashTableValueArray):
Generate extra curly brackets to initialize the new union member.
Also cast to long long the constant instead of intptr_t.

  • dom/NodeFilter.h:

Explicitly mark the enum underlying type to be an unsigned long
to make sure it can hold the value for SHOW_ALL on all platforms.
On Windows, it seems the default underlying type is an int for
e.g.

LayoutTests:

Unskip tests that are now passing on Windows / 32bit.

  • platform/win/TestExpectations:
6:55 AM Changeset in webkit [189728] by Gyuyoung Kim
  • 5 edits in trunk/Source

[EFL] Remove create() factory function in EvasGLContext and EvasGLSurface
https://bugs.webkit.org/show_bug.cgi?id=149110

Reviewed by Csaba Osztrogonác.

It is not good implementation we support both create() factory function and public constructor.
In EvasGLContext and EvasGLSurface cases, those have supported both. However create() factory is only
used by EwkView. Thus let's remove the create() function, then EwkView creates EvasGLContext using
std::make_unique<> directly.

Source/WebCore:

  • platform/graphics/efl/EvasGLContext.h:

(WebCore::EvasGLContext::create): Deleted.

  • platform/graphics/efl/EvasGLSurface.h:

(WebCore::EvasGLSurface::create): Deleted.

Source/WebKit2:

  • UIProcess/API/efl/EwkView.cpp:

(EwkView::EwkView):
(EwkView::createGLSurface):

6:29 AM Changeset in webkit [189727] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189177 - Network Cache: Stale content after back navigation
https://bugs.webkit.org/show_bug.cgi?id=148634

Reviewed by Chris Dumez.

Source/WebKit2:

It is possible to get an older version of the previous page when navigating back. This can happen
if the main resource load has not completed before navigating away from the page.

Network cache entry is normally updated when the load completes. In case of cancellation we would leave
any existing entry as-is. However we render incrementally and user might have seen some content from
the partial load already. Navigating back to the cached page could show older version of the content.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::abort):

If a network load is canceled by the client after receiving response but before the load has completed
remove any existing cache entry for it.

LayoutTests:

  • http/tests/cache/disk-cache/disk-cache-302-status-code.html:
  • http/tests/cache/disk-cache/disk-cache-cancel-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-cancel.html: Added.
  • http/tests/cache/disk-cache/resources/cache-test.js:

Support delayed responses so we can test canceling the load.
Some minor improvements.

(makeHeaderValue):
(generateTestURL):
(loadResource):
(loadResourcesWithOptions):
(generateTests):

  • http/tests/cache/disk-cache/resources/generate-response.cgi:
6:26 AM Changeset in webkit [189726] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189172 - Watchdog timer callback should release the lock before deref'ing the watchdog.
https://bugs.webkit.org/show_bug.cgi?id=148635

Reviewed by Filip Pizlo.

The deref'ing of the watchdog may free it. The lock may not be available to be unlocked
after the deref.

  • runtime/Watchdog.cpp:

(JSC::Watchdog::Watchdog):

6:25 AM Changeset in webkit [189725] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189170 - [Freetype] FontCache::strengthOfFirstAlias leaks an FcPattern
https://bugs.webkit.org/show_bug.cgi?id=148624

Reviewed by Martin Robinson.

Using the normal RefPtr constructor causes the FcPattern to be reffed one extra time. Even
though the FcPattern is intentionally leaked to FcFontSetAdd down below, the FcPattern has
its own refcount and now it's screwed up. Just completely stop using RefPtr for these
FcPatterns, since the potential for confusion regarding leakRef combined with Fontconfig
refcounting far outweighs the benefit of using a smart pointer.

  • platform/graphics/freetype/FontCacheFreeType.cpp:

(WebCore::strengthOfFirstAlias):

6:22 AM Changeset in webkit [189724] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WTF

Merge r189151 - [WTF] Improve a ParkingLot::parkConditionally() comment for a libstdc++ workaround
https://bugs.webkit.org/show_bug.cgi?id=148571

Reviewed by Filip Pizlo.

  • wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionally): Adjust the comment about the workaround for
the libstdc++ std::condition_variable implementation, linking to the WebKit bug
that dissected the problem and the GCC bug that originally reported the problem.

6:20 AM Changeset in webkit [189723] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189133 - JavaScriptCore fails to build using GCC 5
https://bugs.webkit.org/show_bug.cgi?id=147815

Patch by Khem Raj <raj.khem@gmail.com> on 2015-08-28
Reviewed by Filip Pizlo.

  • runtime/JSObject.cpp: Explicitly instantiate all variants of

putByIndexBeyondVectorLengthWithAttributes used by JSArray.cpp.

5:50 AM Changeset in webkit [189722] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189080 - pluginInfo.clientLoadPolicy is used uninitialized in WebContent process
https://bugs.webkit.org/show_bug.cgi?id=148550

Reviewed by Tim Horton.

This fixes flakiness on plugins/plugin-javascript-access.html.

  • Shared/WebCoreArgumentCoders.cpp: (IPC::ArgumentCoder<PluginInfo>::decode):
5:48 AM Changeset in webkit [189721] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189060 - Page does not update when <link> media attribute changes to no longer apply to page
https://bugs.webkit.org/show_bug.cgi?id=148392

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/link-media-attr.html

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::parseAttribute):
When the media attribute changes, recalculate styles if the link is not disabled.

LayoutTests:

  • fast/css/link-media-attr-expected.txt: Added.
  • fast/css/link-media-attr.html: Added.

Add a test to verify that styles change after a link's media attribute changes.

5:47 AM Changeset in webkit [189720] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r189058 - Simple line layout: Text jumps sometimes on naughty strings page
https://bugs.webkit.org/show_bug.cgi?id=148399
rdar://problem/22212568

Reviewed by Antti Koivisto.

The x position we set for tab characters during painting should
be the same as if it was set by the inline box tree painting.

Inline box tree computes the distance from the rootbox for each line
and sets this value as the xPos for the TextRun.
Currently simple line layout does not support cases where a line
would have an offset, so this value is always 0.

Source/WebCore:

Test: fast/text/whitespace/simple-line-layout-tab-position.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):

LayoutTests:

  • fast/text/whitespace/simple-line-layout-tab-position-expected.html: Added.
  • fast/text/whitespace/simple-line-layout-tab-position.html: Added.
5:46 AM Changeset in webkit [189719] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.10

Merge r189046 - REGRESSION(r184779): Possible read-after-free in JavaScriptCore/dfg/DFGClobberize.h
https://bugs.webkit.org/show_bug.cgi?id=148411

Reviewed by Geoffrey Garen and Filip Pizlo.

Source/JavaScriptCore:

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

LayoutTests:

  • js/regress-148411-expected.txt: Added.
  • js/regress-148411.html: Added.
  • js/script-tests/regress-148411.js: Added.

(foo):

5:42 AM Changeset in webkit [189718] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189043 - Decode redirected data URLs in web process
https://bugs.webkit.org/show_bug.cgi?id=148386

Reviewed by Zalan Bujtas.

Redirected data URLs still end up to networking layer for decoding. Handle them locally as well.

Covered by existing tests.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::~ResourceLoader):
(WebCore::ResourceLoader::finishNetworkLoad):

Factor to a function.

(WebCore::ResourceLoader::releaseResources):
(WebCore::ResourceLoader::willSendRequestInternal):

When receiving redirect to a data URL end the network load and decode it locally.

(WebCore::ResourceLoader::willSendRequest):

  • loader/ResourceLoader.h:
5:37 AM Changeset in webkit [189717] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r189030 - Simple line layout: Use float types wherever possible to match line tree.
https://bugs.webkit.org/show_bug.cgi?id=148444

Reviewed by Antti Koivisto.

To match inline tree output, we should try to match the data types as far as precision goes.

This patch also fixes the confusing mismatch between Run::baseline().x() and Run::rect().x().
They are both supposed to return the left edge of the run. However Run::rect().x() returns a rounded
LayoutUnit of the logical left, while Run::baseline().x() returns the correct logical left.
With this patch

  1. baseline position does not include logical left anymore.
  2. Run::rect().x() does not round the logical left coordinate anymore.
  • rendering/RenderTreeAsText.cpp:

(WebCore::writeSimpleLine):

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):
(WebCore::SimpleLineLayout::collectAbsoluteRects):
(WebCore::SimpleLineLayout::showLineLayoutForFlow):

  • rendering/SimpleLineLayoutResolver.cpp:

(WebCore::SimpleLineLayout::linePosition):
(WebCore::SimpleLineLayout::lineSize):
(WebCore::SimpleLineLayout::RunResolver::Run::rect):
(WebCore::SimpleLineLayout::LineResolver::Iterator::operator*):
(WebCore::SimpleLineLayout::baselinePosition): Deleted.
(WebCore::SimpleLineLayout::RunResolver::Run::baseline): Deleted.

  • rendering/SimpleLineLayoutResolver.h:

(WebCore::SimpleLineLayout::RunResolver::Run::baselinePosition):
(WebCore::SimpleLineLayout::RunResolver::Run::computeBaselinePosition):

5:35 AM Changeset in webkit [189716] by Carlos Garcia Campos
  • 5 edits
    1 copy
    1 add in releases/WebKitGTK/webkit-2.10

Merge r189026 - Subpixel positioned iframe's repaint area calculation problem.
https://bugs.webkit.org/show_bug.cgi?id=148422

When the repaint rect position is floored for iframes, we need
to expand the size so that it still covers the content.

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/repaint/content-inside-subpixel-positioned-iframe.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeRectForRepaint):

LayoutTests:

  • fast/repaint/content-inside-subpixel-positioned-iframe-expected.txt: Added.
  • fast/repaint/content-inside-subpixel-positioned-iframe.html: Copied from LayoutTests/fast/repaint/hidpi-content-inside-iframe-leaves-trails.html.
  • fast/repaint/hidpi-content-inside-iframe-leaves-trails.html:
5:33 AM Changeset in webkit [189715] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Tools

Merge r189014 - Unreviewed, further shorten a test that times out because it's very long running.

I've locally run these tests on repeat for 24 hours and found no genuine
failures, like deadlocks. So, the timeouts are probably because the test
machine is slow and debug is slow. We should just run this test for fewer
iterations.

  • TestWebKitAPI/Tests/WTF/Lock.cpp:

(TestWebKitAPI::TEST):

5:32 AM Changeset in webkit [189714] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r189012 - MarkedBlock::allocateBlock will have the wrong allocation size when (sizeof(MarkedBlock) + bytes) is divisible by WTF::pageSize()
https://bugs.webkit.org/show_bug.cgi?id=148500

Reviewed by Mark Lam.

Consider the following scenario:

  • On OS X, WTF::pageSize() is 4*1024 bytes.
  • JSEnvironmentRecord::allocationSizeForScopeSize(6621) == 53000
  • sizeof(MarkedBlock) == 248
  • (248 + 53000) is a multiple of 4*1024.
  • (248 + 53000)/(4*1024) == 13

We will allocate a chunk of memory of size 53248 bytes that looks like this:
0 248 256 53248 53256
[Marked Block | 8 bytes | payload ...... ] 8 bytes |


Our Environment record starts here.


Our last JSValue in the environment record will go from byte 53248 to 53256. But, we don't own this memory.

We need to ensure that we round up sizeof(MarkedBlock) to an
atomSize boundary. We need to do this because the first atom
inside the MarkedBlock will start at the rounded up multiple
of atomSize past MarkedBlock. If we end up with an allocation
that is perfectly aligned to the page size, then we will be short
8 bytes (in the current implementation where atomSize is 16 bytes,
and MarkedBlock is 248 bytes).

  • heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateBlock):

  • tests/stress/heap-allocator-allocates-incorrect-size-for-activation.js: Added.

(use):
(makeFunction):

5:28 AM Changeset in webkit [189713] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r189010 - [ThreadedCompositor] Use WTF::Condition together with WTF::Lock
https://bugs.webkit.org/show_bug.cgi?id=148493

Patch by Emanuele Aina <Emanuele Aina> on 2015-08-26
Reviewed by Gyuyoung Kim.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

Replace ThreadCondition::signal() calls with Condition::notifyOne().

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h:

Replace ThreadCondition usage with Condition.

5:27 AM Changeset in webkit [189712] by Carlos Garcia Campos
  • 22 edits
    1 add in releases/WebKitGTK/webkit-2.10

Merge r189009 - watchdog m_didFire state erroneously retained.
https://bugs.webkit.org/show_bug.cgi?id=131082

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The watchdog can fire for 2 reasons:

  1. an external controlling entity (i.e. another thread) has scheduled termination of the script thread via watchdog::terminateSoon().
  2. the allowed CPU time has expired.

For case 1, we're doing away with the m_didFire flag. Watchdog::terminateSoon()
will set the timer deadlines and m_timeLimit to 0, and m_timerDidFire to true.
This will get the script thread to check Watchdog::didFire() and terminate
execution.

Note: the watchdog only guarantees that script execution will terminate as soon
as possible due to a time limit of 0. Once we've exited the VM, the client of the
VM is responsible from keeping a flag to prevent new script execution.

In a race condition, if terminateSoon() is called just after execution has gotten
past the client's reentry check and the client is in the process of re-entering,
the worst that can happen is that we will schedule the watchdog timer to fire
after a period of 0. This will terminate script execution quickly, and thereafter
the client's check should be able to prevent further entry into the VM.

The correctness (i.e. has no race condition) of this type of termination relies
on the termination state being sticky. Once the script thread is terminated this
way, the VM will continue to terminate scripts quickly until the client sets the
time limit to a non-zero value (or clears it which sets the time limit to
noTimeLimit).

For case 2, the watchdog does not alter m_timeLimit. If the CPU deadline has
been reached, the script thread will terminate execution and exit the VM.

If the client of the VM starts new script execution, the watchdog will allow
execution for the specified m_timeLimit. In this case, since m_timeLimit is not
0, the script gets a fresh allowance of CPU time to execute. Hence, terminations
due to watchdog time outs are no longer sticky.

  • API/JSContextRef.cpp:

(JSContextGroupSetExecutionTimeLimit):
(JSContextGroupClearExecutionTimeLimit):

  • API/tests/ExecutionTimeLimitTest.cpp:
  • Add test scenarios to verify that the watchdog is automatically reset by the VM upon throwing the TerminatedExecutionException.

(testResetAfterTimeout):
(testExecutionTimeLimit):

(JSC::DFG::ByteCodeParser::parseBlock):

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):

  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::ensureWatchdog):

  • runtime/VM.h:
  • runtime/VMInlines.h: Added.

(JSC::VM::shouldTriggerTermination):

  • runtime/Watchdog.cpp:

(JSC::Watchdog::Watchdog):
(JSC::Watchdog::setTimeLimit):
(JSC::Watchdog::terminateSoon):
(JSC::Watchdog::didFireSlow):
(JSC::Watchdog::hasTimeLimit):
(JSC::Watchdog::enteredVM):
(JSC::Watchdog::exitedVM):
(JSC::Watchdog::startTimer):
(JSC::Watchdog::stopTimer):
(JSC::Watchdog::hasStartedTimer): Deleted.
(JSC::Watchdog::fire): Deleted.

  • runtime/Watchdog.h:

(JSC::Watchdog::didFire):
(JSC::Watchdog::timerDidFireAddress):

Source/WebCore:

No new tests. The new code is covered by the JSC API tests and an existing test:
fast/workers/worker-terminate-forever.html

  • bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

  • bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::WorkerScriptController):

  • Always create a watchdog for the Web Worker's VM. We need this in order to support Worker.terminate().

(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::scheduleExecutionTermination):
(WebCore::WorkerScriptController::isTerminatingExecution):
(WebCore::WorkerScriptController::forbidExecution):
(WebCore::WorkerScriptController::isExecutionTerminating): Deleted.

  • bindings/js/WorkerScriptController.h:

LayoutTests:

  • fast/workers/worker-terminate-forever-expected.txt:
  • fast/workers/worker-terminate-forever.html:
  • Updated to check if the worker actually did terminate.
5:00 AM Changeset in webkit [189711] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188648 - Add ability to save and restore JSC options.
https://bugs.webkit.org/show_bug.cgi?id=148125

Reviewed by Saam Barati.

  • API/tests/ExecutionTimeLimitTest.cpp:

(testExecutionTimeLimit):

  • Employ the new options getter/setter to run watchdog tests for each of the execution engine tiers.
  • Also altered the test scripts to be in a function instead of global code. This is one of 2 changes needed to give them an opportunity to be FTL compiled. The other is to add support for compiling CheckWatchdogTimer in the FTL (which will be addressed in a separate patch).
  • jsc.cpp:

(CommandLine::parseArguments):

  • runtime/Options.cpp:

(JSC::parse):

  • Add the ability to clear a string option with a nullptr value. This is needed to restore a default string option value which may be null.

(JSC::OptionRange::init):

  • Add the ability to clear a range option with a null value. This is needed to restore a default range option value which may be null.

(JSC::Options::initialize):
(JSC::Options::dumpOptionsIfNeeded):

  • Factor code to dump options out to dumpOptionsIfNeeded() since we will need that logic elsewhere.

(JSC::Options::setOptions):

  • Parse an options string and set each of the specified options.

(JSC::Options::dumpAllOptions):
(JSC::Options::dumpAllOptionsInALine):
(JSC::Options::dumpOption):
(JSC::Option::dump):

  • Refactored so that the underlying dumper dumps to a StringBuilder instead of stderr. This lets us reuse this code to serialize all the options into a single string for dumpAllOptionsInALine().
  • runtime/Options.h:

(JSC::OptionRange::rangeString):

4:11 AM Changeset in webkit [189710] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Merge r188987 - Use WorkQueue::concurrentApply in FEConvolveMatrix
https://bugs.webkit.org/show_bug.cgi?id=148490

Reviewed by Tim Horton.

Using WorkQueue::concurrentApply lets us simplify the code a lot, and measurements show
no difference in performance. The striding has been slightly tweaked to make more sense
(we no longer divide up the remainder across some of the iterations, instead we just process
it separately last).

  • platform/graphics/filters/FEConvolveMatrix.cpp:

(WebCore::FEConvolveMatrix::platformApplySoftware):
(WebCore::FEConvolveMatrix::setInteriorPixelsWorker): Deleted.

  • platform/graphics/filters/FEConvolveMatrix.h:
4:01 AM Changeset in webkit [189709] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10/Source/WTF

Merge r188981 - Add and implement WorkQueue::concurrentApply
https://bugs.webkit.org/show_bug.cgi?id=148488

Reviewed by Geoffrey Garen.

WorkQueue::concurrentApply is modeled after dispatch_apply, and on Cocoa it uses dispatch_apply directly.
For other ports there's a generic concurrentApply implemented using our threading primitives.

  • wtf/NeverDestroyed.h:

(WTF::LazyNeverDestroyed::operator->):

  • wtf/WorkQueue.cpp:

(WTF::WorkQueue::concurrentApply):

  • wtf/WorkQueue.h:
  • wtf/cocoa/WorkQueueCocoa.cpp:

(WTF::WorkQueue::concurrentApply):

3:40 AM Changeset in webkit [189708] by svillar@igalia.com
  • 5 edits
    4 adds in trunk

min-width/height should default to auto for grid items
https://bugs.webkit.org/show_bug.cgi?id=146021

Reviewed by Darin Adler.

Based on Blink's r194408, r194863 and r194887 by <Manuel Rego Casasnovas>.

Source/WebCore:

From the spec (http://dev.w3.org/csswg/css-grid/#grid-items):
"The auto value of min-width and min-height behaves on grid
items in the relevant axis analogously to its behavior on flex
items in the main axis."

From now on the default value for min-width and min-height for
grid items is auto, meaning that in general, grid items won't
shrink bellow their content.

The change is not exactly the same as the one in Blink because
this one takes into account vertical writting modes, something
that was not well handled in the original one.

Tests: fast/css-grid-layout/min-width-height-auto-overflow.html

fast/css-grid-layout/min-width-height-auto.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeLogicalWidthInRegion):
(WebCore::RenderBox::computeLogicalHeight):

LayoutTests:

Apart from the original tests this includes some extra ones to
verify that we behave correctly with vertical writing modes.

  • fast/css-grid-layout/min-width-height-auto-expected.txt: Added.
  • fast/css-grid-layout/min-width-height-auto-overflow-expected.html: Added.
  • fast/css-grid-layout/min-width-height-auto-overflow.html: Added.
  • fast/css-grid-layout/min-width-height-auto.html: Added.
  • fast/css/auto-min-size-expected.txt:
  • fast/css/auto-min-size.html:
3:38 AM Changeset in webkit [189707] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188978 - [JSC] StructureTransitionTable should eagerly deallocate single-transition WeakImpls.
<https://webkit.org/b/148478>

Reviewed by Geoffrey Garen.

Use a WeakHandleOwner to eagerly deallocate StructureTransitionTable's Weak pointers
when it's using the single-transition optimization and the Structure it transitioned
to has been GC'd.

This prevents Structures from keeping WeakBlocks alive longer than necessary when
they've been transitioned away from but are still in use themselves.

  • runtime/Structure.cpp:

(JSC::singleSlotTransitionWeakOwner):
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
(JSC::StructureTransitionTable::add):

  • runtime/StructureTransitionTable.h:

(JSC::StructureTransitionTable::singleTransition): Deleted.
(JSC::StructureTransitionTable::setSingleTransition): Deleted.

3:10 AM Changeset in webkit [189706] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188968 - [Cairo] Accelerated canvas should fall back to non-accelerated canvas on creation failure
https://bugs.webkit.org/show_bug.cgi?id=148476

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-08-26
Reviewed by Brent Fulgham.

Cairo-gl backed surface might fail to be created with large dimensions, e.g., 50x32000, depending on
the gl implementations. In case of Mac port, ImageBufferCG falls back to a software surface when it fails to create
IOSurface, an accelerated surface. Though the unaccelerated surface could be slower, it would be better
to create a working surface than nothing.

Because the max dimensions of gl texture might vary among the OpenGL implementations, below test can't guarantee
the verification of behavior difference depending on the running platform.

Test: fast/canvas/canvas-large-dimensions.html

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::ImageBuffer):

3:08 AM Changeset in webkit [189705] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188961 - [GStreamer] "method" property for the webkitwebsrc element
https://bugs.webkit.org/show_bug.cgi?id=148433

Reviewed by Carlos Garcia Campos.

This new property is sometimes used by the GStreamer uridownloader
when time synchronization is required for DASH. The same property
was added to the souphttpsrc element.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcSetProperty):
(webKitWebSrcGetProperty):
(webKitWebSrcStart):

3:04 AM Changeset in webkit [189704] by Carlos Garcia Campos
  • 2 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188918 - Fix crash due to search field disappearing when showing results menu
https://bugs.webkit.org/show_bug.cgi?id=148410
<rdar://problem/22399850>

Reviewed by Brent Fulgham.

When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
check to make sure the search field has not been hidden before toggling the menu.

Test: fast/forms/search/search-results-hidden-crash.html

  • html/shadow/TextControlInnerElements.cpp:

(WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.

2:57 AM Changeset in webkit [189703] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188849 - [JSC] Reduce the memory usage of BytecodeLivenessAnalysis
https://bugs.webkit.org/show_bug.cgi?id=148353

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-08-23
Reviewed by Darin Adler.

BytecodeLivenessAnalysis easily takes kilobytes of memory for
non trivial blocks and that memory sticks around because
it stored on CodeBlock.

This patch reduces that memory use a bit.

Most of the memory is in the array of BytecodeBasicBlock.
BytecodeBasicBlock is shrunk by:
-Making it not ref-counted.
-Removing m_predecessors, it was only used for debugging and

is usually big.

-Added a shrinkToFit() phase to shrink the vectors once we are

done building the BytecodeBasicBlock.

There are more things we should do in the future:
-Store all the BytecodeBasicBlock direclty in the array.

We know the size ahead of time, this would be a pure win.
The only tricky part is changing m_successors to have the
index of the successor instead of a pointer.

-Stop putting duplicates in m_successors.

  • bytecode/BytecodeBasicBlock.cpp:

(JSC::computeBytecodeBasicBlocks):
(JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
(JSC::linkBlocks): Deleted.

  • bytecode/BytecodeBasicBlock.h:

(JSC::BytecodeBasicBlock::addSuccessor):
(JSC::BytecodeBasicBlock::addPredecessor): Deleted.
(JSC::BytecodeBasicBlock::predecessors): Deleted.

  • bytecode/BytecodeLivenessAnalysis.cpp:

(JSC::getLeaderOffsetForBasicBlock):
(JSC::findBasicBlockWithLeaderOffset):
(JSC::findBasicBlockForBytecodeOffset):
(JSC::stepOverInstruction):
(JSC::computeLocalLivenessForBytecodeOffset):
(JSC::computeLocalLivenessForBlock):
(JSC::BytecodeLivenessAnalysis::dumpResults): Deleted.

  • bytecode/BytecodeLivenessAnalysis.h:
2:46 AM Changeset in webkit [189702] by Manuel Rego Casasnovas
  • 3 edits
    2 adds in trunk

[css-grid] Percentage columns should remove scrollbar's width
https://bugs.webkit.org/show_bug.cgi?id=149116

Reviewed by Sergio Villar Senin.

Source/WebCore:

Currently the calculation of percentage columns was not subtracting the
scrollbar's size.
Fixed RenderGrid::computeUsedBreadthOfSpecifiedLength()
to avoid this problem.

Test: fast/css-grid-layout/grid-percent-track-scrollbar.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

Added test to check the behavior for both columns and rows.
Note that rows (height) were already working fine.

  • fast/css-grid-layout/grid-percent-track-scrollbar-expected.txt: Added.
  • fast/css-grid-layout/grid-percent-track-scrollbar.html: Added.
2:45 AM Changeset in webkit [189701] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188839 - Remove SVGFrameLoaderClient and dataProtocolFrameLoader
https://bugs.webkit.org/show_bug.cgi?id=148370

Reviewed by Darin Adler.

With data protocol handled internally in WebKit these are no longer needed.

This mostly reverts code changes from http://trac.webkit.org/179626 keeping the tests.

  • loader/FrameLoaderClient.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::loadDataURL):
(WebCore::ResourceLoader::setDataBufferingPolicy):
(WebCore::ResourceLoader::dataProtocolFrameLoader): Deleted.

  • loader/ResourceLoader.h:

(WebCore::ResourceLoader::documentLoader):
(WebCore::ResourceLoader::originalRequest):

  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::finishLoading):

  • svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::dataChanged):

  • svg/graphics/SVGImage.h:
  • svg/graphics/SVGImageClients.h:
2:40 AM Changeset in webkit [189700] by Carlos Garcia Campos
  • 20 edits in releases/WebKitGTK/webkit-2.10/Source

Merge r188824 - [JSC] Static hash tables should be 100% compile-time constant.
<https://webkit.org/b/148359>

Reviewed by Michael Saboff.

Source/JavaScriptCore:

We were dirtying the memory pages containing static hash tables the
first time they were used, when a dynamically allocated index-to-key
table was built and cached in the HashTable struct.

It turns out that this "optimization" was completely useless, since
we've long since decoupled static hash tables from the JSC::VM and
we can get the key for an index via HashTable::values[index].m_key!

We also get rid of VM::keywords which was a little wrapper around
a VM-specific copy of JSC::mainTable. There was nothing VM-specific
about it at all, so clients now use JSC::mainTable directly.

After this change all fooHashTable structs end up in DATA const
and no runtime initialization/allocation takes place.

  • create_hash_table:
  • jsc.cpp:
  • parser/Lexer.cpp:

(JSC::isLexerKeyword):
(JSC::Lexer<LChar>::parseIdentifier):
(JSC::Lexer<UChar>::parseIdentifier):
(JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
(JSC::Keywords::Keywords): Deleted.

  • parser/Lexer.h:

(JSC::Keywords::isKeyword): Deleted.
(JSC::Keywords::getKeyword): Deleted.
(JSC::Keywords::~Keywords): Deleted.

  • runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::tryJSONPParse):

  • runtime/Lookup.cpp:

(JSC::HashTable::createTable): Deleted.
(JSC::HashTable::deleteTable): Deleted.

  • runtime/Lookup.h:

(JSC::HashTable::entry):
(JSC::HashTable::ConstIterator::key):
(JSC::HashTable::ConstIterator::skipInvalidKeys):
(JSC::HashTable::copy): Deleted.
(JSC::HashTable::initializeIfNeeded): Deleted.
(JSC::HashTable::begin): Deleted.
(JSC::HashTable::end): Deleted.

  • runtime/VM.cpp:

(JSC::VM::VM): Deleted.

  • runtime/VM.h:
  • testRegExp.cpp:

Source/WebCore:

Adjust WebCore bindings generator for new JSC::HashTable layout
and rebaseline the bindings tests for that change.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHashTable):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:
2:08 AM Changeset in webkit [189699] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188821 - Page::renderTreeSize() does not include anonymous renderers.
https://bugs.webkit.org/show_bug.cgi?id=148352

Reviewed by Andreas Kling.

Anonymous renderes take the document as their node. Instead
of checking whether the node is the document, we could just check
if the RenderView is available.

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::RenderObject):
(WebCore::RenderObject::~RenderObject):

  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView): Deleted.

  • rendering/RenderView.h: Include the RenderView in render tree size as well.
2:04 AM Changeset in webkit [189698] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.10

Merge r189164 - REGRESSION (r188820): fast/dom/HTMLObjectElement/object-as-frame.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148533

Reviewed by Chris Dumez.

Source/WebCore:

<object> element may cause document load event fire too early. By making data URL
loading faster r188820 made this condition more likely to trigger in this test.

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadSubframe):

Post-parsing style recalc may trigger loads for <object> elements. If all other loads have already
completed this may cause load event to fire synchronously from the initial empty document construction.

Fix by preventing load events during subframe initialization. They will be fired if needed by the
subsequent explicit call to FrameLoader::checkCompleted.

LayoutTests:

Unskip.

  • fast/dom/HTMLObjectElement/object-as-frame.html:

Use more logical text in the data url.

  • http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt:
  • http/tests/loading/basic-credentials-sent-automatically-expected.txt:
  • platform/wk2/http/tests/loading/basic-auth-resend-wrong-credentials-expected.txt:
  • platform/wk2/http/tests/loading/basic-credentials-sent-automatically-expected.txt:
  • webarchive/loading/object-expected.txt:

Update test results.

1:59 AM Changeset in webkit [189697] by Carlos Garcia Campos
  • 13 edits
    2 adds in releases/WebKitGTK/webkit-2.10/Source

Merge r188820 - Decode data URLs in web process
https://bugs.webkit.org/show_bug.cgi?id=148128

Reviewed by Darin Adler.

Source/WebCore:

We currenly send data URLs to networking layer for decoding. This involves a long and slow roundtrip through IPC and API layers.

  • WebCore.xcodeproj/project.pbxproj:
  • loader/ResourceLoadScheduler.cpp:

(WebCore::ResourceLoadScheduler::maybeLoadQuickLookResource): Deleted.

Remove this awkward interface for WebKit2.

  • loader/ResourceLoadScheduler.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::start):
(WebCore::ResourceLoader::loadDataURL):

Load using DataURLDecoder.

  • loader/ResourceLoader.h:

Make start() public and export it so it can be called directly from WebKit2.

  • platform/network/DataURLDecoder.cpp: Added.

(WebCore::DataURLDecoder::decodeQueue):
(WebCore::DataURLDecoder::DecodeTask::DecodeTask):
(WebCore::DataURLDecoder::createDecodeTask):

Parse data URL metadata and initialize the decode task.

(WebCore::DataURLDecoder::decodeBase64):
(WebCore::DataURLDecoder::decodeEscaped):
(WebCore::DataURLDecoder::decode):

Asynchronously decode in a concurrent distpatch queue.

  • platform/network/DataURLDecoder.h: Added.
  • platform/network/ios/QuickLook.h:
  • platform/text/DecodeEscapeSequences.h:

(WebCore::URLEscapeSequence::findEndOfRun):
(WebCore::URLEscapeSequence::decodeRun):

Factor buffer generation to a function.

(WebCore::decodeEscapeSequences):
(WebCore::decodeURLEscapeSequencesAsData):

Add decode function that produces bytes instead of a String.

Source/WebKit2:

  • WebProcess/Network/WebResourceLoadScheduler.cpp:

(WebKit::WebResourceLoadScheduler::scheduleLoad):

Don't send data: loads to the network process, handle them locally.

(WebKit::WebResourceLoadScheduler::startLocalLoad):

Call ResourceLoder::start() directly.

1:47 AM Changeset in webkit [189696] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] pipe-to writable stream tests
https://bugs.webkit.org/show_bug.cgi?id=148296

Reviewed by Darin Adler.

  • streams/reference-implementation/pipe-to-expected.txt: Added.
  • streams/reference-implementation/pipe-to.html: Added.
1:42 AM Changeset in webkit [189695] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188769 - AX: Table with CSS that makes a row anonymous can return NULL from cellForColumnAndRow
https://bugs.webkit.org/show_bug.cgi?id=148293

Patch by Doug Russell <d_russell@apple.com> on 2015-08-21
Reviewed by Chris Fleizach.

When RenderTableRows are anonymous, they may not be added to the accessible data
table's internal row list. However, when calculating the row range for a cell,
we were still accounting for those anonymous sections.
Change how the row range is calculated to directly ask the accessible parent row
for its index. This will ensure it’s more inline with what’s being represented to
the accessibility API.

Source/WebCore:

Test: accessibility/aria-table-content.html

  • accessibility/AccessibilityTableCell.cpp:

(WebCore::AccessibilityTableCell::parentRow):
(WebCore::AccessibilityTableCell::rowIndexRange):

  • accessibility/AccessibilityTableCell.h:

LayoutTests:

  • accessibility/aria-table-content-expected.txt: Added.
  • accessibility/aria-table-content.html: Added.
1:37 AM Changeset in webkit [189694] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188765 - HistoryItems will null CachedPages should never be left in the list of items;
causes crash
https://bugs.webkit.org/show_bug.cgi?id=148237
-and corresponding-
rdar://problem/22356782

Reviewed by Brady Eidson.

Setting the CachedPage to nullptr will destroy the CachedPage, destroy the
FrameView, re-enter layout, and potentially try to modify items in the PageCache
based on that layout. So, we should not modify CachedPage in this way while the
item is still in the list of HistoryItems.

  • history/PageCache.cpp:

(WebCore::PageCache::take):
(WebCore::PageCache::remove):
(WebCore::PageCache::prune):

1:35 AM Changeset in webkit [189693] by calvaris@igalia.com
  • 3 edits in trunk/LayoutTests

[Streams API] Add readable stream templated tests for writable streams
https://bugs.webkit.org/show_bug.cgi?id=148304

Reviewed by Darin Adler.

  • streams/reference-implementation/readable-stream-templated-expected.txt: Added new expectations.
  • streams/reference-implementation/readable-stream-templated.html: New writable stream tests.
1:34 AM Changeset in webkit [189692] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.10/Source/JavaScriptCore

Merge r188747 - DFG should have a KnownBooleanUse for cases where we are required to know that the child is a boolean and it's not OK to speculate
https://bugs.webkit.org/show_bug.cgi?id=148286

Reviewed by Benjamin Poulain.

This enables us to ensure that the Branch or LogicalNot after an effectful CompareXYZ can
be marked as !mayExit(). I need that for https://bugs.webkit.org/show_bug.cgi?id=145204.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::observeUseKindOnNode):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::shouldNotHaveTypeCheck):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::boolify):
(JSC::FTL::DFG::LowerDFGToLLVM::lowBoolean):

1:25 AM Changeset in webkit [189691] by Carlos Garcia Campos
  • 3 edits
    8 adds in releases/WebKitGTK/webkit-2.10

Merge r188720 - Overflow check elimination fails for a simple test case
https://bugs.webkit.org/show_bug.cgi?id=147387

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Overflow check elimination was having issues when things got constant-folded, because whereas an
Add or LessThan operation teaches us about relationships between the things being added or
compared, we don't do that when we see a JSConstant. We don't create a relationship between every
JSConstant and every other JSConstant. So, if we constant-fold an Add, we forget the relationships
that it would have had with its inputs.

One solution would be to have every JSConstant create a relationship with every other JSConstant.
This is dangerous, since it would create O(n2) explosion of relationships.

Instead, this patch teaches filtration and merging how to behave "as if" there were inter-constant
relationships. Normally those operations only work on two relationships involving the same node
pair. But now, if we have @x op @c and @x op @d, where @c and @d are different nodes but both are
constants, we will do merging or filtering by grokking the constant values.

This speeds up lots of tests in JSRegress, because it enables overflow check elimination on things
like:

for (var i = 0; i < 100; ++i)

Previously, the fact that this was all constants would throw off the analysis because the analysis
wouldn't "know" that 0 < 100.

  • dfg/DFGIntegerRangeOptimizationPhase.cpp:

LayoutTests:

Added two test cases that previously would have an unnecessary overflow check on an induction
variable. These tests speed up by 10-15% thanks to this change.

Also added .html/expected files for some regress test that didn't have them.

  • js/regress/function-call-expected.txt: Added.
  • js/regress/function-call.html: Added.
  • js/regress/hard-overflow-check-equal-expected.txt: Added.
  • js/regress/hard-overflow-check-equal.html: Added.
  • js/regress/hard-overflow-check-expected.txt: Added.
  • js/regress/hard-overflow-check.html: Added.
  • js/regress/script-tests/hard-overflow-check-equal.js: Added.

(foo):

  • js/regress/script-tests/hard-overflow-check.js: Added.

(foo):

1:05 AM Changeset in webkit [189690] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.10

Merge r188672 - Select validation does not correctly work when handling change event
https://bugs.webkit.org/show_bug.cgi?id=145869

Reviewed by Dean Jackson.

Source/WebCore:

When selecting an option in a <select> with validation that also has an onchange listener, calling
checkValidity() for the select within the onchange handler would produce incorrect results and (on
a debug build) crash at an assertion. This is because the change events were being dispatched before
form validity was updated. Making the validation step come before the change event dispatch fixes
this issue.

Test: fast/forms/onchange-select-check-validity.html

  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::selectOption): Update validity before dispatching change events.

LayoutTests:

Tests that checkValidity() returns correct results from within the onchange handler of a
<select> when the validity of the selected option changes.

  • fast/forms/onchange-select-check-validity-expected.txt: Added.
  • fast/forms/onchange-select-check-validity.html: Added.
12:59 AM Changeset in webkit [189689] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add pipe-to-options writable stream tests
https://bugs.webkit.org/show_bug.cgi?id=148297

Reviewed by Darin Adler.

  • streams/reference-implementation/pipe-to-options-expected.txt: Added.
  • streams/reference-implementation/pipe-to-options.html: Added.
12:56 AM Changeset in webkit [189688] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add tests about abort on writable streams
https://bugs.webkit.org/show_bug.cgi?id=148298

Reviewed by Darin Adler.

  • streams/reference-implementation/writable-stream-abort-expected.txt: Added.
  • streams/reference-implementation/writable-stream-abort.html: Added.
12:55 AM Changeset in webkit [189687] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.10

Merge r188666 - GraphicsContext3D::activeTexture should not be called with zero-based index
https://bugs.webkit.org/show_bug.cgi?id=148020

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-08-19
Reviewed by Alex Christensen.

Source/WebCore:

GraphicsContext3D::activeTexture should be called with an argument that is greater than or equal to
GraphicsContext3D::TEXTURE0.

Test: fast/canvas/webgl/texture-complete.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::checkTextureCompleteness):

LayoutTests:

Insert WebGLRenderingContext.activeTexture call during the texture complete test to verify
a meaningless change of the active texture doesn't make any gl errors.

  • fast/canvas/webgl/texture-complete.html:
12:53 AM Changeset in webkit [189686] by calvaris@igalia.com
  • 1 edit
    2 adds in trunk/LayoutTests

[Streams API] Add general writable streams tests
https://bugs.webkit.org/show_bug.cgi?id=148299

Reviewed by Darin Adler.

  • streams/reference-implementation/writable-stream-expected.txt: Added.
  • streams/reference-implementation/writable-stream.html: Added.
12:51 AM Changeset in webkit [189685] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r188659 - Scrollable area container is not properly cleared when page is going into the PageCache
https://bugs.webkit.org/show_bug.cgi?id=148182
<rdar://problem/21969170>

Reviewed by Dean Jackson.

Must be tested manually going back and forth in history several times.

  • history/CachedFrame.cpp:

(WebCore::CachedFrame::CachedFrame): Clear the cached ScrollableAreas from the FrameView.

  • page/FrameView.cpp:

(WebCore::FrameView::clearScrollableAreas): Added.

  • page/FrameView.h:
12:47 AM Changeset in webkit [189684] by ChangSeok Oh
  • 2 edits in trunk/LayoutTests

[GTK] Layout Test media/video-volume-slider.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=149032

Reviewed by Philippe Normand.

  • platform/gtk/TestExpectations: media/video-volume-slider.html is removed.
12:43 AM Changeset in webkit [189683] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebInspectorUI

Merge r188655 - Web Inspector: Uncaught exception in inspector page while handling event DOMStorage.domStorageItemRemoved
https://bugs.webkit.org/show_bug.cgi?id=148191

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-08-19
Reviewed by Brian Burg.

  • UserInterface/Controllers/StorageManager.js:

(WebInspector.StorageManager.prototype.itemsCleared):
(WebInspector.StorageManager.prototype.itemRemoved):
(WebInspector.StorageManager.prototype.itemAdded):
(WebInspector.StorageManager.prototype.itemUpdated):
Check if the DOMStorage for the identifier actually exists.
Due to how the backend emits events, the page may have already
navigated when we get a storage update for the previous page.
In that case, we don't want to create a DOMStorage for the
previous page if it doesn't exist.

Note: See TracTimeline for information about the timeline view.