Context Navigation

← Previous Period
Next Period →

Timeline

Feb 21, 2016:

11:29 PM Changeset in webkit [196896] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

CodeBlock always visits its unlinked code twice
https://bugs.webkit.org/show_bug.cgi?id=154494

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-21
Reviewed by Saam Barati.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::visitChildren):
The unlinked code is always visited in stronglyVisitStrongReferences.

10:30 PM Changeset in webkit [196895] by Chris Dumez

2 edits in trunk/LayoutTests/imported/w3c

Unreviewed, rebaseline html/dom/interfaces.html.

web-platform-tests/html/dom/interfaces-expected.txt:

10:28 PM Changeset in webkit [196894] by Chris Dumez

19 edits in trunk

HTMLScriptElement.crossOrigin / HTMLImageElement.crossOrigin should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154502

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:
web-platform-tests/html/dom/reflection-embedded-expected.txt:
web-platform-tests/html/dom/reflection-misc-expected.txt:

Source/WebCore:

HTMLScriptElement.crossOrigin / HTMLImageElement.crossOrigin should only
return known values and should be nullable as per the specification:

This aligns our behavior with the HTML specification and Firefox.

No new tests, already covered by existing tests.

bindings/scripts/CodeGeneratorJS.pm:

Add support for nullable DOMString attributes. If such attribute is
marked as nullable:

A null string is passed to the implementation if the setter is called with null/undefined.
null is returned to the Javascript if the getter implementation returns a null string.

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:
bindings/scripts/test/TestObj.idl:

Add test coverage for nullable DOMString attributes
and rebaseline bindings tests.

html/HTMLImageElement.cpp:
html/HTMLImageElement.h:
html/HTMLImageElement.idl:
html/HTMLScriptElement.cpp:
html/HTMLScriptElement.h:
html/HTMLScriptElement.idl:
html/parser/HTMLParserIdioms.cpp:
html/parser/HTMLParserIdioms.h:

9:52 PM Changeset in webkit [196893] by Chris Dumez

14 edits
1 add
6 deletes in trunk

Make HTMLSelectElement.size behave as per the specification
https://bugs.webkit.org/show_bug.cgi?id=154504

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/reflection-forms-expected.txt:
web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Make HTMLSelectElement.size behave as per the specification:

In particular, it should be unsigned and be in the range [0; 2147483647].

Also update several unsigned long attributes in our HTML implementation to use
parseHTMLNonNegativeInteger() to parse unsigned integers as per the HTML
specification, instead of calling String::toUint().

No new tests, already covered by existing tests.

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseAttribute):
(WebCore::HTMLInputElement::size):
(WebCore::HTMLInputElement::setSize):

html/HTMLInputElement.h:
html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::parseAttribute):
(WebCore::HTMLSelectElement::setSize):
(WebCore::HTMLSelectElement::namedItem): Deleted.
(WebCore::HTMLSelectElement::item): Deleted.

html/HTMLSelectElement.h:

(WebCore::HTMLSelectElement::size):

html/HTMLSelectElement.idl:
html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::setSpan):

html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::parseAttribute):
(WebCore::HTMLTextAreaElement::setCols):
(WebCore::HTMLTextAreaElement::setRows):

html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):

LayoutTests:

Update test that was covering the case of an HTMLSelectElement with an
invalid size attribute. The test was expecting the bad "size" attribute
value to get corrected so that the select element looks like a menu list.
This workaround was added back in 2007 to workaround a bug on
www.chainreaction.com (rdar://problem/4697438). This patch drops the
workaround in HTMLSelectElement::parseAttribute() because:

This is not standard behavior as per the HTML specification
This behavior does not match Firefox either
The workaround is no longer needed for www.chainreaction.com.

fast/forms/select-size-expected.html: Added.
fast/forms/select-size.html:
platform/efl/fast/forms/select-size-expected.txt: Removed.
platform/gtk/fast/forms/select-size-expected.txt: Removed.
platform/ios-simulator/fast/forms/select-size-expected.txt: Removed.
platform/mac/fast/forms/select-size-expected.png: Removed.
platform/mac/fast/forms/select-size-expected.txt: Removed.
platform/win/fast/forms/select-size-expected.txt: Removed.

9:26 PM Changeset in webkit [196892] by dbates@webkit.org

4 edits in trunk

CSP: Enable form-action directive by default
https://bugs.webkit.org/show_bug.cgi?id=154520
<rdar://problem/24762029>

Reviewed by Sam Weinig.

Source/WebCore:

page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the form-action
directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.
(WebCore::isExperimentalDirectiveName): Remove form-action from the directives considered
experimental.

LayoutTests:

Mark form-action tests as Pass so that we run them.

TestExpectations:

8:49 PM Changeset in webkit [196891] by BJ Burg

9 edits
2 moves
2 adds in trunk/Source

Web Inspector: add 'Automation' protocol domain and generate its backend classes separately in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=154509
<rdar://problem/24759098>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Add a new 'WebKit' framework, which is used to generate protocol code
in WebKit2.

Add --backend and --frontend flags to the main generator script.
These allow a framework to trigger two different sets of generators
so they can be separately generated and compiled.

inspector/scripts/codegen/models.py:

(Framework.fromString):
(Frameworks): Add new framework.

inspector/scripts/generate-inspector-protocol-bindings.py:

If neither --backend or --frontend is specified, assume both are wanted.
This matches the behavior for JavaScriptCore and WebInspector frameworks.

(generate_from_specification):
Generate C++ files for the backend and Objective-C files for the frontend.

Source/WebKit2:

Add a new 'Automation' domain which presents an RPC interface
for sending automation commands to an active WebAutomationSession
in the UIProcess via RemoteInspector. This is similar to how the
Inspector backend communicates bidirectionally with a remote
Inspector frontend.

Add build system logic to generate JSON-RPC protocol bindings
for the 'Automation' domain using the inspector code generators.

Move automation-related files that are not API or SPI into their
own directory.

Configurations/BaseTarget.xcconfig: Tell where JavaScriptCore's

private headers are, since that's where the code generators live.

CMakeLists.txt: Look in UIProcess/Automation directory.
PlatformMac.cmake:
DerivedSources.make: Generate protocol bindings for a single domain.

The names of the generated files will be improved in a follow-up patch
so that they do not clash with generated files in JavaScriptCore.

UIProcess/Automation/Automation.json: Added.
UIProcess/Automation/WebAutomationSession.cpp: Renamed from Source/WebKit2/UIProcess/WebAutomationSession.cpp.

(WebKit::WebAutomationSession::WebAutomationSession):
(WebKit::WebAutomationSession::~WebAutomationSession):
Set up a backend dispatcher and frontend router. They will be used later.

(WebKit::WebAutomationSession::dispatchMessageFromRemote):
Forward messages from the remote to the backend dispatcher. When
an agent / command handler is registered, it will receive the message.

(WebKit::WebAutomationSession::connect):
(WebKit::WebAutomationSession::disconnect):
Connenct and disconnect the frontend router to the remote channel.

UIProcess/Automation/WebAutomationSession.h: Renamed from Source/WebKit2/UIProcess/WebAutomationSession.h.
WebKit2.xcodeproj/project.pbxproj: Add and move files.

7:28 PM Changeset in webkit [196890] by Chris Dumez

24 edits
3 adds in trunk

Add username / password attributes to HTMLAnchorElement / HTMLAreaElement
https://bugs.webkit.org/show_bug.cgi?id=154519

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Add username / password attributes to HTMLAnchorElement / HTMLAreaElement as per:
https://html.spec.whatwg.org/#htmlhyperlinkelementutils

Firefox and Chrome already implement these.

Also stop treating null as the empty string for the HTMLHyperlinkElementUtils
attributes. This behavior does not match the specification or other browsers
(tested Firefox and Chrome).

Test: fast/dom/HTMLAnchorElement/set-href-attribute-user-pass.html

CMakeLists.txt:
DerivedSources.make:
WebCore.xcodeproj/project.pbxproj:
html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::username):
(WebCore::HTMLAnchorElement::setUsername):
(WebCore::HTMLAnchorElement::password):
(WebCore::HTMLAnchorElement::setPassword):

html/HTMLAnchorElement.h:
html/HTMLAnchorElement.idl:
html/HTMLAreaElement.idl:
html/HTMLHyperlinkElementUtils.idl: Added.

LayoutTests:

fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hash.js:
fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js:
fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hostname.js:
fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-pathname.js:
fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-protocol.js:
fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-search.js:
fast/dom/HTMLAnchorElement/set-href-attribute-hash-expected.txt:
fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt:
fast/dom/HTMLAnchorElement/set-href-attribute-hostname-expected.txt:
fast/dom/HTMLAnchorElement/set-href-attribute-pathname-expected.txt:
fast/dom/HTMLAnchorElement/set-href-attribute-protocol-expected.txt:
fast/dom/HTMLAnchorElement/set-href-attribute-search-expected.txt:

Update / rebaseline tests now that we no longer treat null as the empty string.

fast/dom/HTMLAnchorElement/set-href-attribute-user-pass-expected.txt: Added.
fast/dom/HTMLAnchorElement/set-href-attribute-user-pass.html: Added.

Add test coverage for setting the username / password attributes.

js/dom/dom-static-property-for-in-iteration-expected.txt:

Rebaseline now that HTMLAnchorElement / HTMLAreaElement have 2 additional
attributes: username and password.

7:27 PM Changeset in webkit [196889] by Chris Dumez

6 edits
2 adds in trunk

iframe/frame/object.contentDocument should be on the prototype
https://bugs.webkit.org/show_bug.cgi?id=154409

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Move iframe/frame/object.contentDocument to the prototype. They used
to be on the instance due to the [CheckSecurityForNode] IDL extended
attribute. This patch updates the bindings generator so that such
attributes are now on the prototype. While they are now on the
prototype, the security checks are still generated in the
corresponding getters and setters so cross origin access is still
prevented.

Test: http/tests/security/cross-origin-iframe-contentDocument.html

bindings/scripts/CodeGeneratorJS.pm:

(AttributeShouldBeOnInstance): Deleted.

LayoutTests:

Add test coverage for trying to access iframe.contentDocument cross origin
to make sure it still fails and logs a security error.

http/tests/security/cross-origin-iframe-contentDocument-expected.txt: Added.
http/tests/security/cross-origin-iframe-contentDocument.html: Added.

6:33 PM Changeset in webkit [196888] by Darin Adler

15 edits in trunk/Source

Refactor LazyEventListener creation to separate Element and Document cases
https://bugs.webkit.org/show_bug.cgi?id=154231

Reviewed by Andreas Kling.

Source/WebCore:

bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::create): Added. Newly factored to separate
Element, Document, and DOMWindow with overloading.
(WebCore::JSLazyEventListener::createForNode): Deleted.
(WebCore::JSLazyEventListener::createForDOMWindow): Deleted.

bindings/js/JSLazyEventListener.h: Replaced the separate createForNode

and createForDOMWindow functions with a single overloaded function create,
which takes an Element, Document, or DOMWindow. Also changed indentation
to match the style guide.

dom/Attr.h: Added newly needed forward class declaration.

dom/ContainerNode.cpp:

(WebCore::ContainerNode::setAttributeEventListener): Deleted.

dom/ContainerNode.h: Deleted setAttributeEventListener override; it's now

done separately by Element and Document.

dom/Document.cpp:

(WebCore::Document::setAttributeEventListener): Added. Makes the lazy event
listener and calls through to the base class's setAttributeEventListener.
(WebCore::Document::setWindowAttributeEventListener): Updated to call just
create instead of createForDOMWindow.

dom/Document.h: Removed some unneeded forward declarations. Added the

overload for setAttributeEventListener. Removed a no longer useful comment.

dom/Element.cpp:

(WebCore::Element::setAttributeEventListener): Added. Makes the lazy event
listener and calls through to the base class's setAttributeEventListener.

dom/Element.h: Removed some unneeded forward declarations. Added the

overload for setAttributeEventListener.

dom/Node.h: Removed many unneeded forward declarations.

dom/NodeRareData.h: Added one forward declaration.

editing/Editor.h: Added one forward declaration.

Source/WebKit/win:

WebView.h: Forward declare KeyboardEvent.

5:55 PM Changeset in webkit [196887] by Sukolsak Sakshuwong

8 edits in trunk/Source/JavaScriptCore

Improvements to Intl code
https://bugs.webkit.org/show_bug.cgi?id=154486

Reviewed by Darin Adler.

This patch does several things:

Use std::unique_ptr to store ICU objects.
Pass Vector::size() to ICU functions that take a buffer size instead of Vector::capacity().
If U_SUCCESS(status) is true, it means there is no error, but there could be warnings. ICU functions ignore warnings. So, there is no need to reset status to U_ZERO_ERROR.
Remove the initialization of the String instance variables of IntlDateTimeFormat. These values are never read and cause unnecessary memory allocation.
Fix coding style.
Some small optimization.

runtime/IntlCollator.cpp:

(JSC::IntlCollator::UCollatorDeleter::operator()):
(JSC::IntlCollator::createCollator):
(JSC::IntlCollator::compareStrings):
(JSC::IntlCollator::~IntlCollator): Deleted.

runtime/IntlCollator.h:
runtime/IntlDateTimeFormat.cpp:

(JSC::IntlDateTimeFormat::UDateFormatDeleter::operator()):
(JSC::defaultTimeZone):
(JSC::canonicalizeTimeZoneName):
(JSC::toDateTimeOptionsAnyDate):
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
(JSC::IntlDateTimeFormat::weekdayString):
(JSC::IntlDateTimeFormat::format):
(JSC::IntlDateTimeFormat::~IntlDateTimeFormat): Deleted.
(JSC::localeData): Deleted.

runtime/IntlDateTimeFormat.h:
runtime/IntlDateTimeFormatConstructor.cpp:
runtime/IntlNumberFormatConstructor.cpp:
runtime/IntlObject.cpp:

(JSC::numberingSystemsForLocale):

5:45 PM Changeset in webkit [196886] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Remove arrowfunction test cases that rely on arguments variable in jsc
https://bugs.webkit.org/show_bug.cgi?id=154517

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-21
Reviewed by Yusuke Suzuki.

Allow to jsc has the same behavior in javascript as browser has

tests/stress/arrowfunction-lexical-bind-arguments-non-strict-1.js:
tests/stress/arrowfunction-lexical-bind-arguments-strict.js:

5:30 PM Changeset in webkit [196885] by dbates@webkit.org

1 edit
3 adds in trunk/LayoutTests

CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154299
<rdar://problem/24680433>

Add iOS Simulator-specific expected result for test http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.html.

platform/ios-simulator/http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe-expected.txt: Added.

5:29 PM Changeset in webkit [196884] by Ryan Haddad

1 edit
1 add in trunk/LayoutTests

Adding ios-simulator baseline for js/number-toLocaleString.html
https://bugs.webkit.org/show_bug.cgi?id=154524

Unreviewed test gardening.

platform/ios-simulator/js/number-toLocaleString-expected.txt: Added.

5:27 PM Changeset in webkit [196883] by Chris Dumez

8 edits in trunk/LayoutTests/imported/w3c

Re-sync W3C HTML/DOM web-platform-tests
https://bugs.webkit.org/show_bug.cgi?id=154513

Reviewed by Darin Adler.

Re-sync W3C HTML/DOM web-platform-tests after:

web-platform-tests/html/dom/elements-embedded.js:
web-platform-tests/html/dom/elements-misc.js:
web-platform-tests/html/dom/interfaces.html:
web-platform-tests/html/dom/reflection-embedded-expected.txt:
web-platform-tests/html/dom/reflection-misc-expected.txt:
web-platform-tests/html/dom/reflection.js:

(ReflectionTests.doReflects):

5:23 PM Changeset in webkit [196882] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html for ios-simulator after r196846

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

4:08 PM Changeset in webkit [196881] by BJ Burg

10 edits in trunk/Source/JavaScriptCore

Web Inspector: it should be possible to omit generated code guarded by INSPECTOR_ALTERNATE_DISPATCHERS
https://bugs.webkit.org/show_bug.cgi?id=154508
<rdar://problem/24759077>

Reviewed by Timothy Hatcher.

In preparation for being able to generate protocol files for WebKit2,
make it possible to not emit generated code that's guarded by
ENABLE(INSPECTOR_ALTERNATE_DISPATCHERS). This code is not needed by
backend dispatchers generated outside of JavaScriptCore. We can't just
define it to 0 for WebKit2, since it's defined to 1 in <wtf/Platform.h>
in the configurations where the code is actually used.

Add a new opt-in Framework configuration option that turns on generating
this code. Adjust how the code is generated so that it can be easily excluded.

inspector/scripts/codegen/cpp_generator_templates.py:

Make a separate template for the declarations that are guarded.
Add an initializer expression so the order of initalizers doesn't matter.

inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:

(CppBackendDispatcherHeaderGenerator.generate_output): Add a setting check.
(CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
If the declarations are needed, they will be appended to the end of the
declarations list.

inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:

(CppBackendDispatcherImplementationGenerator.generate_output): Add a setting check.
(CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command): Add a setting check.

inspector/scripts/codegen/models.py: Set the 'alternate_dispatchers' setting

to True for Framework.JavaScriptCore only. It's not needed elsewhere.

Rebaseline affected tests.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:

4:05 PM Changeset in webkit [196880] by BJ Burg

15 edits in trunk/Source/JavaScriptCore

Web Inspector: clean up generator selection in generate-inspector-protocol-bindings.py
https://bugs.webkit.org/show_bug.cgi?id=154505
<rdar://problem/24758042>

Reviewed by Timothy Hatcher.

It should be possible to generate code for a framework using some generators
that other frameworks also use. Right now the generator selection code assumes
that use of a generator is mutually exclusive among non-test frameworks.

Make this code explicitly switch on the framework. Reorder generators
alpabetically within each case.

inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification):

Rebaseline tests that are affected by generator reorderings.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
inspector/scripts/tests/expected/type-declaration-array-type.json-result:
inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
inspector/scripts/tests/expected/type-declaration-object-type.json-result:
inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

3:02 PM Changeset in webkit [196879] by dbates@webkit.org

2 edits
3 moves in trunk/LayoutTests

Another attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Rename Content Extension JSON files so that they are associated with tests http/tests/contentextensions/block-cookies-in-csp-report.php
http/tests/contentextensions/block-csp-report.php and http/tests/contentextensions/hide-on-csp-report.php. These
files were formerly named block-cookies-in-csp-report.html, block-csp-report.html, and hide-on-csp-report.html,
respectively, prior to <https://trac.webkit.org/changeset/196878>. Also, update expected result for test block-csp-report.html
following <https://trac.webkit.org/changeset/196878>.

http/tests/contentextensions/block-cookies-in-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.json.
http/tests/contentextensions/block-csp-report-expected.txt:
http/tests/contentextensions/block-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.json.
http/tests/contentextensions/hide-on-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.json.

1:37 PM Changeset in webkit [196878] by dbates@webkit.org

1 edit
3 moves in trunk/LayoutTests

Attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Convert Content Extension tests that use the Content Security Policy directive report-uri from HTML files
to PHP scripts and modified them to define the content security policy for the page via the Content-Security-Policy
HTTP header instead of via a meta element so that the report-uri directive is honored. Following
<https://trac.webkit.org/changeset/196875> the directive report-uri is only honored when contained in a
policy that is delivered via an HTTP header. That is, it is no longer honored when delivered in a meta element.

http/tests/contentextensions/block-cookies-in-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.
http/tests/contentextensions/block-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.
http/tests/contentextensions/hide-on-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.

11:51 AM Changeset in webkit [196877] by dbates@webkit.org

6 edits in trunk

CSP: Violation report should include column number
https://bugs.webkit.org/show_bug.cgi?id=154418
<rdar://problem/24729525>

Reviewed by Brent Fulgham.

Source/WebCore:

Include column-number in the Content Security Policy violation report for the column number
in the source script where the violation occurred (for a script violation) as per section
Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

When a CSP report is created for a script violation the source file and line number of the
source code line where the violation occurred are included in the report. We now include
the column number in the source file where the violation occurred so as to help narrow
down the operation that triggered the violation in a complicated source code line.

page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation):

LayoutTests:

Update expected results to include source file column information where the violation occurred.

http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:

11:45 AM Changeset in webkit [196876] by dbates@webkit.org

24 edits
1 move
2 adds in trunk

CSP: Violation report should include HTTP status code and effective-directive of protected resource
https://bugs.webkit.org/show_bug.cgi?id=154288
<rdar://problem/24674982>
And
https://bugs.webkit.org/show_bug.cgi?id=115707
<rdar://problem/24383128>

Reviewed by Brent Fulgham.

Source/WebCore:

Include status-code and effective-directive in the Content Security Policy violation report for
the HTTP status code of the protected resource and name of the policy directive that was violated,
respectively, as per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Test: http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html

page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation): Add key status-code to the report with value
equal to the HTTP response code for the document or 0 depending on whether the document was
delivered over HTTP or not. Additionally, remove ENABLE(CSP_NEXT)-guard/experimentalFeaturesEnabled()-condition
around code to include the effective-directive property in the report.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html to ensure
that the CSP report property status-code is 0 when the protected document is delivered over HTTPS. Fix a
correctness issue in the result for test http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html
and update the expected results for the following tests now that the CSP violation report includes properties
status-code and effective-directive:

http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php

The rest of the changes to the expected results are cosmetic and reflect the difference in wording for inline
script violations between WebKit and Blink. We will consider adopting wording similar to Blink in
<https://bugs.webkit.org/show_bug.cgi?id=153242>.

TestExpectations: Remove entries for tests that now pass. Add test http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php.
http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.html. The report-uri

directive is only honored when defined in a policy delivered via an HTTP header. We convert this
HTML file to a PHP script to be able to deliver a Content-Security-Policy HTTP header.

http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-only-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt: Added.
http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html: Added.
http/tests/security/contentSecurityPolicy/report-uri-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html: Fix ill-formed markup; substitute </iframe> for </script>.
http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt: Cosmetic change.
http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt: Ditto.
http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt: Ditto.

11:04 AM Changeset in webkit [196875] by dbates@webkit.org

22 edits
16 moves
3 adds
2 deletes in trunk

CSP: report-url directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154307
<rdar://problem/24684817>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy report-uri directive should only be honored when defined via an HTTP header
as per section report-uri of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the report-uri directive when enforcing or monitoring a policy defined either via
an HTML meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Test: http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html

page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive report-uri when
the Content Security Policy came from an HTML meta element.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html and rename and modify
existing tests to make them PHP scripts that emit a Content Security Policy HTTP header.

In addition, remove file http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html that
is no longer meaningful now that we do not honor the report-uri directive defined in a policy via a meta
element. Moreover, we have not made use of this file since <http://trac.webkit.org/changeset/176413>.

TestExpectations: Update entries for renames.
http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
http/tests/security/contentSecurityPolicy/report-and-enforce.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html.
http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
http/tests/security/contentSecurityPolicy/report-blocked-data-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html.
http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
http/tests/security/contentSecurityPolicy/report-blocked-file-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html.
http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html.
http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
http/tests/security/contentSecurityPolicy/report-blocked-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html.
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html.
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html.
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html.
http/tests/security/contentSecurityPolicy/report-only-expected.txt:
http/tests/security/contentSecurityPolicy/report-only.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html.
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html.
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html.
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html.
http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.html.
http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-from-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript.html.
http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored-expected.txt: Added.
http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html: Added.
http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.html: Removed.
http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.php: Added.
http/tests/security/contentSecurityPolicy/report-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html.
http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html: Removed. For completeness, we have

not made use of this file since <http://trac.webkit.org/changeset/176413>.

http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php:
http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html.
platform/wk2/TestExpectations: Update entries for renames.

10:52 AM Changeset in webkit [196874] by dbates@webkit.org

7 edits
2 moves
6 adds
6 deletes in trunk

CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154299
<rdar://problem/24680433>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy sandbox directive should only be honored when enforcing a policy
defined via an HTTP header as per section sandbox of the Content Security Policy 2.0 spec.,
<https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the sandbox directive when enforcing a policy defined either via an HTML
meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php

http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php
http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php
http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html

dom/Document.cpp:

(WebCore::Document::processHttpEquiv): Substitute ContentSecurityPolicy::processHTTPEquiv() for
ContentSecurityPolicy::didReceiveHeader() as the latter was made private.

page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::copyStateFrom): Updated as needed based on ContentSecurityPolicy::didReceiveHeader() change below.
(WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
(WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
and pass it through to ContentSecurityPolicyDirectiveList::create().
(WebCore::ContentSecurityPolicy::reportInvalidDirectiveInHTTPEquivMeta): Logs a message to the Web Inspector console
that the specified directive was ignored because it was delivered via an HTML meta element.

page/csp/ContentSecurityPolicy.h: Made member function ContentSecurityPolicy::didReceiveHeader() private. Defined

enum class PolicyFrom to represent the source of the Content Security Policy: HTTP equiv meta element, HTTP header, or
inherited from another ContentSecurityPolicy object (this value is only used by ContentSecurityPolicy::copyStateFrom()).
(WebCore::ContentSecurityPolicy::processHTTPEquiv): Added; turns around and calls ContentSecurityPolicy::didReceiveHeader().
The name of this function better describes its purpose - to handle the processing of a Content Security Policy
delivered via <meta http-equiv="Content-Security-Policy" content="...">.

page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::create): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
as pass it through to ContentSecurityPolicyDirectiveList::parse().
(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive sandbox when the Content Security
Policy came from an HTML meta element.

page/csp/ContentSecurityPolicyDirectiveList.h:

LayoutTests:

Add test http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html to ensure that we ignore
the sandbox directive when delivered via an HTML meta element and log a message to the Web Inspector console.

Remove tests http/tests/security/contentSecurityPolicy/sandbox-{allow-scripts-subframe, empty, empty-subframe}.html
that are no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element and
create analogous tests for when the sandbox directive is delivered via an HTTP header.

http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2-expected.txt: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-expected.txt.
http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html.

http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe-expected.txt: Removed.
http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html: Removed.

This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
An analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicysandbox-allow-scripts-in-http-header.html.

http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe-expected.txt: Added.
http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html.

http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-expected.txt: Added.
http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty.html.

http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt: Removed.
http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html: Removed.

This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
The analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php.

http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt: Removed.
http/tests/security/contentSecurityPolicy/sandbox-empty.html: Removed.

http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored-expected.txt: Added.
http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html: Added.

10:43 AM Changeset in webkit [196873] by ggaren@apple.com

11 edits in trunk/Source/bmalloc

bmalloc: Don't use a whole page for metadata
https://bugs.webkit.org/show_bug.cgi?id=154510

Reviewed by Andreas Kling.

(1) Don't round up metadata to a page boundary. This saves 1.5% dirty
memory on iOS and 0.2% on Mac. It also enables a future patch to allocate
smaller chunks without wasting memory.

(2) Initialize metadata lazily. This saves dirty memory when the program
allocates primarily small or large objects (but not both), leaving some
metadata uninitialized.

bmalloc.xcodeproj/project.pbxproj: Medium objects are gone now.

bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::refill): Added an ASSERT to help debug a bug
I cause while working on this patch.

bmalloc/Heap.cpp:

(bmalloc::Heap::allocateSmallBumpRanges): Ditto.

(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::allocateLarge): Updated for interface change.

bmalloc/LargeChunk.h: Changed the boundaryTagCount calculation to

a static_assert.

Don't round up to page boundary. (See above.)

(bmalloc::LargeChunk::LargeChunk): Moved code here from LargeChunk::init.
A constructor is a more natural / automatic way to do this initialization.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::init): Deleted. Moved to LargeChunk.

bmalloc/Sizes.h: Chagned largeChunkMetadataSize to a simpler constant

because metadata size no longer varies by page size.

bmalloc/SmallChunk.h:

(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages): Use std::array to make begin/end
calculations easier.

(bmalloc::SmallChunk::SmallChunk): Treat our metadata like a series
of allocated objects. We used to avoid trampling our metadata by
starting object memory at the next page. Now we share the first page
between metadata and objects, and we account for metadata explicitly.

bmalloc/SuperChunk.h:

(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::create): Deleted. Don't eagerly run the SmallChunk
and LargeChunk constructors. We'll run them lazily as needed.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateSmallChunk):
(bmalloc::VMHeap::allocateLargeChunk):
(bmalloc::VMHeap::allocateSuperChunk):
(bmalloc::VMHeap::grow): Deleted. Track small and large chunks explicitly
so we can initialize them lazily.

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateLargeObject): Specify whether we're allocating
a small or large chunk since we don't allocate both at once anymore.

10:18 AM Changeset in webkit [196872] by commit-queue@webkit.org

7 edits
2 deletes in trunk

Unreviewed, rolling out r196866.
https://bugs.webkit.org/show_bug.cgi?id=154515

still crashy on EFL/GTK (Requested by smfr on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196866

Feb 20, 2016:

10:14 PM Changeset in webkit [196871] by mark.lam@apple.com

4 edits in trunk/Source

Use of inlined asm statements causes problems for -std=c99 builds.
https://bugs.webkit.org/show_bug.cgi?id=154507

Reviewed by Dan Bernstein.

Source/bmalloc:

bmalloc/BAssert.h:

Source/WTF:

WTF's Assertions.h may inadvertantly get included by other projects that are built
with -std=c99. The use of the inlined asm statements with the keyword "asm" is
not recognized when the -std compiler flag is used.

https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html says "When writing code that
can be compiled with -ansi and the various -std options, use asm instead of
asm (see Alternate Keywords)."

So, to be a good citizen, we can change the use of "asm" in CRASH() to "asm"
so that we don't break the build of such other projects.

wtf/Assertions.h:

5:54 PM Changeset in webkit [196870] by rniwa@webkit.org

3 edits in trunk/Websites/perf.webkit.org

Add the support for universal slave password
https://bugs.webkit.org/show_bug.cgi?id=154476

Reviewed by David Kilzer.

Added the support for universalSlavePassword.

config.json:
public/include/report-processor.php:

(ReportProcessor::process):
(ReportProcessor::authenticate_and_construct_build_data): Extracted from process().

4:17 PM Changeset in webkit [196869] by commit-queue@webkit.org

5 edits in trunk/Source/WebInspectorUI

Web Inspector: Opacity slider thumb sometimes goes past the bar in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154497

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

Since WebInspector.Slider uses CSS transforms to move the slider knob
along the track, if the width of the track changes then the position
of the knob would stay the same since it was translated instead of
adjusting its position relative to the new width.

UserInterface/Views/Slider.js:

(WebInspector.Slider.prototype.recalculateKnobX):
Resets the maxX value to 0 to ensure that a new maxX is calculated with
the current width.

UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:

(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth): Deleted.
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.recalculateWidth):

UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype.widthDidChange):
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateDisplaySection):

UserInterface/Views/VisualStyleUnitSlider.js:

(WebInspector.VisualStyleUnitSlider.prototype.recalculateWidth):

3:51 PM Changeset in webkit [196868] by sbarati@apple.com

14 edits
1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.Construct?
https://bugs.webkit.org/show_bug.cgi?id=154440

Reviewed by Oliver Hunt.

This patch is mostly an implementation of
Proxy.Construct? with respect to section 9.5.13
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-construct-argumentslist-newtarget

This patch also changes op_create_this to accept new.target's
that aren't JSFunctions. This is necessary implementing Proxy.Construct?
because we might construct a JSFunction with a new.target being
a Proxy. This will also be needed when we implement Reflect.construct.

dfg/DFGOperations.cpp:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::ProxyObject::visitChildren):
(JSC::performProxyConstruct):
(JSC::ProxyObject::getConstructData):

runtime/ProxyObject.h:
tests/es6.yaml:
tests/stress/proxy-construct.js: Added.

(assert):
(throw.new.Error.let.target):
(throw.new.Error):
(assert.let.target):
(assert.let.handler.get construct):
(let.target):
(let.handler.construct):
(i.catch):
(assert.let.handler.construct):
(assert.let.construct):
(assert.else.assert.let.target):
(assert.else.assert.let.construct):
(assert.else.assert):
(new.proxy.let.target):
(new.proxy.let.construct):
(new.proxy):

2:47 PM Changeset in webkit [196867] by commit-queue@webkit.org

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Visual Styles: Modifying background expands Font section
https://bugs.webkit.org/show_bug.cgi?id=154491
<rdar://problem/24755440>

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

When the user selects a new style, the Visual sidebar examines the property
editors in each subsection to see if any have a value and expands/collapses
the subsection accordingly. This issue was happening because that logic was
also being triggered when the user didn't select a new style, which is
controlled by DOMNodeStyles and the significantChange value in refresh().

UserInterface/Base/Utilities.js:

(String.prototype.toCamelCase):
Added utility function to transform a string into a camel-cased version.

UserInterface/Models/DOMNodeStyles.js:

(WebInspector.DOMNodeStyles.prototype.refresh.fetchedComputedStyle):
Dropped unused variable and added checks to make sure doubly-matching styles
don't count as a significant change and cause refreshes of the styles sidebar.

UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype._updateSections):
If this function has an event, meaning it was triggered by a newly selected
selector in the selector section, loop through each subsection and perform
the logic described above, but instead only to open sections.

(WebInspector.VisualStyleDetailsPanel.prototype._generateSection.replaceDashWithCapital): Deleted.
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
Removed logic that was already being called by _sectionModified().

1:21 PM Changeset in webkit [196866] by Simon Fraser

7 edits
2 adds in trunk

Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.

Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

The new test triggered a cross-load side-effect, where wheel event filtering wasn't
reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
which resets the filtering.

Test: fast/events/wheel-event-destroys-frame.html

page/EventHandler.cpp:

(WebCore::EventHandler::clear):
(WebCore::EventHandler::clearLatchedState):

page/Frame.cpp:

(WebCore::Frame::setView): If the view doesn't change (e.g. was and is null)
don't bother clearing the event handler; should avoid EventHandler::clearLatchedState()
from accessing a deleted MainFrame.

page/WheelEventDeltaFilter.cpp:

(WebCore::WheelEventDeltaFilter::filteredDelta):

page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::platformCompleteWheelEvent):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

LayoutTests:

fast/events/wheel-event-destroys-frame-expected.txt: Added.
fast/events/wheel-event-destroys-frame.html: Added.

11:51 AM Changeset in webkit [196865] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline inspector/model/remote-object.html for Mac after r196846

Unreviewed test gardening.

platform/mac/inspector/model/remote-object-expected.txt:

10:29 AM Changeset in webkit [196864] by Antti Koivisto

7 edits in trunk/Source/WebCore

Resolve style iteratively
https://bugs.webkit.org/show_bug.cgi?id=154355

Reviewed by Andreas Kling.

Instead of a set of recursive functions use ComposedTreeIterator for traversing the DOM
tree in composed tree order.

This, along with maintaining explicit parent stack makes style resolve code more tractable
for future work.

It also makes the ComposedTreeIterator the definite authority for the shape of the composed tree
instead of duplicating it as a set of recursive style resolve functions. This eliminates
a significant source of bugs and confusion.

The render tree building code path remains recursive for now.

css/StyleInvalidationAnalysis.cpp:

(WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):

Invalidate the host element instead of the shadow root. This reduces need for special handling for shadow roots.

dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::dropAssertions):

Add support for dropping DOM mutation assertions.

(WebCore::ComposedTreeIterator::traverseShadowRoot):

dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):

dom/PseudoElement.h:
style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::TreeResolver::Scope::Scope):
(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::resetStyleForNonRenderedDescendants):
(WebCore::Style::pseudoStyleCacheIsInvalid):
(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::resolveTextNode):
(WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::TreeResolver::popParent):
(WebCore::Style::TreeResolver::popParentsToDepth):

Maintain explicit parent stack.

(WebCore::Style::TreeResolver::resolveComposedTree):

The main loop that iterates over the composed tree and computes style for dirty elements.

(WebCore::Style::TreeResolver::resolve):
(WebCore::Style::detachRenderTree):
(WebCore::Style::TreeResolver::resolveLocally): Deleted.
(WebCore::Style::TreeResolver::resolveChildAtShadowBoundary): Deleted.
(WebCore::Style::TreeResolver::resolveShadowTree): Deleted.
(WebCore::Style::TreeResolver::resolveChildren): Deleted.
(WebCore::Style::TreeResolver::resolveSlotAssignees): Deleted.
(WebCore::Style::TreeResolver::resolveRecursively): Deleted.

Recursive functions go away.

style/StyleTreeResolver.h:

(WebCore::Style::TreeResolver::scope):
(WebCore::Style::TreeResolver::parent):

10:16 AM Changeset in webkit [196863] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Text Align segmented control blinks while editing other properties in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154487
<rdar://problem/24754703>

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

The icon list property editor blinking issue was caused by the fact that
the selected value was toggled on/off each time the value was set on the
editor. In order to prevent this, the logic for the setter value() was
modified to just match a keyword icon to the given value and select it.

UserInterface/Views/VisualStyleKeywordIconList.js:

(WebInspector.VisualStyleKeywordIconList.prototype.set value):
(WebInspector.VisualStyleKeywordIconList.prototype._handleKeywordChanged):

9:02 AM Changeset in webkit [196862] by akling@apple.com

2 edits in trunk/Source/WebCore

REGRESSION(r196780): Fake memory handler takes too long to run now.

Unreviewed bot fix.

Put the footprint comparison code behind a compile-time flag for now.
It's taking too long to run on bots, and memory is getting measured
before all the pressure relief code has a chance to run.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::install):

8:42 AM Changeset in webkit [196861] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Do not require UDate in LocaleICU with !ENABLE_DATE_AND_TIME_INPUT_TYPES
https://bugs.webkit.org/show_bug.cgi?id=154483

Patch by Olivier Blin <Olivier Blin> on 2016-02-20
Reviewed by Michael Catanzaro.

Put initializeShortDateFormat(), dateFormat(), m_shortDateFormat and
m_didCreateShortDateFormat under flag, since they are only used by
code under the ENABLE_DATE_AND_TIME_INPUT_TYPES flag.

This helps to build with a light ICU that does not provide UDate
features (with UCONFIG_NO_FORMATTING).

platform/text/LocaleICU.cpp:

(WebCore::LocaleICU::LocaleICU):
(WebCore::LocaleICU::~LocaleICU):
(WebCore::createFallbackMonthLabels): Deleted.
(WebCore::createFallbackAMPMLabels): Deleted.

platform/text/LocaleICU.h:

8:31 AM Changeset in webkit [196860] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Remove declaration of unimplemented methods in LocaleICU
https://bugs.webkit.org/show_bug.cgi?id=154482

Patch by Olivier Blin <Olivier Blin> on 2016-02-20
Reviewed by Michael Catanzaro.

detectSignAndGetDigitRange() and matchedDecimalSymbolIndex() are
implemented in PlatformLocale, not LocaleICU.

They were moved out from LocaleICU to NumberLocalizer in r124459
(2012), which has then been renamed as Localizer, then Locale, and
finally PlatformLocale.

platform/text/LocaleICU.h:

8:30 AM Changeset in webkit [196859] by commit-queue@webkit.org

4 edits in trunk

[cmake] Use ICU include dirs in WebKit2 and WebKitTestRunner
https://bugs.webkit.org/show_bug.cgi?id=154479

Patch by Olivier Blin <Olivier Blin> on 2016-02-20
Reviewed by Michael Catanzaro.

Source/WebKit2:

CMakeLists.txt:

Tools:

WebKitTestRunner/CMakeLists.txt:

3:01 AM Changeset in webkit [196858] by commit-queue@webkit.org

6 edits
2 deletes in trunk

Unreviewed, rolling out r196837.
https://bugs.webkit.org/show_bug.cgi?id=154495

It caused a lot of crashes in EFL and GTK bots (Requested by
KaL on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196837

12:40 AM Changeset in webkit [196857] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Placeholder text in Visual Styles sidebar table row should be white
https://bugs.webkit.org/show_bug.cgi?id=154488
<rdar://problem/24754715>

Reviewed by Timothy Hatcher.

UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:

(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):

Feb 19, 2016:

10:31 PM Changeset in webkit [196856] by jh718.park@samsung.com

2 edits in trunk/Source/bmalloc

Unreviewed. Fix debug build error since r196847

Fix gcc build warning appeared as below
by removing BASSERT(refCount <= maxRefCount).
error: comparison is always true due to limited range of data type
[-Werror=type-limits]

bmalloc/SmallLine.h:

(bmalloc::SmallLine::ref): Deleted.

9:51 PM Changeset in webkit [196855] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Inherited selector rows have text too low
https://bugs.webkit.org/show_bug.cgi?id=154489
<rdar://problem/24754774>

Reviewed by Timothy Hatcher.

UserInterface/Views/VisualStyleSelectorSection.css:

(.details-section.visual-style-selector-section > .content > .selectors > .selector-list > .section-divider):

8:41 PM Changeset in webkit [196854] by Chris Dumez

5 edits in trunk/Source/WebCore

Land release assertions to help track down a possible HTMLCollection lifetime bug
https://bugs.webkit.org/show_bug.cgi?id=154490

Reviewed by Ryosuke Niwa.

Land release assertions to help track down a possible HTMLCollection
lifetime bug: <rdar://problem/24457478>.

bindings/js/JSHTMLCollectionCustom.cpp:

(WebCore::JSHTMLCollection::getOwnPropertyNames):

html/HTMLCollection.cpp:

(WebCore::HTMLCollection::HTMLCollection):
(WebCore::HTMLCollection::~HTMLCollection):

html/HTMLCollection.h:

(WebCore::HTMLCollection::wasDeletionStarted):

html/HTMLCollection.idl:

8:17 PM Changeset in webkit [196853] by commit-queue@webkit.org

3 edits
2 adds in trunk

Source/WebCore:
Bug 154366 - AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for equivalent visibly equivalent positions
https://bugs.webkit.org/show_bug.cgi?id=154366

Patch by Doug Russell <d_russell@apple.com> on 2016-02-19
Reviewed by Chris Fleizach.

Test: accessibility/mac/text-marker-line-boundary.html

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::visiblePositionForTextMarkerData):

LayoutTests:
Bug 154366: AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for visibly equivalent positions
https://bugs.webkit.org/show_bug.cgi?id=154366

Patch by Doug Russell <d_russell@apple.com> on 2016-02-19
Reviewed by Chris Fleizach.

accessibility/mac/text-marker-line-boundary-expected.txt: Added.
accessibility/mac/text-marker-line-boundary.html: Added.

7:24 PM Changeset in webkit [196852] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Color picker in Visual Styles sidebar should not default to zero alpha
https://bugs.webkit.org/show_bug.cgi?id=154474
<rdar://problem/24750217>

Patch by Devin Rousso <Devin Rousso> on 2016-02-19
Reviewed by Timothy Hatcher.

UserInterface/Views/InlineSwatch.js:

(WebInspector.InlineSwatch.prototype._fallbackValue):
Changed the fallback value for color from transparent to white so that
the color picker starts out with an alpha value of 1.

(WebInspector.InlineSwatch.prototype._handleContextMenuEvent):
Prevents context menu events from having an effect if there is no value
for them to modify.

6:47 PM Changeset in webkit [196851] by Simon Fraser

3 edits in trunk/Source/WebCore

Use more concrete types for parsing positions
https://bugs.webkit.org/show_bug.cgi?id=154481

Reviewed by Dean Jackson.

Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
the need to downcast<> the values returned by the parsing functions.

css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parsePositionX):
(WebCore::CSSParser::parsePositionY):
(WebCore::CSSParser::parse4ValuesFillPosition):
(WebCore::CSSParser::parse3ValuesFillPosition):
(WebCore::CSSParser::parseFillPosition):
(WebCore::CSSParser::parse2ValuesFillPosition):
(WebCore::CSSParser::parseFillProperty):
(WebCore::CSSParser::parseTransformOriginShorthand):
(WebCore::CSSParser::parseBasicShapeCircle):
(WebCore::CSSParser::parseBasicShapeEllipse):
(WebCore::CSSParser::parseDeprecatedRadialGradient):
(WebCore::CSSParser::parseRadialGradient):
(WebCore::CSSParser::parseTransformOrigin):
(WebCore::CSSParser::parsePerspectiveOrigin):

css/CSSParser.h:

5:58 PM Changeset in webkit [196850] by Sukolsak Sakshuwong

10 edits in trunk

[INTL] Implement Number Format Functions
https://bugs.webkit.org/show_bug.cgi?id=147605

Reviewed by Darin Adler.

Source/JavaScriptCore:

This patch implements Intl.NumberFormat.prototype.format() according
to the ECMAScript 2015 Internationalization API spec (ECMA-402 2nd edition.)

runtime/IntlNumberFormat.cpp:

(JSC::IntlNumberFormat::UNumberFormatDeleter::operator()):
(JSC::IntlNumberFormat::initializeNumberFormat):
(JSC::IntlNumberFormat::createNumberFormat):
(JSC::IntlNumberFormat::formatNumber):
(JSC::IntlNumberFormatFuncFormatNumber): Deleted.

runtime/IntlNumberFormat.h:
runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatFuncFormatNumber):

LayoutTests:

js/intl-numberformat-expected.txt:
js/intl-numberformat.html:
js/number-toLocaleString-expected.txt:
js/script-tests/intl-numberformat.js:
js/script-tests/number-toLocaleString.js:

5:51 PM Changeset in webkit [196849] by barraclough@apple.com

5 edits
3 adds in trunk

JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
https://bugs.webkit.org/show_bug.cgi?id=154416

Reviewed by Geoff Garen.

Source/JavaScriptCore:

Here's the bug. Suppose you call JSObject::getOwnProperty and -

PropertyName contains an index,
An object on the prototype chain overrides getOwnPropertySlot, and has that index property,
The base of the access (or another object on the prototype chain) shadows that property.

JSObject::getPropertySlot is written assuming the common case is that propertyName is not an
index, and as such walks up the prototype chain looking for non-index properties before it
tries calling parseIndex.

At the point we reach an object on the prototype chain overriding getOwnPropertySlot (which
would potentially return the property) we may have already skipped over non-overriding
objects that contain the property in index storage.

runtime/JSObject.h:

(JSC::JSObject::getOwnNonIndexPropertySlot):

renamed from inlineGetOwnPropertySlot to better describe behaviour; added ASSERT guarding that this method never returns index properties - if it ever does, this is unsafe for getPropertySlot.

(JSC::JSObject::getOwnPropertySlot):

inlineGetOwnPropertySlot -> getOwnNonIndexPropertySlot.

(JSC::JSObject::getPropertySlot):

In case of object overriding getOwnPropertySlot check if propertyName is an index.

(JSC::JSObject::getNonIndexPropertySlot):

called by getPropertySlot if we encounter an object that overrides getOwnPropertySlot, in order to avoid repeated calls to parseIndex.

(JSC::JSObject::inlineGetOwnPropertySlot): Deleted.

this was renamed to getOwnNonIndexPropertySlot.

(JSC::JSObject::fastGetOwnPropertySlot): Deleted.

this was folded back in to getPropertySlot.

Source/WebCore:

testing/Internals.cpp:

(WebCore::Internals::isReadableStreamDisturbed):

fastGetOwnPropertySlot -> getOwnPropertySlot (internal method removed; test shouldn't really have been using this anyway)

LayoutTests:

js/index-property-shadows-overriden-get-own-property-slot-expected.txt: Added.
js/index-property-shadows-overriden-get-own-property-slot.html: Added.
js/script-tests/index-property-shadows-overriden-get-own-property-slot.js: Added.

(test):

added test case.

5:37 PM Changeset in webkit [196848] by BJ Burg

8 edits in trunk/Source/WebKit2

WebAutomationSession should tell its delegate when its remote end disconnects
https://bugs.webkit.org/show_bug.cgi?id=154426
<rdar://problem/24732382>

Reviewed by Timothy Hatcher.

The client might want to free up resources or close spawned windows
if the remote end has disconnected from the automation session.

UIProcess/API/APIAutomationSessionClient.h:

(API::AutomationSessionClient::didDisconnectFromRemote): Added.
(API::AutomationSessionClient::didRequestNewWindow):
Remove WebProcessPool* argument as it is never used.

UIProcess/API/Cocoa/_WKAutomationSession.h:
UIProcess/API/Cocoa/_WKAutomationSession.mm:

(-[_WKAutomationSession isPaired]):
Expose whether the session is paired with a remote end.

UIProcess/API/Cocoa/_WKAutomationSessionDelegate.h: Add method.
UIProcess/Cocoa/AutomationSessionClient.h: Add method.

Remove WebProcessPool* argument as it is never used.

UIProcess/Cocoa/AutomationSessionClient.mm:

(WebKit::AutomationSessionClient::AutomationSessionClient):
(WebKit::AutomationSessionClient::didRequestNewWindow):
(WebKit::AutomationSessionClient::didDisconnectFromRemote):
Add necessary forwarding boilerplate.

UIProcess/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::disconnect): Inform the client.

5:06 PM Changeset in webkit [196847] by ggaren@apple.com

5 edits
3 moves
1 delete in trunk/Source/bmalloc

bmalloc: Chunk, Page, and Line don't need to be class templates
https://bugs.webkit.org/show_bug.cgi?id=154480

Reviewed by Gavin Barraclough.

We needed class templates to distinguish between small and medium,
but medium is gone now.

bmalloc.xcodeproj/project.pbxproj:
bmalloc/Chunk.h: Removed.
bmalloc/Heap.cpp:

(bmalloc::Heap::initializeLineMetadata):
(bmalloc::Heap::allocateSmallBumpRanges):

bmalloc/Heap.h:
bmalloc/Line.h: Removed.
bmalloc/Page.h: Removed.
bmalloc/Sizes.h:
bmalloc/SmallChunk.h: Replaced with Source/bmalloc/bmalloc/Chunk.h.

(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages):
(bmalloc::SmallChunk::get):
(bmalloc::SmallLine::get):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::get):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Chunk::begin): Deleted.
(bmalloc::Chunk::end): Deleted.
(bmalloc::Chunk::lines): Deleted.
(bmalloc::Chunk::pages): Deleted.

bmalloc/SmallLine.h: Replaced with Source/bmalloc/bmalloc/Line.h.

(bmalloc::SmallLine::ref):
(bmalloc::SmallLine::deref):
(bmalloc::Line<Traits>::begin): Deleted.
(bmalloc::Line<Traits>::end): Deleted.
(bmalloc::Line<Traits>::ref): Deleted.
(bmalloc::Line<Traits>::deref): Deleted.

bmalloc/SmallPage.h: Replaced with Source/bmalloc/bmalloc/Page.h.

(bmalloc::SmallPage::hasFreeLines):
(bmalloc::SmallPage::setHasFreeLines):
(bmalloc::SmallPage::ref):
(bmalloc::SmallPage::deref):
(bmalloc::Page::hasFreeLines): Deleted.
(bmalloc::Page::setHasFreeLines): Deleted.
(bmalloc::Page<Traits>::ref): Deleted.
(bmalloc::Page<Traits>::deref): Deleted.

bmalloc/SmallTraits.h: Removed.

4:09 PM Changeset in webkit [196846] by Chris Dumez

11 edits in trunk

HTMLFormElement.autocomplete should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154247
<rdar://problem/24658195>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline a couple of W3C HTML tests now that more checks are passing.

web-platform-tests/html/dom/reflection-forms-expected.txt:
web-platform-tests/html/semantics/forms/the-form-element/form-autocomplete-expected.txt:

Source/WebCore:

Update HTMLFormElement.autocomplete to only return known values:

Also, update HTMLInputElement.autocomplete to fall back to using the form
owner's autocomplete attribute ("on" or "off") when it's autocomplete
attribute is omitted and the input element is wearing the "autofill
expectation mantle" (i.e. the input is not hidden). If there is no
form owner, the "on" value is used instead. This behavior is specified
in:
https://html.spec.whatwg.org/multipage/forms.html#autofilling-form-controls:-the-autocomplete-attribute:attr-fe-autocomplete-7

No new tests, already covered by existing tests.

html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::autocomplete):

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::setAutocomplete):
(WebCore::HTMLFormElement::autocomplete):

html/HTMLFormElement.h:
html/HTMLFormElement.idl:

LayoutTests:

Update test to expect Form.autocomplete to return "on" by
default instead of the empty string.

fast/forms/autocomplete-expected.txt:
fast/forms/autocomplete.html:

4:03 PM Changeset in webkit [196845] by ggaren@apple.com

19 edits
4 deletes in trunk/Source/bmalloc

bmalloc: Remove the concept of medium objects
https://bugs.webkit.org/show_bug.cgi?id=154436

Reviewed by Sam Weinig.

There's no need to distinguish medium objects from small: Small object
metadata works naturally for both as long as we allow an object to
span more than two small lines. (We already allow an object to span
more than one small line.)

This change reduces memory use because it eliminates the 1kB line size,
so we don't have to hold down 1kB lines for individual 264+ byte objects.

1kB lines were always a bit of a compromise. The main point of bump
allocation is to take advantage of cache lines. Cache lines are usually
64 bytes, so line sizes above 256 bytes are a bit of a stretch.

This change speeds up small object benchmarks because it eliminates the
branch to detect medium objects in deallocation log processing.

This change reduces virtual memory use from worst cast 4X to worst case
2X because the medium chunk is gone. iOS cares about virtual memory use
and terminates apps above ~1GB, so this change gives us more breathing room.

This change slows down medium benchmarks a bit because we end up doing
more work to recycle fragmented medium objects. Overall, the tradeoff
seems justified, since we have a net speedup and a memory use savings.

bmalloc.xcodeproj/project.pbxproj: Removed all the medium files. We

can simplify even further in a follow-up patch, removing the base class
templates for Chunk, Page, and Line as well.

bmalloc/Allocator.cpp:

(bmalloc::Allocator::Allocator):
(bmalloc::Allocator::allocate):
(bmalloc::Allocator::reallocate):
(bmalloc::Allocator::scavenge):
(bmalloc::Allocator::refillAllocatorSlowCase):
(bmalloc::Allocator::refillAllocator):
(bmalloc::Allocator::allocateSlowCase): Medium is gone. Small max is the
new medium max.

bmalloc/Allocator.h:

(bmalloc::Allocator::allocateFastCase): Ditto.

bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::validate):
(bmalloc::BumpAllocator::allocate): No more medium.

bmalloc/Chunk.h: No more medium.

bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::processObjectLog): No check for medium. This is
a speedup.

(bmalloc::Deallocator::deallocateSlowCase): No more medium.

bmalloc/Deallocator.h:

(bmalloc::Deallocator::deallocateFastCase): Ditto.

bmalloc/Heap.cpp:

(bmalloc::Heap::initializeLineMetadata): The algorithm here changed from
iterating each line to iterating each object. This helps us accomodate
objects that might span more than two lines -- i.e., all objects between
(512 bytes, 1024 bytes].

(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Medium is gone.

(bmalloc::Heap::allocateSmallBumpRanges): Allow for lines that allocate
zero objects. This happens when an object spans more than two lines --
the middle lines allocate zero objects.

Also set the "has free lines" bit to false if we consume the last free
line. This needs to be a bit now because not all pages agree on their
maximum refcount anymore, so we need an explicit signal for the transition
from maximum to maximum - 1.

(bmalloc::Heap::allocateSmallPage): This code didn't change; I just removed
the medium code.

(bmalloc::Heap::deallocateSmallLine): Changed the algorithm to check
hasFreeLines. See allocateSmallBumpRanges.

(bmalloc::Heap::scavengeMediumPages): Deleted.
(bmalloc::Heap::allocateMediumBumpRanges): Deleted.
(bmalloc::Heap::allocateMediumPage): Deleted.
(bmalloc::Heap::deallocateMediumLine): Deleted.

bmalloc/Heap.h:

(bmalloc::Heap::derefMediumLine): Deleted.

bmalloc/LargeChunk.h:

(bmalloc::LargeChunk::get):
(bmalloc::LargeChunk::endTag):

bmalloc/Line.h: No more medium.

bmalloc/MediumChunk.h: Removed.
bmalloc/MediumLine.h: Removed.
bmalloc/MediumPage.h: Removed.
bmalloc/MediumTraits.h: Removed.

bmalloc/ObjectType.cpp:

(bmalloc::objectType):

bmalloc/ObjectType.h:

(bmalloc::isSmall):
(bmalloc::isXLarge):
(bmalloc::isSmallOrMedium): Deleted.
(bmalloc::isMedium): Deleted. No more medium.

bmalloc/Page.h:

(bmalloc::Page::sizeClass):
(bmalloc::Page::setSizeClass):
(bmalloc::Page::hasFreeLines):
(bmalloc::Page::setHasFreeLines): Add the free lines bit. You get better
codegen if you make it the low bit, since ref / deref can then add / sub

So do that.

bmalloc/Sizes.h:

(bmalloc::Sizes::sizeClass): Expand the small size class to include the
medium size class.

bmalloc/SuperChunk.h:

(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::mediumChunk): Deleted. No more medium.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage): Set the has free lines bit before
returning a Page to the Heap since this is the correct default state
when we first allocate a page.

(bmalloc::VMHeap::allocateMediumPage): Deleted.
(bmalloc::VMHeap::deallocateMediumPage): Deleted.

4:01 PM Changeset in webkit [196844] by commit-queue@webkit.org

2 edits in trunk/Tools

[GTK] Fixed link error when G_DEFINE_AUTOPTR_CLEANUP_FUNC is not defined.
https://bugs.webkit.org/show_bug.cgi?id=154467

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-19
Reviewed by Michael Catanzaro.

TestWebKitAPI/Tests/WebKit2Gtk/TestAutocleanups.cpp:

(beforeAll):
(afterAll):

3:56 PM Changeset in webkit [196843] by Matt Baker

3 edits in trunk/Source/WebInspectorUI

Web Inspector: CSS var() function should be syntax highlighted
https://bugs.webkit.org/show_bug.cgi?id=154406
<rdar://problem/24726136>

Reviewed by Timothy Hatcher.

UserInterface/Models/CSSCompletions.js:

Added "var" to CodeMirror value keywords for syntax highlighting.

UserInterface/Models/CSSKeywordCompletions.js:

(WebInspector.CSSKeywordCompletions.forProperty):
Added "var" to accepted keywords for auto-completion.

3:33 PM Changeset in webkit [196842] by matthew_hanson@apple.com

2 edits in branches/safari-601-branch/LayoutTests

Rebaseline js/dom/global-constructors-attributes expectation for Mavericks. rdar://problem/24748489

platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:

Account for HTMLPictureElement support.

3:28 PM Changeset in webkit [196841] by matthew_hanson@apple.com

3 edits in branches/safari-601-branch/LayoutTests

Skip inspector/css/modify-rule-selector.html. rdar://problem/24748351

This test relies on TestPage infrastructure which is not present on the branch.

TestExpectations:

Skip inspector/css/modify-rule-selector.html

platform/mac-wk2/TestExpectations:

Remove expectation for inspector/css/modify-rule-selector.html

3:27 PM Changeset in webkit [196840] by msaboff@apple.com

13 edits
1 move in trunk/Source/bmalloc

bmalloc: Unify VMHeap and Heap LargeObjects free lists to reduce fragmentation
https://bugs.webkit.org/show_bug.cgi?id=154192

Reviewed by Geoffrey Garen.

Change the operation of Heap and VMHeap LargeObject free lists.
Renamed Owner to VMState to track the state of each LargeObject.

Physical - The pages have been allocated.
Virtual - The pages have not been allocated.
Mixed - The object contains a mixture of Physical and Virtual pages.

VMState uses one bit each for Physical and Virtual to simplify merging states
when merging two adjacent blocks. This change enforces the rule that objects in
the Heap free list must have have the Physical bit set in their VMState while objects
in the VMHeap free list must have the Physical bit clear. Thie means that the Heap
can have LargeObjects in Physical or Mixed VMState, but the VMHeap's free list can
only contain Virtual LargeObjects.

In both Heap::allocateLarge(), we now allocate physical pages if the LargeObject we
pull from the free list has any Virtual pages before we possilby split the
object. When we merge objects, the result might be made up of Mixed page allocations.
When allocating a Mixed LargeObject, we need to allocate memory for them as well.
The scavenger deallocates both Physical and Mixed LargeObjects, placing them back into
the VMHeap's free list.

When we allocate or deallocate Mixed LargeObjects, there are pages that within these
objects that will be redundantly modified. It would require additional metadata to
eliminate this redundancy.

bmalloc.xcodeproj/project.pbxproj:
bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::vmState): New helper.
(bmalloc::BoundaryTag::setVMState): New helper.
(bmalloc::BoundaryTag::owner): Deleted.
(bmalloc::BoundaryTag::setOwner): Deleted.

bmalloc/Heap.h:

(bmalloc::Heap::splitAndAllocate): New helpers.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::vmState): New helper.
(bmalloc::LargeObject::setVMState): New helper.

bmalloc/Heap.cpp:

(bmalloc::Heap::splitAndAllocate): New helpers.
(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::deallocatePhysicalPages): Refactored from VMHeap::deallocateLargeObjectMemory.

bmalloc/FreeList.cpp:

(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):

bmalloc/FreeList.h:

(bmalloc::FreeList::FreeList):
(bmalloc::FreeList::push):

bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):
(bmalloc::Heap::scavengeLargeObjects):

bmalloc/LargeObject.h:

(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::validateSelf):

bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList): Changed to initialize our required Physical state.

bmalloc/SegregatedFreeList.h:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):
Replaced Owner parameters and checks with VMState::HasPhysical.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::prevCanMerge): Removed owner from tests.
(bmalloc::LargeObject::nextCanMerge): Removed owner from tests.
(bmalloc::LargeObject::merge): Removed owner from tests. Updated to merge VMStates andset the
VMState after the merge.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::owner): Deleted.
(bmalloc::LargeObject::setOwner): Deleted.

bmalloc/Owner.h: Removed.

bmalloc/VMAllocate.h:

(bmalloc::vmAllocatePhysicalPagesSloppy): Changed to round begin down to eliminate the left to right
allocation constraint.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow): Large space managed like small or medium as a vector of LargeChunks.
(bmalloc::VMHeap::VMHeap): Changed to initialize our required Physical state.

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeObject): These no longer allocate memory.
(bmalloc::VMHeap::deallocateLargeObject): Removed setOwner. Now we set the VMState after any merges.

bmalloc/VMState.h: Copied from Source/bmalloc/bmalloc/Owner.h.

(bmalloc::VMState::VMState):
(bmalloc::VMState::hasPhysical):
(bmalloc::VMState::hasVirtual):
(bmalloc::VMState::merge):
(bmalloc::VMState::operator ==):
(bmalloc::VMState::operator unsigned):
New class with various helpers.

3:24 PM Changeset in webkit [196839] by Chris Dumez

2 edits in trunk/Source/WebCore

Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack
https://bugs.webkit.org/show_bug.cgi?id=154477

Reviewed by Ryosuke Niwa.

Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack to
restore bounds checking.

Andreas already dropped in on ElementDescendantIterator::m_ancestorSiblingStack in
r178253 but did not update the "Const" counterpart.

dom/ElementDescendantIterator.h:

3:03 PM Changeset in webkit [196838] by matthew_hanson@apple.com

2 edits in branches/safari-601-branch/LayoutTests

Remove extraneous '-' from parse-filter-image test expectation. rdar://problem/24743218

2:59 PM Changeset in webkit [196837] by Simon Fraser

6 edits
2 adds in trunk

Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.

Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

The new test triggered a cross-load side-effect, where wheel event filtering wasn't
reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
which resets the filtering.

Test: fast/events/wheel-event-destroys-frame.html

page/EventHandler.cpp:

(WebCore::EventHandler::clear):

page/WheelEventDeltaFilter.cpp:

(WebCore::WheelEventDeltaFilter::filteredDelta):

page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::platformCompleteWheelEvent):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

LayoutTests:

fast/events/wheel-event-destroys-frame-expected.txt: Added.
fast/events/wheel-event-destroys-frame.html: Added.

2:56 PM Changeset in webkit [196836] by sbarati@apple.com

4 edits
1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.Call?
https://bugs.webkit.org/show_bug.cgi?id=154425

Reviewed by Mark Lam.

This patch is a straight forward implementation of
Proxy.Call? with respect to section 9.5.12
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-call-thisargument-argumentslist

runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::performProxyCall):
(JSC::ProxyObject::getCallData):
(JSC::ProxyObject::visitChildren):

runtime/ProxyObject.h:

(JSC::ProxyObject::create):

tests/es6.yaml:
tests/stress/proxy-call.js: Added.

(assert):
(throw.new.Error.let.target):
(throw.new.Error.let.handler.apply):
(throw.new.Error):
(assert.let.target):
(assert.let.handler.get apply):
(let.target):
(let.handler.apply):
(i.catch):
(assert.let.handler.apply):

2:28 PM Changeset in webkit [196835] by mmaxfield@apple.com

2 edits in trunk/Source/WebCore

[Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
https://bugs.webkit.org/show_bug.cgi?id=154465

Reviewed by Alex Christensen.

We should re-use the existing converted data if it exists.

Covered by existing tests.

css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::font):

2:15 PM Changeset in webkit [196834] by Beth Dakin

5 edits in trunk/Source/WebKit2

Enhance EditorState to include TypingAttributes, alignment, and color
https://bugs.webkit.org/show_bug.cgi?id=154424

Reviewed by Dean Jackson and Sam Weinig.

TypingAttributes is already available for iOS and GTK. This patch hooks
that up on Mac as well, and it moves the calculation of that to the shared
file since there is no reason for this to be written in an iOS-only way. This
patch also adds textColor and textAlignment to EditorState, and since those
are not technically platform-specific either, they are also calculated in the
shared editorState() function.

Shared/EditorState.cpp:

(WebKit::EditorState::PostLayoutData::encode):
(WebKit::EditorState::PostLayoutData::decode):

Shared/EditorState.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::editorState):

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::platformEditorState):

1:49 PM Changeset in webkit [196833] by Antti Koivisto

7 edits
2 adds in trunk

ComposedTreeIterator traverses normal children for elements with empty shadow root
https://bugs.webkit.org/show_bug.cgi?id=154464

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-basic.html

dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::traverseShadowRoot):

If the shadow root is empty continue by skipping the real children.

(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::composedTreeAsText):
(WebCore::ComposedTreeIterator::pushContext): Deleted.

dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::composedTreeChildren):

testing/Internals.cpp:

(WebCore::Internals::composedTreeAsText):

Testing support.

testing/Internals.h:
testing/Internals.idl:

LayoutTests:

fast/shadow-dom/composed-tree-basic-expected.txt: Added.
fast/shadow-dom/composed-tree-basic.html: Added.

1:12 PM Changeset in webkit [196832] by rniwa@webkit.org

3 edits in trunk/Websites/perf.webkit.org

Analysis tasks page complains about missing repository but with a wrong name
https://bugs.webkit.org/show_bug.cgi?id=154468

Reviewed by Chris Dumez.

Fixed the bug by using the right variable in the template literal.

public/v3/components/customizable-test-group-form.js:

(CustomizableTestGroupForm.prototype._computeRootSetMap): Use querySelector here since Chrome doesn't have
getElementsByClassName on ShadowRoot.

public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage.prototype._createTestGroupAfterVerifyingRootSetList): Use name which is the name of
repository here.

1:04 PM Changeset in webkit [196831] by jer.noble@apple.com

5 edits in trunk/Source/WebCore

Adopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCoreNSURLSession
https://bugs.webkit.org/show_bug.cgi?id=154466

Reviewed by Alex Christensen.

Adopt the new shouldCacheResponse() callback so that byte-range
requests generated by WebCoreNSURLSession are not cached.

loader/MediaResourceLoader.cpp:

(WebCore::MediaResource::shouldCacheResponse):

loader/MediaResourceLoader.h:
platform/graphics/PlatformMediaResourceLoader.h:

(WebCore::PlatformMediaResourceClient::shouldCacheResponse):

platform/network/cocoa/WebCoreNSURLSession.mm:

(-[WebCoreNSURLSession downloadTaskWithRequest:]):
(-[WebCoreNSURLSession streamTaskWithHostName:port:]):
(-[WebCoreNSURLSession streamTaskWithNetService:]):
(-[WebCoreNSURLSessionDataTask _timingData]):
(-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):

1:02 PM Changeset in webkit [196830] by Chris Dumez

4 edits in trunk/LayoutTests

Re-sync W3C web-platform-tests' html/dom/interfaces.html
https://bugs.webkit.org/show_bug.cgi?id=154463

Reviewed by Ryosuke Niwa.

Re-sync W3C web-platform-tests' html/dom/interfaces.html after:

https://github.com/w3c/web-platform-tests/pull/2588

web-platform-tests/html/dom/interfaces-expected.txt:
web-platform-tests/html/dom/interfaces.html:

12:14 PM Changeset in webkit [196829] by bshafiei@apple.com

5 edits in tags/Safari-602.1.19.1/Source

Versioning.

12:12 PM Changeset in webkit [196828] by bshafiei@apple.com

1 copy in tags/Safari-602.1.19.1

New tag.

11:46 AM Changeset in webkit [196827] by jer.noble@apple.com

5 edits in trunk/Source/WebCore

[Mac] CORS-compliant videos throw security errors when painting to Canvas
https://bugs.webkit.org/show_bug.cgi?id=154188
<rdar://problem/22959556>

Reviewed by Alex Christensen.

Pass the CORS access check results from WebCoreNSURLSession to it's client,
MediaPlayerPrivateAVFoundationObjC.

WebCore.xcodeproj/project.pbxproj:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::didPassCORSAccessCheck): Ask the WebCoreNSURLSession.

platform/network/cocoa/WebCoreNSURLSession.h:
platform/network/cocoa/WebCoreNSURLSession.mm:

(-[WebCoreNSURLSession task:didReceiveCORSAccessCheckResult:]): Conditionally set _corsResults.
(-[WebCoreNSURLSession didPassCORSAccessChecks]): Return _corsResults.
(WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed): Call -resource:accessControlCheckFailedWithError:.
(WebCoreNSURLSessionDataTaskClient::loadFailed): Call -resource:loadFailedWithError:.
(-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Set _response within the delegate queue.
(-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]): Renamed from resourceFinished:
(-[WebCoreNSURLSessionDataTask resource:accessControlCheckFailedWithError:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:loadFailedWithError:]): Ditto.
(-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.

11:12 AM Changeset in webkit [196826] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed build fix.

loader/cocoa/SubresourceLoaderCocoa.mm:

(WebCore::SubresourceLoader::willCacheResponse):

11:06 AM Changeset in webkit [196825] by matthew_hanson@apple.com

2 edits in branches/safari-601-branch/Source/WebCore

Merge r196703. rdar://problem/24623986

10:58 AM Changeset in webkit [196824] by n_wang@apple.com

8 edits in trunk

AX: Inconsistency between CharacterOffset and VisiblePostition
https://bugs.webkit.org/show_bug.cgi?id=154431

Reviewed by Chris Fleizach.

Source/WebCore:

VoiceOver is not getting the correct text marker from VisiblePostition when
navigating using arrow keys. We should make the CharacterOffset behavior consistent
with VisiblePosition so that the conversion between the two won't create different
text markers.

Changes are covered in the modified tests.

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
(WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
(WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
(WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
(WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
(WebCore::AXObjectCache::nextCharacterOffset):
(WebCore::AXObjectCache::previousCharacterOffset):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::endCharacterOffsetOfWord):
(WebCore::AXObjectCache::previousWordStartCharacterOffset):
(WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
(WebCore::AXObjectCache::previousSentenceStartCharacterOffset):

accessibility/AXObjectCache.h:
accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):

LayoutTests:

accessibility/mac/text-marker-word-nav-expected.txt:
accessibility/mac/text-marker-word-nav.html:
accessibility/text-marker/text-marker-previous-next.html:

10:06 AM Changeset in webkit [196823] by andersca@apple.com

2 edits in trunk/Source/WebKit2

Purge as much as we can from WKDeprecatedFunctions.cpp
https://bugs.webkit.org/show_bug.cgi?id=154459

Reviewed by Sam Weinig.

Shared/API/c/WKDeprecatedFunctions.cpp:

(WKArrayIsMutable): Deleted.
(WKPageSetVisibilityState): Deleted.
(WKDictionaryIsMutable): Deleted.
(WKDictionaryAddItem): Deleted.
(WKDictionaryRemoveItem): Deleted.
(WKPreferencesSetRegionBasedColumnsEnabled): Deleted.
(WKPreferencesGetRegionBasedColumnsEnabled): Deleted.
(WKPreferencesSetMultithreadedWebGLEnabled): Deleted.
(WKPreferencesGetMultithreadedWebGLEnabled): Deleted.
(WKPreferencesSetScreenFontSubstitutionEnabled): Deleted.
(WKPreferencesGetScreenFontSubstitutionEnabled): Deleted.
(WKInspectorIsDebuggingJavaScript): Deleted.
(WKInspectorToggleJavaScriptDebugging): Deleted.
(WKInspectorIsProfilingJavaScript): Deleted.
(WKInspectorToggleJavaScriptProfiling): Deleted.
(WKContextGetProcessModel): Deleted.
(WKGraphicsContextGetCGContext): Deleted.
(WKContextGetProcessSuppressionEnabled): Deleted.
(WKContextSetProcessSuppressionEnabled): Deleted.

10:05 AM Changeset in webkit [196822] by jer.noble@apple.com

6 edits in trunk/Source/WebCore

Allow CachedRawResource clients to opt out of caching on a per-response basis
https://bugs.webkit.org/show_bug.cgi?id=154453

Reviewed by Brady Eidson.

For CF or NS networking clients, the system loader will ask whether the client (the
SubResourceLoader in this case) wants the response to be cached. This breaks for byte
range requests due to <rdar://problem/20001985>. Allow the SubresourceLoader to query
its clients, and return null, if they opt out.

loader/cache/CachedRawResource.cpp:

(WebCore::CachedRawResource::shouldCacheResponse):

loader/cache/CachedRawResource.h:
loader/cache/CachedRawResourceClient.h:

(WebCore::CachedRawResourceClient::shouldCacheResponse):

loader/cache/CachedResource.h:

(WebCore::CachedResource::shouldCacheResponse):

loader/cocoa/SubresourceLoaderCocoa.mm:

(WebCore::SubresourceLoader::willCacheResponse):

9:35 AM Changeset in webkit [196821] by beidson@apple.com

11 edits in trunk

Add "databaseProcessDidCrash" to the WKContextClient; Adopt it in WKTR.
https://bugs.webkit.org/show_bug.cgi?id=154428

Reviewed by Jer Noble.

Source/WebKit2:

UIProcess/API/C/WKContext.h:
UIProcess/API/C/mac/WKContextPrivateMac.h:
UIProcess/API/C/mac/WKContextPrivateMac.mm:

(WKContextGetDatabaseProcessIdentifier):

UIProcess/WebContextClient.cpp:

(WebKit::WebContextClient::databaseProcessDidCrash):

UIProcess/WebContextClient.h:

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::databaseProcessCrashed):
(WebKit::WebProcessPool::databaseProcessIdentifier):

UIProcess/WebProcessPool.h:

Tools:

WebKitTestRunner/TestController.cpp:

(WTR::TestController::generatePageConfiguration):
(WTR::TestController::databaseProcessName):
(WTR::TestController::databaseProcessDidCrash):

WebKitTestRunner/TestController.h:

8:49 AM Changeset in webkit [196820] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196797

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

5:25 AM Changeset in webkit [196819] by jfernandez@igalia.com

50 edits
6 adds in trunk/LayoutTests

[CSS Grid Layout Refactoring some layout tests
https://bugs.webkit.org/show_bug.cgi?id=154291

Refactored several tests so they use the shared sizing keywords
instead of specific CSS rules.

Reviewed by Sergio Villar Senin.

fast/css-grid-layout/calc-resolution-grid-item.html:
fast/css-grid-layout/flex-and-intrinsic-sizes-expected.txt:
fast/css-grid-layout/flex-and-intrinsic-sizes.html:
fast/css-grid-layout/grid-align-justify-margin-border-padding-vertical-lr.html:
fast/css-grid-layout/grid-align-justify-margin-border-padding-vertical-rl.html:
fast/css-grid-layout/grid-align-justify-margin-border-padding.html:
fast/css-grid-layout/grid-align-justify-overflow.html:
fast/css-grid-layout/grid-align-justify-stretch.html:
fast/css-grid-layout/grid-align.html:
fast/css-grid-layout/grid-columns-rows-get-set-multiple.html:
fast/css-grid-layout/grid-columns-rows-get-set.html:
fast/css-grid-layout/grid-container-margin-border-padding-scrollbar.html:
fast/css-grid-layout/grid-content-alignment-and-self-alignment.html:
fast/css-grid-layout/grid-content-alignment-overflow.html:
fast/css-grid-layout/grid-content-alignment-with-span-vertical-lr.html:
fast/css-grid-layout/grid-content-alignment-with-span-vertical-rl.html:
fast/css-grid-layout/grid-content-alignment-with-span.html:
fast/css-grid-layout/grid-element-change-columns-repaint.html:
fast/css-grid-layout/grid-element-change-rows-repaint.html:
fast/css-grid-layout/grid-element-repeat-get-set.html:
fast/css-grid-layout/grid-gutters-and-alignment.html:
fast/css-grid-layout/grid-item-auto-margins-alignment-vertical-lr.html:
fast/css-grid-layout/grid-item-auto-margins-alignment-vertical-rl.html:
fast/css-grid-layout/grid-item-auto-margins-alignment.html:
fast/css-grid-layout/grid-item-auto-margins-and-stretch.html:
fast/css-grid-layout/grid-item-auto-sized-align-justify-margin-border-padding.html:
fast/css-grid-layout/grid-item-change-column-repaint.html:
fast/css-grid-layout/grid-item-order-paint-order.html:
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-expected.txt: Added.
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-lr-expected.txt: Added.
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-lr.html: Added.
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-rl-expected.txt: Added.
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-rl.html: Added.
fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding.html: Added.
fast/css-grid-layout/grid-item-z-index-stacking-context-expected.html:
fast/css-grid-layout/grid-item-z-index-stacking-context.html:
fast/css-grid-layout/grid-items-should-not-be-stretched-when-height-or-width-or-margin-change.html:
fast/css-grid-layout/grid-justify-content-distribution.html:
fast/css-grid-layout/grid-justify-content-vertical-lr.html:
fast/css-grid-layout/grid-justify-content-vertical-rl.html:
fast/css-grid-layout/justify-self-cell.html:
fast/css-grid-layout/min-width-height-auto-and-margins.html:
fast/css-grid-layout/minmax-fixed-logical-height-only.html:
fast/css-grid-layout/minmax-fixed-logical-width-only.html:
fast/css-grid-layout/minmax-max-content-resolution-columns.html:
fast/css-grid-layout/minmax-max-content-resolution-rows.html:
fast/css-grid-layout/named-grid-line-get-set.html:
fast/css-grid-layout/percent-grid-item-in-percent-grid-track-in-percent-grid.html:
fast/css-grid-layout/percent-grid-item-in-percent-grid-track.html:
fast/css-grid-layout/percent-of-indefinite-track-size-in-auto.html:
fast/css-grid-layout/percent-of-indefinite-track-size.html:
fast/css-grid-layout/percent-track-breadths-regarding-container-size.html:
fast/css-grid-layout/place-cell-by-index.html:
fast/css-grid-layout/resources/grid-alignment.css:

(.alignSelfCenterSafe):
(.alignSelfCenterUnsafe):
(.alignSelfEndSafe):
(.alignSelfEndUnsafe):
(.alignItemsAuto):
(.alignItemsStretch):
(.alignItemsStart):
(.alignItemsEnd):
(.alignItemsCenterSafe):
(.alignItemsCenterUnsafe):
(.alignItemsEndSafe):
(.alignItemsEndUnsafe):
(.justifySelfAuto):
(.justifySelfStretch):
(.justifySelfStart):
(.justifySelfCenter):
(.justifySelfEnd):
(.justifySelfRight):
(.justifySelfLeft):
(.justifySelfFlexStart):
(.justifySelfFlexEnd):
(.justifySelfSelfStart):
(.justifySelfSelfEnd):
(.justifySelfCenterSafe):
(.justifySelfCenterUnsafe):
(.justifyItemsAuto):
(.justifyItemsStretch):
(.justifyItemsStart):
(.justifyItemsCenter):
(.justifyItemsEnd):
(.justifyItemsCenterSafe):
(.justifyItemsCenterUnsafe):
(.justifyItemsEndSafe):
(.justifyItemsEndUnsafe):
(.selfStretch):
(.contentStart):
(.contentCenter):
(.contentEnd):
(.contentCenterSafe):
(.contentCenterUnsafe):
(.contentEndSafe):
(.contentEndUnsafe):
(.contentSpaceBetween):
(.contentSpaceAround):
(.contentSpaceEvenly):
(.contentStretch):

fast/css-grid-layout/resources/grid.css:

(.verticalRL):
(.verticalLR):
(.horizontalTB):
(.horizontalBT):
(.inline-grid): Deleted.
(.firstRowFirstColumn): Deleted.
(.directionRTL): Deleted.

5:13 AM Changeset in webkit [196818] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.11.90

WebKitGTK+ 2.11.90

5:11 AM Changeset in webkit [196817] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.11.90 release.

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

gtk/NEWS: Add release notes for 2.11.90.

4:11 AM Changeset in webkit [196816] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196810 - Add isJSString(JSCell*) variant to avoid Cell->JSValue->Cell conversion
https://bugs.webkit.org/show_bug.cgi?id=154442

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-19
Reviewed by Saam Barati.

runtime/JSString.h:

(JSC::isJSString):

3:56 AM Changeset in webkit [196815] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196809 - [GStreamer] clean-up various leaks
https://bugs.webkit.org/show_bug.cgi?id=154285

Reviewed by Carlos Garcia Campos.

platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:

(webkit_web_audio_src_init): Take full ownership of the GstTask.

platform/graphics/gstreamer/GRefPtrGStreamer.cpp:

(WTF::adoptGRef): Null pointer support in ASSERTs.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
(WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.

3:55 AM Changeset in webkit [196814] by Carlos Garcia Campos

5 edits
2 moves in releases/WebKitGTK/webkit-2.12

Merge r196807 - Revert to dispatching the popstate event synchronously
https://bugs.webkit.org/show_bug.cgi?id=153297
rdar://problem/24092294

Reviewed by Brent Fulgham.

Source/WebCore:

r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
r192369's changes to Document.cpp, but retains the new tests.

Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
frames from the document that will later be accessed by HistoryController::recursiveGoToItem().

To prevent the crashes, this change does two things:

Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it.
Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted.

Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

dom/Document.cpp:

(WebCore::Document::enqueuePopstateEvent):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadSameDocumentItem):

loader/HistoryController.cpp:

(WebCore::HistoryController::recursiveGoToItem):

LayoutTests:

Renamed and modified this test to expect synchronous dispatch.

fast/loader/stateobjects/popstate-is-synchronous-expected.txt: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt.
fast/loader/stateobjects/popstate-is-synchronous.html: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous.html.

3:48 AM Changeset in webkit [196813] by Alan Bujtas

3 edits in trunk/Source/WebCore

Blocked plug-in placeholder is sometimes not shown.
https://bugs.webkit.org/show_bug.cgi?id=154434
<rdar://problem/22584973>

Reviewed by Brent Fulgham.

m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
(The reason why the indicator showed up most of the time was because some renderer
triggered repaint on the view.)

Unable to test.

rendering/RenderEmbeddedObject.cpp:

(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
(WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.

rendering/RenderEmbeddedObject.h:

(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

3:30 AM Changeset in webkit [196812] by Csaba Osztrogonác

3 edits
3 deletes in trunk/Source/JavaScriptCore

Remove more LLVM related dead code after r196729
https://bugs.webkit.org/show_bug.cgi?id=154387

Reviewed by Filip Pizlo.

Configurations/CompileRuntimeToLLVMIR.xcconfig: Removed.
Configurations/LLVMForJSC.xcconfig: Removed.
JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.props: Removed.
JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj: Removed.
JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj.filters: Removed.
JavaScriptCore.xcodeproj/project.pbxproj:
disassembler/X86Disassembler.cpp:

2:49 AM Changeset in webkit [196811] by Csaba Osztrogonác

3 edits in trunk/Source/WebCore

Fix pessimizing-move warnings
https://bugs.webkit.org/show_bug.cgi?id=154395

Reviewed by Michael Catanzaro.

platform/graphics/efl/CairoUtilitiesEfl.cpp:

(WebCore::evasObjectFromCairoImageSurface):

platform/graphics/surfaces/GLTransportSurface.cpp:

(WebCore::GLTransportSurface::createTransportSurface):
(WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):

2:39 AM Changeset in webkit [196810] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Add isJSString(JSCell*) variant to avoid Cell->JSValue->Cell conversion
https://bugs.webkit.org/show_bug.cgi?id=154442

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-19
Reviewed by Saam Barati.

runtime/JSString.h:

(JSC::isJSString):

2:30 AM Changeset in webkit [196809] by Philippe Normand

4 edits in trunk/Source/WebCore

[GStreamer] clean-up various leaks
https://bugs.webkit.org/show_bug.cgi?id=154285

Reviewed by Carlos Garcia Campos.

platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:

(webkit_web_audio_src_init): Take full ownership of the GstTask.

platform/graphics/gstreamer/GRefPtrGStreamer.cpp:

(WTF::adoptGRef): Null pointer support in ASSERTs.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
(WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.

2:17 AM Changeset in webkit [196808] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Remove unused SymbolTable::createNameScopeTable
https://bugs.webkit.org/show_bug.cgi?id=154443

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-19
Reviewed by Saam Barati.

runtime/SymbolTable.h:

1:29 AM Changeset in webkit [196807] by aestes@apple.com

5 edits
2 moves in trunk

Revert to dispatching the popstate event synchronously
https://bugs.webkit.org/show_bug.cgi?id=153297
rdar://problem/24092294

Reviewed by Brent Fulgham.

Source/WebCore:

To prevent the crashes, this change does two things:

Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it.
Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted.

Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

dom/Document.cpp:

(WebCore::Document::enqueuePopstateEvent):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadSameDocumentItem):

loader/HistoryController.cpp:

(WebCore::HistoryController::recursiveGoToItem):

LayoutTests:

Renamed and modified this test to expect synchronous dispatch.

fast/loader/stateobjects/popstate-is-synchronous-expected.txt: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt.
fast/loader/stateobjects/popstate-is-synchronous.html: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous.html.

1:00 AM WebKitGTK/2.12.x created by Carlos Garcia Campos

12:56 AM Changeset in webkit [196806] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.12

Branch WebKitGTK+ for 2.12

12:47 AM Changeset in webkit [196805] by Carlos Garcia Campos

2 edits in trunk/Source/WebCore

Unreviewed. Fix GObject DOM bindings API break after r196769.

html/HTMLTextAreaElement.idl:

12:09 AM Changeset in webkit [196804] by Philippe Normand

6 edits
3 deletes in trunk

[GStreamer] Bump internal jhbuild versions to 1.6.3
https://bugs.webkit.org/show_bug.cgi?id=149594

Reviewed by Michael Catanzaro.

Source/cmake/FindGStreamer.cmake: Check gst-gl version for the latest stable release of GStreamer.

Tools:

gtk/jhbuild.modules: Bump to GStreamer 1.6.3.
gtk/patches/gst-plugins-bad-fix-faad2-version-check.patch: Removed.
gtk/patches/gst-plugins-bad-remove-gnustep-support.patch: Removed.
gtk/patches/gst-plugins-base-rtp-rtcpbuffer-fix-typo-in-enum.patch: Removed.

LayoutTests:

platform/gtk/TestExpectations: Skipping new failing tests for now.

Feb 18, 2016:

11:27 PM Changeset in webkit [196803] by yoon@igalia.com

7 edits in trunk/Source

[GTK] Limit the number of tiles according to the visible area
https://bugs.webkit.org/show_bug.cgi?id=126122

Reviewed by Carlos Garcia Campos.

Source/WebCore:

TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
means it creates the huge amount of textures if there is an excessively big
layer. Not only it wastes the memory and the CPU time, it even can crash GPU
drivers.

This patch modifies TextureMapperTiledBackingStore to take into account the
visible area with a coverage multiplier when creating tiles.

platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:

(WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
Set a flag to recalculate the visible area of the layer when there are
geometric changes.
(WebCore::GraphicsLayerTextureMapper::setContentsToImage):
(WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
(WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
(WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
(WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
(WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
(WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
Compute the inverse transform matrix to map a global visible are to
the local visible area.
(WebCore::clampToContentsRectIfRectIsInfinite):
(WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):

platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:

(WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
In HiDPI, the directly composited image is uploaded to the unscaled
texture to reduce memory usages. So we should apply device scale
factor to render it correctly.
(WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
Create tiles which covered by visible rect with a coverage multiplier.

Source/WebKit2:

WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:

(WebKit::LayerTreeHostGtk::initialize): Because we creates
nonCompositingLayer with a size of current view, we should not apply
the currently visible rect when creating / deleting tiles.
(WebKit::LayerTreeHostGtk::flushPendingLayerChanges): Passes the current
visible rect to the GraphicsLayers.

11:22 PM Changeset in webkit [196802] by Brent Fulgham

7 edits
1 add in trunk

Extend HashCountedSet with a method to efficiently set the count of an entry
https://bugs.webkit.org/show_bug.cgi?id=154352

Reviewed by Geoffrey Garen.

Source/WebCore:

Tested by new TestWebKitAPI tests.

loader/ResourceLoadStatistics.cpp:

(WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

Source/WTF:

Tested by new TestWebKitAPI tests.

Update the HashCountedSet class with a new 'add' method to support efficient initialization of
the count of a given key. Also provide move and pointer template specializations to expand the
types of data that can be used as 'keys' in the HashCountedSet to match the underlying HashMap
implementation.

wtf/HashCountedSet.h:

(WTF::Traits>::add): Added new overload supporting a supplied count.

Tools:

TestWebKitAPI/CMakeLists.txt: Add new HashCountedSet test files.
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.
TestWebKitAPI/Tests/WTF/HashCountedSet.cpp: Added.

11:14 PM WebKitGTK/GRefPtrAndFloatingRefs created by Carlos Garcia Campos

10:56 PM Changeset in webkit [196801] by commit-queue@webkit.org

3 edits
2 deletes in trunk

Unreviewed, rolling out r196790.
https://bugs.webkit.org/show_bug.cgi?id=154439

made fast/events/wheelevent-basic-actual.txt fail in WK2
(Requested by alexchristensen on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196790

10:53 PM Changeset in webkit [196800] by commit-queue@webkit.org

7 edits
1 delete in trunk

Unreviewed, rolling out r196791.
https://bugs.webkit.org/show_bug.cgi?id=154438

broke windows build (Requested by alexchristensen on #webkit).

Reverted changeset:

"Extend HashCountedSet with a method to efficiently set the
count of an entry"
https://bugs.webkit.org/show_bug.cgi?id=154352
http://trac.webkit.org/changeset/196791

10:42 PM Changeset in webkit [196799] by commit-queue@webkit.org

8 edits in trunk/Source/JavaScriptCore

[JSC] Improve the instruction selection of Select
https://bugs.webkit.org/show_bug.cgi?id=154432

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-18
Reviewed by Filip Pizlo.

Plenty of code but this patch is pretty dumb:
-On ARM64: use the 3 operand form of CSEL instead of forcing a source

to be alised to the destination. This gives more freedom to the register
allocator and it is one less Move to process per Select.

-On x86, introduce a fake 3 operands form and use aggressive aliasing

to try to alias both sources to the destination.

If aliasing succeed on the "elseCase", the condition of the Select
is reverted in the MacroAssembler.

If no aliasing is possible and we end up with 3 registers, the missing
move instruction is generated by the MacroAssembler.

The missing move is generated after testing the values because the destination
can use the same register as one of the test operand.
Experimental testing seems to indicate there is no macro-fusion on CMOV,
there is no measurable cost to having the move there.

assembler/MacroAssembler.h:

(JSC::MacroAssembler::isInvertible):
(JSC::MacroAssembler::invert):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveConditionallyDouble):
(JSC::MacroAssemblerARM64::moveConditionallyFloat):
(JSC::MacroAssemblerARM64::moveConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveConditionally64):
(JSC::MacroAssemblerARM64::moveConditionallyTest32):
(JSC::MacroAssemblerARM64::moveConditionallyTest64):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionallyDouble):
(JSC::MacroAssemblerX86Common::moveConditionallyFloat):
(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveConditionallyTest32):
(JSC::MacroAssemblerX86Common::invert):
(JSC::MacroAssemblerX86Common::isInvertible):

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::moveConditionally64):
(JSC::MacroAssemblerX86_64::moveConditionallyTest64):

b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createSelect):
(JSC::B3::Air::LowerToAir::lower):

b3/air/AirInstInlines.h:

(JSC::B3::Air::Inst::shouldTryAliasingDef):

b3/air/AirOpcode.opcodes:

9:26 PM Changeset in webkit [196798] by commit-queue@webkit.org

5 edits in trunk/Source/WebInspectorUI

Web Inspector: Styles Sidebar focus jumps when trying to edit a color
https://bugs.webkit.org/show_bug.cgi?id=154404
<rdar://problem/24725744>

Patch by Devin Rousso <Devin Rousso> on 2016-02-18
Reviewed by Timothy Hatcher.

Clicking an inline swatch in the CSS Rules sidebar causes any focused
editor, if any, to become blurred and therefore fire its handler function.
This causes an issue because when a CodeMirror instance in the styles
sidebar becomes blurred, it is possible for the entire Rules sidebar to
refresh and recreate all of the sections (r187714), meaning that it will
reselect whatever editor was previously selected before the refresh,
causing the swatch popup to be blurred and therefore dismiss.

UserInterface/Views/CSSStyleDeclarationSection.js:

(WebInspector.CSSStyleDeclarationSection.prototype.cssStyleDeclarationTextEditorBlurActiveEditor):

UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype._createInlineSwatches.createSwatch):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._inlineSwatchBeforeClicked):
Add listener for new event and call to delegate function for handling it.

UserInterface/Views/InlineSwatch.js:

(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now fires an event before the clicked logic happens, but still after the
click event is fired on the element.

UserInterface/Views/RulesStyleDetailsPanel.js:

(WebInspector.RulesStyleDetailsPanel.prototype.cssStyleDeclarationSectionBlurActiveEditor):
Clears the previously focused editor so when a reset happens no editor
is refocused.

9:17 PM Changeset in webkit [196797] by Chris Dumez

15 edits in trunk

window.history / window.navigator should not be replaceable
https://bugs.webkit.org/show_bug.cgi?id=154412

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

window.history / window.navigator should not be replaceable as per
the latest HTML specification:
https://html.spec.whatwg.org/multipage/browsers.html#the-window-object

Firefox and Chrome already match the specification. This patch aligns
our behavior.

No new tests, already covered by existing tests.

page/DOMWindow.idl:

LayoutTests:

Update / rebaseline existing tests now that window.history and
window.navigator are no longer replaceable.

fast/dom/Window/get-set-properties-expected.txt:
fast/dom/Window/get-set-properties.html:
fast/dom/Window/window-property-shadowing-expected.txt:
fast/dom/Window/window-property-shadowing.html:
http/tests/history/cross-origin-replace-history-object-child-expected.txt:
http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html:
js/dom/var-declarations-shadowing-expected.txt:
js/dom/var-declarations-shadowing.html:
js/getOwnPropertyDescriptor-window-attributes-expected.txt:
js/getOwnPropertyDescriptor-window-attributes.html:

9:12 PM Changeset in webkit [196796] by Gyuyoung Kim

2 edits in trunk/Source/JavaScriptCore

[CMake][GTK] Clean up llvm guard in PlatformGTK.cmake
https://bugs.webkit.org/show_bug.cgi?id=154430

Reviewed by Saam Barati.

llvm isn't used anymore.

PlatformGTK.cmake: Remove USE_LLVM_DISASSEMBLER guard.

8:25 PM Changeset in webkit [196795] by rniwa@webkit.org

2 edits in trunk/Websites/perf.webkit.org

Revert an unintended change made in the previous commit.

init-database.sql:

8:18 PM Changeset in webkit [196794] by rniwa@webkit.org

8 edits in trunk/Websites/perf.webkit.org

Perf dashboard should let user cancel pending A/B testing and hide failed ones
https://bugs.webkit.org/show_bug.cgi?id=154433

Reviewed by Chris Dumez.

Added a button to hide a test group in the details view (the bottom table) in the analysis task page, and
"Show hidden tests" link to show the hidden test groups on demand. When a test group is hidden, all pending
requests in the group will also be canceled since a common scenario of using this feature is that the user
had triggered an useless A/B testing; e.g. all builds will fail, wrong, etc... We can revisit and add the
capability to just cancel the pending requests and leaving the group visible later if necessary.

Run ALTER TYPE build_request_status_type ADD VALUE 'canceled'; to add the new type.

init-database.sql: Added testgroup_hidden column to analysis_test_groups table and added 'canceled'

as a value to build_request_status_type table.

public/api/test-groups.php:

(format_test_group): Added 'hidden' field in the JSON result.

public/privileged-api/update-test-group.php:

(main): Added the support for updating testgroup_hidden column. When this column is set to true, also
cancel all pending build requests (by setting its request_status to 'canceled' which will be ignore by
the syncing script).

public/v3/components/test-group-results-table.js:

(TestGroupResultsTable.prototype.setTestGroup): Reset _renderedTestGroup here so that the next call to
render() will update the table; e.g. when build requests' status change from 'Pending' to 'Canceled'.

public/v3/models/build-request.js:

(BuildRequest.prototype.hasCompleted): A build request is considered complete/finished if it's canceled.
(BuildRequest.prototype.hasPending): Added.
(BuildRequest.prototype.statusLabel): Handle 'canceled' status.

public/v3/models/test-group.js:

(TestGroup):
(TestGroup.prototype.updateSingleton): Added to update 'hidden' field.
(TestGroup.prototype.isHidden): Added.
(TestGroup.prototype.hasPending): Added.
(TestGroup.prototype.hasPending): Added.
(TestGroup.prototype.updateHiddenFlag): Added. Uses the privileged API to update testgroup_hidden column.
The JSON API also updates the status of the 'pending' build requests in the group to 'canceled'.

public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage): Added _showHiddenTestGroups and _filteredTestGroups as instance variables.
(AnalysisTaskPage.prototype._didFetchTestGroups):
(AnalysisTaskPage.prototype._showAllTestGroups): Added.
(AnalysisTaskPage.prototype._didUpdateTestGroupHiddenState): Extracted from _didFetchTestGroups.
(AnalysisTaskPage.prototype._renderTestGroupList): Use the filtered list of test groups to show the list
of test groups. When all test groups are shown, we would first show the hidden ones after the regular ones.
(AnalysisTaskPage.prototype._createTestGroupListItem): Extracted from _renderTestGroupList.
(AnalysisTaskPage.prototype._renderTestGroupDetails): Update the text inside the button to hide the test
group. Also show a warning text that the pending requests will be canceled if there are any.
(AnalysisTaskPage.prototype._hideCurrentTestGroup): Added.
(AnalysisTaskPage.cssTemplate): Updated the style.

6:45 PM Changeset in webkit [196793] by Chris Dumez

10 edits
1 copy in trunk

HTMLTableHeaderCellElement.scope should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154423
<rdar://problem/24731018>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

HTMLTableHeaderCellElement.scope should only return known values as per:

https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope

Known values are document here:

https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope

No new tests, already covered by existing test.

CMakeLists.txt:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
html/HTMLElementsAllInOne.cpp:
html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.

(WebCore::HTMLTableHeaderCellElement::scope):
(WebCore::HTMLTableHeaderCellElement::setScope):

html/HTMLTableHeaderCellElement.h:
html/HTMLTableHeaderCellElement.idl:

6:44 PM Changeset in webkit [196792] by rniwa@webkit.org

4 edits in trunk/Websites/perf.webkit.org

The rows in the analysis results table should be expandable
https://bugs.webkit.org/show_bug.cgi?id=154427

Reviewed by Chris Dumez.

Added "(Expand)" link between rows that have hidden points. Upon click it inserts the hidden rows.

We insert around five rows at a time when there are hundreds of hidden points but we also avoid leaving
behind expandable rows of less than two rows.

Also fixed a bug in CustomizableTestGroupForm that getElementsById would throw in the shipping Safari
because getElementsById doesn't exist on Element.prototype by using class name instead.

public/v3/components/analysis-results-viewer.js:

(AnalysisResultsViewer):
(AnalysisResultsViewer.prototype.setCurrentTestGroup): Removed superfluous call to render().
(AnalysisResultsViewer.prototype.setPoints): Always show the start and the end points.
(AnalysisResultsViewer.prototype.buildRowGroups):
(AnalysisResultsViewer.prototype._buildRowsForPointsAndTestGroups): Add an instance of ExpandableRow which
shows a "(Expand)" link to show hidden rows here.
(AnalysisResultsViewer.prototype._expandBetween): Added. Expands rows between two points.
(AnalysisResultsViewer.cssTemplate): Added rules for "(Expand)" links.
(AnalysisResultsViewer.ExpandableRow): Added.
(AnalysisResultsViewer.ExpandableRow.prototype.resultContent): Added. Overrides what's in the results column.
(AnalysisResultsViewer.ExpandableRow.prototype.heading): Added. Generates "(Expand)" link.

public/v3/components/customizable-test-group-form.js:

(CustomizableTestGroupForm.prototype._computeRootSetMap): Use getElementsByClassName instead of
getElementById.
(CustomizableTestGroupForm.prototype._classForLabelAndRepository): Renamed from _idForLabelAndRepository.
(CustomizableTestGroupForm._constructRevisionRadioButtons): Set class name instead of id.

public/v3/components/results-table.js:

(ResultsTable.prototype.render): Don't generate radio buttons to select a row when root set is missing;
e.g. for rows that show "(Expand)" links.

5:14 PM Changeset in webkit [196791] by Brent Fulgham

7 edits
1 add in trunk

Extend HashCountedSet with a method to efficiently set the count of an entry
https://bugs.webkit.org/show_bug.cgi?id=154352

Reviewed by Geoffrey Garen.

Source/WebCore:

Tested by new TestWebKitAPI tests.

loader/ResourceLoadStatistics.cpp:

(WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

Source/WTF:

Tested by new TestWebKitAPI tests.

wtf/HashCountedSet.h:

(WTF::Traits>::add): Added new overload supporting a supplied count.

Tools:

TestWebKitAPI/CMakeLists.txt: Add new HashCountedSet test files.
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.
TestWebKitAPI/Tests/WTF/HashCountedSet.cpp: Added.

5:13 PM Changeset in webkit [196790] by Simon Fraser

3 edits
2 adds in trunk

Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.
Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

Test: fast/events/wheel-event-destroys-frame.html

page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::platformCompleteWheelEvent):

LayoutTests:

fast/events/wheel-event-destroys-frame-expected.txt: Added.
fast/events/wheel-event-destroys-frame.html: Added.

5:07 PM Changeset in webkit [196789] by sbarati@apple.com

5 edits
1 add in trunk/Source/JavaScriptCore

Implement Proxy.HasProperty?
https://bugs.webkit.org/show_bug.cgi?id=154313

Reviewed by Filip Pizlo.

This patch is a straight forward implementation of
Proxy.HasProperty? with respect to section 9.5.7
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-hasproperty-p

runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):

runtime/ProxyObject.h:
tests/es6.yaml:
tests/stress/proxy-basic.js:

(assert):
(let.handler.has):

tests/stress/proxy-has-property.js: Added.

(assert):
(throw.new.Error.let.handler.get has):
(throw.new.Error):
(assert.let.handler.has):
(let.handler.has):
(getOwnPropertyDescriptor):
(i.catch):

5:03 PM Changeset in webkit [196788] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Add Native Parameter Lists to Console prototype functions
https://bugs.webkit.org/show_bug.cgi?id=154419
<rdar://problem/24730314>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-18
Reviewed by Timothy Hatcher.

UserInterface/Models/NativeFunctionParameters.js:

4:51 PM Changeset in webkit [196787] by rniwa@webkit.org

3 edits in trunk/Websites/perf.webkit.org

Statistically significant A/B testing results should be color coded in details view
https://bugs.webkit.org/show_bug.cgi?id=154414

Reviewed by Chris Dumez.

Color code the statistically significant comparisions in TestGroupResultsTable as done in the analysis
results viewer.

public/v3/components/customizable-test-group-form.js:

(CustomizableTestGroupForm.cssTemplate): Build fix after r196768.

public/v3/components/test-group-results-table.js:

(TestGroupResultsTable.prototype.buildRowGroups): Add the status as a class name.
(TestGroupResultsTable.cssTemplate): Added styles to color-code statistically significant results.

4:42 PM Changeset in webkit [196786] by beidson@apple.com

5 edits in trunk/Source

Modern IDB: Fix IDBGetResult encoder/decoder.
https://bugs.webkit.org/show_bug.cgi?id=154421

Reviewed by Alex Christensen.

No new tests, as Modern IDB is still disabled for WK2.

But if you manually enable it, "Basic IndexedDB Seems To Work"

Source/WebCore:

Modules/indexeddb/IDBGetResult.h:

(WebCore::IDBGetResult::encode):
(WebCore::IDBGetResult::decode):

Source/WebKit2:

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<IDBGetResult>::encode): Deleted.
(IPC::ArgumentCoder<IDBGetResult>::decode): Deleted.

Shared/WebCoreArgumentCoders.h:

4:27 PM Changeset in webkit [196785] by sbarati@apple.com

7 edits in trunk/Source/JavaScriptCore

Proxy's don't properly handle Symbols as PropertyKeys.
https://bugs.webkit.org/show_bug.cgi?id=154385

Reviewed by Mark Lam and Yusuke Suzuki.

We were converting all PropertyKeys to strings, even when
the PropertyName was a Symbol. In the spec, PropertyKeys are
either a Symbol or a String. We now respect that in Proxy.Get? and
Proxy.GetOwnProperty?.

runtime/Completion.cpp:

(JSC::profiledEvaluate):
(JSC::createSymbolForEntryPointModule):
(JSC::identifierToJSValue): Deleted.

runtime/Identifier.h:

(JSC::parseIndex):

runtime/IdentifierInlines.h:

(JSC::Identifier::fromString):
(JSC::identifierToJSValue):
(JSC::identifierToSafePublicJSValue):

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):

tests/es6.yaml:
tests/stress/proxy-basic.js:

(let.handler.getOwnPropertyDescriptor):

4:03 PM Changeset in webkit [196784] by mmaxfield@apple.com

4 edits in trunk/Source/WebCore

Addressing post-review comments after r196747.

Unreviewed.

css/CSSFontFaceSet.h:
css/FontFaceSet.cpp:

(WebCore::FontFaceSet::size):
(WebCore::FontFaceSet::clear):

css/FontFaceSet.h:

4:01 PM Changeset in webkit [196783] by andersca@apple.com

3 edits
1 delete in trunk

.:
Get rid of the "All Source (target WebProcess)" scheme.

Rubber-stamped by Dan Bernstein.

WebKit.xcworkspace/xcshareddata/xcschemes/All Source (target WebProcess).xcscheme: Removed.

Tools:
Get rid of the --target-web-process and --use-web-process-xpc-service options.

Rubber-stamped by Dan Bernstein.

We now always use XPC, and --target-web-process is no longer supported.

Scripts/webkitdirs.pm:

(execMacWebKitAppForDebugging):
(shouldTargetWebProcess): Deleted.
(determineShouldTargetWebProcess): Deleted.
(shouldUseXPCServiceForWebProcess): Deleted.
(determineShouldUseXPCServiceForWebProcess): Deleted.
(printHelpAndExitForRunAndDebugWebKitAppIfNeeded): Deleted.
(argumentsForRunAndDebugMacWebKitApp): Deleted.

3:48 PM Changeset in webkit [196782] by Alan Bujtas

3 edits
2 adds in trunk

Soft hyphen is not shown when it is placed at the end of an inline element
https://bugs.webkit.org/show_bug.cgi?id=153980

Reviewed by David Hyatt.

This patch handles the case when the character at the breaking position does not fit the
line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
(foobar where b overflows the line).
In such cases we don't yet have an item in the breaking history so we need to take a look at
the current context instead.

Source/WebCore:

Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html

rendering/line/BreakingContext.h:

(WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
(WebCore::BreakingContext::handleText):

LayoutTests:

fast/text/soft-hyphen-as-first-breaking-opportunity-expected.html: Added.
fast/text/soft-hyphen-as-first-breaking-opportunity.html: Added.

3:43 PM Changeset in webkit [196781] by Ryan Haddad

2 edits in trunk/Tools

Skip API test WTF_ParkingLot.UnparkOneFiftyThenFiftyAll on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153997

Reviewed by Filip Pizlo.

TestWebKitAPI/Tests/WTF/ParkingLot.cpp:

3:35 PM Changeset in webkit [196780] by akling@apple.com

4 edits in trunk/Source/WebCore

Fake memory pressure handler should log detailed memory breakdown.
<https://webkit.org/b/154415>

Reviewed by Antti Koivisto.

Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
and have the fake memory handler dump before/after/diff after it runs.

page/ResourceUsageThread.h:

(WebCore::TagInfo::TagInfo):

page/cocoa/ResourceUsageThreadCocoa.mm:

(WebCore::logFootprintComparison):
(WebCore::displayNameForVMTag):
(WebCore::pagesPerVMTag):
(WebCore::TagInfo::TagInfo): Deleted.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::install):

2:42 PM Changeset in webkit [196779] by beidson@apple.com

9 edits in trunk/Source

Modern IDB: Implement server->client operations in WK2.
https://bugs.webkit.org/show_bug.cgi?id=154411

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.
Source/WebCore:

Modules/indexeddb/client/IDBConnectionToServer.h:
Modules/indexeddb/server/IDBServer.h:
Modules/indexeddb/shared/IDBTransactionInfo.h:

(WebCore::IDBTransactionInfo::encode):
(WebCore::IDBTransactionInfo::decode):

Source/WebKit2:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:

(WebKit::WebIDBConnectionToClient::WebIDBConnectionToClient):
(WebKit::WebIDBConnectionToClient::~WebIDBConnectionToClient):

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::didDeleteDatabase):
(WebKit::WebIDBConnectionToServer::didOpenDatabase):
(WebKit::WebIDBConnectionToServer::didAbortTransaction):
(WebKit::WebIDBConnectionToServer::didCommitTransaction):
(WebKit::WebIDBConnectionToServer::didCreateObjectStore):
(WebKit::WebIDBConnectionToServer::didDeleteObjectStore):
(WebKit::WebIDBConnectionToServer::didClearObjectStore):
(WebKit::WebIDBConnectionToServer::didCreateIndex):
(WebKit::WebIDBConnectionToServer::didDeleteIndex):
(WebKit::WebIDBConnectionToServer::didPutOrAdd):
(WebKit::WebIDBConnectionToServer::didGetRecord):
(WebKit::WebIDBConnectionToServer::didGetCount):
(WebKit::WebIDBConnectionToServer::didDeleteRecord):
(WebKit::WebIDBConnectionToServer::didOpenCursor):
(WebKit::WebIDBConnectionToServer::didIterateCursor):
(WebKit::WebIDBConnectionToServer::fireVersionChangeEvent):
(WebKit::WebIDBConnectionToServer::didStartTransaction):
(WebKit::WebIDBConnectionToServer::notifyOpenDBRequestBlocked):

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:

WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):

2:31 PM Changeset in webkit [196778] by jer.noble@apple.com

5 edits in trunk/Tools

run-webkit-httpd should use webkitpy to run httpd.
https://bugs.webkit.org/show_bug.cgi?id=154271

Reviewed by Alexey Proskuryakov.

Update run-webkit-httpd to use webkitpy.port to launch httpd. Pass on http_port and http_all_interface
options to match the current run-webkit-httpd (optional) behavior.

Scripts/run-webkit-httpd:

(parse_args):
(main):

Scripts/webkitpy/layout_tests/servers/apache_http_server.py:

(LayoutTestApacheHttpd.init):

Scripts/webkitpy/layout_tests/servers/http_server.py:

(Lighttpd._prepare_config):

Scripts/webkitpy/port/base.py:

(Port.to.start_http_server):

1:58 PM Changeset in webkit [196777] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196770

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

1:58 PM Changeset in webkit [196776] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html for ios-simulator after r196769

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

1:55 PM Changeset in webkit [196775] by sbarati@apple.com

4 edits in trunk/Source/JavaScriptCore

Follow up fix to Implement Proxy.GetOwnProperty?
https://bugs.webkit.org/show_bug.cgi?id=154314

Reviewed by Filip Pizlo.

Part of the implementation was broken because
of how JSObject::getOwnPropertyDescriptor worked.
I've fixed JSObject::getOwnPropertyDescriptor to
be able to handle ProxyObject.

runtime/JSObject.cpp:

(JSC::JSObject::getOwnPropertyDescriptor):

runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):

tests/stress/proxy-get-own-property.js:

(assert):
(assert.let.handler.get getOwnPropertyDescriptor):

1:30 PM Changeset in webkit [196774] by BJ Burg

2 edits in trunk/Source/WebKit2

RemoteInspector deadlocks if _WKAutomationDelegate creates/registers a target synchronously
https://bugs.webkit.org/show_bug.cgi?id=154359
<rdar://problem/24708897>

Reviewed by Joseph Pecoraro.

UIProcess/Cocoa/AutomationClient.mm:

(WebKit::AutomationClient::requestAutomationSession):
Make an NSString out of the String reference so it gets captured correctly.

12:59 PM Changeset in webkit [196773] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

Fix unused-const-variable warning on non Cocoa platforms
https://bugs.webkit.org/show_bug.cgi?id=154394

Reviewed by Michael Catanzaro.

html/HTMLPlugInImageElement.cpp:

12:32 PM ASanWebKit edited by ddkilzer@webkit.org

Updated for Mac OS X 10.11 El Capitan and later. (diff)

12:29 PM Changeset in webkit [196772] by sbarati@apple.com

8 edits
1 add in trunk/Source/JavaScriptCore

Implement Proxy.GetOwnProperty?
https://bugs.webkit.org/show_bug.cgi?id=154314

Reviewed by Filip Pizlo.

This patch implements Proxy.GetOwnProperty?.
It's a straight forward implementation as described
in section 9.5.5 of the specification:
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p

runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncBind):

runtime/JSObject.cpp:

(JSC::validateAndApplyPropertyDescriptor):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::defineOwnProperty):
(JSC::JSObject::getGenericPropertyNames):
(JSC::JSObject::getMethod):

runtime/JSObject.h:

(JSC::JSObject::butterflyAddress):
(JSC::makeIdentifier):

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::getOwnPropertySlot):
(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::ProxyObject::visitChildren):

runtime/ProxyObject.h:
tests/es6.yaml:
tests/stress/proxy-basic.js:

(let.handler.get null):

tests/stress/proxy-get-own-property.js: Added.

(assert):
(throw.new.Error.let.handler.getOwnPropertyDescriptor):
(throw.new.Error):
(let.handler.getOwnPropertyDescriptor):
(i.catch):
(assert.let.handler.getOwnPropertyDescriptor):

12:23 PM Changeset in webkit [196771] by beidson@apple.com

14 edits in trunk/Source

Modern IDB: Implement client->server operations in WK2.
https://bugs.webkit.org/show_bug.cgi?id=154400

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.

Source/WebCore:

Modules/indexeddb/server/IDBServer.h:
Modules/indexeddb/server/UniqueIDBDatabase.h:
Modules/indexeddb/shared/IDBIndexInfo.h:
Modules/indexeddb/shared/IDBObjectStoreInfo.h:

Source/WebKit2:

DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::idbServer):

DatabaseProcess/DatabaseProcess.h:

DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveMessage):

DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:

(WebKit::WebIDBConnectionToClient::deleteDatabase):
(WebKit::WebIDBConnectionToClient::openDatabase):
(WebKit::WebIDBConnectionToClient::abortTransaction):
(WebKit::WebIDBConnectionToClient::commitTransaction):
(WebKit::WebIDBConnectionToClient::didFinishHandlingVersionChangeTransaction):
(WebKit::WebIDBConnectionToClient::createObjectStore):
(WebKit::WebIDBConnectionToClient::deleteObjectStore):
(WebKit::WebIDBConnectionToClient::clearObjectStore):
(WebKit::WebIDBConnectionToClient::createIndex):
(WebKit::WebIDBConnectionToClient::deleteIndex):
(WebKit::WebIDBConnectionToClient::putOrAdd):
(WebKit::WebIDBConnectionToClient::getRecord):
(WebKit::WebIDBConnectionToClient::getCount):
(WebKit::WebIDBConnectionToClient::deleteRecord):
(WebKit::WebIDBConnectionToClient::openCursor):
(WebKit::WebIDBConnectionToClient::iterateCursor):
(WebKit::WebIDBConnectionToClient::establishTransaction):
(WebKit::WebIDBConnectionToClient::databaseConnectionClosed):
(WebKit::WebIDBConnectionToClient::abortOpenAndUpgradeNeeded):
(WebKit::WebIDBConnectionToClient::didFireVersionChangeEvent):

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
DatabaseProcess/IndexedDB/WebIDBConnectionToClient.messages.in:

12:18 PM Changeset in webkit [196770] by Chris Dumez

10 edits in trunk

[Unforgeable] operations should not be writable as per Web IDL
https://bugs.webkit.org/show_bug.cgi?id=154396
<rdar://problem/24721063>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

[Unforgeable] operations should not be writable as per the Web IDL specification:
http://heycam.github.io/webidl/#es-operations

They were currently non-configurable in WebKit but still writable.

No new tests, already covered by existing test.

bindings/scripts/CodeGeneratorJS.pm:

Mark [Unforgeable] operations as ReadOnly.

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:
bindings/scripts/test/TestObj.idl:

Add bindings test coverage for [Unforgeable].

12:14 PM Changeset in webkit [196769] by Chris Dumez

12 edits in trunk

Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
https://bugs.webkit.org/show_bug.cgi?id=154398

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/reflection-forms-expected.txt:
web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Fix behavior of reflecting unsigned long IDL attributes that are limited
to only non-negative numbers greater than zero to comply with:

https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero

This patch updates the following IDL attributes:

colgroup.span
col.span
input.size
textarea.cols
textareal.rows

All of them now:

Have "unsigned long" type on IDL size and "unsigned" type on native side.
On getting, return the value if it is in the range [1; 2147483647], otherwise return the default value.
On setting, set to the input value if it is in the range [1; 2147483647], otherwise, set to the default value.

Note that as per the specification, we are supposed to throw an
IndexSizeError exception when trying to set those attributes to zero.
However, we instead use the default value to match other browsers.
It would be risky to be the only browser to throw in this case.

No new tests, already covered by existing test.

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseAttribute):
(WebCore::HTMLInputElement::setSize):

html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::setSpan):

html/HTMLTableColElement.h:
html/HTMLTableColElement.idl:
html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::parseAttribute):
(WebCore::HTMLTextAreaElement::setCols):
(WebCore::HTMLTextAreaElement::setRows):
(WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.

html/HTMLTextAreaElement.h:
html/HTMLTextAreaElement.idl:
html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):

12:07 PM Changeset in webkit [196768] by rniwa@webkit.org

6 edits
1 add in trunk/Websites/perf.webkit.org

v3 UI should allow custom revisions for A/B testing
https://bugs.webkit.org/show_bug.cgi?id=154379

Reviewed by Chris Dumez.

Added the capability to customize revisions selected in the overview chart and the results viewer.

Newly added CustomizableTestGroupForm is responsible for allowing users to modify the set of revisions in
a new A/B testing group. Unlike TestGroupForm which doesn't know anything about which revisions are selected
for each project/repository, CustomizableTestGroupForm is aware of the list of revisions used in each set.

The list of revisions used in each set is represented by RootSet if users had not customized them, and
CustomRootSet otherwise; the latter was added since regular RootSet object requires CommitLog and other
DataModelObjects which are hard to create without corresponding database entries.

public/v3/components/customizable-test-group-form.js: Added.

(CustomizableTestGroupForm): Added.
(CustomizableTestGroupForm.prototype.setRootSetMap): Added.
(CustomizableTestGroupForm.prototype._submitted): Overrides the superclass' method.
(CustomizableTestGroupForm.prototype._customize): Ditto. Unlike TestGroupForm's callback, this class'
callback passes in a root set map as the third argument.
(CustomizableTestGroupForm.prototype._computeRootSetMap): Added. Returns this._rootSetMap, which is set by
AnalysisTaskPage if user had not customized the root sets. Otherwise return a new map with CustomRootSet's.
(CustomizableTestGroupForm.prototype.render): Added. Creates a table to allow customization of root sets.
(CustomizableTestGroupForm._constructRevisionRadioButtons): Added.
(CustomizableTestGroupForm._createRadioButton): Added.
(CustomizableTestGroupForm.cssTemplate): Added.
(CustomizableTestGroupForm.formContent): Added. This method is called by TestGroupForm.htmlTemplate.

public/v3/components/test-group-form.js:

(TestGroupForm): Updated the various methods to not directly mutate DOM. Store the state in instance
variables and update DOM in render() as done elsewhere.
(TestGroupForm.prototype.setNeedsName): Deleted. We no longer need this flag since TestGroupForm which is
used for retries never needs a name and CustomizableTestGroupForm which is used to create a new test group
always requires a name.
(TestGroupForm.prototype.setDisabled):
(TestGroupForm.prototype.setLabel):
(TestGroupForm.prototype.setRepetitionCount):
(TestGroupForm.prototype.render): Added.
(TestGroupForm.prototype._submitted): Moved the code to prevent the default action has been moved to the
constructor since this method is overridden by CustomizableTestGroupForm.
(TestGroupForm.cssTemplate): Added.
(TestGroupForm.htmlTemplate):
(TestGroupForm.formContent): Extracted from htmlTemplate.

public/v3/index.html:
public/v3/models/repository.js:

(Repository.sortByNamePreferringOnesWithURL): Added.

public/v3/models/root-set.js:

(RootSet.prototype.revisionForRepository): Added so that _createTestGroupAfterVerifyingRootSetList can retrieve
the revision information from CustomRootSet without going through CommitLog objects since CustomRootSet doesn't
have associated CommitLog objects.
(CustomRootSet): Added. Used by CustomizableTestGroupForm to create a custom root map since regular RootSet
requires CommitLog and other related objects which are hard to create without database entries.
(CustomRootSet.prototype.setRevisionForRepository): Added.
(CustomRootSet.prototype.repositories): Added.
(CustomRootSet.prototype.revisionForRepository): Added.

public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage):
(AnalysisTaskPage.prototype.render): Removed the reference to v2 UI since v3 UI is now strictly more powerful
than v2 UI. Also update the root set maps in each form here.
(AnalysisTaskPage.prototype._retryCurrentTestGroup): No longer takes unused name argument as it got removed
from TestGroupForm.
(AnalysisTaskPage.prototype._chartSelectionDidChange): No longer updates the disabled-ness here since it's now
done in render() via setRootSetMap().
(AnalysisTaskPage.prototype._createNewTestGroupFromChart): Now takes rootSetMap as an argument.
(AnalysisTaskPage.prototype._selectedRowInAnalysisResultsViewer): No longer updates the disabled-ness here
since it's now done in render() via setRootSetMap().
(AnalysisTaskPage.prototype._createNewTestGroupFromViewer): Now takes rootSetMap as an argument.
(AnalysisTaskPage.prototype._createTestGroupAfterVerifyingRootSetList): Take a dictionary of root set labels
such as A and B, which maps to a RootSet or a newly-added CustomRootSet.
(AnalysisTaskPage.htmlTemplate): Use customizable-test-group-form for creating a new A/B testing group. Retry
form will continue to use TestGroupForm since customizing revisions is non-sensical in retries.
(AnalysisTaskPage.cssTemplate): Updated the style.

11:06 AM Changeset in webkit [196767] by ChangSeok Oh

3 edits in trunk/Source/WebKit2

[GTK][Threaded Compositor] The web inspector doesn't work when using the threaded compositor
https://bugs.webkit.org/show_bug.cgi?id=154067

Reviewed by Carlos Garcia Campos.

The forceCompositingMode should be true for threaded compositor. We set it true for a normal webView
in _WebKitSettingsPrivate() but we do not for inspector anywhere. So DrawingArea is not
properly created for the inspector. Let's move the setting to WebPreferences::platformInitializeStore
which is a common place for the webView and the inspector.

UIProcess/API/gtk/WebKitSettings.cpp:

(_WebKitSettingsPrivate::_WebKitSettingsPrivate): Deleted.

UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformInitializeStore):

11:02 AM Changeset in webkit [196766] by commit-queue@webkit.org

3 edits in trunk/Source/WebKit2

Unreviewed, rolling out r196765.
https://bugs.webkit.org/show_bug.cgi?id=154402

Broke Safari (Requested by andersca on #webkit).

Reverted changeset:

"Remove two unused functions"
https://bugs.webkit.org/show_bug.cgi?id=154397
http://trac.webkit.org/changeset/196765

10:44 AM Changeset in webkit [196765] by andersca@apple.com

3 edits in trunk/Source/WebKit2

Remove two unused functions
https://bugs.webkit.org/show_bug.cgi?id=154397

Reviewed by Tim Horton.

UIProcess/API/C/WKContext.cpp:

(WKContextGetPluginSiteDataManager): Deleted.
(WKContextGetResourceCacheManager): Deleted.

UIProcess/API/C/WKContext.h:

10:21 AM Changeset in webkit [196764] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196742

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

10:13 AM Changeset in webkit [196763] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro

Follow-up fix noted by Andy Estes for:

[Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
<http://webkit.org/b/154364>

platform/mac/SoftLinking.h:

(SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
ASSERT_WITH_MESSAGE_UNUSED().

9:53 AM Changeset in webkit [196762] by Csaba Osztrogonác

14 edits in trunk/LayoutTests

JSC ARM Linux test gardening after r196625
https://bugs.webkit.org/show_bug.cgi?id=154392

Reviewed by Mark Lam.

js/script-tests/dfg-float32array.js:
js/script-tests/dfg-float64array.js:
js/script-tests/dfg-int16array.js:
js/script-tests/dfg-int32array-overflow-values.js:
js/script-tests/dfg-int32array.js:
js/script-tests/dfg-int8array.js:
js/script-tests/dfg-osr-entry-hoisted-clobbered-structure-check.js:
js/script-tests/dfg-uint16array.js:
js/script-tests/dfg-uint32array-overflow-values.js:
js/script-tests/dfg-uint32array.js:
js/script-tests/dfg-uint8array.js:
js/script-tests/dfg-uint8clampedarray.js:
js/script-tests/regress-141098.js:

9:25 AM Changeset in webkit [196761] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

JSString resolution of substrings should use StringImpl sharing optimization.
<https://webkit.org/b/154068>
<rdar://problem/24629358>

Reviewed by Antti Koivisto.

When resolving a JSString that's actually a substring of another JSString,
use the StringImpl sharing optimization to create a new string pointing into
the parent one, instead of copying out the bytes of the string.

This dramatically reduces peak memory usage on Gerrit diff viewer pages.

Another approach to this would be to induce GC far more frequently due to
the added cost of copying out these substrings. It would reduce the risk
of prolonging the life of strings only kept alive by substrings.

This patch chooses to trade that risk for less GC and lower peak memory.

runtime/JSString.cpp:

(JSC::JSRopeString::resolveRope):

9:19 AM Changeset in webkit [196760] by Chris Dumez

2 edits in trunk/Source/JavaScriptCore

Crash on SES selftest page when loading the page while WebInspector is open
https://bugs.webkit.org/show_bug.cgi?id=154378
<rdar://problem/24713422>

Reviewed by Mark Lam.

Do a partial revert of r196676 so that JSObject::getOwnPropertyDescriptor()
returns early again if it detects that getOwnPropertySlot() returns a
non-own property. This check was removed in r196676 because we assumed that
only JSDOMWindow::getOwnPropertySlot() could return non-own properties.
However, as it turns out, DebuggerScope::getOwnPropertySlot() does so as
well.

Not having the check would lead to crashes when using the debugger because
we would get a slot with the CustomAccessor attribute but getDirect() would
then fail to return the property (because it is not an own property). We
would then cast the value returned by getDirect() to a CustomGetterSetter*
and dereference it.

runtime/JSObject.cpp:

(JSC::JSObject::getOwnPropertyDescriptor):

8:55 AM Changeset in webkit [196759] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

Unreviewed, fix VS build. I didn't know we still did that, but apparently there's a bot
for that.

JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

8:48 AM Changeset in webkit [196758] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix CMake build. This got messed up when rebasing.

CMakeLists.txt:

8:45 AM Changeset in webkit [196757] by Csaba Osztrogonác

2 edits in trunk/Source/JavaScriptCore

Fix the !ENABLE(DFG_JIT) build after r195865
https://bugs.webkit.org/show_bug.cgi?id=154391

Reviewed by Filip Pizlo.

runtime/SamplingProfiler.cpp:

(JSC::tryGetBytecodeIndex):

8:40 AM Changeset in webkit [196756] by fpizlo@apple.com

27 edits
3 moves
1 delete in trunk

Remove remaining references to LLVM, and make sure comments refer to the backend as "B3" not "LLVM"
https://bugs.webkit.org/show_bug.cgi?id=154383

Reviewed by Saam Barati.

Source/JavaScriptCore:

I did a grep -i llvm of all of our code and did one of the following for each occurence:

Renamed it to B3. This is appropriate when we were using "LLVM" to mean "the FTL backend".

Removed the reference because I found it to be dead. In some cases it was a dead comment: it was telling us things about what LLVM did and that's just not relevant anymore. In other cases it was dead code that I forgot to delete in a previous patch.

Edited the comment in some smart way. There were comments talking about what LLVM did that were still of interest. In some cases, I added a FIXME to consider changing the code below the comment on the grounds that it was written in a weird way to placate LLVM and so we can do it better now.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGArgumentsEliminationPhase.cpp:
dfg/DFGOSRAvailabilityAnalysisPhase.h:
dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::compileTimeStats):

dfg/DFGPutStackSinkingPhase.cpp:
dfg/DFGSSAConversionPhase.h:
dfg/DFGStaticExecutionCountEstimationPhase.h:
dfg/DFGUnificationPhase.cpp:

(JSC::DFG::UnificationPhase::run):

disassembler/ARM64Disassembler.cpp:

(JSC::tryToDisassemble): Deleted.

disassembler/X86Disassembler.cpp:

(JSC::tryToDisassemble):

ftl/FTLAbstractHeap.cpp:

(JSC::FTL::IndexedAbstractHeap::initialize):

ftl/FTLAbstractHeap.h:
ftl/FTLFormattedValue.h:
ftl/FTLJITFinalizer.cpp:

(JSC::FTL::JITFinalizer::finalizeFunction):

ftl/FTLLink.cpp:

(JSC::FTL::link):

ftl/FTLLocation.cpp:

(JSC::FTL::Location::restoreInto):

ftl/FTLLowerDFGToB3.cpp: Copied from Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp.

(JSC::FTL::DFG::ftlUnreachable):
(JSC::FTL::DFG::LowerDFGToB3::LowerDFGToB3):
(JSC::FTL::DFG::LowerDFGToB3::compileBlock):
(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiGetByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileOverridesHasInstance):
(JSC::FTL::DFG::LowerDFGToB3::isBoolean):
(JSC::FTL::DFG::LowerDFGToB3::unboxBoolean):
(JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
(JSC::FTL::lowerDFGToB3):
(JSC::FTL::DFG::LowerDFGToLLVM::LowerDFGToLLVM): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::compileBlock): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithNegate): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::compileOverridesHasInstance): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::isBoolean): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::unboxBoolean): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier): Deleted.
(JSC::FTL::lowerDFGToLLVM): Deleted.

ftl/FTLLowerDFGToB3.h: Copied from Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.h.
ftl/FTLLowerDFGToLLVM.cpp: Removed.
ftl/FTLLowerDFGToLLVM.h: Removed.
ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

ftl/FTLWeight.h:

(JSC::FTL::Weight::frequencyClass):
(JSC::FTL::Weight::inverse):
(JSC::FTL::Weight::scaleToTotal): Deleted.

ftl/FTLWeightedTarget.h:

(JSC::FTL::rarely):
(JSC::FTL::unsure):

jit/CallFrameShuffler64.cpp:

(JSC::CallFrameShuffler::emitDisplace):

jit/RegisterSet.cpp:

(JSC::RegisterSet::ftlCalleeSaveRegisters):

llvm: Removed.
llvm/InitializeLLVMLinux.cpp: Removed.
llvm/InitializeLLVMWin.cpp: Removed.
llvm/library: Removed.
llvm/library/LLVMTrapCallback.h: Removed.
llvm/library/libllvmForJSC.version: Removed.
runtime/Options.cpp:

(JSC::recomputeDependentOptions):
(JSC::Options::initialize):

runtime/Options.h:
wasm/WASMFunctionB3IRGenerator.h: Copied from Source/JavaScriptCore/wasm/WASMFunctionLLVMIRGenerator.h.
wasm/WASMFunctionLLVMIRGenerator.h: Removed.
wasm/WASMFunctionParser.cpp:

Tools:

Scripts/run-jsc-stress-tests:

8:12 AM Changeset in webkit [196755] by Carlos Garcia Campos

6 edits in trunk/Source/WebKit2

[GTK] Use G_TYPE_ERROR instead of G_TYPE_POINTER for GError parameters of signals
https://bugs.webkit.org/show_bug.cgi?id=153786

Reviewed by Michael Catanzaro.

It's binary compatible and it's needed by binding generator to
properly identify those parameters as GError.

UIProcess/API/gtk/WebKitDownload.cpp:

(webkit_download_class_init):

UIProcess/API/gtk/WebKitPrintOperation.cpp:

(webkit_print_operation_class_init):

UIProcess/API/gtk/WebKitWebResource.cpp:

(webkit_web_resource_class_init):

UIProcess/API/gtk/WebKitWebView.cpp:

(webkit_web_view_class_init):

UIProcess/API/gtk/webkit2marshal.list:

3:31 AM Changeset in webkit [196754] by ryuan.choi@navercorp.com

2 edits
4 moves in trunk/Source/WebKit2

[EFL] Move WebView from CoordinatedGraphics to efl
https://bugs.webkit.org/show_bug.cgi?id=154332

Reviewed by Csaba Osztrogonác.

PlatformEfl.cmake:
UIProcess/efl/WebView.cpp: Renamed from Source/WebKit2/UIProcess/CoordinatedGraphics/WebView.cpp.
UIProcess/efl/WebView.h: Renamed from Source/WebKit2/UIProcess/CoordinatedGraphics/WebView.h.
UIProcess/efl/WebViewClient.cpp: Renamed from Source/WebKit2/UIProcess/CoordinatedGraphics/WebViewClient.cpp.
UIProcess/efl/WebViewClient.h: Renamed from Source/WebKit2/UIProcess/CoordinatedGraphics/WebViewClient.h.

3:13 AM Changeset in webkit [196753] by akling@apple.com

5 edits in trunk/Source/WebCore

Reduce tiling coverage immediately when memory pressure hits.
<https://webkit.org/b/154374>

Reviewed by Simon Fraser.

We already had a policy that reduced tiling coverage to a minimum while the system
is under memory pressure. However, that policy wouldn't kick in immediately after
receiving the pressure notification, but the next time we flush compositing state.

This change makes it happen sooner, improving our chances to escape death!

page/Page.h:
page/Page.cpp:

(WebCore::Page::forEachPage):

Add a little helper for visiting every Page.

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseCriticalMemory):

When under critical memory pressure, schedule a compositing flush in all Pages.
This ensures that the reduced tiling coverage policy takes effect, allowing us to
immediately drop several tiles in each visible web view.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::install):

To ensure that this behavior is testable with the fake memory pressure notification,
make the fake handler set the "in memory pressure" state just like the real one would.
I don't know why we were not doing this previously, it was just an oversight.
After the simulation completes, it schedules a runloop callback that resets the
"in memory pressure" state.

2:34 AM Changeset in webkit [196752] by Csaba Osztrogonác

2 edits in trunk/Source/JavaScriptCore

[cmake] Build system cleanup
https://bugs.webkit.org/show_bug.cgi?id=154337

Reviewed by Žan Doberšek.

CMakeLists.txt:

12:46 AM Changeset in webkit [196751] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Align console prompt with execution context selector
https://bugs.webkit.org/show_bug.cgi?id=154381

Reviewed by Timothy Hatcher.

UserInterface/Views/QuickConsole.css:

(.quick-console > .console-prompt > .CodeMirror):
(.quick-console .execution-context):

12:34 AM Changeset in webkit [196750] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Storage tab navigation bar should fit on a single line
https://bugs.webkit.org/show_bug.cgi?id=152473
<rdar://problem/24023435>

Patch by Devin Rousso <Devin Rousso> on 2016-02-18
Reviewed by Timothy Hatcher.

UserInterface/Base/Utilities.js:

(Number.constrain):
Reworked logic to ensure that the returned value is never less than the
given minimum value.

12:29 AM Changeset in webkit [196749] by Michael Catanzaro

2 edits
1 delete in trunk

[CMake] Remove LLVM support
https://bugs.webkit.org/show_bug.cgi?id=154370

Reviewed by Csaba Osztrogonác.

After switching all CMake ports to B3, this was only needed for the LLVM disassembler, which
has been removed from JSC. Feel free to bring this back if restoring the LLVM disassembler,
but for the time being this is dead code.

Source/cmake/FindLLVM.cmake: Removed.
Source/cmake/OptionsCommon.cmake:

12:28 AM Changeset in webkit [196748] by jh718.park@samsung.com

2 edits in trunk

[CMake] Remove meaningless conditional statements in CMakeLists.txt
https://bugs.webkit.org/show_bug.cgi?id=153778

Reviewed by Csaba Osztrogonác.

CMakeLists.txt:

Use CMAKE_FOO_OUTPUT_DIRECTORY located in CMakeLists.txt as default value.
And remove conditional statements which has enclosed these one
because they don't have meaning anymore.

Feb 17, 2016:

11:25 PM Changeset in webkit [196747] by mmaxfield@apple.com

25 edits
8 adds in trunk

[Font Loading] Implement FontFaceSet
https://bugs.webkit.org/show_bug.cgi?id=153348

Reviewed by Simon Fraser.

Source/WebCore:

The CSS Font Loading spec includes a FontFaceSet object which represents
a collection of FontFaces. This patch implements such an object, and
backs it with a vector of FontFaces. Similarly to the FontFace object,
FontFaceSet is separated into a FontFaceSet frontend object and a
CSSFontFaceSet backend object, which actually owns the FontFace objects.
All the interaction with Promises is performed in the frontend object.

This patch does not implement the EventTarget part of the FontFaceSet
API, so the only way to know when a font is finished loading is by using
the associated Promise objects.

The CSS Font Loading spec describes how the Document should vend an
instance of FontFaceSet which represents the font faces currently
associated with the Document. However, that functionality is
forthcoming. Currently, the only way to get a FontFaceSet is to create
one yourself (using the constructor). Therefore, this patch does not
implement the spec's notion of a "CSS-connected font face."

Test: fast/text/font-face-set-javascript.html

CMakeLists.txt: Add new files.
DerivedSources.make: Ditto.
WebCore.vcxproj/WebCore.vcxproj: Ditto.
WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
WebCore.xcodeproj/project.pbxproj: Ditto.
bindings/js/JSFontFaceSetCustom.cpp: Added.

(WebCore::JSFontFaceSet::ready): Use the Promise member.
(WebCore::JSFontFaceSet::entries): Use existing iterator code.
(WebCore::JSFontFaceSet::keys):
(WebCore::JSFontFaceSet::values):

css/CSSAllInOne.cpp: Add new files.
css/CSSFontFace.cpp: We now have a collection of clients (instead of

just one). Also, we need to keep a pointer to our FontFace wrapper.
(WebCore::CSSFontFace::CSSFontFace):
(WebCore::CSSFontFace::addClient):
(WebCore::CSSFontFace::removeClient):
(WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
more clear.
(WebCore::CSSFontFace::fontLoaded):
(WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
(WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.

css/CSSFontFace.h: Same as above.

(WebCore::CSSFontFace::create):
(WebCore::CSSFontFace::Client::~Client):
(WebCore::CSSFontFace::Client::kick):
(WebCore::CSSFontFace::Client::stateChanged):
(WebCore::CSSFontFace::wrapper):
(WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.

css/CSSFontFaceSet.cpp: Added. Initial imlementation.

(WebCore::CSSFontFaceSet::CSSFontFaceSet):
(WebCore::CSSFontFaceSet::~CSSFontFaceSet):
(WebCore::CSSFontFaceSet::incrementActiveCount):
(WebCore::CSSFontFaceSet::decrementActiveCount):
(WebCore::CSSFontFaceSet::has):
(WebCore::CSSFontFaceSet::add):
(WebCore::CSSFontFaceSet::remove):
(WebCore::extractFamilies):
(WebCore::familiesIntersect): Because this is an initial imlementation,
this function is not optimized. A subsequent patch (which implements
Document.fonts) will optimize this.
(WebCore::CSSFontFaceSet::matchingFaces):
(WebCore::CSSFontFaceSet::load):
(WebCore::CSSFontFaceSet::check):
(WebCore::CSSFontFaceSet::stateChanged):

css/CSSFontFaceSet.h: Added.

(WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
(WebCore::CSSFontFaceSet::size):
(WebCore::CSSFontFaceSet::operator[]):
(WebCore::CSSFontFaceSet::status):

css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::familyNameFromPrimitive):
(WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
(WebCore::CSSFontSelector::addFontFaceRule):
(WebCore::familyNameFromPrimitive): Deleted.
(WebCore::CSSFontSelector::kick): Deleted.

css/CSSFontSelector.h:
css/CSSSegmentedFontFace.cpp:

(WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
(WebCore::CSSSegmentedFontFace::appendFontFace):
(WebCore::CSSSegmentedFontFace::kick):
(WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.

css/CSSSegmentedFontFace.h:
css/FontFace.cpp:

(WebCore::FontFace::FontFace):
(WebCore::FontFace::~FontFace):
(WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
(WebCore::FontFace::kick): Deleted.

css/FontFace.h:
css/FontFaceSet.cpp: Added.

(WebCore::createPromise):
(WebCore::FontFaceSet::FontFaceSet):
(WebCore::FontFaceSet::~FontFaceSet):
(WebCore::FontFaceSet::Iterator::Iterator):
(WebCore::FontFaceSet::Iterator::next):
(WebCore::FontFaceSet::PendingPromise::PendingPromise):
(WebCore::FontFaceSet::PendingPromise::~PendingPromise):
(WebCore::FontFaceSet::has):
(WebCore::FontFaceSet::size):
(WebCore::FontFaceSet::add):
(WebCore::FontFaceSet::remove):
(WebCore::FontFaceSet::clear):
(WebCore::FontFaceSet::load): Most of the complexity of loading is
due to the promises involved. Rather than use the Javascript function
Promise.all(), this patch builds a data structure to represent the
promises which need to be resolved. When fonts finish loading, we look
at the data structure to determine which promises to resolve.
(WebCore::FontFaceSet::check):
(WebCore::FontFaceSet::status):
(WebCore::FontFaceSet::canSuspendForDocumentSuspension):
(WebCore::FontFaceSet::startedLoading):
(WebCore::FontFaceSet::completedLoading):
(WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
(WebCore::FontFaceSet::faceFinished):

css/FontFaceSet.h: Added.

(WebCore::FontFaceSet::create):
(WebCore::FontFaceSet::load):
(WebCore::FontFaceSet::check):
(WebCore::FontFaceSet::createIterator):
(WebCore::FontFaceSet::PendingPromise::create):

css/FontFaceSet.idl: Added.
dom/EventNames.h:
dom/EventTargetFactory.in:

LayoutTests:

fast/text/font-face-set-javascript-expected.txt: Added.
fast/text/font-face-set-javascript.html: Added.

10:37 PM Changeset in webkit [196746] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: In the styles sidebar, Option-clicking on --css-variable should jump to its definition
https://bugs.webkit.org/show_bug.cgi?id=154082
<rdar://problem/24593361>

Patch by Devin Rousso <Devin Rousso> on 2016-02-17
Reviewed by Timothy Hatcher.

UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype.tokenTrackingControllerHighlightedRangeWasClicked.showRangeInSourceCode):
(WebInspector.CSSStyleDeclarationTextEditor.prototype.tokenTrackingControllerHighlightedRangeWasClicked):
Now tests to see if the highlighted token was a CSS variable and if
so, attempts to show the declaration of the CSS variable instead of
the location where it is used.

10:28 PM Changeset in webkit [196745] by mark.lam@apple.com

8 edits in trunk/Source

Callers of JSString::value() should check for exceptions thereafter.
https://bugs.webkit.org/show_bug.cgi?id=154346

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

JSString::value() can throw an exception if the JS string is a rope and value()
needs to resolve the rope but encounters an OutOfMemory error. If value() is not
able to resolve the rope, it will return a null string (in addition to throwing
the exception). If a caller does not check for exceptions after calling
JSString::value(), they may eventually use the returned null string and crash the
VM.

The fix is to add all the necessary exception checks, and do the appropriate
handling if needed.

jsc.cpp:

(functionRun):
(functionLoad):
(functionReadFile):
(functionCheckSyntax):
(functionLoadWebAssembly):
(functionLoadModule):
(functionCheckModuleSyntax):

runtime/DateConstructor.cpp:

(JSC::dateParse):
(JSC::dateNow):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

tools/JSDollarVMPrototype.cpp:

(JSC::functionPrint):

Source/WebCore:

No new tests. The crash that results from this issue is dependent on a race
condition where an OutOfMemory error occurs precisely at the point where the
JSString::value() function is called on a rope JSString.

bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::callHTMLAllCollection):

bindings/js/JSStorageCustom.cpp:

(WebCore::JSStorage::putDelegate):

Added a comment at the site of the exception check to clarify the meaning of the return value.

10:13 PM Changeset in webkit [196744] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

[Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
<http://webkit.org/b/154364>

Reviewed by Alexey Proskuryakov.

platform/mac/SoftLinking.h:

(SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
RELEASE_ASSERT_WITH_MESSAGE().
(SOFT_LINK_FRAMEWORK): Ditto.
(SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
(SOFT_LINK_STAGED_FRAMEWORK): Ditto.
(SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
(SOFT_LINK): Ditto.
(SOFT_LINK_POINTER): Ditto.
(SOFT_LINK_CONSTANT): Ditto.
(SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
optional.

10:03 PM Changeset in webkit [196743] by Nikita Vasilyev

3 edits in trunk/Source/WebInspectorUI

REGRESSION (r196620): Web Inspector: DataGrid headers and resizers are misaligned when the scrollbar is visible
https://bugs.webkit.org/show_bug.cgi?id=154280
<rdar://problem/24670567>

Reviewed by Timothy Hatcher.

Revert back to "overflow-y: overlay".

UserInterface/Views/DataGrid.css:

(.data-grid .data-container):

UserInterface/Views/DatabaseContentView.css:

(.storage-view.query):

9:44 PM Changeset in webkit [196742] by Chris Dumez

4 edits in trunk

Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
https://bugs.webkit.org/show_bug.cgi?id=154357

Reviewed by Alexey Proskuryakov.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Make location.assign() / location.replace()'s parameter mandatory,
as per the specification:
https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface

Previously, calling location.assign() / location.replace() without
parameter would be identical to calling location.assign("undefined") /
location.replace("undefined"), which is not useful.

After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
test location.assign() / location.replace() further because they are now
on the instance (where they should be) instead of the prototype. One of
these tests calls these functions without parameter, expecting them to
throw an exception. However, in WebKit, it would not throw and it would
redirect us to http://w3c-test.org/html/dom/undefined.

Firefox and Chrome both follow the specification already and throw in
this case.

No new tests, already covered by existing test.

page/Location.idl:

Make location.assign() / location.replace()'s parameter mandatory,
as per the specification.

9:27 PM Changeset in webkit [196741] by Nikita Vasilyev

4 edits in trunk/Source/WebInspectorUI

REGRESSION (r196620): Web Inspector: When the scrollbars are always visible, the console prompt is 1px taller
https://bugs.webkit.org/show_bug.cgi?id=154328
<rdar://problem/24692996>

Introduce a CSS variable to ensure that the quick console is the
same height as the bottom right section of the styles sidebar.

Reviewed by Timothy Hatcher.

UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content ~ .options-container):
(.sidebar > .panel.details.css-style > .content ~ .class-list-container):

UserInterface/Views/QuickConsole.css:

(.quick-console):

UserInterface/Views/Variables.css:

(:root):

9:16 PM Changeset in webkit [196740] by commit-queue@webkit.org

10 edits in trunk

Unreviewed, rolling out r196738.
https://bugs.webkit.org/show_bug.cgi?id=154380

broke css3/calc/transforms-translate.html (Requested by
alexchristensen on #webkit).

Reverted changeset:

"WebKitCSSMatrix transformList with calculated relative length
crashes Safari."
https://bugs.webkit.org/show_bug.cgi?id=153333
http://trac.webkit.org/changeset/196738

7:57 PM Changeset in webkit [196739] by commit-queue@webkit.org

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Add Context menu separators to Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154360

Patch by Devin Rousso <Devin Rousso> on 2016-02-17
Reviewed by Joseph Pecoraro.

In the Styles sidebar, there are three main sections for the context menu:

Copy and Duplicate/Show-source
Add pseudo-class rules
Add/Select pseudo-element rules

These three sections were all put together in the same context menu, which
was very crowded as a result. Separators have been added to make it so that
these three sections are now separated and clearly show their different uses.

UserInterface/Views/CSSStyleDeclarationSection.js:

(WebInspector.CSSStyleDeclarationSection.prototype._handleSelectorPaste):

UserInterface/Views/VisualStyleSelectorTreeItem.js:

(WebInspector.VisualStyleSelectorTreeItem.prototype._handleContextMenuEvent):

6:13 PM Changeset in webkit [196738] by dino@apple.com

10 edits in trunk

WebKitCSSMatrix transformList with calculated relative length crashes Safari.
https://bugs.webkit.org/show_bug.cgi?id=153333
<rdar://problem/17198383>

Reviewed by Simon Fraser.

Source/WebCore:

WebKitCSSMatrix objects should fail to construct when not
using absolute lengths.

Updated existing tests:

transforms/cssmatrix-2d-interface.xhtml
transforms/cssmatrix-3d-interface.xhtml

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
that we don't require absolute lengths.

css/TransformFunctions.cpp:

(WebCore::convertToFloatLength): Add an optional parameter that will
cause the conversion to fail if the primitive value has a non-absolute
length.
(WebCore::transformsForValue): Pass the parameter for requiring an
absolute length on to convertToFloatLength when necessary.

css/TransformFunctions.h:
css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
require all transform strings to have absolute lengths, not ones
that depend on the font size or are calculated.

LayoutTests:

Update existing tests to exercise the non-absolute lengths for translation
and perspective functions.

transforms/cssmatrix-2d-interface-expected.txt:
transforms/cssmatrix-2d-interface.xhtml:
transforms/cssmatrix-3d-interface-expected.txt:
transforms/cssmatrix-3d-interface.xhtml:

6:04 PM Changeset in webkit [196737] by Ryan Haddad

3 edits in trunk/Source/WebCore

Unreviewed, rolling out r196712.
https://bugs.webkit.org/show_bug.cgi?id=154371

This change caused 5 API test failures on ios-simulator
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"[iOS] Purge GraphicsServices font cache on memory warning."
https://bugs.webkit.org/show_bug.cgi?id=154343
http://trac.webkit.org/changeset/196712

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-17

5:38 PM Changeset in webkit [196736] by commit-queue@webkit.org

14 edits in trunk/Source/JavaScriptCore

[JSC] ARM64: Support the immediate format used for bit operations in Air
https://bugs.webkit.org/show_bug.cgi?id=154327

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-17
Reviewed by Filip Pizlo.

ARM64 supports a pretty rich form of immediates for bit operation.
There are two formats used to encode repeating patterns and common
input in a dense form.

In this patch, I add 2 new type of Arg: BitImm32 and BitImm64.
Those represents the valid immediate forms for bit operation.
On x86, any 32bits value is valid. On ARM64, all the encoding
form are tried and the immediate is used when possible.

The arg type Imm64 is renamed to BigImm to better represent what
it is: an immediate that does not fit into Imm.

assembler/ARM64Assembler.h:

(JSC::LogicalImmediate::create32): Deleted.
(JSC::LogicalImmediate::create64): Deleted.
(JSC::LogicalImmediate::value): Deleted.
(JSC::LogicalImmediate::isValid): Deleted.
(JSC::LogicalImmediate::is64bit): Deleted.
(JSC::LogicalImmediate::LogicalImmediate): Deleted.
(JSC::LogicalImmediate::mask): Deleted.
(JSC::LogicalImmediate::partialHSB): Deleted.
(JSC::LogicalImmediate::highestSetBit): Deleted.
(JSC::LogicalImmediate::findBitRange): Deleted.
(JSC::LogicalImmediate::encodeLogicalImmediate): Deleted.

assembler/AssemblerCommon.h:

(JSC::ARM64LogicalImmediate::create32):
(JSC::ARM64LogicalImmediate::create64):
(JSC::ARM64LogicalImmediate::value):
(JSC::ARM64LogicalImmediate::isValid):
(JSC::ARM64LogicalImmediate::is64bit):
(JSC::ARM64LogicalImmediate::ARM64LogicalImmediate):
(JSC::ARM64LogicalImmediate::mask):
(JSC::ARM64LogicalImmediate::partialHSB):
(JSC::ARM64LogicalImmediate::highestSetBit):
(JSC::ARM64LogicalImmediate::findBitRange):
(JSC::ARM64LogicalImmediate::encodeLogicalImmediate):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::and64):
(JSC::MacroAssemblerARM64::or64):
(JSC::MacroAssemblerARM64::xor64):

b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::bitImm):
(JSC::B3::Air::LowerToAir::bitImm64):
(JSC::B3::Air::LowerToAir::appendBinOp):

b3/air/AirArg.cpp:

(JSC::B3::Air::Arg::dump):
(WTF::printInternal):

b3/air/AirArg.h:

(JSC::B3::Air::Arg::bitImm):
(JSC::B3::Air::Arg::bitImm64):
(JSC::B3::Air::Arg::isBitImm):
(JSC::B3::Air::Arg::isBitImm64):
(JSC::B3::Air::Arg::isSomeImm):
(JSC::B3::Air::Arg::value):
(JSC::B3::Air::Arg::isGP):
(JSC::B3::Air::Arg::isFP):
(JSC::B3::Air::Arg::hasType):
(JSC::B3::Air::Arg::isValidBitImmForm):
(JSC::B3::Air::Arg::isValidBitImm64Form):
(JSC::B3::Air::Arg::isValidForm):
(JSC::B3::Air::Arg::asTrustedImm32):
(JSC::B3::Air::Arg::asTrustedImm64):

b3/air/AirOpcode.opcodes:
b3/air/opcode_generator.rb:

5:25 PM Changeset in webkit [196735] by beidson@apple.com

11 edits
4 moves in trunk/Source/WebKit2

Modern IDB: Rename some "UniqueIDBDatabase" classes that conflict with new classes in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=154363.

Reviewed by Alex Christensen.

Adding "Legacy" to the front of the name fixes problems for now.

And all of this gunk will go away after Modern IDB is done, anyways.

CMakeLists.txt:
DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::getOrCreateLegacyUniqueIDBDatabase):
(WebKit::DatabaseProcess::removeLegacyUniqueIDBDatabase):
(WebKit::DatabaseProcess::getOrCreateUniqueIDBDatabase): Deleted.
(WebKit::DatabaseProcess::removeUniqueIDBDatabase): Deleted.

DatabaseProcess/DatabaseProcess.h:
DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp:

(WebKit::DatabaseProcessIDBConnection::establishConnection):

DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h:
DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.cpp: Renamed from Source/WebKit2/DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp.

(WebKit::LegacyUniqueIDBDatabase::calculateAbsoluteDatabaseFilename):
(WebKit::LegacyUniqueIDBDatabase::LegacyUniqueIDBDatabase):
(WebKit::LegacyUniqueIDBDatabase::~LegacyUniqueIDBDatabase):
(WebKit::LegacyUniqueIDBDatabase::filenameForDatabaseName):
(WebKit::LegacyUniqueIDBDatabase::databaseFilenameIdentifier):
(WebKit::LegacyUniqueIDBDatabase::canShareDatabases):
(WebKit::LegacyUniqueIDBDatabase::registerConnection):
(WebKit::LegacyUniqueIDBDatabase::unregisterConnection):
(WebKit::LegacyUniqueIDBDatabase::shutdown):
(WebKit::LegacyUniqueIDBDatabase::shutdownBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didShutdownBackingStore):
(WebKit::LegacyUniqueIDBDatabase::deleteDatabase):
(WebKit::LegacyUniqueIDBDatabase::getOrEstablishIDBDatabaseMetadata):
(WebKit::LegacyUniqueIDBDatabase::openBackingStoreAndReadMetadata):
(WebKit::LegacyUniqueIDBDatabase::didOpenBackingStoreAndReadMetadata):
(WebKit::LegacyUniqueIDBDatabase::openTransaction):
(WebKit::LegacyUniqueIDBDatabase::beginTransaction):
(WebKit::LegacyUniqueIDBDatabase::commitTransaction):
(WebKit::LegacyUniqueIDBDatabase::resetTransaction):
(WebKit::LegacyUniqueIDBDatabase::rollbackTransaction):
(WebKit::LegacyUniqueIDBDatabase::postTransactionOperation):
(WebKit::LegacyUniqueIDBDatabase::didCompleteTransactionOperation):
(WebKit::LegacyUniqueIDBDatabase::changeDatabaseVersion):
(WebKit::LegacyUniqueIDBDatabase::didChangeDatabaseVersion):
(WebKit::LegacyUniqueIDBDatabase::didCreateObjectStore):
(WebKit::LegacyUniqueIDBDatabase::didDeleteObjectStore):
(WebKit::LegacyUniqueIDBDatabase::didClearObjectStore):
(WebKit::LegacyUniqueIDBDatabase::didCreateIndex):
(WebKit::LegacyUniqueIDBDatabase::didDeleteIndex):
(WebKit::LegacyUniqueIDBDatabase::didCompleteBoolRequest):
(WebKit::LegacyUniqueIDBDatabase::createObjectStore):
(WebKit::LegacyUniqueIDBDatabase::deleteObjectStore):
(WebKit::LegacyUniqueIDBDatabase::clearObjectStore):
(WebKit::LegacyUniqueIDBDatabase::createIndex):
(WebKit::LegacyUniqueIDBDatabase::deleteIndex):
(WebKit::LegacyUniqueIDBDatabase::putRecord):
(WebKit::LegacyUniqueIDBDatabase::getRecord):
(WebKit::LegacyUniqueIDBDatabase::openCursor):
(WebKit::LegacyUniqueIDBDatabase::cursorAdvance):
(WebKit::LegacyUniqueIDBDatabase::cursorIterate):
(WebKit::LegacyUniqueIDBDatabase::count):
(WebKit::LegacyUniqueIDBDatabase::deleteRange):
(WebKit::LegacyUniqueIDBDatabase::openBackingStoreTransaction):
(WebKit::LegacyUniqueIDBDatabase::beginBackingStoreTransaction):
(WebKit::LegacyUniqueIDBDatabase::commitBackingStoreTransaction):
(WebKit::LegacyUniqueIDBDatabase::resetBackingStoreTransaction):
(WebKit::LegacyUniqueIDBDatabase::rollbackBackingStoreTransaction):
(WebKit::LegacyUniqueIDBDatabase::changeDatabaseVersionInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::createObjectStoreInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::deleteObjectStoreInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::clearObjectStoreInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::createIndexInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::deleteIndexInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::putRecordInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didPutRecordInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::getRecordFromBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didGetRecordFromBackingStore):
(WebKit::LegacyUniqueIDBDatabase::openCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didOpenCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::advanceCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didAdvanceCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::iterateCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didIterateCursorInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::countInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didCountInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::deleteRangeInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didDeleteRangeInBackingStore):
(WebKit::LegacyUniqueIDBDatabase::didEstablishTransaction):
(WebKit::LegacyUniqueIDBDatabase::didResetTransaction):
(WebKit::LegacyUniqueIDBDatabase::resetAllTransactions):
(WebKit::LegacyUniqueIDBDatabase::finalizeRollback):
(WebKit::LegacyUniqueIDBDatabase::absoluteDatabaseDirectory):
(WebKit::LegacyUniqueIDBDatabase::postMainThreadTask):
(WebKit::LegacyUniqueIDBDatabase::performNextMainThreadTask):
(WebKit::LegacyUniqueIDBDatabase::postDatabaseTask):
(WebKit::LegacyUniqueIDBDatabase::performNextDatabaseTask):

DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.h: Renamed from Source/WebKit2/DatabaseProcess/IndexedDB/UniqueIDBDatabase.h.

(WebKit::LegacyUniqueIDBDatabase::create):
(WebKit::LegacyUniqueIDBDatabase::identifier):

DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.cpp: Renamed from Source/WebKit2/DatabaseProcess/IndexedDB/UniqueIDBDatabaseIdentifier.cpp.

(WebKit::LegacyUniqueIDBDatabaseIdentifier::LegacyUniqueIDBDatabaseIdentifier):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::isHashTableDeletedValue):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::hash):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::isNull):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::isolatedCopy):
(WebKit::operator==):

DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.h: Renamed from Source/WebKit2/DatabaseProcess/IndexedDB/UniqueIDBDatabaseIdentifier.h.

(WebKit::LegacyUniqueIDBDatabaseIdentifier::databaseName):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::openingOrigin):
(WebKit::LegacyUniqueIDBDatabaseIdentifier::mainFrameOrigin):
(WebKit::LegacyUniqueIDBDatabaseIdentifierHash::hash):
(WebKit::LegacyUniqueIDBDatabaseIdentifierHash::equal):
(WebKit::LegacyUniqueIDBDatabaseIdentifierHashTraits::isEmptyValue):

DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:

(WebKit::UniqueIDBDatabaseBackingStoreSQLite::UniqueIDBDatabaseBackingStoreSQLite):
(WebKit::UniqueIDBDatabaseBackingStoreSQLite::getOrEstablishMetadata):

DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.h:
Shared/WebCrossThreadCopier.cpp:

(WebCore::LegacyUniqueIDBDatabaseIdentifier>::copy):
(WebCore::UniqueIDBDatabaseIdentifier>::copy): Deleted.

Shared/WebCrossThreadCopier.h:
WebKit2.xcodeproj/project.pbxproj:

5:17 PM Changeset in webkit [196734] by keith_miller@apple.com

14 edits
1 add in trunk

Spread operator should be allowed when not the first argument of parameter list
https://bugs.webkit.org/show_bug.cgi?id=152721

Reviewed by Saam Barati.

Source/JavaScriptCore:

Spread arguments to functions should now be ES6 compliant. Before we
would only take a spread operator if it was the sole argument to a
function. Additionally, we would not use the Symbol.iterator on the
object to generate the arguments. Instead we would do a loop up to the
length mapping indexed properties to the corresponding argument. We fix
both these issues by doing an AST transformation from foo(...a, b, ...c, d)
to foo(...[...a, b, ...c, d]) (where the spread on the rhs uses the
old spread semantics). This solution has the downside of requiring the
allocation of another object and copying each element twice but avoids a
large change to the vm calling convention.

interpreter/Interpreter.cpp:

(JSC::loadVarargs):

parser/ASTBuilder.h:

(JSC::ASTBuilder::createElementList):

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseArguments):
(JSC::Parser<LexerType>::parseArgument):
(JSC::Parser<LexerType>::parseMemberExpression):

parser/Parser.h:
parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createElementList):

tests/es6.yaml:
tests/stress/spread-calling.js: Added.

(testFunction):
(testEmpty):
(makeObject):
(otherIterator.return.next):
(otherIterator):
(totalIter):
(throwingIter.return.next):
(throwingIter):
(i.catch):

LayoutTests:

Update tests with new semantics of spread calling. Additionally,
adjust benchmarks to run in a more reasonable time now that
spread is implemented correctly.

js/basic-spread-expected.txt:
js/parser-syntax-check-expected.txt:
js/regress/script-tests/deltablue-varargs.js:

(deltaBlue):

js/regress/script-tests/varargs-construct.js:
js/script-tests/basic-spread.js:
js/script-tests/parser-syntax-check.js:

5:05 PM Changeset in webkit [196733] by BJ Burg

2 edits in trunk/Source/JavaScriptCore

Remove a wrong cast in RemoteInspector::receivedSetupMessage
https://bugs.webkit.org/show_bug.cgi?id=154361
<rdar://problem/24709281>

Reviewed by Joseph Pecoraro.

inspector/remote/RemoteInspector.mm:

(Inspector::RemoteInspector::receivedSetupMessage):
Not only is this cast unnecessary (the constructor accepts the base class),
but it is wrong since the target could be an automation target. Remove it.

5:03 PM Changeset in webkit [196732] by andersca@apple.com

5 edits in trunk/Source/WebKit2

Remove WebContextSupplement::shouldTerminate, it's no longer used
https://bugs.webkit.org/show_bug.cgi?id=154367

Reviewed by Sam Weinig.

UIProcess/WebContextSupplement.h:

(WebKit::WebContextSupplement::shouldTerminate): Deleted.

UIProcess/WebCookieManagerProxy.cpp:

(WebKit::WebCookieManagerProxy::shouldTerminate): Deleted.

UIProcess/WebCookieManagerProxy.h:
UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::shouldTerminate): Deleted.

4:42 PM Changeset in webkit [196731] by fpizlo@apple.com

5 edits
3 moves in trunk/Source/JavaScriptCore

Rename FTLB3Blah to FTLBlah
https://bugs.webkit.org/show_bug.cgi?id=154365

Rubber stamped by Geoffrey Garen, Benjamin Poulain, Awesome Kling, and Saam Barati.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
ftl/FTLB3Compile.cpp: Removed.
ftl/FTLB3Output.cpp: Removed.
ftl/FTLB3Output.h: Removed.
ftl/FTLCompile.cpp: Copied from Source/JavaScriptCore/ftl/FTLB3Compile.cpp.
ftl/FTLOutput.cpp: Copied from Source/JavaScriptCore/ftl/FTLB3Output.cpp.
ftl/FTLOutput.h: Copied from Source/JavaScriptCore/ftl/FTLB3Output.h.

4:37 PM Changeset in webkit [196730] by BJ Burg

2 edits in trunk/Source/WebKit2

RemoteInspector deadlocks if _WKAutomationDelegate creates/registers a target synchronously
https://bugs.webkit.org/show_bug.cgi?id=154359
<rdar://problem/24708897>

Reviewed by Joseph Pecoraro.

RemoteInspector always grabs a lock whenever receiving or sending XPC messages. If it
forwards a new session request via _WKAutomationDelegate, and the client synchronously
creates and registers a session, then RemoteInspector will try to grab the lock again
while adding the session to its registry, causing a deadlock.

UIProcess/Cocoa/AutomationClient.mm:

(WebKit::AutomationClient::requestAutomationSession): Add a dispatch_async() to
protect clients from accidentally deadlocking. They shouldn't have to care about
RemoteInspector's locking mechanisms.

4:11 PM Changeset in webkit [196729] by fpizlo@apple.com

52 edits
57 deletes in trunk

Remove LLVM dependencies from WebKit
https://bugs.webkit.org/show_bug.cgi?id=154323

Reviewed by Antti Koivisto and Benjamin Poulain.

Source/JavaScriptCore:

We have switched all ports that use the FTL JIT to using B3 as the backend. This renders all
LLVM-related code dead, including the disassembler, which was only reachable when you were on
a platform that already had an in-tree disassembler.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGCommon.h:
dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::compileTimeStats):

disassembler/ARM64Disassembler.cpp:

(JSC::tryToDisassemble):

disassembler/ARMv7Disassembler.cpp:

(JSC::tryToDisassemble):

disassembler/Disassembler.cpp:

(JSC::disassemble):
(JSC::disassembleAsynchronously):

disassembler/Disassembler.h:

(JSC::tryToDisassemble):

disassembler/LLVMDisassembler.cpp: Removed.
disassembler/LLVMDisassembler.h: Removed.
disassembler/UDis86Disassembler.cpp:

(JSC::tryToDisassembleWithUDis86):

disassembler/UDis86Disassembler.h:

(JSC::tryToDisassembleWithUDis86):

disassembler/X86Disassembler.cpp:

(JSC::tryToDisassemble):

ftl/FTLAbbreviatedTypes.h:
ftl/FTLAbbreviations.h: Removed.
ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::decorateInstruction):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractField::dump):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::~IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::dump):
(JSC::FTL::NumberedAbstractHeap::NumberedAbstractHeap):
(JSC::FTL::NumberedAbstractHeap::dump):
(JSC::FTL::AbsoluteAbstractHeap::AbsoluteAbstractHeap):
(JSC::FTL::AbstractHeap::tbaaMetadataSlow): Deleted.

ftl/FTLAbstractHeap.h:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::NumberedAbstractHeap::atAnyNumber):
(JSC::FTL::AbsoluteAbstractHeap::atAnyAddress):
(JSC::FTL::AbstractHeap::tbaaMetadata): Deleted.

ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):

ftl/FTLAbstractHeapRepository.h:
ftl/FTLB3Compile.cpp:
ftl/FTLB3Output.cpp:

(JSC::FTL::Output::Output):
(JSC::FTL::Output::check):
(JSC::FTL::Output::load):
(JSC::FTL::Output::store):

ftl/FTLB3Output.h:
ftl/FTLCommonValues.cpp:

(JSC::FTL::CommonValues::CommonValues):
(JSC::FTL::CommonValues::initializeConstants):

ftl/FTLCommonValues.h:

(JSC::FTL::CommonValues::initialize): Deleted.

ftl/FTLCompile.cpp: Removed.
ftl/FTLCompileBinaryOp.cpp: Removed.
ftl/FTLCompileBinaryOp.h: Removed.
ftl/FTLDWARFDebugLineInfo.cpp: Removed.
ftl/FTLDWARFDebugLineInfo.h: Removed.
ftl/FTLDWARFRegister.cpp: Removed.
ftl/FTLDWARFRegister.h: Removed.
ftl/FTLDataSection.cpp: Removed.
ftl/FTLDataSection.h: Removed.
ftl/FTLExceptionHandlerManager.cpp: Removed.
ftl/FTLExceptionHandlerManager.h: Removed.
ftl/FTLExceptionTarget.cpp:
ftl/FTLExceptionTarget.h:
ftl/FTLExitThunkGenerator.cpp: Removed.
ftl/FTLExitThunkGenerator.h: Removed.
ftl/FTLFail.cpp:

(JSC::FTL::fail):

ftl/FTLInlineCacheDescriptor.h: Removed.
ftl/FTLInlineCacheSize.cpp: Removed.
ftl/FTLInlineCacheSize.h: Removed.
ftl/FTLIntrinsicRepository.cpp: Removed.
ftl/FTLIntrinsicRepository.h: Removed.
ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::~JITCode):
(JSC::FTL::JITCode::initializeB3Code):
(JSC::FTL::JITCode::initializeB3Byproducts):
(JSC::FTL::JITCode::initializeAddressForCall):
(JSC::FTL::JITCode::contains):
(JSC::FTL::JITCode::ftl):
(JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
(JSC::FTL::JITCode::initializeExitThunks): Deleted.
(JSC::FTL::JITCode::addHandle): Deleted.
(JSC::FTL::JITCode::addDataSection): Deleted.
(JSC::FTL::JITCode::exitThunks): Deleted.

ftl/FTLJITCode.h:

(JSC::FTL::JITCode::b3Code):
(JSC::FTL::JITCode::handles): Deleted.
(JSC::FTL::JITCode::dataSections): Deleted.

ftl/FTLJITFinalizer.cpp:

(JSC::FTL::JITFinalizer::codeSize):
(JSC::FTL::JITFinalizer::finalizeFunction):

ftl/FTLJITFinalizer.h:
ftl/FTLJSCall.cpp: Removed.
ftl/FTLJSCall.h: Removed.
ftl/FTLJSCallBase.cpp: Removed.
ftl/FTLJSCallBase.h: Removed.
ftl/FTLJSCallVarargs.cpp: Removed.
ftl/FTLJSCallVarargs.h: Removed.
ftl/FTLJSTailCall.cpp: Removed.
ftl/FTLJSTailCall.h: Removed.
ftl/FTLLazySlowPath.cpp:

(JSC::FTL::LazySlowPath::LazySlowPath):
(JSC::FTL::LazySlowPath::generate):

ftl/FTLLazySlowPath.h:

(JSC::FTL::LazySlowPath::createGenerator):
(JSC::FTL::LazySlowPath::patchableJump):
(JSC::FTL::LazySlowPath::done):
(JSC::FTL::LazySlowPath::usedRegisters):
(JSC::FTL::LazySlowPath::callSiteIndex):
(JSC::FTL::LazySlowPath::stub):
(JSC::FTL::LazySlowPath::patchpoint): Deleted.

ftl/FTLLink.cpp:

(JSC::FTL::link):

ftl/FTLLocation.cpp:

(JSC::FTL::Location::forValueRep):
(JSC::FTL::Location::dump):
(JSC::FTL::Location::forStackmaps): Deleted.

ftl/FTLLocation.h:

(JSC::FTL::Location::forRegister):
(JSC::FTL::Location::forIndirect):
(JSC::FTL::Location::forConstant):
(JSC::FTL::Location::kind):
(JSC::FTL::Location::hasReg):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::DFG::LowerDFGToLLVM::lower):
(JSC::FTL::DFG::LowerDFGToLLVM::createPhiVariables):
(JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
(JSC::FTL::DFG::LowerDFGToLLVM::compileUpsilon):
(JSC::FTL::DFG::LowerDFGToLLVM::compilePhi):
(JSC::FTL::DFG::LowerDFGToLLVM::compileDoubleConstant):
(JSC::FTL::DFG::LowerDFGToLLVM::compileValueAdd):
(JSC::FTL::DFG::LowerDFGToLLVM::compileStrCat):
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithDiv):
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitAnd):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitOr):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitXor):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitRShift):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitLShift):
(JSC::FTL::DFG::LowerDFGToLLVM::compileBitURShift):
(JSC::FTL::DFG::LowerDFGToLLVM::compilePutById):
(JSC::FTL::DFG::LowerDFGToLLVM::compileGetButterfly):
(JSC::FTL::DFG::LowerDFGToLLVM::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToLLVM::compileTailCall):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToLLVM::compileLoadVarargs):
(JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
(JSC::FTL::DFG::LowerDFGToLLVM::compileIsUndefined):
(JSC::FTL::DFG::LowerDFGToLLVM::compileIn):
(JSC::FTL::DFG::LowerDFGToLLVM::getById):
(JSC::FTL::DFG::LowerDFGToLLVM::loadButterflyWithBarrier):
(JSC::FTL::DFG::LowerDFGToLLVM::stringsEqual):
(JSC::FTL::DFG::LowerDFGToLLVM::emitRightShiftSnippet):
(JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
(JSC::FTL::DFG::LowerDFGToLLVM::lazySlowPath):
(JSC::FTL::DFG::LowerDFGToLLVM::speculate):
(JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
(JSC::FTL::DFG::LowerDFGToLLVM::preparePatchpointForExceptions):
(JSC::FTL::DFG::LowerDFGToLLVM::lowBlock):
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
(JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
(JSC::FTL::DFG::LowerDFGToLLVM::exitValueForAvailability):
(JSC::FTL::DFG::LowerDFGToLLVM::exitValueForNode):
(JSC::FTL::DFG::LowerDFGToLLVM::probe):
(JSC::FTL::DFG::LowerDFGToLLVM::crash):
(JSC::FTL::DFG::LowerDFGToLLVM::compileUntypedBinaryOp): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::callStackmap): Deleted.

ftl/FTLOSRExit.cpp:

(JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
(JSC::FTL::OSRExitDescriptor::validateReferences):
(JSC::FTL::OSRExitDescriptor::emitOSRExit):
(JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
(JSC::FTL::OSRExit::OSRExit):
(JSC::FTL::OSRExit::codeLocationForRepatch):
(JSC::FTL::OSRExit::gatherRegistersToSpillForCallIfException): Deleted.
(JSC::FTL::OSRExit::spillRegistersToSpillSlot): Deleted.
(JSC::FTL::OSRExit::recoverRegistersFromSpillSlot): Deleted.
(JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck): Deleted.
(JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation): Deleted.
(JSC::FTL::OSRExit::needsRegisterRecoveryOnGenericUnwindOSRExitPath): Deleted.

ftl/FTLOSRExit.h:

(JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
(JSC::FTL::OSRExitDescriptorImpl::OSRExitDescriptorImpl): Deleted.

ftl/FTLOSRExitCompilationInfo.h: Removed.
ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileRecovery):
(JSC::FTL::compileStub):
(JSC::FTL::compileFTLOSRExit):

ftl/FTLOSRExitHandle.cpp:
ftl/FTLOSRExitHandle.h:
ftl/FTLOutput.cpp: Removed.
ftl/FTLOutput.h: Removed.
ftl/FTLPatchpointExceptionHandle.cpp:
ftl/FTLPatchpointExceptionHandle.h:
ftl/FTLStackMaps.cpp: Removed.
ftl/FTLStackMaps.h: Removed.
ftl/FTLState.cpp:

(JSC::FTL::State::State):
(JSC::FTL::State::~State):
(JSC::FTL::State::dumpState): Deleted.

ftl/FTLState.h:
ftl/FTLUnwindInfo.cpp: Removed.
ftl/FTLUnwindInfo.h: Removed.
ftl/FTLValueRange.cpp:

(JSC::FTL::ValueRange::decorateInstruction):

ftl/FTLValueRange.h:

(JSC::FTL::ValueRange::ValueRange):
(JSC::FTL::ValueRange::begin):
(JSC::FTL::ValueRange::end):

ftl/FTLWeight.h:

(JSC::FTL::Weight::value):
(JSC::FTL::Weight::frequencyClass):
(JSC::FTL::Weight::scaleToTotal):

llvm/InitializeLLVM.cpp: Removed.
llvm/InitializeLLVM.h: Removed.
llvm/InitializeLLVMMac.cpp: Removed.
llvm/InitializeLLVMPOSIX.cpp: Removed.
llvm/InitializeLLVMPOSIX.h: Removed.
llvm/LLVMAPI.cpp: Removed.
llvm/LLVMAPI.h: Removed.
llvm/LLVMAPIFunctions.h: Removed.
llvm/LLVMHeaders.h: Removed.
llvm/library/LLVMAnchor.cpp: Removed.
llvm/library/LLVMExports.cpp: Removed.
llvm/library/LLVMOverrides.cpp: Removed.
llvm/library/config_llvm.h: Removed.

Source/WTF:

wtf/Platform.h:

Tools:

Scripts/copy-webkitlibraries-to-product-directory:

(isContentOfFileEqualToString):
(fileContains): Deleted.
(buildLLVM): Deleted.
(symlinkLLVMLibrariesIfNeeded): Deleted.

WebKitLibraries:

LLVMIncludesElCapitan.tar.bz2: Removed.
LLVMIncludesIOS9.tar.bz2: Removed.
LLVMIncludesMavericks.tar.bz2: Removed.
LLVMIncludesYosemite.tar.bz2: Removed.
LLVMLibrariesElCapitan.tar.bz2: Removed.
LLVMLibrariesIOS9.tar.bz2: Removed.
LLVMLibrariesMavericks.tar.bz2: Removed.
LLVMLibrariesYosemite.tar.bz2: Removed.

3:45 PM Changeset in webkit [196728] by andersca@apple.com

3 edits in trunk/Source/WebKit2

Remove an unused function
https://bugs.webkit.org/show_bug.cgi?id=154358

Reviewed by Sam Weinig.

Platform/cg/CGUtilities.cpp:

(WebKit::paintBitmapContext): Deleted.

Platform/cg/CGUtilities.h:

3:36 PM Changeset in webkit [196727] by Ryan Haddad

1 edit
2 adds in trunk/LayoutTests

Add ios-simulator baseline for new W3C HTML tests added with r196710

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt: Added.
platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt: Added.

3:35 PM Changeset in webkit [196726] by commit-queue@webkit.org

6 edits
2 adds in trunk/Source/JavaScriptCore

[JSC] Remove the overflow check on ArithAbs when possible
https://bugs.webkit.org/show_bug.cgi?id=154325

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-17
Reviewed by Filip Pizlo.

This patch adds support for ArithMode for ArithAbs.

It is useful for kraken tests where Math.abs() is used
on values for which the range is known.

For example, imaging-gaussian-blur has two Math.abs() with
integers that are always in a small range around zero.
The IntegerRangeOptimizationPhase detects the range correctly
so we can just update the ArithMode depending on the input.

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGIntegerRangeOptimizationPhase.cpp:
dfg/DFGNode.h:

(JSC::DFG::Node::convertToArithNegate):
(JSC::DFG::Node::hasArithMode):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileArithAbs):

tests/stress/arith-abs-integer-range-optimization.js: Added.

(negativeRange):
(negativeRangeIncludingZero):
(negativeRangeWithOverflow):
(positiveRange):
(positiveRangeIncludingZero):
(rangeWithoutOverflow):

tests/stress/arith-abs-with-bitwise-or-zero.js: Added.

(opaqueAbs):

3:25 PM Changeset in webkit [196725] by beidson@apple.com

10 edits in trunk/Source

Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
https://bugs.webkit.org/show_bug.cgi?id=154356

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.

Source/WebCore:

Modules/indexeddb/shared/IDBDatabaseInfo.h:

(WebCore::IDBDatabaseInfo::encode):
(WebCore::IDBDatabaseInfo::decode):

Modules/indexeddb/shared/IDBError.h:

(WebCore::IDBError::encode):
(WebCore::IDBError::decode):

Modules/indexeddb/shared/IDBRequestData.h:

(WebCore::IDBRequestData::decode):

Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::encode):
(WebCore::IDBResultData::decode):

Source/WebKit2:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:

(WebKit::WebIDBConnectionToClient::didDeleteDatabase):
(WebKit::WebIDBConnectionToClient::didOpenDatabase):
(WebKit::WebIDBConnectionToClient::didAbortTransaction):
(WebKit::WebIDBConnectionToClient::didCommitTransaction):
(WebKit::WebIDBConnectionToClient::didCreateObjectStore):
(WebKit::WebIDBConnectionToClient::didDeleteObjectStore):
(WebKit::WebIDBConnectionToClient::didClearObjectStore):
(WebKit::WebIDBConnectionToClient::didCreateIndex):
(WebKit::WebIDBConnectionToClient::didDeleteIndex):
(WebKit::WebIDBConnectionToClient::didPutOrAdd):
(WebKit::WebIDBConnectionToClient::didGetRecord):
(WebKit::WebIDBConnectionToClient::didGetCount):
(WebKit::WebIDBConnectionToClient::didDeleteRecord):
(WebKit::WebIDBConnectionToClient::didOpenCursor):
(WebKit::WebIDBConnectionToClient::didIterateCursor):
(WebKit::WebIDBConnectionToClient::fireVersionChangeEvent):
(WebKit::WebIDBConnectionToClient::didStartTransaction):
(WebKit::WebIDBConnectionToClient::notifyOpenDBRequestBlocked):

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:
WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.messages.in:

3:11 PM Changeset in webkit [196724] by achristensen@apple.com

2 edits in trunk/Source/WebKit2

Fix GTK build after r196720.

UIProcess/API/gtk/WebKitUIClient.cpp:

2:59 PM Changeset in webkit [196723] by Chris Dumez

3 edits
2 adds in trunk

SES selftest page crashes on nightly r196694
https://bugs.webkit.org/show_bug.cgi?id=154350
<rdar://problem/24704334>

Reviewed by Mark Lam.

Source/JavaScriptCore:

SES selftest page crashes after r196001 / r196145 when calling
Object.getOwnPropertyDescriptor(window, "length") after the window
has been reified and "length" has been shadowed by a value property.

It was crashing in JSObject::getOwnPropertyDescriptor() because
we are getting a slot that has attribute "CustomAccessor" but
the property is not a CustomGetterSetter. In this case, since
window.length is [Replaceable] and has been set to a numeric value,
it makes that the property is not a CustomGetterSetter. However,
the "CustomAccessor" attribute should have been dropped from the
slot when window.length was shadowed. Therefore, this code path
should not be exercised at all when calling
getOwnPropertyDescriptor().

The issue was that putDirectInternal() was updating the slot
attributes only if the "Accessor" flag has changed, but not
the "customAccessor" flag. This patch fixes the issue.

runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):

LayoutTests:

Add test coverage for the crash which happens when shadowing window.length
with a value after the window property and then calling
Object.getOwnPropertyDescriptor(window, "length").

js/window-length-getOwnPropertyDescriptor-crash-expected.txt: Added.
js/window-length-getOwnPropertyDescriptor-crash.html: Added.

2:11 PM Changeset in webkit [196722] by sbarati@apple.com

36 edits
8 adds in trunk/Source

Implement Proxy Get?
https://bugs.webkit.org/show_bug.cgi?id=154081

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch implements ProxyObject and ProxyConstructor. Their
implementations are straight forward and follow the spec.
The largest change in this patch is adding a second parameter
to PropertySlot's constructor that specifies the internal method type of
the getOwnPropertySlot inquiry. We use getOwnPropertySlot to
implement more than one Internal Method in the spec. Because
of this, we need InternalMethodType to give us context about
which Internal Method we're executing. Specifically, Proxy will
call into different handlers based on this information.

InternalMethodType is an enum with the following values:

Get This corresponds to Get? internal method in the spec.
GetOwnProperty This corresponds to GetOwnProperty? internal method in the spec.
HasProperty This corresponds to HasProperty? internal method in the spec.
VMInquiry This is basically everything else that isn't one of the above types. This value also mandates that getOwnPropertySlot does not perform any user observable effects. I.e, it can't call a JS function.

The other non-VMInquiry InternalMethodTypes are allowed to perform user
observable effects. I.e, in future patches, ProxyObject will implement
InternalMethodType::HasProperty and InternalMethodType::GetOwnProperty, which will both be defined
to call user defined JS functions, which clearly have the right to perform
user observable effects.

This patch implements getOwnPropertySlot of ProxyObject under
InternalMethodType::Get.

API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::put):
(JSC::JSCallbackObject<Parent>::staticFunctionGetter):

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::caughtValue):

interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

runtime/ArrayPrototype.cpp:

(JSC::getProperty):

runtime/CommonIdentifiers.h:
runtime/JSCJSValueInlines.h:

(JSC::JSValue::get):

runtime/JSFunction.cpp:

(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):

runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewWithArguments):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::defineOwnProperty):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::regExpMatchesArrayStructure):
(JSC::JSGlobalObject::moduleRecordStructure):
(JSC::JSGlobalObject::moduleNamespaceObjectStructure):
(JSC::JSGlobalObject::proxyObjectStructure):
(JSC::JSGlobalObject::wasmModuleStructure):

runtime/JSModuleEnvironment.cpp:

(JSC::JSModuleEnvironment::getOwnPropertySlot):

runtime/JSModuleNamespaceObject.cpp:

(JSC::callbackGetter):

runtime/JSONObject.cpp:

(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):

runtime/JSObject.cpp:

(JSC::JSObject::calculatedClassName):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::hasProperty):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::hasOwnProperty):
(JSC::JSObject::getOwnPropertyDescriptor):

runtime/JSObject.h:

(JSC::JSObject::getDirectIndex):
(JSC::JSObject::get):

runtime/JSScope.cpp:

(JSC::abstractAccess):

runtime/ObjectConstructor.cpp:

(JSC::toPropertyDescriptor):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
(JSC::objectProtoFuncToString):

runtime/PropertySlot.h:

(JSC::attributesForStructure):
(JSC::PropertySlot::PropertySlot):
(JSC::PropertySlot::isCacheableGetter):
(JSC::PropertySlot::isCacheableCustom):
(JSC::PropertySlot::internalMethodType):
(JSC::PropertySlot::disableCaching):
(JSC::PropertySlot::getValue):

runtime/ProxyConstructor.cpp: Added.

(JSC::ProxyConstructor::create):
(JSC::ProxyConstructor::ProxyConstructor):
(JSC::ProxyConstructor::finishCreation):
(JSC::constructProxyObject):
(JSC::ProxyConstructor::getConstructData):
(JSC::ProxyConstructor::getCallData):

runtime/ProxyConstructor.h: Added.

(JSC::ProxyConstructor::createStructure):

runtime/ProxyObject.cpp: Added.

(JSC::ProxyObject::ProxyObject):
(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::getOwnPropertySlot):
(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::ProxyObject::visitChildren):

runtime/ProxyObject.h: Added.

(JSC::ProxyObject::create):
(JSC::ProxyObject::createStructure):
(JSC::ProxyObject::target):
(JSC::ProxyObject::handler):

runtime/ReflectObject.cpp:

(JSC::reflectObjectGet):

runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::StackFrame::nameFromCallee):

tests/es6.yaml:
tests/stress/proxy-basic.js: Added.

(assert):
(let.handler.get null):
(get let):
(let.handler.get switch):
(let.handler):
(let.theTarget.get x):

tests/stress/proxy-in-proto-chain.js: Added.

(assert):

tests/stress/proxy-of-a-proxy.js: Added.

(assert):
(throw.new.Error.):

tests/stress/proxy-property-descriptor.js: Added.

(assert):
(set Object):

wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::getImportedValue):

Source/WebCore:

Tests are in JavaScriptCore.

bindings/js/JSCryptoAlgorithmDictionary.cpp:

(WebCore::getProperty):
(WebCore::getHashAlgorithm):

bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::getJSArrayFromJSON):
(WebCore::getStringFromJSON):
(WebCore::getBooleanFromJSON):

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::DialogHandler::returnValue):

bindings/js/JSDictionary.cpp:

(WebCore::JSDictionary::tryGetProperty):

bindings/js/JSStorageCustom.cpp:

(WebCore::JSStorage::deleteProperty):
(WebCore::JSStorage::deletePropertyByIndex):
(WebCore::JSStorage::putDelegate):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::getProperty):

testing/Internals.cpp:

(WebCore::Internals::isReadableStreamDisturbed):

2:03 PM Changeset in webkit [196721] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

StringPrototype functions should check for exceptions after calling JSString::value().
https://bugs.webkit.org/show_bug.cgi?id=154340

Reviewed by Filip Pizlo.

JSString::value() can throw an exception if the JS string is a rope and value()
needs to resolve the rope but encounters an OutOfMemory error. If value() is not
able to resolve the rope, it will return a null string (in addition to throwing
the exception). If StringPrototype functions do not check for exceptions after
calling JSString::value(), they may eventually use the returned null string and
crash the VM.

The fix is to add all the necessary exception checks, and do the appropriate
handling if needed.

Also in a few place where when an exception is detected, we return JSValue(), I
changed it to return jsUndefined() instead to be consistent with the rest of the
file.

runtime/StringPrototype.cpp:

(JSC::replaceUsingRegExpSearch):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncLocaleCompare):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString):

1:46 PM Changeset in webkit [196720] by andersca@apple.com

9 edits in trunk/Source/WebKit2

Need listener-based version of runBeforeUnloadConfirmPanel
https://bugs.webkit.org/show_bug.cgi?id=154354
rdar://problem/23736691

Reviewed by Sam Weinig.

Shared/API/APIObject.h:
Shared/API/c/WKBase.h:
UIProcess/API/APIUIClient.h:

(API::UIClient::runBeforeUnloadConfirmPanel):

UIProcess/API/C/WKPage.cpp:

(fixUpBotchedPageUIClient):
(WebKit::RunBeforeUnloadConfirmPanelResultListener::create):
(WebKit::RunBeforeUnloadConfirmPanelResultListener::~RunBeforeUnloadConfirmPanelResultListener):
(WebKit::RunBeforeUnloadConfirmPanelResultListener::call):
(WKPageRunBeforeUnloadConfirmPanelResultListenerGetTypeID):
(WKPageRunBeforeUnloadConfirmPanelResultListenerCall):
(WKPageSetPageUIClient):

UIProcess/API/C/WKPageUIClient.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::runBeforeUnloadConfirmPanel):

UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:

1:44 PM Changeset in webkit [196719] by Simon Fraser

5 edits in trunk/LayoutTests

Add tests for iframe and overflow scrollability after navigating back
https://bugs.webkit.org/show_bug.cgi?id=154300

Fix the tests added in r196665 to be agnostic about how many pixels a wheel event scrolls.

fast/scrolling/iframe-scrollable-after-back-expected.txt:
fast/scrolling/iframe-scrollable-after-back.html:
fast/scrolling/overflow-scrollable-after-back-expected.txt:
fast/scrolling/overflow-scrollable-after-back.html:

1:33 PM Changeset in webkit [196718] by commit-queue@webkit.org

1 edit
3 adds in trunk/LayoutTests

[ES6] Arrow function. Arrow function should raise exception ReferenceError only when access to 'arguments' on top level
https://bugs.webkit.org/show_bug.cgi?id=152570

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-17
Reviewed by Saam Barati.

Add tests to ensure that arrrow function return error when it binds arguments on top level

js/arrowfunction-lexical-bind-arguments-top-level-expected.txt: Added.
js/arrowfunction-lexical-bind-arguments-top-level.html: Added.
js/script-tests/arrowfunction-lexical-bind-arguments-top-level.js: Added.

1:27 PM Changeset in webkit [196717] by Simon Fraser

11 edits in trunk/Source

PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
https://bugs.webkit.org/show_bug.cgi?id=148182

Reviewed by Brent Fulgham.
Source/WebCore:

When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
so the old FrameView was left with a stale pointer in its scrollableAreaSet.

Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
before the Frame gets a new FrameView.

Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
so that the Widget is not kept alive over a possible navigation.

I was unable to make an automated test, because reproducing the bug requires handling
a Command-arrow key event in a way that the last ref to a Widget is held over the event
handling, and this wasn't possible in an iframe.

html/HTMLPlugInElement.cpp:

(WebCore::HTMLPlugInElement::defaultEventHandler):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::willDetachRenderers):

plugins/PluginViewBase.h:

(WebCore::PluginViewBase::willDetatchRenderer):

style/StyleTreeResolver.cpp:

(WebCore::Style::detachRenderTree): Drive-by nullptr.

Source/WebKit2:

Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
before the Frame gets a new FrameView.

Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
so that the Widget is not kept alive over a possible navigation.

WebProcess/Plugins/PDF/DeprecatedPDFPlugin.h:
WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::PDFPlugin::willDetatchRenderer):

WebProcess/Plugins/Plugin.h:

(WebKit::Plugin::willDetatchRenderer):

WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::willDetatchRenderer):

WebProcess/Plugins/PluginView.h:

1:17 PM Changeset in webkit [196716] by weinig@apple.com

4 edits in trunk

Add an ensure function on HashMap that takes a key and a function to make the lazy value initialization idiom easier
https://bugs.webkit.org/show_bug.cgi?id=134857

Reviewed by Geoffrey Garen.

Source/WTF:

The current idiom for adding a value to a HashMap if the key is not already present, to allow for not
unnecessarily constructing the new value if it won't be used, is:

{

auto result = map.add(key, Value());
if (!result.isNewEntry)

return result.iterator->value;

result.iterator->value = createNewValue();
return result.iterator->value;

}

or sometimes

{

auto& value = map.add(key, Value()).iterator->value;
if (!value)

value = createNewValue();

return value;

}

With this patch, you can now use the new function HashMap::ensure(key, functor). This will allow us to
change to using the following idiom:

{

return map.ensure(key, [] { return createNewValue(); });

}

The passed in functor will only be called if the key is not already present in the HashMap.

wtf/HashMap.h:

(WTF::HashMapTranslator::translate):
(WTF::HashMapEnsureTranslator::hash):
(WTF::HashMapEnsureTranslator::equal):
(WTF::HashMapEnsureTranslator::translate):
(WTF::HashMapTranslatorAdapter::hash):

Tools:

TestWebKitAPI/Tests/WTF/HashMap.cpp:

Add tests for HashMap::ensure.

12:42 PM Changeset in webkit [196715] by beidson@apple.com

10 edits in trunk/Source

Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
https://bugs.webkit.org/show_bug.cgi?id=154351

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.

Source/WebCore:

Modules/indexeddb/IDBDatabaseIdentifier.h:

(WebCore::IDBDatabaseIdentifier::encode):
(WebCore::IDBDatabaseIdentifier::decode):

Modules/indexeddb/shared/IDBCursorInfo.h:

(WebCore::IDBCursorInfo::encode):
(WebCore::IDBCursorInfo::decode):

Modules/indexeddb/shared/IDBIndexInfo.h:

(WebCore::IDBIndexInfo::encode):
(WebCore::IDBIndexInfo::decode):

Modules/indexeddb/shared/IDBObjectStoreInfo.h:

(WebCore::IDBObjectStoreInfo::encode):
(WebCore::IDBObjectStoreInfo::decode):

Modules/indexeddb/shared/IDBRequestData.h:

(WebCore::IDBRequestData::encode):
(WebCore::IDBRequestData::decode):

Modules/indexeddb/shared/IDBResourceIdentifier.h:

(WebCore::IDBResourceIdentifier::encode):
(WebCore::IDBResourceIdentifier::decode):

Modules/indexeddb/shared/IDBTransactionInfo.h:

(WebCore::IDBTransactionInfo::encode):
(WebCore::IDBTransactionInfo::decode):

Source/WebKit2:

Implement in all of the client->server message sends, requiring many Encoder/Decoders for
IDB objects to also be implemented:

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::deleteDatabase):
(WebKit::WebIDBConnectionToServer::openDatabase):
(WebKit::WebIDBConnectionToServer::abortTransaction):
(WebKit::WebIDBConnectionToServer::commitTransaction):
(WebKit::WebIDBConnectionToServer::didFinishHandlingVersionChangeTransaction):
(WebKit::WebIDBConnectionToServer::createObjectStore):
(WebKit::WebIDBConnectionToServer::deleteObjectStore):
(WebKit::WebIDBConnectionToServer::clearObjectStore):
(WebKit::WebIDBConnectionToServer::createIndex):
(WebKit::WebIDBConnectionToServer::deleteIndex):
(WebKit::WebIDBConnectionToServer::putOrAdd):
(WebKit::WebIDBConnectionToServer::getRecord):
(WebKit::WebIDBConnectionToServer::getCount):
(WebKit::WebIDBConnectionToServer::deleteRecord):
(WebKit::WebIDBConnectionToServer::openCursor):
(WebKit::WebIDBConnectionToServer::iterateCursor):
(WebKit::WebIDBConnectionToServer::establishTransaction):
(WebKit::WebIDBConnectionToServer::databaseConnectionClosed):
(WebKit::WebIDBConnectionToServer::abortOpenAndUpgradeNeeded):
(WebKit::WebIDBConnectionToServer::didFireVersionChangeEvent):

12:40 PM Changeset in webkit [196714] by ddkilzer@apple.com

2 edits in trunk/Source/WebKit/ios

[iOS WK1] NSTimer in WebGeolocationProviderIOS.mm fires on the main thread without the WebThreadLock
<http://webkit.org/b/154347>
<rdar://problem/19360382>

Reviewed by Andy Estes.

This isn't testable because the GeolocationClientMock in WebCore
bypasses this code in WebKit1.

Misc/WebGeolocationProviderIOS.mm:

(-[WebGeolocationProviderIOS _handlePendingInitialPosition:]):
Assert that this is always called on the WebThread.
(-[WebGeolocationProviderIOS registerWebView:]): Register the
NSTimer on the WebThread NSRunLoop.

12:29 PM Changeset in webkit [196713] by Matt Baker

23 edits in trunk/Source/WebInspectorUI

Web Inspector: add CSS variables for common border/background colors
https://bugs.webkit.org/show_bug.cgi?id=154302
<rdar://problem/24680944>

Reviewed by Timothy Hatcher.

Added CSS variables for commonly used border and background colors, and removed
duplicate CSS variables with less generic names. Inactive border colors declared in
rules with a body.window-inactive selector have been removed. A new rule using this
selector in Variables.css sets "--border-color" to the inactive color.

UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content > .pseudo-classes):
(.sidebar > .panel.details.css-style > .content ~ :matches(.options-container, .class-list-container)):
(.sidebar > .panel.details.css-style > .content.filter-in-progress .style-declaration-section:not(.filter-section-has-label)):

UserInterface/Views/DataGrid.css:

(.data-grid.inline):
(.data-grid th):
(.data-grid :matches(th, td):not(:last-child)):
(body.window-inactive .data-grid th): Deleted.
(body.window-inactive .data-grid :matches(th, td):not(:last-child)): Deleted.

UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger.paused .details-section.scripts):

UserInterface/Views/DetailsSection.css:

(.details-section):
(.details-section .details-section:first-child):
(.details-section > .header):
(.details-section > .content > .group):
(.details-section > .content > .group:nth-child(even) > .row:matches(.simple:first-child > *, :not(.simple):first-child)):

UserInterface/Views/FilterBar.css:

(.filter-bar):

UserInterface/Views/FindBanner.css:

(.find-banner):
(body.window-inactive .find-banner): Deleted.

UserInterface/Views/LayerTreeDetailsSidebarPanel.css:

(.panel.details.layer-tree .bottom-bar):

UserInterface/Views/Main.css:

(body.docked.bottom):
(body.docked.right):
(#split-content-browser):
(#split-content-browser > .navigation-bar):
(body.window-inactive.docked.bottom): Deleted.
(body.window-inactive.docked.right): Deleted.
(body.window-inactive #split-content-browser): Deleted.

UserInterface/Views/MemoryCategoryView.css:

(.memory-category-view):
(.memory-category-view > .details):
(body.window-inactive .memory-category-view): Deleted.
(body.window-inactive .memory-category-view > .details): Deleted.

UserInterface/Views/MemoryTimelineView.css:

(.timeline-view.memory):
(.timeline-view.memory > .content > .overview):
(.timeline-view.memory > .content > .details > .subtitle):
(.timeline-view.memory > .content > .overview > .divider):
(body.window-inactive .timeline-view.memory): Deleted.
(body.window-inactive .timeline-view.memory > .content > .overview): Deleted.
(body.window-inactive .timeline-view.memory > .content > .details > .subtitle): Deleted.
(body.window-inactive .timeline-view.memory > .content > .overview > .divider): Deleted.

UserInterface/Views/NavigationBar.css:

(.navigation-bar):
(body.window-inactive .navigation-bar): Deleted.

UserInterface/Views/NavigationSidebarPanel.css:

(.sidebar > .panel.navigation > .overflow-shadow):
(body.window-inactive .sidebar > .panel.navigation > .overflow-shadow): Deleted.

UserInterface/Views/NetworkSidebarPanel.css:

(.sidebar > .panel.navigation.network > .title-bar):
(body.window-inactive .sidebar > .panel.navigation.network > .title-bar): Deleted.

UserInterface/Views/OverviewTimelineView.css:

(.timeline-view.overview > .timeline-ruler > .header):
(body.window-inactive .timeline-view.overview > .timeline-ruler > .header): Deleted.

UserInterface/Views/QuickConsole.css:

(.quick-console):
(body.window-inactive .quick-console): Deleted.

UserInterface/Views/Sidebar.css:

(.sidebar):
(.sidebar.left):
(.sidebar.right):
(body.window-inactive .sidebar.left): Deleted.
(body.window-inactive .sidebar.right): Deleted.

UserInterface/Views/TimelineDataGrid.css:

(.data-grid.timeline th):
(body.window-inactive .data-grid.timeline th): Deleted.

UserInterface/Views/TimelineRuler.css:

(.timeline-ruler > .header):
(body.window-inactive .timeline-ruler > .header): Deleted.

UserInterface/Views/TimelineSidebarPanel.css:

(.sidebar > .panel.navigation.timeline > .title-bar):
(.sidebar > .panel.navigation.timeline > .title-bar.timeline-events):
(body.window-inactive .sidebar > .panel.navigation.timeline > .title-bar): Deleted.
(body.window-inactive .sidebar > .panel.navigation.timeline > .title-bar.timeline-events): Deleted.

UserInterface/Views/Toolbar.css:

(body.latest-mac .toolbar .dashboard-container):

UserInterface/Views/Variables.css:

(:root):
(body.window-inactive *):

UserInterface/Views/VisualStyleSelectorSection.css:

(.details-section.visual-style-selector-section:not(.collapsed) > .header):
(.details-section.visual-style-selector-section > .content > .selectors > .selector-list > .section-divider):

12:27 PM Changeset in webkit [196712] by akling@apple.com

3 edits in trunk/Source/WebCore

[iOS] Purge GraphicsServices font cache on memory warning.
<https://webkit.org/b/154343>

Reviewed by Antti Koivisto.

The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
Call SPI to purge it on memory pressure.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::platformReleaseMemory):

platform/spi/ios/GraphicsServicesSPI.h:

12:22 PM Changeset in webkit [196711] by beidson@apple.com

2 edits in trunk/Source

Revert accidentally committed ChangeLogs

12:19 PM Changeset in webkit [196710] by Chris Dumez

3 edits
18 adds in trunk/LayoutTests

Import W3C HTML reflection tests
https://bugs.webkit.org/show_bug.cgi?id=154310
<rdar://problem/24685826>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Import W3C HTML reflection tests from:
https://github.com/w3c/web-platform-tests/tree/master/html/dom

This improves our test coverage.

web-platform-tests/html/dom/reflection-embedded-expected.txt: Added.
web-platform-tests/html/dom/reflection-embedded.html: Added.
web-platform-tests/html/dom/reflection-forms-expected.txt: Added.
web-platform-tests/html/dom/reflection-forms.html: Added.
web-platform-tests/html/dom/reflection-grouping-expected.txt: Added.
web-platform-tests/html/dom/reflection-grouping.html: Added.
web-platform-tests/html/dom/reflection-metadata-expected.txt: Added.
web-platform-tests/html/dom/reflection-metadata.html: Added.
web-platform-tests/html/dom/reflection-misc-expected.txt: Added.
web-platform-tests/html/dom/reflection-misc.html: Added.
web-platform-tests/html/dom/reflection-obsolete-expected.txt: Added.
web-platform-tests/html/dom/reflection-obsolete.html: Added.
web-platform-tests/html/dom/reflection-sections-expected.txt: Added.
web-platform-tests/html/dom/reflection-sections.html: Added.
web-platform-tests/html/dom/reflection-tabular-expected.txt: Added.
web-platform-tests/html/dom/reflection-tabular.html: Added.
web-platform-tests/html/dom/reflection-text-expected.txt: Added.
web-platform-tests/html/dom/reflection-text.html: Added.

LayoutTests:

Skip newly imported tests in Debug builds because they are slow.

TestExpectations:

12:19 PM Changeset in webkit [196709] by beidson@apple.com

2 edits in trunk/Source

Modern IDB: More WK2 IPC Scaffolding.
https://bugs.webkit.org/show_bug.cgi?id=154317

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.

Source/WebCore:

Modules/indexeddb/shared/IDBCursorInfo.cpp:

(WebCore::IDBCursorInfo::IDBCursorInfo):

Modules/indexeddb/shared/IDBCursorInfo.h:

(WebCore::IDBCursorInfo::decode):

Modules/indexeddb/shared/IDBError.h:

(WebCore::IDBError::decode):

Modules/indexeddb/shared/IDBIndexInfo.h:

(WebCore::IDBIndexInfo::decode):

Modules/indexeddb/shared/IDBObjectStoreInfo.h:

(WebCore::IDBObjectStoreInfo::decode):

Modules/indexeddb/shared/IDBRequestData.cpp:

(WebCore::IDBRequestData::IDBRequestData):

Modules/indexeddb/shared/IDBRequestData.h:

(WebCore::IDBRequestData::decode):

Modules/indexeddb/shared/IDBResourceIdentifier.cpp:

(WebCore::IDBResourceIdentifier::IDBResourceIdentifier):

Modules/indexeddb/shared/IDBResourceIdentifier.h:

(WebCore::IDBResourceIdentifier::decode):

Modules/indexeddb/shared/IDBResultData.cpp:

(WebCore::IDBResultData::IDBResultData):

Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::decode):

Modules/indexeddb/shared/IDBTransactionInfo.cpp:

(WebCore::IDBTransactionInfo::IDBTransactionInfo):

Modules/indexeddb/shared/IDBTransactionInfo.h:

(WebCore::IDBTransactionInfo::decode):

WebCore.xcodeproj/project.pbxproj:

Source/WebKit2:

CMakeLists.txt:
DerivedSources.make:
WebKit2.xcodeproj/project.pbxproj:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
DatabaseProcess/IndexedDB/WebIDBConnectionToClient.messages.in: Added.

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:
WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.messages.in: Added.

12:18 PM Changeset in webkit [196708] by rniwa@webkit.org

4 edits
1 add in trunk/Websites/perf.webkit.org

v3 UI has the capability to schedule an A/B testing in a specific range
https://bugs.webkit.org/show_bug.cgi?id=154329

Reviewed by Chris Dumez.

Extended AnalysisTaskChartPane and ResultsTable so that users can select a range of points in either
the overview chart pane and the results viewer table. Extracted TestGroupForm out of the analysis task
page and used right below those two components in the analysis task page.

public/v3/components/results-table.js:

(ResultsTable):
(ResultsTable.prototype.setRangeSelectorLabels): Added.
(ResultsTable.prototype.setRangeSelectorCallback): Added.
(ResultsTable.prototype.selectedRange): Added.
(ResultsTable.prototype._rangeSelectorClicked): Added.
(ResultsTable.prototype.render): Generate radio boxes to select a range.

public/v3/components/test-group-form.js:

(TestGroupForm):
(TestGroupForm.prototype.setStartCallback): Added.
(TestGroupForm.prototype.setNeedsName): Added.
(TestGroupForm.prototype.setDisabled): Added.
(TestGroupForm.prototype.setLabel): Added.
(TestGroupForm.prototype.setRepetitionCount): Added.
(TestGroupForm.prototype._submitted): Added.
(TestGroupForm.htmlTemplate): Extracted from AnalysisTaskPage.htmlTemplate.

public/v3/index.html:

public/v3/pages/analysis-task-page.js:

(AnalysisTaskChartPane.prototype._mainSelectionDidChange): Added. Delegates the work to AnalysisTaskPage.
(AnalysisTaskChartPane.prototype.selectedPoints): Added.
(AnalysisTaskPage):
(AnalysisTaskPage.prototype.title):
(AnalysisTaskPage.prototype.render):
(AnalysisTaskPage.prototype._renderTestGroupDetails): Use TestGroupForm's methods instead of mutating DOM.
(AnalysisTaskPage.prototype._retryCurrentTestGroup):
(AnalysisTaskPage.prototype._chartSelectionDidChange): Added.
(AnalysisTaskPage.prototype._createNewTestGroupFromChart): Added.
(AnalysisTaskPage.prototype._selectedRowInAnalysisResultsViewer): Added.
(AnalysisTaskPage.prototype._createNewTestGroupFromViewer): Added.
(AnalysisTaskPage.prototype._createRetryNameForTestGroup):
(AnalysisTaskPage.prototype._createTestGroupAfterVerifyingRootSetList): Extracted from _retryCurrentTestGroup
so that we can call it in _createNewTestGroupFromChart and _createNewTestGroupFromViewer.
(AnalysisTaskPage.htmlTemplate):

12:11 PM Changeset in webkit [196707] by achristensen@apple.com

4 edits
2 copies in trunk

Copy http body when being redirected with 308 with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154348

Reviewed by Brady Eidson.
Source/WebKit2:

This fixes http/tests/security/cors-post-redirect-308.html
which used to assert in ResourceRequest::doUpdateResourceHTTPBody

NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::willPerformHTTPRedirection):

LayoutTests:

http/tests/navigation/post-308-response-expected.txt: Copied from LayoutTests/http/tests/navigation/post-307-response-expected.txt.
http/tests/navigation/post-308-response.html: Copied from LayoutTests/http/tests/navigation/post-307-response.html.
http/tests/navigation/resources/redirection-response.php:

Added a test verifying data is being sent with post requests after being redirected with an http status code of 308.
We already had non-CORS tests for 301, 302, 303, and 307, and we already had CORS tests for 301, 302, 303, 307, and 308.
This fills in the missing non-CORS test.

11:31 AM Changeset in webkit [196706] by Chris Dumez

8 edits
2 adds in trunk

Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
https://bugs.webkit.org/show_bug.cgi?id=154330

Reviewed by Gavin Barraclough.

Source/WebCore:

window.showModalDialog is no longer undefined if the client does not
allow showing modal dialog after r196648. This patch fixes the issue
and add test coverage for this.

Test: fast/dom/Window/forbid-showModalDialog.html

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlot):

Move the DOMWindow::canShowModalDialog() check *before* checking for static properties as showModalDialog is now in the static property table after r196648.
Add check for Base::getOwnPropertySlot() first to support overriding window.showModalDialog (This behavior matches Firefox).
Return false if DOMWindow::canShowModalDialog() returns false as this seems cleaner than claiming that the property is there but undefined.

page/DOMWindow.cpp:

(WebCore::DOMWindow::canShowModalDialogNow): Deleted.
This was indentical to canShowModalDialog().

(WebCore::DOMWindow::canShowModalDialog):
(WebCore::DOMWindow::setCanShowModalDialogOverride):
(WebCore::DOMWindow::showModalDialog):

page/DOMWindow.h:
testing/Internals.cpp:

(WebCore::Internals::setCanShowModalDialogOverride):

testing/Internals.h:
testing/Internals.idl:

Add support for overriding the ChromeClient's canShowModalDialog
decision and hook it up to Internals to add layout test coverage.

LayoutTests:

Add layout test to make sure that window.showModalDialog is undefined
when the client does not allow showing modal dialog and to check that
window.showModalDialog can be shadowed.

fast/dom/Window/forbid-showModalDialog-expected.txt: Added.
fast/dom/Window/forbid-showModalDialog.html: Added.

11:21 AM Changeset in webkit [196705] by beidson@apple.com

23 edits
2 adds in trunk/Source

Modern IDB: More WK2 IPC Scaffolding.
https://bugs.webkit.org/show_bug.cgi?id=154317

Reviewed by Alex Christensen.

No change in behavior yet; Just laying the groundwork.

Source/WebCore:

Modules/indexeddb/shared/IDBCursorInfo.cpp:

(WebCore::IDBCursorInfo::IDBCursorInfo):

Modules/indexeddb/shared/IDBCursorInfo.h:

(WebCore::IDBCursorInfo::decode):

Modules/indexeddb/shared/IDBError.h:

(WebCore::IDBError::decode):

Modules/indexeddb/shared/IDBIndexInfo.h:

(WebCore::IDBIndexInfo::decode):

Modules/indexeddb/shared/IDBObjectStoreInfo.h:

(WebCore::IDBObjectStoreInfo::decode):

Modules/indexeddb/shared/IDBRequestData.cpp:

(WebCore::IDBRequestData::IDBRequestData):

Modules/indexeddb/shared/IDBRequestData.h:

(WebCore::IDBRequestData::decode):

Modules/indexeddb/shared/IDBResourceIdentifier.cpp:

(WebCore::IDBResourceIdentifier::IDBResourceIdentifier):

Modules/indexeddb/shared/IDBResourceIdentifier.h:

(WebCore::IDBResourceIdentifier::decode):

Modules/indexeddb/shared/IDBResultData.cpp:

(WebCore::IDBResultData::IDBResultData):

Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::decode):

Modules/indexeddb/shared/IDBTransactionInfo.cpp:

(WebCore::IDBTransactionInfo::IDBTransactionInfo):

Modules/indexeddb/shared/IDBTransactionInfo.h:

(WebCore::IDBTransactionInfo::decode):

WebCore.xcodeproj/project.pbxproj:

Source/WebKit2:

CMakeLists.txt:
DerivedSources.make:
WebKit2.xcodeproj/project.pbxproj:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.cpp:

DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
DatabaseProcess/IndexedDB/WebIDBConnectionToClient.messages.in: Added.

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.h:
WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.messages.in: Added.

11:18 AM Changeset in webkit [196704] by commit-queue@webkit.org

12 edits
1 delete in trunk

Unreviewed, rolling out r196675.
https://bugs.webkit.org/show_bug.cgi?id=154344

"Causes major slowdowns on deltablue-varargs" (Requested by

keith_miller on #webkit).

Reverted changeset:

"Spread operator should be allowed when not the first argument
of parameter list"
https://bugs.webkit.org/show_bug.cgi?id=152721
http://trac.webkit.org/changeset/196675

11:17 AM Changeset in webkit [196703] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

[Win] Allow ports to disable automatic text track selection
https://bugs.webkit.org/show_bug.cgi?id=154322
<rdar://problem/24623986>

Reviewed by Brent Fulgham.

page/CaptionUserPreferencesMediaAF.cpp:

(MTEnableCaption2015BehaviorPtr): Implement for Windows.

11:04 AM Changeset in webkit [196702] by barraclough@apple.com

4 edits in trunk/Source

JSDOMWindow::put should not do the same thing twice
https://bugs.webkit.org/show_bug.cgi?id=154334

Reviewed by Chris Dumez.

It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
table entries.

Source/JavaScriptCore:

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::hasOwnPropertyForWrite): Deleted.

no longer needed.

Source/WebCore:

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::put):

just call Base::put.

(WebCore::JSDOMWindow::putByIndex):

just call Base::putByIndex.

11:03 AM Changeset in webkit [196701] by achristensen@apple.com

2 edits in trunk/Source/WebKit2

CMake build fix after r196698.

PlatformMac.cmake:

10:50 AM Changeset in webkit [196700] by achristensen@apple.com

2 edits in trunk/Source/WebKit2

CMake build fix after r196698.

CMakeLists.txt:

10:16 AM Changeset in webkit [196699] by n_wang@apple.com

19 edits
2 adds in trunk

AX: Implement sentence related text marker functions using TextIterator
https://bugs.webkit.org/show_bug.cgi?id=154312

Reviewed by Chris Fleizach.

Source/WebCore:

Using CharacterOffset to implement sentence related text marker calls. Reused
logic from VisibleUnits class. Also fixed an issue where paragraph navigation
should skip preceding and following BR nodes.

Test: accessibility/mac/text-marker-sentence-nav.html

accessibility/AXObjectCache.cpp:

(WebCore::resetNodeAndOffsetForReplacedNode):
(WebCore::setRangeStartOrEndWithCharacterOffset):
(WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
(WebCore::AXObjectCache::previousCharacterOffset):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::endCharacterOffsetOfWord):
(WebCore::AXObjectCache::previousWordStartCharacterOffset):
(WebCore::AXObjectCache::leftWordRange):
(WebCore::AXObjectCache::rightWordRange):
(WebCore::AXObjectCache::characterBefore):
(WebCore::characterOffsetNodeIsBR):
(WebCore::parentEditingBoundary):
(WebCore::AXObjectCache::nextBoundary):
(WebCore::AXObjectCache::previousBoundary):
(WebCore::AXObjectCache::paragraphForCharacterOffset):
(WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
(WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
(WebCore::AXObjectCache::startCharacterOffsetOfSentence):
(WebCore::AXObjectCache::endCharacterOffsetOfSentence):
(WebCore::AXObjectCache::sentenceForCharacterOffset):
(WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
(WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
(WebCore::AXObjectCache::rootAXEditableElement):
(WebCore::startWordBoundary): Deleted.
(WebCore::endWordBoundary): Deleted.
(WebCore::AXObjectCache::nextWordBoundary): Deleted.
(WebCore::AXObjectCache::previousWordBoundary): Deleted.

accessibility/AXObjectCache.h:
accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

editing/VisibleUnits.cpp:

(WebCore::startWordBoundary):
(WebCore::startOfWord):
(WebCore::endWordBoundary):
(WebCore::startSentenceBoundary):
(WebCore::startOfSentence):
(WebCore::endSentenceBoundary):

editing/VisibleUnits.h:

Tools:

DumpRenderTree/AccessibilityUIElement.cpp:

(nextParagraphEndTextMarkerForTextMarkerCallback):
(sentenceTextMarkerRangeForTextMarkerCallback):
(previousSentenceStartTextMarkerForTextMarkerCallback):
(nextSentenceEndTextMarkerForTextMarkerCallback):
(setSelectedVisibleTextRangeCallback):
(AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(AccessibilityUIElement::getJSClass):

DumpRenderTree/AccessibilityUIElement.h:
DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):

DumpRenderTree/mac/AccessibilityUIElementMac.mm:

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::paragraphTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousParagraphStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::previousParagraphStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::mathPostscriptsDescription):

WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(WTR::_convertMathMultiscriptPairsToString):

LayoutTests:

accessibility/mac/text-marker-paragraph-nav-expected.txt:
accessibility/mac/text-marker-paragraph-nav.html:
accessibility/mac/text-marker-sentence-nav-expected.txt: Added.
accessibility/mac/text-marker-sentence-nav.html: Added.

10:15 AM Changeset in webkit [196698] by andersca@apple.com

9 edits
8 deletes in trunk/Source/WebKit2

Remove unused media cache manager code
https://bugs.webkit.org/show_bug.cgi?id=154339

Reviewed by Tim Horton.

DerivedSources.make:
Shared/API/c/WKBase.h:
UIProcess/API/C/WKAPICast.h:
UIProcess/API/C/WKContext.cpp:

(WKContextGetMediaCacheManager): Deleted.

UIProcess/API/C/WKContext.h:
UIProcess/API/C/WKMediaCacheManager.cpp: Removed.

(WKMediaCacheManagerGetTypeID): Deleted.
(WKMediaCacheManagerGetHostnamesWithMediaCache): Deleted.
(WKMediaCacheManagerClearCacheForHostname): Deleted.
(WKMediaCacheManagerClearCacheForAllHostnames): Deleted.

UIProcess/API/C/WKMediaCacheManager.h: Removed.
UIProcess/WebMediaCacheManagerProxy.cpp: Removed.

(WebKit::WebMediaCacheManagerProxy::supplementName): Deleted.
(WebKit::WebMediaCacheManagerProxy::create): Deleted.
(WebKit::WebMediaCacheManagerProxy::WebMediaCacheManagerProxy): Deleted.
(WebKit::WebMediaCacheManagerProxy::~WebMediaCacheManagerProxy): Deleted.
(WebKit::WebMediaCacheManagerProxy::processPoolDestroyed): Deleted.
(WebKit::WebMediaCacheManagerProxy::processDidClose): Deleted.
(WebKit::WebMediaCacheManagerProxy::shouldTerminate): Deleted.
(WebKit::WebMediaCacheManagerProxy::refWebContextSupplement): Deleted.
(WebKit::WebMediaCacheManagerProxy::derefWebContextSupplement): Deleted.
(WebKit::WebMediaCacheManagerProxy::getHostnamesWithMediaCache): Deleted.
(WebKit::WebMediaCacheManagerProxy::didGetHostnamesWithMediaCache): Deleted.
(WebKit::WebMediaCacheManagerProxy::clearCacheForHostname): Deleted.
(WebKit::WebMediaCacheManagerProxy::clearCacheForAllHostnames): Deleted.

UIProcess/WebMediaCacheManagerProxy.h: Removed.
UIProcess/WebMediaCacheManagerProxy.messages.in: Removed.
UIProcess/WebProcessPool.cpp:
WebKit2.xcodeproj/project.pbxproj:
WebProcess/MediaCache/WebMediaCacheManager.cpp: Removed.

(WebKit::WebMediaCacheManager::supplementName): Deleted.
(WebKit::WebMediaCacheManager::WebMediaCacheManager): Deleted.
(WebKit::WebMediaCacheManager::getHostnamesWithMediaCache): Deleted.
(WebKit::WebMediaCacheManager::clearCacheForHostname): Deleted.
(WebKit::WebMediaCacheManager::clearCacheForAllHostnames): Deleted.

WebProcess/MediaCache/WebMediaCacheManager.h: Removed.
WebProcess/MediaCache/WebMediaCacheManager.messages.in: Removed.
WebProcess/WebProcess.cpp:

(WebKit::m_webSQLiteDatabaseTracker): Deleted.

9:46 AM Changeset in webkit [196697] by Ryan Haddad

1 edit
2 adds in trunk/LayoutTests

Adding an ios-specific baseline for accessibility/ios-simulator/centerpoint.html during failure investigation
https://bugs.webkit.org/show_bug.cgi?id=154137

Unreviewed test gardening.

platform/ios-simulator/accessibility/ios-simulator/centerpoint-expected.txt: Added.

9:32 AM Changeset in webkit [196696] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

9:25 AM Changeset in webkit [196695] by Ryan Haddad

2 edits in trunk/LayoutTests

Skipping tests added with r196688 on ios-simulator due to reliance on unsupported mouse events.

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

9:22 AM WebKitIDL edited by Chris Dumez

Drop [EventTarget] (diff)

8:50 AM Changeset in webkit [196694] by bshafiei@apple.com

5 edits in trunk/Source

Versioning.

8:48 AM Changeset in webkit [196693] by bshafiei@apple.com

1 copy in tags/Safari-602.1.19

New tag.

8:01 AM Changeset in webkit [196692] by Matt Baker

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Add singular and plural cases for "Ignore n times before stopping" label in breakpoint editor
https://bugs.webkit.org/show_bug.cgi?id=154335
<rdar://problem/24655491>

Reviewed by Timothy Hatcher.

Localizations/en.lproj/localizedStrings.js:

Added string for singular ignore count.

UserInterface/Controllers/BreakpointPopoverController.js:

(WebInspector.BreakpointPopoverController.prototype._createPopoverContent):
Remove unused variable "this._ignoreCount" and update ignore count text.

(WebInspector.BreakpointPopoverController.prototype._popoverIgnoreInputChanged):
Update ignore count text as value changes.

(WebInspector.BreakpointPopoverController.prototype._updateIgnoreCountText):
Set singular text when count === 1, otherwise set plural text.

3:45 AM Changeset in webkit [196691] by Manuel Rego Casasnovas

8 edits in trunk/Source/WebCore

[css-grid] GridSpan refactoring
https://bugs.webkit.org/show_bug.cgi?id=153868

Reviewed by Sergio Villar Senin.

Add new enum to know if a GridSpan is definite or indefinite.
That way we don't need GridUnresolvedSpan class (which is removed).
We can always have two GridSpans in GridCoordinate,
if the position is "auto" the GridSpan will be marked as indefinite.
This will allow in a follow-up patch to avoid repeated calls
to methods that resolve positions.

Most operations in GridSpan are restricted to definite GridSpans (access
to positions, iterator, etc.). For indefinite GridSpans we only need to
know that they're indefinite, we shouldn't use the rest of the data.

No new tests, no change of behavior.

css/CSSGridTemplateAreasValue.cpp:

(WebCore::stringForPosition):

css/CSSParser.cpp:

(WebCore::CSSParser::parseGridTemplateAreasRow):

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):

rendering/RenderGrid.cpp:

(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
(WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
(WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
(WebCore::RenderGrid::populateGridPositions): Deleted.

rendering/style/GridCoordinate.h:

(WebCore::GridSpan::definiteGridSpan):
(WebCore::GridSpan::indefiniteGridSpan):
(WebCore::GridSpan::operator==):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::isDefinite):
(WebCore::GridSpan::GridSpan):
(WebCore::GridCoordinate::GridCoordinate):

rendering/style/GridResolvedPosition.cpp:

(WebCore::initialPositionSide):
(WebCore::finalPositionSide):
(WebCore::adjustGridPositionsFromStyle):
(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
(WebCore::implicitNamedGridLineForSide): Deleted.
(WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
(WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
(WebCore::resolveGridPositionFromStyle): Deleted.

rendering/style/GridResolvedPosition.h:

(WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
(WebCore::GridResolvedPosition::operator*): Deleted.
(WebCore::GridResolvedPosition::operator++): Deleted.
(WebCore::GridResolvedPosition::operator==): Deleted.

12:38 AM Changeset in webkit [196690] by Chris Dumez

10 edits in trunk

Window should have its 'constructor' property on the prototype
https://bugs.webkit.org/show_bug.cgi?id=154037
<rdar://problem/24689078>

Reviewed by Gavin Barraclough.

LayoutTests/imported/w3c:

Rebaseline W3C test now that one more check is passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Window should have its 'constructor' property on the prototype as per
the Web IDL specification:
http://heycam.github.io/webidl/#interface-prototype-object

Firefox and Chrome already match the specification.

No new tests, covered by:

fast/dom/Window/window-constructor-settable.html
fast/dom/Window/window-constructor.html
http/tests/security/cross-origin-window-property-access.html
imported/w3c/web-platform-tests/html/dom/interfaces.html

bindings/scripts/CodeGeneratorJS.pm:

(ConstructorShouldBeOnInstance): Deleted.
Drop this routine as all constructors are now on the prototype.

(InstancePropertyCount):
Do not account for constructor properties as these can only be
on the prototype now.

(PrototypePropertyCount):
Increment the property count by 1 if the interface has a constructor
property (e.g. [NoInterfaceObject] interfaces do not have one).

(GeneratePropertiesHashTable):
Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
Always generated the "constructor" property if:

We are generating the prototype hash table.

and

The interface needs a constructor (i.e. not marked as [NoInterfaceObject]).

(GenerateImplementation):

Drop code handling the case where ConstructorShouldBeOnInstance() returns true as constructors are not always on the prototype and the ConstructorShouldBeOnInstance() routine has been dropped.
Drop code handling [CustomProxyToJSObject]. Now that the constructor is always on the prototype, we never need to cast thisValue to a JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue is now casted to a JSDOMWindowPrototype*, similarly to other interfaces so we don't need a special casting function anymore.
Stop generating security checks. This only impacts Window as it is the only interface marked as [CheckSecurity]. The cross-origin checking code as it was would not work when "constructor" is on the prototype because thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no way of getting the wrapped window. Also, the security check is no longer needed because:
1. Accessing crossOriginWindow.constructor will not work now that constructor is on the prototype because JSDOMWindow::getOwnPropertySlot() already prevents access to the prototype in the cross-origin case.
2. "constructor" is a value property, not a getter/setter. Therefore, it is no possible to use the getter/setter from a same origin window instance and call it on a cross origin window.

LayoutTests:

http/tests/security/cross-origin-window-property-access-expected.txt:
http/tests/security/cross-origin-window-property-access.html:

Add checks to make sure it still is not possible to access
window.constructor cross-origin.

Context Navigation

Timeline

Feb 21, 2016:

Feb 20, 2016:

Feb 19, 2016:

Feb 18, 2016:

Feb 17, 2016:

Download in other formats: