Timeline



Feb 10, 2016:

11:42 PM Changeset in webkit [196415] by jonlee@apple.com
  • 6 edits
    6 adds in trunk/PerformanceTests

Add new benchmark tests.
https://bugs.webkit.org/show_bug.cgi?id=154063

Provisionally reviewed by Said Abou-Hallawa.

Add tests for get/put image data, filters, opacity, and css transforms.

  • Animometer/resources/runner/benchmark-runner.js:

(_runBenchmarkAndRecordResults): Update the body background color to match that of
the stage.
(this._runNextIteration): Clear the background color style for the results page.

  • Animometer/resources/runner/tests.js:
  • Animometer/tests/master/focus.html: Added.
  • Animometer/tests/master/image-data.html: Added.
  • Animometer/tests/master/multiply.html: Added.
  • Animometer/tests/master/resources/focus.js: Added.
  • Animometer/tests/master/resources/image-data.js: Added.
  • Animometer/tests/master/resources/multiply.js: Added.
  • Animometer/tests/master/resources/stage.css: Move common styles out.
  • Animometer/tests/resources/main.js: Update Stage.randomBool to use Math.random.

Add Stage.randomSign for randomly setting a direction. Add the notion of the
current timestamp of the test to Benchmark, since some animations cycle through
colors and rely on an incremental counter like the time.

8:06 PM Changeset in webkit [196414] by keith_miller@apple.com
  • 11 edits
    1 add in trunk/Source/JavaScriptCore

Symbol.species accessors on builtin constructors should be configurable
https://bugs.webkit.org/show_bug.cgi?id=154097

Reviewed by Benjamin Poulain.

We did not have the Symbol.species accessors on our builtin constructors
marked as configurable. This does not accurately follow the ES6 spec as
the ES6 spec states that all default accessors on builtins should be
configurable. This means that we need an additional watchpoint on
ArrayConstructor to make sure that no users re-configures Symbol.species.

  • runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::finishCreation):

  • runtime/ArrayPrototype.cpp:

(JSC::speciesConstructArray):
(JSC::ArrayPrototype::setConstructor):
(JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):

  • runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::didChangeConstructorOrSpeciesProperties):
(JSC::ArrayPrototype::didChangeConstructorProperty): Deleted.

  • runtime/JSArrayBufferConstructor.cpp:

(JSC::JSArrayBufferConstructor::finishCreation):

  • runtime/JSPromiseConstructor.cpp:

(JSC::JSPromiseConstructor::finishCreation):

  • runtime/JSTypedArrayViewConstructor.cpp:

(JSC::JSTypedArrayViewConstructor::finishCreation):

  • runtime/MapConstructor.cpp:

(JSC::MapConstructor::finishCreation):

  • runtime/RegExpConstructor.cpp:

(JSC::RegExpConstructor::finishCreation):

  • runtime/SetConstructor.cpp:

(JSC::SetConstructor::finishCreation):

  • tests/stress/array-species-config-array-constructor.js: Added.

(A):

  • tests/stress/symbol-species.js:

(testSymbolSpeciesOnConstructor):

7:20 PM Changeset in webkit [196413] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

7:20 PM Changeset in webkit [196412] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

6:21 PM Changeset in webkit [196411] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.46.98

New tag.

6:21 PM Changeset in webkit [196410] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.5.16

New tag.

5:35 PM Changeset in webkit [196409] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] The destination of Sqrt should be Def, not UseDef
https://bugs.webkit.org/show_bug.cgi?id=154086

Reviewed by Geoffrey Garen.

An unfortunate copy-paste: the destination of SqrtDouble and SqrtFloat
was defined as UseDef. As a result, the argument would be interfering
with everything defined prior.

  • b3/air/AirOpcode.opcodes:
5:18 PM Changeset in webkit [196408] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Removing deleted tests from ios-simulator TestExpectations

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
5:00 PM Changeset in webkit [196407] by Ryan Haddad
  • 2 edits in trunk/Source/WebCore

Updating bindings test reference file for JSTestEventConstructor.cpp after r196400

Unreviewed test gardening.

No new tests needed.

  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::construct):

4:52 PM Changeset in webkit [196406] by timothy@apple.com
  • 2 edits
    1 add
    2 deletes in trunk/Source/WebInspectorUI

Web Inspector: Add new icon for the Timeline Recording navigation bar item
https://bugs.webkit.org/show_bug.cgi?id=154089
rdar://problem/24595652

Reviewed by Brian Burg.

  • UserInterface/Images/Stopwatch.png: Removed.
  • UserInterface/Images/Stopwatch@2x.png: Removed.
  • UserInterface/Images/Stopwatch.svg: Added.
  • UserInterface/Views/TimelineIcons.css:

(.stopwatch-icon .icon): Use Stopwatch.svg.
(body:not(.mac-platform, .windows-platform) .stopwatch-icon .icon): Added for GTK+.

4:44 PM Changeset in webkit [196405] by Ryan Haddad
  • 1 edit
    1 add in trunk/LayoutTests

Adding an ios-simulator expectation for fast/dom/event-handler-attributes.html
https://bugs.webkit.org/show_bug.cgi?id=153763

Unreviewed test gardening.

  • platform/ios-simulator/fast/dom/event-handler-attributes-expected.txt: Added.
4:32 PM Changeset in webkit [196404] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Switching actions in Edit Breakpoint popover causes a jerk
https://bugs.webkit.org/show_bug.cgi?id=154093
<rdar://problem/24597869>

Reviewed by Timothy Hatcher.

Adjusted CodeMirror eval editor styles to match vanilla input field.

  • UserInterface/Views/BreakpointActionView.css:

(.breakpoint-action-eval-editor):

4:29 PM Changeset in webkit [196403] by jmarcell@apple.com
  • 6 edits in trunk/Tools

Remove calls to parseInt in order to work with non-integer revisions
https://bugs.webkit.org/show_bug.cgi?id=153820

Reviewed by Daniel Bates.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:

(BuildbotIteration.prototype.sourceStampChanges): Remove calls to parseInt in order to work with non-integer
revisions.
(BuildbotIteration.prototype._parseData): Ditto.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:

(BuildbotQueue.prototype.update): Ditto.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/MockBuildbotQueueView.js:

(MockBuildbotQueueView.prototype._latestProductiveIteration): Change integers to strings in test code.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/MockTrac.js:

(MockTrac.prototype.get oldestRecordedRevisionNumber): Ditto.
(MockTrac.prototype.get latestRecordedRevisionNumber): Ditto.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js: Ditto.
4:29 PM Changeset in webkit [196402] by jmarcell@apple.com
  • 5 edits in trunk/Tools

Teach dashboard code to compare non-integer revisions
https://bugs.webkit.org/show_bug.cgi?id=152345

Reviewed by Daniel Bates.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:

(BuildbotQueue.prototype.compareIterationsByRevisions): Compare non-integer revisions.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueueView.js:

(BuildbotQueueView.prototype._appendPendingRevisionCount): Use Trac.indexOfRevision in order to compare non-integer
revisions. Also uses new Trac.commitsOnBranchLaterThanRevision method.
(BuildbotQueueView.prototype._popoverLinesForCommitRange): Ditto.
(BuildbotQueueView.prototype._presentPopoverForPendingCommits): Use Trac.indexOfRevision in order to compare non-integer
revisions. Also uses new Trac.nextRevision method to calculate a revision range.
(BuildbotQueueView.prototype._revisionContentWithPopoverForIteration): Ditto.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Trac.js:

(Trac.prototype._commitsOnBranch): Renamed this to indicate that it should be a private method used by the latter two new
methods.
(Trac.prototype.commitsOnBranchLaterThanRevision): Finds revisions on a branch later than the specified revision.
(Trac.prototype.commitsOnBranchInRevisionRange): Finds revisions on a branch within a specified range.
(Trac.prototype.nextRevision): Finds the next revision after a given revision on a specific branch.
(Trac.prototype.indexOfRevision): Finds the index of a given revision within the recordedCommits array.
(Trac.prototype.commitsOnBranch): Deleted. Renamed to _commitsOnBranch.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js: Added unit tests.
4:10 PM Changeset in webkit [196401] by eric.carlson@apple.com
  • 12 edits in trunk

Update "manual" caption track logic
https://bugs.webkit.org/show_bug.cgi?id=154084
<rdar://problem/24530516>

Reviewed by Dean Jackson.

No new tests, media/track/track-manual-mode.html was updated.

  • English.lproj/Localizable.strings: Add new string.
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
(WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when

in manual selection mode.

(WebCore::HTMLMediaElement::captionPreferencesChanged): track.setManualSelectionMode is no more.

  • html/track/TextTrack.cpp:

(WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
(WebCore::TextTrack::kind): Deleted.

  • html/track/TextTrack.h:
  • html/track/TrackBase.h:

(WebCore::TrackBase::kind): De-virtualize, nobody overrides it.

  • page/CaptionUserPreferencesMediaAF.cpp:

(WebCore::trackDisplayName): Include "forced" in the name of forced tracks.

  • platform/LocalizedStrings.cpp:

(WebCore::forcedTrackMenuItemText): New.

  • platform/LocalizedStrings.h:
4:03 PM Changeset in webkit [196400] by jiewen_tan@apple.com
  • 100 edits in trunk/Source

Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
https://bugs.webkit.org/show_bug.cgi?id=153903
<rdar://problem/24518146>

Reviewed by Darin Adler.

Source/WebCore:

Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
(const AtomicString&, const EventInit&) and for all the subclasses as well in order to
support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
to create events not for bindings and vice versa. Therefore, this patch also cleanup
corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
as it is combined with Event::initEvent to create an event for bindings for legacy content.

After this patch, all call sites of *Event::create* are supposed to use *Event::create
to create events for user agent and *Event::createForBindings for bindings.

No change in behavior.

  • Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:

(WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
(WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
(WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.

  • Modules/encryptedmedia/MediaKeyMessageEvent.cpp:

(WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
(WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.

  • Modules/encryptedmedia/MediaKeyMessageEvent.h:

(WebCore::MediaKeyMessageEvent::create):
(WebCore::MediaKeyMessageEvent::createForBindings):

  • Modules/encryptedmedia/MediaKeyNeededEvent.cpp:

(WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
(WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.

  • Modules/encryptedmedia/MediaKeyNeededEvent.h:

(WebCore::MediaKeyNeededEvent::create):
(WebCore::MediaKeyNeededEvent::createForBindings):

  • Modules/encryptedmedia/MediaKeySession.cpp:

(WebCore::MediaKeySession::sendMessage):

  • Modules/gamepad/GamepadEvent.h:

(WebCore::GamepadEvent::create):
(WebCore::GamepadEvent::createForBindings):
(WebCore::GamepadEventInit::GamepadEventInit): Deleted.

  • Modules/indieui/UIRequestEvent.cpp:

(WebCore::UIRequestEvent::createForBindings):
(WebCore::UIRequestEvent::UIRequestEvent):
(WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
(WebCore::UIRequestEvent::create): Deleted.

  • Modules/indieui/UIRequestEvent.h:
  • Modules/mediastream/MediaStreamEvent.cpp:

(WebCore::MediaStreamEvent::createForBindings):
(WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
(WebCore::MediaStreamEvent::create): Deleted.

  • Modules/mediastream/MediaStreamEvent.h:
  • Modules/mediastream/MediaStreamTrackEvent.cpp:

(WebCore::MediaStreamTrackEvent::createForBindings):
(WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
(WebCore::MediaStreamTrackEvent::create): Deleted.

  • Modules/mediastream/MediaStreamTrackEvent.h:
  • Modules/mediastream/RTCDTMFToneChangeEvent.cpp:

(WebCore::RTCDTMFToneChangeEvent::createForBindings):
(WebCore::RTCDTMFToneChangeEvent::create): Deleted.

  • Modules/mediastream/RTCDTMFToneChangeEvent.h:
  • Modules/mediastream/RTCDataChannelEvent.cpp:

(WebCore::RTCDataChannelEvent::createForBindings):
(WebCore::RTCDataChannelEvent::create): Deleted.

  • Modules/mediastream/RTCDataChannelEvent.h:
  • Modules/mediastream/RTCIceCandidateEvent.cpp:

(WebCore::RTCIceCandidateEvent::createForBindings):
(WebCore::RTCIceCandidateEvent::create): Deleted.

  • Modules/mediastream/RTCIceCandidateEvent.h:
  • Modules/mediastream/RTCTrackEvent.cpp:

(WebCore::RTCTrackEvent::createForBindings):
(WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
(WebCore::RTCTrackEvent::create): Deleted.

  • Modules/mediastream/RTCTrackEvent.h:
  • Modules/speech/SpeechSynthesisEvent.cpp:

(WebCore::SpeechSynthesisEvent::createForBindings):
(WebCore::SpeechSynthesisEvent::create):
(WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):

  • Modules/speech/SpeechSynthesisEvent.h:
  • Modules/webaudio/AudioProcessingEvent.cpp:

(WebCore::AudioProcessingEvent::create): Deleted.

  • Modules/webaudio/AudioProcessingEvent.h:

(WebCore::AudioProcessingEvent::create):
(WebCore::AudioProcessingEvent::createForBindings):

  • Modules/webaudio/OfflineAudioCompletionEvent.cpp:

(WebCore::OfflineAudioCompletionEvent::createForBindings):
(WebCore::OfflineAudioCompletionEvent::create): Deleted.

  • Modules/webaudio/OfflineAudioCompletionEvent.h:
  • Modules/websockets/CloseEvent.h:

(WebCore::CloseEvent::create):
(WebCore::CloseEvent::createForBindings):
(WebCore::CloseEvent::CloseEvent):
(WebCore::CloseEventInit::CloseEventInit): Deleted.

  • bindings/objc/DOM.mm:

(-[DOMNode nextFocusNode]):
(-[DOMNode previousFocusNode]):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition):

  • dom/AnimationEvent.cpp:

(WebCore::AnimationEventInit::AnimationEventInit): Deleted.

  • dom/AnimationEvent.h:
  • dom/BeforeLoadEvent.h:

(WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.

  • dom/ClipboardEvent.h:
  • dom/CompositionEvent.cpp:

(WebCore::CompositionEventInit::CompositionEventInit): Deleted.

  • dom/CompositionEvent.h:
  • dom/CustomEvent.cpp:

(WebCore::CustomEventInit::CustomEventInit): Deleted.

  • dom/CustomEvent.h:
  • dom/DeviceMotionEvent.h:
  • dom/DeviceOrientationEvent.h:
  • dom/Document.cpp:

(WebCore::Document::createEvent):

  • dom/Element.cpp:

(WebCore::Element::dispatchMouseEvent):

  • dom/ErrorEvent.cpp:

(WebCore::ErrorEventInit::ErrorEventInit): Deleted.

  • dom/ErrorEvent.h:
  • dom/Event.cpp:

(WebCore::EventInit::EventInit): Deleted.

  • dom/Event.h:

(WebCore::Event::createForBindings):
(WebCore::Event::create): Deleted.

  • dom/FocusEvent.cpp:

(WebCore::FocusEventInit::FocusEventInit): Deleted.

  • dom/FocusEvent.h:
  • dom/HashChangeEvent.h:

(WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.

  • dom/KeyboardEvent.cpp:

(WebCore::KeyboardEvent::KeyboardEvent):
(WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.

  • dom/KeyboardEvent.h:
  • dom/MessageEvent.cpp:

(WebCore::MessageEvent::MessageEvent):
(WebCore::MessageEventInit::MessageEventInit): Deleted.

  • dom/MessageEvent.h:
  • dom/MouseEvent.cpp:

(WebCore::MouseEvent::createForBindings):
(WebCore::MouseEvent::create):
(WebCore::MouseEvent::MouseEvent):
(WebCore::MouseEvent::cloneFor):
(WebCore::MouseEventInit::MouseEventInit): Deleted.

  • dom/MouseEvent.h:

(WebCore::MouseEvent::createForBindings):
(WebCore::MouseEvent::create): Deleted.

  • dom/MouseRelatedEvent.cpp:

(WebCore::MouseRelatedEvent::MouseRelatedEvent):
(WebCore::MouseRelatedEvent::init):

  • dom/MouseRelatedEvent.h:

(WebCore::MouseRelatedEvent::screenX):
(WebCore::MouseRelatedEvent::screenY):
(WebCore::MouseRelatedEvent::screenLocation):
(WebCore::MouseRelatedEvent::clientX):
(WebCore::MouseRelatedEvent::clientY):
(WebCore::MouseRelatedEvent::movementX):
(WebCore::MouseRelatedEvent::movementY):
(WebCore::MouseRelatedEvent::clientLocation):
(WebCore::MouseRelatedEvent::isSimulated):
(WebCore::MouseRelatedEvent::absoluteLocation):
(WebCore::MouseRelatedEvent::setAbsoluteLocation):

  • dom/MutationEvent.h:
  • dom/OverflowEvent.cpp:

(WebCore::OverflowEvent::OverflowEvent):
(WebCore::OverflowEvent::initOverflowEvent):
(WebCore::OverflowEventInit::OverflowEventInit): Deleted.

  • dom/OverflowEvent.h:
  • dom/PageTransitionEvent.cpp:

(WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.

  • dom/PageTransitionEvent.h:
  • dom/PopStateEvent.cpp:

(WebCore::PopStateEvent::createForBindings):
(WebCore::PopStateEventInit::PopStateEventInit): Deleted.
(WebCore::PopStateEvent::PopStateEvent): Deleted.
(WebCore::PopStateEvent::create): Deleted.

  • dom/PopStateEvent.h:
  • dom/ProgressEvent.cpp:

(WebCore::ProgressEventInit::ProgressEventInit): Deleted.

  • dom/ProgressEvent.h:

(WebCore::ProgressEvent::createForBindings):
(WebCore::ProgressEvent::create): Deleted.

  • dom/SecurityPolicyViolationEvent.h:

(WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.

  • dom/TextEvent.cpp:

(WebCore::TextEvent::createForBindings):
(WebCore::TextEvent::create): Deleted.

  • dom/TextEvent.h:
  • dom/TouchEvent.h:
  • dom/TransitionEvent.cpp:

(WebCore::TransitionEventInit::TransitionEventInit): Deleted.

  • dom/TransitionEvent.h:
  • dom/UIEvent.cpp:

(WebCore::UIEventInit::UIEventInit): Deleted.

  • dom/UIEvent.h:

(WebCore::UIEvent::createForBindings):
(WebCore::UIEvent::create): Deleted.

  • dom/UIEventWithKeyState.h:

(WebCore::UIEventWithKeyState::ctrlKey):
(WebCore::UIEventWithKeyState::shiftKey):
(WebCore::UIEventWithKeyState::altKey):
(WebCore::UIEventWithKeyState::metaKey):
(WebCore::UIEventWithKeyState::UIEventWithKeyState):

  • dom/WebKitAnimationEvent.cpp:

(WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.

  • dom/WebKitAnimationEvent.h:
  • dom/WebKitTransitionEvent.cpp:

(WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.

  • dom/WebKitTransitionEvent.h:
  • dom/WheelEvent.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
(WebCore::HTMLMediaElement::mediaPlayerKeyError):
(WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
(WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):

  • html/MediaKeyEvent.cpp:

(WebCore::MediaKeyEvent::MediaKeyEvent):
(WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.

  • html/MediaKeyEvent.h:
  • html/canvas/WebGLContextEvent.cpp:

(WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.

  • html/canvas/WebGLContextEvent.h:
  • html/track/TrackEvent.cpp:

(WebCore::TrackEvent::TrackEvent):
(WebCore::TrackEventInit::TrackEventInit): Deleted.

  • html/track/TrackEvent.h:
  • html/track/TrackListBase.cpp:

(TrackListBase::scheduleTrackEvent):
(TrackListBase::scheduleChangeEvent):

  • page/EventSource.cpp:

(WebCore::EventSource::createMessageEvent):

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation):
(WebCore::gatherSecurityPolicyViolationEventData): Deleted.

  • storage/StorageEvent.cpp:

(WebCore::StorageEvent::createForBindings):
(WebCore::StorageEventInit::StorageEventInit): Deleted.
(WebCore::StorageEvent::create): Deleted.

  • storage/StorageEvent.h:
  • svg/SVGZoomEvent.h:

(WebCore::SVGZoomEvent::createForBindings):
(WebCore::SVGZoomEvent::create): Deleted.

  • xml/XMLHttpRequestProgressEvent.h:

(WebCore::XMLHttpRequestProgressEvent::createForBindings):
(WebCore::XMLHttpRequestProgressEvent::create): Deleted.

Source/WebKit2:

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::nextAssistableElement):

3:57 PM Changeset in webkit [196399] by andersca@apple.com
  • 8 edits in trunk/Source/WebKit2

Add SPI to remove individual user scripts or user style sheets
https://bugs.webkit.org/show_bug.cgi?id=154046
rdar://problem/23596352

Reviewed by Sam Weinig.

  • UIProcess/API/Cocoa/WKUserContentController.mm:

(-[WKUserContentController _removeUserScript:]):
(-[WKUserContentController _userStyleSheets]):
(-[WKUserContentController _addUserStyleSheet:]):
(-[WKUserContentController _removeUserStyleSheet:]):

  • UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::WebUserContentControllerProxy):
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):

  • UIProcess/UserContent/WebUserContentControllerProxy.h:

(WebKit::WebUserContentControllerProxy::userStyleSheets):

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeUserStyleSheet):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:
3:31 PM Changeset in webkit [196398] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after 196392

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
3:02 PM Changeset in webkit [196397] by mark.lam@apple.com
  • 3 edits in trunk/Source/WTF

Changed WTFCrash to not trash the crash site register state.
https://bugs.webkit.org/show_bug.cgi?id=153996

Reviewed by Geoffrey Garen.

When doing post-mortem crash site analysis using data from crash reports, it is
immensely valuable to be able to infer the crashing program's state from the
register values at crash time. However, for RELEASE_ASSERT failures, we crash
using WTFCrash(), and WTFCrash() is currently implemented as a function call
that, in turn, calls a lot of other functions to do crash handling before
actually crashing. As a result, the register values captured in the crash
reports are not likely to still contain the values used by the caller function
that failed the RELEASE_ASSERT.

This patch aims to remedy this issue for non-debug builds on OS(DARWIN) ports.
It does so by changing WTFCrash() into an inlined function that has an inlined
asm statement to issues the CPU specific breakpoint trap instruction. As a
result, for non-debug OS(DARWIN) builds, crashes due to failed RELEASE_ASSERTs
will now show up in crash reports as crashing due to EXC_BREAKPOINT (SIGTRAP)
instead of a EXC_BAD_ACCESS (SIGSEGV) on address 0xbbadbeef.

For debug and non-DARWIN builds, WTFCrash() behavior currently remains unchanged.

  • wtf/Assertions.cpp:
  • wtf/Assertions.h:
2:50 PM Changeset in webkit [196396] by Ryan Haddad
  • 22 edits in trunk/Source/WebCore

Rebaselining bindings tests

Unreviewed test gardening.

No new tests needed.

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCallback.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:
  • bindings/scripts/test/JS/JSattribute.cpp:
  • bindings/scripts/test/JS/JSreadonly.cpp:
2:16 PM Changeset in webkit [196395] by mark.lam@apple.com
  • 2 edits in trunk/Source/WebKit/mac

WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture: should assert that it is being called from the "main" thread.
https://bugs.webkit.org/show_bug.cgi?id=154059

Reviewed by Geoffrey Garen.

This makes it so that misbehaving clients which call it (indirectly) from another
thread (not the main thread) will fail faster. Otherwise, we get potential
memory corruption that results in strange crashes elsewhere later.

  • WebView/WebFrame.mm:

(-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):

2:01 PM Changeset in webkit [196394] by commit-queue@webkit.org
  • 5 edits
    1 add in trunk/Source/WebCore

[cmake] Consolidate CMake code related to image decoders.
https://bugs.webkit.org/show_bug.cgi?id=154074

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-10
Reviewed by Alex Christensen.

Common image decoder sources, includes and libs are moved to
platform/ImageDecoders.cmake.

Also, added include directories of libjpeg and libpng to
WebCore_SYSTEM_INCLUDE_DIRECTORIES.

No new tests needed.

  • CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
  • PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
  • PlatformGTK.cmake: Ditto.
  • PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
  • platform/ImageDecoders.cmake: Added.
1:57 PM Changeset in webkit [196393] by mmaxfield@apple.com
  • 4 edits in trunk/Source/WebCore

CSSSegmentedFontFace does not need to be reference counted
https://bugs.webkit.org/show_bug.cgi?id=154083

Reviewed by Antti Koivisto.

...There is only ever a single reference to one.

No new tests because there is no behavior change.

  • css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::getFontFace):

  • css/CSSFontSelector.h:
  • css/CSSSegmentedFontFace.h:

(WebCore::CSSSegmentedFontFace::create): Deleted.

1:51 PM Changeset in webkit [196392] by Chris Dumez
  • 107 edits
    2 adds in trunk

[Web IDL] interface objects should be Function objects
https://bugs.webkit.org/show_bug.cgi?id=154038
<rdar://problem/24569358>

Reviewed by Geoffrey Garen.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing. Some checks still
fail because a lot of our interfaces should inherit EventTarget and
currently don't (they duplicate the EventTarget API instead).

Also, as per WebIDL, window.NodeFilter's proto should be ObjectPrototype
instead of FunctionPrototype but this is an exceptional case and our new
behavior is consistent with Firefox and Chrome.

  • web-platform-tests/XMLHttpRequest/interfaces-expected.txt:
  • web-platform-tests/dom/events/Event-constructors-expected.txt:
  • web-platform-tests/dom/historical-expected.txt:
  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/fetch/api/headers/headers-idl-expected.txt:
  • web-platform-tests/fetch/api/request/request-idl-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/the-audio-element/audio_constructor-expected.txt:

Source/JavaScriptCore:

Update functionProtoFuncToString() to handle JSObjects that
have the TypeOfShouldCallGetCallData flag and are callable,
as these behave like functions and use ClassInfo::className()
as function name in this case.

  • runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

Source/WebCore:

interface objects should be Function objects as per Web IDL:

So window.Event should be a Function object for e.g. but in WebKit it
is a regular EventConstructor JSObject.
Firefox and Chrome match the specification.

Test: js/interface-objects.html

  • bindings/js/JSDOMBinding.cpp:

(WebCore::callThrowTypeError):
(WebCore::DOMConstructorObject::getCallData):
When calling the interface object as a function, we throw a TypeError
with a message asking to use the 'new' operator to match the behavior
of Firefox and Chrome.

  • bindings/js/JSDOMBinding.h:

Add JSC::TypeOfShouldCallGetCallData structure flag and implement
getCallData() so that typeof returns "function", as per the
specification and the behavior of other browsers.

(WebCore::DOMConstructorObject::className):
Implement className() and return "Function" to match the specification and
other browsers. Otherwise, it would fall back to using ClassInfo::className
which os the function name and interface name (e.g. "Event").

  • bindings/js/JSDOMConstructor.h:

(WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
(WebCore::JSDOMConstructorNotConstructable::getCallData):
As per the specification, interfaces that do not have a [Constructor]
should throw a TypeError when called as a function. Use the "Illegal
constructor" error message to match Firefox and Chrome.

  • bindings/js/JSDOMGlobalObject.h:

(WebCore::getDOMConstructor):
Instead of using objectPrototype as prototype for all DOM constructors,
we now call the prototypeForStructure() static function that is
generated for each bindings class. As per the Web IDL specification,
The Prototype internal property of an interface object for a
non-callback interface is determined as follows:

  1. If the interface inherits from some other interface, the value of Prototype is the interface object for that other interface.
  2. If the interface doesn't inherit from any other interface, the value of Prototype is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
  • bindings/js/JSImageConstructor.cpp:

(WebCore::JSImageConstructor::prototypeForStructure):
Have the Image's interface object use HTMLElement's interface object
as prototype as HTMLImageElement inherits HTMLElement.

  • bindings/scripts/CodeGenerator.pm:

(getInterfaceExtendedAttributesFromName):
Add a utility function to cheaply retrieve an interface's IDL extended
attributes without actually parsing the IDL. This is used to check if
an interface's parent is marked as [NoInterfaceObject] currently.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):
(GenerateCallbackHeader):
(GenerateCallbackImplementation):
Mark JSGlobalObject* parameter as const as the implementation does not
alter the globalObject.

(GenerateConstructorHelperMethods):

  • Generate prototypeForStructure() function for each bindings class that is not marked as [NoInterfaceObject] so getDOMConstructor() knows which prototype to use for the interface object / constructor when constructing it.
  • Use the interface name for the interface object, without the "Constructor" suffix, to match the behavior of Firefox and Chrome.
  • bindings/scripts/test/*:

Rebaseline bindings tests.

LayoutTests:

Rebaseline / update existing layout tests now that interface objects
are now Function objects. Also add a layout test to cover various
aspects of interface objects.

  • css3/blending/background-blend-mode-property-parsing-expected.txt:
  • css3/blending/blend-mode-property-parsing-expected.txt:
  • css3/blending/script-tests/background-blend-mode-property-parsing.js:

(shouldBeType):

  • css3/blending/script-tests/blend-mode-property-parsing.js:

(shouldBeType):

  • css3/filters/backdrop/backdropfilter-property-parsing-expected.txt:
  • css3/filters/backdrop/script-tests/backdropfilter-property-parsing.js:

(shouldBeType):

  • css3/filters/filter-property-parsing-expected.txt:
  • css3/filters/script-tests/filter-property-parsing.js:

(shouldBeType):

  • fast/css/image-set-parsing-expected.txt:
  • fast/css/script-tests/image-set-parsing.js:

(shouldBeType):

  • fast/dom/DOMException/XPathException-expected.txt:
  • fast/dom/DOMException/prototype-object-expected.txt:
  • fast/dom/DOMException/prototype-object.html:
  • fast/dom/DOMException/resources/XPathException.js:
  • fast/dom/MutationObserver/mutation-record-constructor-expected.txt:
  • fast/dom/MutationObserver/mutation-record-constructor.html:
  • fast/dom/Window/element-constructors-on-window-expected.txt:
  • fast/dom/call-a-constructor-as-a-function-expected.txt:
  • fast/dom/constructor-proto-expected.txt:
  • fast/dom/constructor-proto.html:
  • fast/dom/wrapper-classes-expected.txt:
  • fast/dom/wrapper-classes.html:
  • fast/mediastream/MediaStreamConstructor-expected.txt:
  • fast/mediastream/MediaStreamConstructor.html:
  • fast/workers/constructor-proto-expected.txt:
  • fast/workers/worker-location-expected.txt:
  • http/tests/xmlhttprequest/XMLHttpRequestException-expected.txt:
  • http/tests/xmlhttprequest/XMLHttpRequestException.html:
  • js/dom/global-constructors-attributes-dedicated-worker-expected.txt:
  • js/dom/script-tests/global-constructors-attributes-idb.js:

(constructorPropertiesOnGlobalObject):

  • js/dom/script-tests/global-constructors-attributes.js:

(constructorPropertiesOnGlobalObject):

  • js/interface-objects-expected.txt: Added.
  • js/interface-objects.html: Added.
  • media/encrypted-media/encrypted-media-v2-syntax-expected.txt:
  • media/encrypted-media/encrypted-media-v2-syntax.html:
  • media/track/track-vttcue-expected.txt:
  • platform/mac/fast/dom/Window/window-lookup-precedence-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
  • svg/custom/SVGException-expected.txt:
  • svg/custom/global-constructors-expected.txt:
  • svg/custom/script-tests/SVGException.js:
  • svg/custom/script-tests/global-constructors.js:

(shouldBeDefined):

  • transforms/2d/transform-value-types-expected.txt:
  • transforms/2d/transform-value-types.html:
1:45 PM Changeset in webkit [196391] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac] Graphical corruption in videos when enabling custom loading path
https://bugs.webkit.org/show_bug.cgi?id=154044

Reviewed by Alex Christensen.

Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.

  • platform/network/cocoa/WebCoreNSURLSession.mm:

(-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):

1:18 PM Changeset in webkit [196390] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Removed the duplicated definition of ChartPaneBase.

  • public/v3/components/chart-pane-base.js:
1:10 PM Changeset in webkit [196389] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking fast/css-generated-content/details-summary-before-after.html as failing on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153029

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
1:07 PM Changeset in webkit [196388] by mmaxfield@apple.com
  • 4 edits in trunk/Source/WebCore

CSSSegmentedFontFace does not need to be reference counted
https://bugs.webkit.org/show_bug.cgi?id=154083

Reviewed by Antti Koivisto.

...There is only ever a single reference to one.

No new tests because there is no behavior change.

  • css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::getFontFace):

  • css/CSSFontSelector.h:
  • css/CSSSegmentedFontFace.h:

(WebCore::CSSSegmentedFontFace::create): Deleted.

1:07 PM Changeset in webkit [196387] by rniwa@webkit.org
  • 9 edits
    1 move
    1 add in trunk/Websites/perf.webkit.org

Analysis task page on v3 UI should show charts
https://bugs.webkit.org/show_bug.cgi?id=154057

Reviewed by Chris Dumez.

Extracted ChartPaneBase out of ChartPane and added an instance of its new subclass, AnalysisTaskChartPane,
to the analysis task page. The main difference is that ChartPaneBase doesn't depend on the presence of
this._chartsPage unlike ChartPane. It also doesn't have the header with toolbar (to show breakdown, etc...).

  • public/v3/components/base.js:

(ComponentBase.prototype._constructShadowTree): Call htmlTemplate() and cssTemplate() with the right "this".

  • public/v3/components/chart-pane-base.js: Added.

(ChartPaneBase): Extracted from ChartPane.
(ChartPaneBase.prototype.configure): Extracted from the constructor. Separating this function allows the
component to be instantiated inside a HTML template.
(ChartPaneBase.prototype._fetchAnalysisTasks): Moved from ChartPane._fetchAnalysisTasks.
(ChartPaneBase.prototype.platformId): Ditto.
(ChartPaneBase.prototype.metricId): Ditto.
(ChartPaneBase.prototype.setOverviewDomain): Ditto.
(ChartPaneBase.prototype.setMainDomain): Ditto.
(ChartPaneBase.prototype._overviewSelectionDidChange): Extracted from the constructor. This is overridden in
ChartPane and unused in AnalysisTaskChartPane.
(ChartPaneBase.prototype._mainSelectionDidChange): Extracted from ChartPane._mainSelectionDidChange.
(ChartPaneBase.prototype._mainSelectionDidZoom): Extracted from ChartPane._mainSelectionDidZoom.
(ChartPaneBase.prototype._indicatorDidChange): Extracted from ChartPane._indicatorDidChange.
(ChartPaneBase.prototype._didFetchData): Moved from ChartPane._fetchAnalysisTasks.
(ChartPaneBase.prototype._openAnalysisTask): Ditto.
(ChartPaneBase.prototype._openCommitViewer): Ditto. Also fixed a bug that we don't show the spinner while
waiting for the data to be fetched by calling this.render() here.
(ChartPaneBase.prototype._keyup): Moved from ChartPane._keyup. Also fixed the bug that the revisions list
doesn't update by calling this.render() here.
(ChartPaneBase.prototype.render): Extracted from ChartPane.render.
(ChartPaneBase.htmlTemplate): Extracted from ChartPane.htmlTemplate.
(ChartPaneBase.paneHeaderTemplate): Added. This is overridden in ChartPane and unused in AnalysisTaskChartPane.
(ChartPaneBase.cssTemplate): Extracted from ChartPane.htmlTemplate.

  • public/v3/components/chart-styles.js: Renamed from public/v3/pages/page-with-charts.js.

(PageWithCharts): Renamed from PageWithCharts since it no longer extends PageWithHeading.
(ChartStyles.createChartSourceList):

  • public/v3/components/commit-log-viewer.js:

(CommitLogViewer.prototype.view): Set this._repository right away instead of waiting for the fetched data
so that spinner will be shown while the data is being fetched.

  • public/v3/index.html:
  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskChartPane): Added extends ChartPaneBase.
(AnalysisTaskPage): Added. this._chartPane.
(AnalysisTaskPage.prototype._didFetchTask): Initialize this._chartPane with a domain.
(AnalysisTaskPage.prototype.render): Render this._chartPane.
(AnalysisTaskPage.htmlTemplate):

  • public/v3/pages/chart-pane-status-view.js:

(ChartPaneStatusView): Removed the unused router from the argument list.
(ChartPaneStatusView.prototype.pointsRangeForAnalysis): Renamed from analyzeData() since it was ambiguous.
(ChartPaneStatusView.prototype.moveRepositoryWithNotification): Fixed the bug that we don't update the list
of the revisions here.
(ChartPaneStatusView.prototype.computeChartStatusLabels):

  • public/v3/pages/chart-pane.js:

(ChartPane): Now extends ChartPaneBase.
(ChartPane.prototype._overviewSelectionDidChange): Extracted from the constructor.
(ChartPane.prototype._mainSelectionDidChange):
(ChartPane.prototype._mainSelectionDidZoom):
(ChartPane.prototype._indicatorDidChange):
(ChartPane.prototype.render):
(ChartPane.prototype._renderActionToolbar):
(ChartPane.paneHeaderTemplate): Extracted from htmlTemplate.
(ChartPane.cssTemplate):
(ChartPane.overviewOptions.selection.onchange): Deleted.
(ChartPane.prototype._fetchAnalysisTasks): Deleted.
(ChartPane.prototype.platformId): Deleted.
(ChartPane.prototype.metricId): Deleted.
(ChartPane.prototype.setOverviewDomain): Deleted.
(ChartPane.prototype.setMainDomain): Deleted.
(ChartPane.prototype._openCommitViewer): Deleted.
(ChartPane.prototype._didFetchData): Deleted.
(ChartPane.prototype._keyup): Deleted.

  • public/v3/pages/charts-page.js:

(ChartsPage):
(ChartsPage.createDomainForAnalysisTask): Extracted by createDomainForAnalysisTask; used to set the domain
of the charts in the analysis task page.
(ChartsPage.createStateForAnalysisTask):

  • public/v3/pages/dashboard-page.js:

(DashboardPage):
(DashboardPage.prototype._createChartForCell):

1:05 PM Changeset in webkit [196386] by rniwa@webkit.org
  • 4 edits in trunk/Websites/perf.webkit.org

Add the support for maintenance mode
https://bugs.webkit.org/show_bug.cgi?id=154072

Reviewed by Chris Dumez.

Added the crude support for maintenance mode whereby which the reports are stored in the filesystem
instead of the database.

  • config.json: Added maintenanceMode and maintenanceDirectory as well as forgotten siteTitle and

remoteServer.httpdMutexDir.

  • public/api/report.php:

(main): Don't connect to the database or modify database when maintenanceMode is set.

  • public/include/json-header.php:

(ensure_privileged_api_data): Exit with InMaintenanceMode when maintenanceMode is set. This prevents
privileged API such as creating analysis tasks and new A/B testing groups from modifying the database.

12:56 PM Changeset in webkit [196385] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Reaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196374

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
12:56 PM Changeset in webkit [196384] by achristensen@apple.com
  • 8 edits in trunk/Source/WebKit2

Fix assertions when loading from WebProcess
https://bugs.webkit.org/show_bug.cgi?id=154079

Reviewed by Anders Carlsson.

Assertions were failing, mostly when using NetworkProcess, and mostly involving Top Sites.
When we do loading from the WebProcess (which we should eventually not allow), we were sometimes
using a private browsing session that did not exist because the UIProcess had told the NetworkProcess
to create a private browsing session with the given SessionID, but the WebProcess was not told about
the private browsing session.
Also, sometimes we were calling NetworkProcess::singleton() from the WebProcess, which caused problems
with the PlatformStrategies object being reset. This prevents that, too.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad):
Added an assertion that we have a network session when we have just made a NetworkingContext with the given SessionID.

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):

  • NetworkProcess/mac/RemoteNetworkingContext.mm:

(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession):
Call NetworkProcess::singleton only when we know we are in the network process.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):

  • WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:

(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):
Tell the WebProcesses about the new private session, too. Sometimes they use the new private session.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::ensurePrivateBrowsingSession):
(WebKit::WebProcess::destroyPrivateBrowsingSession):
Removed useless macros that were always true for all WK2 clients.

12:47 PM Changeset in webkit [196383] by Antti Koivisto
  • 13 edits in trunk/Source/WebCore

Optimize style invalidation after class attribute change
https://bugs.webkit.org/show_bug.cgi?id=154075
rdar://problem/12526450

Reviewed by Andreas Kling.

Currently a class attribute change invalidates style for the entire element subtree for any class found in the
active stylesheet set.

This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
of rules are hashes by the class name.

On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
makes selector matching cheap and the number of relevant rules is typically small.

This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.

  • css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::collectFeatures):
(WebCore::DocumentRuleSets::ancestorClassRules):

Create optimization RuleSets on-demand when there is an actual dynamic class change.

  • css/DocumentRuleSets.h:

(WebCore::DocumentRuleSets::features):
(WebCore::DocumentRuleSets::sibling):
(WebCore::DocumentRuleSets::uncommonAttribute):

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ElementRuleCollector):

Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.

(WebCore::ElementRuleCollector::matchAuthorRules):
(WebCore::ElementRuleCollector::matchUserRules):

  • css/ElementRuleCollector.h:
  • css/RuleFeature.cpp:

(WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):

Collect class names that show up in the ancestor portion of the selector.
Make this a member.

(WebCore::RuleFeatureSet::collectFeatures):

Move this code from RuleData.
Add the rule to ancestorClassRules if needed.

(WebCore::RuleFeatureSet::add):
(WebCore::RuleFeatureSet::clear):
(WebCore::RuleFeatureSet::shrinkToFit):
(WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
(WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.

  • css/RuleFeature.h:

(WebCore::RuleFeature::RuleFeature):
(WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.

  • css/RuleSet.cpp:

(WebCore::RuleData::RuleData):
(WebCore::RuleSet::RuleSet):
(WebCore::RuleSet::~RuleSet):
(WebCore::RuleSet::addToRuleSet):
(WebCore::RuleSet::addRule):
(WebCore::RuleSet::addRulesFromSheet):
(WebCore::collectFeaturesFromRuleData): Deleted.

  • css/RuleSet.h:

(WebCore::RuleSet::tagRules):
(WebCore::RuleSet::RuleSet): Deleted.

  • css/StyleInvalidationAnalysis.cpp:

(WebCore::shouldDirtyAllStyle):
(WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):

Add a new constructor that takes a ready made RuleSet instead of a stylesheet.

(WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
(WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
(WebCore::StyleInvalidationAnalysis::invalidateStyle):
(WebCore::StyleInvalidationAnalysis::invalidateStyle):

New function for invalidating a subtree instead of the whole document.

  • css/StyleInvalidationAnalysis.h:

(WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
(WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):

  • dom/Element.cpp:

(WebCore::classStringHasClassName):
(WebCore::collectClasses):
(WebCore::computeClassChange):

Factor to return the changed classes.

(WebCore::invalidateStyleForClassChange):

First filter out classes that don't show up in stylesheets. If something remains invalidate the current
element for inline style change (that is a style change that doesn't affect descendants).

Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
to find any affected descendants and invalidate them with inline style change as well.

(WebCore::Element::classAttributeChanged):

Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.

(WebCore::Element::absoluteLinkURL):
(WebCore::checkSelectorForClassChange): Deleted.

  • dom/ElementData.h:

(WebCore::ElementData::setClassNames):
(WebCore::ElementData::classNames):
(WebCore::ElementData::classNamesMemoryOffset):
(WebCore::ElementData::clearClass): Deleted.
(WebCore::ElementData::setClass): Deleted.

12:46 PM Changeset in webkit [196382] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.18.6/Source/WebKit

Merged r196377. rdar://problem/24584417

12:45 PM Changeset in webkit [196381] by Said Abou-Hallawa
  • 6 edits in trunk/PerformanceTests

Add internal benchmark tests for CSS mix-blend-modes and filters
https://bugs.webkit.org/show_bug.cgi?id=154058

Provisionally reviewed by Jon Lee.

  • Animometer/resources/debug-runner/tests.js: Include the new tests in the

"HTML suite" of the debug runner.

  • Animometer/resources/extensions.js:

(Utilities.browserPrefix):
(Utilities.setElementPrefixedProperty): Utility functions to allow setting
prefixed style properties.

  • Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:

Set the mix-blend-mode and the filter to some random values if the options
of the test requested that.

  • Animometer/tests/bouncing-particles/resources/bouncing-particles.js:

(parseShapeParameters): Parse the url options "blend" and "filter" and set
the corresponding flags.

  • Animometer/tests/resources/main.js:

(randomStyleMixBlendMode):
(randomStyleFilter): Return random mix-blend-mode and filter.

12:33 PM Changeset in webkit [196380] by matthew_hanson@apple.com
  • 3 edits in branches/safari-601-branch/Source/WebCore

Merge r196226. rdar://problem/24417430

12:33 PM Changeset in webkit [196379] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebCore

Merge r196208. rdar://problem/24417430

12:33 PM Changeset in webkit [196378] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebCore

Merge r196206. rdar://problem/24417430

11:56 AM Changeset in webkit [196377] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit

Fix internal Windows build
https://bugs.webkit.org/show_bug.cgi?id=154080
rdar://problem/24584417

Reviewed by Brent Fulgham.

  • CMakeLists.txt:

Explicitly make WebKit dependent on WebKitGUID so that WebKit will not start building
before WebKitGUID is finished generating and copying all headers, including WebKit/WebKit.h.

11:54 AM Changeset in webkit [196376] by mmaxfield@apple.com
  • 3 edits in trunk/Source/WebCore

Addressing post-review comments after r196322

Unreviwed.

  • css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::font):

  • css/CSSFontFaceSource.h:
11:53 AM Changeset in webkit [196375] by bshafiei@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebInspectorUI

Merge patch for rdar://problem/24267980.

11:47 AM Changeset in webkit [196374] by Chris Dumez
  • 17 edits
    5 adds in trunk

Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>

Reviewed by Darin Adler.

Source/JavaScriptCore:

Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:

  • We did not reify custom accessor properties (most of the Window properties are custom accessors) upon deletion.
  • For non-reified static properties marked as configurable, JSObject::deleteProperty() would attempt to call the property setter with undefined. As a result, calling delete window.name would cause window.name to become the string "undefined" instead of the undefined value.
  • runtime/JSObject.cpp:

(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.

(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the

'
!(entry->attributes() & BuiltinOrFunctionOrAccessor)'

check as such properties now get reified as well.

(JSC::JSObject::deleteProperty):

  • Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete() so that we now reify all properties upon deletion, including the custom accessors. reifyStaticFunctionsForDelete() is now removed and the same reification function is now used by: deletion, getOwnPropertyDescriptor() and eager reification of the prototype objects in the bindings.
  • Drop code that falls back to calling the static property setter with undefined if we cannot find the property in the property storage. As we now reify ALL properties, the code removing the property from the property storage should succeed, provided that the property actually exists.

(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.

(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.

  • runtime/JSObject.h:

Source/WebCore:

Attributes on the Window instance should be configurable unless [Unforgeable]:

  1. 'constructor' property:
  2. Constructor properties (e.g. window.Node):
  3. IDL attributes:

Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.

Test: fast/dom/Window/window-properties-configurable.html

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.

(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().

  • bindings/scripts/CodeGeneratorJS.pm:

(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.

(GenerateAttributesHashTable):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:

Rebaseline bindings tests.

LayoutTests:

  • fast/dom/Window/window-properties-configurable-expected.txt: Added.
  • fast/dom/Window/window-properties-configurable.html: Added.

Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.

  • fast/dom/global-constructors.html:

Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:

I have verified that the new behavior is consistent with Firefox.

  • http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
  • http/tests/security/cross-origin-reified-window-property-access.html: Added.
  • http/tests/security/resources/reify-window.html: Added.

Add a test case to cover cross-origin access of Window properties after
reification.

  • js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
  • js/getOwnPropertyDescriptor-unforgeable-attributes.html:

Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:

  • js/getOwnPropertyDescriptor-window-attributes-expected.txt:
  • js/getOwnPropertyDescriptor-window-attributes.html:
  • Add coverage for window.self which is a regular Window property.
  • Add coverage for window.Node which is a constructor property
  • Add coverage for window.constructor. It should really be on the prototype as per the specification but this at least checks that the property is configurable, as per the specification.
  • Rebaseline the test as more checks are passing now that Window properties are marked as configurable.
11:27 AM Changeset in webkit [196373] by beidson@apple.com
  • 3 edits in trunk/Source/WebCore

Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
https://bugs.webkit.org/show_bug.cgi?id=154061

Reviewed by Alex Christensen.

No new tests (Currently untestable).

  • Modules/indexeddb/client/IDBTransactionImpl.cpp:

(WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,

set the new state, and then clear the set of referenced object stores which is no longer needed.

(WebCore::IDBClient::IDBTransaction::abort):
(WebCore::IDBClient::IDBTransaction::commit):

  • Modules/indexeddb/client/IDBTransactionImpl.h:
11:22 AM Changeset in webkit [196372] by jonlee@apple.com
  • 9 edits in trunk/PerformanceTests

Add a ramp controller
https://bugs.webkit.org/show_bug.cgi?id=154028

Provisionally reviewed by Said Abou-Hallawa.

Enhance the graph to include a complexity-fps graph, in addition
to the time graph.

  • Animometer/developer.html: Add a ramp option.
  • Animometer/resources/debug-runner/animometer.css: Update the style.
  • Animometer/resources/strings.js: Flatten the Strings.text constants.
  • Animometer/resources/debug-runner/animometer.js:

(ResultsTable.call._addGraphButton): Refactor.
(ResultsTable.call._addTest): Add regression data.
(benchmarkController): Add a form that allows the user to switch between the two forms,
Add a form that allows the user to toggle different data. Hide certain header columns
depending on the selected controller.

  • Animometer/resources/debug-runner/graph.js: Add the complexity regressions.
  • Animometer/resources/debug-runner/tests.js: Add headers for the ramp results.
  • Animometer/resources/runner/animometer.js:

(ResultsTable): If a header is disabled don't include them in _flattenedHeaders.

  • Animometer/tests/resources/main.js:

(Controller): Allow options to specify the capacity for sample arrays.
(Regression): A piecewise regression that tries to fit a slope and a flat profile.
(_calculateRegression): Options can fix the slope and bias when calculating the minimal
error. Sweep across the samples in time (which could be backward depending on the controller)
and calculate the intersection point.
(RampController): This controller assumes that the target frame rate is below
58 FPS. It runs in two stages. The first stage quickly determines the order of
magnitude of objects needed to stress the system by the setting the complexity
to increasingly difficult tiers. Perform a series of ramps descending from a
high-water mark of complexity. The complexity needed to reach the target frame
length is done by performing a piecewise regression on each ramp, and track a
running average of these values. For the next ramp, make that running average
the center of the ramp. With a minimum complexity of 0, the high-water mark is
twice that average. The score is based on the highest complexity that can
reach 60 fps.

11:22 AM Changeset in webkit [196371] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skop fast/regions/text-break-properties.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153762

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
10:20 AM Changeset in webkit [196370] by mitz@apple.com
  • 4 edits in trunk/Source/WebKit2

[Mac] Stop installing the legacy processes
https://bugs.webkit.org/show_bug.cgi?id=154062

Reviewed by Anders Carlsson.

  • Configurations/All.xcconfig: Removed the legacy processes from EXCLUDED_SOURCE_FILE_NAMES for iOS, now that they are no longer included in a Copy Files build phase.
  • Configurations/BaseLegacyProcess.xcconfig: Set SKIP_INSTALL to YES for OS X as well.
  • WebKit2.xcodeproj/project.pbxproj: Removed the Copy Files build phase that copied the processes into the framework in engineering builds. Renamed the “Add current version symlinks” script build phase to “Add XPCServices symlink”, and changed it to do just that.
10:13 AM Changeset in webkit [196369] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r196251.
https://bugs.webkit.org/show_bug.cgi?id=154078

Large regression on Dromaeo needs explanation (Requested by
kling on #webkit).

Reverted changeset:

"Visiting a WeakBlock should report bytes visited, since we
reported them allocated."
https://bugs.webkit.org/show_bug.cgi?id=153978
http://trac.webkit.org/changeset/196251

9:50 AM Changeset in webkit [196368] by Csaba Osztrogonác
  • 5 edits in trunk/Source/JavaScriptCore

REGRESSION(r196331): It made ~180 JSC tests crash on ARMv7 Linux
https://bugs.webkit.org/show_bug.cgi?id=154064

Reviewed by Mark Lam.

  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate): Added EABI_32BIT_DUMMY_ARG where it is necessary.

  • dfg/DFGSpeculativeJIT.h: Fixed the comment.
  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState): Added.

  • wasm/WASMFunctionCompiler.h: Fixed the comment.
9:23 AM Changeset in webkit [196367] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
https://bugs.webkit.org/show_bug.cgi?id=153727
<rdar://problem/24429886>

Reviewed by Darin Adler.

Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
affect the MemoryCache when allowsCaching() is false.

  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::removeClient):

8:53 AM Changeset in webkit [196366] by bshafiei@apple.com
  • 6 edits
    2 copies in branches/safari-601-branch/Source/JavaScriptCore

Merged r196179. rdar://problem/24574519

2:28 AM Changeset in webkit [196365] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore
Fix the !(ENABLE(SHADOW_DOM)
ENABLE(DETAILS_ELEMENT)) after r196281

https://bugs.webkit.org/show_bug.cgi?id=154035

Reviewed by Antti Koivisto.

  • dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::Context::Context):

Feb 9, 2016:

10:58 PM Changeset in webkit [196364] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

[GTK] Toggle buttons are blurry with GTK+ 3.19
https://bugs.webkit.org/show_bug.cgi?id=154007

Reviewed by Michael Catanzaro.

Use min-width/min-height style properties when GTK+ >= 3.19.7 to
get the size of toggle buttons.

  • rendering/RenderThemeGtk.cpp:

(WebCore::setToggleSize):
(WebCore::paintToggle):

10:53 PM Changeset in webkit [196363] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r196183): [GTK] Broke TestInspector
https://bugs.webkit.org/show_bug.cgi?id=153945

Reviewed by Michael Catanzaro.

When the inspector view is detached and not added to a window,
which happens when it's closed, the inspector view is destroyed
because it doesn't have a parent anymore. When the inspector view
is destroyed we notify the web process that the inspector was
closed. Before r196183 this was not a problem, because the call to
WebInspectorProxy::didClose() from platformDetach() returned early
because WebInspectorProxy::didClose() had already set
m_inspectorPage to nullptr. In r196183 m_inspectorPage is set to
nullptr after platformDetach(), so we end up trying to detach the
inpector view again. To prevent this cycle, we should disconnect
the destroyed signal handler from the inspector view when
platformDetach() is called from WebInspectorProxy::didClose().

  • UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformDetach):

10:02 PM Changeset in webkit [196362] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Regression: Web Inspector: Sometimes in Elements panel two elements showed as selected at the same time
https://bugs.webkit.org/show_bug.cgi?id=149742
<rdar://problem/24492481>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-09
Reviewed by Timothy Hatcher.

  • UserInterface/Views/DOMTreeElement.js:

(WebInspector.DOMTreeElement.prototype.moveChild):
Since removing and re-adding this tree element may forgot its
entire child tree, re-select the selected child that may have
just been lost in the shuffle.

  • UserInterface/Views/TreeOutline.js:

(WebInspector.TreeOutline.prototype._forgetTreeElement):
When forgetting the selected tree element, also deselect the
forgotten tree element so it clears its selected state.

10:01 PM Changeset in webkit [196361] by keith_miller@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

calling methods off super in a class constructor should check for TDZ
https://bugs.webkit.org/show_bug.cgi?id=154060

Reviewed by Ryosuke Niwa.

In a class constructor we need to check for TDZ when calling a method
off the super class. This is because, for super method calls, we use
the derived class's newly constructed object as the super method's
this value.

  • bytecompiler/NodesCodegen.cpp:

(JSC::FunctionCallDotNode::emitBytecode):

  • tests/stress/super-method-calls-check-tdz.js: Added.

(Base):
(Derived):
(test):

9:36 PM Changeset in webkit [196360] by aakash_jain@apple.com
  • 8 edits in trunk/Source/WebCore

Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
https://bugs.webkit.org/show_bug.cgi?id=146984

Reviewed by Alexey Proskuryakov.

  • Modules/speech/SpeechSynthesis.h:
  • contentextensions/ContentExtensionError.h:
  • dom/DeviceOrientationClient.h:
  • platform/graphics/Color.h:
  • platform/ios/wak/WebCoreThread.h:
  • platform/network/CacheValidation.h:
  • platform/network/cf/CertificateInfo.h:
8:52 PM Changeset in webkit [196359] by bshafiei@apple.com
  • 6 edits
    2 copies in branches/safari-601.1.46-branch/Source/JavaScriptCore

Merged r196179. rdar://problem/24574469

7:12 PM Changeset in webkit [196358] by bshafiei@apple.com
  • 4 edits in branches/safari-601-branch/Source/WebCore

Merged r190616. rdar://problem/24563410

7:11 PM Changeset in webkit [196357] by bshafiei@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebCore

Merge patch for rdar://problem/24563410.

7:04 PM Changeset in webkit [196356] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.3.9.1.4

New tag.

7:03 PM Changeset in webkit [196355] by bshafiei@apple.com
  • 4 edits in branches/safari-601.3.9.1-branch/Source/WebCore

Merged r190616. rdar://problem/24563410

7:00 PM Changeset in webkit [196354] by bshafiei@apple.com
  • 2 edits in branches/safari-601.3.9.1-branch/Source/WebCore

Merge patch for rdar://problem/24563410.

6:55 PM Changeset in webkit [196353] by bshafiei@apple.com
  • 5 edits in branches/safari-601.3.9.1-branch/Source

Versioning.

6:33 PM Changeset in webkit [196352] by n_wang@apple.com
  • 19 edits
    2 adds in trunk

AX: Implement word related text marker functions using TextIterator
https://bugs.webkit.org/show_bug.cgi?id=153939
<rdar://problem/24269605>

Reviewed by Chris Fleizach.

Source/WebCore:

Using CharacterOffset to implement word related text marker calls. Reused
logic from previousBoundary and nextBoundary in VisibleUnits class.

Test: accessibility/mac/text-marker-word-nav.html

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::isReplacedNodeOrBR):
(WebCore::characterOffsetsInOrder):
(WebCore::resetNodeAndOffsetForReplacedNode):
(WebCore::setRangeStartOrEndWithCharacterOffset):
(WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
(WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
(WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
(WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
(WebCore::AXObjectCache::previousNode):
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
(WebCore::AXObjectCache::nextCharacterOffset):
(WebCore::AXObjectCache::previousCharacterOffset):
(WebCore::startWordBoundary):
(WebCore::endWordBoundary):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::endCharacterOffsetOfWord):
(WebCore::AXObjectCache::previousWordStartCharacterOffset):
(WebCore::AXObjectCache::nextWordEndCharacterOffset):
(WebCore::AXObjectCache::leftWordRange):
(WebCore::AXObjectCache::rightWordRange):
(WebCore::characterForCharacterOffset):
(WebCore::AXObjectCache::characterAfter):
(WebCore::AXObjectCache::characterBefore):
(WebCore::parentEditingBoundary):
(WebCore::AXObjectCache::nextWordBoundary):
(WebCore::AXObjectCache::previousWordBoundary):
(WebCore::AXObjectCache::rootAXEditableElement):

  • accessibility/AXObjectCache.h:

(WebCore::AXObjectCache::removeNodeForUse):
(WebCore::AXObjectCache::isNodeInUse):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
(-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
(-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
(textMarkerForCharacterOffset):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

  • editing/VisibleUnits.cpp:

(WebCore::rightWordPosition):
(WebCore::prepend):
(WebCore::appendRepeatedCharacter):
(WebCore::suffixLengthForRange):
(WebCore::prefixLengthForRange):
(WebCore::backwardSearchForBoundaryWithTextIterator):
(WebCore::forwardSearchForBoundaryWithTextIterator):
(WebCore::previousBoundary):
(WebCore::nextBoundary):

  • editing/VisibleUnits.h:

Tools:

  • DumpRenderTree/AccessibilityUIElement.cpp:

(endTextMarkerCallback):
(leftWordTextMarkerRangeForTextMarkerCallback):
(rightWordTextMarkerRangeForTextMarkerCallback):
(previousWordStartTextMarkerForTextMarkerCallback):
(nextWordEndTextMarkerForTextMarkerCallback):
(setSelectedVisibleTextRangeCallback):
(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(AccessibilityUIElement::getJSClass):

  • DumpRenderTree/AccessibilityUIElement.h:
  • DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):

  • DumpRenderTree/mac/AccessibilityUIElementMac.mm:

(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(AccessibilityUIElement::supportedActions):

  • WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::setBoolAttributeValue):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):

  • WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
  • WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::mathPostscriptsDescription):

  • WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::_convertMathMultiscriptPairsToString):

LayoutTests:

  • accessibility/mac/text-marker-word-nav-expected.txt: Added.
  • accessibility/mac/text-marker-word-nav.html: Added.
  • accessibility/text-marker/text-marker-previous-next-expected.txt:
  • accessibility/text-marker/text-marker-previous-next.html:
6:29 PM Changeset in webkit [196351] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.18.6/Source/WebCore

Merged r195816. rdar://problem/24580198

5:21 PM Changeset in webkit [196350] by dbates@webkit.org
  • 5 edits
    11 adds in trunk/Source/WebCore

CSP: Extract helper classes into their own files
https://bugs.webkit.org/show_bug.cgi?id=154040
<rdar://problem/24571189>

Reviewed by Brent Fulgham.

No functionality was changed. So, no new tests.

  • CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own

variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
(WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
(WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
(WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
(WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
(WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
(WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
(WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyDirective.h: Added.
  • page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.

Updated code to make use of the functions defined in ParsingUtilities.h.
(WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isCSPDirectiveName): Ditto.
(WebCore::isDirectiveNameCharacter): Ditto.
(WebCore::isDirectiveValueCharacter): Ditto.
(WebCore::isNotASCIISpace): Ditto.

  • page/csp/ContentSecurityPolicyDirectiveList.h: Added.
  • page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.

(WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isNotASCIISpace): Ditto.

  • page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
  • page/csp/ContentSecurityPolicySource.cpp: Added.
  • page/csp/ContentSecurityPolicySource.h: Added.
  • page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.

(WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isHostCharacter): Ditto.
(WebCore::isPathComponentCharacter): Ditto.
(WebCore::isSchemeContinuationCharacter): Ditto.
(WebCore::isNotColonOrSlash): Ditto.
(WebCore::isSourceListNone): Ditto.

  • page/csp/ContentSecurityPolicySourceList.h: Added.
  • page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
  • page/csp/ContentSecurityPolicySourceListDirective.h: Added.
5:15 PM Changeset in webkit [196349] by beidson@apple.com
  • 3 edits in trunk/Source/WebCore

Modern IDB: TransactionOperation objects leak.
https://bugs.webkit.org/show_bug.cgi?id=154054

Reviewed by Alex Christensen.

No new tests (Currently untestable).

  • Modules/indexeddb/client/IDBTransactionImpl.cpp:

(WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from

the map, as this operation doesn't complete "normally" like most others.

(WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.

  • Modules/indexeddb/client/TransactionOperation.h:

(WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,

as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.

(WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.

5:13 PM Changeset in webkit [196348] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Allow copying all headers in the request/response header tables
https://bugs.webkit.org/show_bug.cgi?id=154048
<rdar://problem/24576302>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-09
Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

New "Copy Table" string.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype._contextMenuInHeader):
Add context menu support for table header cells, and give them a
"Copy Table" context menu if there is copyable data.

(WebInspector.DataGrid.prototype._contextMenuInDataTable):
Add "Copy Table" context menu for copyable rows.

(WebInspector.DataGrid.prototype._copyTextForDataGridNode):
(WebInspector.DataGrid.prototype._copyTextForDataGridHeaders):
(WebInspector.DataGrid.prototype._copyTable):
(WebInspector.DataGrid.prototype._hasCopyableData):
Helpers for determining copyability and copying tab separated data.

5:08 PM Changeset in webkit [196347] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebKit2

Unreviewed, rolling out r196341.
https://bugs.webkit.org/show_bug.cgi?id=154056

This change broke existing API tests on Mac and iOS (Requested
by ryanhaddad on #webkit).

Reverted changeset:

"Add SPI to remove individual user scripts or user style
sheets"
https://bugs.webkit.org/show_bug.cgi?id=154046
http://trac.webkit.org/changeset/196341

4:27 PM Changeset in webkit [196346] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark perf/adding-radio-buttons.html as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=154055

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
4:15 PM Changeset in webkit [196345] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

[Mac] Graphical corruption in videos when enabling custom loading path
https://bugs.webkit.org/show_bug.cgi?id=154044

Reviewed by Alex Christensen.

The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
set to be a serial queue. So when adding dataReceived operations to that queue, there exists
the possibility that some operations are handled before others, and the client will receieve
data out of order.

A real NSURLSession object will only issue another operation when the first operation
completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
The internal queue will enqueue an operation to the resource loader's queue, and block until
that operation completes, thus ensuring ordering of the data (and other) operations.

  • platform/network/cocoa/WebCoreNSURLSession.h:
  • platform/network/cocoa/WebCoreNSURLSession.mm:

(-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
(-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
(-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
(-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
(-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
(-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.

Drive-by fix:
(-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,

queue, matching NSURLSessionDataTask's behavior.

4:14 PM Changeset in webkit [196344] by Ryan Haddad
  • 4 edits
    2 adds in trunk/LayoutTests

Rebaseline tests for ios-simulator after r196222
https://bugs.webkit.org/show_bug.cgi?id=154053

Reviewed by Zalan Bujtas.

  • platform/ios-simulator-wk2/compositing/geometry/composited-in-columns-expected.txt:
  • platform/ios-simulator-wk2/compositing/layer-creation/overlap-animation-container-expected.txt: Added.
  • platform/ios-simulator-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt:
  • platform/ios-simulator-wk2/fast/inline/continuation-outlines-with-layers-expected.txt: Added.
  • platform/ios-simulator-wk2/fast/layers/scroll-rect-to-visible-expected.txt:
4:02 PM Changeset in webkit [196343] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline compositing/overflow/scrollbar-painting.html for ios-simulator after r196244

Unreviewed test gardening.

  • platform/ios-simulator-wk2/compositing/overflow/scrollbar-painting-expected.txt:
3:42 PM Changeset in webkit [196342] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: localStorage inspector very slow on big values
https://bugs.webkit.org/show_bug.cgi?id=123750
<rdar://problem/15384930>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-09
Reviewed by Timothy Hatcher.

It is not useful to show very large strings in the DOM Storage DataGrid.
This change truncates display strings to roughly 200 characters. If the
developer really wants the full value of the string they can just access
it through localStorage.

  • UserInterface/Models/DOMStorageObject.js:

(WebInspector.DOMStorageObject.prototype.getEntries.innerCallback):
(WebInspector.DOMStorageObject.prototype.getEntries):
(WebInspector.DOMStorageObject.prototype.itemUpdated):
Modernize.

  • UserInterface/Views/DOMStorageContentView.js:

(WebInspector.DOMStorageContentView):
(WebInspector.DOMStorageContentView.prototype.itemRemoved):
Modernize.

(WebInspector.DOMStorageContentView.prototype.itemAdded):
(WebInspector.DOMStorageContentView.prototype.itemUpdated):
(WebInspector.DOMStorageContentView.prototype._truncateValue):
(WebInspector.DOMStorageContentView.prototype._populate):
Whenever we get a value that we will display, truncate it to
just 200 characters.

3:04 PM Changeset in webkit [196341] by andersca@apple.com
  • 8 edits in trunk/Source/WebKit2

Add SPI to remove individual user scripts or user style sheets
https://bugs.webkit.org/show_bug.cgi?id=154046
rdar://problem/23596352

Reviewed by Sam Weinig.

  • UIProcess/API/Cocoa/WKUserContentController.mm:

(-[WKUserContentController _removeUserScript:]):
(-[WKUserContentController _userStyleSheets]):
(-[WKUserContentController _addUserStyleSheet:]):
(-[WKUserContentController _removeUserStyleSheet:]):

  • UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::WebUserContentControllerProxy):
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):

  • UIProcess/UserContent/WebUserContentControllerProxy.h:

(WebKit::WebUserContentControllerProxy::userStyleSheets):

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeUserStyleSheet):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:
3:00 PM Changeset in webkit [196340] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196303

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
2:58 PM Changeset in webkit [196339] by n_wang@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
https://bugs.webkit.org/show_bug.cgi?id=154039

Reviewed by Chris Fleizach.

We are accessing the derefed node in the CharacterOffset object, we should create an empty
CharacterOffset object if the node is not in use.

It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityTextMarker characterOffset]):
(-[WebAccessibilityTextMarker isIgnored]):

2:54 PM Changeset in webkit [196338] by Ryan Haddad
  • 24 edits in trunk/LayoutTests

Rebaseline more tests for ios-simulator after r196244

Unreviewed test gardening.

  • platform/ios-simulator-wk2/compositing/overflow/overflow-scroll-expected.txt:
  • platform/ios-simulator-wk2/css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt:
  • platform/ios-simulator-wk2/css2.1/20110323/abspos-replaced-width-margin-000-expected.txt:
  • platform/ios-simulator-wk2/fast/block/float/overhanging-tall-block-expected.txt:
  • platform/ios-simulator-wk2/fast/clip/014-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/overflow-unsplittable-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-bt-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-lr-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-rl-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-tb-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-bt-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-lr-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-rl-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-tb-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/vertical-rl/column-rules-expected.txt:
  • platform/ios-simulator-wk2/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
  • platform/ios-simulator-wk2/fast/overflow/float-in-relpositioned-expected.txt:
  • platform/ios-simulator-wk2/fast/overflow/overflow-auto-position-absolute-expected.txt:
  • platform/ios-simulator-wk2/fast/overflow/paged-x-div-expected.txt:
  • platform/ios-simulator-wk2/fast/overflow/paged-x-div-with-column-gap-expected.txt:
  • platform/ios-simulator-wk2/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
2:42 PM Changeset in webkit [196337] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Don't crash if we fail to parse a builtin
https://bugs.webkit.org/show_bug.cgi?id=154047
rdar://problem/24300617

Reviewed by Mark Lam.

Crashing probably seemed like a good idea at the time, but we could get here in case of a
near stack overflow, so that the parser bails because of recursion.

  • parser/Parser.h:

(JSC::parse):

2:16 PM Changeset in webkit [196336] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Expiration column in Storage tab can't be sorted
https://bugs.webkit.org/show_bug.cgi?id=154043
<rdar://problem/24572272>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-09
Reviewed by Brian Burg.

  • UserInterface/Views/CookieStorageContentView.js:

(WebInspector.CookieStorageContentView.prototype._sortDataGrid.expiresCompare):
Sort Session as the shortest time, not the longest time. Use the
cookie.expires date when sorting, not the locale string.

2:09 PM Changeset in webkit [196335] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r196322

Unreviewed.

  • css/CSSFontFace.cpp:

(WebCore::CSSFontFace::font):

2:01 PM Changeset in webkit [196334] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Outline corners do not align properly for multiline inlines.
https://bugs.webkit.org/show_bug.cgi?id=154025

Reviewed by David Hyatt.

Adjust border position when outline-offset > 0. This patch also
removes integral pixelsnapping (drawLineForBoxSide takes care of
device pixelsnapping).

Source/WebCore:

Test: fast/inline/outline-corners-with-offset.html

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::paintOutlineForLine):

LayoutTests:

  • fast/inline/outline-corners-with-offset-expected.html: Added.
  • fast/inline/outline-corners-with-offset.html: Added.
1:49 PM Changeset in webkit [196333] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Analysis task page on v3 show progression as regressions
https://bugs.webkit.org/show_bug.cgi?id=154045

Reviewed by Chris Dumez.

The bug was caused by TestGroup.compareTestResults referring to undefined _smallerIsBetter.
Retrieve it from the associated metric object via the owner analysis task.

  • public/v3/models/test-group.js:
1:30 PM Changeset in webkit [196332] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac] Adopt NSURLSession properties in AVAssetResourceLoader

Rubber-stamped by Eric Carlson;

Set the correct global variable from setAVFoundationNSURLSessionEnabled().

  • page/Settings.cpp:

(WebCore::Settings::setAVFoundationNSURLSessionEnabled):

1:19 PM Changeset in webkit [196331] by barraclough@apple.com
  • 60 edits in trunk/Source

GetValueFunc/PutValueFunc should not take both slotBase and thisValue
https://bugs.webkit.org/show_bug.cgi?id=154009

Reviewed by Geoff Garen.

In JavaScript there are two types of properties - regular value properties, and accessor properties.
One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
what object they operate on in the case of a prototype access. If you access a value property of a
prototype object it return a value pertinent to the prototype, but in the case of a prototype object
returning an accessor, then the accessor function is applied to the base object of the access.

JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.

Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.

Source/JavaScriptCore:

  • API/JSCallbackObject.h:
  • API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::getStaticValue):
(JSC::JSCallbackObject<Parent>::staticFunctionGetter):
(JSC::JSCallbackObject<Parent>::callbackGetter):

  • Merged slotBase & thisValue to custom property callbacks.
  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate):

  • Modified the call being JIT generated - GetValueFunc/PutValueFunc now only take 3, rather than 4 arguments. Selects which one to keep/drop based on access type.

(WTF::printInternal):

  • bytecode/PolymorphicAccess.h:

(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::isGetter):

  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeForStubInfo):

  • jit/Repatch.cpp:

(JSC::tryCacheGetByID):
(JSC::tryCachePutByID):

  • Split the CustomGetter/Setter access types into Value/Accessor variants.
  • jsc.cpp:

(WTF::CustomGetter::getOwnPropertySlot):
(WTF::CustomGetter::customGetter):
(WTF::RuntimeArray::RuntimeArray):
(WTF::RuntimeArray::lengthGetter):

  • Merged slotBase & thisValue to custom property callbacks.
  • runtime/CustomGetterSetter.cpp:

(JSC::callCustomSetter):

  • Pass 3 arguments when calling PutValueFunc.
  • runtime/CustomGetterSetter.h:
  • runtime/JSBoundSlotBaseFunction.cpp:

(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::JSBoundSlotBaseFunction):

  • runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):

  • callCustomSetter currently takes a flag to distinguish value/accessor calls.
  • runtime/JSFunction.cpp:

(JSC::retrieveArguments):
(JSC::JSFunction::argumentsGetter):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::lengthGetter):
(JSC::JSFunction::nameGetter):

  • runtime/JSFunction.h:
  • runtime/JSModuleNamespaceObject.cpp:

(JSC::JSModuleNamespaceObject::visitChildren):
(JSC::callbackGetter):

  • Merged slotBase & thisValue to custom property callbacks.
  • runtime/JSObject.cpp:

(JSC::JSObject::putInlineSlow):

  • callCustomSetter currently takes a flag to distinguish value/accessor calls.
  • runtime/Lookup.h:

(JSC::putEntry):

  • split PutPropertySlot setCustom into Value/Accessor variants.
  • runtime/PropertySlot.cpp:

(JSC::PropertySlot::functionGetter):
(JSC::PropertySlot::customGetter):

  • runtime/PropertySlot.h:

(JSC::PropertySlot::PropertySlot):
(JSC::PropertySlot::getValue):

  • added customGetter helper to call GetValueFunc.
  • runtime/PutPropertySlot.h:

(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::setNewProperty):
(JSC::PutPropertySlot::setCustomValue):
(JSC::PutPropertySlot::setCustomAccessor):
(JSC::PutPropertySlot::setThisValue):
(JSC::PutPropertySlot::customSetter):
(JSC::PutPropertySlot::context):
(JSC::PutPropertySlot::isStrictMode):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableSetter):
(JSC::PutPropertySlot::isCacheableCustom):
(JSC::PutPropertySlot::isCustomAccessor):
(JSC::PutPropertySlot::isInitialization):
(JSC::PutPropertySlot::cachedOffset):
(JSC::PutPropertySlot::setCustomProperty): Deleted.

  • split PutPropertySlot setCustom into Value/Accessor variants.
  • runtime/RegExpConstructor.cpp:

(JSC::RegExpConstructor::getOwnPropertySlot):
(JSC::regExpConstructorDollar1):
(JSC::regExpConstructorDollar2):
(JSC::regExpConstructorDollar3):
(JSC::regExpConstructorDollar4):
(JSC::regExpConstructorDollar5):
(JSC::regExpConstructorDollar6):
(JSC::regExpConstructorDollar7):
(JSC::regExpConstructorDollar8):
(JSC::regExpConstructorDollar9):
(JSC::regExpConstructorInput):
(JSC::regExpConstructorMultiline):
(JSC::regExpConstructorLastMatch):
(JSC::regExpConstructorLastParen):
(JSC::regExpConstructorLeftContext):
(JSC::regExpConstructorRightContext):
(JSC::setRegExpConstructorInput):
(JSC::setRegExpConstructorMultiline):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::defineOwnProperty):
(JSC::regExpObjectSetLastIndexStrict):
(JSC::regExpObjectSetLastIndexNonStrict):
(JSC::RegExpObject::put):

  • Merged slotBase & thisValue to custom property callbacks.

Source/WebCore:

  • bindings/js/JSDOMBinding.cpp:

(WebCore::printErrorMessageForFrame):
(WebCore::objectToStringFunctionGetter):

  • bindings/js/JSDOMBinding.h:

(WebCore::propertyNameToString):
(WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
(WebCore::nonCachingStaticFunctionGetter):

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::visitAdditionalChildren):
(WebCore::childFrameGetter):
(WebCore::namedItemGetter):
(WebCore::jsDOMWindowWebKit):
(WebCore::jsDOMWindowIndexedDB):

  • add missing null check, in case indexDB acessor is applied to non-window object.
  • bindings/js/JSPluginElementFunctions.cpp:

(WebCore::pluginScriptObject):
(WebCore::pluginElementPropertyGetter):

  • bindings/js/JSPluginElementFunctions.h:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

  • bridge/runtime_array.cpp:

(JSC::RuntimeArray::destroy):
(JSC::RuntimeArray::lengthGetter):

  • bridge/runtime_array.h:
  • bridge/runtime_method.cpp:

(JSC::RuntimeMethod::finishCreation):
(JSC::RuntimeMethod::lengthGetter):

  • bridge/runtime_method.h:
  • bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::invalidate):
(JSC::Bindings::RuntimeObject::fallbackObjectGetter):
(JSC::Bindings::RuntimeObject::fieldGetter):
(JSC::Bindings::RuntimeObject::methodGetter):

  • bridge/runtime_object.h:
    • Merged slotBase & thisValue to custom property callbacks.

Source/WebKit2:

  • WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):
(WebKit::JSNPObject::methodGetter):

  • WebProcess/Plugins/Netscape/JSNPObject.h:
    • Merged slotBase & thisValue to custom property callbacks.
1:17 PM Changeset in webkit [196330] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Build-fix; add Nullibility macros around previously un-macro'd class definitions.

  • platform/spi/mac/AVFoundationSPI.h:
1:03 PM Changeset in webkit [196329] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebKit2

[Mac] Exiting fullscreen through the placeholder action leaves window in empty state
https://bugs.webkit.org/show_bug.cgi?id=152979
<rdar://problem/24132309>

Reviewed by Brent Fulgham.

In r194593, we relaxed the _fullScreenState requirement in -finishedExitFullScreenAnimation: to handle
the case where the request to exit fullscreen came from outside the process. However, in so doing, we
allowed -finishedExitFullScreenAnimation: to be called twice, and in so doing, leave the original window
empty of its WebView. Tighten up the restriction of _fullScreenState to allow only the "InFullScreen"
state (to take care of the external exit command) and the "ExitingFullScreen" state, to handle the
normal teardown path.

  • UIProcess/mac/WKFullScreenWindowController.mm:

(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):

12:56 PM Changeset in webkit [196328] by jer.noble@apple.com
  • 15 edits in trunk/Source

[Mac] Adopt NSURLSession properties in AVAssetResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=153873

Reviewed by Eric Carlson.

Source/WebCore:

Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
use for media loading, and control the use of this property with a new Setting.

  • page/Settings.cpp:

(WebCore::Settings::setAVFoundationNSURLSessionEnabled):

  • page/Settings.h:

(WebCore::Settings::isAVFoundationNSURLSessionEnabled):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):

  • platform/spi/mac/AVFoundationSPI.h:

Source/WebKit/mac:

Add a WebKit preference to control the WebCore isAVFoundationNSURLSessionEnabled()
setting.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences setAVFoundationNSURLSessionEnabled:]):
(-[WebPreferences isAVFoundationNSURLSessionEnabled]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit2:

Add a WebKit2 preference to control the WebCore isAVFoundationNSURLSessionEnabled()
setting.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetAVFoundationNSURLSessionEnabled):
(WKPreferencesGetAVFoundationNSURLSessionEnabled):

  • UIProcess/API/C/WKPreferencesRef.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

12:55 PM Changeset in webkit [196327] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.18.0.3/Source/WebCore

Merged r195975. rdar://problem/24354546

12:54 PM Changeset in webkit [196326] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.18.0.3/Source

Versioning.

12:52 PM Changeset in webkit [196325] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Limit max and min zoom factor of Inspector
https://bugs.webkit.org/show_bug.cgi?id=154041
<rdar://problem/24571326>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-09
Reviewed by Brian Burg.

Chose reasonable zoom levels that looked good to my eye and
roughly matched Safari's page zoom levels.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
Do not implicitly prevent default for zoom in/out keyboard shortcuts to
allow for a system beep if we do not do anything.

(WebInspector._increaseZoom):
(WebInspector._decreaseZoom):
Do not go beyond a max or min zoom level. Prevent default in the case
where we actually zoom, but don't prevent default where we do not
actually zoom to cause a system beep. Allow for a slight drift of
the floating point value as it increases / decreases by 0.2 at the
different zoom factors.

(WebInspector._resetZoom):
(WebInspector._showTabAtIndex):
Remove redundant prevent default calls, since it would happen
implicitly for these keyboard shortcuts.

12:52 PM Changeset in webkit [196324] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.18.0.3

New tag.

12:18 PM Changeset in webkit [196323] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Spread expressions are not fair game for direct binding
https://bugs.webkit.org/show_bug.cgi?id=154042
rdar://problem/24291413

Reviewed by Saam Barati.

Prior to this change we crashed on this:

var [x] = [...y];

Because NodesCodegen thinks that this is a direct binding. It's not, because we cannot
directly generate bytecode for "...y". This is a unique property of spread expressions, so
its sufficient to just bail out of direct binding if we see a spread expression. That's what
this patch does.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ArrayPatternNode::emitDirectBinding):

  • tests/stress/spread-in-tail.js: Added.

(foo):
(catch):

11:50 AM Changeset in webkit [196322] by mmaxfield@apple.com
  • 10 edits in trunk/Source/WebCore

Decouple font creation from font loading
https://bugs.webkit.org/show_bug.cgi?id=153414

Reviewed by Darin Adler.

Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
that the function which triggers the download also has the goal of returning a font to use. However,
the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
creation overhead.

In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
this:

=> Success


Pending => Loading


=> Failure

Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
CSSFontFaceSources may be in.

No new tests because there is no behavior change.

  • css/CSSFontFace.cpp:

(WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
(WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
(WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
(WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
(WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
(WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
(WebCore::CSSFontFace::isValid): Deleted.
(WebCore::CSSFontFace::addSource): Deleted.
(WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
(WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.

  • css/CSSFontFace.h:

(WebCore::CSSFontFace::create): Remove old dead code.
(WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
(WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.

  • css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
(WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
(WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
(WebCore::CSSFontFaceSource::load): Pulled out code from font().
(WebCore::CSSFontFaceSource::font): Moved code into load().
(WebCore::CSSFontFaceSource::isValid): Deleted.
(WebCore::CSSFontFaceSource::isDecodeError): Deleted.
(WebCore::CSSFontFaceSource::ensureFontData): Deleted.

  • css/CSSFontFaceSource.h: Much cleaner API.
  • css/CSSFontSelector.cpp:

(WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
reorganization.
(WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
(WebCore::CSSFontSelector::addFontFaceRule): Ditto.
(WebCore::CSSFontSelector::getFontFace): Ditto.

  • css/CSSSegmentedFontFace.cpp:

(WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
(WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
(WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
(WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
(WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
(WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
(WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
(WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
(WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.

  • css/CSSSegmentedFontFace.h:

(WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
(WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
(WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.

  • loader/cache/CachedFont.cpp:

(WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
(WebCore::CachedFont::checkNotify): Ditto.

  • loader/cache/CachedFontClient.h:

(WebCore::CachedFontClient::fontLoaded): Ditto.

10:57 AM Changeset in webkit [196321] by andersca@apple.com
  • 6 edits
    1 copy in trunk/Source/WebKit2

All 32-bit plug-ins should use the XPC service
https://bugs.webkit.org/show_bug.cgi?id=154036
rdar://problem/16059483

Reviewed by Dan Bernstein.

Silverlight expects malloced memory from the tiny zone to be executable. It also expects
the data segment from its coreclr image to be executable.

Make this possible by:

  1. Shimming mach_vm_map, making sure to add the VM_PROT_EXECUTABLE bit to any memory in the tiny zone.
  2. Go through the address space, looking for any existing ranges from the tiny zone and mach_vm_protect them to be executable.
  3. Register with dyld so we'll get callbacks whenever a library is bound, look for the coreclr image, and mach_vm_protect its DATA segment to be executable.
  • Platform/spi/Cocoa/DyldSPI.h: Copied from Source/WebKit2/PluginProcess/mac/PluginProcessShim.h.
  • PluginProcess/mac/PluginProcessMac.mm:

(WebKit::isMallocMemoryTag):
(WebKit::shouldMapMemoryExecutable):
(WebKit::initializeShim):
(WebKit::PluginProcess::platformInitializeProcess):

  • PluginProcess/mac/PluginProcessShim.h:
  • PluginProcess/mac/PluginProcessShim.mm:

(WebKit::shimMachVMMap):

  • UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::PluginProcessProxy::platformGetLaunchOptions):
(WebKit::shouldUseXPC): Deleted.

  • WebKit2.xcodeproj/project.pbxproj:
10:33 AM Changeset in webkit [196320] by bshafiei@apple.com
  • 3 edits
    2 copies in tags/Safari-602.1.18.6

Merged r196004. rdar://problem/24439699

10:32 AM Changeset in webkit [196319] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.18.6/LayoutTests

Merged r196002. rdar://problem/19506502

10:31 AM Changeset in webkit [196318] by bshafiei@apple.com
  • 14 edits
    13 copies in tags/Safari-602.1.18.6

Merged r196001. rdar://problem/19506502

10:28 AM Changeset in webkit [196317] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.18.6/Source

Versioning.

10:25 AM Changeset in webkit [196316] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.18.6

New tag.

10:25 AM Changeset in webkit [196315] by Csaba Osztrogonác
  • 4 edits in trunk

[GTK][EFL] Fix several build configuration related to SamplingProfiler after r196245
https://bugs.webkit.org/show_bug.cgi?id=154033

Reviewed by Michael Catanzaro.

.:

  • Source/cmake/WebKitFeatures.cmake:

Source/WTF:

  • wtf/Platform.h:
10:16 AM Changeset in webkit [196314] by Alan Bujtas
  • 95 edits
    1 add in trunk/LayoutTests

[Win] Rebaseline after r196244.

Unreviewed test gardening.

  • platform/win/css3/unicode-bidi-isolate-basic-expected.txt:
  • platform/win/fast/block/float/overhanging-tall-block-expected.txt:
  • platform/win/fast/block/positioning/auto/vertical-rl/007-expected.txt:
  • platform/win/fast/borders/border-antialiasing-expected.txt:
  • platform/win/fast/clip/001-expected.txt:
  • platform/win/fast/clip/013-expected.txt:
  • platform/win/fast/clip/014-expected.txt:
  • platform/win/fast/clip/outline-overflowClip-expected.txt:
  • platform/win/fast/css/clip-zooming-expected.txt:
  • platform/win/fast/frames/flattening/iframe-flattening-offscreen-expected.txt: Added.
  • platform/win/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
  • platform/win/fast/line-grid/line-grid-inside-columns-expected.txt:
  • platform/win/fast/line-grid/line-grid-into-columns-expected.txt:
  • platform/win/fast/lists/scrolled-marker-paint-expected.txt:
  • platform/win/fast/multicol/client-rects-expected.txt:
  • platform/win/fast/multicol/column-break-with-balancing-expected.txt:
  • platform/win/fast/multicol/column-rules-expected.txt:
  • platform/win/fast/multicol/column-rules-stacking-expected.txt:
  • platform/win/fast/multicol/columns-shorthand-parsing-expected.txt:
  • platform/win/fast/multicol/float-paginate-complex-expected.txt:
  • platform/win/fast/multicol/float-paginate-empty-lines-expected.txt:
  • platform/win/fast/multicol/float-paginate-expected.txt:
  • platform/win/fast/multicol/layers-in-multicol-expected.txt:
  • platform/win/fast/multicol/layers-split-across-columns-expected.txt:
  • platform/win/fast/multicol/max-height-columns-block-expected.txt:
  • platform/win/fast/multicol/nested-columns-expected.txt:
  • platform/win/fast/multicol/newmulticol/client-rects-expected.txt:
  • platform/win/fast/multicol/overflow-across-columns-expected.txt:
  • platform/win/fast/multicol/overflow-across-columns-percent-height-expected.txt:
  • platform/win/fast/multicol/overflow-unsplittable-expected.txt:
  • platform/win/fast/multicol/paginate-block-replaced-expected.txt:
  • platform/win/fast/multicol/pagination/BottomToTop-bt-expected.txt:
  • platform/win/fast/multicol/pagination/BottomToTop-lr-expected.txt:
  • platform/win/fast/multicol/pagination/BottomToTop-rl-expected.txt:
  • platform/win/fast/multicol/pagination/BottomToTop-tb-expected.txt:
  • platform/win/fast/multicol/pagination/LeftToRight-bt-expected.txt:
  • platform/win/fast/multicol/pagination/LeftToRight-rl-expected.txt:
  • platform/win/fast/multicol/pagination/LeftToRight-tb-expected.txt:
  • platform/win/fast/multicol/pagination/LeftToRight-tb-hittest-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-bt-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-lr-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-rl-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-rl-hittest-expected.txt:
  • platform/win/fast/multicol/pagination/RightToLeft-tb-expected.txt:
  • platform/win/fast/multicol/pagination/TopToBottom-bt-expected.txt:
  • platform/win/fast/multicol/pagination/TopToBottom-lr-expected.txt:
  • platform/win/fast/multicol/pagination/TopToBottom-rl-expected.txt:
  • platform/win/fast/multicol/positive-leading-expected.txt:
  • platform/win/fast/multicol/scrolling-column-rules-expected.txt:
  • platform/win/fast/multicol/scrolling-overflow-expected.txt:
  • platform/win/fast/multicol/span/anonymous-style-inheritance-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
  • platform/win/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
  • platform/win/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
  • platform/win/fast/multicol/span/span-as-nested-columns-child-expected.txt:
  • platform/win/fast/multicol/span/span-margin-collapsing-expected.txt:
  • platform/win/fast/multicol/table-vertical-align-expected.txt:
  • platform/win/fast/multicol/tall-image-behavior-expected.txt:
  • platform/win/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
  • platform/win/fast/multicol/vertical-lr/column-rules-expected.txt:
  • platform/win/fast/multicol/vertical-lr/float-multicol-expected.txt:
  • platform/win/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
  • platform/win/fast/multicol/vertical-lr/float-paginate-expected.txt:
  • platform/win/fast/multicol/vertical-lr/nested-columns-expected.txt:
  • platform/win/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
  • platform/win/fast/multicol/vertical-rl/column-rules-expected.txt:
  • platform/win/fast/multicol/vertical-rl/float-multicol-expected.txt:
  • platform/win/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
  • platform/win/fast/multicol/vertical-rl/float-paginate-expected.txt:
  • platform/win/fast/multicol/vertical-rl/nested-columns-expected.txt:
  • platform/win/fast/overflow/clip-rects-fixed-ancestor-expected.txt:
  • platform/win/fast/overflow/float-in-relpositioned-expected.txt:
  • platform/win/fast/overflow/overflow-auto-position-absolute-expected.txt:
  • platform/win/fast/overflow/overflow-rtl-expected.txt:
  • platform/win/fast/overflow/paged-x-div-expected.txt:
  • platform/win/fast/overflow/paged-x-div-with-column-gap-expected.txt:
  • platform/win/fast/overflow/paged-x-on-root-expected.txt:
  • platform/win/fast/overflow/paged-x-with-column-gap-expected.txt:
  • platform/win/fast/overflow/paged-y-div-expected.txt:
  • platform/win/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
  • platform/win/fast/repaint/box-shadow-h-expected.txt:
  • platform/win/fast/repaint/box-shadow-v-expected.txt:
  • platform/win/fast/repaint/layer-outline-expected.txt:
  • platform/win/fast/repaint/layer-outline-horizontal-expected.txt:
  • platform/win/fast/table/edge-offsets-expected.txt:
  • platform/win/fast/transforms/overflow-with-transform-expected.txt:
  • platform/win/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
  • platform/win/scrollbars/scrollbars-on-positioned-content-expected.txt:
  • platform/win/svg/custom/getscreenctm-in-scrollable-div-area-nested-expected.txt:
  • platform/win/svg/custom/image-rescale-clip-expected.txt:
9:40 AM Changeset in webkit [196313] by beidson@apple.com
  • 5 edits
    2 adds in trunk/Source/WebCore

Modern IDB: IDBOpenDBRequests leak.
https://bugs.webkit.org/show_bug.cgi?id=154032

Reviewed by Alex Christensen.

No new tests (Currently untestable).

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:

Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
drop the last ref to the request after its last event fires or is otherwise destroyed:

  • Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.

(WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):

  • Modules/indexeddb/IDBRequestCompletionEvent.h: Added.

(WebCore::IDBRequestCompletionEvent::create):

  • Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:

(WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
(WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
(WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
(WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.

  • Modules/indexeddb/client/IDBTransactionImpl.cpp:

(WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's

completion event to fire, clear the back-ref to the request.

9:38 AM Changeset in webkit [196312] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[EFL] Remove eail related cruft after r195725
https://bugs.webkit.org/show_bug.cgi?id=154030

Reviewed by Alex Christensen.

  • efl/jhbuildrc:
9:35 AM Changeset in webkit [196311] by Csaba Osztrogonác
  • 2 edits
    3 deletes in trunk/Tools

[EFL] Remove LLVM related cruft after r196077
https://bugs.webkit.org/show_bug.cgi?id=154031

Reviewed by Alex Christensen.

  • efl/jhbuild.modules:
  • efl/patches/llvm-elf-add-stackmaps-arm64.patch: Removed.
  • efl/patches/llvm-elf-allow-fde-references-outside-the-2gb-range-arm64.patch: Removed.
  • efl/patches/llvm-version-arm64.patch: Removed.
9:13 AM Changeset in webkit [196310] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebKit/mac

checkValidity() sometimes asserts in WebUserMediaClient::pageDestroyed
https://bugs.webkit.org/show_bug.cgi?id=154029
<rdar://problem/24065022>

Reviewed by Alex Christensen.

  • WebCoreSupport/WebUserMediaClient.mm:

(WebUserMediaClient::pageDestroyed): Copy map keys to a vector and clear the map before

enumerating the vector and canceling the requests. ASSERT that the map is not modified
during cleanup. Clean up the permission check map.

(WebUserMediaClient::requestUserMediaAccess): Add the request to the map before calling the

UI delegate in case it works synchronously (as it does in DRT).

(WebUserMediaClient::checkUserMediaPermission): Ditto.
(WebUserMediaClient::cancelUserMediaPermissionCheck): White-space cleanup.
(-[WebUserMediaPolicyListener allow]): Ditto.

9:09 AM Changeset in webkit [196309] by Alan Bujtas
  • 82 edits
    12 copies
    2 adds in trunk/LayoutTests

[iOS] Rebaseline after r196244.

Unreviewed test gardening.

  • platform/ios-simulator/compositing/geometry/clipping-foreground-expected.txt:
  • platform/ios-simulator/compositing/geometry/root-layer-update-expected.txt:
  • platform/ios-simulator/compositing/overflow/overflow-scroll-expected.txt:
  • platform/ios-simulator/compositing/overflow/parent-overflow-expected.txt:
  • platform/ios-simulator/compositing/overflow/scrollbar-painting-expected.txt:
  • platform/ios-simulator/compositing/sibling-positioning-expected.txt:
  • platform/ios-simulator/css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt: Added.
  • platform/ios-simulator/css2.1/20110323/abspos-replaced-width-margin-000-expected.txt: Added.
  • platform/ios-simulator/css3/blending/blend-mode-overflow-expected.txt:
  • platform/ios-simulator/css3/unicode-bidi-isolate-basic-expected.txt:
  • platform/ios-simulator/fast/block/float/overhanging-tall-block-expected.txt:
  • platform/ios-simulator/fast/borders/border-antialiasing-expected.txt:
  • platform/ios-simulator/fast/clip/001-expected.txt:
  • platform/ios-simulator/fast/clip/013-expected.txt:
  • platform/ios-simulator/fast/clip/014-expected.txt:
  • platform/ios-simulator/fast/clip/016-expected.txt:
  • platform/ios-simulator/fast/clip/outline-overflowClip-expected.txt:
  • platform/ios-simulator/fast/css/clip-zooming-expected.txt:
  • platform/ios-simulator/fast/frames/flattening/iframe-flattening-offscreen-expected.txt:
  • platform/ios-simulator/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
  • platform/ios-simulator/fast/line-grid/line-grid-inside-columns-expected.txt:
  • platform/ios-simulator/fast/line-grid/line-grid-into-columns-expected.txt:
  • platform/ios-simulator/fast/lists/scrolled-marker-paint-expected.txt:
  • platform/ios-simulator/fast/multicol/client-rects-expected.txt:
  • platform/ios-simulator/fast/multicol/column-break-with-balancing-expected.txt:
  • platform/ios-simulator/fast/multicol/column-rules-expected.txt:
  • platform/ios-simulator/fast/multicol/column-rules-stacking-expected.txt:
  • platform/ios-simulator/fast/multicol/columns-shorthand-parsing-expected.txt:
  • platform/ios-simulator/fast/multicol/float-paginate-complex-expected.txt:
  • platform/ios-simulator/fast/multicol/float-paginate-empty-lines-expected.txt:
  • platform/ios-simulator/fast/multicol/float-paginate-expected.txt:
  • platform/ios-simulator/fast/multicol/layers-in-multicol-expected.txt:
  • platform/ios-simulator/fast/multicol/layers-split-across-columns-expected.txt:
  • platform/ios-simulator/fast/multicol/max-height-columns-block-expected.txt:
  • platform/ios-simulator/fast/multicol/nested-columns-expected.txt:
  • platform/ios-simulator/fast/multicol/newmulticol/client-rects-expected.txt:
  • platform/ios-simulator/fast/multicol/overflow-across-columns-expected.txt:
  • platform/ios-simulator/fast/multicol/overflow-across-columns-percent-height-expected.txt:
  • platform/ios-simulator/fast/multicol/overflow-unsplittable-expected.txt:
  • platform/ios-simulator/fast/multicol/paginate-block-replaced-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/BottomToTop-bt-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/BottomToTop-lr-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-lr-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/BottomToTop-rl-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-rl-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/BottomToTop-tb-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/LeftToRight-bt-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/RightToLeft-bt-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/RightToLeft-lr-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/RightToLeft-rl-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/RightToLeft-tb-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt.
  • platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/TopToBottom-lr-expected.txt:
  • platform/ios-simulator/fast/multicol/pagination/TopToBottom-rl-expected.txt:
  • platform/ios-simulator/fast/multicol/positive-leading-expected.txt:
  • platform/ios-simulator/fast/multicol/scrolling-column-rules-expected.txt:
  • platform/ios-simulator/fast/multicol/scrolling-overflow-expected.txt:
  • platform/ios-simulator/fast/multicol/span/anonymous-style-inheritance-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-as-nested-columns-child-expected.txt:
  • platform/ios-simulator/fast/multicol/span/span-margin-collapsing-expected.txt:
  • platform/ios-simulator/fast/multicol/table-vertical-align-expected.txt:
  • platform/ios-simulator/fast/multicol/tall-image-behavior-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/column-rules-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/float-multicol-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-lr/nested-columns-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt.
  • platform/ios-simulator/fast/multicol/vertical-rl/column-rules-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/column-rules-expected.txt.
  • platform/ios-simulator/fast/multicol/vertical-rl/float-multicol-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-rl/float-paginate-complex-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-complex-expected.txt.
  • platform/ios-simulator/fast/multicol/vertical-rl/float-paginate-expected.txt:
  • platform/ios-simulator/fast/multicol/vertical-rl/nested-columns-expected.txt:
  • platform/ios-simulator/fast/overflow/float-in-relpositioned-expected.txt:
  • platform/ios-simulator/fast/overflow/overflow-auto-position-absolute-expected.txt:
  • platform/ios-simulator/fast/overflow/overflow-rtl-expected.txt:
  • platform/ios-simulator/fast/overflow/paged-x-div-expected.txt:
  • platform/ios-simulator/fast/overflow/paged-x-div-with-column-gap-expected.txt:
  • platform/ios-simulator/fast/overflow/paged-x-on-root-expected.txt:
  • platform/ios-simulator/fast/overflow/paged-x-with-column-gap-expected.txt:
  • platform/ios-simulator/fast/overflow/paged-y-div-expected.txt:
  • platform/ios-simulator/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
  • platform/ios-simulator/fast/regions/repaint/region-painting-via-layout-expected.txt:
  • platform/ios-simulator/fast/table/edge-offsets-expected.txt:
  • platform/ios-simulator/fast/transforms/overflow-with-transform-expected.txt:
  • platform/ios-simulator/svg/custom/image-rescale-clip-expected.txt:
4:38 AM Changeset in webkit [196308] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Unreviewed, rolling out r196286.
https://bugs.webkit.org/show_bug.cgi?id=154026

Looks like 5% iOS PLT regression (Requested by kling on
#webkit).

Reverted changeset:

"[iOS] Throw away some unlinked code when navigating to a new
page."
https://bugs.webkit.org/show_bug.cgi?id=154014
http://trac.webkit.org/changeset/196286

12:23 AM Changeset in webkit [196307] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

possible buffer overrun in Connection::processMessage of Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp
https://bugs.webkit.org/show_bug.cgi?id=153637

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-02-09
Reviewed by Carlos Garcia Campos.

  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::processMessage): Fix invalid arguments of memmove.

12:19 AM Changeset in webkit [196306] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.11.5

WebKitGTK+ 2.11.5

12:07 AM Changeset in webkit [196305] by Carlos Garcia Campos
  • 4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.11.5 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.11.5.

Feb 8, 2016:

9:26 PM Changeset in webkit [196304] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Address Said's comments on the benchmark, and do some clean up.

  • Animometer/developer.html:
  • Animometer/resources/debug-runner/animometer.css: Add styles for averages.
  • Animometer/resources/debug-runner/animometer.js: Use the right

Strings constants.

  • Animometer/resources/debug-runner/graph.js:

(_addRegressionLine): Add missing code to draw the line and standard
deviation highlight.
(onGraphTypeChanged): Remove unneeded variables
(onTimeGraphOptionsChanged):

  • Animometer/resources/runner/benchmark-runner.js:

(_runBenchmarkAndRecordResults): Rename samplers to suiteResults and
_suitesSamplers to _suitesResults.

  • Animometer/tests/resources/main.js:

(results): Call processSamples().
(update): Change sampling timestamp comparison.
(_animateLoop): Move shouldStop call to before the update.

  • Animometer/tests/resources/sampler.js:

(process): Rename to processSamples().

9:15 PM Changeset in webkit [196303] by Chris Dumez
  • 21 edits in trunk

Attribute getters should not require an explicit 'this' value for Window properties
https://bugs.webkit.org/show_bug.cgi?id=153968

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Attribute getters should not require an explicit 'this' value for
Window properties. This is because the Window interface is marked
as [ImplicitThis]:

This matches the behavior of Firefox and the expectations of the W3C
web-platform-tests.

No new tests, already covered by existing tests.

  • bindings/scripts/CodeGeneratorJS.pm:

In attribute getters of an interface marked as [ImplicitThis],
if 'thisValue' is undefined or null, fall back to using the
global object as 'thisValue'.

  • bindings/scripts/IDLAttributes.txt:

Add support for [ImplicitThis]:
http://heycam.github.io/webidl/#ImplicitThis

  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:
  • bindings/scripts/test/JS/JSattribute.cpp:

Rebaseline bindings tests.

  • page/DOMWindow.idl:

Mark Window as [ImplicitThis]:
http://heycam.github.io/webidl/#ImplicitThis

LayoutTests:

Rebaseline existing tests now that more checks are passing.

  • fast/dom/Window/getOwnPropertyDescriptor-other-window-expected.txt:
  • fast/dom/Window/getOwnPropertyDescriptor-other-window.html:
  • js/getOwnPropertyDescriptor-window-attributes-expected.txt:
7:46 PM Changeset in webkit [196302] by keith_miller@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Error construction for inlined operations should not use the inliner's CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154021

Reviewed by Mark Lam.

Previously, if one function, A, was inlined into another function, B, in the DFG/FTL
we would use B's DFG/FTL CodeBlock to construct source information about the Error.
We would correctly compute the bytecodeOffset in A for the an expression but we would
not use one of A's CodeBlocks when looking up source. This caused crashes during
operationIn as we expected to be able to find the text "in" in the source.

  • runtime/ErrorInstance.cpp:

(JSC::appendSourceToError):

  • tests/stress/inlined-error-gets-correct-codeblock-for-bytecodeoffset.js: Added.

(map):
(n):
(one):
(catch):

7:33 PM Changeset in webkit [196301] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Uncaught exception merging script profiler records
https://bugs.webkit.org/show_bug.cgi?id=154004

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Brian Burg.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype._mergeScriptProfileRecords):
Stop if we've merged all script profiler records.

7:31 PM Changeset in webkit [196300] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

runtimeTypeForValue should protect against seeing TDZ value
https://bugs.webkit.org/show_bug.cgi?id=154023

Reviewed by Michael Saboff.

There are a few back traces I've seen from crashes that bottom out
inside runtimeTypeForValue. I haven't been able to reproduce
any such crash, but it's likely that we're encountering the
empty JSValue. It's better to just have this function protect
against seeing the empty value instead of dereferencing a null
pointer when it thinks the value is a cell.

  • runtime/RuntimeType.cpp:

(JSC::runtimeTypeForValue):

7:30 PM Changeset in webkit [196299] by jonlee@apple.com
  • 2 edits in trunk/PerformanceTests

Teach Controller to measure intervals, and turn off the frame length estimator.

  • Animometer/tests/resources/main.js: Default interval length is 100 ms.

(start): Set the first interval.
(_measureAndResetInterval): Reports the average frame length of the interval that just
completed, and sets up the next interval.
(update): If there is no length, then just use the estimator per frame, otherwise the
estimator measures per interval. Add a didFinishInterval for subclasses to process
prior to recording the sample. Update tune() to include whether an interval had
finished.
(StepController): Step controllers don't measure on an interval basis.

7:30 PM Changeset in webkit [196298] by jonlee@apple.com
  • 2 edits in trunk/PerformanceTests

Minor refactoring. Rename Controller._estimator to Controller._frameLengthEstimator
and switch the parameters for start(), update(), and tune(), so that the timestamp
is first and stage is second.

  • Animometer/tests/resources/main.js:
7:30 PM Changeset in webkit [196297] by jonlee@apple.com
  • 5 edits in trunk/PerformanceTests

Move ResultsTable functionality not needed for release tests out.
Move reporting of score and mean to selection of the time-based graph.

  • Animometer/developer.html: Rename graph-options to time-graph-options.
  • Animometer/resources/debug-runner/animometer.js:

(DeveloperResultsTable): Moved from runner/animometer.js. Switch from mean
values to "average" objects which can hold stdev. Move graph button and
calculation of noisy measurements here. Sophisticated header processing
is not needed in release suite.
(populateTable): Use DeveloperResultsTable.

  • Animometer/resources/debug-runner/graph.js: Pull time graph creation to

its own function, and add a new onGraphTypeChanged handler in preparation
of a complexity graph to be added later.

  • Animometer/resources/runner/animometer.js:

(ResultsTable): Simplify to just handle test names and scores.

7:30 PM Changeset in webkit [196296] by jonlee@apple.com
  • 5 edits in trunk/PerformanceTests

Tests: reuse objects already made.

Avoid thrash of object creation and removal by maintaining an index that
moves along the array as the adjust values change. If the tune value
requires more objects than the maximum size of the object array, then create
new objects. This means that the object array size never decreases.

  • Animometer/tests/master/resources/canvas-stage.js: Maintain a separate

offsetIndex. For these tests, we want to avoid drawing the oldest objects,
so the scene will draw the object at offsetIndex to the end of the array.
(tune): Reverse the logic since "removal" of objects is much simpler and
involves simply changing the offsetIndex.
(animate): Update the for loop to draw from offsetIndex to the end.
(complexity): Update the definition.

  • Animometer/tests/master/resources/canvas-tests.js: Maintain a separate

offsetIndex. For these tests, we want to avoid drawing the newest objects,
so the scene will draw the object at index 0 to the object at offsetIndex.
(SimpleCanvasStage.animate): Fly-by removal of local stage variable,
which is unneeded. Update the for loop to draw from offsetIndex to the end.

  • Animometer/tests/simple/resources/simple-canvas-paths.js:

(SimpleCanvasStage.animate): Update the for loop to draw from 0 to
offsetIndex.

  • Animometer/tests/simple/resources/simple-canvas.js:

(tune): Update logic. Here, offsetIndex represents the boundary of the last
index to render.
(animate): Update the for loop to draw from 0 to offsetIndex.
(complexity): Update the definition.

7:30 PM Changeset in webkit [196295] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Tests: refactor and update styles.

  • Animometer/tests/resources/main.js: Add helper methods that return

a color that hue rotates based on the date, and a counter value that
increases based on the date. Fix randomInt() to not bias against the min and
max values.

  • Animometer/tests/master/resources/canvas-tests.js: Use new helper methods.
  • Animometer/tests/master/resources/dom-particles.js: Ditto.
  • Animometer/tests/master/resources/particles.js: Ditto.
  • Animometer/tests/simple/resources/simple-canvas-paths.js: Refactor to

use a rotating color instead of a random color. The fast switching of color
is too vivid to watch.

  • Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:

(BouncingSvgParticlesStage.call.createGradient): Fix the gradient so
that the last stop is located at the end.

7:30 PM Changeset in webkit [196294] by jonlee@apple.com
  • 12 edits in trunk/PerformanceTests

Refactor tune() to not return the complexity of the scene.

We have stage.complexity() now, so returning the complexity through tune
is unnecessary.

  • Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
  • Animometer/tests/master/resources/canvas-stage.js:
  • Animometer/tests/master/resources/particles.js:
  • Animometer/tests/misc/resources/canvas-electrons.js:
  • Animometer/tests/misc/resources/canvas-stars.js:
  • Animometer/tests/resources/main.js:
  • Animometer/tests/simple/resources/simple-canvas.js:
  • Animometer/tests/simple/resources/tiled-canvas-image.js:
  • Animometer/tests/template/resources/template-canvas.js:
  • Animometer/tests/template/resources/template-css.js:
  • Animometer/tests/template/resources/template-svg.js:
  • Animometer/tests/text/resources/layering-text.js:
7:30 PM Changeset in webkit [196293] by jonlee@apple.com
  • 4 edits in trunk/PerformanceTests

Make the fixed controller a step controller instead. Halfway through the test
it will bump up the complexity 4-fold. Calculate the step timestamp using options
instead of a separate parameter to the Controller constructor.

  • Animometer/developer.html: Change value to "step"
  • Animometer/resources/debug-runner/animometer.js:

(window.suitesManager.updateEditsElementsState): Show number inputs when set to "step".

  • Animometer/tests/resources/main.js:

(update): Provide a hook for subclasses to tune.
(StepController): Maintain a flag determining whether we've stepped, and the time
we should step.
(Benchmark): Use the new StepController.

7:30 PM Changeset in webkit [196292] by jonlee@apple.com
  • 5 edits in trunk/PerformanceTests

Adjust the FPS graph scale.

Instead of making the FPS graph linearly scale, scale it based on the frame length,
but show the data in terms of FPS. Because it is inversely proportional, and most
of the data never gets below 20, concentrate the axis from 20-60 FPS, since otherwise
over half of the available graph space ends up blank.

This means we should convert all of the FPS data to frame length data.

  • Animometer/resources/debug-runner/graph.js: Update the domain to be based on

frame length in milliseconds instead of FPS. Update the cursor to consider all of the
values being shown, and then pick the min and max values to represent the length of the
cursor.

  • Animometer/resources/runner/animometer.js:
  • Animometer/resources/strings.js:
  • Animometer/tests/resources/main.js:

(processSamples): Add the ability to only sample a range of the data instead of everything
after an offset index. Update sampler to record the frame lengths instead of the frame
rate.

7:30 PM Changeset in webkit [196291] by jonlee@apple.com
  • 4 edits in trunk/PerformanceTests

Add option to use different methods for retrieving a timestamp.

  • Animometer/developer.html: Add performance.now and Date.now options.
  • Animometer/resources/runner/animometer.js: Default to performance.now.

(window.benchmarkController.startBenchmark):

  • Animometer/tests/resources/main.js: Tie the desired method to _getTimestamp.

(run): Use _getTimestamp.
(_animateLoop): Ditto.

7:30 PM Changeset in webkit [196290] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Allow adding any number of markers to the graph. The markers can be labeled
and contain timestamp and sample index data. Make it a part of the controller
rather than keeping it in the sampler.

  • Animometer/resources/debug-runner/animometer.css: Add styles for markers
  • Animometer/resources/debug-runner/graph.js: Create the markers and add

text labels.

  • Animometer/resources/runner/animometer.js: Assume the samplingTimeOffset

is just one of the marks provided.

  • Animometer/resources/strings.js: Add Strings.json.marks.
  • Animometer/tests/resources/main.js:

(Controller): Keep marks here. They are keyed by the marker name, so no two
markers should have the same name.
(recordFirstSample): Refactor to use mark.
(mark): Allows for arbitrary data if needed later. The timestamp maintained
is relative to the absolute start timestamp.
(containsMark): Checks whether a mark with a specific comment exists.
(processSamples): Removes the _startTimestamp offset from the marks before
setting it in results.

  • Animometer/tests/resources/sampler.js: Remove marks.
7:30 PM Changeset in webkit [196289] by jonlee@apple.com
  • 22 edits in trunk/PerformanceTests

Get rid of options member variable in Benchmark.

Options are only needed when initializing the stage or benchmark, so there's no
need to also keep a reference to it.

  • Animometer/tests/resources/main.js: Get rid of options variable in Benchmark.

Pass options to Controllers and Stages.
(Controller.Utilities.createClass):
(Benchmark.Utilities.createClass):
(get options): Deleted.

  • Animometer/tests/bouncing-particles/resources/bouncing-canvas-images.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-canvas-particles.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-canvas-shapes.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-css-images.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-images.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
  • Animometer/tests/master/resources/canvas-stage.js:
  • Animometer/tests/master/resources/canvas-tests.js:
  • Animometer/tests/master/resources/particles.js:
  • Animometer/tests/misc/resources/canvas-electrons.js:
  • Animometer/tests/misc/resources/canvas-stars.js:
  • Animometer/tests/misc/resources/compositing-transforms.js:
  • Animometer/tests/simple/resources/simple-canvas-paths.js:
  • Animometer/tests/simple/resources/tiled-canvas-image.js:
  • Animometer/tests/template/resources/template-canvas.js:
  • Animometer/tests/template/resources/template-css.js:
  • Animometer/tests/template/resources/template-svg.js:
  • Animometer/tests/text/resources/layering-text.js:
7:25 PM Changeset in webkit [196288] by jonlee@apple.com
  • 10 edits in trunk/PerformanceTests

Update how the benchmark is run
https://bugs.webkit.org/show_bug.cgi?id=153960

Provisionally reviewed by Said Abou-Hallawa.

Introduce the notion of a Controller. It is responsible for recording, updating,
and processing the statistics and complexity of the benchmark. This allows
plugging in different Controllers.

This strips most of the functionality from Animator and BenchmarkState, so fold
what's left into Benchmark. Now, Benchmarks only own a stage and a controller, but
are responsible for driving the animation loop.

Rewrite Animator._shouldRequestAnotherFrame into two different Controllers. One
maintains a fixed complexity, and the other adapts the complexity to meet a
fixed FPS.

Fix the Kalman estimator to be modeled on a scalar variable with no model.

  • Animometer/tests/resources/main.js: Remove BenchmarkState and Animator, and

replace it with a Controller. Add a FixedController and refactor the previous controller
to an AdaptiveController.

(Controller): Controllers own the estimator and the sampler. When a new frame is
displayed, the animation loop calls update(). The estimator and sampler record
stats, then tune. Samplers can track multiple series of data. The basic controller
tracks timestamp, complexity, and estimated frame rate.

The Kalman estimation is based on the frame length rather than the frame

rate. Because FPS is inverse proportional to frame length, in the case where the measured
frame length is very small, the FPS ends up being a wildly large number (in the order of
600-1000 "FPS"), and it pulls the estimator up drastically enough that it takes a while
for it to settle back down. Using frame length reduces the impact of these spikes.

Converging the estimation takes enough time to avoid initializing it immediately

when the benchmark starts. Instead, the benchmark runs for a brief period of time (100ms)
before running it in earnest. Allow controllers an opportunity to set the complexity
before starting recording.

When the benchmark is complete, the controller has an opportunity to process

the samples. The default implementation calculates the raw FPS based on the time
difference of the samples, and calculates the complexity score. This is moved from
Benchmark.processSamples.

(Controller): Initialize timestamps. These are at first relative to the start of the
benchmark, but are offset by the absolute start time during start(). By default maintain
3 data series, but subclasses can override.
(start): Calls recordFirstSample() for subclasses to override if needed.
(recordFirstSample): For basic controller, start sampling at the beginning.
(update): Update the frame length estimator and sample.
(shouldStop): Checks that the time is before _endTimestamp.
(results): Returns the processed samples.
(processSamples): Iterate through the sample data and collate them. Include scores.

(FixedComplexityController): Controller that tunes the stage to the desired complexity
prior to starting, and keeps it at that complexity.

(AdaptiveController): Have the estimator estimate the interval frame rate instead of the
raw frame rate.

The previous version of this controller ignored the frame that came after the

adjustment. The raw FPS show that whatever noise the scene change adds is negligible
compared to the noise of the system overall. Stop ignoring that frame and include all
frames in the measurements.

(Benchmark): Remove dependency on animator, and instantiate a runner based on what is
selected. Most of the loop's functionality is in Controller, so remove here.
(Benchmark.run): Remove start() since it is only called from run(), and fold it in here.
(Benchmark._animateLoop): Fold in from Animator.animateLoop. Let the benchmark run for
a brief period before calling Controller.start().

  • Animometer/tests/resources/math.js: Fix the Kalman estimator. The filter estimates

a scalar variable, and makes basic assumptions regarding the model. As a result
none of the linear algebra classes are needed, so remove Matrix, Vector3, and Matrix3.
(SimpleKalmanEstimator): Calculate the gain based on the provided process and
measurement errors.
(KalmanEstimator): Deleted.
(IdentityEstimator): Deleted.
(PIDController): Refactor to use the Utilities.createClass() helper.

The Kalman filter algorithm is explained here http://greg.czerniak.info/guides/kalman1/.
The state, represented by a scalar, is the estimated frame length. There is no user
transition of the state, and the state is the same as the measurement. With this model,
the estimation error converges, so calculate the gain ahead of time.

  • Animometer/developer.html: Remove fixed-after-warmup since it is not useful.

Replace the option to toggle the estimator, and make it possible to customize the
estimator's error parameters. Show raw FPS by default, and remove interval FPS,
which will be shown instead of the filtered raw FPS.

  • Animometer/resources/debug-runner/animometer.css: Put the header behind the graph.

Remove #intervalFPS rules; move the color to #filteredFPS.

  • Animometer/resources/debug-runner/graph.js:

(updateGraphData): Update the hr style to force the layout to be calculated
correctly. Change the tick format to be in terms of seconds, since the timestamps
are in milliseconds. Remove interval data.

  • Animometer/resources/runner/animometer.js:

(window.benchmarkController.startBenchmark): Set Kalman parameters.

  • Animometer/resources/runner/benchmark-runner.js:

(_runBenchmarkAndRecordResults): When a benchmark completes, expect it to return
the final data, rather than passing a sampler from the controller. This avoids
needing to expose the sampler variable in the benchmark.

  • Animometer/tests/resources/sampler.js:

(process): Move the setting of the target frame rate to AdaptiveController.

7:04 PM Changeset in webkit [196287] by n_wang@apple.com
  • 5 edits
    2 adds in trunk

AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
https://bugs.webkit.org/show_bug.cgi?id=154018

Reviewed by Chris Fleizach.

Source/WebCore:

Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
object.

Test: accessibility/text-marker/text-marker-range-stale-node-crash.html

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):

  • accessibility/AXObjectCache.h:
  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
(characterOffsetForTextMarker):
(-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
(textMarkerForVisiblePosition):

LayoutTests:

  • accessibility/text-marker/text-marker-range-stale-node-crash-expected.txt: Added.
  • accessibility/text-marker/text-marker-range-stale-node-crash.html: Added.
6:22 PM Changeset in webkit [196286] by akling@apple.com
  • 7 edits in trunk/Source

[iOS] Throw away some unlinked code when navigating to a new page.
<https://webkit.org/b/154014>

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

  • runtime/VM.cpp:

(JSC::VM::deleteAllCodeExceptCaches):
(JSC::VM::deleteAllLinkedCode): Deleted.

  • runtime/VM.h:

Source/WebCore:

Extended the mechanism introduced earlier to also throw away unlinked code
that's only relevant to the page that we're navigating away from.

The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
like, deleting unlinked and linked code but leaving code caches alone.

This means that if the page we're navigating to wants to parse some of the
same JS that the page we're leaving had on it, it might still be found in the
JSC::CodeCache.

Doing a back navigation to a PageCache'd page may now incur some reparsing,
just like leaving the app or tab would.

  • bindings/js/GCController.cpp:

(WebCore::GCController::deleteAllCodeExceptCaches):
(WebCore::GCController::deleteAllLinkedCode): Deleted.

  • bindings/js/GCController.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

5:55 PM Changeset in webkit [196285] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Search doesn't seem to find text that is present in multiple places
https://bugs.webkit.org/show_bug.cgi?id=154016
<rdar://problem/23391307>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Brian Burg.

  • UserInterface/Controllers/DebuggerManager.js:

(WebInspector.DebuggerManager.prototype.get searchableScripts):

  • UserInterface/Views/SearchSidebarPanel.js:

(WebInspector.SearchSidebarPanel.prototype.performSearch):
Only search scripts with a URL. Don't search the potentially
large number of anonymous scripts.

5:50 PM Changeset in webkit [196284] by commit-queue@webkit.org
  • 4 edits
    2 adds in trunk

Web Inspector: Zooming in on the timeline graph does not increase its time resolution from minutes
https://bugs.webkit.org/show_bug.cgi?id=154013
<rdar://problem/23844527>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Brian Burg.

Source/WebInspectorUI:

  • UserInterface/Base/Utilities.js:

(Number.secondsToString):
Simplify logic and ensure that when under high resolution we
don't go above seconds for our units.

(Number.bytesToString):
Simplify logic.

  • UserInterface/Views/LinearTimelineOverview.js:

(WebInspector.LinearTimelineOverview):
Reduce the rather large maximum seconds per pixel from 60 seconds
per pixel to 2 seconds per pixel. This means when the user zooms
out of a timeline they don't see such large time values.

LayoutTests:

  • inspector/unit-tests/number-utilities-expected.txt: Added.
  • inspector/unit-tests/number-utilities.html: Added.

Basic tests for our Number utilities methods.

5:26 PM Changeset in webkit [196283] by dbates@webkit.org
  • 23 edits
    30 adds in trunk

CSP connect-src directive should block redirects
https://bugs.webkit.org/show_bug.cgi?id=69359
<rdar://problem/24383025>

Reviewed by Brent Fulgham.

Source/WebCore:

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?revision=150246&view=revision>

Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
<https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).

Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
then we do not try to load URLs j >= i.

Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html

http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html

  • fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.

  • inspector/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
with the Web Inspector.

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
and pass it through to DocumentThreadableLoader::create().
(WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
to DocumentThreadableLoader::DocumentThreadableLoader().
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
that is not allowed by the CSP. The caller should not create a loader for such a request.
(WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
then notify the client that the redirect check failed.
(WebCore::DocumentThreadableLoader::loadRequest): Ditto.
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
by the enforced CSP directive.
(WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.

  • loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()

that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.

  • loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
(WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.

  • loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the

directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
only WorkerGlobalScope.importScripts() enforces a different directive: script-src.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
to the DocumentThreadableLoader.

  • loader/WorkerThreadableLoader.h:
  • page/EventSource.cpp:

(WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.

  • workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
instead of querying for it directly.

  • workers/AbstractWorker.h:
  • workers/Worker.cpp:

(WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
of the worker's script URL.

  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
Enforce the CSP directive script-src on redirects unless we are running in an isolated world.

  • workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
(WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.

  • workers/WorkerScriptLoader.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
an isolated world.

LayoutTests:

Add more tests, update erroneous expected results, and remove some entries from TestExpectations for tests
that now pass.

  • TestExpectations: Remove entries for tests that now pass. The failure of test http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html

was erroneously attributed to <https://bugs.webkit.org/show_bug.cgi?id=153562>.

  • http/tests/security/contentSecurityPolicy/resources/determine-content-security-policy-header.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/script-set-value.js: Use global variable self instead of window so as to

make this script work both from a Document and a Web Worker. In a document, self refers to the Window object and in a worker
it refers to the WorkerGlobalScope object.

  • http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt: Remove Blink-specific messages so that the test passes.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt: Substitute Blink-specific error text with the analogous WebKit error text.
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html: Ditto.
  • http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScripts-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScript-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html: Added.
  • http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html: Added.
5:25 PM Changeset in webkit [196282] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

Try to fix Yosemite build.

  • dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):

5:15 PM Changeset in webkit [196281] by Antti Koivisto
  • 5 edits
    1 add in trunk/Source/WebCore

Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
https://bugs.webkit.org/show_bug.cgi?id=154003

Reviewed by Darin Adler.

Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
It can also return nodes other than Element and Text which should not be part of the composed tree.

This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
ComposedTreeIterator is then implemented using this new iterator.

When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
local iterator becomes active.

  • WebCore.xcodeproj/project.pbxproj:
  • dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::pushContext):
(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::ComposedTreeIterator::traverseNextLeavingContext):
(WebCore::ComposedTreeIterator::advanceInSlot):
(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
(WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
(WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
(WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.

  • dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::operator*):
(WebCore::ComposedTreeIterator::operator->):
(WebCore::ComposedTreeIterator::operator==):
(WebCore::ComposedTreeIterator::operator!=):
(WebCore::ComposedTreeIterator::operator++):
(WebCore::ComposedTreeIterator::Context::Context):
(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
(WebCore::ComposedTreeIterator::traverseNextSibling):
(WebCore::ComposedTreeIterator::traversePreviousSibling):
(WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
(WebCore::ComposedTreeDescendantAdapter::begin):
(WebCore::ComposedTreeDescendantAdapter::end):
(WebCore::ComposedTreeDescendantAdapter::at):
(WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
(WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
(WebCore::ComposedTreeChildAdapter::begin):
(WebCore::ComposedTreeChildAdapter::end):
(WebCore::ComposedTreeChildAdapter::at):
(WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
(WebCore::ComposedTreeIterator::traverseParent): Deleted.

  • dom/ElementAndTextDescendantIterator.h: Added.

New iterator type that traverses Element and Text nodes (that is renderable nodes only).
It also tracks depth for future use.

5:06 PM Changeset in webkit [196280] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

B3::foldPathConstants() needs to execute its insertion set
https://bugs.webkit.org/show_bug.cgi?id=154020

Reviewed by Saam Barati.

  • b3/B3FoldPathConstants.cpp:
  • b3/testb3.cpp:

(JSC::B3::testFoldPathEqual): Added this. It used to crash in validation.
(JSC::B3::run):

3:29 PM Changeset in webkit [196279] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.3.9.1.3

New tag.

3:18 PM Changeset in webkit [196278] by bshafiei@apple.com
  • 20 edits
    2 copies in branches/safari-601-branch

Merged r187245. rdar://problem/19861992

3:15 PM Changeset in webkit [196277] by bshafiei@apple.com
  • 20 edits
    2 copies in branches/safari-601.3.9.1-branch

Merged r187245. rdar://problem/19861992

3:14 PM Changeset in webkit [196276] by Yusuke Suzuki
  • 5 edits in trunk/Source/JavaScriptCore

[JSC] Introduce @isObject bytecode intrinsic and use it instead of JS implemented one
https://bugs.webkit.org/show_bug.cgi?id=153976

Reviewed by Darin Adler.

Use bytecode op_is_object directly.

  • builtins/GlobalObject.js:

(isObject): Deleted.

  • bytecode/BytecodeIntrinsicRegistry.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_isObject):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init): Deleted.

3:13 PM Changeset in webkit [196275] by commit-queue@webkit.org
  • 22 edits in trunk/Source/WebInspectorUI

Web Inspector: Extract a few common unicode characters into global variables
https://bugs.webkit.org/show_bug.cgi?id=154008

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Utilities.js:

Create global variables for emDash and ellipsis to use all over the tools.

  • UserInterface/Views/ConsoleMessageView.js:

(WebInspector.ConsoleMessageView.prototype._formatParameterAsTable): Deleted.

  • UserInterface/Views/DefaultDashboardView.js:

(WebInspector.DefaultDashboardView.prototype._updateDisplay):

  • UserInterface/Views/HierarchicalPathComponent.js:

(WebInspector.HierarchicalPathComponent.prototype._updateElementTitleAndText):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement.createOption):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement):

  • UserInterface/Views/HierarchicalPathNavigationItem.js:

(WebInspector.HierarchicalPathNavigationItem.prototype.updateLayout):

  • UserInterface/Views/LayerTreeDataGridNode.js:

(WebInspector.LayerTreeDataGridNode.prototype.set layer):

  • UserInterface/Views/LayoutTimelineDataGridNode.js:

(WebInspector.LayoutTimelineDataGridNode.prototype.createCellContent):
(WebInspector.LayoutTimelineDataGridNode):

  • UserInterface/Views/MemoryCategoryView.js:

(WebInspector.MemoryCategoryView.prototype._updateDetails): Deleted.
(WebInspector.MemoryCategoryView): Deleted.

  • UserInterface/Views/MemoryTimelineView.js:

(WebInspector.MemoryTimelineView.prototype._clearUsageLegend):
(WebInspector.MemoryTimelineView.prototype._updateUsageLegend):
(WebInspector.MemoryTimelineView.prototype._clearMaxComparisonLegend):
(WebInspector.MemoryTimelineView.prototype._updateMaxComparisonLegend):

  • UserInterface/Views/MultipleScopeBarItem.js:

(WebInspector.MultipleScopeBarItem.set scopeBarItems.createOption):
(WebInspector.MultipleScopeBarItem.prototype.set scopeBarItems):

  • UserInterface/Views/ObjectPreviewView.js:

(WebInspector.ObjectPreviewView.prototype._appendEntryPreviews):
(WebInspector.ObjectPreviewView.prototype._appendPropertyPreviews):

  • UserInterface/Views/ProfileNodeDataGridNode.js:

(WebInspector.ProfileNodeDataGridNode.prototype.createCellContent):
(WebInspector.ProfileNodeDataGridNode):

  • UserInterface/Views/RenderingFrameTimelineDataGridNode.js:

(WebInspector.RenderingFrameTimelineDataGridNode.prototype.createCellContent):
(WebInspector.RenderingFrameTimelineDataGridNode):

  • UserInterface/Views/ResourceDetailsSidebarPanel.js:

(WebInspector.ResourceDetailsSidebarPanel.prototype._refreshRequestAndResponse): Deleted.
(WebInspector.ResourceDetailsSidebarPanel.prototype._valueForSize): Deleted.

  • UserInterface/Views/ResourceTimelineDataGridNode.js:

(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):

  • UserInterface/Views/ScriptTimelineDataGridNode.js:

(WebInspector.ScriptTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ScriptTimelineDataGridNode):

  • UserInterface/Views/SearchResultTreeElement.js:

(WebInspector.SearchResultTreeElement.truncateAndHighlightTitle):

  • UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode.prototype.createCellContent):

  • UserInterface/Views/TypeTreeElement.js:

(WebInspector.TypeTreeElement.prototype.onpopulate):

  • UserInterface/Views/TypeTreeView.js:

(WebInspector.TypeTreeView.prototype._populate):
(WebInspector.TypeTreeView):

3:12 PM Changeset in webkit [196274] by Yusuke Suzuki
  • 6 edits in trunk

{Map,Set}.prototype.forEach should be visible as own properties
https://bugs.webkit.org/show_bug.cgi?id=153974

Reviewed by Darin Adler.

Source/JavaScriptCore:

Now, Map and Set uses builtin tables. We should inlude it in class info.

  • runtime/MapPrototype.cpp:
  • runtime/SetPrototype.cpp:

LayoutTests:

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
3:00 PM Changeset in webkit [196273] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Baseline JIT should not require its input to be constant-propagated
https://bugs.webkit.org/show_bug.cgi?id=154011
rdar://problem/24290933

Reviewed by Mark Lam.

  • jit/JITArithmetic.cpp:

(JSC::JIT::emitBitBinaryOpFastPath):
(JSC::JIT::emitRightShiftFastPath):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):

2:31 PM Changeset in webkit [196272] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

CodeCache should give up on evals if there are variables under TDZ
https://bugs.webkit.org/show_bug.cgi?id=154002
rdar://problem/24300998

Reviewed by Mark Lam.

Disable the code cache optimization because our approach to TDZ for scoped variables - using
a separate check_tdz opcode when logically it's the get_from_scope's job to do it - makes
caching code impossible if there are any variables in TDZ.

We should do the right thing in the future, and fold the TDZ check into the get_from_scope.
This is better not only because it will restore caching, but because our bytecode for heap
accesses is usually at the highest practically doable level of abstraction, so that ICs,
compilers and caches can see the intended meaning of the bytecode more easily.

This doesn't appear to slow anything down, but that's just because we don't have enough ES6
benchmarks. I've filed: https://bugs.webkit.org/show_bug.cgi?id=154010

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):

2:07 PM Changeset in webkit [196271] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: ⇧⌘→ when editing text in the Elements tree shouldn't switch inspector tab
https://bugs.webkit.org/show_bug.cgi?id=154006
<rdar://problem/22892489>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Timothy Hatcher.

  • UserInterface/Views/EditingSupport.js:

(WebInspector.isEventTargetAnEditableField):
Check the WebInspector's custom editing state.

1:50 PM Changeset in webkit [196270] by commit-queue@webkit.org
  • 4 edits
    2 adds in trunk

Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
https://bugs.webkit.org/show_bug.cgi?id=148605

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-08
Reviewed by Brian Burg.

Source/WebCore:

Test: inspector/console/command-line-api-copy.html

  • inspector/CommandLineAPIModuleSource.js:

(CommandLineAPIImpl.prototype.copy):
Support copying different types. This is meant to be more
convenient then just JSON.stringify, so it handles types
like Node, Symbol, RegExp, and Function a bit better.

LayoutTests:

  • inspector/console/command-line-api-copy-expected.txt: Added.
  • inspector/console/command-line-api-copy.html: Added.
  • http/tests/inspector/console/cross-domain-inspected-node-access-expected.txt:
1:47 PM Changeset in webkit [196269] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark fast/text/crash-complex-text-surrogate.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=154005

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
12:54 PM Changeset in webkit [196268] by commit-queue@webkit.org
  • 19 edits
    2 adds in trunk

REGRESSION(r181345): SVG polyline and polygon leak page
https://bugs.webkit.org/show_bug.cgi?id=152759

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Source/WebCore:

The leak happens because of cyclic reference between SVGListPropertyTearOff
and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
There is also cyclic reference between SVGAnimatedProperty and SVGElement
and this causes the whole document to be leaked. So if the JS requests, for
example, an instance of SVGPolylineElement.points, the whole document will be
leaked.

The fix depends on having the cyclic reference as is since the owning and the
owned classes have to live together if any of them is referenced. But the owning
class caches a raw 'ref-counted' pointer of the owned class. If it is requested
for an instance of the owned class it returned a RefPtr<> of it. Once the owned
class is not used, it can delete itself. The only thing needed here is to notify
the owner class of the deletion so it cleans its caches and be able to create a
new pointer if it is requested for an instance of the owned class later.

Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
to break the cyclic reference between SVGElement and SVGAnimatedProperty.

Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
animVal() to break cyclic reference between SVGListPropertyTearOff and
SVGAnimatedListPropertyTearOff.

Test: svg/animations/smil-leak-list-property-instances.svg

  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): The SVG non-string list tear-off properties became of
type RefPtr<>. So we need to use get() with the casting expressions.

  • svg/SVGMarkerElement.cpp:

(WebCore::SVGMarkerElement::orientType):
Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

  • svg/SVGPathElement.cpp:

(WebCore::SVGPathElement::pathByteStream):
(WebCore::SVGPathElement::lookupOrCreateDWrapper):
Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPathElement::pathSegList):
(WebCore::SVGPathElement::normalizedPathSegList):
(WebCore::SVGPathElement::animatedPathSegList):
(WebCore::SVGPathElement::animatedNormalizedPathSegList):

  • svg/SVGPathElement.h:

Change the return value from raw pointer to RefPtr<>.

  • svg/SVGPathSegWithContext.h:

(WebCore::SVGPathSegWithContext::animatedProperty):
Change the return type to be RefPtr<> to preserve the value from being deleted.

  • svg/SVGPolyElement.cpp:

(WebCore::SVGPolyElement::parseAttribute):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPolyElement::points):
(WebCore::SVGPolyElement::animatedPoints):

  • svg/SVGPolyElement.h:

Change the return value from raw pointer to RefPtr<>.

  • svg/SVGViewSpec.cpp:

(WebCore::SVGViewSpec::setTransformString):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGViewSpec::transform):

  • svg/SVGViewSpec.h:

Change the return value from raw pointer to RefPtr<>.

  • svg/properties/SVGAnimatedListPropertyTearOff.h:

(WebCore::SVGAnimatedListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedListPropertyTearOff::animVal):
Change the return value from raw pointer to RefPtr<> and change the cached
value from RefPtr<> to raw pointer. If the property is null, it will be
created, its raw pointer will be cached and the only ref-counted RefPtr<>
will be returned. This will guarantee, the RefPtr<> will be deleted once
it is not used anymore.

(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
actual pointer. This function will be called from the destructor of
SVGListPropertyTearOff.

(WebCore::SVGAnimatedListPropertyTearOff::findItem):
(WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
We have to ensure the baseVal() is created before using it.

(WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
to the animVal(). This will prevent deleting m_animVal while animation.

  • svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:

(WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

(WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
Same as what is done in SVGAnimatedListPropertyTearOff.

  • svg/properties/SVGAnimatedProperty.h:

(WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
Change the return value from raw reference to Ref<> and change the
cached value from Ref<> to raw pointer. This reverts the change of
r181345 in this function.

(WebCore::SVGAnimatedProperty::lookupWrapper):
Change the return value from raw pointer to RefPtr<>.

  • svg/properties/SVGAnimatedPropertyMacros.h:

Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

  • svg/properties/SVGAnimatedTransformListPropertyTearOff.h:

(WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

  • svg/properties/SVGListPropertyTearOff.h:

(WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
its raw pointers when the RefPtr<> deletes itself.

LayoutTests:

  • svg/animations/smil-leak-list-property-instances-expected.txt: Added.
  • svg/animations/smil-leak-list-property-instances.svg: Added.

Ensure if SVGPolylineElement.points is requested from JS, the document will
not leak.

12:53 PM Changeset in webkit [196267] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Crash when trying to chain to the old -[NSView setNeedsDisplayInRect:]
https://bugs.webkit.org/show_bug.cgi?id=154001
rdar://problem/24519975

Reviewed by Dan Bernstein.

If our replaced -[NSView setNeedsDisplayInRect:] is called before the old IMP has been initialized,
we can end up trying to call a null pointer.

Fix this by using method_exchangeImplementations instead of method_setImplementation, since the former is done
atomically.

  • WebView/WebHTMLView.mm:

(-[NSView _web_setNeedsDisplayInRect:]):
(+[WebHTMLViewPrivate initialize]):
(setNeedsDisplayInRect): Deleted.

11:49 AM Changeset in webkit [196266] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Long values for comma separated CSS properties overflow the Visual sidebar area
https://bugs.webkit.org/show_bug.cgi?id=153890
<rdar://problem/24510216>

Patch by Devin Rousso <Devin Rousso> on 2016-02-08
Reviewed by Timothy Hatcher.

For especially long values in comma-separated CSS properties (such as
background-image), the text will not be clipped as expected due to the
way in which the width is calculated for the element (the value, inside
the title element, is the only child with a specified width other than
100%). This overflowing causes the width of the section containing that
property to expand, pushing content outside of the inspector window. To
remedy this, a specified width is set on the relevant properties based
on the width of the sidebar to ensure proper text clipping.

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:

(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item.visual-style-font-family-list-item > .visual-style-comma-separated-keyword-item-editor):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item): Deleted.

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:

(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth):
Calculates the necessary subtractions from the given width value based on
the margins and size of sibling elements.

  • UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateFontSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBackgroundStyleSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBoxShadowSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateTransitionSection):
Added another list to each group which, if set, will pass the current
sidebar width to all contained property editors.

  • UserInterface/Views/VisualStylePropertyEditor.js:

(WebInspector.VisualStylePropertyEditor.prototype.update):
Somewhat unrelated (r196146), but added another check to ensure that the
CSS property exists before checking to see if it has an invalid value.

11:42 AM Changeset in webkit [196265] by Carlos Garcia Campos
  • 5 edits in trunk/Source

[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

  • Shared/gtk/WebEventFactory.cpp:

(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

11:41 AM Changeset in webkit [196264] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Infinite loop when processing mouse events synchronously
https://bugs.webkit.org/show_bug.cgi?id=153995

Reviewed by Darin Adler.

This happened with WTR in the GTK+ port after landing patch in bug
#153740. The thing is that WTR forces events handling IPC messages
to be synchronous. When a drag and drop operation is in progress,
the web process ignores mouse move events and replies with
DidReceiveEvent signal. The DidReceiveEvent message handler in
WebPageProxy checks if we have a m_nextMouseMoveEvent and handles
it, but when all this happens synchronously the
m_nextMouseMoveEvent is the current one because we haven't
returned yet from handleMouseEvent(). We need to invalidate the
m_nextMouseMoveEvent before calling handleMouseEvent().

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didReceiveEvent):

11:33 AM Changeset in webkit [196263] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

PiP and external playback are mutually exclusive.
https://bugs.webkit.org/show_bug.cgi?id=153988
rdar://problem/24108661

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to
turn-off external playback when entering picture-in-picture.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVPlayerController isPlayingOnExternalScreen]):
(+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):

11:31 AM Changeset in webkit [196262] by beidson@apple.com
  • 4 edits in trunk/LayoutTests

IndexedDB: No test covers cursor.delete() setting the source of the request to the cursor.
https://bugs.webkit.org/show_bug.cgi?id=153992

Reviewed by Jer Noble.

  • storage/indexeddb/cursor-delete-expected.txt:
  • storage/indexeddb/cursor-delete-private-expected.txt:
  • storage/indexeddb/resources/cursor-delete.js:
11:29 AM Changeset in webkit [196261] by commit-queue@webkit.org
  • 10 edits in trunk

[ES6] Arrow function syntax. Using 'super' in arrow function that declared out of the class should lead to Syntax error
https://bugs.webkit.org/show_bug.cgi?id=150893

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-08
Reviewed by Saam Barati.
Source/JavaScriptCore:

'super' and 'super()' inside of the arrow function should lead to syntax error if they are used
out of the class context or they wrapped by ordinary function. Now JSC returns ReferenceError but
should return SyntaxError according to the following specs:
http://www.ecma-international.org/ecma-262/6.0/#sec-function-definitions-static-semantics-early-errors
and http://www.ecma-international.org/ecma-262/6.0/#sec-arrow-function-definitions-runtime-semantics-evaluation
Curren patch implemented only one case when super/super() are used inside of the arrow function
Case when super/super() are used within the eval:

class A {}
class B extends A {

costructor() { eval("super()");}

}

is not part of this patch and will be implemented in this issue https://bugs.webkit.org/show_bug.cgi?id=153864.
The same for case when eval with super/super() is invoked in arrow function will be
implemented in issue https://bugs.webkit.org/show_bug.cgi?id=153977.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):

  • parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::setExpectedSuperBinding):
(JSC::Scope::expectedSuperBinding):
(JSC::Scope::setConstructorKind):
(JSC::Scope::constructorKind):
(JSC::Parser::closestParentNonArrowFunctionNonLexicalScope):

  • tests/stress/arrowfunction-lexical-bind-supercall-4.js:
  • tests/stress/arrowfunction-lexical-bind-superproperty.js:

LayoutTests:

Adding tests for using of the 'super' inside of the arrow function

  • js/arrowfunction-superproperty-expected.txt:
  • js/arrowfunction-syntax-errors-expected.txt:
  • js/script-tests/arrowfunction-superproperty.js:
  • js/script-tests/arrowfunction-syntax-errors.js:
11:27 AM Changeset in webkit [196260] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Remove weak from WKAirPlayRoutePicker.mm to fix build warning.
https://bugs.webkit.org/show_bug.cgi?id=153985
rdar://problem/24485348

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Remove weak since it is only available when using ARC.

  • UIProcess/ios/forms/WKAirPlayRoutePicker.mm:
10:58 AM Changeset in webkit [196259] by fpizlo@apple.com
  • 4 edits in trunk/Source/WTF

Make sure that locking code that relies on module boundaries for compiler fences uses NEVER_INLINE
https://bugs.webkit.org/show_bug.cgi?id=153972

Reviewed by Andreas Kling.

When this code was written, we assumed that module boundaries were compiler fences. That might
not be the case if we ever do LTO.

  • wtf/Lock.cpp:

(WTF::LockBase::lockSlow):
(WTF::LockBase::unlockSlow):

  • wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkAll):
(WTF::ParkingLot::forEach):

  • wtf/WordLock.cpp:

(WTF::WordLock::lockSlow):
(WTF::WordLock::unlockSlow):

10:52 AM Changeset in webkit [196258] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Parser should detect error before calls to parseAssignmentExpression()
https://bugs.webkit.org/show_bug.cgi?id=153975
rdar://problem/24291231

Reviewed by Saam Barati.

Fixes a very hard-to-create situation that an internal test picked up.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::parseAssignmentExpression):

10:43 AM Changeset in webkit [196257] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

[GTK] Fix crash when creating webview with g_object_new
https://bugs.webkit.org/show_bug.cgi?id=153989

Patch by Danilo Cesar Lemes de Paula <danilo.cesar@collabora.co.uk> on 2016-02-08
Reviewed by Carlos Garcia Campos.

g_object_new(WEBKIT_TYPE_WEB_VIEW, NULL) crashes webkit
as _WebKitWebViewBasePrivate constructor requires a mainloop, but
webkit is only initialized when a context is created (which
doesn't happen with a direct call to g_object_new).

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkit_web_view_base_class_init):

10:28 AM Changeset in webkit [196256] by commit-queue@webkit.org
  • 5 edits in trunk/Source

Unreviewed, rolling out r196253.
https://bugs.webkit.org/show_bug.cgi?id=153990

Caused several crashes in GTK+ bots (Requested by KaL on
#webkit).

Reverted changeset:

"[GTK] WebKitWebView should send crossing events to the
WebProcess"
https://bugs.webkit.org/show_bug.cgi?id=153740
http://trac.webkit.org/changeset/196253

10:23 AM Changeset in webkit [196255] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: WebInspector.Setting should have a "reset" method
https://bugs.webkit.org/show_bug.cgi?id=153971
<rdar://problem/24544101>

Reviewed by Brian Burg.

Currently UI needing to restore a setting to its default must retain a copy
of the default value. This should be a basic operation of WebInspector.Setting.

  • UserInterface/Base/Setting.js:

(WebInspector.Setting):
(WebInspector.Setting.prototype.reset):
Sets value to a copy of the default.

9:06 AM Changeset in webkit [196254] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

WebAVPlayerController should implement currentTimeWithinEndTimes.
https://bugs.webkit.org/show_bug.cgi?id=153983
rdar://problem/22864621

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
implementation becuase AVPlayer start and end times aren't used.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVPlayerController currentTimeWithinEndTimes]):
(-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
(+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):

8:59 AM Changeset in webkit [196253] by Carlos Garcia Campos
  • 5 edits in trunk/Source

[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

  • Shared/gtk/WebEventFactory.cpp:

(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

8:46 AM Changeset in webkit [196252] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

WebVideoFullscreenInterface should handle video resizing.
https://bugs.webkit.org/show_bug.cgi?id=153982
rdar://problem/22031249

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Video fullscreen can be initiated before video dimension are available.
Protect against an initial width or height of zero and observe resize events
to update once video dimensions become available or change.

  • platform/cocoa/WebVideoFullscreenModelVideoElement.mm:

(WebVideoFullscreenModelVideoElement::updateForEventName):
(WebVideoFullscreenModelVideoElement::observedEventNames):

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVPlayerLayer layoutSublayers]):
(-[WebAVPlayerLayer videoRect]):
(WebVideoFullscreenInterfaceAVKit::setVideoDimensions):

8:25 AM Changeset in webkit [196251] by akling@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Visiting a WeakBlock should report bytes visited, since we reported them allocated.
<https://webkit.org/b/153978>

Reviewed by Darin Adler.

When creating a WeakBlock, we tell Heap that we've allocated 1 KB (WeakBlock::blockSize)
of memory. Consequently, when visiting a WeakBlock, we should also report 1 KB of memory
visited. Otherwise Heap will think that those 1 KB already went away.

This was causing us to underestimate heap size, which affects collection scheduling.

  • heap/SlotVisitor.h:

(JSC::SlotVisitor::reportMemoryVisited):

  • heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):

5:43 AM Changeset in webkit [196250] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

Timeouts in tests because of non implemented UIScriptController::singleTapAtPoint()
https://bugs.webkit.org/show_bug.cgi?id=153833

Unreviewed.

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08

  • platform/gtk/TestExpectations:
5:41 AM Changeset in webkit [196249] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
https://bugs.webkit.org/show_bug.cgi?id=153824

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08
Reviewed by Michael Catanzaro.

  • editing/markup.cpp:

(WebCore::highestAncestorToWrapMarkup):

Feb 7, 2016:

7:22 PM Changeset in webkit [196248] by weinig@apple.com
  • 2 edits in trunk/Source/WebCore

Remove unused enum ScrollbarOverlayState.

Rubber-stamped by Dan Bernstein.

  • platform/ScrollTypes.h:
7:20 PM Changeset in webkit [196247] by weinig@apple.com
  • 3 edits in trunk/Source/WebCore

Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
https://bugs.webkit.org/show_bug.cgi?id=153970

Reviewed by Dan Bernstein.

-[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
-[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
are now available on all supported OS's. No need to check for them.

  • platform/mac/ScrollAnimatorMac.mm:

(macScrollbarTheme):
(-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
(WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
(WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
(supportsUIStateTransitionProgress): Deleted.
(supportsExpansionTransitionProgress): Deleted.
(supportsContentAreaScrolledInDirection): Deleted.

  • platform/mac/ScrollbarThemeMac.mm:

(+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
(+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
(WebCore::ScrollbarThemeMac::scrollbarThickness):

7:01 PM Changeset in webkit [196246] by weinig@apple.com
  • 8 edits
    1 add in trunk/Source/WebCore

Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
https://bugs.webkit.org/show_bug.cgi?id=153969

Reviewed by Dan Bernstein.

  • WebCore.xcodeproj/project.pbxproj:

Add new file NSScrollerImpSPI.h

  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

Use new include of NSScrollerImpSPI.h.

  • platform/ScrollbarThemeComposite.h:

Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.

  • platform/mac/NSScrollerImpDetails.h:

Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h

  • platform/mac/NSScrollerImpDetails.mm:

(WebCore::recommendedScrollerStyle):
Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].

  • platform/mac/ScrollAnimatorMac.mm:

(supportsUIStateTransitionProgress):
(supportsExpansionTransitionProgress):
(supportsContentAreaScrolledInDirection):
Stop using NSClassFromString now that we can reference the classes explicitly.

(-[WebScrollbarPainterControllerDelegate invalidate]):
(-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
(-[WebScrollbarPainterDelegate layer]):
(-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
(-[WebScrollbarPainterDelegate convertRectToLayer:]):
(-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
(-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
(WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
(WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
(WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
(WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
(WebCore::ScrollAnimatorMac::updateScrollerStyle):
Add proper conforming to protocols and replace ids with proper types.

  • platform/mac/ScrollbarThemeMac.mm:

(WebCore::supportsExpandedScrollbars):
(WebCore::ScrollbarThemeMac::registerScrollbar):
(WebCore::ScrollbarThemeMac::scrollbarThickness):
(WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
Stop using NSClassFromString now that we can reference the classes explicitly.

  • platform/spi/mac/NSScrollerImpSPI.h: Added.
5:34 PM Changeset in webkit [196245] by Yusuke Suzuki
  • 6 edits in trunk

[GTK][EFL] Enable SamplingProfiler
https://bugs.webkit.org/show_bug.cgi?id=153638

Reviewed by Michael Catanzaro.

.:

Enable SamplingProfiler in GTK and EFL.
And added option to CMake to switch this from the build command.

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/WebKitFeatures.cmake:

Source/WTF:

  • wtf/Platform.h:
4:33 PM Changeset in webkit [196244] by Alan Bujtas
  • 145 edits
    2 adds in trunk

Outline does not clip when ancestor has overflow: hidden and requires layer.
https://bugs.webkit.org/show_bug.cgi?id=153901

Now that outline is part of visual overflow, we no longer need the special outline cliprect.
PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc).

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/outline-with-overflow-hidden-ancestor.html

  • rendering/LayerFragment.h:

(WebCore::LayerFragment::setRects):
(WebCore::LayerFragment::moveBy): Deleted.
(WebCore::LayerFragment::intersect): Deleted.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::collectFragments):
(WebCore::RenderLayer::paintOutlineForFragments):
(WebCore::RenderLayer::calculateClipRects):
(WebCore::RenderLayer::paintForegroundForFragments): Deleted.

  • rendering/RenderLayer.h:
  • rendering/RenderTreeAsText.cpp:

(WebCore::write):
(WebCore::writeLayers):

LayoutTests:

  • compositing/geometry/limit-layer-bounds-overflow-repaint-expected.txt:
  • compositing/masks/mask-of-clipped-layer-expected.txt:
  • css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt:
  • css2.1/20110323/abspos-replaced-width-margin-000-expected.txt:
  • css3/blending/blend-mode-isolation-turn-off-self-painting-layer2-expected.txt:
  • css3/blending/blend-mode-isolation-turn-on-self-painting-layer-expected.txt:
  • fast/block/positioning/negative-rel-position-expected.txt:
  • fast/dynamic/staticY-expected.txt:
  • fast/inline/absolute-positioned-block-in-centred-block-expected.txt:
  • fast/multicol/flipped-blocks-border-after-expected.txt:
  • fast/multicol/pagination-h-horizontal-bt-expected.txt:
  • fast/multicol/pagination-h-horizontal-tb-expected.txt:
  • fast/multicol/pagination-h-vertical-rl-expected.txt:
  • fast/multicol/pagination-v-horizontal-bt-expected.txt:
  • fast/multicol/pagination-v-vertical-lr-expected.txt:
  • fast/multicol/pagination-v-vertical-rl-expected.txt:
  • fast/multicol/pagination/LeftToRight-tb-hittest-expected.txt:
  • fast/multicol/pagination/RightToLeft-rl-hittest-expected.txt:
  • fast/multicol/progression-reverse-expected.txt:
  • fast/multicol/vertical-rl/rules-with-border-before-expected.txt:
  • fast/overflow/overflow-update-transform-expected.txt:
  • fast/overflow/position-relative-expected.txt:
  • fast/repaint/focus-ring-expected.txt:
  • fast/repaint/focus-ring-repaint.html:
  • fast/repaint/outline-with-overflow-hidden-ancestor-expected.html: Added.
  • fast/repaint/outline-with-overflow-hidden-ancestor.html: Added.
  • fast/table/overflow-table-collapsed-borders-cell-painting-expected.txt:
  • fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer-expected.txt:
  • fast/table/overflow-table-collapsed-borders-section-layer-painting-expected.txt:
  • fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer-expected.txt:
  • fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting-expected.txt:
  • fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer-expected.txt:
  • platform/mac/compositing/geometry/clipping-foreground-expected.txt:
  • platform/mac/compositing/geometry/root-layer-update-expected.txt:
  • platform/mac/compositing/overflow/ancestor-overflow-expected.txt:
  • platform/mac/compositing/overflow/nested-scrolling-expected.txt:
  • platform/mac/compositing/overflow/overflow-scroll-expected.txt:
  • platform/mac/compositing/overflow/parent-overflow-expected.txt:
  • platform/mac/compositing/overflow/scrollbar-painting-expected.txt:
  • platform/mac/compositing/reflections/nested-reflection-on-overflow-expected.txt:
  • platform/mac/compositing/sibling-positioning-expected.txt:
  • platform/mac/css3/blending/blend-mode-overflow-expected.txt:
  • platform/mac/css3/unicode-bidi-isolate-basic-expected.txt:
  • platform/mac/fast/block/float/overhanging-tall-block-expected.txt:
  • platform/mac/fast/block/positioning/auto/vertical-rl/007-expected.txt:
  • platform/mac/fast/block/positioning/vertical-rl/fixed-positioning-expected.txt:
  • platform/mac/fast/borders/border-antialiasing-expected.txt:
  • platform/mac/fast/clip/001-expected.txt:
  • platform/mac/fast/clip/013-expected.txt:
  • platform/mac/fast/clip/014-expected.txt:
  • platform/mac/fast/clip/016-expected.txt:
  • platform/mac/fast/clip/outline-overflowClip-expected.txt:
  • platform/mac/fast/css/clip-zooming-expected.txt:
  • platform/mac/fast/forms/validation-message-appearance-expected.txt:
  • platform/mac/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
  • platform/mac/fast/line-grid/line-grid-inside-columns-expected.txt:
  • platform/mac/fast/line-grid/line-grid-into-columns-expected.txt:
  • platform/mac/fast/lists/scrolled-marker-paint-expected.txt:
  • platform/mac/fast/multicol/client-rects-expected.txt:
  • platform/mac/fast/multicol/column-break-with-balancing-expected.txt:
  • platform/mac/fast/multicol/column-rules-expected.txt:
  • platform/mac/fast/multicol/column-rules-stacking-expected.txt:
  • platform/mac/fast/multicol/columns-shorthand-parsing-expected.txt:
  • platform/mac/fast/multicol/float-paginate-complex-expected.txt:
  • platform/mac/fast/multicol/float-paginate-empty-lines-expected.txt:
  • platform/mac/fast/multicol/float-paginate-expected.txt:
  • platform/mac/fast/multicol/layers-in-multicol-expected.txt:
  • platform/mac/fast/multicol/layers-split-across-columns-expected.txt:
  • platform/mac/fast/multicol/max-height-columns-block-expected.txt:
  • platform/mac/fast/multicol/nested-columns-expected.txt:
  • platform/mac/fast/multicol/newmulticol/client-rects-expected.txt:
  • platform/mac/fast/multicol/overflow-across-columns-expected.txt:
  • platform/mac/fast/multicol/overflow-across-columns-percent-height-expected.txt:
  • platform/mac/fast/multicol/overflow-unsplittable-expected.txt:
  • platform/mac/fast/multicol/paginate-block-replaced-expected.txt:
  • platform/mac/fast/multicol/pagination/BottomToTop-bt-expected.txt:
  • platform/mac/fast/multicol/pagination/BottomToTop-lr-expected.txt:
  • platform/mac/fast/multicol/pagination/BottomToTop-rl-expected.txt:
  • platform/mac/fast/multicol/pagination/BottomToTop-tb-expected.txt:
  • platform/mac/fast/multicol/pagination/LeftToRight-bt-expected.txt:
  • platform/mac/fast/multicol/pagination/LeftToRight-rl-expected.txt:
  • platform/mac/fast/multicol/pagination/LeftToRight-tb-expected.txt:
  • platform/mac/fast/multicol/pagination/RightToLeft-bt-expected.txt:
  • platform/mac/fast/multicol/pagination/RightToLeft-lr-expected.txt:
  • platform/mac/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
  • platform/mac/fast/multicol/pagination/RightToLeft-rl-expected.txt:
  • platform/mac/fast/multicol/pagination/RightToLeft-tb-expected.txt:
  • platform/mac/fast/multicol/pagination/TopToBottom-bt-expected.txt:
  • platform/mac/fast/multicol/pagination/TopToBottom-lr-expected.txt:
  • platform/mac/fast/multicol/pagination/TopToBottom-rl-expected.txt:
  • platform/mac/fast/multicol/positive-leading-expected.txt:
  • platform/mac/fast/multicol/scrolling-column-rules-expected.txt:
  • platform/mac/fast/multicol/scrolling-overflow-expected.txt:
  • platform/mac/fast/multicol/span/anonymous-style-inheritance-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
  • platform/mac/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
  • platform/mac/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
  • platform/mac/fast/multicol/span/span-as-nested-columns-child-expected.txt:
  • platform/mac/fast/multicol/span/span-margin-collapsing-expected.txt:
  • platform/mac/fast/multicol/table-vertical-align-expected.txt:
  • platform/mac/fast/multicol/tall-image-behavior-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/column-rules-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/float-multicol-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/float-paginate-expected.txt:
  • platform/mac/fast/multicol/vertical-lr/nested-columns-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/column-rules-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/float-multicol-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/float-paginate-expected.txt:
  • platform/mac/fast/multicol/vertical-rl/nested-columns-expected.txt:
  • platform/mac/fast/overflow/clip-rects-fixed-ancestor-expected.txt:
  • platform/mac/fast/overflow/float-in-relpositioned-expected.txt:
  • platform/mac/fast/overflow/overflow-auto-position-absolute-expected.txt:
  • platform/mac/fast/overflow/overflow-rtl-expected.txt:
  • platform/mac/fast/overflow/paged-x-div-expected.txt:
  • platform/mac/fast/overflow/paged-x-div-with-column-gap-expected.txt:
  • platform/mac/fast/overflow/paged-x-on-root-expected.txt:
  • platform/mac/fast/overflow/paged-x-with-column-gap-expected.txt:
  • platform/mac/fast/overflow/paged-y-div-expected.txt:
  • platform/mac/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
  • platform/mac/fast/regions/repaint/region-painting-via-layout-expected.txt:
  • platform/mac/fast/repaint/box-shadow-h-expected.txt:
  • platform/mac/fast/repaint/box-shadow-v-expected.txt:
  • platform/mac/fast/repaint/layer-outline-expected.txt:
  • platform/mac/fast/repaint/layer-outline-horizontal-expected.txt:
  • platform/mac/fast/table/edge-offsets-expected.txt:
  • platform/mac/fast/transforms/overflow-with-transform-expected.txt:
  • platform/mac/fast/transforms/rotated-transform-affects-scrolling-1-expected.txt:
  • platform/mac/fast/transforms/rotated-transform-affects-scrolling-2-expected.txt:
  • platform/mac/fast/writing-mode/Kusa-Makura-background-canvas-expected.txt:
  • platform/mac/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
  • platform/mac/scrollbars/scrollbars-on-positioned-content-expected.txt:
  • platform/mac/svg/custom/getscreenctm-in-scrollable-div-area-nested-expected.txt:
  • platform/mac/svg/custom/image-rescale-clip-expected.txt:
  • svg/overflow/overflow-on-foreignObject-expected.txt:
3:16 PM Changeset in webkit [196243] by sbarati@apple.com
  • 3 edits
    3 adds in trunk

Source/JavaScriptCore:
Follow up patch to: [ES6] bound functions .name property should be "bound " + the target function's name
https://bugs.webkit.org/show_bug.cgi?id=153796

Reviewed by Darin Adler.

This follow-up patch addresses some comments/suggestions by
Ryosuke, Darin, and Joe. It simplifies JSBoundFunction::toStringName
and adds some tests for bound names.

  • runtime/JSBoundFunction.cpp:

(JSC::hasInstanceBoundFunction):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::toStringName):

LayoutTests:
[ES6] bound functions .name property should be "bound " + the target function's name
https://bugs.webkit.org/show_bug.cgi?id=153796

Reviewed by Darin Adler.

  • js/bound-function-name-expected.txt: Added.
  • js/bound-function-name.html: Added.
  • js/script-tests/bound-function-name.js: Added.

(assert):
(assert.foo):
(bar):

2:26 PM Changeset in webkit [196242] by dbates@webkit.org
  • 26 edits
    6 adds in trunk

CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=153622
<rdar://problem/24400023>

Source/WebCore:

Reviewed by Gavin Barraclough.

Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
would be subject to the Content Security Policy of the page.

Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
the page.

Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html

http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...

  • bindings/js/ScriptController.h:
  • dom/Document.cpp:

(WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.

  • dom/Document.h:
  • dom/ScriptExecutionContext.h:

(WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
do not bypass the main world Content Security Policy.

  • page/EventSource.cpp:

(WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.

  • page/csp/ContentSecurityPolicy.h:
  • workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
this invariant to catch cases where a ScriptExecutionContext is not properly initialized.

  • workers/DedicatedWorkerGlobalScope.cpp:

(WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy and only apply the Content Security
Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
(WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.

  • workers/DedicatedWorkerGlobalScope.h:
  • workers/DedicatedWorkerThread.cpp:

(WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
(WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.

  • workers/DedicatedWorkerThread.h:
  • workers/Worker.cpp:

(WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
because it is dependent on the current JavaScript program stack at the time this function is invoked.
(WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.

  • workers/Worker.h:
  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
main world Content Security Policy and store it in a member field. Also, always instantiate a Content
Security Policy object as our current code assumes that one is always created.

  • workers/WorkerGlobalScope.h:
  • workers/WorkerGlobalScopeProxy.h:
  • workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.

  • workers/WorkerMessagingProxy.h:
  • workers/WorkerThread.cpp:

(WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
whether to bypass the main world Content Security Policy and store it in a member field.
(WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.
(WebCore::WorkerThread::workerThread): Ditto.

  • workers/WorkerThread.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

LayoutTests:

Reviewed by Gavin Barraclough and Andy Estes.

Add tests to ensure that a Web Worker initiated from an isolated world can bypass the main world
Content Security Policy.

  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html: Added.
11:25 AM Changeset in webkit [196241] by commit-queue@webkit.org
  • 4 edits in trunk

[cmake] Move LLVM detection for LLVMDisassembler to OptionsCommon.cmake
https://bugs.webkit.org/show_bug.cgi?id=153961

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-07
Reviewed by Michael Catanzaro.

  • Source/cmake/OptionsCommon.cmake:
  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
11:03 AM Changeset in webkit [196240] by fpizlo@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

String.match should defend against matches that would crash the VM
https://bugs.webkit.org/show_bug.cgi?id=153964
rdar://problem/24301119

Reviewed by Saam Barati.

This fixes a crash in an internal test case.

  • runtime/ArgList.cpp:

(JSC::MarkedArgumentBuffer::slowAppend): Use best practices to ensure that the size we

compute makes sense. Crash if it stops making sense, since most users of this API assume
that they are creating something small enough to fit on the stack.

  • runtime/ArgList.h:

(JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
(JSC::MarkedArgumentBuffer::size):
(JSC::MarkedArgumentBuffer::operator new): Deleted. These were ineffective. According to the

debugger, we were still calling system malloc. So, I changed the code to use fastMalloc()
directly.

(JSC::MarkedArgumentBuffer::operator delete): Deleted.

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch): Explicitly defend against absurd sizes. Of course, it's still

possible to crash the VM on OOME. That's sort of always been the philosophy of JSC - we
don't guarantee that you'll get a nice-looking error whenever you run out of memory,
since in a GC'd environment you can't really guarantee those things. But, if you have a
match that obvious won't fit in memory, then reporting an error is useful in case this is
a developer experimenting with a buggy regexp.

10:44 AM Changeset in webkit [196239] by mitz@apple.com
  • 21 edits in trunk/Source

[Cocoa] Replace has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
https://bugs.webkit.org/show_bug.cgi?id=153963

Reviewed by Sam Weinig.

Source/JavaScriptCore:

  • inspector/remote/RemoteInspectorXPCConnection.mm:

Source/WebCore:

  • accessibility/mac/AXObjectCacheMac.mm:
  • crypto/CommonCryptoUtilities.cpp:
  • crypto/CommonCryptoUtilities.h:
  • editing/mac/TextUndoInsertionMarkupMac.h:
  • editing/mac/TextUndoInsertionMarkupMac.mm:
  • platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
  • platform/graphics/cg/ImageSourceCG.cpp:
  • platform/graphics/mac/PDFDocumentImageMac.mm:
  • platform/network/ios/NetworkStateNotifierIOS.mm:
  • platform/network/mac/BlobDataFileReferenceMac.mm:
  • platform/network/mac/ResourceHandleMac.mm:
  • rendering/RenderThemeMac.mm:

Source/WebKit/mac:

  • WebView/WebPDFView.mm:

Source/WTF:

  • wtf/SystemTracing.h:
  • wtf/WTFThreadData.h:
  • wtf/spi/darwin/CommonCryptoSPI.h:
2:09 AM Changeset in webkit [196238] by Carlos Garcia Campos
  • 4 edits in trunk

REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
https://bugs.webkit.org/show_bug.cgi?id=153695

Reviewed by Michael Catanzaro.

Source/WebCore:

The problem is that ScrollAnimation objects are not destroyed by
the ScrollAnimator destructor, because I forgot to add a virtual
destructor for ScrollAnimation in r195661.

  • platform/ScrollAnimation.h:

(WebCore::ScrollAnimation::~ScrollAnimation):

LayoutTests:

  • platform/gtk/TestExpectations:

Feb 6, 2016:

10:34 PM Changeset in webkit [196237] by Chris Dumez
  • 9 edits in trunk/LayoutTests

Unreviewed, update several layout tests for WK1 after r196227.

  • http/tests/security/cross-frame-access-enumeration-expected.txt:
  • http/tests/security/cross-frame-access-enumeration.html:
  • http/tests/security/cross-frame-access-get-expected.txt:
  • http/tests/security/cross-frame-access-get.html:
  • http/tests/security/cross-frame-access-history-get-expected.txt:
  • http/tests/security/cross-frame-access-history-get-override-expected.txt:
  • http/tests/security/cross-frame-access-history-get-override.html:
  • http/tests/security/cross-frame-access-history-get.html:
9:55 PM Changeset in webkit [196236] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r195432): Web Inspector: bottom right section of the styles sidebar is 1px taller than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=153959
<rdar://problem/24541053>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content ~ .options-container):
(.sidebar > .panel.details.css-style > .content ~ .class-list-container)::
Revert the height to what it used to be prior r195432.

6:21 PM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
6:17 PM Changeset in webkit [196235] by Michael Catanzaro
  • 5 edits in trunk/LayoutTests

[GTK] Rebaseline some tests and update expectations after r196222

Unreviewed test gardening.

  • platform/gtk/TestExpectations:
  • platform/gtk/fast/clip/outline-overflowClip-expected.txt:
  • platform/gtk/fast/repaint/layer-outline-expected.txt:
  • platform/gtk/fast/repaint/layer-outline-horizontal-expected.txt:
6:03 PM Changeset in webkit [196234] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

Call CFRelease() on SecRequirementRef when no longer needed
https://bugs.webkit.org/show_bug.cgi?id=153954
<rdar://problem/24540259>

Reviewed by Dan Bernstein.

  • Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):

5:52 PM Changeset in webkit [196233] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] imported/blink/compositing/squashing/abspos-under-abspos-overflow-scroll.html is flaky

Unreviewed test gardening.

  • platform/gtk/TestExpectations:
5:51 PM Changeset in webkit [196232] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

FTL must store the call site index before runtime calls, even if it's the tail call slow path
https://bugs.webkit.org/show_bug.cgi?id=153955
rdar://problem/24290970

Reviewed by Saam Barati.

This is necessary because you could throw an exception in a host call on the tail call's slow
path. That'll route us to lookupExceptionHandler(), which unwinds starting with the call site
index of our frame. Bad things happen if it's not set. Prior to this patch it was possible
for the call site index field to be uninitialized, which meant that the throwing machinery
was making a wild guess about where we are.

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileTailCall):

  • tests/stress/tail-call-host-call-throw.js: Added.
4:45 PM Changeset in webkit [196231] by jonlee@apple.com
  • 2 edits in trunk/PerformanceTests

Code clean up: Move Rotater function closer to Stage static methods.
The Rotater is used together with those methods; keep them close.

  • Animometer/tests/resources/main.js:
4:39 PM Changeset in webkit [196230] by jonlee@apple.com
  • 3 edits in trunk/PerformanceTests

Update the JS includes due to ResultsTable move.

  • Animometer/developer.html:
  • Animometer/index.html:
4:34 PM Changeset in webkit [196229] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Move createElement and createSVGElement to Utilities.

  • Animometer/resources/extensions.js:

(Utilities.createElement): Added.
(Utilities.createSVGElement): Added.
(DocumentExtension.createElement): Deleted.
(DocumentExtension.createSvgElement): Deleted.

  • Animometer/resources/debug-runner/animometer.js:
  • Animometer/resources/runner/animometer.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-images.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-particles.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
4:27 PM Changeset in webkit [196228] by jonlee@apple.com
  • 10 edits in trunk/PerformanceTests

Add a convenience function for creating a class.

The pattern for creating a class is common enough to add as a Utilities
helper function. It also makes it easy to collapse class definitions when
editing.

  • Animometer/resources/debug-runner/animometer.js: Move ProgressBar definition,

since it is only used here.

  • Animometer/resources/runner/animometer.js: Move ResultsDashboard and

ResultsTable definition, since it is only used here.

  • Animometer/resources/extensions.js: Move Utilities definition to the top. Convert

Point, Insets, SimplePromise.
(ProgressBar): Moved to animometer.js.
(ResultsDashboard): Moved to animometer.js.
(ResultsTable): Moved to animometer.js.

  • Animometer/resources/runner/benchmark-runner.js: Convert BenchmarkRunnerState,

BenchmarkRunner.

  • Animometer/tests/resources/main.js: Convert Rotater, Stage, Animator, Benchmark.
  • Animometer/tests/resources/sampler.js: Convert Experiment, Sampler.

Convert test primitives.

  • Animometer/tests/master/resources/canvas-tests.js: Convert CanvasLineSegment,

CanvasArc, CanvasLinePoint.

  • Animometer/tests/simple/resources/simple-canvas-paths.js: Convert CanvasLineSegment,

CanvasLinePoint, CanvasQuadraticSegment, CanvasQuadraticPoint, CanvasBezierSegment,
CanvasBezierPoint, CanvasArcToSegment, CanvasArcToSegmentFill, CanvasArcSegment,
CanvasArcSegmentFill, CanvasRect, CanvasRectFill.

  • Animometer/tests/simple/resources/tiled-canvas-image.js: Convert CanvasImageTile.
4:18 PM Changeset in webkit [196227] by Chris Dumez
  • 18 edits
    2 deletes in trunk

Prevent cross-origin access to window.history
https://bugs.webkit.org/show_bug.cgi?id=153931

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to window.history to match the specification [1]
and the behavior of other browsers (tested Firefox and Chrome).

[1] https://html.spec.whatwg.org/multipage/browsers.html#security-window

No new tests, already covered by existing tests that
were updated in this patch.

  • bindings/js/JSHistoryCustom.cpp:

(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):
(WebCore::JSHistory::state): Deleted.

  • page/DOMWindow.idl:
  • page/History.idl:

LayoutTests:

Update / rebaseline several layout tests now that cross-origin access to
window.history is prevented.

  • fast/frames/sandboxed-iframe-history-denied-expected.txt:
  • http/tests/history/cross-origin-replace-history-object-child-expected.txt:
  • http/tests/security/cross-frame-access-call-expected.txt:
  • http/tests/security/cross-frame-access-call.html:
  • http/tests/security/cross-frame-access-delete-expected.txt:
  • http/tests/security/cross-frame-access-delete.html:
  • http/tests/security/cross-frame-access-history-prototype-expected.txt:
  • http/tests/security/cross-frame-access-history-put.html: Removed.
  • http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
  • http/tests/security/cross-frame-access-object-getPrototypeOf.html:
  • http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
  • http/tests/security/cross-frame-access-object-setPrototypeOf.html:
  • http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Removed.
3:41 PM Changeset in webkit [196226] by Beth Dakin
  • 3 edits in trunk/Source/WebCore

ScrollbarPainters needs to be deallocated on the main thread
https://bugs.webkit.org/show_bug.cgi?id=153932
-and corresponding-
rdar://problem/24015483

Reviewed by Dan Bernstein.

Darin pointed out that this was still race-y. There was still a race
condition between the destruction of the two local variables and the
destruction of the lambda on the main thread. This should fix that.

  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
(WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

3:36 PM Changeset in webkit [196225] by jonlee@apple.com
  • 5 edits in trunk/PerformanceTests

Minor improvements to debug harness.

  • Animometer/developer.html:
  • Animometer/resources/debug-runner/animometer.css:

(#suites): Put the complexity text boxes closer to the test names.
(#options):
(#rawFPS circle): Make the interval FPS appear as a separate data series, with a line.
(#intervalFPS path):
(#intervalFPS circle):

  • Animometer/resources/debug-runner/animometer.js:

(window.optionsManager.updateLocalStorageFromUI): Convert number inputs from text.
(window.suitesManager._onChangeTestCheckbox): Refactor to take a checkbox.
(window.suitesManager._createTestElement): Enhance such that typing into the complexity
input will automatically select that test for running.
(window.suitesManager.updateLocalStorageFromJSON): Make the harness work for private
browsing.

  • Animometer/resources/debug-runner/graph.js: Separate the intervalFPS data, and show

more accuracy in timestamps.

3:31 PM Changeset in webkit [196224] by jonlee@apple.com
  • 12 edits in trunk/PerformanceTests

Refactor helper methods for getting random values for a stage.

Instead of requiring a Stage instance, just attach it to the Stage object.

  • Animometer/tests/bouncing-particles/resources/bouncing-canvas-shapes.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
  • Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
  • Animometer/tests/master/resources/canvas-tests.js:
  • Animometer/tests/master/resources/particles.js:
  • Animometer/tests/misc/resources/canvas-electrons.js:
  • Animometer/tests/misc/resources/canvas-stars.js:
  • Animometer/tests/misc/resources/compositing-transforms.js:
  • Animometer/tests/resources/main.js:
  • Animometer/tests/simple/resources/simple-canvas-paths.js:
3:18 PM Changeset in webkit [196223] by Darin Adler
  • 57 edits in trunk/Source

Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
https://bugs.webkit.org/show_bug.cgi?id=153905

Reviewed by Sam Weinig.

Source/JavaScriptCore:

  • runtime/IntlObject.cpp:

(JSC::canonicalLangTag): Use converToASCIIUppercase on the language tag.

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncToLowerCase): Tweak style and update for name change.
(JSC::stringProtoFuncToUpperCase): Ditto.

Source/WebCore:

  • Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
tweaked style a tiny bit and used u_toupper rather than converting an entire
string to uppercase.

  • dom/Document.cpp:

(WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
of case folding rather than lowercasing.
(WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
(WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.

  • dom/Document.h: Ditto.
  • dom/DocumentOrderedMap.cpp:

(WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
(WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.

  • dom/DocumentOrderedMap.h: Ditto.
  • dom/TreeScope.cpp:

(WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
Simplified logic for cases where the URL does not have a "#" character in it.
Use case folding instead of lowercase.

  • editing/cocoa/HTMLConverter.mm:

(HTMLConverter::_processText): Removed unneded special case for the empty string.
Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
functions by their new names.

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
lowerasing for the usemap attribute.
(WebCore::HTMLImageElement::insertedInto): Ditto.
(WebCore::HTMLImageElement::removedFrom): Ditto.
(WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.

  • html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.
  • html/HTMLMapElement.cpp:

(WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
for usemap.
(WebCore::HTMLMapElement::parseAttribute): Ditto.

  • platform/Language.cpp:

(WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
(WebCore::indexOfBestMatchingLanguageInList): Ditto.

  • platform/graphics/harfbuzz/HarfBuzzShaper.cpp:

(WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.

  • platform/network/HTTPParsers.cpp:

(WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
of lowercasing to check for a specific header value.

  • platform/network/MIMEHeader.cpp:

(WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
(WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
instead of lowercasing.

  • platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
(WebCore::clientCertificates): Ditto.
(WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
set is now ASCII case-insensitive.
(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
(WebCore::ResourceHandle::setClientCertificate): Ditto.

  • platform/network/curl/CookieJarCurl.cpp:

(WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
lowercasing.

  • platform/network/curl/MultipartHandle.cpp:

(WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
make a MIME type lowercase.

  • platform/network/curl/ResourceHandleCurl.cpp:

(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
conversion to lowercase now that the set is ASCII case-insensitive.
(WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
that is then never used for anything.

  • platform/network/curl/ResourceHandleManager.cpp:

(WebCore::headerCallback): Use convertToASCIILowercase for MIME type.

  • platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names

ASCII case-insensitive.
(WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
is now ASCII case insensitve.
(WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
don't have to write out the map type.
(WebCore::sslIgnoreHTTPSCertificate): Ditto.
(WebCore::certVerifyCallback): Ditto.

  • platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names

ASCII case-insensitive.
(WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
(WebCore::handleUnignoredTLSErrors): Ditto.
(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
(WebCore::ResourceHandle::setClientCertificate): Ditto.

  • platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script

names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
(WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
unnecessary lowercasing of the script name before looking at the map.
(WebCore::localeToScriptCodeForFontSelection): Ditto.

  • platform/text/win/LocaleWin.cpp:

(WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
unneeded lowercasing.

  • platform/win/PasteboardWin.cpp:

(WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
of lowercasing.

  • rendering/RenderText.cpp:

(WebCore::applyTextTransform): Use new names for the upper and lower functions.

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
DOMImplementation now has ASCII case-insensitive handling of MIME types.

Source/WebKit/mac:

  • Plugins/WebBasePluginPackage.mm:

(-[WebBasePluginPackage getPluginInfoFromPLists]): Use modern for loops.
(-[WebBasePluginPackage supportsExtension:]): Use convertToASCIILowercase for extension assert.
Also use modern for loop.
(-[WebBasePluginPackage supportsMIMEType:]): Ditto.
(-[WebBasePluginPackage MIMETypeForExtension:]): Ditto.

Source/WebKit/win:

  • Plugins/PluginDatabase.cpp:

(WebCore::PluginDatabase::pluginForMIMEType): Use ASCII case-insensitive map rather
than lowercasing the MIME type.
(WebCore::PluginDatabase::setPreferredPluginForMIMEType): Ditto.

  • Plugins/PluginDatabase.h: Make m_preferredPlugins use an ASCII case-insensitive hash.
  • Plugins/PluginPackage.h: Use ASCII case-insensitive hash for maps keyed by MIME type.
  • Plugins/PluginPackageWin.cpp:

(WebCore::PluginPackage::fetchInfo): Use convertToASCIILowercase to lowercase a MIME type.

Source/WebKit2:

  • NetworkProcess/CustomProtocols/CustomProtocolManager.h: Use ASCII case-insensitive hash

for set of registered schemes.

  • Shared/Plugins/Netscape/mac/NetscapePluginModuleMac.mm:

(WebKit::getPluginInfoFromPropertyLists): Use convertToASCIILowercase for MIME type and
for file extensions.

  • Shared/Plugins/Netscape/x11/NetscapePluginModuleX11.cpp:

(WebKit::NetscapePluginModule::parseMIMEDescription): Use convertToASCIILowercase for
MIME description.

  • UIProcess/API/efl/ewk_context.cpp:

(ewk_context_preferred_languages_set): Use convertToASCIILowercase for language.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_set_preferred_languages): Use convertToASCIILowercase for language.

  • UIProcess/Plugins/PluginInfoStore.cpp:

(WebKit::PluginInfoStore::findPluginForExtension): Use Vector::contains instead of
writing it out using std::find.
(WebKit::pathExtension): Lowercase the result with convertToASCIILowercase instead of
leaving that to the caller.
(WebKit::PluginInfoStore::findPlugin): Removed call to lower since pathExtension
handles that now.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::findPlugin): Use convertToASCIILowercase for MIME type.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::globalURLSchemesWithCustomProtocolHandlers): Use
an ASCII case-insensitive hash.
(WebKit::WebProcessPool::registerGlobalURLSchemeAsHavingCustomProtocolHandlers):
Remove lowercasing, since the hash is now ASCII case-insensitive.
(WebKit::WebProcessPool::unregisterGlobalURLSchemeAsHavingCustomProtocolHandlers):
Ditto.

  • UIProcess/WebProcessPool.h: Use an ASCII case-insensitive hash.
  • WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::initialize): Use convertToASCIILowercase on parameter names
and values.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::pluginSupportsExtension): Use convertToASCIILowercase for extension assertion.
Also use a modern for loop.
(WebKit::WebFrameLoaderClient::objectContentType): Make the checks for empty MIME types
a little less redundant. Reordered logic to avoid checking the list of supported MIME
types extra times, and to eliminate the need for a boolean. Use convertToASCIILowercase
on the extension.

Source/WTF:

  • wtf/text/AtomicString.cpp:

(WTF::AtomicString::lower): Deleted.

  • wtf/text/AtomicString.h: Deleted the lower function.
  • wtf/text/StringImpl.cpp:

(WTF::StringImpl::convertToLowercaseWithoutLocale): Renamed from lower.
(WTF::StringImpl::convertToUppercaseWithoutLocale): Renamed from upper.
(WTF::StringImpl::convertToLowercaseWithLocale): Renamed from lower.
(WTF::StringImpl::convertToUppercaseWithLocale): Renamed from upper.
(WTF::StringImpl::foldCase): Added fast cases for ASCII since this is
now used in some more-performance-critical code.

  • wtf/text/StringImpl.h: Renamed lower and upper.
  • wtf/text/WTFString.cpp:

(WTF::String::convertToLowercaseWithoutLocale): Renamed from lower.
(WTF::String::convertToUppercaseWithoutLocale): Renamed from upper.
(WTF::String::convertToLowercaseWithLocale): Renamed from lower.
(WTF::String::convertToUppercaseWithLocale): Renamed from upper.

  • wtf/text/WTFString.h: Renamed lower and upper. Removed unneeded comment.
3:07 PM Changeset in webkit [196222] by Alan Bujtas
  • 46 edits
    4 adds in trunk

Outline should contribute to visual overflow.
https://bugs.webkit.org/show_bug.cgi?id=153299

This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
outline borders.
This patch fixes several focusring related repaint issues. However when both the outline: auto
and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
(Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/focus-ring-repaint.html

fast/repaint/focus-ring-repaint-with-negative-offset.html

  • css/html.css: resetting to old behavior.

(:focus):
(input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::addToLine):
(WebCore::InlineFlowBox::addOutlineVisualOverflow):
(WebCore::InlineFlowBox::computeOverflow):
(WebCore::InlineFlowBox::paint): Deleted.

  • rendering/InlineFlowBox.h:
  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeOverflow):
(WebCore::RenderBlock::outlineStyleForRepaint):
(WebCore::RenderBlock::paint): Deleted.

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::layoutBlock): Deleted.
(WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::addOverflowFromInlineChildren):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::addVisualEffectOverflow):
(WebCore::RenderBox::applyVisualEffectOverflow):
(WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.

  • rendering/RenderBoxModelObject.h:
  • rendering/RenderDetailsMarker.cpp:

(WebCore::RenderDetailsMarker::paint): Deleted.

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::insertChildInternal):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::repaintAfterLayoutIfNeeded):
(WebCore::RenderElement::issueRepaintForOutlineAuto):
(WebCore::RenderElement::updateOutlineAutoAncestor):
(WebCore::RenderElement::computeMaxOutlineSize): Deleted.
(WebCore::RenderElement::styleWillChange): Deleted.

  • rendering/RenderElement.h:

(WebCore::RenderElement::hasContinuation):

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::paintOutlineForLine): Deleted.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::anyLineIntersectsRect):
(WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
(WebCore::RenderLineBoxList::paint):
(WebCore::isOutlinePhase): Deleted.

  • rendering/RenderLineBoxList.h:
  • rendering/RenderListBox.cpp:

(WebCore::RenderListBox::computePreferredLogicalWidths):

  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::paint): Deleted.

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
issue the repaint on the ancestor if we crossed repaint container.

(WebCore::RenderObject::repaintUsingContainer):
(WebCore::RenderObject::adjustRectForOutlineAndShadow):
(WebCore::RenderObject::setHasOutlineAutoAncestor):
(WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.

  • rendering/RenderObject.h: We mark the descendants of outline: auto so that

when a child renderer changes we can propagate the repaint to the ancestor with outline.

(WebCore::RenderObject::hasOutlineAutoAncestor):
(WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):

  • rendering/RenderRegion.cpp:

(WebCore::RenderRegion::overflowRectForFlowThreadPortion):

  • rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::shouldPaint): Deleted.
(WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::paint): Deleted.

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
(WebCore::RenderTableCell::paintCollapsedBorders): Deleted.

  • rendering/RenderTableRow.cpp:

(WebCore::RenderTableRow::layout):
(WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.

  • rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::layoutRows):
(WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
(WebCore::RenderTableSection::paintObject): Deleted.

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::platformFocusRingWidth):

  • rendering/RenderView.cpp:

(WebCore::RenderView::setMaximalOutlineSize): Deleted.

  • rendering/RenderView.h:
  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeAffectsVisualOverflow):
(WebCore::RenderStyle::outlineWidth):

  • rendering/style/RenderStyle.h:

LayoutTests:

  • fast/repaint/focus-ring-repaint-expected.txt: Added.
  • fast/repaint/focus-ring-repaint.html: Added.
  • fast/repaint/focus-ring-repaint-expected-with-negative-offset.txt: Added.
  • fast/repaint/focus-ring-repaint-with-negative-offset.html: Added.
  • TestExpectations:
  • platform/mac/TestExpectations:
  • platform/mac/compositing/geometry/ancestor-overflow-change-expected.txt:
  • platform/mac/compositing/geometry/composited-in-columns-expected.txt:
  • platform/mac/compositing/layer-creation/overlap-animation-container-expected.txt:
  • platform/mac/compositing/layer-creation/stacking-context-overlap-nested-expected.txt:
  • platform/mac/compositing/visibility/visibility-image-layers-dynamic-expected.txt:
  • platform/mac/fast/clip/outline-overflowClip-expected.txt:
  • platform/mac/fast/inline/continuation-outlines-with-layers-expected.txt:
  • platform/mac/fast/repaint/4776765-expected.txt: Added.
  • platform/mac/fast/repaint/focus-ring-expected.txt: Added.
  • platform/mac/fast/repaint/layer-outline-expected.txt:
  • platform/mac/fast/repaint/layer-outline-horizontal-expected.txt:
  • platform/mac/svg/custom/focus-ring-expected.txt:
10:14 AM Changeset in webkit [196221] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Various tests are flaky

More unreviewed test gardening.

  • platform/gtk/TestExpectations:
10:13 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
10:12 AM Changeset in webkit [196220] by Chris Dumez
  • 7 edits
    2 adds in trunk

Object.getOwnPropertyDescriptor() does not work on sub-frame's window
https://bugs.webkit.org/show_bug.cgi?id=153925

Reviewed by Darin Adler.

Source/JavaScriptCore:

Calling Object.getOwnPropertyDescriptor() on a sub-frame's window was
returning undefined for that window's own properties. The reason was
that the check getOwnPropertySlot() is using to make sure the
PropertySlot is not for a property coming from the prototype was wrong.

The check was checking that 'this != slotBase' which works fine unless
this is a JSProxy (e.g. JSDOMWindowShell). To handle proxies, the code
was also checking that 'slotBase.toThis() != this', attempting to
get the slotBase/Window's proxy. However, due to the implementation of
toThis(), we were getting the lexical global object's proxy instead of
slotBase's proxy. To avoid this issue, the new code explicitly checks
if 'this' is a JSProxy and makes sure 'JSProxy::target() != slotBase',
instead of using toThis().

  • runtime/JSObject.cpp:

(JSC::JSObject::getOwnPropertyDescriptor):

LayoutTests:

  • fast/dom/Window/getOwnPropertyDescriptor-other-window-expected.txt: Added.
  • fast/dom/Window/getOwnPropertyDescriptor-other-window.html: Added.

Add test case to test calling Object.getOwnPropertyDescriptor() on a
sub-frame's window.

  • http/tests/security/cross-origin-window-property-access-expected.txt:
  • http/tests/security/cross-origin-window-property-access.html:
  • Update test use use an iframe instead of opening a Window for convenience.
  • Use an actual cross-origin URL. The previous URL was same-origin and therefore the test would have failed if window.location was a proper getter/setter instead of a 'value' descriptor.
  • Add more tests to cover other Window properties (such as 'name') which are actual getter / setters to make sure using the current window's getter on a cross origin window does not bypass the security origin checks.
  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
  • Drop checks for properties for which cross-origin access via

getOwnPropertyDescriptor() now works. They used to not work because of the bug
this patch fixes, and not due to security checks.

  • Most of these properties are part of the properties that the specification

states can be accessed cross-origin:

https://html.spec.whatwg.org/multipage/browsers.html#security-window

  • ALL of these properties could already be accessed cross origin via regular

property getters (e.g. crossOriginWindow.blur) in Safari 9 so there should not
be any reason for getOwnPropertyDescriptor() not to work.

  • I have also verified that Firefox allows cross-origin access for all these properties (via regular getters or getOwnPropertyDescriptor), except for the 'history' property. We may want to align our behavior here and prevent cross-origin access to 'window.history' but this is not a regression in this patch. You could already access crossOriginWindow.history in Safari 9.
9:33 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
9:26 AM Changeset in webkit [196219] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Various tests are flaky

Unreviewed test gardening.

  • platform/gtk/TestExpectations:
9:26 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
9:01 AM Changeset in webkit [196218] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Gardening for unexpected passes

Unreviewed test gardening.

  • platform/gtk/TestExpectations:
9:00 AM Changeset in webkit [196217] by akling@apple.com
  • 7 edits in trunk/Source

[iOS] Throw away linked code when navigating to a new page.
<https://webkit.org/b/153851>

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

Add a VM API for throwing away linked code only.

  • runtime/VM.cpp:

(JSC::VM::deleteAllLinkedCode):

  • runtime/VM.h:

Source/WebCore:

When navigating to a new page, tell JSC to throw out any linked code it has lying around.
Linked code is tied to a specific global object, and as we're creating a new one for the
new page, none of it is useful to us here.

In the event that the user navigates back, the cost of relinking some code will be far
lower than the memory cost of keeping all of it around.

This landed previously but was rolled out due to a Speedometer regression. I've made one
minor but important change here: only throw away code if we're navigating away from an
existing history item. Or in other words, don't throw away code for "force peeks" or any
other navigations that are not traditional top-level main frame navigations.

  • bindings/js/GCController.cpp:

(WebCore::GCController::deleteAllLinkedCode):

  • bindings/js/GCController.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

7:55 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
Move myself to Saturday because Friday gardening sucks (diff)
5:44 AM Changeset in webkit [196216] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
https://bugs.webkit.org/show_bug.cgi?id=153924

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-06
Reviewed by Andreas Kling.

No new tests needed.

  • accessibility/AXObjectCache.h:

(WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
(WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
(WebCore::AXObjectCache::rangeForNodeContents): Ditto.
(WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
(WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
(WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
(WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.

4:51 AM Changeset in webkit [196215] by Antti Koivisto
  • 3 edits in trunk/Source/WebCore

Use scope stack instead of nested TreeResolvers for shadow trees
https://bugs.webkit.org/show_bug.cgi?id=153893

Reviewed by Andreas Kling.

Make TreeResolver per-document. This is a step towards iterative style resolve.

This is done replacing use of nested TreeResolvers with a scope stack that maintains
the style resolver and the selector filter for the current tree scope.

  • style/StyleTreeResolver.cpp:

(WebCore::Style::ensurePlaceholderStyle):
(WebCore::Style::TreeResolver::Scope::Scope):
(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::shouldCreateRenderer):
(WebCore::Style::TreeResolver::styleForElement):
(WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
(WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
(WebCore::Style::TreeResolver::createRenderTreeRecursively):
(WebCore::Style::TreeResolver::resolveLocally):
(WebCore::Style::TreeResolver::resolveShadowTree):
(WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
(WebCore::Style::TreeResolver::resolveChildren):
(WebCore::Style::TreeResolver::resolveSlotAssignees):
(WebCore::Style::TreeResolver::resolveRecursively):
(WebCore::Style::TreeResolver::resolve):
(WebCore::Style::detachRenderTree):

  • style/StyleTreeResolver.h:

(WebCore::Style::TreeResolver::scope):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::TreeResolver::pushEnclosingScope):
(WebCore::Style::TreeResolver::popScope):

3:29 AM Changeset in webkit [196214] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Fix more incorrect ASSERT introduced in r196053.

  • WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:

(WebKit::NetscapePluginX11::handleMouseEvent):
(WebKit::NetscapePluginX11::handleWheelEvent):
(WebKit::NetscapePluginX11::setFocus):
(WebKit::NetscapePluginX11::handleMouseEnterEvent):
(WebKit::NetscapePluginX11::handleMouseLeaveEvent):
(WebKit::NetscapePluginX11::handleKeyboardEvent):

2:12 AM Changeset in webkit [196213] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Unreviewed, rolling out r196104.
https://bugs.webkit.org/show_bug.cgi?id=153940

Regressed Speedometer on iOS (Requested by kling on #webkit).

Reverted changeset:

"[iOS] Throw away linked code when navigating to a new page."
https://bugs.webkit.org/show_bug.cgi?id=153851
http://trac.webkit.org/changeset/196104

Note: See TracTimeline for information about the timeline view.