Timeline



Mar 11, 2016:

7:28 PM Changeset in webkit [198057] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Remove a few jumps from DFG
https://bugs.webkit.org/show_bug.cgi?id=155347

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-11
Reviewed by Mark Lam.

Usually, setting ValueTrue or ValueFalse is set
by Compare+Or. There are 3 places in DFG with branches instead.

This patch changes them to the usual pattern.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):

7:11 PM Changeset in webkit [198056] by rniwa@webkit.org
  • 26 edits
    8 adds in trunk

Add Event.deepPath() and Event.scoped
https://bugs.webkit.org/show_bug.cgi?id=153538
<rdar://problem/24363836>

Reviewed by Darin Adler.

Source/WebCore:

Added the support for deepPath(), scoped, and relatedTargetScoped on Event.prototype for shadow DOM:
http://w3c.github.io/webcomponents/spec/shadow/#extensions-to-event-interface
and updated the EventPath class to respect scoped and relatedTargetScoped flags as specified at:
http://w3c.github.io/webcomponents/spec/shadow/#get-the-parent

Tests: fast/shadow-dom/Extensions-to-Event-Interface.html

fast/shadow-dom/trusted-event-scoped-flags.html

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition): Added the support for Conditional for InitializedByEventConstructor.

  • bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestEventConstructor.h:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/ObjC/DOMTestEventConstructor.h:
  • bindings/scripts/test/ObjC/DOMTestEventConstructor.mm:
  • bindings/scripts/test/TestEventConstructor.idl: Added a test case for using InitializedByEventConstructor

with Conditional.

  • dom/Event.cpp:

(WebCore::Event::Event): Initialize m_scoped and m_relatedTargetScoped from EventInit dictionary.
(WebCore::Event::scoped): Added. Implements http://w3c.github.io/webcomponents/spec/shadow/#scoped-flag
(WebCore::Event::deepPath): Added.

  • dom/Event.h:

(WebCore::Event::relatedTargetScoped): Added. Overridden by FocusEvent and MouseEvent to implement
http://w3c.github.io/webcomponents/spec/shadow/#relatedtargetscoped-flag
(WebCore::Event::setEventPath): Added.
(WebCore::Event::clearEventPath): Added.

  • dom/Event.idl: Added scoped, relatedTargetScoped, and deepPath() conditionally enabled for shadow DOM.
  • dom/EventContext.h:

(WebCore::EventContext::currentTarget):

  • dom/EventDispatcher.cpp:

(WebCore::EventDispatcher::dispatchEvent): Set the event path while the event is being dispatched.

  • dom/EventPath.cpp:

(WebCore::shouldEventCrossShadowBoundary): Check event.scoped flag instead of hard-coding a list of events here
which has been moved to Event::scoped. See above.
(WebCore::EventPath::setRelatedTarget): Check m_event.relatedTargetScoped() instead of hard-coding a list of
events here. relatedTargetScoped is overridden by FocusEvent and MouseEvent.
(WebCore::EventPath::hasEventListeners): Fixed the misleading variable name.
(WebCore::isUnclosedNodeOf): Added. Implements http://w3c.github.io/webcomponents/spec/shadow/#dfn-unclosed-node
(WebCore::EventPath::computePathDisclosedToTarget): Added. Implements the algorithm to filter event targets:
http://w3c.github.io/webcomponents/spec/shadow/#widl-Event-deepPath-sequence-EventTarget

  • dom/EventPath.h:
  • dom/FocusEvent.cpp:

(WebCore::FocusEvent::relatedTargetScoped): Returns true when this is a trusted event per:
http://w3c.github.io/webcomponents/spec/shadow/#relatedtargetscoped-flag

  • dom/FocusEvent.h:
  • dom/MouseEvent.cpp:

(WebCore::MouseEvent::relatedTargetScoped): Ditto.

  • dom/MouseEvent.h:

LayoutTests:

Added a W3C style testharness.js tests for Event.prototype.scoped, Event.prototype.scopedRelatedTarget,
Event.prototype.deepPath() and a test that uses eventSender to verify the values of the scoped and
scopedRelatedTarget flags on trusted events.

  • fast/shadow-dom/Extensions-to-Event-Interface-expected.txt: Added.
  • fast/shadow-dom/Extensions-to-Event-Interface.html: Added.
  • fast/shadow-dom/event-with-related-target.html:
  • fast/shadow-dom/resources: Added.
  • fast/shadow-dom/resources/event-path-test-helpers.js: Added. Extracted from event-with-related-target.html.
  • fast/shadow-dom/trusted-event-scoped-flags-expected.txt: Added.
  • fast/shadow-dom/trusted-event-scoped-flags.html: Added.
  • fast/xmlhttprequest/xmlhttprequest-get-expected.txt:
  • http/tests/workers/worker-importScriptsOnError-expected.txt:
  • inspector/model/remote-object-get-properties-expected.txt:
  • platform/ios-simulator/fast/shadow-dom/trusted-event-scoped-flags-expected.txt: Added.
4:36 PM Changeset in webkit [198055] by commit-queue@webkit.org
  • 9 edits in trunk/Source

Move prevalent resource classifier from WebCore to WebKit.
https://bugs.webkit.org/show_bug.cgi?id=155242
<rdar://problem/24913272>

Patch by John Wilander <wilander@apple.com> on 2016-03-11
Reviewed by Andy Estes.

Source/WebCore:

No new tests since we have yet to decide how to set up tests for prevalent resources.

  • loader/ResourceLoadObserver.cpp:

(WebCore::ResourceLoadObserver::logFrameNavigation):
(WebCore::ResourceLoadObserver::logSubresourceLoading):

  • Removed calls to old classifier in WebCore.
  • loader/ResourceLoadStatistics.cpp:

(WebCore::encodeHashCountedSet):
(WebCore::ResourceLoadStatistics::checkAndSetAsPrevalentResourceIfNecessary): Deleted.
(WebCore::ResourceLoadStatistics::hasPrevalentResourceCharacteristics): Deleted.

  • loader/ResourceLoadStatistics.h:
    • Deleted old classification functions.
  • loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::create):
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler):
(WebCore::ResourceLoadStatisticsStore::hasEnoughDataForStatisticsProcessing):

  • New function to allow for checks before calls to processStatistics.

(WebCore::ResourceLoadStatisticsStore::processStatistics):

  • New function that receives a lamda and executes it on every entry in its statistics map.
  • loader/ResourceLoadStatisticsStore.h:

Source/WebKit2:

  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::create):
(WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore):
(WebKit::hasPrevalentResourceCharacteristics):
(WebKit::classifyPrevalentResources):

  • Moved these two functions from WebCore.

(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated):

  • Calls processStatistics with a lamda function to classify prevalent resources.
  • WebKit2.xcodeproj/project.pbxproj:
    • Fixed the ordering of source files.
3:59 PM Changeset in webkit [198054] by weinig@apple.com
  • 2 edits in trunk/Source/WebKit2

WebKit needs a new sandbox profile addition for DataDetectors
<rdar://problem/25091102>

Reviewed by Brent Fulgham.

  • WebProcess/com.apple.WebProcess.sb.in:
3:56 PM Changeset in webkit [198053] by ap@apple.com
  • 3 edits in trunk/Tools

[ios-sim debug] API test WTF_Lock.ContendedShortSection and WTF_ParkingLot.UnparkOneFifty timing out
https://bugs.webkit.org/show_bug.cgi?id=155276

[ios-sim] API test WTF_Condition.TenProducersTenConsumersOneSlot timing out
https://bugs.webkit.org/show_bug.cgi?id=155345

[iOS Simulator] API test timeout: WTF_ParkingLot.UnparkOneFiftyThenFiftyAll
https://bugs.webkit.org/show_bug.cgi?id=153997
<rdar://problem/23580034>

<rdar://problem/23580018> TestWebKitAPI Timeout: WTF_ParkingLot.UnparkOneFifty

Rubber-stamped by Filip Pizlo.

  • Scripts/run-api-tests: These tests are pretty slow. Increase API test timeout.
  • TestWebKitAPI/Tests/WTF/ParkingLot.cpp: Start running WTF_ParkingLot.UnparkOneFiftyThenFiftyAll

on iOS again.

3:48 PM Changeset in webkit [198052] by sbarati@apple.com
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Make Object.assign spec compliant
https://bugs.webkit.org/show_bug.cgi?id=155375

Reviewed by Michael Saboff.

This is a straight forward implementation of Object.assign
in the spec.
https://tc39.github.io/ecma262/#sec-object.assign
Before, weren't performing all of the specified operations.
Now, we are.

  • builtins/ObjectConstructor.js:

(assign):

  • runtime/CommonIdentifiers.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • tests/es6.yaml:
3:24 PM Changeset in webkit [198051] by Chris Dumez
  • 5 edits in trunk/Source/WebKit2

Regression(r198040): WebKit2.DocumentStartUserScriptAlertCrashTest API test is crashing in debug
https://bugs.webkit.org/show_bug.cgi?id=155382

Reviewed by Alexey Proskuryakov.

r198040 introduced an assertion to make sure we never call
applicationBundleIsEqualTo() before setApplicationBundleIdentifier()
is called. This new assertion found a bug as it turns out we were
calling setApplicationBundleIdentifier() too late during the
WebProcess initialization and some runtime applications checks were
already done by then.

To address the problem, this patch moves the
setApplicationBundleIdentifier() call as early as possible during
the WebProcess and the NetworkProcess initialization. It also moves
it to the Cocoa specific files for clarity.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::initializeNetworkProcess):

  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

3:15 PM Changeset in webkit [198050] by jiewen_tan@apple.com
  • 3 edits
    3 adds in trunk

WebKit should not be redirected to an invalid URL
https://bugs.webkit.org/show_bug.cgi?id=155263
<rdar://problem/22820172>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/navigation/redirect-to-invalid-url.html

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

LayoutTests:

  • http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
  • http/tests/navigation/redirect-to-invalid-url.html: Added.
  • http/tests/navigation/resources/redirect-to-invalid-url-frame.php: Added.
2:50 PM Changeset in webkit [198049] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

Use only selected text for Look up.
https://bugs.webkit.org/show_bug.cgi?id=155380

Reviewed by Tim Horton.

The corresponding piece that uses the extended context for Look up
is not ready yet. For the moment default to retrieving the selected text.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _lookup:]):

2:49 PM Changeset in webkit [198048] by jer.noble@apple.com
  • 2 edits in trunk/Tools

[ios-sim debug] API tests RequiresUserActionForPlaybackTest.DoesNotRequireUserActionForMediaPlayback and RequiresUserActionForAudioButNotVideoPlayback asserting
https://bugs.webkit.org/show_bug.cgi?id=155365

Reviewed by Darin Adler.

Allow tests running on iOS simulator to play video inline, avoiding this assert.

  • TestWebKitAPI/Tests/WebKit2Cocoa/RequiresUserActionForPlayback.mm:

(RequiresUserActionForPlaybackTest::SetUp):

2:25 PM Changeset in webkit [198047] by bshafiei@apple.com
  • 4 edits in tags/Safari-602.1.22/Source/WebKit2

Merged r198046.

2:13 PM Changeset in webkit [198046] by mitz@apple.com
  • 4 edits in trunk/Source/WebKit2

[iOS] Allow clients to specify text suggestions to be used for a form input session
https://bugs.webkit.org/show_bug.cgi?id=155343

Patch by Chelsea Pugh <cpugh@apple.com> on 2016-03-11
Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/_WKFormInputSession.h:
  • UIProcess/API/Cocoa/_WKInputDelegate.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKFormInputSession suggestions]): Add a getter for suggestions.
(-[WKFormInputSession setSuggestions:]): Add a setter, which calls setSuggestions with our suggestions on the input delegate.
(-[WKContentView insertTextSuggestion:]): Call _webView:insertTextSuggestion:inInputSession: on our input delegate so clients know
a text suggestion was tapped.

1:53 PM Changeset in webkit [198045] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Wrong TimelineOverview height after switching from Events to Frames
https://bugs.webkit.org/show_bug.cgi?id=155366
<rdar://problem/25111028>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._currentContentViewDidChange):
Update the overview height after setting a new view mode.

1:47 PM Changeset in webkit [198044] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Fix typo in StyleTreeResolver.cpp
https://bugs.webkit.org/show_bug.cgi?id=139946

Patch by Maksim Kisilev <mkisilev@yandex-team.ru> on 2016-03-10
Reviewed by Andy Estes.

The constructor for CheckForVisibilityChangeOnRecalcStyle was improperly comparing the
result of WKContentChange() (which is not a function) to WKContentVisibilityChange. I
believe the above cast would implicitly resolve to WKContentNoChange in all cases,
whether a visibility change had been observed or not.

This patch corrects this problem. I would expect that this might affect some content
visibility change behavior, but I'm not sure what the appropriate test case would be
since this was apparently found through code inspection.

  • style/StyleTreeResolver.cpp:

(WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::CheckForVisibilityChangeOnRecalcStyle):

1:46 PM Changeset in webkit [198043] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking media/track/track-in-band-style.html as flaky on Yosemite
https://bugs.webkit.org/show_bug.cgi?id=153143

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
1:08 PM Changeset in webkit [198042] by mark.lam@apple.com
  • 21 edits in trunk

Implement Function.name and Function#toString for ES6 class.
https://bugs.webkit.org/show_bug.cgi?id=155336

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The only thing that the ES6 spec says about toString with regards to class
objects is:

"The string representation must have the syntax of a FunctionDeclaration,
FunctionExpression, GeneratorDeclaration, GeneratorExpression, ClassDeclaration,
ClassExpression, ArrowFunction, MethodDefinition, or GeneratorMethod depending
upon the actual characteristics of the object."

Previously, invoking toString() on a class object will return the function
source string of the class' constructor function. This does not conform to the
spec in that the toString string for a class does not have the syntax of a
ClassDeclaration or ClassExpression.

This is now fixed by doing the following:

  1. Added "m_classSource" to FunctionExecutable (and correspondingly to UnlinkedFunctionExecutable, FunctionMetadataNode, and ClassExprNode). m_classSource is the SourceCode for the code range "class ... { ... }".

Since the class constructor function is the in memory representation of the
class object, only class constructor functions will have its m_classSource
set. m_classSource will be "null" (by default) for all other functions.
This is how we know if a FunctionExecutable is for a class.

Note: FunctionExecutable does not have its own m_classSource. It always gets
it from its UnlinkedFunctionExecutable. This is ok to do because our CodeCache
currently does not cache UnlinkedFunctionExecutables for class constructors.

  1. The ClassExprNode now tracks the SourceCode range for the class expression. This is used to set m_classSource in the UnlinkedFunctionExecutable at bytecode generation time, and the FunctionExecutable later at bytecode linking time.
  1. Function.prototype.toString() now checks if the function is for a class. If so, it returns the string for the class source instead of just the function source for the class constructor.

Note: the class source is static from the time the class was parsed. This
can introduces some weirdness at runtime. Consider the following:

var v1 = class {}
v1.toString(); yields "class {}".

class c2 extends v1 {}

c2.proto === v1; yields true i.e. c2 extends v1.
c2.toString();
yields "class c2 extends v1 {}" which is fine.

v1 = {}; point v1 to something else now.

c2.proto === v1; now yields false i.e. c2 no longer extends v1.

c2 actually extends the class that v1 used to
point to, but ...

c2.toString(); still yields "class c2 extends v1 {}" which is no longer true.

It is unclear how we can best implement toString() to avoid this issue.
The above behavior is how Chrome (Version 51.0.2671.0 canary (64-bit))
currently implements toString() of a class, and we do the same in this patch.
In Firefox (45.0), toString() of a class will yield the function source of it
constructor function, which is not better.

In this patch, we also added ES6 compliance for Function.name on class objects:

  1. The ClassExprNode now has a m_ecmaName string for tracking the inferred name of a class according to the ES6 spec. The ASTBuilder now mirrors its handling of FuncExprNodes to ClassExprNodes in setting the nodes' m_ecmaName where relevant.

The m_ecmaName is later used to set the m_ecmaName of the FunctionExecutable
of the class constructor, which in turn is used to populate the initial value
of the Function.name property.

  1. Also renamed some variable names (/m_metadata/metadata/) to be consistent with webkit naming convention.
  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedFunctionExecutable.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitNewDefaultConstructor):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::ClassExprNode::emitBytecode):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createYield):
(JSC::ASTBuilder::createClassExpr):
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::makeAssignNode):

  • parser/NodeConstructors.h:

(JSC::FunctionParameters::FunctionParameters):
(JSC::BaseFuncExprNode::BaseFuncExprNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrowFuncExprNode::ArrowFuncExprNode):
(JSC::ClassDeclNode::ClassDeclNode):
(JSC::ClassExprNode::ClassExprNode):

  • parser/Nodes.h:

(JSC::ExpressionNode::isDestructuringNode):
(JSC::ExpressionNode::isFuncExprNode):
(JSC::ExpressionNode::isArrowFuncExprNode):
(JSC::ExpressionNode::isClassExprNode):
(JSC::ExpressionNode::isCommaNode):
(JSC::ExpressionNode::isSimpleArray):
(JSC::ExpressionNode::isAdd):

  • parser/Parser.cpp:

(JSC::stringForFunctionMode):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClass):

  • parser/ParserFunctionInfo.h:
  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createEmptyLetExpression):
(JSC::SyntaxChecker::createYield):
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionMetadata):
(JSC::SyntaxChecker::createArrowFunctionExpr):

  • runtime/Executable.cpp:

(JSC::FunctionExecutable::FunctionExecutable):
(JSC::FunctionExecutable::finishCreation):

  • runtime/Executable.h:
  • runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

  • tests/es6.yaml:

LayoutTests:

  • js/class-syntax-name-expected.txt:
  • js/script-tests/class-syntax-name.js:

(shouldBe):
(shouldBeTrue):

  • Rebased expected result.
  • js/function-toString-vs-name.html:
  • js/script-tests/function-toString-vs-name.js:
  • Added new tests for class.
  • platform/mac/inspector/model/remote-object-expected.txt:
  • Rebased expected result.
1:07 PM BuildingGtk edited by clopez@igalia.com
(diff)
1:06 PM BuildingGtk edited by clopez@igalia.com
(diff)
1:05 PM BuildingGtk edited by clopez@igalia.com
(diff)
12:59 PM Changeset in webkit [198041] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Creating and releasing a WKBackForwardListItem crashes
https://bugs.webkit.org/show_bug.cgi?id=155376
rdar://problem/17377712

Reviewed by Dan Bernstein.

Make init unavailable.

  • UIProcess/API/Cocoa/WKBackForwardListItem.h:
12:26 PM Changeset in webkit [198040] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

iOS-sim debug: WebCoreNSURLSessionTest.BasicOperation and WebCoreNSURLSessionTest.InvalidateEmpty asserting
https://bugs.webkit.org/show_bug.cgi?id=155256

Reviewed by Alexey Proskuryakov.

r197628 consolidated the runtime application checking code for iOS and
Mac. However, while the new code works fine for WebKit2, it is unsafe
on WebKit1 / iOS and hits assertion in debug. The reason is that
applicationBundleIdentifier() for getting called from several threads
(WebThread, UIThread).

To address the problem, this patch renames applicationBundleIdentifier()
to applicationBundleIdentifierOverride() and only initializes the
override upon WebProcess and Network process initialization. We therefore
do not initialize the override in WebKit1 or in the WebKit2 UIProcess.
When the override is not set, we fall back to using the main bundle
identifier (which does the right thing for WebKit1 / WebKit2 UIProcess)
but without caching it to avoid thread safety issues.

No new tests, already covered by API tests currently crashing.

  • platform/RuntimeApplicationChecks.mm:

(WebCore::applicationBundleIdentifierOverride):

  • Renamed applicationBundleIdentifier() to applicationBundleIdentifierOverride() and only initialize upon initialization of the WebProcess or the Network process.
  • In debug, set a flag to indicate that the override was already queried.

(WebCore::applicationBundleIdentifier):
New utility function that is returns the application bundle override if it is
set and fallback to calling [[NSBundle mainBundle] bundleIdentifier] otherwise.

(WebCore::setApplicationBundleIdentifier):
Add assertions to make sure that:

  1. This is always called from the main thread.
  2. The application bundle identifier has not been queried *before* getting overriden as this would indicate a bug in our code and we would have wrongly returned the main bundle identifier in such case.

(WebCore::MacApplication::isAppleMail):
(WebCore::MacApplication::isIBooks):
(WebCore::MacApplication::isITunes):
(WebCore::MacApplication::isMicrosoftMessenger):
(WebCore::MacApplication::isAdobeInstaller):
(WebCore::MacApplication::isMicrosoftOutlook):
(WebCore::MacApplication::isQuickenEssentials):
(WebCore::MacApplication::isAperture):
(WebCore::MacApplication::isVersions):
(WebCore::MacApplication::isHRBlock):
(WebCore::MacApplication::isHipChat):
(WebCore::IOSApplication::isMobileSafari):
(WebCore::IOSApplication::isDumpRenderTree):
(WebCore::IOSApplication::isMobileStore):
(WebCore::IOSApplication::isFacebook):
(WebCore::IOSApplication::isDaijisenDictionary):
(WebCore::IOSApplication::isNASAHD):
(WebCore::IOSApplication::isTheEconomistOnIphone):
(WebCore::IOSApplication::isWebProcess):
(WebCore::IOSApplication::isIBooks):
Drop assertions making sure the cached flag is correct. We now have
an assertion to detect this earlier in setApplicationBundleIdentifier().

12:04 PM Changeset in webkit [198039] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking imported/blink/fast/multicol/dynamic/multicol-with-abspos-svg-with-foreignobject-with-multicol-crash.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=155339

Unreviewed test gardening.

This test is a flaky crash on ios-simulator debug.

  • platform/ios-simulator/TestExpectations:
12:01 PM Changeset in webkit [198038] by bshafiei@apple.com
  • 5 edits
    1 delete in tags/Safari-602.1.22/Source/JavaScriptCore

Merged r198024.

11:54 AM Changeset in webkit [198037] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Follow-up to:

_WKPreviewAction should be in an internal header
https://bugs.webkit.org/show_bug.cgi?id=155370

Rubber-stamped by Dan Bernstein.

  • UIProcess/API/Cocoa/_WKPreviewActionInternal.h:
11:37 AM Changeset in webkit [198036] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking inspector/heap/getPreview.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=155312

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
11:35 AM Changeset in webkit [198035] by jer.noble@apple.com
  • 5 edits in trunk/Source/WebCore

Web Audio becomes distorted after sample rate changes
https://bugs.webkit.org/show_bug.cgi?id=154538
<rdar://problem/24771292>

Reviewed by Darin Adler.

When the underlying audio hardware sample rate changes, the AudioUnit render callback will begin asking
for fewer or more frames. For example, when the sample rate goes from 44.1kHz to 48kHz, it will ask for
118 samples instead of 128. (And vice-versa, 140 samples instead of 128.) But the Web Audio engine can only
really handle requests in multiples of 128 samples. In the case where there are requests for < 128 samples,
actually render 128, but save off the unrequested samples in a separate bus. Then fill that bus during the
next request.

  • platform/audio/AudioBus.cpp:

(WebCore::AudioBus::copyFromRange): Added utility method.

  • platform/audio/AudioBus.h:
  • platform/audio/ios/AudioDestinationIOS.cpp:

(WebCore::AudioDestinationIOS::AudioDestinationIOS): Create a "spare" bus.
(WebCore::assignAudioBuffersToBus): Moved from inside render.
(WebCore::AudioDestinationIOS::render): Save off extra samples to the "spare" bus.

  • platform/audio/ios/AudioDestinationIOS.h:
11:30 AM Changeset in webkit [198034] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking css3/masking/mask-luminance-svg.html and css3/masking/mask-svg-script-none-to-png.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=155372.

Unreviewed test gardening.

These two tests are flaky crashes on ios-simulator debug.

  • platform/ios-simulator/TestExpectations:
11:29 AM Changeset in webkit [198033] by Beth Dakin
  • 5 edits
    1 add in trunk/Source/WebKit2

_WKPreviewAction should be in an internal header
https://bugs.webkit.org/show_bug.cgi?id=155370

Reviewed by Tim Horton.

Move _WKPreviewAction to an Internal header since only the protocol needs to
be SPI.

  • UIProcess/API/Cocoa/_WKPreviewAction.h:
  • UIProcess/API/Cocoa/_WKPreviewAction.mm:
  • UIProcess/API/Cocoa/_WKPreviewActionInternal.h: Added.
  • UIProcess/ios/WKContentViewInteraction.mm:
  • WebKit2.xcodeproj/project.pbxproj:
11:05 AM Changeset in webkit [198032] by bshafiei@apple.com
  • 3 edits
    3 deletes in tags/Safari-602.1.22

Merged r198027.

11:03 AM Changeset in webkit [198031] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

11:02 AM Changeset in webkit [198030] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.22

New tag.

10:52 AM Changeset in webkit [198029] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[jhbuild] Disable LLVM OCaml bindings.
https://bugs.webkit.org/show_bug.cgi?id=153274

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-11
Reviewed by Michael Catanzaro.

  • gtk/jhbuild.modules: disable all (actually only OCaml) bindings for LLVM.
10:48 AM Changeset in webkit [198028] by Yusuke Suzuki
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r198023.
https://bugs.webkit.org/show_bug.cgi?id=155024

Reviewed by Geoffrey Garen.

Update binding test results.

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::setJSTestObjWithScriptExecutionContextAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):

10:36 AM Changeset in webkit [198027] by Ryan Haddad
  • 3 edits
    3 deletes in trunk

Unreviewed, rolling out r197984.

This change caused an existing LayoutTest to fail

Reverted changeset:

"WebKit should not be redirected to an invalid URL"
https://bugs.webkit.org/show_bug.cgi?id=155263
http://trac.webkit.org/changeset/197984

10:30 AM Changeset in webkit [198026] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Make it possible to disable TimelineRuler UI
https://bugs.webkit.org/show_bug.cgi?id=155348
<rdar://problem/25103505>

Reviewed by Timothy Hatcher.

Adds an "enabled" property to TimelineRuler, allowing the selection UI
to be disabled without removing the current selection.

  • UserInterface/Views/TimelineRuler.css:

(.timeline-ruler.allows-time-range-selection:not(.disabled)):
(.timeline-ruler > .selection-drag):
(.timeline-ruler:not(.disabled) > .selection-drag):
(.timeline-ruler:not(.disabled) > .selection-drag:active):
(.timeline-ruler.disabled > .selection-handle):
(.timeline-ruler.allows-time-range-selection): Deleted.
(.timeline-ruler > .selection-drag:active): Deleted.
Updated ruler styles for "disabled" state: pointer events are disabled,
selection handles hidden, and the default cursor is shown.

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler):
(WebInspector.TimelineRuler.prototype.get enabled):
(WebInspector.TimelineRuler.prototype.set enabled):
New property.
(WebInspector.TimelineRuler.prototype._handleClick):
Corrected code which always reset the pointer events to "all", instead
of setting it back to the original value.

10:02 AM Changeset in webkit [198025] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Unreviewed, rolling out r197495.
https://bugs.webkit.org/show_bug.cgi?id=155369

LLVM is needed to run update-webkitgtk-libs reliably
(Requested by mcatanzaro on #webkit).

Reverted changeset:

"[jhbuild] Remove LLVM dependency."
https://bugs.webkit.org/show_bug.cgi?id=153274
http://trac.webkit.org/changeset/197495

9:51 AM Changeset in webkit [198024] by commit-queue@webkit.org
  • 5 edits
    1 delete in trunk/Source/JavaScriptCore

Unreviewed, rolling out r197994.
https://bugs.webkit.org/show_bug.cgi?id=155368

Broke several ARM tests (Requested by msaboff on #webkit).

Reverted changeset:

"[JSC] Add register reuse for ArithAdd of an Int32 and
constant in DFG"
https://bugs.webkit.org/show_bug.cgi?id=155164
http://trac.webkit.org/changeset/197994

9:28 AM Changeset in webkit [198023] by Yusuke Suzuki
  • 116 edits
    4 adds in trunk

[ES6] Implement Reflect.set without receiver support
https://bugs.webkit.org/show_bug.cgi?id=155024

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This patch implements Reflect.set.
The challenge in this patch is Reflect.set requires boolean result of Set?,
this is not propagated in the previous JSC put implementation.

This patch changes the put and putByIndex signature from void put(...) and void putByIndex(...) to bool put(...) and bool putByIndex(...),
more consistent style to the ECMA262 spec's Set?.

This patch modifies so many part of WebKit. But almost all the changes are mechanical ones.

Currently, this patch does not support receiver modification support.
This will be supported in the subsequent patch[1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=155294

  • API/JSCallbackObject.h:
  • API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::put):
(JSC::JSCallbackObject<Parent>::putByIndex):

  • debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::put):

  • debugger/DebuggerScope.h:
  • jsc.cpp:

(WTF::RuntimeArray::put):

  • runtime/ClassInfo.h:
  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::put):

  • runtime/ClonedArguments.h:
  • runtime/CustomGetterSetter.cpp:

(JSC::callCustomSetter):

  • runtime/CustomGetterSetter.h:
  • runtime/GenericArguments.h:
  • runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::put):
(JSC::GenericArguments<Type>::putByIndex):

  • runtime/GetterSetter.cpp:

(JSC::callSetter):

  • runtime/GetterSetter.h:
  • runtime/JSArray.cpp:

(JSC::JSArray::defineOwnProperty):
(JSC::JSArray::put):
(JSC::JSArray::push):

  • runtime/JSArray.h:
  • runtime/JSArrayBuffer.cpp:

(JSC::JSArrayBuffer::put):

  • runtime/JSArrayBuffer.h:
  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::put):

  • runtime/JSArrayBufferView.h:
  • runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::put):
(JSC::JSValue::putInline):
(JSC::JSValue::putByIndex):

  • runtime/JSCell.cpp:

(JSC::JSCell::put):
(JSC::JSCell::putByIndex):

  • runtime/JSCell.h:
  • runtime/JSDataView.cpp:

(JSC::JSDataView::put):

  • runtime/JSDataView.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):

  • runtime/JSFunction.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):

  • runtime/JSGlobalLexicalEnvironment.cpp:

(JSC::JSGlobalLexicalEnvironment::put):

  • runtime/JSGlobalLexicalEnvironment.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::put):

  • runtime/JSGlobalObject.h:
  • runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::put):

  • runtime/JSLexicalEnvironment.h:
  • runtime/JSModuleEnvironment.cpp:

(JSC::JSModuleEnvironment::put):

  • runtime/JSModuleEnvironment.h:
  • runtime/JSModuleNamespaceObject.cpp:

(JSC::JSModuleNamespaceObject::put):
(JSC::JSModuleNamespaceObject::putByIndex):

  • runtime/JSModuleNamespaceObject.h:
  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::instantiateDeclarations):

  • runtime/JSObject.cpp:

(JSC::JSObject::put):
(JSC::JSObject::putInlineSlow):
(JSC::JSObject::putByIndex):
(JSC::JSObject::putGetter):
(JSC::JSObject::putSetter):
(JSC::JSObject::putDirectAccessor):
(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::putIndexedDescriptor):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
(JSC::JSObject::attemptToInterceptPutByIndexOnHole):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectNativeIntrinsicGetter):
(JSC::JSObject::putDirectNativeFunction):
(JSC::JSObject::putDirectMayBeIndex):
(JSC::validateAndApplyPropertyDescriptor):

  • runtime/JSObject.h:

(JSC::JSObject::putByIndexInline):
(JSC::JSObject::putDirect):

  • runtime/JSObjectInlines.h:

(JSC::JSObject::putInline):

  • runtime/JSProxy.cpp:

(JSC::JSProxy::put):
(JSC::JSProxy::putByIndex):

  • runtime/JSProxy.h:
  • runtime/JSSymbolTableObject.h:

(JSC::symbolTablePut):
(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet):

  • runtime/Lookup.h:

(JSC::putEntry):
(JSC::lookupPut):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performPut):
(JSC::ProxyObject::put):
(JSC::ProxyObject::putByIndexCommon):
(JSC::ProxyObject::putByIndex):

  • runtime/ProxyObject.h:
  • runtime/PutPropertySlot.h:
  • runtime/ReflectObject.cpp:

(JSC::reflectObjectSet):

  • runtime/RegExpConstructor.cpp:

(JSC::setRegExpConstructorInput):
(JSC::setRegExpConstructorMultiline):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::defineOwnProperty):
(JSC::regExpObjectSetLastIndexStrict):
(JSC::regExpObjectSetLastIndexNonStrict):
(JSC::RegExpObject::put):

  • runtime/RegExpObject.h:
  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayEntry::put):

  • runtime/SparseArrayValueMap.h:
  • runtime/StringObject.cpp:

(JSC::StringObject::put):
(JSC::StringObject::putByIndex):

  • runtime/StringObject.h:
  • tests/es6.yaml:
  • tests/modules/namespace.js:
  • tests/stress/reflect-set.js: Added.

(shouldBe):
(shouldThrow):
(receiverCase.object2.set Cocoa):
(receiverCase):
(proxyCase):
(objectCase.set get shouldBe):
(objectCase.get shouldBe):
(arrayCase.set get shouldBe):
(arrayCase.get shouldBe):
(arrayBufferCase.set get shouldBe):
(arrayBufferCase.get shouldBe):
(set get shouldBe):
(get shouldBe):
(argumentCase.test1):
(argumentCase.test2):
(argumentCase.test3):
(argumentCase.test4.set get shouldBe):
(argumentCase.test5.get shouldBe):
(argumentStrictCase.test1):
(argumentStrictCase.test2):
(argumentStrictCase.test3):
(argumentStrictCase.test4.set get shouldBe):
(argumentStrictCase.test5.get shouldBe):
(stringObjectCase.set get shouldBe):
(stringObjectCase.get shouldBe):
(customSetter.test1):
(customSetter.test2):
(customSetter.test3):
(customSetter):
(regExpLastIndex):
(functionCase.func):

Source/WebCore:

CustomSetter returns boolean value that indicates the result of Set?.
According to this change, this patch modifies the CodeGeneratorJS and test results.

Currently, DOM elements' Set? return true when the setter is found.
This is good for the first step.

  • bindings/js/JSCSSStyleDeclarationCustom.cpp:

(WebCore::JSCSSStyleDeclaration::putDelegate):

  • bindings/js/JSDOMBinding.cpp:

(WebCore::throwSetterTypeError):

  • bindings/js/JSDOMBinding.h:
  • bindings/js/JSDOMStringMapCustom.cpp:

(WebCore::JSDOMStringMap::putDelegate):

  • bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::updateDocument):

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::put):
(WebCore::JSDOMWindow::putByIndex):

  • bindings/js/JSHTMLAppletElementCustom.cpp:

(WebCore::JSHTMLAppletElement::putDelegate):

  • bindings/js/JSHTMLEmbedElementCustom.cpp:

(WebCore::JSHTMLEmbedElement::putDelegate):

  • bindings/js/JSHTMLObjectElementCustom.cpp:

(WebCore::JSHTMLObjectElement::putDelegate):

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate):
(WebCore::JSLocationPrototype::putDelegate):

  • bindings/js/JSPluginElementFunctions.cpp:

(WebCore::pluginElementCustomPut):

  • bindings/js/JSPluginElementFunctions.h:
  • bindings/js/JSStorageCustom.cpp:

(WebCore::JSStorage::putDelegate):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):
(GeneratePrototypeDeclaration):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::setJSTestActiveDOMObjectConstructor):

  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::setJSTestClassWithJSBuiltinConstructorConstructor):

  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::setJSTestCustomConstructorWithNoInterfaceObjectConstructor):

  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::setJSTestCustomNamedGetterConstructor):

  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::setJSTestEventConstructorConstructor):

  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::setJSTestEventTargetConstructor):

  • bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::setJSTestExceptionConstructor):

  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::setJSTestGenerateIsReachableConstructor):

  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::setJSTestInterfaceConstructor):
(WebCore::JSTestInterface::put):
(WebCore::JSTestInterface::putByIndex):
(WebCore::setJSTestInterfaceConstructorImplementsStaticAttr):
(WebCore::setJSTestInterfaceImplementsStr2):
(WebCore::setJSTestInterfaceImplementsStr3):
(WebCore::setJSTestInterfaceImplementsNode):
(WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::setJSTestInterfaceSupplementalStr2):
(WebCore::setJSTestInterfaceSupplementalStr3):
(WebCore::setJSTestInterfaceSupplementalNode):

  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:

(WebCore::setJSTestJSBuiltinConstructorConstructor):
(WebCore::setJSTestJSBuiltinConstructorTestAttributeRWCustom):

  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::setJSTestMediaQueryListListenerConstructor):

  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::setJSTestNamedConstructorConstructor):

  • bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::setJSTestNodeConstructor):
(WebCore::setJSTestNodeName):

  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:

(WebCore::setJSTestNondeterministicConstructor):
(WebCore::setJSTestNondeterministicNondeterministicWriteableAttr):
(WebCore::setJSTestNondeterministicNondeterministicExceptionAttr):
(WebCore::setJSTestNondeterministicNondeterministicGetterExceptionAttr):
(WebCore::setJSTestNondeterministicNondeterministicSetterExceptionAttr):

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::setJSTestObjConstructor):
(WebCore::setJSTestObjConstructorStaticStringAttr):
(WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
(WebCore::setJSTestObjEnumAttr):
(WebCore::setJSTestObjByteAttr):
(WebCore::setJSTestObjOctetAttr):
(WebCore::setJSTestObjShortAttr):
(WebCore::setJSTestObjUnsignedShortAttr):
(WebCore::setJSTestObjLongAttr):
(WebCore::setJSTestObjLongLongAttr):
(WebCore::setJSTestObjUnsignedLongLongAttr):
(WebCore::setJSTestObjStringAttr):
(WebCore::setJSTestObjTestObjAttr):
(WebCore::setJSTestObjLenientTestObjAttr):
(WebCore::setJSTestObjStringAttrTreatingNullAsEmptyString):
(WebCore::setJSTestObjXMLObjAttr):
(WebCore::setJSTestObjCreate):
(WebCore::setJSTestObjReflectedStringAttr):
(WebCore::setJSTestObjReflectedIntegralAttr):
(WebCore::setJSTestObjReflectedUnsignedIntegralAttr):
(WebCore::setJSTestObjReflectedBooleanAttr):
(WebCore::setJSTestObjReflectedURLAttr):
(WebCore::setJSTestObjReflectedCustomIntegralAttr):
(WebCore::setJSTestObjReflectedCustomBooleanAttr):
(WebCore::setJSTestObjReflectedCustomURLAttr):
(WebCore::setJSTestObjTypedArrayAttr):
(WebCore::setJSTestObjAttrWithGetterException):
(WebCore::setJSTestObjAttrWithGetterExceptionWithMessage):
(WebCore::setJSTestObjAttrWithSetterException):
(WebCore::setJSTestObjAttrWithSetterExceptionWithMessage):
(WebCore::setJSTestObjStringAttrWithGetterException):
(WebCore::setJSTestObjStringAttrWithSetterException):
(WebCore::setJSTestObjStrictTypeCheckingAttribute):
(WebCore::setJSTestObjCustomAttr):
(WebCore::setJSTestObjOnfoo):
(WebCore::setJSTestObjWithScriptStateAttribute):
(WebCore::setJSTestObjWithCallWithAndSetterCallWithAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttribute):
(WebCore::setJSTestObjWithScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute):
(WebCore::setJSTestObjConditionalAttr1):
(WebCore::setJSTestObjConditionalAttr2):
(WebCore::setJSTestObjConditionalAttr3):
(WebCore::setJSTestObjConditionalAttr4Constructor):
(WebCore::setJSTestObjConditionalAttr5Constructor):
(WebCore::setJSTestObjConditionalAttr6Constructor):
(WebCore::setJSTestObjAnyAttribute):
(WebCore::setJSTestObjMutablePoint):
(WebCore::setJSTestObjImmutablePoint):
(WebCore::setJSTestObjStrawberry):
(WebCore::setJSTestObjStrictFloat):
(WebCore::setJSTestObjId):
(WebCore::setJSTestObjReplaceableAttribute):
(WebCore::setJSTestObjNullableLongSettableAttribute):
(WebCore::setJSTestObjNullableStringSettableAttribute):
(WebCore::setJSTestObjNullableStringValue):
(WebCore::setJSTestObjAttributeWithReservedEnumType):
(WebCore::setJSTestObjPutForwardsAttribute):
(WebCore::setJSTestObjPutForwardsNullableAttribute):

  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::setJSTestOverloadedConstructorsConstructor):

  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::setJSTestOverrideBuiltinsConstructor):

  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::setJSTestSerializedScriptValueInterfaceConstructor):
(WebCore::setJSTestSerializedScriptValueInterfaceValue):
(WebCore::setJSTestSerializedScriptValueInterfaceCachedValue):

  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::setJSTestTypedefsConstructor):
(WebCore::setJSTestTypedefsUnsignedLongLongAttr):
(WebCore::setJSTestTypedefsImmutableSerializedScriptValue):
(WebCore::setJSTestTypedefsAttrWithGetterException):
(WebCore::setJSTestTypedefsAttrWithSetterException):
(WebCore::setJSTestTypedefsStringAttrWithGetterException):
(WebCore::setJSTestTypedefsStringAttrWithSetterException):

  • bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::setJSattributeConstructor):

  • bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::setJSreadonlyConstructor):

  • bridge/c/c_runtime.cpp:

(JSC::Bindings::CField::setValueToInstance):

  • bridge/c/c_runtime.h:
  • bridge/jsc/BridgeJSC.h:

(JSC::Bindings::Instance::put):

  • bridge/objc/objc_runtime.h:
  • bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcField::setValueToInstance):
(JSC::Bindings::ObjcArray::setValueAt):
(JSC::Bindings::ObjcFallbackObjectImp::put):

  • bridge/runtime_array.cpp:

(JSC::RuntimeArray::put):
(JSC::RuntimeArray::putByIndex):

  • bridge/runtime_array.h:
  • bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::put):

  • bridge/runtime_object.h:

Source/WebKit/mac:

As the same to NPJSObject, we just propagate the returned value of NetscapePluginInstanceProxy::setProperty.

  • Plugins/Hosted/ProxyInstance.h:
  • Plugins/Hosted/ProxyInstance.mm:

(WebKit::ProxyField::setValueToInstance):
(WebKit::ProxyInstance::setFieldValue):

Source/WebKit2:

NPJSObject::setProperty may call methodTable()->put operation, but we intentionally do not propagate it to the caller's ::put.
In the current implementation, we just use the result of ::setProperty call.
This is true when ::setProperty attempts to call methodTable()->put.
In ::setProperty, after calling methodTable()->put, ::setProperty function clears the exception state.
So this is not the same semantics to the simple data property store. Rather, this is like the accessor.
In ECMA262 Set?, it returns true if there is a setter. So we just use the returned value of ::setProperty.
This indicates that there is a setter for the given Set? operation.

  • WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::put):

  • WebProcess/Plugins/Netscape/JSNPObject.h:

LayoutTests:

  • js/dom/reflect-set-onto-dom-expected.txt: Added.
  • js/dom/reflect-set-onto-dom.html: Added.
  • js/dom/script-tests/reflect-set-onto-dom.js: Added.
8:57 AM Changeset in webkit [198022] by BJ Burg
  • 5 edits in trunk/Source/JavaScriptCore

Web Inspector: generated initWithPayload: protocol object initializers should recursively decode array and object members
https://bugs.webkit.org/show_bug.cgi?id=155337
<rdar://problem/25098357>

Reviewed by Timothy Hatcher.

In cases where an object member is itself an object or array, we were
not calling initWithPayload: on the object member itself. So, this caused
a runtime error when constructing the outer object because the generated
code casted the NSDictionary/NSArray into the member's protocol object type.

  • inspector/scripts/codegen/objc_generator.py:

(ObjCGenerator.payload_to_objc_expression_for_member):
Do a straightforward call to initWithPayload: for objects. For arrays,
call a templated helper function which does the same thing. The helper
is used to make this array decoding fit into a single generated expression.

Rebaseline relevant test results.

  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
8:20 AM Changeset in webkit [198021] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197695 - [JSC] Improve and64() and or64() with immediate on x86
https://bugs.webkit.org/show_bug.cgi?id=155104

Reviewed by Geoffrey Garen.

GetButterflyReadOnly was doing:

movq 0x8(%rbx), %r9
movq $0xfffffffffffffffc, %r11
andq %r11, %r9

There is no need for the move to load the immediate,
andq sign extend its immediate.

With this patch, we have:

movq 0x8(%rbx), %r9
andq $0xfffffffffffffffc, %r9

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::and64):
(JSC::MacroAssemblerX86_64::or64):

7:54 AM Changeset in webkit [198020] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r197956): WebContent process crashes on launch due to unrecognized selector
<http://webkit.org/b/155356>

Reviewed by Alexey Proskuryakov.

  • platform/mac/ScrollableAreaMac.mm:

(WebCore::ScrollableArea::systemLanguageIsRTL): Add
-respondsToSelector: check.

7:10 AM Changeset in webkit [198019] by youenn.fablet@crf.canon.fr
  • 8 edits in trunk

WTF should have a similar function as equalLettersIgnoringASCIICase to match beginning of strings
https://bugs.webkit.org/show_bug.cgi?id=153419

Reviewed by Darin Adler.

Source/WebCore:

Covered by added unint tests.

  • Modules/fetch/FetchHeaders.cpp:

(WebCore::isForbiddenHeaderName): Using startsWithLettersIgnoringASCIICase.

Source/WTF:

Introducing startsWithLettersIgnoringASCIICase, to check the beginning of a string.
Moving some code from WTF::equalLettersIgnoringASCIICaseCommonWithoutLength in
WTF::hasPrefixWithLettersIgnoringASCIICaseCommon to enable reuse in
WTF::startsWithLettersIgnoringASCIICaseCommon.

  • wtf/text/StringCommon.h:

(WTF::hasPrefixWithLettersIgnoringASCIICaseCommon):
(WTF::equalLettersIgnoringASCIICaseCommonWithoutLength):
(WTF::startsWithLettersIgnoringASCIICaseCommonWithoutLength):
(WTF::startsWithLettersIgnoringASCIICaseCommon):

  • wtf/text/StringImpl.h:

(WTF::startsWithLettersIgnoringASCIICase):

  • wtf/text/WTFString.h:

(WTF::startsWithLettersIgnoringASCIICase):

Tools:

  • TestWebKitAPI/Tests/WTF/StringOperators.cpp:

(TestWebKitAPI::TEST): Adding test case for startsWithLettersIgnoringASCIICase.

6:45 AM Changeset in webkit [198018] by Carlos Garcia Campos
  • 5 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge - 197688 - [JSC] Simplify the overflow check of ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=155063

Reviewed by Geoffrey Garen.

The only integer that overflow abs(int32) is INT_MIN.
For some reason, our code testing for that case
was checking the top bit of the result specifically.

The code required a large immediate on x86 and an extra
register on ARM64.

This patch turns the overflow check into a branch on
the sign of the result.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):

  • jit/ThunkGenerators.cpp:

(JSC::absThunkGenerator):

  • tests/stress/arith-abs-overflow.js: Added.

(opaqueAbs):

6:37 AM Changeset in webkit [198017] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197687 - [JSC] Improve how DFG zero Floating Point registers
https://bugs.webkit.org/show_bug.cgi?id=155096

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Geoffrey Garen.

DFG had a weird way of zeroing a FPR:

-zero a GP.
-move that to a FP.

Filip added moveZeroToDouble() for B3. This patch
uses that in the lower tiers.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::moveZeroToDouble):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):

  • jit/ThunkGenerators.cpp:

(JSC::floorThunkGenerator):
(JSC::roundThunkGenerator):

Fix the ARM build after r197687
https://bugs.webkit.org/show_bug.cgi?id=155128

Reviewed by Saam Barati.

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::moveZeroToDouble):

6:28 AM Changeset in webkit [198016] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197686 - REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
<https://webkit.org/b/154812>

Reviewed by Geoffrey Garen.

Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
profiling data.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):

6:28 AM Changeset in webkit [198015] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197305 - REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

6:28 AM Changeset in webkit [198014] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197303 - Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

6:14 AM Changeset in webkit [198013] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197685 - [JSC] Remove a useless "Move" from baseline-JIT op_mul's fast path
https://bugs.webkit.org/show_bug.cgi?id=155071

Reviewed by Geoffrey Garen.

We do not need to multiply to a scratch and then move the result
to the destination. We can just multiply to the destination.

  • jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_mul):

  • jit/JITMulGenerator.cpp:

(JSC::JITMulGenerator::generateFastPath):

6:05 AM Changeset in webkit [198012] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197680 - Make RenderStyle copy-on-write a bit less.
<https://webkit.org/b/155106>

Reviewed by Antti Koivisto.

Add a cheesy SET_NESTED_VAR macro complement to SET_VAR so we can avoid copy-on-write
detachment of nested RenderStyle substructures when the leaf value doesn't change.

I spotted about 300kB of these mistakes being made during PLT on iOS, most of them
in the transformX setter.

  • rendering/style/RenderStyle.h:
5:58 AM Changeset in webkit [198011] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197678 - [TextureMapper] [BitmapTexturePool] Use appropriate list size when freeing textures
https://bugs.webkit.org/show_bug.cgi?id=155105

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-07
Reviewed by Žan Doberšek.

Use appropriate list size when releasing the textures used as attachment.
This is a fix for the patch to https://bugs.webkit.org/show_bug.cgi?id=154965.

No new tests because no new functionality was added.

  • platform/graphics/texmap/BitmapTexturePool.cpp:

(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

5:49 AM Changeset in webkit [198010] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197655 - [JSC] Improve DFG's Int32 ArithMul if one operand is a constant
https://bugs.webkit.org/show_bug.cgi?id=155066

Reviewed by Filip Pizlo.

When multiplying an integer by a constant, DFG was doing quite
a bit worse than baseline JIT.
We were loading the constant into a register, doing the multiply,
the checking the result and both operands for negative zero.

This patch changes:
-Use the multiply-by-immediate form on x86.
-Do as few checks as possible to detect negative-zero.

In most cases, this reduce the negative-zero checks
to zero or one TEST+JUMP.

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::mul32):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithMul):

4:59 AM Changeset in webkit [198009] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.10.8

WebKitGTK+ 2.10.8

4:58 AM Changeset in webkit [198008] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.10.8 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.10.8
4:58 AM Changeset in webkit [198007] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r197997 - [GTK] Scrollbars are broken once again with current GTK+ master
https://bugs.webkit.org/show_bug.cgi?id=155292

Reviewed by Michael Catanzaro.

Most of the trough theming properties have been moved to the
scrollbar, and a new gadget "contents" has been added between the
scrollbar and its children.

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Add
left/bottom style classes to ensure the scrollbars border is taken
into account and rendered.
(WebCore::ScrollbarThemeGtk::paintTrackBackground): Also create
style context for contents gadget.
(WebCore::ScrollbarThemeGtk::paintThumb): Ditto.
(WebCore::ScrollbarThemeGtk::paintButton): Ditto.
(WebCore::ScrollbarThemeGtk::scrollbarThickness): Take the
scrollbar border into account.
(WebCore::ScrollbarThemeGtk::buttonSize): Also create style
context for contents gadget.
(WebCore::ScrollbarThemeGtk::getStepperSpacing): Ditto.
(WebCore::ScrollbarThemeGtk::minimumThumbLength): Ditto.
(WebCore::ScrollbarThemeGtk::thumbFatness): Ditto.
(WebCore::ScrollbarThemeGtk::getTroughBorder): Take the scrollbar
border into account.

4:58 AM Changeset in webkit [198006] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r197609 - [GTK] Scrollbars are broken again with GTK+ >= 3.19.11
https://bugs.webkit.org/show_bug.cgi?id=154890

Reviewed by Michael Catanzaro.

Scrollbar style properties have been deprecated in GTK+, and it
seems that now deprecating means keeping the properties but
ignoring them. So, this reworks the whole scrollbars theme code
again to not cache style properties anymore, but retrieve them
from the GtkStyleContext. Previous GTK+ versions still need to
query the style properties, so I've added helper functions to get
all the style properties with the ifdefs, trying to keep the
common render code free of GTK+ versions ifdefs.

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::thumbRect):
(WebCore::ScrollbarThemeGtk::paintTrackBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::buttonSize):
(WebCore::ScrollbarThemeGtk::stepperSize):
(WebCore::ScrollbarThemeGtk::getStepperSpacing):
(WebCore::ScrollbarThemeGtk::troughUnderSteppers):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):
(WebCore::ScrollbarThemeGtk::thumbFatness):
(WebCore::ScrollbarThemeGtk::getTroughBorder):
(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::ScrollbarThemeGtk::handleMousePressEvent):

  • platform/gtk/ScrollbarThemeGtk.h:
4:08 AM Changeset in webkit [198005] by youenn.fablet@crf.canon.fr
  • 6 edits
    4 adds in trunk

[Fetch API] Use DeferredWrapper directly in FetchBody promise handling
https://bugs.webkit.org/show_bug.cgi?id=155291

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/request/request-consume-empty-expected.txt: Added.
  • web-platform-tests/fetch/api/request/request-consume-empty.html: Added.
  • web-platform-tests/fetch/api/response/response-consume-empty-expected.txt: Added.
  • web-platform-tests/fetch/api/response/response-consume-empty.html: Added.

Source/WebCore:

Moved from typed DOMPromise to DeferredWrapper as there can only be one promise resolved.
Started preparing the handling of blobs translation to other resolved types.

Fixed the case of empty body, in which case promises should resolve with empty objects (strings, buffers...) and not null.

Added Consumer structure to handle asynchronous resolution/rejection of promises.
Added preliminary API to resolve promises based on data stored as a Blob.
FetchBodyOwner will be responsible to do/stop blob loading.

Tests: imported/w3c/web-platform-tests/fetch/api/request/request-consume-empty.html

imported/w3c/web-platform-tests/fetch/api/response/response-consume-empty.html

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::processIfEmptyOrDisturbed): Fixed empty body case.
(WebCore::FetchBody::arrayBuffer):
(WebCore::FetchBody::blob):
(WebCore::FetchBody::json):
(WebCore::FetchBody::text):
(WebCore::FetchBody::consume):
(WebCore::FetchBody::consumeText):
(WebCore::FetchBody::loadingType):
(WebCore::FetchBody::consumeBlob):
(WebCore::FetchBody::resolveAsJSON):
(WebCore::FetchBody::loadingFailed):
(WebCore::FetchBody::loadedAsBlob):

  • Modules/fetch/FetchBody.h:

(WebCore::FetchBody::formData):
(WebCore::FetchBody::Consumer::Consumer):

  • Modules/fetch/FetchBody.idl:
  • Modules/fetch/FetchBodyOwner.h:

(WebCore::FetchBodyOwner::arrayBuffer):
(WebCore::FetchBodyOwner::blob):
(WebCore::FetchBodyOwner::formData):
(WebCore::FetchBodyOwner::json):
(WebCore::FetchBodyOwner::text):
(WebCore::FetchBodyOwner::loadBlob):

3:13 AM Changeset in webkit [198004] by yoav@yoav.ws
  • 3 edits
    4 adds
    2 deletes in trunk

Avoid applying link tags with an invalid media attribute
https://bugs.webkit.org/show_bug.cgi?id=143262

Reviewed by Brent Fulgham.

Source/WebCore:

In current HTML spec, unlike HTML4, the UA must not apply <link> based resources
when the media attribute does not match:
https://html.spec.whatwg.org/multipage/semantics.html#attr-link-media

An invalid media attribute parsing creates a non-empty MediaQuerySet
containing a single query with no expressions and no media type.
(and with its m_ignored flag off)

In order to ignore such MediaQueries, I added an extra check that makes sure
that the queries handled by MediaQueryEvaluator::eval have either expressions
or a media type, and if not, they are ignored.

Test: fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html

  • css/MediaQueryEvaluator.cpp:

(WebCore::MediaQueryEvaluator::eval):

LayoutTests:

These tests make sure that when <link rel=stylesheet> is present with an invalid
media attribute, the styles are not being applied.

  • fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt: Added.
  • fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html: Added.
  • fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt: Added.
  • fast/dom/HTMLLinkElement/link-stylesheet-media-type.html: Added.

These tests test the old HTML4 behavior and are no longer relevant.

  • fast/media/media-descriptor-syntax-05.html: Removed.
  • fast/media/media-descriptor-syntax-05-expected.html: Removed.
2:04 AM Changeset in webkit [198003] by fred.wang@free.fr
  • 2 edits in trunk/LayoutTests

Skip content-editable-as-textarea.html on GTK as it uses AX API.

Unreviewed test gardening.

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-11

  • platform/gtk/TestExpectations:
1:44 AM Changeset in webkit [198002] by youenn.fablet@crf.canon.fr
  • 58 edits in trunk/Source/WebCore

[CallWith=ScriptExecutionContext] should pass ScriptExecutionContext to the implementation by reference
https://bugs.webkit.org/show_bug.cgi?id=155297

Reviewed by Darin Adler.

Changing the binding generator to pass ScriptExecutionContext by reference.
Updating DOM classes accordingly.

Covered by existing tests.

  • Modules/encryptedmedia/MediaKeySession.cpp:

(WebCore::MediaKeySession::create):
(WebCore::MediaKeySession::MediaKeySession):

  • Modules/encryptedmedia/MediaKeySession.h:
  • Modules/encryptedmedia/MediaKeys.cpp:

(WebCore::MediaKeys::createSession):

  • Modules/encryptedmedia/MediaKeys.h:
  • Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::clone):

  • Modules/fetch/FetchRequest.h:
  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::clone):

  • Modules/fetch/FetchResponse.h:
  • Modules/indexeddb/IDBCursor.h:

(WebCore::IDBCursor::continueFunction):

  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::lowerValue):
(WebCore::IDBKeyRange::upperValue):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:

(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBObjectStore.h:
  • Modules/indexeddb/IDBOpenDBRequest.cpp:

(WebCore::IDBOpenDBRequest::IDBOpenDBRequest):

  • Modules/indexeddb/IDBOpenDBRequest.h:
  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::IDBRequest):

  • Modules/indexeddb/IDBRequest.h:
  • Modules/indexeddb/client/IDBCursorImpl.cpp:

(WebCore::IDBClient::IDBCursor::continueFunction):
(WebCore::IDBClient::IDBCursor::deleteFunction):

  • Modules/indexeddb/client/IDBCursorImpl.h:
  • Modules/indexeddb/client/IDBFactoryImpl.cpp:

(WebCore::IDBClient::shouldThrowSecurityException):
(WebCore::IDBClient::IDBFactory::getDatabaseNames):
(WebCore::IDBClient::IDBFactory::open):
(WebCore::IDBClient::IDBFactory::openInternal):
(WebCore::IDBClient::IDBFactory::deleteDatabase):
(WebCore::IDBClient::IDBFactory::cmp):

  • Modules/indexeddb/client/IDBFactoryImpl.h:
  • Modules/indexeddb/client/IDBIndexImpl.cpp:

(WebCore::IDBClient::IDBIndex::IDBIndex):
(WebCore::IDBClient::IDBIndex::openCursor):
(WebCore::IDBClient::IDBIndex::count):
(WebCore::IDBClient::IDBIndex::openKeyCursor):
(WebCore::IDBClient::IDBIndex::get):
(WebCore::IDBClient::IDBIndex::getKey):

  • Modules/indexeddb/client/IDBIndexImpl.h:
  • Modules/indexeddb/client/IDBObjectStoreImpl.cpp:

(WebCore::IDBClient::IDBObjectStore::create):
(WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
(WebCore::IDBClient::IDBObjectStore::openCursor):
(WebCore::IDBClient::IDBObjectStore::get):
(WebCore::IDBClient::IDBObjectStore::deleteFunction):
(WebCore::IDBClient::IDBObjectStore::doDelete):
(WebCore::IDBClient::IDBObjectStore::modernDelete):
(WebCore::IDBClient::IDBObjectStore::clear):
(WebCore::IDBClient::IDBObjectStore::createIndex):
(WebCore::IDBClient::IDBObjectStore::index):
(WebCore::IDBClient::IDBObjectStore::count):

  • Modules/indexeddb/client/IDBObjectStoreImpl.h:
  • Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:

(WebCore::IDBClient::IDBOpenDBRequest::createDeleteRequest):
(WebCore::IDBClient::IDBOpenDBRequest::createOpenRequest):
(WebCore::IDBClient::IDBOpenDBRequest::IDBOpenDBRequest):

  • Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
  • Modules/indexeddb/client/IDBRequestImpl.cpp:

(WebCore::IDBClient::IDBRequest::IDBRequest):

  • Modules/indexeddb/client/IDBRequestImpl.h:
  • Modules/indexeddb/client/IDBTransactionImpl.cpp:

(WebCore::IDBClient::IDBTransaction::objectStore):
(WebCore::IDBClient::IDBTransaction::createObjectStore):
(WebCore::IDBClient::IDBTransaction::createIndex):

  • Modules/mediasource/DOMURLMediaSource.cpp:

(WebCore::DOMURLMediaSource::createObjectURL):

  • Modules/mediasource/DOMURLMediaSource.h:
  • Modules/mediastream/DOMURLMediaStream.cpp:

(WebCore::DOMURLMediaStream::createObjectURL):

  • Modules/mediastream/DOMURLMediaStream.h:
  • Modules/mediastream/HTMLMediaElementMediaStream.cpp:

(WebCore::HTMLMediaElementMediaStream::setSrcObject):

  • Modules/mediastream/HTMLMediaElementMediaStream.h:
  • Modules/mediastream/HTMLMediaElementMediaStream.idl:
  • Modules/notifications/Notification.cpp:

(WebCore::Notification::Notification):
(WebCore::Notification::create):
(WebCore::Notification::permission):
(WebCore::Notification::requestPermission):

  • Modules/notifications/Notification.h:
  • Modules/notifications/NotificationCenter.cpp:

(WebCore::NotificationCenter::createNotification):

  • Modules/notifications/NotificationClient.h:
  • Modules/quota/StorageInfo.cpp:

(WebCore::StorageInfo::queryUsageAndQuota):
(WebCore::StorageInfo::requestQuota):

  • Modules/quota/StorageInfo.h:
  • Modules/quota/StorageQuota.h:
  • bindings/js/JSIDBObjectStoreCustom.cpp:

(WebCore::JSIDBObjectStore::createIndex):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallWith):

  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):

  • fileapi/FileReaderSync.cpp:

(WebCore::FileReaderSync::readAsArrayBuffer):
(WebCore::FileReaderSync::readAsBinaryString):
(WebCore::FileReaderSync::readAsText):
(WebCore::FileReaderSync::readAsDataURL):
(WebCore::FileReaderSync::startLoading):

  • fileapi/FileReaderSync.h:

(WebCore::FileReaderSync::readAsText):

  • html/DOMURL.cpp:

(WebCore::DOMURL::createObjectURL):
(WebCore::DOMURL::createPublicURL):
(WebCore::DOMURL::revokeObjectURL):

  • html/DOMURL.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setSrcObject):

  • html/HTMLMediaElement.h:
  • inspector/InspectorIndexedDBAgent.cpp:

(WebCore::InspectorIndexedDBAgent::requestDatabaseNames):

  • page/DOMWindow.h:
  • page/History.h:

(WebCore::History::back):
(WebCore::History::forward):
(WebCore::History::go):

Mar 10, 2016:

11:52 PM Changeset in webkit [198001] by keith_miller@apple.com
  • 1 edit in trunk/Source/JavaScriptCore/ChangeLog

Unreviewed, fix Changelog. git merged poorly.

11:13 PM Changeset in webkit [198000] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

[ES6] Make RegExp.prototype.toString spec compliant
https://bugs.webkit.org/show_bug.cgi?id=155341

Patch by Saam barati <sbarati@apple.com> on 2016-03-10
Reviewed by Filip Pizlo.

Before we were directly calling into the flagsString
function. Instead, we must get the "flags" property
of the thisObject. This will usually call into the flags
getter, but not always. Specifically, you can you a Proxy
to observe this behavior.

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncToString):
(JSC::regExpProtoGetterGlobal):

  • tests/es6.yaml:
  • tests/es6/Proxy_internal_get_calls_RegExp.prototype.toString.js: Added.

(test.get var):
(test.):

  • tests/stress/regexp-prototype-tostring.js: Added.

(assert):
(test):
(test.get var):
(test.):
(let.handler.get switch):
(let.handler):
(get test):
(test.get RegExp):

11:10 PM Changeset in webkit [197999] by sbarati@apple.com
  • 5 edits
    2 adds in trunk

[ES6] Make RegExp.prototype.toString spec compliant
https://bugs.webkit.org/show_bug.cgi?id=155341

Reviewed by Filip Pizlo.

Before we were directly calling into the flagsString
function. Instead, we must get the "flags" property
of the thisObject. This will usually call into the flags
getter, but not always. Specifically, you can you a Proxy
to observe this behavior.

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncToString):
(JSC::regExpProtoGetterGlobal):

  • tests/es6.yaml:
  • tests/es6/Proxy_internal_get_calls_RegExp.prototype.toString.js: Added.

(test.get var):
(test.):

  • tests/stress/regexp-prototype-tostring.js: Added.

(assert):
(test):
(test.get var):
(test.):
(let.handler.get switch):
(let.handler):
(get test):
(test.get RegExp):

11:05 PM Changeset in webkit [197998] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

[GTK] Fix rendering of slider input elements
https://bugs.webkit.org/show_bug.cgi?id=155296

Reviewed by Michael Catanzaro.

Use the new gadgets for newer GTK+ and improve a bit the rendering
for previous versions to better match GTK+.

  • rendering/RenderThemeGtk.cpp:

(WebCore::createStyleContext): Add ScaleContents and
ScaleHighlight parts that are only used with GTK+ 3.19.
(WebCore::RenderThemeGtk::paintSliderTrack): Use a smaller trough,
centered in the given rectangle to better match GTK+. Also render
the hightlight gadget with GTK+ 3.19.
(WebCore::RenderThemeGtk::paintSliderThumb): Also create the style
context for contents gadget.
(WebCore::RenderThemeGtk::adjustSliderThumbSize): Take into
account the slider border when calculating the slider thumb size.

10:59 PM Changeset in webkit [197997] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

[GTK] Scrollbars are broken once again with current GTK+ master
https://bugs.webkit.org/show_bug.cgi?id=155292

Reviewed by Michael Catanzaro.

Most of the trough theming properties have been moved to the
scrollbar, and a new gadget "contents" has been added between the
scrollbar and its children.

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Add
left/bottom style classes to ensure the scrollbars border is taken
into account and rendered.
(WebCore::ScrollbarThemeGtk::paintTrackBackground): Also create
style context for contents gadget.
(WebCore::ScrollbarThemeGtk::paintThumb): Ditto.
(WebCore::ScrollbarThemeGtk::paintButton): Ditto.
(WebCore::ScrollbarThemeGtk::scrollbarThickness): Take the
scrollbar border into account.
(WebCore::ScrollbarThemeGtk::buttonSize): Also create style
context for contents gadget.
(WebCore::ScrollbarThemeGtk::getStepperSpacing): Ditto.
(WebCore::ScrollbarThemeGtk::minimumThumbLength): Ditto.
(WebCore::ScrollbarThemeGtk::thumbFatness): Ditto.
(WebCore::ScrollbarThemeGtk::getTroughBorder): Take the scrollbar
border into account.

10:47 PM Changeset in webkit [197996] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r197986): Don't try to link to undefined $(WEBKIT_SYSTEM_INTERFACE_LIBRARY)

Follow-up build fix for:

AX: Force allow user zoom
<https://bugs.webkit.org/show_bug.cgi?id=155056>

Fixes the following build failure:

ld: library not found for -l-lAccessibility
clang: error: linker command failed with exit code 1 (use -v to see invocation)

  • Configurations/WebKit.xcconfig: Remove

"-l$(WEBKIT_SYSTEM_INTERFACE_LIBRARY)" from OTHER_LDFLAGS since
that macro is not defined, and there is no need to link to
libWebKitSystemInterface.a.

10:12 PM Changeset in webkit [197995] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r197983): Build fails due to missing inline method

Attempt to fix the following build failure:

Undefined symbols for architecture arm64:

"JSC::GenericTypedArrayView<JSC::Uint8ClampedAdaptor>::createUninitialized(unsigned int)", referenced from:

WebCore::ImageBufferData::getData(WebCore::IntRect const&, WebCore::IntSize const&, bool, bool, float) const in ImageBufferDataCG.o

  • platform/graphics/cg/ImageBufferDataCG.cpp: Include some

headers to match FEGaussianBlur.cpp and FilterEffect.cpp.

10:04 PM Changeset in webkit [197994] by commit-queue@webkit.org
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Add register reuse for ArithAdd of an Int32 and constant in DFG
https://bugs.webkit.org/show_bug.cgi?id=155164

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-10
Reviewed by Geoffrey Garen.

Every "inc" in loop was looking like this:

move rX, rY
inc rY
jo 0x230f4a200580

This patch add register Reuse to that case to remove
the extra "move".

  • dfg/DFGOSRExit.h:

(JSC::DFG::SpeculationRecovery::SpeculationRecovery):
(JSC::DFG::SpeculationRecovery::immediate):

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithAdd):

  • tests/stress/arith-add-with-constant-overflow.js: Added.

(opaqueAdd):

9:09 PM Changeset in webkit [197993] by timothy_horton@apple.com
  • 5 edits in trunk/Source/WebCore

Try to fix the iOS 9 build.

  • editing/cocoa/DataDetection.mm:

(WebCore::DataDetection::detectContentInRange):

  • platform/cocoa/DataDetectorsCoreSoftLink.h:
  • platform/cocoa/DataDetectorsCoreSoftLink.mm:
  • platform/spi/cocoa/DataDetectorsCoreSPI.h:
9:01 PM Changeset in webkit [197992] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r197976): Build failure due to missing DDOptionalSource.h header

Follow-up fix for:

Expose additional WKDataDetectorTypes.
<https://bugs.webkit.org/show_bug.cgi?id=155331>

  • platform/spi/cocoa/DataDetectorsCoreSPI.h: Protect

DDOptionalSource.h with version check.

8:52 PM Changeset in webkit [197991] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix Windows build after r197986.

  • accessibility/AccessibilityObject.h:
8:50 PM Changeset in webkit [197990] by jer.noble@apple.com
  • 17 edits in trunk/Source

Set AVURLAssetUsesNoPersistentCacheKey on AVAsset to match caching policy.
https://bugs.webkit.org/show_bug.cgi?id=155117
rdar://problem/6802240

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-03-10
Reviewed by Simon Fraser.

Source/WebCore:

No new tests because no new functionality was added.

This will prevent persistent media caches when webkit is using in memory caching.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerShouldUsePersistentCache): Added.

  • html/HTMLMediaElement.h: Declare mediaPlayerShouldUsePersistentCache().
  • page/ChromeClient.h: Declare mediaPlayerShouldUsePersistentCache().
  • platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerShouldUsePersistentCache): Added.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Set property on AVAssetOptions.

Source/WebKit/mac:

Implement mediaShouldUsePersistentCache to disable media caching when NSURLCache is disabled.

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::mediaShouldUsePersistentCache): Added.

Source/WebKit2:

Make AVAsset AVURLAssetUsesNoPersistentCacheKey match !m_websiteDataStore->isPersistent()
This will prevent persistent media caches when webkit is using in-memory caching.

  • Shared/WebPageCreationParameters.cpp: Add mediaShouldUsePersistentCache.

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters): Add mediaShouldUsePersistentCache.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::mediaShouldUsePersistentCache): Added.

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::m_mediaUsesPersistentCache): Added.

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::mediaShouldUsePersistentCache): Added.

8:25 PM Changeset in webkit [197989] by jer.noble@apple.com
  • 3 edits in trunk

CRASH at WebCore::RenderView::updateVisibleViewportRect
https://bugs.webkit.org/show_bug.cgi?id=155209
<rdar://problem/23997530>

Reviewed by Simon Fraser.

Source/WebCore:

Test: media/video-crash-invisible-autoplay-display-none.html

Between the time when the video element's renderer is created and destroyed, we may have unset the
InvisibleAutoplayNotPermitted restriction. So rather than check for that restriction before
unregistering for the "visible in viewport" notification, unregister only if the renderer
was previously registered.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::willDetachRenderers):

LayoutTests:

(These files were mistakenly landed in a previous commit:)

  • media/video-crash-invisible-autoplay-display-none-expected.txt: Added.
  • media/video-crash-invisible-autoplay-display-none.html: Added.
8:16 PM Changeset in webkit [197988] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebKit/win

Unreviewed build fix after r197953; correct the settings added in r197953.

  • WebView.cpp:

(WebView::notifyPreferencesChanged):

8:03 PM Changeset in webkit [197987] by Alan Bujtas
  • 8 edits in trunk

Simple line layout: Add text-align: justify support.
https://bugs.webkit.org/show_bug.cgi?id=155006

Reviewed by Antti Koivisto.

Source/WebCore:

This patch enables text-align: justify; for simple line layout (only latin text for now).
It speeds up/reduced memory consumption for justified text.

PerformanceTests/Layout/line-layout-simple.html
before text-align: justify support -> mean: 86.20513022288704 runs/s
after -> mean: 96.73972475626084 runs/s

Covered by existing text-align: justify tests.

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForFontAndText):
(WebCore::SimpleLineLayout::LineState::expansionOpportunityCount):
(WebCore::SimpleLineLayout::LineState::expansionOportunity):
(WebCore::SimpleLineLayout::expansionBehavior):
(WebCore::SimpleLineLayout::justifyRuns):
(WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):
(WebCore::SimpleLineLayout::createTextRuns):
(WebCore::SimpleLineLayout::printReason):
(WebCore::SimpleLineLayout::canUseForStyle): Deleted.

  • rendering/SimpleLineLayout.h:
  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::paintFlow):

  • rendering/SimpleLineLayoutResolver.h:

(WebCore::SimpleLineLayout::RunResolver::Run::expansion):
(WebCore::SimpleLineLayout::RunResolver::Run::expansionBehavior):

LayoutTests:

Rebaseline based on simple line layout output.

  • fast/text/whitespace/023-expected.txt:
  • platform/mac/css2.1/t0905-c5525-fltwidth-00-c-g-expected.txt:
7:57 PM Changeset in webkit [197986] by n_wang@apple.com
  • 19 edits
    2 adds in trunk

AX: Force allow user zoom
https://bugs.webkit.org/show_bug.cgi?id=155056

Reviewed by Simon Fraser.

Source/WebCore:

Override the maximum/minimum scale factor when forceAlwaysUserScalable is true.

Test: fast/viewport/ios/force-always-user-scalable.html

  • Configurations/WebCoreTestSupport.xcconfig:
  • page/ViewportConfiguration.cpp:

(WebCore::ViewportConfiguration::minimumScale):

  • page/ViewportConfiguration.h:

(WebCore::ViewportConfiguration::maximumScale):

  • testing/Internals.cpp:

(WebCore::Internals::resetToConsistentState):
(WebCore::Internals::Internals):
(WebCore::Internals::composedTreeAsText):
(WebCore::Internals::setViewportForceAlwaysUserScalable):

  • testing/Internals.h:
  • testing/Internals.idl:

Source/WebKit2:

Linked libAccessibility library so that we can observe the accessibility
setting change for the force always user scalable feature.

  • Configurations/WebKit.xcconfig:
  • UIProcess/API/Cocoa/WKWebView.mm:

(shouldAllowPictureInPictureMediaPlayback):
(forceAlwaysUserScalableChangedCallback):
(-[WKWebView _initializeWithConfiguration:]):
(-[WKWebView dealloc]):
(-[WKWebView _navigationGestureDidEnd]):
(-[WKWebView _updateForceAlwaysUserScalable]):

  • UIProcess/API/Cocoa/WKWebViewInternal.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::setViewportConfigurationMinimumLayoutSize):
(WebKit::WebPageProxy::updateForceAlwaysUserScalable):
(WebKit::WebPageProxy::setMaximumUnobscuredSize):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::disableInspectorNodeSearch):
(WebKit::WebPage::updateForceAlwaysUserScalable):
(WebKit::innerFrameQuad):

LayoutTests:

  • fast/viewport/ios/force-always-user-scalable-expected.txt: Added.
  • fast/viewport/ios/force-always-user-scalable.html: Added.
  • platform/ios-simulator-wk2/TestExpectations:
7:52 PM Changeset in webkit [197985] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for r197983, hopefully.

  • API/WebKitAvailability.h:
6:58 PM Changeset in webkit [197984] by jiewen_tan@apple.com
  • 3 edits
    3 adds in trunk

WebKit should not be redirected to an invalid URL
https://bugs.webkit.org/show_bug.cgi?id=155263
<rdar://problem/22820172>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/navigation/redirect-to-invalid-url.html

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

LayoutTests:

  • http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
  • http/tests/navigation/redirect-to-invalid-url.html: Added.
  • http/tests/navigation/resources/redirect-to-invalid-url-frame.php: Added.
6:46 PM Changeset in webkit [197983] by keith_miller@apple.com
  • 15 edits
    1 copy
    5 adds in trunk/Source/JavaScriptCore

Typed Arrays have no public facing API
https://bugs.webkit.org/show_bug.cgi?id=120112

Reviewed by Geoffrey Garen.

This patch adds a new C-API (an Obj-C API will follow in the future) for Typed Arrays. The API has two sets of
functions. One for Typed Arrays and another for Array Buffers. This API is intended to reflect the use of Typed
Array objects in JS code. There is a method for each of the core TypedArray and Array Buffer methods.
Originally, we were planning on using a separate non-JS object as the backing store instead of a JS Array Buffer
but we decide to defer that idea since there was no good CF/NS API that met all the constraints we needed
(Discussed further below). We also wanted to want until Shared Array Buffers had reached a more finished state
to see what impact they might have on an API.

The API has the following Typed Array construction methods:
1) Create with length (the backing buffer is zero initialized). -- JSObjectMakeTypedArray
2) Create with an existing pointer and a destructor. -- JSObjectMakeTypedArrayFromBytesNoCopy
3) Create with an Array Buffer object. -- JSObjectMakeTypedArrayFromArrayBuffer
4) Create with an Array Buffer object with a given offset and length. -- JSObjectMakeTypedArrayFromArrayBufferWithOffset

The API has the following functions on Typed Array JSObjectRefs:
5) Get access to a temporary void* of the backing store's data. -- JSObjectGetTypedArrayBytesPtr
6) Get the length of a Typed Array object (returns 0 if it is not a Typed Array object). -- JSObjectGetTypedArrayLength
7) Get the byte length of a Typed Array object (returns 0 if it is not a Typed Array object). -- JSObjectGetTypedArrayByteLength
8) Get the byte offset of a Typed Array object (returns 0 if it is not a Typed Array object). -- JSObjectGetTypedArrayByteOffset
9) Get a Typed Array object's Array Buffer backing store. -- JSObjectGetTypedArrayBuffer

The API has the following Array Buffer construction method:
10) Create with an existing pointer and a destructor. -- JSObjectMakeArrayBufferWithBytesNoCopy

The API has the following functions on Array Buffer JSObjectRefs:
11) Get access to a temporary void* of the backing store's data. -- JSObjectGetArrayBufferBytesPtr
12) Get the byte length of an Array Buffer object (returns 0 if it is not an Array Buffer object). -- JSObjectGetArrayBufferByteLength

The API adds the following new typedefs and enumerations:
13) A typedef representing the function pointer type used to deallocate byte pointers provided to constructors. -- JSTypedArrayByesDeallocator
14) An enumeration indicating the Typed Array API type of a JSValueRef. -- JSTypedArrayType

Finally, The API has the following function to get Typed Array Types:
15) Get the Typed Array type of a JS value. -- JSValueGetTypedArrayType

There are a couple of things to note about these functions. Calling JSObjectGetTypedArrayBytesPtr (5) or
JSObjectGetArrayBufferBytesPtr (12) will pin and lock the ArrayBuffer's data for the remaining lifetime of that
ArrayBuffer. This is because, currently, we do not have finalizers for our Array Buffers or Typed Arrays with a
backing ArrayBuffer and adding one would likely incur a non-trivial cost to GC. Also, we do not have a direct
way to make a Typed Array from a pointer with an offset as we do not expect using offsets to be a common use
case of the API.

While it would have been nice to integrate our backing store with CFData or one of its subclasses, it is not
possible to force a CFData/CFMutableData to be both writable and have a fixed size/backing store pointer.
NSData is not writable and CFMutableData can have a fixed pointer if it is allocated with a non-zero capacity
but there is no way for us to force an existing CFMutableData into this state.

  • API/APIUtils.h: Copied from Source/JavaScriptCore/runtime/ArrayBuffer.cpp.

(handleExceptionIfNeeded):
(setException):

  • API/JSBase.h:
  • API/JSObjectRef.cpp:

(handleExceptionIfNeeded): Deleted.

  • API/JSTypedArray.cpp: Added.

(toJSTypedArrayType):
(toTypedArrayType):
(createTypedArray):
(JSValueGetTypedArrayType):
(JSObjectMakeTypedArray):
(JSObjectMakeTypedArrayWithBytesNoCopy):
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
(JSObjectGetTypedArrayBytesPtr):
(JSObjectGetTypedArrayLength):
(JSObjectGetTypedArrayByteLength):
(JSObjectGetTypedArrayByteOffset):
(JSObjectGetTypedArrayBuffer):
(JSObjectMakeArrayBufferWithBytesNoCopy):
(JSObjectGetArrayBufferBytesPtr):
(JSObjectGetArrayBufferByteLength):

  • API/JSTypedArray.h: Added.
  • API/JSValueRef.cpp:

(handleExceptionIfNeeded): Deleted.

  • API/JSValueRef.h:
  • API/JavaScript.h:
  • API/WebKitAvailability.h:
  • API/tests/TypedArrayCTest.cpp: Added.

(id):
(freePtr):
(assertEqualsAsNumber):
(testAccess):
(testConstructors):
(forEachTypedArrayType):
(testTypedArrayCAPI):

  • API/tests/TypedArrayCTest.h: Added.
  • API/tests/testapi.c:

(main):

  • CMakeLists.txt:
  • ForwardingHeaders/JavaScriptCore/JSTypedArray.h: Added.
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • PlatformEfl.cmake:
  • PlatformGTK.cmake:
  • runtime/ArrayBuffer.cpp:

(JSC::ArrayBuffer::transfer):

  • runtime/ArrayBuffer.h:

(JSC::arrayBufferDestructorNull):
(JSC::arrayBufferDestructorDefault):
(JSC::ArrayBufferContents::ArrayBufferContents):
(JSC::ArrayBufferContents::transfer):
(JSC::ArrayBuffer::createAdopted):
(JSC::ArrayBuffer::createFromBytes):
(JSC::ArrayBuffer::ArrayBuffer):
(JSC::ArrayBuffer::pinAndLock):
(JSC::ArrayBufferContents::tryAllocate):
(JSC::ArrayBufferContents::~ArrayBufferContents):

  • shell/PlatformWin.cmake:
6:37 PM Changeset in webkit [197982] by n_wang@apple.com
  • 14 edits
    2 adds in trunk

AX: Implement bounds/position and index related text marker functions using TextIterator
https://bugs.webkit.org/show_bug.cgi?id=154976

Reviewed by Chris Fleizach.

Source/WebCore:

Implemented position and index related text marker calls with TextIterator. Also fixed some
VoiceOver navigation issues.

Test: accessibility/mac/text-marker-for-index.html

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
(WebCore::AXObjectCache::shouldSkipBoundary):
(WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::nextBoundary):
(WebCore::AXObjectCache::previousBoundary):
(WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
(WebCore::AXObjectCache::localCaretRectForCharacterOffset):
(WebCore::AXObjectCache::absoluteCaretBoundsForCharacterOffset):
(WebCore::AXObjectCache::characterOffsetForPoint):
(WebCore::AXObjectCache::characterOffsetForBounds):
(WebCore::AXObjectCache::endCharacterOffsetOfLine):
(WebCore::AXObjectCache::startCharacterOffsetOfLine):
(WebCore::AXObjectCache::characterOffsetForIndex):
(WebCore::AXObjectCache::indexForCharacterOffset):
(WebCore::AXObjectCache::rootAXEditableElement):

  • accessibility/AXObjectCache.h:
  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::visiblePositionRangeForRange):
(WebCore::AccessibilityObject::rangeForPlainTextRange):
(WebCore::AccessibilityObject::lineRangeForPosition):

  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::boundsForVisiblePositionRange):
(WebCore::AccessibilityObject::boundsForRange):
(WebCore::AccessibilityObject::setSelectedVisiblePositionRange):
(WebCore::AccessibilityObject::doAXStringForRange):
(WebCore::AccessibilityObject::doAXBoundsForRange):
(WebCore::AccessibilityObject::doAXBoundsForRangeUsingCharacterOffset):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::nodeIsTextControl):
(WebCore::AccessibilityRenderObject::boundsForRects):
(WebCore::AccessibilityRenderObject::boundsForVisiblePositionRange):
(WebCore::AccessibilityRenderObject::boundsForRange):
(WebCore::AccessibilityRenderObject::setSelectedVisiblePositionRange):
(WebCore::AccessibilityRenderObject::doAXBoundsForRange):
(WebCore::AccessibilityRenderObject::doAXBoundsForRangeUsingCharacterOffset):
(WebCore::AccessibilityRenderObject::accessibilityImageMapHitTest):

  • accessibility/AccessibilityRenderObject.h:
  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper positionForTextMarker:]):
(-[WebAccessibilityObjectWrapper textMarkerRange]):
(-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
(-[WebAccessibilityObjectWrapper textMarkerForPosition:]):
(-[WebAccessibilityObjectWrapper _stringForRange:attributed:]):
(-[WebAccessibilityObjectWrapper frameForTextMarkers:]):
(-[WebAccessibilityObjectWrapper textMarkerForPoint:]):
(-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper doAXAttributedStringForRange:]):
(-[WebAccessibilityObjectWrapper _convertToNSRange:]):
(-[WebAccessibilityObjectWrapper _indexForTextMarker:]):
(-[WebAccessibilityObjectWrapper _textMarkerForIndex:]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

  • editing/htmlediting.cpp:

(WebCore::localCaretRectInRendererForCaretPainting):
(WebCore::localCaretRectInRendererForRect):

  • editing/htmlediting.h:

LayoutTests:

  • accessibility/mac/text-marker-for-index-expected.txt: Added.
  • accessibility/mac/text-marker-for-index.html: Added.
  • accessibility/mac/text-marker-word-nav-expected.txt:
  • accessibility/mac/text-marker-word-nav.html:
5:49 PM Changeset in webkit [197981] by Simon Fraser
  • 37 edits in trunk

Font antialiasing (smoothing) changes when elements are rendered into compositing layers
https://bugs.webkit.org/show_bug.cgi?id=23364

Reviewed by Tim Horton.

Source/WebCore:

Improve the appearance of subpixel-antialiased ("smoothed") text in non-opaque layers
by opting in to a new CALayer backing store format.

GraphicsLayer now has setSupportsSmoothedFonts(), which is called by RenderLayerBacking
when the platform has support for the new feature. Ideally this would only be set when
we know a layer has smoothed text drawn into it, but, for now, enable this for all
layers. The right thing happens with opaque layers under the hood.

setSupportsSmoothedFonts() is turned into a PlatformCALayer contentsFormat flag, which
is ultimately passed to setBackingStoreFormat().

We also need to propagate this flag to TileController tiles.

  • platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::supportsSmoothedLayerText):
(WebCore::GraphicsLayer::setSmoothedLayerTextEnabled):
(WebCore::GraphicsLayer::smoothedLayerTextEnabled):
(WebCore::GraphicsLayer::GraphicsLayer):

  • platform/graphics/GraphicsLayer.h:

(WebCore::GraphicsLayer::supportsSmoothedFonts):
(WebCore::GraphicsLayer::setSupportsSmoothedFonts):

  • platform/graphics/TiledBacking.h:
  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayer::supportsSmoothedLayerText):
(WebCore::GraphicsLayer::setSmoothedLayerTextEnabled):
(WebCore::GraphicsLayer::smoothedLayerTextEnabled):
(WebCore::GraphicsLayerCA::setSupportsSmoothedFonts):
(WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
(WebCore::GraphicsLayerCA::updateContentsFormat):

  • platform/graphics/ca/GraphicsLayerCA.h:
  • platform/graphics/ca/PlatformCALayer.cpp:

(WebCore::PlatformCALayer::drawRepaintIndicator): Give the number a "shadow" when
the contents format says we support smoothed fonts.

  • platform/graphics/ca/PlatformCALayer.h:
  • platform/graphics/ca/TileController.cpp:

(WebCore::TileController::setTileContentsFormatFlags):
(WebCore::TileController::createTileLayer):

  • platform/graphics/ca/TileController.h:
  • platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::updateTileLayerProperties):

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.h:
  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

(WebCore::setBackingStoreFormat):
(PlatformCALayerCocoa::commonInit):
(PlatformCALayerCocoa::setContentsFormat):
(PlatformCALayer::drawLayerContents): Previously, we turned off font smoothing in
non-opaque layers to improve text appearance. We no longer need to do that when
the contents format has "SmoothedFonts".

  • platform/graphics/ca/win/PlatformCALayerWin.cpp:

(PlatformCALayerWin::setContentsFormat):
(PlatformCALayerWin::contentsFormat):

  • platform/graphics/ca/win/PlatformCALayerWin.h:
  • platform/ios/LegacyTileGridTile.mm:

(WebCore::setBackingStoreFormat):
(WebCore::LegacyTileGridTile::LegacyTileGridTile):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::createGraphicsLayer):

Source/WebKit/mac:

Allow internal clients to turn off smoothed layer text, so that WebKitTestRunner
can disable it.

  • WebView/WebView.mm:

(+[WebView _setSmoothedLayerTextEnabled:]):
(+[WebView _smoothedLayerTextEnabled]):

  • WebView/WebViewPrivate.h:

Source/WebKit2:

Send the ContentsFormat to the UI process (but nothing happens to it there yet).

Allow internal clients to turn off smoothed layer text, so that WebKitTestRunner
can disable it.

  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::WebProcessCreationParameters):
(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):

  • Shared/WebProcessCreationParameters.h:
  • Shared/mac/RemoteLayerTreeTransaction.h:
  • Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):

  • UIProcess/API/C/WKContext.cpp:

(WKContextEnableSmoothedLayerText):

  • UIProcess/API/C/WKContextPrivate.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::createNewWebProcess):
(WebKit::WebProcessPool::enableSmoothedLayerText):
(WebKit::WebProcessPool::WebProcessPool): Deleted.

  • UIProcess/WebProcessPool.h:
  • WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::setContentsFormat):
(WebKit::PlatformCALayerRemote::contentsFormat):

  • WebProcess/WebPage/mac/PlatformCALayerRemote.h:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):
(WebKit::WebProcess::enableSmoothedLayerText):

  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in:

Tools:

Turn off smoothed layer text because it affects many layout test results.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebViewToConsistentStateBeforeTesting):

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetStateToConsistentValues):

5:46 PM Changeset in webkit [197980] by Ryan Haddad
  • 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r197922.
https://bugs.webkit.org/show_bug.cgi?id=155340

This change broke storage/websql tests on ios-simulator.
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"WebKit should adopt journal_mode=wal for all SQLite
databases."
https://bugs.webkit.org/show_bug.cgi?id=133496
http://trac.webkit.org/changeset/197922

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-10

5:41 PM Changeset in webkit [197979] by mmaxfield@apple.com
  • 3 edits in trunk/LayoutTests

[Cocoa] Test gardening after r197933
<rdar://problem/25091368>

Unreviewed.

  • fast/text/woff2-expected.html:
  • fast/text/woff2.html:
5:34 PM Changeset in webkit [197978] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Fix the build again.

  • editing/cocoa/DataDetection.mm:

(WebCore::constructURLStringForResult):

5:32 PM Changeset in webkit [197977] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Fix the build.

  • editing/cocoa/DataDetection.mm:
5:06 PM Changeset in webkit [197976] by enrica@apple.com
  • 9 edits in trunk/Source

Expose additional WKDataDetectorTypes.
https://bugs.webkit.org/show_bug.cgi?id=155331
rdar://problem/24175813

Reviewed by Tim Horton.

Source/WebCore:

Adding support for additional data detector types (tracking
numbers, flight information and spotlight suggestions).

  • editing/cocoa/DataDetection.h:
  • editing/cocoa/DataDetection.mm:

(WebCore::constructURLStringForResult):
(WebCore::DataDetection::detectContentInRange):

  • platform/cocoa/DataDetectorsCoreSoftLink.h:
  • platform/cocoa/DataDetectorsCoreSoftLink.mm:
  • platform/spi/cocoa/DataDetectorsCoreSPI.h:

Source/WebKit2:

Adding API to enable data detection of tracking numbers,
flight number and spotlight suggestions.

  • UIProcess/API/Cocoa/WKWebView.mm:

(fromWKDataDetectorTypes):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.h:
5:03 PM Changeset in webkit [197975] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: color swatch and border are misaligned in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154471

Patch by Daniel Strokis <dstrokis@icloud.com> on 2016-03-10
Reviewed by Timothy Hatcher.

Color swatches in the Visual Styles sidebar now have only their left corners rounded (thanks to Matt Baker for the idea).

  • UserInterface/Views/InlineSwatch.css:

(.inline-swatch > span):
(.inline-swatch): Deleted.

  • UserInterface/Views/VisualStyleColorPicker.css:

(.visual-style-property-container.input-color-picker > .visual-style-property-value-container > .inline-swatch.color):

4:49 PM Changeset in webkit [197974] by Matt Baker
  • 14 edits
    1 delete in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: remove navigation sidebar
https://bugs.webkit.org/show_bug.cgi?id=153036
<rdar://problem/24195627>

Reviewed by Timothy Hatcher.

Removed TimelineView methods used by the sidebar to setup the content tree
outline and handle tree element events, which are no longer used. Tree elements
are no longer created by TimelineViews as records are processed.

  • UserInterface/Main.html:

Removed files.

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):
Removed tree outline event listeners and data grid parameter.
(WebInspector.LayoutTimelineView.prototype._processPendingRecords):
(WebInspector.LayoutTimelineView.prototype._dataGridFiltersDidChange):
(WebInspector.LayoutTimelineView.prototype._hoveredOrSelectedRecord):
Get record from data grid node instead of tree element.
(WebInspector.LayoutTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.LayoutTimelineView.prototype._mouseOverTreeOutline): Deleted.
(WebInspector.LayoutTimelineView.prototype._mouseLeaveTreeOutline): Deleted.
No longer needed, highlighting performed by data grid event handlers.

  • UserInterface/Views/MemoryTimelineView.js:

(WebInspector.MemoryTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
No longer needed.

  • UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel.prototype._updateFilter): Deleted.
Removed hack which was specific to TimelineSidebarPanel.

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):
Removed sidebar styles and tree outline data grid parameter.
(WebInspector.NetworkTimelineView.prototype._processPendingRecords):
(WebInspector.NetworkTimelineView.prototype._dataGridFiltersDidChange):
(WebInspector.NetworkTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.NetworkTimelineView.prototype.treeElementSelected): Deleted.
No longer needed.

  • UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView):
(WebInspector.OverviewTimelineView.prototype.get selectionPathComponents):
(WebInspector.OverviewTimelineView.prototype.dataGridNodePathComponentSelected):
Create path components from the grid selection. This should have been
included in https://webkit.org/b/154954.

(WebInspector.OverviewTimelineView.prototype._compareDataGridNodesByStartTime.getStartTime):
(WebInspector.OverviewTimelineView.prototype._compareDataGridNodesByStartTime):
(WebInspector.OverviewTimelineView.prototype._insertDataGridNode):
(WebInspector.OverviewTimelineView.prototype._addResourceToDataGridIfNeeded):
(WebInspector.OverviewTimelineView.prototype._addSourceCodeTimeline):
Refactored to accept grid nodes instead of tree elements.

(WebInspector.OverviewTimelineView.prototype._processPendingRepresentedObjects):
(WebInspector.OverviewTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.OverviewTimelineView.prototype.shown):
(WebInspector.OverviewTimelineView.prototype.treeElementPathComponentSelected): Deleted.
(WebInspector.OverviewTimelineView.prototype._compareTreeElementsByDetails): Deleted.
Not used anywhere.

(WebInspector.OverviewTimelineView.prototype._compareTreeElementsByStartTime.getStartTime): Deleted.
(WebInspector.OverviewTimelineView.prototype._compareTreeElementsByStartTime): Deleted.
(WebInspector.OverviewTimelineView.prototype._insertTreeElement): Deleted.
(WebInspector.OverviewTimelineView.prototype._addResourceToTreeIfNeeded): Deleted.
Reimplemented as _compareDataGridNodesByStartTime, _insertDataGridNode and _addResourceToDataGridIfNeeded.

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView):
Removed sidebar styles and tree outline data grid parameter.

(WebInspector.RenderingFrameTimelineView.prototype.get selectionPathComponents):
(WebInspector.RenderingFrameTimelineView.prototype.dataGridNodePathComponentSelected):
Create path components from the grid selection. This should have been
included in https://webkit.org/b/154954.

(WebInspector.RenderingFrameTimelineView.prototype._processPendingRecords):
(WebInspector.RenderingFrameTimelineView.prototype._scopeBarSelectionDidChange):
(WebInspector.RenderingFrameTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.RenderingFrameTimelineView.prototype.treeElementDeselected): Deleted.
(WebInspector.RenderingFrameTimelineView.prototype.treeElementSelected): Deleted.
(WebInspector.RenderingFrameTimelineView.prototype.treeElementPathComponentSelected): Deleted.

  • UserInterface/Views/ScriptClusterTimelineView.js:

(WebInspector.ScriptClusterTimelineView):
Don't hold reference to extraArguments, just pass to subviews.

  • UserInterface/Views/ScriptDetailsTimelineView.js:

(WebInspector.ScriptDetailsTimelineView):
Removed sidebar styles and tree outline data grid parameter.
(WebInspector.ScriptDetailsTimelineView.prototype._processPendingRecords):
(WebInspector.ScriptDetailsTimelineView.prototype._dataGridFiltersDidChange):
(WebInspector.ScriptDetailsTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.ScriptDetailsTimelineView.prototype.treeElementSelected): Deleted.
(WebInspector.ScriptDetailsTimelineView.prototype.dataGridNodeForTreeElement): Deleted.
(WebInspector.ScriptDetailsTimelineView.prototype.populateProfileNodeTreeElement): Deleted.

  • UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid.prototype.addRowInSortOrder):
Fixed failure when treeElement and parentTreeElementOrDataGridNode are both null.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView):
Removed extraArguments and sidebar panel references.
(WebInspector.TimelineRecordingContentView.prototype.contentBrowserTreeElementForRepresentedObject):
Use icon style from the tab, instead of the sidebar.
(WebInspector.TimelineRecordingContentView.prototype._currentContentViewDidChange):
Removed updates to the sidebar.
(WebInspector.TimelineRecordingContentView.prototype._pathComponentSelected):
(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._instrumentAdded):
Removed sidebar reference when creating new TimelineViews.
(WebInspector.TimelineRecordingContentView.prototype._timeRangeSelectionChanged):

  • UserInterface/Views/TimelineSidebarPanel.css: Removed.
  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView):
Removed hidden sidebar FIXME.
(WebInspector.TimelineTabContentView.prototype._addRecording):
New location for sidebar style class constant StopwatchIconStyleClass.

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView):
(WebInspector.TimelineView.prototype.get navigationItems): Deleted.
(WebInspector.TimelineView.prototype.get navigationSidebarTreeOutline): Deleted.
(WebInspector.TimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
(WebInspector.TimelineView.prototype.get timelineSidebarPanel): Deleted.
(WebInspector.TimelineView.prototype.treeElementPathComponentSelected): Deleted.
(WebInspector.TimelineView.prototype.treeElementDeselected): Deleted.
(WebInspector.TimelineView.prototype.treeElementSelected): Deleted.
(WebInspector.TimelineView.prototype._treeSelectionDidChange): Deleted.
Sidebar logic for panel and content tree outline removed.

4:47 PM Changeset in webkit [197973] by Beth Dakin
  • 5 edits
    4 adds in trunk/Source/WebKit2

defaultActions in UIDelegate method
_webView:previewingViewControllerForElement:defaultActions: need to be
use-able by a client
https://bugs.webkit.org/show_bug.cgi?id=155304
-and corresponding-
rdar://problem/24269296

Reviewed by Anders Carlsson.

This patch adds a new protocol, WKPreviewActionItem, which is a sub-protocol
of UIPreviewActionItem. The new protocol adds an identifier so that clients
can identify which of our default actions they want to use. In order for a
client to use our default action items, they need to return those actions in
their UIViewController's implementation of previewActionItems.

Change the defaultActions to NSArray <id <WKPreviewActionItem>> *

  • UIProcess/API/Cocoa/WKUIDelegatePrivate.h:

This new file defines our sub-protocol and sub-class for WKPreviewActions.

  • UIProcess/API/Cocoa/_WKPreviewAction.h: Added.
  • UIProcess/API/Cocoa/_WKPreviewAction.mm: Added.

(+[_WKPreviewAction actionWithIdentifier:title:style:handler:]):

New BOOL _uiDelegateProvidedPreviewingViewController keeps track of whether
the client returned a view controller from
_webView:previewingViewControllerForElement:defaultActions:. If they did
return a view controller, then we should invoke
_webView:commitPreviewingViewController: at commit time. If they returned
nil, then they indicated that WebKit should continue with default previewing
behavior, so we will not invoke the UIDelegate’s commit method.

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _registerPreview]):
(-[WKContentView _unregisterPreview]):
(-[WKContentView _interactionShouldBeginFromPreviewItemController:forPosition:]):

In order for our default actions to be useful, we have to create
_WKPreviewActions.
(-[WKContentView _presentedViewControllerForPreviewItemController:]):

Only invoke _webView:commitPreviewedViewController: if
_uiDelegateProvidedPreviewingViewController is YES.
(-[WKContentView _previewItemController:commitPreview:]):

  • WebKit2.xcodeproj/project.pbxproj:
4:45 PM Changeset in webkit [197972] by dbates@webkit.org
  • 69 edits
    13 adds in trunk

CSP: Implement frame-ancestors directive
https://bugs.webkit.org/show_bug.cgi?id=154345
<rdar://problem/24702161>

Reviewed by Brent Fulgham.

Source/WebCore:

Add support for the Content Security Policy directive frame-ancestors per the Content Security
Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Tests: http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-meta-element-ignored.html

http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied): Extracted from DocumentLoader::responseReceived().
(WebCore::DocumentLoader::responseReceived): Extracted logic to cancel a load and dispatch a DOM Load
event at the frame owner into DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
Make use of this function when loading of the frame is blocked by either the Content Security Policy or
the X-Frame-Option policy. We explicitly instantiate a ContentSecurityPolicy object with a SecurityOrigin
and Frame instead of using ScriptExecutionContext m_frame->document() because m_frame->document() is not
in a stable state (for instance, Document::m_url has not been initialized) as we are in the process of
loading the underlying document data for it.

  • loader/DocumentLoader.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::didBeginDocument): Pass ContentSecurityPolicy::ReportParsingErrors::No to silence
errors raised when parsing the Content Security Policy headers to avoid duplicate error messages. Any
parsing errors would have been raised when we parsed the Content Security Policy in DocumentLoader.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Modified to take an optional pointer to a Frame (defaults
to nullptr). The specified Frame is used to support emitting console messages for violations/syntax errors and
send violation reports. We make use of this constructor variant in DocumentLoader to support emitting console
message and sending violation reports in the context of DocumentLoader where its associated Document is not in a
stable state and making use of a Frame seems less error prone.
(WebCore::ContentSecurityPolicy::didReceiveHeaders): Modified to take argument reportParsingErrors as
to whether to silence parsing errors when parsing the specified headers.
(WebCore::isAllowedByAllWithFrame): Helper function to query a ContentSecurityPolicyDirectiveList function
passing a Frame and URL for each Content Security Policy.
(WebCore::ContentSecurityPolicy::allowFrameAncestors): Calls WebCore::isAllowedByAllWithFrame().
(WebCore::ContentSecurityPolicy::reportViolation): Modified to support sending a violation report when
we have a Frame and no ScriptExecutionContext (such as when we are instantiated in DocumentLoader).
Additionally, we only will send a report if reporting is enabled (i.e. ContentSecurityPolicy::m_isReportingEnabled == true).
(WebCore::ContentSecurityPolicy::logToConsole): Modified to support logging a message to the console
we have a Frame and no ScriptExecutionContext. We also only allow logging if reporting is enabled.

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::checkFrameAncestors): Added.
(WebCore::ContentSecurityPolicyDirectiveList::checkFrameAncestorsAndReportViolation): Added.
(WebCore::ContentSecurityPolicyDirectiveList::allowFrameAncestors): Added.
(WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore the directive frame-ancestors when defined
in a policy given in an HTML meta element and report such use as invalid.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the directive frame-ancestors.

  • page/csp/ContentSecurityPolicyDirectiveList.h:
  • page/csp/ContentSecurityPolicyResponseHeaders.h: Mark constructor "explicit".

LayoutTests:

Adds new tests to ensure we ignore directive frame-ancestors when defined a policy delivered
in an HTML meta element or in a report-only policy (i.e. delivered via HTTP header Content-
Security-Policy-Report-Only). Also adds new test to ensure that we send a violation report
when the directive frame-ancestors is violated.

Updated many existing tests and test results that unnecessarily depended on a DOM SecurityError
exception being thrown when accessing the content of a cross-origin frame. It is sufficient
and more direct to test directive frame-ancestors by dumping the contents of all children frames
on the page. We design the tests such that a child frame that was blocked by the frame-ancestors
directive is expected to have no content. A child frame that was allowed by the frame-ancestors
directive is expected to have content.

  • TestExpectations: Mark frame-ancestors tests as PASS so that we run them.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-meta-element-ignored-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-meta-element-ignored.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-in-report-only-ignored.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-none-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-url-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-none-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-none-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-protocolless-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-protocolless-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-self-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-self-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-self-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-self-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-star-allow-crossorigin-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-star-allow-crossorigin.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-star-allow-sameorigin-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-star-allow-sameorigin.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-allow-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-allow.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-block-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-block.html:
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/echo-intertag.pl: Added.
  • http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js:

(done): Added.
(injectIFrame): Modified to make use of handleFrameEvent().
(handleFrameEvent): Added.
(iframeLoaded): Deleted.

  • http/tests/security/contentSecurityPolicy/resources/frame-in-frame.pl:
4:44 PM Changeset in webkit [197971] by Joseph Pecoraro
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Enable Memory Timelines by default if supported
https://bugs.webkit.org/show_bug.cgi?id=155333
<rdar://problem/25097319>

Reviewed by Timothy Hatcher.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.defaultInstruments):

4:43 PM Changeset in webkit [197970] by sbarati@apple.com
  • 7 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Instanceof isn't spec compliant when the RHS is a Proxy with a target that is a function
https://bugs.webkit.org/show_bug.cgi?id=155329

Reviewed by Mark Lam.

We use type info flags on the structure to dictate whether or not
the RHS of an instanceof is a valid RHS (i.e, a function). The solution
to make Proxy a valid RHS when the Proxy's target is callable is to have
two different structures for ProxyObject: one for a non-callable target
and one for a callable target.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::moduleRecordStructure):
(JSC::JSGlobalObject::moduleNamespaceObjectStructure):
(JSC::JSGlobalObject::proxyObjectStructure):
(JSC::JSGlobalObject::callableProxyObjectStructure):
(JSC::JSGlobalObject::proxyRevokeStructure):
(JSC::JSGlobalObject::wasmModuleStructure):

  • runtime/ProxyConstructor.cpp:

(JSC::makeRevocableProxy):
(JSC::constructProxyObject):
(JSC::ProxyConstructor::getConstructData):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::ProxyObject):
(JSC::ProxyObject::structureForTarget):
(JSC::ProxyObject::finishCreation):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::create):
(JSC::ProxyObject::createStructure):

  • tests/es6.yaml:
  • tests/stress/proxy-instanceof.js: Added.

(assert):
(test):
(C):
(test.let.handler.get if):
(test.let.handler):

4:42 PM Changeset in webkit [197969] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

Add shouldNotBe to standalone test harness
https://bugs.webkit.org/show_bug.cgi?id=155300

Patch by Andy VanWagoner <andy@instructure.com> on 2016-03-10
Reviewed by Saam Barati.

Copy over the shouldNotBe function from js-test-pre. This fixes errors
introduced be new Intl tests.

  • resources/standalone-pre.js:

(shouldNotBe):

4:34 PM Changeset in webkit [197968] by jer.noble@apple.com
  • 16 edits in trunk/Source

Add WebCore, WebKit, & WebKit2 preference/setting to enable Main Content heuristic.
https://bugs.webkit.org/show_bug.cgi?id=155326
<rdar://problem/25095408>

Reviewed by Beth Dakin.

Source/WebCore:

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::HTMLMediaElement): Set the OverrideUserGestureRequirementForMainContent if the new setting is enabled.

  • page/Settings.in:

Source/WebKit/mac:

Add SPI to get and set the new preference.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(-[WebPreferences overrideUserGestureRequirementForMainContent]):
(-[WebPreferences setOverrideUserGestureRequirementForMainContent:]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit2:

Add SPI to get and set the new preference.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetMainContentUserGestureOverrideEnabled):
(WKPreferencesGetMainContentUserGestureOverrideEnabled):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration init]):
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _mainContentUserGestureOverrideEnabled]):
(-[WKWebViewConfiguration _setMainContentUserGestureOverrideEnabled:]):

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

4:32 PM Changeset in webkit [197967] by Said Abou-Hallawa
  • 8 edits in trunk/Source/WebCore

REGRESSION: GuardMallloc crash in SVGListPropertyTearOff<SVGPointList>::processIncomingListItemWrapper
https://bugs.webkit.org/show_bug.cgi?id=154969

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-03-10
Reviewed by Darin Adler.

The life cycle of the SVGAnimatedPropertyTearOff::m_baseVal and m_animVal
was not correct. Like what was done in SVGAnimatedListPropertyTearOff,
m_baseVal and m_animVal have to be raw RefCounted pointers. When requested
through, SVGAnimatedPropertyTearOff::baseVal() and animVal() they are
encapsulated in a RefPtr to ensure they existence as long as they are
referenced. When the animated property object (which is stored in either
m_baseVal or m_animVal) is not referenced by anyone, it is going to be
deleted. In the destructor of their class, SVGAnimatedPropertyTearOff
will be notified of this deletion through propertyWillBeDeleted() to clean
its member m_baseVal or m_animVal.

  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Now all the SVG animated property return RefPtrs. In
addition to that, SVGViewSpec.transform also returns
RefPtr<SVGTransformListPropertyTearOff>.

  • svg/properties/SVGAnimatedListPropertyTearOff.h:

(WebCore::SVGAnimatedListPropertyTearOff::animVal):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Change propertyWillBeDeleted() to be virtual and make it takes an SVGProperty*.
Rename m_animatingAnimVal to be m_animatedProperty. Add isAnimating() which
returns true if m_animatedProperty is not null. Use isAnimating() instead of
m_isAnimating because it's deleted from the base class.

  • svg/properties/SVGAnimatedProperty.cpp:

(WebCore::SVGAnimatedProperty::SVGAnimatedProperty):
(WebCore::SVGAnimatedProperty::~SVGAnimatedProperty):

  • svg/properties/SVGAnimatedProperty.h:

(WebCore::SVGAnimatedProperty::isAnimating):
(WebCore::SVGAnimatedProperty::propertyWillBeDeleted):
Delete m_isAnimating since its value can be deduced from the value of
m_animatedProperty in the derived class. Add propertyWillBeDeleted() and
isAnimating() as virtual functions with the default behavior.

  • svg/properties/SVGAnimatedPropertyTearOff.h:

(WebCore::SVGAnimatedPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPropertyTearOff::animVal):
Like SVGAnimatedListPropertyTearOff::baseVal() and animVal() create the
value if it does not exist. Keep a raw RefCounted pointer but return a
RefPtr.

(WebCore::SVGAnimatedPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedPropertyTearOff::propertyWillBeDeleted):
Override virtual functions.

(WebCore::SVGAnimatedPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedPropertyTearOff::animValDidChange):
Replace m_isAnimating with isAnimating(). Ensure that we get a new animated
property through animVal() and store it in a RefPtr to ensure it will not
go away while animating.

  • svg/properties/SVGAnimatedStaticPropertyTearOff.h:

(WebCore::SVGAnimatedStaticPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedStaticPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValDidChange):
Add isAnimating() and replace all the instances of m_isAnimating with calls
to isAnimating().

  • svg/properties/SVGPropertyTearOff.h:

(WebCore::SVGPropertyTearOff::animatedProperty):
(WebCore::SVGPropertyTearOff::setAnimatedProperty):
(WebCore::SVGPropertyTearOff::contextElement):
(WebCore::SVGPropertyTearOff::SVGPropertyTearOff):
(WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
SVGPropertyTearOff is what SVGAnimatedPropertyTearOff creates for its
baseVal() and animVal() values. These values can be null anytime once
they are not referenced. The SVGAnimatedPropertyTearOff holds only raw
RefCounted pointer for them. So (1) SVGPropertyTearOff needs to hold a
RefPtr for its SVGAnimatedProperty and (2) it needs to notify its
SVGAnimatedProperty when it's deleted by calling propertyWillBeDeleted()
from the destructor. Also there is no need to get the contextElement()
and save it in class member, m_contextElement since it can be always be
retrieved from SVGAnimatedProperty::contextElement().

4:05 PM Changeset in webkit [197966] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Rebaseline two inspector tests after r197954 changed the results.

Unreviewed test gardening.

  • inspector/debugger/command-line-api-exception-expected.txt:
  • platform/mac/inspector/model/remote-object-expected.txt:
3:54 PM Changeset in webkit [197965] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit2

Remove firing assertion after r197865.
https://bugs.webkit.org/show_bug.cgi?id=155137
rdar://problem/25096835

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveData:]):
This assertion was firing. I'm looking into why.

3:50 PM Changeset in webkit [197964] by jer.noble@apple.com
  • 2 edits in trunk/Tools

Partial roll-out of r197953; test fails because encode/decode support of those properties were never added.

  • TestWebKitAPI/Tests/WebKit2Cocoa/Coding.mm:

(TEST): Deleted.

3:48 PM Changeset in webkit [197963] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

[ES6] RegExp sticky flag should be ignored in String.match when global flag is given
https://bugs.webkit.org/show_bug.cgi?id=155332

Reviewed by Saam Barati.

Removed logic from stringProtoFuncMatch that handles the case where both global and sticky flags are set.

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

3:38 PM Changeset in webkit [197962] by msaboff@apple.com
  • 7 edits
    3 adds
    10 deletes in trunk

[ES6] Allow RegExp constructor to take pattern from an existing RegExp with new flags
https://bugs.webkit.org/show_bug.cgi?id=155315

Reviewed by Saam Barati.

Source/JavaScriptCore:

Changed to comply with section 21.2.3.1, step 5. Eliminated syntax error.

In the process, change to get the VM at the top of the function.

Updated tests accordingly.

  • runtime/RegExpConstructor.cpp:

(JSC::constructRegExp):

  • tests/es6.yaml: Changed miscellaneous_RegExp_constructor_can_alter_flags.js to normal.
  • tests/mozilla/mozilla-tests.yaml: Disabled ecma_3/RegExp/15.10.4.1-5-n.js as it checks

for the old behavior of throwing a syntax error.

LayoutTests:

New and updated test for change.

  • fast/regex/constructor-expected.txt:
  • fast/regex/script-tests/constructor.js:

Changed test for new behavior.`

  • js/regexp-old-regexp-new-flags-expected.txt: Added.
  • js/regexp-old-regexp-new-flags.html: Added.
  • js/script-tests/regexp-old-regexp-new-flags.js: Added.

New test.

  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.3/S15.10.3.1_A2_T1-expected.txt: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.3/S15.10.3.1_A2_T1.html: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.3/S15.10.3.1_A2_T2-expected.txt: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.3/S15.10.3.1_A2_T2.html: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A2_T1-expected.txt: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A2_T1.html: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A2_T2-expected.txt: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A2_T2.html: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A8_T8-expected.txt: Removed.
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A8_T8.html: Removed.

Removed obsolete tests.

3:18 PM Changeset in webkit [197961] by Matt Baker
  • 8 edits
    3 adds in trunk/Source/WebInspectorUI

Web Inspector: Add "Quick Open" dialog to debugger and resources tabs
https://bugs.webkit.org/show_bug.cgi?id=153028
<rdar://problem/24194239>

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

New placeholder text for open resource dialog field.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
Keep a reference to the content element to use as global dialog parent,
and create keyboard shortcut for new dialog.

(WebInspector._showOpenResourceDialog):
Create dialog if needed, return if already visible.
(WebInspector.dialogWasDismissed):
Show represented object, if any, when dialog is dismissed.

  • UserInterface/Main.html:

New files.

  • UserInterface/Views/Dialog.js: Added.

Base class for modal dialog popovers. Implements basic setup and
teardown, and logic for validating and returning a represented object.

(WebInspector.Dialog):
(WebInspector.Dialog.prototype.get visible):
(WebInspector.Dialog.prototype.get delegate):
(WebInspector.Dialog.prototype.get representedObject):
(WebInspector.Dialog.prototype.present):
(WebInspector.Dialog.prototype.dismiss):
(WebInspector.Dialog.prototype.didPresetDialog):
(WebInspector.Dialog.prototype.representedObjectIsValid):

  • UserInterface/Views/GoToLineDialog.js:

Subclass the Dialog base class.
(WebInspector.GoToLineDialog):
(WebInspector.GoToLineDialog.prototype.didPresentDialog):
Implement base class behavior hook. Replaces "present".
(WebInspector.GoToLineDialog.prototype._handleInputEvent):
(WebInspector.GoToLineDialog.prototype._handleKeydownEvent):
Line number validation handled by base class/delegate.
(WebInspector.GoToLineDialog.prototype._clear):
(WebInspector.GoToLineDialog.prototype.present): Deleted.
(WebInspector.GoToLineDialog.prototype.dismiss): Deleted.
No longer needed, handled by base class.

  • UserInterface/Views/OpenResourceDialog.css: Added.

(.open-resource-dialog):
(.open-resource-dialog > .field):
(.open-resource-dialog > .field > input):
(.open-resource-dialog > .field > input::-webkit-input-placeholder):
(.open-resource-dialog > .field > img):
(.open-resource-dialog > .field > img:active):
(.open-resource-dialog.non-empty > .field > img):
(.open-resource-dialog > .tree-outline):
(.open-resource-dialog > .tree-outline .item):
(.open-resource-dialog > .tree-outline .item:first-child):
(.open-resource-dialog > .tree-outline .item.selected):
(.open-resource-dialog > .tree-outline .item.selected .subtitle):
Styles for "quick open" dialog.

  • UserInterface/Views/OpenResourceDialog.js: Added.

New dialog type, based on the Quick Open dialog found in Xcode (and its
equivalent in most modern editors).

(WebInspector.OpenResourceDialog):
(WebInspector.OpenResourceDialog.prototype._populateResourceTreeOutline.createTreeElement):
(WebInspector.OpenResourceDialog.prototype._populateResourceTreeOutline):
Populate the auto-completion tree from the list of filtered resources.

(WebInspector.OpenResourceDialog.prototype.didPresentDialog):
Build resource list once, when the dialog is presented. Update the list
when resources are added/removed in a follow-up: https://webkit.org/b/155321.

(WebInspector.OpenResourceDialog.prototype._handleInputEvent):
(WebInspector.OpenResourceDialog.prototype._handleKeydownEvent):
Escape key: dismiss dialog if input is empty, otherwise clear input.
Enter key: dismiss dialog if object selected.
Key up/down: cycle through auto-completion tree items, if any.

(WebInspector.OpenResourceDialog.prototype._handleKeyupEvent):
(WebInspector.OpenResourceDialog.prototype._handleBlurEvent):
(WebInspector.OpenResourceDialog.prototype._handleMousedownEvent):
(WebInspector.OpenResourceDialog.prototype._handleClickEvent):
(WebInspector.OpenResourceDialog.prototype._clear):
(WebInspector.OpenResourceDialog.prototype._updateFilter):
Rebuild filter regular expressions and apply to all resources. Each
resource is given a weight based on the first matching filter. Filters
are ordered by relevancy, from most to least relevant. Filtered resources
are sorted based on weight. If no matches are found, the tree is hidden.

  • UserInterface/Views/ResourceTreeElement.js:

(WebInspector.ResourceTreeElement.prototype.get filterableData):
make filterable resource data more fine-grained. Priority should be given
to the resource's name, before the complete URL.

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.showGoToLineDialog):
(WebInspector.SourceCodeTextEditor.prototype.dialogWasDismissed):
(WebInspector.SourceCodeTextEditor.prototype.goToLineDialogValueWasValidated): Deleted.
(WebInspector.SourceCodeTextEditor.prototype.goToLineDialogWasDismissed): Deleted.
Updated for new Dialog delegate behavior.

  • UserInterface/Views/TreeOutline.css:

(.tree-outline.large .item .titles):
(.tree-outline.large .item .titles.no-subtitle): Deleted.
Styles for tree elements in "quick open" dialog auto-completion tree.

3:09 PM Changeset in webkit [197960] by sbarati@apple.com
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Make ToPropertyDescriptor spec compliant
https://bugs.webkit.org/show_bug.cgi?id=155313

Reviewed by Mark Lam.

We were performing HasProperty(.) and Get(.) in the same operation.
This isn't valid according to the spec and it's user observable
behavior with Proxy. This patch fixes ToPropertyDescriptor to use
two distinct operations for HasProperty(.) and Get(.).

  • runtime/ObjectConstructor.cpp:

(JSC::ownEnumerablePropertyKeys):
(JSC::toPropertyDescriptor):

  • tests/es6.yaml:
  • tests/stress/to-property-key-correctness.js: Added.

(assert):
(test):
(test.let.handler.has):
(arrayEq):
(let.handler.has):
(let.target):
(set get let):

3:02 PM Changeset in webkit [197959] by BJ Burg
  • 2 edits in trunk/Source/JavaScriptCore

Web Inspector: report the underlying parser error message when JSON parsing fails
https://bugs.webkit.org/show_bug.cgi?id=155303
<rdar://problem/25088939>

Reviewed by Timothy Hatcher.

  • inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification.load_specification):
Stringize the underlying error so we can see what it says.

2:58 PM Changeset in webkit [197958] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: TreeOutlineDataGridSynchronizer should be optional in TimelineDataGrid
https://bugs.webkit.org/show_bug.cgi?id=155318
<rdar://problem/25091949>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid):
TreeOutline is optional, and if non-null a tree outline synchronizer is created.

(WebInspector.TimelineDataGrid.prototype.shown):
(WebInspector.TimelineDataGrid.prototype.treeElementForDataGridNode):
(WebInspector.TimelineDataGrid.prototype.dataGridNodeForTreeElement):
(WebInspector.TimelineDataGrid.prototype.treeElementMatchesActiveScopeFilters):
Safety checks for the synchronizer.

(WebInspector.TimelineDataGrid.prototype.addRowInSortOrder):
treeElement is now an optional parameter. If non-null, a tree synchronizer
should exist. The third parameter has been overloaded, to allow passing
a parent tree element or data grid node.

(WebInspector.TimelineDataGrid.prototype._refreshDirtyDataGridNodes):
(WebInspector.TimelineDataGrid.prototype._sort):
Safety checks for the synchronizer.

2:25 PM Changeset in webkit [197957] by Jon Davis
  • 2 edits in trunk/Source/WebCore

Fixed broken link for "WebGL 2" on the Feature Status page
https://bugs.webkit.org/show_bug.cgi?id=155235

Reviewed by Alex Christensen.

  • features.json:
2:05 PM Changeset in webkit [197956] by mmaxfield@apple.com
  • 22 edits
    5 adds in trunk

[OS X] Main frame scrollbars should appear on the left on RTL systems
https://bugs.webkit.org/show_bug.cgi?id=155149

Reviewed by Simon Fraser.

Source/WebCore:

A helper function, ScrollableArea::systemLanguageIsRTL() is used to determine
if we should be in this new mode. Once we have determined we should be in
this new mode, there are some scattered places where the geometry math
needed to be updated.

Tests: fast/scrolling/rtl-scrollbars-simple.html

fast/scrolling/rtl-scrollbars.html

  • page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):
(WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):

  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):

  • platform/mac/ScrollableAreaMac.mm:

(WebCore::ScrollableArea::systemLanguageIsRTL):

  • platform/ScrollableArea.h:
  • platform/ScrollView.cpp:

(WebCore::ScrollView::updateScrollbars):
(WebCore::ScrollView::scrollCornerRect):

  • platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimator::scrollbarsAreRTL):

  • platform/spi/mac/NSScrollerImpSPI.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::positionForClipLayer):

Tools:

Setting the volatile default needs to be done early, so it is
plumbed through the injected bundle's initialization routine.

Control of RTL scrollbars is handled by putting the string
<!-- webkit-test-runner [ rtlScrollbars=true ] -->
on the first line of a test.

  • WebKitTestRunner/InjectedBundle/mac/InjectedBundleMac.mm:

(WTR::shouldUseRTLScrollbars):
(WTR::InjectedBundle::platformInitialize):

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::generatePageConfiguration):
(WTR::updateTestOptionsFromTestHeader):
(WTR::TestController::getInjectedBundleInitializationUserData):

  • WebKitTestRunner/TestController.h:
  • WebKitTestRunner/TestOptions.h:
  • WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WTR::PlatformWebView::viewSupportsOptions):

LayoutTests:

  • fast/scrolling/rtl-scrollbars-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-simple-expected-mismatch.html: Added.
  • fast/scrolling/rtl-scrollbars-simple.html: Added.
  • fast/scrolling/rtl-scrollbars.html: Added.
  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/TestExpectations:
  • platform/win/TestExpectations:
1:41 PM Changeset in webkit [197955] by ggaren@apple.com
  • 9 edits
    1 move in trunk/Source/bmalloc

bmalloc: Rename SmallPage to SmallRun
https://bugs.webkit.org/show_bug.cgi?id=155320

Reviewed by Alex Christensen.

A page is a fixed-size set of lines.

A run is an variable-sized set of lines.

We want to start using runs because:

(a) we want to support varying the hardware page size by OS;

(b) we want to support allocations larger than our current page size.

  • bmalloc.xcodeproj/project.pbxproj:
  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate):

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):
(bmalloc::Heap::initializeSmallRunMetadata):
(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallRuns):
(bmalloc::Heap::allocateSmallBumpRanges):
(bmalloc::Heap::allocateSmallRun):
(bmalloc::Heap::deallocateSmallLine):
(bmalloc::Heap::initializeLineMetadata): Deleted.
(bmalloc::Heap::scavengeSmallPages): Deleted.
(bmalloc::Heap::allocateSmallPage): Deleted.

  • bmalloc/Heap.h:
  • bmalloc/LineMetadata.h:
  • bmalloc/SmallChunk.h:

(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::runs):
(bmalloc::SmallChunk::SmallChunk):
(bmalloc::SmallLine::end):
(bmalloc::SmallRun::get):
(bmalloc::SmallRun::begin):
(bmalloc::SmallRun::end):
(bmalloc::SmallChunk::pages): Deleted.
(bmalloc::SmallPage::get): Deleted.
(bmalloc::SmallPage::begin): Deleted.
(bmalloc::SmallPage::end): Deleted.

  • bmalloc/SmallPage.h: Removed.
  • bmalloc/SmallRun.h: Copied from Source/bmalloc/bmalloc/SmallPage.h.

(bmalloc::SmallRun::SmallRun):
(bmalloc::SmallRun::ref):
(bmalloc::SmallRun::deref):
(bmalloc::SmallPage::SmallPage): Deleted.
(bmalloc::SmallPage::ref): Deleted.
(bmalloc::SmallPage::deref): Deleted.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::allocateSmallChunk):
(bmalloc::VMHeap::allocateLargeChunk):

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallRun):
(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateSmallRun):
(bmalloc::VMHeap::deallocateLargeObject):
(bmalloc::VMHeap::allocateSmallPage): Deleted.
(bmalloc::VMHeap::deallocateSmallPage): Deleted.

1:37 PM Changeset in webkit [197954] by Joseph Pecoraro
  • 21 edits
    5 copies
    19 adds in trunk/Source

Web Inspector: JavaScript Heap Allocations Timeline
https://bugs.webkit.org/show_bug.cgi?id=155287
<rdar://problem/25078088>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

  • inspector/InjectedScriptSource.js:

(InjectedScript.prototype._describe):
(InjectedScript.prototype._nodeDescription):
Provide the nicer node preview more often.

Source/WebInspectorUI:

Initial JavaScript Heap Allocations Timeline includes:

  • Snapshot markers in the timeline
  • Initial/Periodic/End snapshots during recording
  • Ability to manually take a snapshot
  • View of all objects in a Snapshot and Diff between snapshots
    • Summary view - rough display of the size/count of large objects
    • Instances view - view each of the individual objects
  • UserInterface/Main.html:
  • UserInterface/Test.html:
  • UserInterface/Images/Compare.svg: Added.
  • UserInterface/Images/HeapSnapshot.svg: Added.
  • UserInterface/Images/HeapSnapshotDiff.svg: Added.
  • UserInterface/Images/HeapSnapshotInstances.svg: Added.
  • UserInterface/Images/HeapSnapshotSummary.svg: Added.
  • Localizations/en.lproj/localizedStrings.js:

New resources and strings.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype.heapTrackingStarted):
(WebInspector.TimelineManager.prototype.heapTrackingCompleted):
(WebInspector.TimelineManager.prototype.heapSnapshotAdded):

  • UserInterface/Protocol/HeapObserver.js:

(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
(WebInspector.HeapObserver):
Add snapshot records to the active recording's timeline.

  • UserInterface/Models/HeapAllocationsInstrument.js: Added.

(WebInspector.HeapAllocationsInstrument):
(WebInspector.HeapAllocationsInstrument.supported):
(WebInspector.HeapAllocationsInstrument.prototype.get timelineRecordType):
(WebInspector.HeapAllocationsInstrument.prototype.startInstrumentation):
(WebInspector.HeapAllocationsInstrument.prototype.stopInstrumentation):
(WebInspector.HeapAllocationsInstrument.prototype._takeHeapSnapshot):
Start, stop, and periodic snapshots.

  • UserInterface/Models/HeapAllocationsTimelineRecord.js:

(WebInspector.HeapAllocationsTimelineRecord):
(WebInspector.HeapAllocationsTimelineRecord.prototype.get timestamp):
(WebInspector.HeapAllocationsTimelineRecord.prototype.get heapSnapshot):

  • UserInterface/Models/TimelineRecord.js:
  • UserInterface/Models/TimelineRecording.js:

(WebInspector.TimelineRecording):
(WebInspector.TimelineRecording.prototype.addRecord):

  • UserInterface/Views/TimelineOverviewGraph.js:

(WebInspector.TimelineOverviewGraph.createForTimeline):

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView.displayNameForTimeline):
(WebInspector.TimelineTabContentView.iconClassNameForTimeline):
(WebInspector.TimelineTabContentView.genericClassNameForTimeline):
(WebInspector.TimelineTabContentView.iconClassNameForRecord):
(WebInspector.TimelineTabContentView.displayNameForRecord):
New timeline and record type.

  • UserInterface/Models/HeapSnapshotDiff.js: Added.

(WebInspector.HeapSnapshotDiff):
(WebInspector.HeapSnapshotDiff.prototype.get snapshot1):
(WebInspector.HeapSnapshotDiff.prototype.get snapshot2):
(WebInspector.HeapSnapshotDiff.prototype.get addedInstances):
(WebInspector.HeapSnapshotDiff.prototype.get removedInstances):
(WebInspector.HeapSnapshotDiff.prototype.get sizeDifference):
(WebInspector.HeapSnapshotDiff.prototype.get growth):
(WebInspector.HeapSnapshotDiff.prototype.snapshotForDiff):
Compare two snapshots and create a "diff snapshot" which is just
the newly added objects.

  • UserInterface/Views/ContentView.js:

(WebInspector.ContentView.createFromRepresentedObject):
(WebInspector.ContentView.isViewable):
A HeapSnapshot creates a HeapSnapshotClusterView.

  • UserInterface/Views/HeapAllocationsTimelineDataGridNode.js: Added.

(WebInspector.HeapAllocationsTimelineDataGridNode):
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.get record):
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.get data):
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.createCellContent):
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.markAsBaseline):
(WebInspector.HeapAllocationsTimelineDataGridNode.prototype.clearBaseline):

  • UserInterface/Views/HeapAllocationsTimelineOverviewGraph.css: Copied from Source/WebInspectorUI/UserInterface/Protocol/HeapObserver.js.

(.timeline-overview-graph.heap-allocations):
(.timeline-overview-graph.heap-allocations > img.snapshot):

  • UserInterface/Views/HeapAllocationsTimelineOverviewGraph.js: Added.

(WebInspector.HeapAllocationsTimelineOverviewGraph):
(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype.reset):
(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype.layout.xScale):
(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype.layout):
(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype._visibleRecords):
(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype._heapAllocationTimelineRecordAdded):

  • UserInterface/Views/HeapAllocationsTimelineView.css: Copied from Source/WebInspectorUI/UserInterface/Protocol/HeapObserver.js.

(.timeline-view.heap-allocations > .data-grid):
(.timeline-view.heap-allocations > .data-grid td .icon.heap-snapshot):
(.timeline-view.heap-allocations > .data-grid tr.baseline):
(.timeline-view.heap-allocations > .content-view-container):
(.timeline-view.heap-allocations > .content-view-container > .content-view):

  • UserInterface/Views/HeapAllocationsTimelineView.js: Added.

(WebInspector.HeapAllocationsTimelineView):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotList):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotTimelineRecord):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotDiff):
(WebInspector.HeapAllocationsTimelineView.prototype.get navigationItems):
(WebInspector.HeapAllocationsTimelineView.prototype.get selectionPathComponents):
(WebInspector.HeapAllocationsTimelineView.prototype.get navigationSidebarTreeOutlineLabel):
(WebInspector.HeapAllocationsTimelineView.prototype.treeElementPathComponentSelected):
(WebInspector.HeapAllocationsTimelineView.prototype.userSelectedRecordFromOverview):
(WebInspector.HeapAllocationsTimelineView.prototype.closed):
(WebInspector.HeapAllocationsTimelineView.prototype.layout):
(WebInspector.HeapAllocationsTimelineView.prototype.reset):
(WebInspector.HeapAllocationsTimelineView.prototype._heapAllocationsTimelineRecordAdded):
(WebInspector.HeapAllocationsTimelineView.prototype._snapshotListPathComponentClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._snapshotPathComponentSelected):
(WebInspector.HeapAllocationsTimelineView.prototype._currentContentViewDidChange):
(WebInspector.HeapAllocationsTimelineView.prototype._contentViewSelectionPathComponentDidChange):
(WebInspector.HeapAllocationsTimelineView.prototype._updateCompareHeapSnapshotButton):
(WebInspector.HeapAllocationsTimelineView.prototype._takeHeapSnapshotClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._cancelSelectComparisonHeapSnapshots):
(WebInspector.HeapAllocationsTimelineView.prototype._compareHeapSnapshotsClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._dataGridNodeSelected):

  • UserInterface/Views/HeapSnapshotClassDataGridNode.js: Added.

(WebInspector.HeapSnapshotClassDataGridNode):
(WebInspector.HeapSnapshotClassDataGridNode.prototype.get data):
(WebInspector.HeapSnapshotClassDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotClassDataGridNode.prototype.sort):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._fetchBatch):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._updateBatchedSort):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._updateBatchedChildren):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._removeFetchMoreDataGridNode):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._appendFetchMoreDataGridNode):

  • UserInterface/Views/HeapSnapshotClusterContentView.js: Added.

(WebInspector.HeapSnapshotClusterContentView.createPathComponent):
(WebInspector.HeapSnapshotClusterContentView):
(WebInspector.HeapSnapshotClusterContentView.iconStyleClassNameForClassName):
(WebInspector.HeapSnapshotClusterContentView.prototype.get heapSnapshot):
(WebInspector.HeapSnapshotClusterContentView.prototype.get summaryContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get instancesContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get navigationItems):
(WebInspector.HeapSnapshotClusterContentView.prototype.get selectionPathComponents):
(WebInspector.HeapSnapshotClusterContentView.prototype.shown):
(WebInspector.HeapSnapshotClusterContentView.prototype.closed):
(WebInspector.HeapSnapshotClusterContentView.prototype.saveToCookie):
(WebInspector.HeapSnapshotClusterContentView.prototype.restoreFromCookie):
(WebInspector.HeapSnapshotClusterContentView.prototype.showSummary):
(WebInspector.HeapSnapshotClusterContentView.prototype.showInstances):
(WebInspector.HeapSnapshotClusterContentView.prototype._contentViewExtraArguments):
(WebInspector.HeapSnapshotClusterContentView.prototype._pathComponentForContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype._identifierForContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype._showContentViewForIdentifier):
(WebInspector.HeapSnapshotClusterContentView.prototype._pathComponentSelected):
(WebInspector.HeapSnapshotClusterContentView.prototype._toggleShowInternalObjectsSetting):
(WebInspector.HeapSnapshotClusterContentView.prototype._updateViewsForShowInternalObjectsSettingValue):
(WebInspector.HeapSnapshotClusterContentView.prototype._updateShowInternalObjectsButtonNavigationItem):

  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js: Added.

(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.get data):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.get selectable):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCells):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.sort):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._contextMenuHandler.):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._contextMenuHandler):

  • UserInterface/Views/HeapSnapshotInstanceFetchMoreDataGridNode.js: Added.

(WebInspector.HeapSnapshotInstanceFetchMoreDataGridNode):
(WebInspector.HeapSnapshotInstanceFetchMoreDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceFetchMoreDataGridNode.prototype.sort):

  • UserInterface/Views/HeapSnapshotInstancesContentView.css: Added.
  • UserInterface/Views/HeapSnapshotInstancesContentView.js: Added.

(WebInspector.HeapSnapshotInstancesContentView):
(WebInspector.HeapSnapshotInstancesContentView.prototype.get showInternalObjects):
(WebInspector.HeapSnapshotInstancesContentView.prototype.set showInternalObjects):
(WebInspector.HeapSnapshotInstancesContentView.prototype._sortDataGrid):

  • UserInterface/Views/HeapSnapshotInstancesDataGridTree.js: Added.

(WebInspector.HeapSnapshotInstancesDataGridTree):
(WebInspector.HeapSnapshotInstancesDataGridTree.buildSortComparator):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get heapSnapshot):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get includeInternalObjects):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set includeInternalObjects):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get children):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.appendChild):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.insertChild):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.removeChildren):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set sortComparator):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.sort):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype._populateTopLevel):

  • UserInterface/Views/HeapSnapshotSummaryContentView.css: Added.
  • UserInterface/Views/HeapSnapshotSummaryContentView.js: Added.

(WebInspector.HeapSnapshotSummaryContentView.createChartContainer):
(WebInspector.HeapSnapshotSummaryContentView.appendLegendRow):
(WebInspector.HeapSnapshotSummaryContentView.appendEmptyMessage):
(WebInspector.HeapSnapshotSummaryContentView):
(WebInspector.HeapSnapshotSummaryContentView.prototype.layout):

  • UserInterface/Views/PathComponentIcons.css:

(.heap-snapshot-summary-icon .icon):
(.heap-snapshot-instances-icon .icon):
(.snapshot-list-icon .icon):
(.snapshot-diff-icon .icon):
(body:not(.mac-platform, .windows-platform) .snapshot-diff-icon .icon):
(body:not(.mac-platform, .windows-platform) .call-trees-icon .icon): Deleted.

  • UserInterface/Views/TextNavigationItem.css:

(.navigation-bar .item.text):

  • UserInterface/Views/TextNavigationItem.js:

(WebInspector.TextNavigationItem):
(WebInspector.TextNavigationItem.prototype.get text):
(WebInspector.TextNavigationItem.prototype.set text):

  • UserInterface/Views/TimelineIcons.css:

(.heap-snapshot-record .icon):

  • UserInterface/Views/Variables.css:

(:root):
New views.

  • UserInterface/Views/FormattedValue.js:

(WebInspector.FormattedValue.createElementForNodePreview):
(WebInspector.FormattedValue.createElementForFunctionWithName):
(WebInspector.FormattedValue.createObjectPreviewOrFormattedValueForObjectPreview):
Better display for a raw object preview.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.userSelectedRecord):

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView):
(WebInspector.TimelineRecordingContentView.prototype.timelineOverviewUserSelectedRecord):

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype.set allowsTimeRangeSelection):
(WebInspector.TimelineRuler.prototype._handleClick):
(WebInspector.TimelineRuler.prototype._handleMouseDown):
(WebInspector.TimelineRuler.prototype._handleMouseMove):

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView.prototype.userSelectedRecordFromOverview):
Hook up a way for clicking in the TimelineOverview / TimelineRuler
to redispatch to an OverviewGraph element, and provide a patch for
the Overview -> RecordingContentView -> TimelineView for records.

1:35 PM Changeset in webkit [197953] by jer.noble@apple.com
  • 49 edits
    4 adds in trunk

Add separate WK and WK2 preferences for requiring user gestures for video media, distinct from user gestures for media generally
https://bugs.webkit.org/show_bug.cgi?id=155141

Reviewed by Beth Dakin.

Source/WebCore:

Rename RequireUserGestureForRateChange -> RequireUserGestureForVideoRateChange.
Rename Settings::requiresUserGestureForMediaPlayback -> Settings::videoPlaybackRequiresUserGesture.

Fix longstanding FIXME unifying our behavior restrictions between iOS and Mac.

  • Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::constructCommon): Rename.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::HTMLMediaElement): Unify behavior restriction behavior.
(WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Rename.

  • html/MediaElementSession.cpp:

(WebCore::restrictionName): Rename.
(WebCore::MediaElementSession::playbackPermitted): Rename.

  • html/MediaElementSession.h:
  • page/Settings.cpp:
  • page/Settings.in:
  • testing/Internals.cpp:

(WebCore::Internals::setMediaElementRestrictions): Rename.

Source/WebKit/mac:

Deprecate WebPreferences.mediaPlaybackRequiresUserGesture property in favor of .videoPlaybackRequiresUserGesture.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences mediaPlaybackRequiresUserGesture]):
(-[WebPreferences setMediaPlaybackRequiresUserGesture:]):
(-[WebPreferences videoPlaybackRequiresUserGesture]):
(-[WebPreferences setVideoPlaybackRequiresUserGesture:]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit/win:

  • WebView.cpp:

(WebView::notifyPreferencesChanged):

Source/WebKit2:

Add a new preference, videoPlaybackRequiresUserGesture, distinct from mediaPlaybackRequiresUserGesture. Legacy clients of
mediaPlaybackRequiresUserGesture will still be able to use it normally, as setting that preference to true will effectively
set both audioPlaybackRequiresUserGesture and videoPlaybackRequiresUserGesture to true. Make these preferences all available
universally, rather than just on PLATFORM(IOS). This requires adding a definition for -setRequiresUserActionForMediaPlayback:
and -requiresUserActionForMediaPlayback on !PLATFORM(IOS).

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetVideoPlaybackRequiresUserGesture):
(WKPreferencesGetVideoPlaybackRequiresUserGesture):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):
(-[WKWebView _setObscuredInsets:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration init]):
(-[WKWebViewConfiguration encodeWithCoder:]):
(-[WKWebViewConfiguration initWithCoder:]):
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration requiresUserActionForMediaPlayback]):
(-[WKWebViewConfiguration setRequiresUserActionForMediaPlayback:]):
(-[WKWebViewConfiguration allowsInlineMediaPlayback]):
(-[WKWebViewConfiguration setAllowsInlineMediaPlayback:]):
(-[WKWebViewConfiguration _requiresUserActionForVideoPlayback]):
(-[WKWebViewConfiguration _setRequiresUserActionForVideoPlayback:]):

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

Tools:

Set the default values for media preferences unconditionally, not just on PLATFORM(IOS). Set "video requires user gesture"
to sane defaults in addition to "audio requires user gesture" and (in the case of DumpREnderTree) instead of "media requires user gesture".

Add a new test of WK2 user gesture requirement preferences.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit/ios/video-with-audio.html:
  • TestWebKitAPI/Tests/WebKit/ios/video-without-audio.html:
  • TestWebKitAPI/Tests/WebKit2Cocoa/RequiresUserActionForPlayback.mm: Added.

(-[RequiresUserActionForPlaybackNavigationDelegate webView:didFinishNavigation:]):
(-[RequiresUserActionForPlaybackMessageHandler userContentController:didReceiveScriptMessage:]):
(RequiresUserActionForPlaybackTest::SetUp):
(RequiresUserActionForPlaybackTest::createWebView):
(RequiresUserActionForPlaybackTest::testVideoWithAudio):
(RequiresUserActionForPlaybackTest::testVideoWithoutAudio):
(RequiresUserActionForPlaybackTest::testAudioOnly):
(TEST_F):

  • TestWebKitAPI/Tests/WebKit2Cocoa/Coding.mm:

(TEST):

LayoutTests:

Update layout tests to reflect new restriction name.

  • media/audio-playback-restriction-play-expected.txt:
  • media/audio-playback-restriction-play.html:
  • media/no-autoplay-with-user-gesture-requirement.html:
  • media/video-load-require-user-gesture.html:
  • media/video-play-require-user-gesture.html:
  • media/video-crash-invisible-autoplay-display-none-expected.txt: Added.
  • media/video-crash-invisible-autoplay-display-none.html: Added.
  • media/video-main-content-allow-expected.txt:
  • media/video-main-content-allow-then-deny-expected.txt:
  • media/video-main-content-allow-then-deny.html:
  • media/video-main-content-allow.html:
  • media/video-main-content-deny-display-none-expected.txt:
  • media/video-main-content-deny-display-none.html:
  • media/video-main-content-deny-not-in-dom-expected.txt:
  • media/video-main-content-deny-not-in-dom.html:
  • media/video-main-content-deny-not-visible-expected.txt:
  • media/video-main-content-deny-not-visible.html:
  • media/video-main-content-deny-obscured-expected.txt:
  • media/video-main-content-deny-obscured.html:
  • media/video-main-content-deny-too-small-expected.txt:
  • media/video-main-content-deny-too-small.html:
1:11 PM Changeset in webkit [197952] by rniwa@webkit.org
  • 10 edits
    4 adds in trunk

Add :defined support
https://bugs.webkit.org/show_bug.cgi?id=155108

Reviewed by Antti Koivisto.

Source/WebCore:

Added :defined pseudo class which applies to a successfully instantiated custom element or a builtin element.
A new node flag, isUnresolvedCustomElement, which was added in r197917 tracks un-upgraded / unresolved custom
elements for which :defined should not apply.

Tests: fast/custom-elements/defined-pseudo-class.html

fast/custom-elements/defined-rule.html

  • bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElement): Unset isUnresolvedCustomElement now that HTMLElement's
constructor sets isUnresolvedCustomElement.

  • bindings/js/JSHTMLElementCustom.cpp:

(WebCore::constructJSHTMLElement): Set isUnresolvedCustomElement to true since :defined should never apply to
a custom element inside its constructor as HTMLElement constructor does not set the defined flag:
https://w3c.github.io/webcomponents/spec/custom/#htmlelement-constructor

  • css/CSSSelector.cpp:

(WebCore::CSSSelector::selectorText): Added the support for serializing :defined.

  • css/CSSSelector.h:

(PseudoClassType): Added PseudoClassDefined for :defined.

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne): Added the support for :defined.

  • css/SelectorCheckerTestFunctions.h:

(WebCore::isDefinedElement): Added. Returns true for any builtin element and a custom element after a successful
construction / upgrades.

  • css/SelectorPseudoClassAndCompatibilityElementMap.in: Added :defined.
  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::addPseudoClassType): Added the support for :defined.

LayoutTests:

Added W3C style testharness.js tests and ref tests for :defined pseudo class.

  • fast/custom-elements/defined-pseudo-class-expected.txt: Added.
  • fast/custom-elements/defined-pseudo-class.html: Added.
  • fast/custom-elements/defined-rule-expected.html: Added.
  • fast/custom-elements/defined-rule.html: Added.
12:52 PM Changeset in webkit [197951] by ap@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Build fix for deprecated constant names.

  • Carbon/CarbonWindowAdapter.mm:

(-[CarbonWindowAdapter initWithCarbonWindowRef:takingOwnership:disableOrdering:carbon:]):
(-[CarbonWindowAdapter sendSuperEvent:]):

12:46 PM Changeset in webkit [197950] by commit-queue@webkit.org
  • 39 edits
    4 deletes in trunk/Source

Unreviewed, rolling out r197943.
https://bugs.webkit.org/show_bug.cgi?id=155317

This change broke Windows, WinCairo, GTK and EFL builds
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"Add a baseURL parameter to _WKUserStyleSheet"
https://bugs.webkit.org/show_bug.cgi?id=155219
http://trac.webkit.org/changeset/197943

12:09 PM Changeset in webkit [197949] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

12:06 PM Changeset in webkit [197948] by BJ Burg
  • 3 edits in trunk/Tools

Web Inspector: should be able to run protocol and input generator scripts from any directory
https://bugs.webkit.org/show_bug.cgi?id=155307

Reviewed by Joseph Pecoraro.

  • Scripts/webkitpy/inspector/main.py:

(InspectorGeneratorTests.main):

  • Scripts/webkitpy/replay/main.py:

(InputGeneratorTests.main):
Compute the current SCM based on the location of the script being executed, not
the $CWD which could be anything. There's rarely a good reason to use $CWD.

11:41 AM Changeset in webkit [197947] by sbarati@apple.com
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

Assignment to new.target should be an early error
https://bugs.webkit.org/show_bug.cgi?id=151148

Reviewed by Mark Lam.

This patch makes it so that any form of assignment to new.target
is an early syntax error.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createNewTargetExpr):
(JSC::ASTBuilder::isNewTarget):
(JSC::ASTBuilder::createResolve):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createThisExpr):
(JSC::SyntaxChecker::createSuperExpr):
(JSC::SyntaxChecker::createNewTargetExpr):
(JSC::SyntaxChecker::isNewTarget):
(JSC::SyntaxChecker::createResolve):
(JSC::SyntaxChecker::createObjectLiteral):

  • tests/es6.yaml:
  • tests/stress/new-target-syntax-errors.js: Added.

(shouldBeSyntaxError):
(shouldNotBeSyntaxError):

  • tests/stress/new-target.js:

(Constructor):
(doWeirdThings):
(noAssign): Deleted.
(catch): Deleted.

11:26 AM Changeset in webkit [197946] by Lucas Forschler
  • 2 edits in branches/safari-601-branch/Tools

<rdar://problem/25074204>
Unreviewed build fix attempt.

  • Scripts/webkitdirs.pm:

(determineBaseProductDir):
(determineConfiguration):
(determineArchitecture):
(determineNumberOfCPUs):
(jscPath):
(visualStudioInstallDir):
(msBuildInstallDir):
(visualStudioVersion):
(determineConfigurationProductDir):
(productDir):
(executableProductDir):
(jscProductDir):
(configuration):
(determineGenerateDsym):
(hasIOSDevelopmentCertificate):
(argumentsForXcode):
(XcodeOptions):
(XcodeOptionString):
(determinePassedConfiguration):
(passedConfiguration):
(checkFrameworks):
(checkForArgumentAndRemoveFromArrayRef):
(prohibitUnknownPort):
(determinePortName):
(portName):
(isEfl):
(isGtk):
(isWinCairo):
(isWin64):
(determineIsWin64):
(determineIsWin64FromArchitecture):
(isCygwin):
(isARM):
(isX86_64):
(isCrossCompilation):
(isAppleMacWebKit):
(isAppleWinWebKit):
(iOSSimulatorDevicesPath):
(createiOSSimulatorDevice):
(willUseIOSDeviceSDK):
(willUseIOSSimulatorSDK):
(isIOSWebKit):
(determineNmPath):
(nmPath):
(splitVersionString):
(determineOSXVersion):
(osXVersion):
(determineIOSVersion):
(iosVersion):
(isWindowsNT):
(debugger):
(determineDebugger):
(appendToEnvironmentVariableList):
(prependToEnvironmentVariableList):
(setUpGuardMallocIfNeeded):
(launcherName):
(checkRequiredSystemConfig):
(determineWindowsSourceDir):
(setupAppleWinEnv):
(setupCygwinEnv):
(buildXCodeProject):
(buildVisualStudioProject):
(isCachedArgumentfileOutOfDate):
(wrapperPrefixIfNeeded):
(canUseNinja):
(canUseNinjaGenerator):
(canUseEclipseNinjaGenerator):
(cmakeGeneratedBuildfile):
(generateBuildSystemFromCMakeProject):
(buildCMakeGeneratedProject):
(cleanCMakeGeneratedProject):
(buildCMakeProjectOrExit):
(cmakeBasedPortName):
(determineIsCMakeBuild):
(isCMakeBuild):
(promptUser):
(setPathForRunningWebKitApp):
(printHelpAndExitForRunAndDebugWebKitAppIfNeeded):
(argumentsForRunAndDebugMacWebKitApp):
(setupMacWebKitEnvironment):
(setupIOSWebKitEnvironment):
(waitUntilIOSSimulatorDeviceIsInState):
(shutDownIOSSimulatorDevice):
(restartIOSSimulatorDevice):
(relaunchIOSSimulator):
(runIOSWebKitAppInSimulator):
(runIOSWebKitApp):
(execMacWebKitAppForDebugging):
(debugSafari):
(runSafari):
(runMiniBrowser):
(determineIsEfl): Deleted.
(determineIsGtk): Deleted.
(determineIsWinCairo): Deleted.
(willUseIOSDeviceSDKWhenBuilding): Deleted.
(willUseIOSSimulatorSDKWhenBuilding): Deleted.
(shouldTargetWebProcess): Deleted.
(determineShouldTargetWebProcess): Deleted.
(shouldUseXPCServiceForWebProcess): Deleted.
(determineShouldUseXPCServiceForWebProcess): Deleted.
(jhbuildWrapperPrefixIfNeeded): Deleted.
(canUseEclipse): Deleted.

10:39 AM Changeset in webkit [197945] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebKit2

[MediaStream] push media stream state to the UI process
https://bugs.webkit.org/show_bug.cgi?id=155281

Reviewed by Dean Jackson.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didCommitLoadForFrame): Don't clear m_mediaState, it is done in

WebPageProxy::resetState. This reverts a change added in r197929.

10:30 AM Changeset in webkit [197944] by dbates@webkit.org
  • 23 edits in trunk

CSP: Implement support for script and style nonces
https://bugs.webkit.org/show_bug.cgi?id=116508
<rdar://problem/24963980>

Reviewed by Brent Fulgham.

Source/WebCore:

Add support for script-src and style-src nonces as per sections Nonce usage for script elements
and Nonce usage for style elements of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

  • dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::createSheet): Check if the nonce for an HTML style element matches a known nonce.

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestScript): Check if the nonce for an HTML script element for an external JavaScript
script matches a known nonce. If it does then skip subsequent checks of the Content Security Policy when loading
the script.
(WebCore::ScriptElement::executeScript): Check if the nonce for an HTML script element for an inline JavaScript
script matches a known nonce.

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process): Check if the nonce for an HTML link element matches a known nonce. If it does
then skip subsequent checks of the Content Security Policy when loading the stylesheet.

  • html/HTMLScriptElement.idl: Unconditionally expose attribute nonce.
  • html/HTMLStyleElement.idl: Ditto.
  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::isAllowedByAllWithNonce):
(WebCore::ContentSecurityPolicy::allowScriptWithNonce): Check if the nonce attribute value of a script element
matches a known nonce. This function delegates the check to ContentSecurityPolicyDirectiveList::allowScriptWithNonce().
(WebCore::ContentSecurityPolicy::allowStyleWithNonce): Check if the nonce attribute value of a style/link element
matches a known nonce. This function delegates the check to ContentSecurityPolicyDirectiveList::allowStyleWithNonce().

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::checkNonce): Checks if the directive allows the specified nonce.
(WebCore::ContentSecurityPolicyDirectiveList::allowScriptWithNonce): Check if the specified nonce is in
the source list of the script-src directive (if specified) or the source list of the default-src directive (if specified).
(WebCore::ContentSecurityPolicyDirectiveList::allowStyleWithNonce): Check if the specified nonce is in
the source list of the style-src directive (if specified) or the source list of the default-src directive (if specified).

  • page/csp/ContentSecurityPolicyDirectiveList.h:
  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::matches): Returns whether the specified nonce is in the HashSet of
nonces for the directive.
(WebCore::ContentSecurityPolicySourceList::parse): Modified to call ContentSecurityPolicySourceList::parseNonceSource()
to parse a nonce source expression.
(WebCore::isBase64Character): Moved function to be above function ContentSecurityPolicySourceList::parseNonceSource()
so that it can referenced from both ContentSecurityPolicySourceList::parseNonceSource() and ContentSecurityPolicySourceList::parseHashSource().
(WebCore::isNonceCharacter): Added. Matches Blink's definition of a valid nonce character. This definition differs
from the definition in the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (29 February 2016).
(WebCore::ContentSecurityPolicySourceList::parseNonceSource): Parses a source expression for a nonce value.

  • page/csp/ContentSecurityPolicySourceList.h:

(WebCore::ContentSecurityPolicySourceList::allowInline): We only allow inline scripts/stylesheets if
'unsafe-inline' was specified in the source list and the source list does not contain any hash sources
or nonce sources.

  • page/csp/ContentSecurityPolicySourceListDirective.cpp:

(WebCore::ContentSecurityPolicySourceListDirective::allows): Checks if the specified nonce is in the source list.

  • page/csp/ContentSecurityPolicySourceListDirective.h:

LayoutTests:

Update expected results due to differences between Blink and WebKit violation message formats.

Additionally mark script- and style- nonce tests as PASS in LayoutTests/TestExpectations so
that we run them.

  • TestExpectations:
  • http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash.html:
  • http/tests/security/contentSecurityPolicy/1.1/scriptnonce-basic-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce-expected.txt: Also update result

to reflect that we consider "'n-" an invalid source expression (as expected).

  • http/tests/security/contentSecurityPolicy/1.1/stylenonce-allowed-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/stylenonce-blocked-expected.txt:
10:24 AM Changeset in webkit [197943] by weinig@apple.com
  • 39 edits
    4 adds in trunk/Source

Add a baseURL parameter to _WKUserStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=155219

Reviewed by Tim Horton.

Source/WebCore:

  • Moves to a model for user content where instead of each page having a WebCore::UserContentController object, we have an abstract WebCore::UserContentProvider interface that can be implemented at the WebKit level. For now, legacy WebKit continues to use the old UserContentController, which implements WebCore::UserContentProvider, and WebKit2 implements its own implementation so it can store additional state.
  • WebCore.xcodeproj/project.pbxproj:

Add new files.

  • dom/ExtensionStyleSheets.cpp:

(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
Switch to using forEachUserStyleSheet on the UserContentProvider.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource):
Remove null check now that we always have a UserContentProvider.

  • loader/EmptyClients.cpp:

(WebCore::fillWithEmptyClients):

  • loader/EmptyClients.h:

Add new EmptyClients.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadResourceSynchronously):
Remove null check now that we always have a UserContentProvider.

  • loader/PingLoader.cpp:

(WebCore::processContentExtensionRulesForLoad):
Remove null check now that we always have a UserContentProvider.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::willSendRequestInternal):
Remove null check now that we always have a UserContentProvider.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):
Remove null check now that we always have a UserContentProvider.

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::shouldHaveWebKitNamespaceForWorld):
Remove null checks now that we always have a UserContentProvider, and userMessageHandlerDescriptors
returns a reference.

(WebCore::DOMWindow::open):
Remove null check now that we always have a UserContentProvider.

  • page/Frame.cpp:

(WebCore::Frame::injectUserScripts):
Simplify by lifting document check out of the main loop and using forEachUserScript.

  • page/Page.cpp:

(WebCore::Page::Page):
(WebCore::Page::~Page):
(WebCore::Page::userContentProvider):
(WebCore::Page::setUserContentProvider):
(WebCore::Page::setUserContentController): Deleted.

  • page/Page.h:

(WebCore::Page::userContentController): Deleted.

  • page/PageConfiguration.h:

Store the UserContentProvider in a Ref, and require PageConfigurations to provide one. This
removes a bunch of null checks and simplifies the code.

  • page/UserContentController.cpp:

(WebCore::UserContentController::~UserContentController):
(WebCore::UserContentController::forEachUserScript):
(WebCore::UserContentController::forEachUserStyleSheet):
(WebCore::UserContentController::addUserScript):
(WebCore::UserContentController::removeUserScript):
(WebCore::UserContentController::removeUserScripts):
(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::addUserMessageHandlerDescriptor):
(WebCore::UserContentController::removeUserMessageHandlerDescriptor):
(WebCore::UserContentController::addUserContentExtension):
(WebCore::UserContentController::removeUserContentExtension):
(WebCore::UserContentController::removeAllUserContentExtensions):
(WebCore::UserContentController::removeAllUserContent):
(WebCore::UserContentController::addPage): Deleted.
(WebCore::UserContentController::removePage): Deleted.
(WebCore::contentExtensionsEnabled): Deleted.
(WebCore::UserContentController::processContentExtensionRulesForLoad): Deleted.
(WebCore::UserContentController::actionsForResourceLoad): Deleted.

  • page/UserContentController.h:

(WebCore::UserContentController::userScripts): Deleted.
(WebCore::UserContentController::userStyleSheets): Deleted.
(WebCore::UserContentController::userMessageHandlerDescriptors): Deleted.
Add inheritance from UserContentProvider and simplify things by removing unique_ptrs
that were holding the member variables. There is usually only one UserContentController
so having these in unique_ptrs doesn't make much sense.

  • page/UserContentProvider.cpp: Added.

(WebCore::UserContentProvider::UserContentProvider):
(WebCore::UserContentProvider::~UserContentProvider):
(WebCore::UserContentProvider::addPage):
(WebCore::UserContentProvider::removePage):
(WebCore::UserContentProvider::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
(WebCore::contentExtensionsEnabled):
(WebCore::UserContentProvider::processContentExtensionRulesForLoad):
(WebCore::UserContentProvider::actionsForResourceLoad):

  • page/UserContentProvider.h: Added.

Add abstract class for providing user content and add some helpers on it.

  • page/UserMessageHandlerDescriptor.h:

(WebCore::UserMessageHandlerDescriptor::create):
(WebCore::UserMessageHandlerDescriptor::client):
(WebCore::UserMessageHandlerDescriptor::invalidateClient):

  • page/UserMessageHandlersNamespace.cpp:

(WebCore::UserMessageHandlersNamespace::handler):
Simplify now that userContentProvider() and userMessageHandlerDescriptors() are references.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):
(-[WebView setGroupName:]):
Update to account for the name change from UserContentController -> UserContentProvider.

Source/WebKit2:

  • Moves to a model for user content where instead of using a WebCore::UserContentController object, we implement the new WebCore::UserContentProvider interface (on the existing WebUserContentController object).
  • Uses this to maintain maps of UserStylesSheets and UserScripts along with their identifiers, freeing up the URL, which had been acting as the identifier, to be used as the baseURL which was what it was intended for.
  • Adds a baseURL property to _WKUserStyleSheet.
  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • Scripts/webkit/messages.py:

(headers_for_type):
Add support for sending WebUserContentControllerDataTypes.

  • Shared/WebUserContentControllerDataTypes.cpp: Added.

(WebKit::WebUserScriptData::encode):
(WebKit::WebUserScriptData::decode):
(WebKit::WebUserStyleSheetData::encode):
(WebKit::WebUserStyleSheetData::decode):

  • Shared/WebUserContentControllerDataTypes.h: Added.

Add helper types for sending user content over IPC.

  • UIProcess/API/APIUserScript.cpp:

(API::UserScript::generateUniqueURL):
(API::UserScript::UserScript):

  • UIProcess/API/APIUserScript.h:
  • UIProcess/API/APIUserStyleSheet.cpp:

(API::UserStyleSheet::generateUniqueURL):
(API::UserStyleSheet::UserStyleSheet):

  • UIProcess/API/APIUserStyleSheet.h:

Add identifiers for tracking across processes.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:baseURL:userContentWorld:]):
(-[_WKUserStyleSheet baseURL]):
Add new initializer which takes a baseURL as well as an accessor for the baseURL.

  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
Pass identifiers as well as user content.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::addUserScript):
(WebKit::InjectedBundle::addUserStyleSheet):
Move user content in via move semantics rather than using a unique_ptr.

(WebKit::InjectedBundle::removeUserScript):
(WebKit::InjectedBundle::removeUserStyleSheet):
(WebKit::InjectedBundle::removeUserScripts):
(WebKit::InjectedBundle::removeUserStyleSheets):
(WebKit::InjectedBundle::removeAllUserContent):
Update for new function signatures.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::WebUserContentController):
(WebKit::WebUserContentController::~WebUserContentController):
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):
(WebKit::WebUserContentController::addUserScriptMessageHandlers):
(WebKit::WebUserContentController::removeUserScriptMessageHandler):
(WebKit::WebUserContentController::addUserContentExtensions):
(WebKit::WebUserContentController::removeUserContentExtension):
(WebKit::WebUserContentController::removeAllUserContentExtensions):
(WebKit::WebUserContentController::addUserScriptInternal):
(WebKit::WebUserContentController::addUserScript):
(WebKit::WebUserContentController::removeUserScriptWithURL):
(WebKit::WebUserContentController::removeUserScriptInternal):
(WebKit::WebUserContentController::removeUserScripts):
(WebKit::WebUserContentController::addUserStyleSheetInternal):
(WebKit::WebUserContentController::addUserStyleSheet):
(WebKit::WebUserContentController::removeUserStyleSheetWithURL):
(WebKit::WebUserContentController::removeUserStyleSheetInternal):
(WebKit::WebUserContentController::removeUserStyleSheets):
(WebKit::WebUserContentController::removeAllUserContent):
(WebKit::WebUserContentController::forEachUserScript):
(WebKit::WebUserContentController::forEachUserStyleSheet):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:

Convert to inheriting from UserContentProvider, rather than containing a UserContentController.
This means adding the storage for the user content, which has been simplified to avoid using
unique_ptrs.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):
Update to call the WebUserContentController, rather than going to the UserContentController, which
no longer exists.

  • WebProcess/WebPage/WebPageGroupProxy.cpp:

(WebKit::WebPageGroupProxy::userContentController):

  • WebProcess/WebPage/WebPageGroupProxy.h:

Return the WebUserContentController rather than old UserContentController.

10:23 AM Changeset in webkit [197942] by ddkilzer@apple.com
  • 5 edits in trunk

[iOS] DumpRenderTree crashes when accessing window.testRunner.inspectorTestStubURL
<http://webkit.org/b/155295>

Reviewed by Brent Fulgham.

Tools:

  • DumpRenderTree/mac/TestRunnerMac.mm:

(TestRunner::inspectorTestStubURL): Always return nullptr for
PLATFORM(IOS). This matches what we did in r192604 for
WebKitTestRunner/InjectedBundle/mac/TestRunnerMac.mm.

LayoutTests:

  • platform/ios-simulator-wk1/TestExpectations:
  • platform/ios-simulator-wk2/TestExpectations:
  • Remove all "inspector/" tests. They are already skipped in platform/ios-simulator/TestExpectations, so no need to resurrect them here.
9:55 AM Changeset in webkit [197941] by Ryan Haddad
  • 22 edits in trunk/Source

Unreviewed, rolling out r197923.
https://bugs.webkit.org/show_bug.cgi?id=155301

Rolling out this change due to breaking the build and
LayoutTests. (Requested by ryanhaddad on #webkit).

Reverted changeset:

"Font antialiasing (smoothing) changes when elements are
rendered into compositing layers"
https://bugs.webkit.org/show_bug.cgi?id=23364
http://trac.webkit.org/changeset/197923

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-10

9:46 AM Changeset in webkit [197940] by dbates@webkit.org
  • 28 edits
    8 adds in trunk

CSP: Implement support for inline script and inline style hashes
https://bugs.webkit.org/show_bug.cgi?id=155007
<rdar://problem/24964098>

Reviewed by Brent Fulgham.

Source/WebCore:

Inspiration taken from the analogous implementation in Blink.

Add support for script-src and style-src hashes as per sections Hash usage for script elements
and Hash usage for style elements of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Test: http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html

  • WebCore.xcodeproj/project.pbxproj: Add file ContentSecurityPolicyHash.h. Also sort the list of files

in the group WebCore/page/csp.

  • dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::createSheet): Pass the content of the stylesheet when querying whether
the stylesheet is allowed by the Content Security Policy.

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::executeScript): Pass the content of the inline JavaScript script when querying
whether the script is allowed by the Content Security Policy.

  • dom/StyledElement.cpp:

(WebCore::StyledElement::styleAttributeChanged): The Content Security Policy style-src hashes do not apply
to inline styles defined in the HTML style attribute. So, pass a null string (to indicate the absence of
content) when querying whether the inline style is allowed by the Content Security Policy.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::toCryptoDigestAlgorithm): Convenience function that maps a ContentSecurityPolicyHashAlgorithm
enumerator to a CryptoDigest::Algorithm enumerator.
(WebCore::isAllowedByAllWithHashFromContent): Computes the digest of the specified content for each
hash algorithm and checks if digest matches a hash that was specified in a policy.
(WebCore::ContentSecurityPolicy::documentEncoding): Added.
(WebCore::ContentSecurityPolicy::allowInlineScript): Check if the hash of the script matches a known
hash if applicable. Otherwise, fall back to checking the URL of the script.
(WebCore::ContentSecurityPolicy::allowInlineStyle): Check if the hash of the stylesheet matches a
known hash if applicable. Otherwise, fall back to checking the URL of the stylesheet.

  • page/csp/ContentSecurityPolicy.h:

(WebCore::ContentSecurityPolicy::addHashAlgorithmsForInlineScripts): Adds the specified set of
hash algorithms to the existing set of hash algorithms we know are used for inline scripts.
(WebCore::ContentSecurityPolicy::addHashAlgorithmsForInlineStylesheets): Adds the specified set of
hash algorithms to the existing set of hash algorithms we know are used for inline stylesheets.

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::checkEval): Make this a static, non-member function because it does not depend on any
instance or class variables. Mark this function as inline to give a hint to the compiler that it
should consider inlining the implementation of this function into the caller.
(WebCore::checkInline): Ditto.
(WebCore::checkSource): Ditto.
(WebCore::checkHash): Checks if the directive allows content with the specified hash.
(WebCore::checkMediaType): Make this a static, non-member function because it does not depend on
any instance or class variables. Mark this function as inline to give a hint to the compiler that
it should consider inlining the implementation of this function into the caller.
(WebCore::ContentSecurityPolicyDirectiveList::create): Modified as needed now that WebCore::checkEval()
is a static, non-member function.
(WebCore::ContentSecurityPolicyDirectiveList::allowInlineScriptWithHash): Added.
(WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyleWithHash): Added.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Modified to pass the hash algorithms seen
from parsing the directives script-src, style-src, and default-src to the ContentSecurityPolicy object.
(WebCore::ContentSecurityPolicyDirectiveList::checkEval): Deleted.
(WebCore::ContentSecurityPolicyDirectiveList::checkInline): Deleted.
(WebCore::ContentSecurityPolicyDirectiveList::checkSource): Deleted.
(WebCore::ContentSecurityPolicyDirectiveList::checkMediaType): Deleted.

  • page/csp/ContentSecurityPolicyDirectiveList.h:
  • page/csp/ContentSecurityPolicyHash.h: Added.

(WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::hash): Compute the hash of a digest as
we would compute the hash of a string.
(WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::equal): Compare digests for equality
by making use of Vector's equality operator.

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::matches): Checks if the hash is in the set of known hashes.
(WebCore::ContentSecurityPolicySourceList::parse): Modified to call ContentSecurityPolicySourceList::parseHashSource()
to try to parse the source list expression as a hash source. If this fails then we try to parse the
source expression as a scheme/host/port expression.
(WebCore::parseHashAlgorithmAdvancingPosition): Parses the hash algorithm from a hash source expression.
(WebCore::isBase64Character): Returns whether the specified character is a valid Base64/Base64url character,
excluding the padding character '='. Disregarding the omission of the padding character '=', this function
conforms to the ABNF grammar defined in section Source Lists of the Content Security Policy Level 3 spec.,
<https://w3c.github.io/webappsec-csp> (Editor’s Draft, 29 February 2016). We take the padding character '='
into account in ContentSecurityPolicySourceList::parseHashSource().
(WebCore::ContentSecurityPolicySourceList::parseHashSource): Parses a hash source expression per the ABNF
grammar described in section Source Lists of the Content Security Policy Level 3 spec.

  • page/csp/ContentSecurityPolicySourceList.h:

(WebCore::ContentSecurityPolicySourceList::hashAlgorithmsUsed): Returns the set of hash algorithms seen from
parsing the source list.
(WebCore::ContentSecurityPolicySourceList::allowInline): We only allow inline scripts/stylesheets if
'unsafe-inline' was specified in the source list and the source list does not contain any hash sources.

  • page/csp/ContentSecurityPolicySourceListDirective.cpp:

(WebCore::ContentSecurityPolicySourceListDirective::allows): Checks if the specified hash is in the source list.

  • page/csp/ContentSecurityPolicySourceListDirective.h:

(WebCore::ContentSecurityPolicySourceListDirective::hashAlgorithmsUsed): Turns around and calls ContentSecurityPolicySourceList::hashAlgorithmsUsed().

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html to ensure that
script hashes are interpreted correctly. Update many existing tests that had a hash source with
a SHA-1 hash to use a SHA-256 hash. The valid hash algorithms are SHA-256, SHA-384, and SHA-512
per the Content Security Policy Level 3 spec. At the time of writing, Blink also supports SHA-1.

  • TestExpectations: Mark many CSP 1.1 tests as PASS so that we run them. Remove entries for tests

http/tests/security/contentSecurityPolicy/1.1/{script, style}hash-default-src.html as these tests
now pass.

  • http/tests/security/contentSecurityPolicy/1.1/resources/didRunInlineScriptEpilogue.js: Added.
  • http/tests/security/contentSecurityPolicy/1.1/resources/didRunInlineScriptPrologue.js: Added.
  • http/tests/security/contentSecurityPolicy/1.1/resources/testScriptHash.php: Added.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed.html: Update test as SHA-1 is not

a supported hash algorithm per the Content Security Policy Level 3 spec.

  • http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-default-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-malformed-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html: Update test

as SHA-1 is not a supported hash algorithm per the Content Security Policy Level 3 spec.

  • http/tests/security/contentSecurityPolicy/1.1/stylehash-allowed-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-allowed.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked-error-event.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-default-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/stylehash-svg-style-basic-blocked-error-event.html: Update test

as SHA-1 is not a supported hash algorithm per the Content Security Policy Level 3 spec.

8:57 AM Changeset in webkit [197939] by Chris Dumez
  • 10 edits in trunk/Source

Speculative revalidation requests do not have their 'first party for cookies' URL set
https://bugs.webkit.org/show_bug.cgi?id=155284
<rdar://problem/25053203>

Reviewed by Antti Koivisto.

Source/WebCore:

Export a few more symbols so they can be used in WebKit2.

  • platform/URL.h:
  • platform/network/ResourceRequestBase.h:

Source/WebKit2:

Speculative revalidation requests did not have their 'first party for cookies'
URL set. This means the underlying NSURLRequest has a nil mainDocumentURL.
Without a way to determine whether the cookie is in a third-party context,
CFNetwork defaults to accepting all cookies for these resources.

  • NetworkProcess/cache/NetworkCacheCoders.cpp:

(WebKit::NetworkCache::Coder<WebCore::URL>::encode):
(WebKit::NetworkCache::Coder<WebCore::URL>::decode):

  • NetworkProcess/cache/NetworkCacheCoders.h:

Add template specialization to support encoding / decoding WebCore::URL.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::constructRevalidationRequest):
Set the "first party for cookies" URL on the revalidation request.

(WebKit::NetworkCache::SpeculativeLoadManager::PendingFrameLoad::registerSubresourceLoad):
(WebKit::NetworkCache::SpeculativeLoadManager::PendingFrameLoad::saveToDiskIfReady):
Now keep the subresources' ResourceRequests, in addition to their key, so we can later
extract the 'first party for cookies' URL from the request and save it to disk.

(WebKit::NetworkCache::SpeculativeLoadManager::registerLoad):
Pass the ResourceRequest in addition to the key to
PendingFrameLoad::registerSubresourceLoad().

(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):
Add an extra SubresourceInfo parameter, in addition to the Entry, so we
have access to the first party for cookies URL. Pass this URL to
constructRevalidationRequest().

(WebKit::NetworkCache::SpeculativeLoadManager::preloadEntry):
Add an extra SubresourceInfo parameter, in addition to the Entry, so we
have access to the first party for cookies URL.

(WebKit::NetworkCache::SpeculativeLoadManager::startSpeculativeRevalidation):
Pass the SubresourceInfo to preloadEntry().

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:
  • NetworkProcess/cache/NetworkCacheSubresourcesEntry.cpp:

(WebKit::NetworkCache::SubresourcesEntry::SubresourceInfo::encode):
(WebKit::NetworkCache::SubresourcesEntry::SubresourceInfo::decode):
Encode / Decode new firstPartyForCookies member.

(WebKit::NetworkCache::SubresourcesEntry::SubresourcesEntry):
(WebKit::NetworkCache::SubresourcesEntry::updateSubresourceLoads):
Take SubresourceLoad objects in, instead of simple Key objects so we have
access to the ResourceRequest. We extract the first party for cookies URL
from the request and pass it to the SubresourceInfo constructor.

  • NetworkProcess/cache/NetworkCacheSubresourcesEntry.h:

(WebKit::NetworkCache::SubresourcesEntry::SubresourceInfo::SubresourceInfo):
(WebKit::NetworkCache::SubresourcesEntry::SubresourceLoad::SubresourceLoad):

8:28 AM Changeset in webkit [197938] by jer.noble@apple.com
  • 6 edits in trunk/Source

Enable AVFoundationNSURLSessionEnabled by default
https://bugs.webkit.org/show_bug.cgi?id=154469

Reviewed by Sam Weinig.

Source/WebCore:

  • page/Settings.cpp:

Source/WebKit/mac:

  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Source/WebKit2:

  • Shared/WebPreferencesDefinitions.h:
8:24 AM Changeset in webkit [197937] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r197927 - [GTK] Artifacts when using web view background color
https://bugs.webkit.org/show_bug.cgi?id=155229

Reviewed by Mario Sanchez Prada.

This is because when using a web view color, we fill with the
color every rectangle updated by the web process, but we should
always fill the entire backing store before rendering the actual
contents on top.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::display): Ensure the web process always
renders the whole visible rectangle when background is rendered by
the UI process.

8:22 AM Changeset in webkit [197936] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r197733 - REGRESSION(r197062): [GTK] Transparent backgrounds no longer work after r197062
https://bugs.webkit.org/show_bug.cgi?id=155119

Reviewed by Martin Robinson.

This is because after r197062 we are now realizing the view too
early, even before the toplevel window has been realized, forcing
the toplevel window to be realized. If the RGBA visual is set on
the window after it has been realzied it doesn't have any
effect. We should wait until the toplevel window is realized to
realize the web view, giving time to the application to set RGBA
visual and background color. If the toplevel window is already
realized we realize the web view immediately, so that this doesn't
affect the tearing problems fixed in r197062.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(toplevelWindowRealized):
(webkitWebViewBaseSetToplevelOnScreenWindow):

8:10 AM Changeset in webkit [197935] by Carlos Garcia Campos
  • 5 edits
    2 moves in releases/WebKitGTK/webkit-2.10

Merge r196807 - Revert to dispatching the popstate event synchronously
https://bugs.webkit.org/show_bug.cgi?id=153297
rdar://problem/24092294

Reviewed by Brent Fulgham.

Source/WebCore:

r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
r192369's changes to Document.cpp, but retains the new tests.

Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
frames from the document that will later be accessed by HistoryController::recursiveGoToItem().

To prevent the crashes, this change does two things:

  1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it.
  2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted.

Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

  • dom/Document.cpp:

(WebCore::Document::enqueuePopstateEvent):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadSameDocumentItem):

  • loader/HistoryController.cpp:

(WebCore::HistoryController::recursiveGoToItem):

LayoutTests:

Renamed and modified this test to expect synchronous dispatch.

  • fast/loader/stateobjects/popstate-is-synchronous-expected.txt: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt.
  • fast/loader/stateobjects/popstate-is-synchronous.html: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous.html.
8:09 AM Changeset in webkit [197934] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10

Merge r192369 - popstate event should be dispatched asynchronously
https://bugs.webkit.org/show_bug.cgi?id=36202
<rdar://problem/7761279>

Based on an original patch by Mihai Parparita <mihaip@chromium.org>.

Reviewed by Brent Fulgham.

Source/WebCore:

Tests: fast/loader/remove-iframe-during-history-navigation-different.html

fast/loader/remove-iframe-during-history-navigation-same.html
fast/loader/stateobjects/popstate-is-asynchronous.html

  • dom/Document.cpp:

(WebCore::Document::enqueuePopstateEvent):
Use enqueueWindowEvent().

LayoutTests:

  • fast/loader/remove-iframe-during-history-navigation-different-expected.txt: Added.
  • fast/loader/remove-iframe-during-history-navigation-different.html: Added.

Imported from Blink.

  • fast/loader/remove-iframe-during-history-navigation-same-expected.txt: Added.
  • fast/loader/remove-iframe-during-history-navigation-same.html: Added.

Ditto.

  • fast/loader/stateobjects/popstate-fires-on-history-traversal.html:

Modified to account for popstate firing asynchronously.

  • fast/loader/stateobjects/popstate-is-asynchronous-expected.txt: Added.
  • fast/loader/stateobjects/popstate-is-asynchronous.html: Added.

Based on Mihai's original test. Modified to pass in current WebKit.

7:30 AM Changeset in webkit [197933] by fred.wang@free.fr
  • 16 edits
    53 adds in trunk

[GTK] Add support for WOFF2
https://bugs.webkit.org/show_bug.cgi?id=152616

.:

Patch by Frederic Wang <fwang@igalia.org> on 2016-03-10
Reviewed by Carlos Garcia Campos.

  • Source/CMakeLists.txt: Build brotli and woff2 third-party libraries if WOFF2 is enabled.
  • Source/cmake/OptionsGTK.cmake: Always enable WOFF2 on GTK.

Source/ThirdParty:

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-10
Reviewed by Carlos Garcia Campos.

We import the source of the third-party brotli and woff2 libraries because release packages do not exist yet.
The script to update source from upstream as well as the makefile to compile relevant files are based on similar code from Mozilla.

  • brotli/CMakeLists.txt: Added. We force BROTLI_BUILD_PORTABLE by default, see https://github.com/google/brotli/issues/307.
  • brotli/LICENSE: Added.
  • brotli/README.webkit: Added.
  • brotli/dec/Makefile: Added.
  • brotli/dec/bit_reader.c: Added.
  • brotli/dec/bit_reader.h: Added.
  • brotli/dec/context.h: Added.
  • brotli/dec/decode.c: Added.
  • brotli/dec/decode.h: Added.
  • brotli/dec/dictionary.c: Added.
  • brotli/dec/dictionary.h: Added.
  • brotli/dec/huffman.c: Added.
  • brotli/dec/huffman.h: Added.
  • brotli/dec/port.h: Added.

(BrotliRBit):

  • brotli/dec/prefix.h: Added.
  • brotli/dec/state.c: Added.
  • brotli/dec/state.h: Added.
  • brotli/dec/transform.h: Added.
  • brotli/dec/types.h: Added.
  • brotli/update.sh: Added. This script helps to get the latest version of the decoder source code.
  • woff2/CMakeLists.txt: Added. We only compile the decoder files.
  • woff2/LICENSE: Added.
  • woff2/README.webkit: Added.
  • woff2/src/buffer.h: Added.

(woff2::Failure):
(woff2::Buffer::Buffer):
(woff2::Buffer::Skip):
(woff2::Buffer::Read):
(woff2::Buffer::ReadU8):
(woff2::Buffer::ReadU16):
(woff2::Buffer::ReadS16):
(woff2::Buffer::ReadU24):
(woff2::Buffer::ReadU32):
(woff2::Buffer::ReadS32):
(woff2::Buffer::ReadTag):
(woff2::Buffer::ReadR64):
(woff2::Buffer::buffer):
(woff2::Buffer::offset):
(woff2::Buffer::length):
(woff2::Buffer::set_offset):

  • woff2/src/file.h: Added.

(woff2::GetFileContent):
(woff2::SetFileContents):

  • woff2/src/font.cc: Added.
  • woff2/src/font.h: Added.
  • woff2/src/glyph.cc: Added.
  • woff2/src/glyph.h: Added.

(woff2::Glyph::Glyph):

  • woff2/src/normalize.cc: Added.
  • woff2/src/normalize.h: Added.
  • woff2/src/port.h: Added.

(woff2::Log2Floor):

  • woff2/src/round.h: Added.

(woff2::Round4):

  • woff2/src/store_bytes.h: Added.

(woff2::StoreU32):
(woff2::Store16):
(woff2::StoreBytes):

  • woff2/src/table_tags.cc: Added.
  • woff2/src/table_tags.h: Added.
  • woff2/src/transform.cc: Added.
  • woff2/src/transform.h: Added.
  • woff2/src/variable_length.cc: Added.
  • woff2/src/variable_length.h: Added.
  • woff2/src/woff2_common.cc: Added.
  • woff2/src/woff2_common.h: Added.

(woff2::Table::operator<):

  • woff2/src/woff2_compress.cc: Added.
  • woff2/src/woff2_dec.cc: Added.
  • woff2/src/woff2_dec.h: Added.
  • woff2/src/woff2_decompress.cc: Added.
  • woff2/src/woff2_enc.cc: Added.
  • woff2/src/woff2_enc.h: Added.

(woff2::WOFF2Params::WOFF2Params):

  • woff2/update.sh: Added. This script helps to get the latest upstream version.

Source/WebCore:

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-10
Reviewed by Carlos Garcia Campos.

No new tests (Covered by existing tests).

  • CMakeLists.txt: Add woff2 source to the include directory and link WebCore against brotli and woff2.
  • platform/graphics/WOFFFileFormat.cpp:

(WebCore::isWOFF): Recognize the signature of WOFF2 font.
(WebCore::convertWOFFToSfnt): If the font has the WOFF2 signature, then try and decompress it using the woff2 library.

  • platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:

(WebCore::FontCustomPlatformData::supportsFormat): Add woff2 to the list of supported formats.

Source/WTF:

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-10
Reviewed by Carlos Garcia Campos.

  • wtf/FeatureDefines.h: Enable USE_WOFF2 flag on GTK.

Tools:

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-10
Reviewed by Carlos Garcia Campos.

  • Scripts/webkitpy/style/checker.py: Only verify basic style for third party modules brotli and woff2.

LayoutTests:

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-10
Reviewed by Carlos Garcia Campos.

  • fast/text/woff2-expected.html: Adjust font-size to work around anti-aliasing effects.
  • fast/text/woff2.html: Ditto.
  • platform/gtk/TestExpectations: Update test expectation of woff2 test for GTK.
6:32 AM Changeset in webkit [197932] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Fix the build in Windows.

Reviewed by Alberto Garcia.

  • interpreter/JSStack.cpp:

(JSC::commitSize):

6:25 AM WebKitGTK/2.12.x edited by Michael Catanzaro
(diff)
4:26 AM Changeset in webkit [197931] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebKit2

Unreviewed, revert changes accidentally committed with previous patch.

  • WebProcess/com.apple.WebProcess.sb.in:
4:15 AM Changeset in webkit [197930] by Manuel Rego Casasnovas
  • 12 edits
    2 adds in trunk

[css-grid] Fix placement for unknown named grid lines
https://bugs.webkit.org/show_bug.cgi?id=155230

Reviewed by Sergio Villar Senin.

Source/WebCore:

The spec has changed and now all the implicit lines should be considered
when we're resolving named grid lines with an unknown name.

The relevant part of the spec is
(http://dev.w3.org/csswg/css-grid/#line-placement):
"If a name is given as a <custom-ident>, only lines with that name

are counted. If not enough lines with that name exist,
all implicit grid lines are assumed to have that name
for the purpose of finding this position."

Modified the code to resolve named grid lines in GridResolvedPosition.
We need to keep the old behavior of considering "auto" unknown named
grid lines for the case of positioned grid items.

Test: fast/css-grid-layout/grid-item-unknown-named-grid-line-resolution.html

  • rendering/style/GridResolvedPosition.cpp:

(WebCore::adjustGridPositionsFromStyle):
(WebCore::lookAheadForNamedGridLine):
(WebCore::lookBackForNamedGridLine):
(WebCore::resolveNamedGridLinePositionFromStyle):
(WebCore::definiteGridSpanWithNamedLineSpanAgainstOpposite):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::resolveGridPositionFromStyle):

LayoutTests:

Updated current tests to the new expected behavior and created a new
test checking different cases explicitly.

  • fast/css-grid-layout/grid-container-change-named-grid-lines-recompute-child.html:
  • fast/css-grid-layout/grid-item-bad-named-area-auto-placement-expected.txt:
  • fast/css-grid-layout/grid-item-bad-named-area-auto-placement.html:
  • fast/css-grid-layout/grid-item-named-grid-area-resolution.html:
  • fast/css-grid-layout/grid-item-named-grid-line-resolution-expected.txt:
  • fast/css-grid-layout/grid-item-named-grid-line-resolution.html:
  • fast/css-grid-layout/grid-item-negative-position-resolution.html:
  • fast/css-grid-layout/grid-item-position-changed-dynamic.html:
  • fast/css-grid-layout/grid-item-unknown-named-grid-line-resolution-expected.txt: Added.
  • fast/css-grid-layout/grid-item-unknown-named-grid-line-resolution.html: Added.
  • fast/css-grid-layout/named-grid-lines-with-named-grid-areas-resolution.html:
4:05 AM Changeset in webkit [197929] by eric.carlson@apple.com
  • 13 edits in trunk/Source

[MediaStream] push media stream state to the UI process
https://bugs.webkit.org/show_bug.cgi?id=155281

Reviewed by Darin Adler.

Source/WebCore:

  • Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::MediaStream): Register with the document as an audio producer.
(WebCore::MediaStream::~MediaStream): Unregister.
(WebCore::MediaStream::setIsActive): Update document status.
(WebCore::MediaStream::pageMutedStateDidChange): Mute/unmute according to the page mute setting.
(WebCore::MediaStream::mediaState): Return state.
(WebCore::MediaStream::statusDidChange): Call document.updateIsPlayingMedia.
(WebCore::MediaStream::characteristicsChanged): Track stream mute state.
(WebCore::MediaStream::scheduleActiveStateChange): m_isActive -> m_active.

  • Modules/mediastream/MediaStream.h:
  • page/MediaProducer.h: Add HasActiveMediaCaptureDevice.
  • platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::hasVideo): Make const.
(WebCore::MediaStreamPrivate::hasAudio): Ditto.
(WebCore::MediaStreamPrivate::muted): New.

  • platform/mediastream/MediaStreamPrivate.h:
  • platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::AVMediaCaptureSource): Initialize muted to true.
(WebCore::AVMediaCaptureSource::captureSessionIsRunningDidChange): Set muted.

Source/WebKit2:

  • UIProcess/API/C/WKPage.cpp:

(WKPageGetMediaState): New.

  • UIProcess/API/C/WKPagePrivate.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didCommitLoadForFrame): Clear m_mediaState.
(WebKit::WebPageProxy::isPlayingMediaDidChange): Call m_pageClient.isPlayingMediaDidChange when

audio or video state changes, call m_uiClient->isPlayingAudioDidChange when audio, vidoe,
or media stream state changes.

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::mediaStateFlags): New.

12:19 AM Changeset in webkit [197928] by gskachkov@gmail.com
  • 7 edits in trunk/Source/JavaScriptCore

How we load new.target in arrow functions is broken
https://bugs.webkit.org/show_bug.cgi?id=155153

Reviewed by Saam Barati.

Fixed not correct approach of caching new.target. In current patch was added code feature
flag that shows that current function is using new.target, when generating byte code an arrow
function we are loading new.target value to its register from arrow function lexical environment.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::newTarget):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createNewTargetExpr):
(JSC::ASTBuilder::usesNewTarget):

  • parser/Nodes.h:

(JSC::ScopeNode::usesNewTarget):

  • parser/ParserModes.h:
  • tests/stress/arrowfunction-lexical-bind-newtarget.js:

Mar 9, 2016:

11:13 PM Changeset in webkit [197927] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[GTK] Artifacts when using web view background color
https://bugs.webkit.org/show_bug.cgi?id=155229

Reviewed by Mario Sanchez Prada.

This is because when using a web view color, we fill with the
color every rectangle updated by the web process, but we should
always fill the entire backing store before rendering the actual
contents on top.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::display): Ensure the web process always
renders the whole visible rectangle when background is rendered by
the UI process.

10:15 PM Changeset in webkit [197926] by commit-queue@webkit.org
  • 12 edits
    4 adds in trunk

Web Inspector: Get a RemoteObject or ObjectPreview from HeapSnapshot Object Identifier
https://bugs.webkit.org/show_bug.cgi?id=155264
<rdar://problem/25070716>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-09
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

  • inspector/InjectedScript.h:
  • inspector/InjectedScript.cpp:

(Inspector::InjectedScript::functionDetails):
(Inspector::InjectedScript::previewValue):
New InjectedScript methods for building Debugger.FunctionDetails
or Runtime.ObjectPreview protocol objects from a JSValue.

  • inspector/InjectedScriptSource.js:

(InjectedScript.prototype.previewValue):
(InjectedScript.prototype.functionDetails):
(InjectedScript.prototype.getFunctionDetails):
(InjectedScript.RemoteObject.prototype._isPreviewableObjectInternal):
(InjectedScript.RemoteObject.prototype._createObjectPreviewForValue): Deleted.
(InjectedScript.RemoteObject.prototype._appendEntryPreviews): Deleted.
Share code around creating function details or object preview objects.

  • inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::InspectorHeapAgent):
(Inspector::InspectorHeapAgent::nodeForHeapObjectIdentifier):
(Inspector::InspectorHeapAgent::getPreview):
(Inspector::InspectorHeapAgent::getRemoteObject):

  • inspector/agents/InspectorHeapAgent.h:
  • inspector/protocol/Heap.json:

New protocol methods that go from heap object identifier to a
remote object or some kind of preview.

  • inspector/scripts/codegen/generator.py:

Allow runtime casts for ObjectPreview.

LayoutTests:

  • inspector/heap/getPreview-expected.txt: Added.
  • inspector/heap/getPreview.html: Added.
  • inspector/heap/getRemoteObject-expected.txt: Added.
  • inspector/heap/getRemoteObject.html: Added.

Test the new protocol methods in different scenarios.

  • inspector/heap/snapshot-expected.txt:
  • inspector/heap/snapshot.html:

Fix typo.

9:28 PM Changeset in webkit [197925] by commit-queue@webkit.org
  • 11 edits in trunk

[INTL] Intl Constructors not web compatible with Object.create usage
https://bugs.webkit.org/show_bug.cgi?id=153679

Patch by Andy VanWagoner <thetalecrafter@gmail.com> on 2016-03-09
Reviewed by Darin Adler.

Source/JavaScriptCore:

Add workaround for initializing NumberFormat and DateTimeFormat objects
using Object.create followed by constructor.call. This is necessary for
backwards compatibility with libraries relying on v1 behavior of Intl
constructors.

Collator does not get the workaround, since polyfills do not include it,
and there are not any known instances of v2 incompatible libraries.

The workaround involves checking for an object that inherits from the
*Format constructor, but was not actually initialized with that type. A
substitute instance is created and attached to the object using a private
name. The prototype functions then check for the private property to use
in place of the original object.

Since this behavior is not part of the v2 spec, it should be removed as
soon as the incompatible behavior is no longer in common use.

  • runtime/CommonIdentifiers.h:
  • runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::callIntlDateTimeFormat):

  • runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototypeGetterFormat):
(JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):

  • runtime/IntlNumberFormatConstructor.cpp:

(JSC::callIntlNumberFormat):

  • runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototypeGetterFormat):
(JSC::IntlNumberFormatPrototypeFuncResolvedOptions):

LayoutTests:

Add tests for Object.create + contructor.call initialization of NumberFormat
and DateTimeFormat objects.

  • js/intl-datetimeformat-expected.txt:
  • js/intl-numberformat-expected.txt:
  • js/script-tests/intl-datetimeformat.js:
  • js/script-tests/intl-numberformat.js:
9:27 PM Changeset in webkit [197924] by rniwa@webkit.org
  • 5 edits
    2 adds in trunk/Source/WebCore

Extract EventPath.h/cpp out of EventDispatcher.cpp
https://bugs.webkit.org/show_bug.cgi?id=155285

Reviewed by Chris Dumez.

Extracted EventPath.h/cpp out of EventDispatcher.cpp to add the support for Event.deepPath()
in webkit.org/b/153538. The new file defines member functions of EventPath and RelatedNodeRetargeter.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • dom/DOMAllInOne.cpp:
  • dom/EventDispatcher.cpp:

(WebCore::EventDispatcher::dispatchScopedEvent):
(WebCore::EventDispatcher::dispatchEvent):
(WebCore::EventPath): Moved to EventPath.cpp.
(WebCore::eventTargetRespectingTargetRules): Moved to EventPath.h.
(WebCore::shouldEventCrossShadowBoundary): Moved to EventPath.cpp.
(WebCore::nodeOrHostIfPseudoElement): Ditto.
(WebCore::RelatedNodeRetargeter): Moved to EventPath.cpp.

  • dom/EventPath.cpp: Added.

(WebCore::shouldEventCrossShadowBoundary): Moved from EventDispatcher.cpp.
(WebCore::nodeOrHostIfPseudoElement): Ditto.
(WebCore::EventPath::EventPath): Ditto.
(WebCore::RelatedNodeRetargeter): Ditto.

  • dom/EventPath.h: Added.

(WebCore::EventPath::isEmpty):
(WebCore::EventPath::size):
(WebCore::EventPath::contextAt):
(WebCore::EventPath::lastContextIfExists):
(WebCore::EventPath::eventTargetRespectingTargetRules): Moved from EventDispatcher.cpp.

9:26 PM Changeset in webkit [197923] by Simon Fraser
  • 22 edits in trunk/Source

Font antialiasing (smoothing) changes when elements are rendered into compositing layers
https://bugs.webkit.org/show_bug.cgi?id=23364
rdar://problem/7288429

Reviewed by Tim Horton.
Source/WebCore:

Improve the appearance of subpixel-antialiased ("smoothed") text in non-opaque layers
by opting in to a new CALayer backing store format.

GraphicsLayer now has setSupportsSmoothedFonts(), which is called by RenderLayerBacking
when the platform has support for the new feature. Ideally this would only be set when
we know a layer has smoothed text drawn into it, but, for now, enable this for all
layers. The right thing happens with opaque layers under the hood.

setSupportsSmoothedFonts() is turned into a PlatformCALayer contentsFormat flag, which
is ultimately passed to setBackingStoreFormat().

We also need to propagate this flag to TileController tiles.

  • platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::supportsSmoothedFontsInNonOpaqueLayers):
(WebCore::GraphicsLayer::GraphicsLayer):

  • platform/graphics/GraphicsLayer.h:

(WebCore::GraphicsLayer::supportsSmoothedFonts):
(WebCore::GraphicsLayer::setSupportsSmoothedFonts):

  • platform/graphics/TiledBacking.h:
  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayer::supportsSmoothedFontsInNonOpaqueLayers):
(WebCore::GraphicsLayerCA::setSupportsSmoothedFonts):
(WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
(WebCore::GraphicsLayerCA::updateContentsFormat):

  • platform/graphics/ca/GraphicsLayerCA.h:
  • platform/graphics/ca/PlatformCALayer.cpp:

(WebCore::PlatformCALayer::drawRepaintIndicator): Give the number a "shadow" when
the contents format says we support smoothed fonts.

  • platform/graphics/ca/PlatformCALayer.h:
  • platform/graphics/ca/TileController.cpp:

(WebCore::TileController::setTileContentsFormatFlags):
(WebCore::TileController::createTileLayer):

  • platform/graphics/ca/TileController.h:
  • platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::updateTileLayerProperties):

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.h:
  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

(WebCore::setBackingStoreFormat):
(PlatformCALayerCocoa::commonInit):
(PlatformCALayerCocoa::setContentsFormat):
(PlatformCALayer::drawLayerContents): Previously, we turned off font smoothing in
non-opaque layers to improve text appearance. We no longer need to do that when
the contents format has "SmoothedFonts".

  • platform/ios/LegacyTileGridTile.mm:

(WebCore::setBackingStoreFormat):
(WebCore::LegacyTileGridTile::LegacyTileGridTile):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::createGraphicsLayer):

Source/WebKit2:

Send the ContentsFormat to the UI process (but nothing happens to it there yet).

  • Shared/mac/RemoteLayerTreeTransaction.h:
  • Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):

  • WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::setContentsFormat):
(WebKit::PlatformCALayerRemote::contentsFormat):

  • WebProcess/WebPage/mac/PlatformCALayerRemote.h:
9:17 PM Changeset in webkit [197922] by barraclough@apple.com
  • 3 edits in trunk/Source/WebCore

WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Reviewed by Brady Eidson & Darin Adler.

The statement intended to enable WAL mode is always failing because it is missing a
prepare(). Fix this. We were also previously permitting SQLITE_OK results - this
was in error (we were only getting these because stepping the unprepared statement
returned SQLITE_OK). Also set the SQLITE_OPEN_AUTOPROXY flag when opening the
database - this will improve perfomance when the database is accessed via an AFP
mount.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

  • call prepareAndStep(), only check for SQLITE_ROW result.
  • platform/sql/SQLiteFileSystem.cpp:

(WebCore::SQLiteFileSystem::openDatabase):

  • should set SQLITE_OPEN_AUTOPROXY flag when opening database.
8:43 PM Changeset in webkit [197921] by rniwa@webkit.org
  • 25 edits in trunk

Add runtime flags for shadow DOM and custom elements
https://bugs.webkit.org/show_bug.cgi?id=155213

Reviewed by Dean Jackson.

Source/WebCore:

Added new runtime flags for shadow DOM and custom elements.

  • bindings/generic/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::setShadowDOMEnabled): Added.
(WebCore::RuntimeEnabledFeatures::shadowDOMEnabled): Added.
(WebCore::RuntimeEnabledFeatures::setCustomElementsEnabled): Added.
(WebCore::RuntimeEnabledFeatures::customElementsEnabled): Added.

  • dom/Document.idl:
  • dom/Element.idl:
  • dom/Node.idl:
  • dom/NonDocumentTypeChildNode.idl:
  • dom/ShadowRoot.idl:
  • html/HTMLSlotElement.idl:

Source/WebKit/mac:

Set the runtime flag based on preferences. Enable shadow DOM and disable custom elements by default.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences shadowDOMEnabled]):
(-[WebPreferences setShadowDOMEnabled:]):
(-[WebPreferences customElementsEnabled]):
(-[WebPreferences setCustomElementsEnabled:]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit2:

Set the runtime flag based on preferences. Enable shadow DOM and disable custom elements by default.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetShadowDOMEnabled):
(WKPreferencesGetShadowDOMEnabled):
(WKPreferencesSetCustomElementsEnabled):
(WKPreferencesGetCustomElementsEnabled):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

Source/WTF:

Removed the manual overrides of ENABLE_SHADOW_DOM and ENABLE_CUSTOM_ELEMENTS as they were
making --no-shadow-dom and --no-custom-elements flags on build-webkit useless.

  • wtf/FeatureDefines.h:

Tools:

Always enable shadow DOM and custom elements during testing.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::beginTesting):

  • WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::setShadowDOMEnabled): Added.

  • WebKitTestRunner/InjectedBundle/TestRunner.h:
8:06 PM Changeset in webkit [197920] by Brent Fulgham
  • 5 edits in trunk

Handling 'allowUniversalAccessFromFileURLs' on WKWebViewConfiguration causes test breakage
https://bugs.webkit.org/show_bug.cgi?id=155265
<rdar://problem/11101440>

Reviewed by Andy Estes.

Source/WebKit2:

We require "AllowUniversalAccessFromFileURLs" to permit file URLs from accessing
localStorage. However, this setting is not available on the Cocoa WKPreference (by design).
Instead, you need to set this value on the WKWebViewConfiguration.

Back out the work-around landed in r197889,

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration init]): Remove test workaround.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCreateInspectorPage): Set the correct flag on
the WKWebViewConfiguration.

Tools:

WK2 localStorage tests need the 'AllowUniversalAccessFromFileURLs' preference set by default.
Tests that confirm blocking localStorage manually set the flag to "False" in the test.

  • WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::initializeWebViewConfiguration): Set the default state to the correct value.

7:16 PM Changeset in webkit [197919] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: LayoutTimelineView path components should reflect grid row nesting
https://bugs.webkit.org/show_bug.cgi?id=155279
<rdar://problem/25075355>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView.prototype.get selectionPathComponents):
Walk grid nodes to build path component array.

6:41 PM Changeset in webkit [197918] by sbarati@apple.com
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

Add proper JSON.stringify support for Proxy when the target is an array
https://bugs.webkit.org/show_bug.cgi?id=155180

Reviewed by Darin Adler.

This patch makes the following type of program true:
JSON.stringify(new Proxy([25], {})) === "[25]"

We need to change the JSON stringifier to use the IsArray test
in section 7.2.2 of ES6 spec instead of the JSC inherits(JSArray::info())
test.

This patch also adds tests for general JSON.stringify support
of Proxy.

  • runtime/ArrayConstructor.cpp:

(JSC::arrayConstructorIsArray):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):

  • runtime/ArrayConstructor.h:

(JSC::isArray):

  • runtime/JSONObject.cpp:

(JSC::Stringifier::Holder::object):
(JSC::Stringifier::appendStringifiedValue):
(JSC::Stringifier::startNewLine):
(JSC::Stringifier::Holder::Holder):

  • tests/es6.yaml:
  • tests/stress/proxy-json.js: Added.

(assert):
(test):

6:33 PM Changeset in webkit [197917] by rniwa@webkit.org
  • 12 edits
    2 adds in trunk

defineElement should upgrade existing unresolved custom elements
https://bugs.webkit.org/show_bug.cgi?id=155107

Reviewed by Darin Adler.

Source/WebCore:

Added the support for upgrading existing unresolved custom elements when defineElement is called.

The current implementation upgrades elements in the order they were created and has the issue that
it keeps accumulating all elements with a hyphen in its name until defineElement is called as
documented in https://github.com/w3c/webcomponents/issues/419

This patch re-purposes IsEditingTextFlag to indicate that the node is an unresolved custom element.
Since isEditingText() is only called in textRendererIsNeeded only on Text nodes, it's mutually
exclusive with isUnresolvedCustomElement().

The list of unresolved custom elements is kept in m_upgradeCandidatesMap, a hash map of element names
to the list of unresolved elements with that name.

In addition, added the logic to use HTMLElement as the interface for unresolved custom element instead
of HTMLUnknownElement.

Test: fast/custom-elements/upgrading/upgrading-parser-created-element.html

  • bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::upgradeElement): Clear the flag.

  • bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineElement): Set the unique private name to keep the interface alive before
calling addElementDefinition as the call can now invoke author scripts.

  • dom/CustomElementDefinitions.cpp:

(WebCore::CustomElementDefinitions::addElementDefinition): Upgrade existing unresolved elements kept
in m_upgradeCandidatesMap.
(WebCore::CustomElementDefinitions::addUpgradeCandidate): Added.

  • dom/CustomElementDefinitions.h:
  • dom/Document.cpp:

(WebCore::createHTMLElementWithNameValidation): Added the code to add the unresolved custom elements
to the upgrade candidates map. Also instantiate it as HTMLElement instead of HTMLUnknownElement.
(WebCore::createFallbackHTMLElement): Ditto.

  • dom/Node.h:

(WebCore::Node::setIsCustomElement):
(WebCore::Node::isUnresolvedCustomElement): Added.
(WebCore::Node::setIsUnresolvedCustomElement): Added.
(WebCore::Node::setCustomElementIsResolved): Added. Clears IsEditingTextOrUnresolvedCustomElementFlag
and sets IsCustomElement.
(WebCore::Node::isEditingText): Check both IsEditingTextOrUnresolvedCustomElementFlag and IsTextFlag
for safety even though it's currently only used in textRendererIsNeeded which takes Text&.

  • dom/make_names.pl:

(defaultParametersHash): Added customElementInterfaceName as a parameter.
(printWrapperFactoryCppFile): Generate the code to use customElementInterfaceName when the element
for which the wrapper is created has isUnresolvedCustomElement flag set.

  • html/HTMLTagNames.in: Use HTMLElement for unresolved custom elements.
  • html/parser/HTMLConstructionSite.cpp:

(WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface): Added the code to add
the unresolved custom elements to the upgrade candidates map. Also instantiate it as HTMLElement instead
of HTMLUnknownElement.

LayoutTests:

Added W3C style testharness.js tests for asynchronously defining custom elements.

  • fast/custom-elements/upgrading/Node-cloneNode.html:
  • fast/custom-elements/upgrading/upgrading-parser-created-element-expected.txt: Added.
  • fast/custom-elements/upgrading/upgrading-parser-created-element.html: Added.
6:05 PM Changeset in webkit [197916] by enrica@apple.com
  • 12 edits in trunk/Source

Retrieve additional context for some data detector link for preview and action menu.
https://bugs.webkit.org/show_bug.cgi?id=155278
rdar://problem/24884951

Reviewed by Tim Horton.

Source/WebCore:

Adding helper function to compute a range by moving by a number of characters
from a given position and direction.
Adding function to check if the given data detector link element requires
an extended context.

  • editing/VisibleUnits.cpp:

(WebCore::rangeExpandedByCharactersInDirectionAtWordBoundary):

  • editing/VisibleUnits.h:
  • editing/cocoa/DataDetection.h:
  • editing/cocoa/DataDetection.mm:

(WebCore::DataDetection::requiresExtendedContext):

Source/WebKit2:

Data detector results for items like calendar events, can be augmented
retrieving the text surrounding the link.

  • Platform/spi/ios/DataDetectorsUISPI.h:
  • Shared/ios/InteractionInformationAtPosition.h:
  • Shared/ios/InteractionInformationAtPosition.mm:

(WebKit::InteractionInformationAtPosition::encode):
(WebKit::InteractionInformationAtPosition::decode):

  • UIProcess/ios/WKActionSheetAssistant.mm:

(-[WKActionSheetAssistant showDataDetectorsSheet]):

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _dataForPreviewItemController:atPosition:type:]):

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getPositionInformation):

6:04 PM Changeset in webkit [197915] by sbarati@apple.com
  • 16 edits
    1 add in trunk

ES6: Implement lexical scoping for function definitions in strict mode
https://bugs.webkit.org/show_bug.cgi?id=152844

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This patch implements block scoping for function definitions
in strict mode. The implementation works as follows:

  • If we're in sloppy mode, function declarations work exactly as they did before this patch. I.e, function declarations are hoisted and declared like "var" variables.


  • If you're in strict mode and at the top of a function scope or program scope, function declarations still work like they used to. They are defined like "var" variables. This is necessary for backwards compatibility because ES5 strict mode allowed duplicate function declarations at the top-most scope of a program/function.


  • If you're in strict mode and inside a block statement or a switch statement, function declarations are now block scoped. All function declarations within a block are hoisted to the beginning of the block. They are not hoisted out of the block like they are in sloppy mode. This allows for the following types of programs: ` function foo() {

function bar() { return 20; }
{

function bar() { return 30; }
bar(); 30

}
bar(); 20

}
`

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::instantiateLexicalVariables):
(JSC::BytecodeGenerator::emitPrefillStackTDZVariables):
(JSC::BytecodeGenerator::pushLexicalScope):
(JSC::BytecodeGenerator::pushLexicalScopeInternal):
(JSC::BytecodeGenerator::initializeBlockScopedFunctions):
(JSC::BytecodeGenerator::popLexicalScope):
(JSC::BytecodeGenerator::liftTDZCheckIfPossible):
(JSC::BytecodeGenerator::pushTDZVariables):
(JSC::BytecodeGenerator::getVariablesUnderTDZ):
(JSC::BytecodeGenerator::emitNewRegExp):
(JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
(JSC::BytecodeGenerator::emitNewFunctionExpression):
(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):

  • bytecompiler/BytecodeGenerator.h:
  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createSourceElements):
(JSC::ASTBuilder::features):
(JSC::ASTBuilder::numConstants):
(JSC::ASTBuilder::createFuncDeclStatement):
(JSC::ASTBuilder::createClassDeclStatement):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
(JSC::ASTBuilder::Scope::Scope):
(JSC::ASTBuilder::funcDeclarations): Deleted.

  • parser/NodeConstructors.h:

(JSC::CaseBlockNode::CaseBlockNode):
(JSC::SwitchNode::SwitchNode):
(JSC::BlockNode::BlockNode):

  • parser/Nodes.cpp:

(JSC::ScopeNode::ScopeNode):
(JSC::ScopeNode::singleStatement):
(JSC::ProgramNode::ProgramNode):
(JSC::ModuleProgramNode::ModuleProgramNode):
(JSC::EvalNode::EvalNode):
(JSC::FunctionNode::FunctionNode):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

  • parser/Nodes.h:

(JSC::VariableEnvironmentNode::VariableEnvironmentNode):
(JSC::VariableEnvironmentNode::lexicalVariables):
(JSC::VariableEnvironmentNode::functionStack):
(JSC::ScopeNode::captures):
(JSC::ScopeNode::varDeclarations):
(JSC::ScopeNode::neededConstants):
(JSC::ProgramNode::startColumn):
(JSC::ProgramNode::endColumn):
(JSC::EvalNode::startColumn):
(JSC::EvalNode::endColumn):
(JSC::ModuleProgramNode::startColumn):
(JSC::ModuleProgramNode::endColumn):
(JSC::ScopeNode::functionStack): Deleted.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::didFinishParsing):
(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseSwitchStatement):
(JSC::Parser<LexerType>::parseBlockStatement):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::getMetadata):
(JSC::Parser<LexerType>::parseFunctionDeclaration):
(JSC::Parser<LexerType>::parseExportDeclaration):

  • parser/Parser.h:

(JSC::Scope::declareVariable):
(JSC::Scope::declareFunction):
(JSC::Scope::appendFunction):
(JSC::Scope::takeFunctionDeclarations):
(JSC::Scope::declareLexicalVariable):
(JSC::Parser::currentVariableScope):
(JSC::Parser::currentLexicalDeclarationScope):
(JSC::Parser::currentFunctionScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::declareVariable):
(JSC::Parser::declareFunction):
(JSC::Parser::hasDeclaredVariable):
(JSC::Parser::isFunctionMetadataNode):
(JSC::Parser<LexerType>::parse):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createFuncDeclStatement):
(JSC::SyntaxChecker::createClassDeclStatement):
(JSC::SyntaxChecker::createBlockStatement):
(JSC::SyntaxChecker::createExprStatement):
(JSC::SyntaxChecker::createIfStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createTryStatement):
(JSC::SyntaxChecker::createSwitchStatement):
(JSC::SyntaxChecker::createWhileStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createDoWhileStatement):

  • parser/VariableEnvironment.h:

(JSC::VariableEnvironmentEntry::isExported):
(JSC::VariableEnvironmentEntry::isImported):
(JSC::VariableEnvironmentEntry::isImportedNamespace):
(JSC::VariableEnvironmentEntry::isFunction):
(JSC::VariableEnvironmentEntry::setIsCaptured):
(JSC::VariableEnvironmentEntry::setIsConst):
(JSC::VariableEnvironmentEntry::setIsExported):
(JSC::VariableEnvironmentEntry::setIsImported):
(JSC::VariableEnvironmentEntry::setIsImportedNamespace):
(JSC::VariableEnvironmentEntry::setIsFunction):
(JSC::VariableEnvironmentEntry::clearIsVar):
(JSC::VariableEnvironment::VariableEnvironment):
(JSC::VariableEnvironment::begin):
(JSC::VariableEnvironment::end):

  • tests/es6.yaml:
  • tests/stress/block-scoped-function-declarations.js: Added.

(assert):
(test):
(f.foo.bar):
(f.foo.):
(f.foo):
(f):
(assert.foo.):
(assert.foo):
(assert.foo.foo):
(assert.foo.bar):
(assert.foo.switch.case.1):
(assert.foo.switch.case.2):
(assert.foo.switch.foo):
(assert.foo.switch.bar):

LayoutTests:

  • js/let-syntax-expected.txt:
  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:

(testFailed):
(runTest):

5:55 PM Changeset in webkit [197914] by barraclough@apple.com
  • 3 edits in trunk/Source/WebKit2

Last opened tab does not receive SetHiddenPageTimerThrottlingIncreaseLimit message
https://bugs.webkit.org/show_bug.cgi?id=155126

Reviewed by Anders Carlson.

WebPageProxy will increment the hidden page throttling counter from within its constructor,
which currently causes the WebProcessPool to try to synchronously message all processes.
The web page triggering the increment then fails to receive the message, since it was
still being constructed. Make the update of the limit async, such that the page is fully
constructed before the WebProcessPool processes the update.

  • UIProcess/WebProcessPool.cpp:

(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):

  • This now schedules a zero-delay timer to handle the update.

(WebKit::m_hiddenPageThrottlingTimer):

  • This is now responsible for calling updateHiddenPageThrottlingAutoIncreaseLimit.
  • UIProcess/WebProcessPool.h:
    • Added m_hiddenPageThrottlingTimer.
5:54 PM Changeset in webkit [197913] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

5:53 PM Changeset in webkit [197912] by ddkilzer@apple.com
  • 3 edits in trunk/Tools

check-webkit-style: fix false-positive warnings about @try/@catch blocks in Objective-C++ source files
<http://webkit.org/b/155273>

Reviewed by Andy Estes.

  • Scripts/webkitpy/style/checkers/cpp.py:

(check_spacing_for_function_call): Ignore @catch lines.
(check_braces): Ditto.

  • Scripts/webkitpy/style/checkers/cpp_unittest.py:

(CppStyleTest.test_brace_at_begin_of_line): Add test case.

5:46 PM Changeset in webkit [197911] by dbates@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix the Windows build after <https://trac.webkit.org/changeset/197905>
(https://bugs.webkit.org/show_bug.cgi?id=155247)

We need to call the std::unique_ptr<CryptoDigest>() constructor directly
instead of using the convenience function std::make_unique<CryptoDigest>()
because std::make_unique<CryptoDigest>() cannot access the private constructor
CryptoDigest().

  • platform/crypto/win/CryptoDigestWin.cpp:

(WebCore::CryptoDigest::create):

5:38 PM Changeset in webkit [197910] by jonlee@apple.com
  • 6 edits in trunk/PerformanceTests

Enhance existing Animometer tests
https://bugs.webkit.org/show_bug.cgi?id=155261

Reviewed by Simon Fraser.

  • Animometer/tests/master/resources/canvas-tests.js: Add a gradient to

the filled circles. To expose more of the gradient, add another circle.
(SimpleCanvasStage.call.animate): For each frame, create a gradient with
undulating stop points and colors. Fill the circles twice; once with
the solid color, and once with the gradient.

  • Animometer/tests/master/resources/dom-particles.js: Refactor the

emission variables into a separate stage for this test. Add a colorOffset
variable to make the colors of each particle slightly different, since
the ramp controller can add large numbers of particles all at once, which
would otherwise get all the same color.

  • Animometer/tests/master/resources/particles.js:

(initialize): Remove the code specific to the SVG mask test.

  • Animometer/tests/master/resources/image-data.js:

(initialize): Remove unused local variable.

  • Animometer/tests/master/resources/multiply.js:

(initialize): Make the test harder by adding more total particles.

5:38 PM Changeset in webkit [197909] by Matt Baker
  • 14 edits
    1 move in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: use DataGridNode for TimelineView selection path components
https://bugs.webkit.org/show_bug.cgi?id=154954
<rdar://problem/24947939>

Reviewed by Timothy Hatcher.

This patch adds a new path component, TimelineDataGridNodePathComponent,
for creating a path component from the current grid selection. This is
needed since TimelineViews will no longer have an associated content tree
outline once the navigation sidebar is removed.

TimelineDataGridNode has new protected methods, "displayName" and
"iconClassNames", which are used to populate hierarchical path components,
create grid node data, and create cell content.

TimelineView subclasses share a certain amount of boilerplate code for
getting selection path components and handling path component selection.
In the future we may be able to reduce this code by introducing a new
DataGridTimelineView base class.

  • UserInterface/Main.html:

Added/removed files.

  • UserInterface/Views/LayoutTimelineDataGridNode.js:

(WebInspector.LayoutTimelineDataGridNode.prototype.get data):
(WebInspector.LayoutTimelineDataGridNode.prototype.createCellContent):
(WebInspector.LayoutTimelineDataGridNode):
(WebInspector.LayoutTimelineDataGridNode.prototype.get record): Deleted.
Moved to base class.

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView.prototype.get selectionPathComponents):
(WebInspector.LayoutTimelineView.prototype.dataGridNodePathComponentSelected):
(WebInspector.LayoutTimelineView.prototype.treeElementPathComponentSelected): Deleted.
TimelineView tree outlines are going away.

  • UserInterface/Views/MemoryTimelineView.js:

(WebInspector.MemoryTimelineView.prototype.treeElementPathComponentSelected): Deleted.
TimelineView tree outlines are going away.

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView.prototype.get selectionPathComponents):
(WebInspector.NetworkTimelineView.prototype.dataGridNodePathComponentSelected):
(WebInspector.NetworkTimelineView.prototype.treeElementPathComponentSelected): Deleted.
TimelineView tree outlines are going away.

  • UserInterface/Views/ProfileNodeDataGridNode.js:

(WebInspector.ProfileNodeDataGridNode.prototype.get data):
(WebInspector.ProfileNodeDataGridNode.prototype.createCellContent):
(WebInspector.ProfileNodeDataGridNode.prototype.displayName):
(WebInspector.ProfileNodeDataGridNode.prototype.iconClassNames):
(WebInspector.ProfileNodeDataGridNode):
(WebInspector.ProfileNodeDataGridNode.prototype._iconClassNameForProfileNode): Deleted.
(WebInspector.ProfileNodeDataGridNode.prototype._titleForProfileNode): Deleted.
Re-implemented as overrides of the base class methods "iconClassNames"
and "displayName".

  • UserInterface/Views/RenderingFrameTimelineDataGridNode.js:

(WebInspector.RenderingFrameTimelineDataGridNode.prototype.createCellContent):
(WebInspector.RenderingFrameTimelineDataGridNode):
(WebInspector.RenderingFrameTimelineDataGridNode.prototype.get record): Deleted.
Moved to base class.

  • UserInterface/Views/ResourceTimelineDataGridNode.js:

(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ResourceTimelineDataGridNode.prototype.displayName):
(WebInspector.ResourceTimelineDataGridNode.prototype.iconClassNames):
Override base class methods, making it possible to remove ResourceTimelineDataGridNodePathComponent,
and treat all TimelineDataGridNodes in a uniform manner.

(WebInspector.ResourceTimelineDataGridNode.prototype._createNameCellDocumentFragment):
Replace duplicated code with call to "displayName".

  • UserInterface/Views/ResourceTimelineDataGridNodePathComponent.js: Removed.

Replaced by more generic solution, TimelineDataGridNodePathComponent.

  • UserInterface/Views/ScriptDetailsTimelineView.js:

(WebInspector.ScriptDetailsTimelineView.prototype.get selectionPathComponents):
(WebInspector.ScriptDetailsTimelineView.prototype.dataGridNodePathComponentSelected):
(WebInspector.ScriptDetailsTimelineView.prototype.treeElementPathComponentSelected): Deleted.
TimelineView tree outlines are going away.

  • UserInterface/Views/ScriptTimelineDataGridNode.js:

(WebInspector.ScriptTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ScriptTimelineDataGridNode.prototype._createNameCellDocumentFragment):
Replace duplicated code with call to "displayName".

(WebInspector.ScriptTimelineDataGridNode):
(WebInspector.ScriptTimelineDataGridNode.prototype.get record): Deleted.
Moved to base class.

  • UserInterface/Views/SourceCodeTimelineTimelineDataGridNode.js:

(WebInspector.SourceCodeTimelineTimelineDataGridNode.prototype.createCellContent):
(WebInspector.SourceCodeTimelineTimelineDataGridNode.prototype._createNameCellContent):
Replace duplicated code with call to "displayName".

  • UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode.prototype.get record):
Implemented in terms of the "records" getter, since all subclasses simply returned the
node's first (or only) record.

(WebInspector.TimelineDataGridNode.prototype.displayName):
(WebInspector.TimelineDataGridNode.prototype.iconClassNames):
Base class implementations, using utility methods in TimelineTabContentView
to get display data based on the node's timeline record. Can be overridden
by nodes that either don't have a timeline record (ProfileNodeDataGridNode)

  • UserInterface/Views/TimelineDataGridNodePathComponent.js:

(WebInspector.TimelineDataGridNodePathComponent):
(WebInspector.TimelineDataGridNodePathComponent.prototype.get timelineDataGridNode):
(WebInspector.TimelineDataGridNodePathComponent.prototype.get previousSibling):
(WebInspector.TimelineDataGridNodePathComponent.prototype.get nextSibling):

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView):
(WebInspector.TimelineView.prototype.get selectionPathComponents):
Must be implemented by subclasses since not all TimelineViews use a DataGrid.

5:37 PM Changeset in webkit [197908] by jonlee@apple.com
  • 4 edits
    3 adds
    1 delete in trunk/PerformanceTests

Add text tests
https://bugs.webkit.org/show_bug.cgi?id=155257

Reviewed by Simon Fraser.

  • Animometer/resources/extensions.js:

(UnitBezier.Utilities.createClass): Add a class that computes Bezier points
assuming that two of the control points are at (0,0) and (1,1). Taken from
WebCore/platform/graphics/UnitBezier.h

  • Animometer/resources/runner/tests.js: Add a test for English text and one

for international text.

  • Animometer/tests/master/international.html: Added.
  • Animometer/tests/master/resources/text.js: Added. The test assumes there is

#template div which it will copy. The copies are placed behind the template, and
are set with different colors each frame. They are moved around with CSS transform.

  • Animometer/tests/master/text.html: Added.

Remove the other text tests, since these ones cover the same techniques.

  • Animometer/tests/text/layering-text.html: Removed.
  • Animometer/tests/text/resources/layering-text.js: Removed.
  • Animometer/tests/text/resources/text-boxes.js: Removed.
  • Animometer/tests/text/text-boxes.html: Removed.
  • Animometer/resources/debug-runner/tests.js:
5:35 PM Changeset in webkit [197907] by jonlee@apple.com
  • 5 edits
    15 adds in trunk/PerformanceTests

Add a new image test
https://bugs.webkit.org/show_bug.cgi?id=155232

Reviewed by Dean Jackson.
Provisionally reviewed by Said Abou-Hallawa.

The image test renders PNGs and moves them with translate and rotate
transforms. Each particle has a lifetime, and when the lifetime ends or
the particle goes offscreen, it resets itself somewhere on the stage.

  • Animometer/resources/debug-runner/tests.js: Remove the CSS bouncing PNG

images test, because this one tests the same technique.

  • Animometer/resources/runner/tests.js: Added here as "Leaves".
  • Animometer/tests/master/leaves.html: Added.
  • Animometer/tests/master/resources/particles.js: Refactor out the parts

specific to the DOM particles test. Consequently make velocity a public
member.
(initialize): The options parameter is never used, so remove it.
(animate): Remove unused local variable.

  • Animometer/tests/master/resources/leaves.js: Maintains a focal point that

moves back and forth across the canvas. That point affects the velocity
of the particles. When the focal point is on the leftmost side, it is
between [-6, -2], and set in reset(). When the focal point is on the rightmost
side, it will be from [2, 6].

  • Animometer/tests/master/resources/dom-particles.js: Move JS specific to

this test here from particles.js.

New images.

  • Animometer/tests/master/resources/compass100.png: Added.
  • Animometer/tests/master/resources/console100.png: Added.
  • Animometer/tests/master/resources/contribute100.png: Added.
  • Animometer/tests/master/resources/debugger100.png: Added.
  • Animometer/tests/master/resources/inspector100.png: Added.
  • Animometer/tests/master/resources/layout100.png: Added.
  • Animometer/tests/master/resources/performance100.png: Added.
  • Animometer/tests/master/resources/script100.png: Added.
  • Animometer/tests/master/resources/shortcuts100.png: Added.
  • Animometer/tests/master/resources/standards100.png: Added.
  • Animometer/tests/master/resources/storage100.png: Added.
  • Animometer/tests/master/resources/styles100.png: Added.
  • Animometer/tests/master/resources/timeline100.png: Added.
5:10 PM Changeset in webkit [197906] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Nodes in Computed Styles > Container Regions formatted incorrectly.
https://bugs.webkit.org/show_bug.cgi?id=155277
<rdar://problem/25072711>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DOMTreeDataGrid.js:

(WebInspector.DOMTreeDataGrid):
Enable icon column property.

  • UserInterface/Views/DOMTreeDataGridNode.js:

(WebInspector.DOMTreeDataGridNode):
Removed calls to unused methods.

(WebInspector.DOMTreeDataGridNode.prototype.createCellContent):
(WebInspector.DOMTreeDataGridNode.prototype._createNameCellDocumentFragment):
Simplified cell content creation.

(WebInspector.DOMTreeDataGridNode.prototype._updateNodeName): Deleted.
(WebInspector.DOMTreeDataGridNode.prototype._makeNameCell): Deleted.
Renamed _createNameCellDocumentFragment to be consistent with similar
methods in other data grid node classes.

(WebInspector.DOMTreeDataGridNode.prototype._updateNameCellData): Deleted.
No longer needed.

5:09 PM Changeset in webkit [197905] by dbates@webkit.org
  • 3 edits
    2 adds in trunk/Source/WebCore

[Win] Implement CryptoDigest
https://bugs.webkit.org/show_bug.cgi?id=155247
<rdar://problem/25065843>

Reviewed by Brent Fulgham.

Implement the CryptoDigest abstraction for Windows so that we can compute cryptographically
secure hashes. This will allow us to support Content Security Policy inline script and inline
stylesheet hashes on Windows.

  • PlatformWin.cmake: Add file CryptoDigestWin.cpp.
  • PlatformWinCairo.cmake: Ditto.
  • platform/crypto/win/CryptoDigestWin.cpp: Added.

(WebCore::CryptoDigest::CryptoDigest): Instantiate a CryptoDigestContext object.
(WebCore::CryptoDigest::~CryptoDigest): Destroy the cryptographic service provider and hash
object if non-null.
(WebCore::CryptoDigest::create): Acquire a handle to a cryptographic service provider (HCRYPTPROV)
and a handle to a hash object (HCRYPTHASH).
(WebCore::CryptoDigest::addBytes): Add the contents of the specified buffer to the hash object.
(WebCore::CryptoDigest::computeHash): Compute and return a Vector of bytes that represent the digest.

5:02 PM Changeset in webkit [197904] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Build fix after r196870.

  • public/include/report-processor.php:
5:00 PM Changeset in webkit [197903] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

Add Size metric to perf dashboard
https://bugs.webkit.org/show_bug.cgi?id=155266

Reviewed by Chris Dumez.

Added the "Size" metric and use bytes as its unit.

  • public/js/helper-classes.js:

(PerfTestRuns):

  • public/v2/data.js:

(RunsData.unitFromMetricName):

4:56 PM Changeset in webkit [197902] by ddkilzer@apple.com
  • 10 edits in trunk/Source

REGRESSION (r197149): Missing availability checks when soft-linking DataDetectors.framework
<http://webkit.org/b/155258>

Reviewed by Andy Estes.

Source/WebCore:

  • page/mac/ServicesOverlayController.mm:

(WebCore::ServicesOverlayController::Highlight::setDDHighlight):
(WebCore::ServicesOverlayController::Highlight::paintContents):
(WebCore::ServicesOverlayController::mouseIsOverHighlight):

  • Add check that returns early if DataDetectors.framework is not available.
  • platform/spi/mac/DataDetectorsSPI.h:
  • Mark Objective-C classses as optional.

Source/WebKit/mac:

  • WebView/WebImmediateActionController.mm:

(-[WebImmediateActionController _clearImmediateActionState]):
(-[WebImmediateActionController immediateActionRecognizerWillBeginAnimation:]):
(-[WebImmediateActionController _animationControllerForDataDetectedText]):
(-[WebImmediateActionController _animationControllerForDataDetectedLink]):

  • Add check that returns early if DataDetectors.framework is not available.

Source/WebKit2:

  • Platform/mac/MenuUtilities.mm:

(WebKit::menuItemForTelephoneNumber):
(WebKit::menuForTelephoneNumber):

  • Add check that returns early if DataDetectors.framework is not available.
  • Shared/mac/WebHitTestResultData.mm:

(WebKit::WebHitTestResultData::platformDecode):

  • Add Debug assertion. The soft-linked code should never be called if there was no actionContext passed in.
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::dismissContentRelativeChildWindowsFromViewOnly):

  • Protect calls to DDActionsManager with availability check.
  • UIProcess/mac/WKImmediateActionController.mm:

(-[WKImmediateActionController _clearImmediateActionState]):
(-[WKImmediateActionController immediateActionRecognizerWillBeginAnimation:]):

  • Protect calls to DDActionsManager with availability check.

(-[WKImmediateActionController _animationControllerForDataDetectedText]):
(-[WKImmediateActionController _animationControllerForDataDetectedLink]):

  • Add check that returns early if DataDetectors.framework is not available.
4:45 PM Changeset in webkit [197901] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Add state dumping facility
https://bugs.webkit.org/show_bug.cgi?id=154930
<rdar://problem/24939135>

Patch by Keith Rollin <Keith Rollin> on 2016-03-09
Reviewed by Anders Carlsson.

Source/WebKit2:

Collect the times at which pages are loaded. Dump them when an OS
state dump is triggered.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didCommitLoad):

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::lastPageLoadTime):

  • WebProcess/WebProcess.h:
  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::registerWithStateDumper):
(WebKit::WebProcess::platformInitializeProcess):

Source/WTF:

Add an OS_STATE flag to control the inclusion of process state dumping
functionality.

  • wtf/Platform.h:
4:40 PM Changeset in webkit [197900] by jmarcell@apple.com
  • 2 edits in trunk/Tools

Removing reference to Dashboard.Repository.Internal.trac from open source unit tests.
https://bugs.webkit.org/show_bug.cgi?id=155274

Reviewed by Alexey Proskuryakov.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js:

(setup): Deleted. In bug 154180 we removed Dashboard.Repository.Internal which was causing an
error in the unit tests.

4:36 PM Changeset in webkit [197899] by sbarati@apple.com
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

Array.isArray support for Proxy
https://bugs.webkit.org/show_bug.cgi?id=155179

Reviewed by Mark Lam.

This patch implements Array.isArray to be compliant
with the ES6 spec. Specifically, it needs to interface
properly with Proxy arguments.
https://tc39.github.io/ecma262/#sec-isarray

  • runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::getCallData):
(JSC::arrayConstructorIsArray):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):

  • runtime/ArrayPrototype.cpp:

(JSC::speciesConstructArray):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::revoke):
(JSC::ProxyObject::isRevoked):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::target):
(JSC::ProxyObject::handler):

  • tests/es6.yaml:
  • tests/stress/proxy-is-array.js: Added.

(assert):
(test):

4:22 PM Changeset in webkit [197898] by jer.noble@apple.com
  • 7 edits
    14 adds in trunk

Add heuristic for "main content" videos which override user gesture requirements
https://bugs.webkit.org/show_bug.cgi?id=155224

Reviewed by Eric Carlson.

Source/WebCore:

Tests: media/video-main-content-allow-then-deny.html

media/video-main-content-allow.html
media/video-main-content-deny-display-none.html
media/video-main-content-deny-not-in-dom.html
media/video-main-content-deny-not-visible.html
media/video-main-content-deny-obscured.html
media/video-main-content-deny-too-small.html

Add a new behavior "restriction" to MediaElementSession that allows media elements
to optionally overriding their own user gesture requirements if the session determines
that the media element is the page's "main content".

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::didAttachRenderers):
(WebCore::HTMLMediaElement::updateShouldPlay):

  • html/HTMLMediaElement.h:
  • html/MediaElementSession.cpp:

(WebCore::restrictionName):
(WebCore::MediaElementSession::MediaElementSession):
(WebCore::MediaElementSession::addBehaviorRestriction):
(WebCore::MediaElementSession::playbackPermitted):
(WebCore::MediaElementSession::dataLoadingPermitted):
(WebCore::isMainContent):
(WebCore::MediaElementSession::mainContentCheckTimerFired):
(WebCore::MediaElementSession::updateIsMainContent):

  • html/MediaElementSession.h:
  • testing/Internals.cpp:

(WebCore::Internals::setMediaElementRestrictions):

LayoutTests:

  • media/video-main-content-allow-expected.txt: Added.
  • media/video-main-content-allow-then-deny-expected.txt: Added.
  • media/video-main-content-allow-then-deny.html: Added.
  • media/video-main-content-allow.html: Added.
  • media/video-main-content-deny-display-none-expected.txt: Added.
  • media/video-main-content-deny-display-none.html: Added.
  • media/video-main-content-deny-not-in-dom-expected.txt: Added.
  • media/video-main-content-deny-not-in-dom.html: Added.
  • media/video-main-content-deny-not-visible-expected.txt: Added.
  • media/video-main-content-deny-not-visible.html: Added.
  • media/video-main-content-deny-obscured-expected.txt: Added.
  • media/video-main-content-deny-obscured.html: Added.
  • media/video-main-content-deny-too-small-expected.txt: Added.
  • media/video-main-content-deny-too-small.html: Added.
4:14 PM Changeset in webkit [197897] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Added missing #if(SOUP) after r197591.
https://bugs.webkit.org/show_bug.cgi?id=155259

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-09
Reviewed by Alex Christensen.

No new tests needed.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
4:03 PM Changeset in webkit [197896] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

_WKWebsiteDataSize.h should be an SPI header.

Rubber-stamped by Tim Horton.

  • WebKit2.xcodeproj/project.pbxproj:
3:57 PM Changeset in webkit [197895] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Fix the ARM64 MacroAssembler after r197816
https://bugs.webkit.org/show_bug.cgi?id=155268

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-09
Reviewed by Mark Lam.

The patch tries to generate instructions that do not exist,
causing quite fun stuff at runtime.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store16):
(JSC::MacroAssemblerARM64::store8):

3:47 PM Changeset in webkit [197894] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping js/regress/getter-richards-try-catch.html on ios-simulator debug
https://bugs.webkit.org/show_bug.cgi?id=155271

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
3:36 PM Changeset in webkit [197893] by adachan@apple.com
  • 3 edits in trunk/Source/WebCore

Add a getter for WebVideoFullscreenInterfaceObjC and update its rate property
https://bugs.webkit.org/show_bug.cgi?id=155239

Reviewed by Eric Carlson.

  • platform/mac/WebVideoFullscreenInterfaceMac.h:

Move the stub implementation of setVideoDimensions() to the mm file.
Declare a getter to WebVideoFullscreenInterfaceMacObjC.

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(WebCore::WebVideoFullscreenInterfaceMac::setRate):
Also update the rate property of WebVideoFullscreenInterfaceMacObjC.
(WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
Stub implementation of setVideoDimensions() has been moved to here.

3:33 PM Changeset in webkit [197892] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix Mac build without video enabled after r197633.

  • bindings/objc/DOM.mm:
3:07 PM Changeset in webkit [197891] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

use ulimit command to check process limit in webkitpy
https://bugs.webkit.org/show_bug.cgi?id=155260

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.default_child_processes): Use ulimit command output instead of
launchctl limit maxproc command.

3:02 PM Changeset in webkit [197890] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip two flaky tests on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=155196

Unreviewed test gardening.

media/video-with-blob-url-allowed-by-csp-media-src-star.html and media/video-with-data-url-allowed-by-csp-media-src-star.html
are flaky on mac-wk1. Skipping to get bots to green during investigation.

  • platform/mac-wk1/TestExpectations:
3:00 PM Changeset in webkit [197889] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

Handling 'allowUniversalAccessFromFileURLs' on WKWebViewConfiguration causes test breakage
https://bugs.webkit.org/show_bug.cgi?id=155265

Unreviewed work-around to allow testing to continue.

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration init]): Workaround build break.

2:34 PM Changeset in webkit [197888] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r197873.
https://bugs.webkit.org/show_bug.cgi?id=155262

"Crashes some JSC tests" (Requested by mlam on #webkit).

Reverted changeset:

"Add dumping of function expression names in CodeBlock
bytecode dump."
https://bugs.webkit.org/show_bug.cgi?id=155248
http://trac.webkit.org/changeset/197873

2:29 PM Changeset in webkit [197887] by rniwa@webkit.org
  • 16 edits
    1 copy
    2 moves
    1 add in trunk

Rename Node.treeRoot to rootNode and turn it on by default
https://bugs.webkit.org/show_bug.cgi?id=155226

Reviewed by Antonio Gomes.
Source/WebCore:

Node.prototype.treeRoot has been merged into DOM spec from Shadow DOM spec and renamed to rootNode:
https://dom.spec.whatwg.org/#dom-node-rootnode

Rename the method and expose it unconditionally on Node.prototype.

Tests: fast/dom/Node/rootNode.html

fast/shadow-dom/Node-interface-rootNode.html

  • dom/ContainerNode.h:

(WebCore::Node::highestAncestor): Deleted. There is no need for this function to be inlined.

  • dom/Document.h: Now that both TreeScope and Node defines rootNode, we need to pick either.

Here, we pick TreeScope's definition since Document is by definition always in a document so there is
no need to even check inTreeScope().

  • dom/Node.cpp:

(WebCore::Node::rootNode): Moved here. Also added a fast path for when "this" node is in a document
or a shadow root since TreeScope stores its root node as a member variable (m_rootNode).

  • dom/Node.h:
  • dom/Node.idl: Renamed the method and removed Conditional=SHADOW_DOM.
  • dom/ShadowRoot.h: Similar to the change in Document.h. See above.
  • editing/Editor.cpp:

(WebCore::correctSpellcheckingPreservingTextCheckingParagraph): Use rootNode instead of free function
defined in htmlediting.cpp, which was removed in this patch.

  • editing/htmlediting.cpp:

(WebCore::highestAncestor): Deleted.

  • editing/htmlediting.h:
  • html/FormAssociatedElement.cpp:

(WebCore::computeRootNode): Added.
(WebCore::FormAssociatedElement::removedFrom): We can't use Node::rootNode here because this function
is called in the middle of removing a subtree, and some associated form element's inDocument flag may
not have been updated yet. So use computeRootNode to manually find the highest ancestor.
(WebCore::FormAssociatedElement::formRemovedFromTree): Ditto.

  • xml/XPathPath.cpp:

(WebCore::XPath::LocationPath::evaluate):

LayoutTests:


Split Node-interface-treeRoot.html into two pieces, the one that doesn't invoke shadow DOM and the other that tests
shadow DOM related cases. I intend to upstream these tests to W3C at some point so keep them in testharness.js form.

  • fast/dom/Node/rootNode-expected.txt: Added.
  • fast/dom/Node/rootNode.html: Copied from LayoutTests/fast/shadow-dom/Node-interface-treeRoot.html.
  • fast/shadow-dom/Node-interface-rootNode-expected.txt: Renamed from Node-interface-treeRoot-expected.txt.
  • fast/shadow-dom/Node-interface-rootNode.html: Renamed from LayoutTests/fast/shadow-dom/Node-interface-treeRoot.html.
  • js/dom/dom-static-property-for-in-iteration-expected.txt:
  • platform/efl/js/dom/dom-static-property-for-in-iteration-expected.txt:
  • platform/gtk/js/dom/dom-static-property-for-in-iteration-expected.txt:
1:50 PM Changeset in webkit [197886] by commit-queue@webkit.org
  • 4 edits in trunk

[cmake] Fixed All-in-One build.
https://bugs.webkit.org/show_bug.cgi?id=155241

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-09
Reviewed by Csaba Osztrogonác.

.:

  • Source/cmake/WebKitMacros.cmake: Last item of WebCore_SOURCES was

not removed in PROCESS_ALLINONE_FILE.

Source/WebCore:

No new tests needed.

  • bindings/js/JSBindingsAllInOne.cpp: Should not include generated

file.

1:49 PM Changeset in webkit [197885] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit2

Fix use-after-free when cancelling synchronous XHR when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155253

Reviewed by Brady Eidson.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::continueWillSendRequest):
Store the completion handler on the stack before calling didFail, which deletes the
NetworkLoad, so we don't access m_redirectCompletionHandler after deleting the NetworkLoad.

1:48 PM Changeset in webkit [197884] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

Unreviewed, rebaseline bindings tests after r197874.

  • bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::JSattribute::getOwnPropertySlot):

  • bindings/scripts/test/JS/JSattribute.h:
1:44 PM Changeset in webkit [197883] by ap@apple.com
  • 5 edits in trunk/Tools

Stop building armv7 on iOS device builders
https://bugs.webkit.org/show_bug.cgi?id=155246

Reviewed by David Kilzer.

  • BuildSlaveSupport/build.webkit.org-config/config.json: Building both armv7 and

armv7s makes the bots unnecessarily slow. We can catch super rare v7-only regressions
elsewhere.

  • Scripts/webkitpy/common/config/ews.json: Changed EWS to match, as we always want

EWS configuration to be verified by buildbot queues.

  • Scripts/webkitdirs.pm:
  • Scripts/webkitpy/port/ios.py:

Changed default to arm64. I think that the default is probably not used in any
practical scenarios, but it's nice to make it more sensible.

1:31 PM Changeset in webkit [197882] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

Unreviewed, rolling out r197698.
https://bugs.webkit.org/show_bug.cgi?id=155252

Caused assertions, and wasn't reviewed by a WK2 owner
(Requested by andersca on #webkit).

Reverted changeset:

"Last opened tab does not receive
SetHiddenPageTimerThrottlingIncreaseLimit message"
https://bugs.webkit.org/show_bug.cgi?id=155126
http://trac.webkit.org/changeset/197698

1:30 PM Changeset in webkit [197881] by Conrad Shultz
  • 2 edits in trunk/Source/WebKit2

WebsiteDataStore::Configuration::legacyWebsiteDataStoreConfiguration() should respect the passed-in configuration
https://bugs.webkit.org/show_bug.cgi?id=155250

Reviewed by Anders Carlsson.

Note that the legacy directories are already set by default in ProcessPoolConfiguration::createWithLegacyOptions(),
which is also where the shouldHaveLegacyDataStore flag, which will cause this code path to be reached, is set.

  • UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration):
Use the passed-in configuration to set the application cache, network cache, and media keys storage directories.

1:30 PM Changeset in webkit [197880] by Jon Davis
  • 2 edits in trunk/Websites/webkit.org

For RSS feeds, convert image and link relative URIs to absolute URIs
https://bugs.webkit.org/show_bug.cgi?id=155237

Reviewed by Timothy Hatcher.

  • wp-content/themes/webkit/functions.php:
1:22 PM Changeset in webkit [197879] by Chris Dumez
  • 8 edits in trunk/Source/WebKit2

Speculative disk cache resource revalidations are sometimes wasted
https://bugs.webkit.org/show_bug.cgi?id=155187
<rdar://problem/25032905>

Reviewed by Antti Koivisto.

Speculative disk cache resource revalidations were sometimes wasted.

We would sometimes correctly revalidate a resource but the
NetworkResourceLoader then either:

  1. Fail to reuse the speculatively validated entry
  2. Reuse the speculatively validated entry but then validate it again

Bug 1 was caused by the revalidated entry key sometimes being
different from the cached entry key. This could happen when
revalidation fails (the server did not send back a 304) in
which case we call NetworkCache::store() which creates a new
cache Entry, generating a cache key from our revalidation
request. If the original request has a cache partition or a
range, then the keys would not match because we did not set
the cache partition or the range on the revalidation request.
This has been addressed by setting the cache partition on the
revalidation request in constructRevalidationRequest() and by
not doing revalidation if the original request had a 'range'
header.

Bug 2 was caused by us marking a speculatively revalidated entry
as "not needing revalidating" only in Cache::update(). Cache::update()
is only called in the case the revalidation was successful (server
returned a 304). If revalidation was not successful, Cache::store()
would be called instead was we would fail to update the
needsRevalidation flag. NetworkResourceLoader would then validate
again the resource that was already speculatively revalidated.
To address the problem, we now update the 'needsRevalidation' flag
as soon as the speculative revalidation completes, in
SpeculativeLoad::didComplete().

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::makeCacheKey):
(WebKit::NetworkCache::Cache::update):

  • NetworkProcess/cache/NetworkCacheEntry.cpp:

(WebKit::NetworkCache::Entry::setNeedsValidation):

  • NetworkProcess/cache/NetworkCacheEntry.h:
  • NetworkProcess/cache/NetworkCacheKey.cpp:

(WebKit::NetworkCache::noPartitionString):
(WebKit::NetworkCache::Key::Key):
(WebKit::NetworkCache::Key::hasPartition):

  • NetworkProcess/cache/NetworkCacheKey.h:
  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::didComplete):

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):

1:15 PM Changeset in webkit [197878] by oliver@apple.com
  • 4 edits in trunk/Source

Fix old iOS

1:13 PM Changeset in webkit [197877] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Remove unnecessary constructor
https://bugs.webkit.org/show_bug.cgi?id=155249

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-09
Reviewed by Timothy Hatcher.

  • UserInterface/Views/ScriptTimelineDataGrid.js:

(WebInspector.ScriptTimelineDataGrid):

1:09 PM Changeset in webkit [197876] by oliver@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Wincairo buildfix
https://bugs.webkit.org/show_bug.cgi?id=155245

Reviewed by Mark Lam.

Fix up exports for a few symbols

  • jit/ExecutableAllocator.h:
  • jit/ExecutableAllocatorFixedVMPool.cpp:
12:55 PM Changeset in webkit [197875] by Chris Dumez
  • 7 edits in trunk

focus() / blur() should be on HTMLElement / SVGElement, not Element
https://bugs.webkit.org/show_bug.cgi?id=155216

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

focus() / blur() should be on HTMLElement / SVGElement, not Element:

Chrome and Firefox match the specification.

Note that after this change, focus() / blur() is no longer exposed
on MathMLElement. This matches the MathML specification and is
consistent with Firefox and Chrome.

  • dom/Element.idl:
  • html/HTMLElement.idl:
  • svg/SVGElement.idl:
12:37 PM Changeset in webkit [197874] by Chris Dumez
  • 5 edits in trunk

Move attributes to the instance for most interfaces that have "Error" in their name
https://bugs.webkit.org/show_bug.cgi?id=155231

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Our bindings generator was keeping attributes on the instances for
interfaces having "Error" or "Exception" in their name. The reason is
that interfaces that have "Error" in their prototype would not behave
correctly otherwise because "Error" incorrectly has its attributes on
the instance at the moment. However, in our bindings generator, the
condition to decide if an interface's prototype should be "Error" is
if $interface->isException. Therefore, we should use the same condition
to decide if we should keep attributes on the instance until "Error"
is updated to have its attributes on the prototype. Doing this for any
interface having "Error" or "Exception" in their name is overkill.

No new tests, already covered by existing test.

  • bindings/scripts/CodeGeneratorJS.pm:

(InterfaceRequiresAttributesOnInstance):

12:36 PM Changeset in webkit [197873] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Add dumping of function expression names in CodeBlock bytecode dump.
https://bugs.webkit.org/show_bug.cgi?id=155248

Reviewed by Filip Pizlo.

Because ...
[ 19] new_func_exp loc5, loc3, f0:foo

... is more informative than
[ 19] new_func_exp loc5, loc3, f0

Anonymous functions will be dumped as <anon>.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpFunctionExpr):
(JSC::CodeBlock::dumpBytecode):

  • bytecode/CodeBlock.h:
12:36 PM Changeset in webkit [197872] by ap@apple.com
  • 2 edits in trunk/Tools

Add iOS Simulator EWS to bot watcher's dashboard
https://bugs.webkit.org/show_bug.cgi?id=155220

Reviewed by Lucas Forschler.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueServer.js:
12:25 PM Changeset in webkit [197871] by dbates@webkit.org
  • 3 edits
    1 copy
    1 add
    1 delete in trunk/Source/WebCore

Rename WebCore/platform/crypto/mac/CryptoDigestMac.cpp to WebCore/platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp
https://bugs.webkit.org/show_bug.cgi?id=155244

Reviewed by Alexey Proskuryakov.

The file WebCore/platform/crypto/mac/CryptoDigestMac.cpp is applicable to both iOS and OS X.
We should move and rename this file to reflect that is applicable to both of these platforms.

  • PlatformMac.cmake:
  • WebCore.xcodeproj/project.pbxproj:
  • platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp: Renamed from Source/WebCore/platform/crypto/mac/CryptoDigestMac.cpp.
12:22 PM Changeset in webkit [197870] by Brent Fulgham
  • 8 edits in trunk

Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
https://bugs.webkit.org/show_bug.cgi?id=155185
Source/WebKit2:

Reviewed by Anders Carlsson.
<rdar://problem/11101440>

Tested by TestWebKitAPI tests IndexedDB.IndexedDBMultiProcess and IndexedDB.IndexedDBPersistence.

Allow Cocoa WKWebViewConfiguration access to the 'allowUniversalAccessFromFileURLs' setting.

  • UIProcess/API/Cocoa/WKWebView.mm:

(- [WKWebView _initializeWithConfiguration]): Set 'allowUniversalAccessFromFileURLsKey' in
page configuration.

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration _allowUniversalAccessFromFileURLs]): Added,
(-[WKWebViewConfiguration _setAllowUniversalAccessFromFileURLs:]): Added.

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:

Tools:

<rdar://problem/11101440>

Reviewed by Anders Carlsson.

  • TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp:

(TestWebKitAPI::TEST): Allow local file accesss to run test.

  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:

(TEST): Ditto.

  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm:

(TEST): Ditto.

12:11 PM Changeset in webkit [197869] by msaboff@apple.com
  • 23 edits
    3 adds in trunk

[ES6] Implement RegExp sticky flag and related functionality
https://bugs.webkit.org/show_bug.cgi?id=155177

Reviewed by Saam Barati.

Source/JavaScriptCore:

Implemented the ES6 RegExp sticky functionality.

There are two main behavior changes when the sticky flag is specified.
1) Matching starts at lastIndex and lastIndex is updated after the match.
2) The regular expression is only matched from the start position in the string.
See ES6 section 21.2.5.2.2 for details.

Changed both the Yarr interpreter and jit to not loop to the next character for sticky RegExp's.
Updated RegExp exec and match, and stringProtoFuncMatch to handle lastIndex changes.

Restructured the way flags are passed to and through YarrPatterns to use RegExpFlags instead of
individual bools.

Updated tests for 'y' flag and new behavior.

  • bytecode/CodeBlock.cpp:

(JSC::regexpToSourceString):

  • inspector/ContentSearchUtilities.cpp:

(Inspector::ContentSearchUtilities::findMagicComment):

  • runtime/CommonIdentifiers.h:
  • runtime/RegExp.cpp:

(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):

  • runtime/RegExp.h:
  • runtime/RegExpKey.h:
  • runtime/RegExpObjectInlines.h:

(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncCompile):
(JSC::flagsString):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

  • tests/es6.yaml:
  • tests/stress/static-getter-in-names.js:

(shouldBe):

  • yarr/RegularExpression.cpp:

(JSC::Yarr::RegularExpression::Private::compile):

  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::tryConsumeBackReference):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
(JSC::Yarr::Interpreter::matchAssertionWordBoundary):
(JSC::Yarr::Interpreter::matchDotStarEnclosure):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):

  • yarr/YarrInterpreter.h:

(JSC::Yarr::BytecodePattern::BytecodePattern):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::ignoreCase):
(JSC::Yarr::BytecodePattern::multiline):
(JSC::Yarr::BytecodePattern::sticky):
(JSC::Yarr::BytecodePattern::unicode):

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generateAssertionBOL):
(JSC::Yarr::YarrGenerator::generateAssertionEOL):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
(JSC::Yarr::YarrGenerator::backtrack):

  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPatternConstructor::optimizeBOL):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):

  • yarr/YarrPattern.h:

(JSC::Yarr::YarrPattern::reset):
(JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
(JSC::Yarr::YarrPattern::ignoreCase):
(JSC::Yarr::YarrPattern::multiline):
(JSC::Yarr::YarrPattern::sticky):
(JSC::Yarr::YarrPattern::unicode):

LayoutTests:

New and updated tests.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/regexp-flags-expected.txt:
  • js/regexp-sticky-expected.txt: Added.
  • js/regexp-sticky.html: Added.
  • js/script-tests/Object-getOwnPropertyNames.js:
  • js/script-tests/regexp-flags.js:

(RegExp.prototype.hasOwnProperty): Deleted check for sticky property.

  • js/script-tests/regexp-sticky.js: New test.

(asString):
(testStickyExec):
(testStickyMatch):

11:56 AM Changeset in webkit [197868] by timothy_horton@apple.com
  • 5 edits in trunk

Removing and re-adding a script message handler with the same name results in an unusable message handler
https://bugs.webkit.org/show_bug.cgi?id=155223

Reviewed by Sam Weinig.
Source/WebCore:

New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

  • page/UserMessageHandler.h:

(WebCore::UserMessageHandler::descriptor):

  • page/UserMessageHandlersNamespace.cpp:

(WebCore::UserMessageHandlersNamespace::handler):
This lazy removal mechanism combined with the fact that we only compare
handler name and world makes it such that m_messageHandlers could have
a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
only in client.

It is safe to compare the descriptors by pointer instead because m_messageHandler
holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
that the add-remove-add path (with identical name and world) causes a new
UserContentController to be created.

We also now clean up any stale UserMessageHandlers whenever we're about to
add a new one, by removing any which the UserContentController no longer knows about.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

(TEST):
Add a test ensuring that it is possible to remove and re-add a script message handler
with the same name and still dispatch messages to it.

11:36 AM Changeset in webkit [197867] by mark.lam@apple.com
  • 11 edits in trunk

FunctionExecutable::ecmaName() should not be based on inferredName().
https://bugs.webkit.org/show_bug.cgi?id=155203

Reviewed by Michael Saboff.

Source/JavaScriptCore:

The ES6 rules for how a function name should be inferred closely matches JSC's
implementation with one exception:

var o = {}
o.foo = function() {}

JSC's inferredName for o.foo would be "foo".
ES6 specifies that o.foo.name is "".

The fix is to add a distinct FunctionExecutable::ecmaName() which applies the ES6
rules for inferring the initial value of Function.name.

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedFunctionExecutable.h:
  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::makeAssignNode):

  • parser/Nodes.h:
  • runtime/Executable.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::reifyName):

  • tests/es6.yaml:

LayoutTests:

  • js/script-tests/function-toString-vs-name.js:
  • Fixed up object property test section and added new test cases.
  • platform/mac/http/tests/media/media-source/mediasource-sourcebuffer-mode-expected.txt:
11:29 AM Changeset in webkit [197866] by enrica@apple.com
  • 10 edits in trunk/Source/WebKit2

Add two finger tap on links.
https://bugs.webkit.org/show_bug.cgi?id=155205
rdar://problem/22937516

Reviewed by Sam Weinig.

Adds two finger tap gesture recognizer. When performed
on a link, it calls the delegate.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView setupInteraction]):
(-[WKContentView cleanupInteraction]):
(-[WKContentView _removeDefaultGestureRecognizers]):
(-[WKContentView _addDefaultGestureRecognizers]):
(-[WKContentView _twoFingerSingleTapGestureRecognized:]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleTwoFingerTapAtPoint):

11:04 AM Changeset in webkit [197865] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

Always call NSURLSession completion handlers
https://bugs.webkit.org/show_bug.cgi?id=155137

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-09
Reviewed by Darin Adler.

There are some edge cases which should not be hit, but if they are they would cause the
network process to hang and network resources to be leaked. This can be avoided.
There are also a few release asserts that do not need to crash release builds.

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::didReceiveChallenge):
(WebKit::NetworkDataTask::didCompleteWithError):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::didReceiveData):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::scheduleFailure):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

10:45 AM Changeset in webkit [197864] by Chris Dumez
  • 8 edits
    2 adds in trunk

Align HTMLKeygenElement.keytype with the specification
https://bugs.webkit.org/show_bug.cgi?id=155214

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Align HTMLKeygenElement.keytype with the specification:

In particular, the following changes were made:

  1. Return "rsa" by default (i.e. when the corresponding content attribute is missing)
  2. Only return known values

Test: fast/dom/HTMLKeygenElement/keygen-keytype.html

  • html/HTMLKeygenElement.cpp:

(WebCore::HTMLKeygenElement::setKeytype):
(WebCore::HTMLKeygenElement::keytype):
(WebCore::HTMLKeygenElement::appendFormData):

  • html/HTMLKeygenElement.h:
  • html/HTMLKeygenElement.idl:

LayoutTests:

Add test coverage for HTMLKeygenElement.keytype.

  • fast/dom/HTMLKeygenElement/keygen-keytype-expected.txt: Added.
  • fast/dom/HTMLKeygenElement/keygen-keytype.html: Added.
10:26 AM Changeset in webkit [197863] by Philippe Normand
  • 5 edits in trunk/Source/WebCore

[GStreamer] Fix MediaPlayerPrivate conflicts
https://bugs.webkit.org/show_bug.cgi?id=155236

Reviewed by Martin Robinson.

In some cases the mediastream player would be used to play
non-mediastream videos or MSE streams. The OWR player should be
used only for mediastreams and the MediaPlayerPrivateGStreamer
player should be used only for normal <video> elements and
MediaSource support.

This patch intends to fix the massive tests timeouts currently
happening on the GTK bots after r197752.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::supportsType): Bail out if
the type checked represents a mediastream.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

Prevent signal disconnection on possible NULL GObjects.
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:

(WebCore::MediaPlayerPrivateGStreamerOwr::MediaPlayerPrivateGStreamerOwr):
Simplify constructor to the bare minimum.
(WebCore::MediaPlayerPrivateGStreamerOwr::load): Create sinks only
if needed from the load method.
(WebCore::MediaPlayerPrivateGStreamerOwr::getSupportedTypes):
Initialize the type cache to an empty static hashset.
(WebCore::MediaPlayerPrivateGStreamerOwr::supportsType): This
player does support mediastreams and nothing else.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:
10:10 AM Changeset in webkit [197862] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Harden JSC Root element functions from bad values
https://bugs.webkit.org/show_bug.cgi?id=155234

Reviewed by Saam Barati.

Changed jsCast() to jsDynamicCast() in Root related function to protect against being
called with non-Root arguments.

  • jsc.cpp:

(functionCreateElement):
(functionGetElement):
(functionSetElementRoot):

9:51 AM Changeset in webkit [197861] by benjamin@webkit.org
  • 18 edits in trunk/Source/JavaScriptCore

[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
https://bugs.webkit.org/show_bug.cgi?id=155217

Reviewed by Filip Pizlo.

This patch addresses 2 types of problems with tiering up to FTL
with OSR Entry in a loop:
-When there are nested loops, it is generally valuable to enter

an outer loop rather than an inner loop.

-When tiering up at a point that cannot OSR Enter, we are at

the mercy of the outer loop frequency to compile the right
entry point.

The first case is significant in the test "gaussian-blur".
That test has 4 nested loops. When we have an OSR Entry,
the analysis phases have to be pesimistic where we enter:
we do not really know what constraint can be proven from
the DFG code that was running.

In "gaussian-blur", integer-range analysis removes pretty
much all overflow checks in the inner loops of where we entered.
The more outside we enter, the better code we generate.

Since we spend the most iterations in the inner loop, we naturally
tend to OSR Enter into the 2 most inner loops, making the most
pessimistic assumptions.

To avoid such problems, I changed how we decide where to OSR Enter.
Previously, the last CheckTierUpAndOSREnter to cross the threshold
was where we take the entry point for FTL.

What happens now is that the entry point is not decied when
compiling the CheckTierUp variants. Instead, all the information
we need is gathered during compilation and keept on the JITCode
to be used at runtime.

When we try to tier up and decide to OSR Enter, we use the information
we have to pick a good outer loop for OSR Entry.

Now the problem is outer loop do not CheckTierUpAndOSREnter often,
wasting several miliseconds before entering the newly compiled FTL code.

To solve that, every CheckTierUpAndOSREnter has its own trigger that
bypass the counter. When the FTL Code is compiled, the trigger is set
and we enter through the right CheckTierUpAndOSREnter immediately.

---

This new mechanism also solves a problem of ai-astar.
When we try to tier up in ai-astar, we had nothing to compile until
the outer loop is reached.

To make sure we reached the CheckTierUpAndOSREnter in a reasonable time,
we had CheckTierUpWithNestedTriggerAndOSREnter with a special trigger.

With the new mechanism, we can do much better:
-When we keep hitting CheckTierUpInLoop, we now have all the information

we need to already start compiling the outer loop.
Instead of waiting for the outer loop to be reached a few times, we compile
it as soon as the inner loop is hammering CheckTierUpInLoop.

-With the new triggers, the very next time we hit the outer loop, we OSR Enter.

This allow us to compile what we need sooner and enter sooner.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize): Deleted.

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC): Deleted.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode): Deleted.

  • dfg/DFGJITCode.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::compileEntryExecutionFlag):

  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPlan.h:

(JSC::DFG::Plan::canTierUpAndOSREnter):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate): Deleted.

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile): Deleted.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::TierUpCheckInjectionPhase::buildNaturalLoopToLoopHintMap):
(JSC::DFG::TierUpCheckInjectionPhase::findLoopsContainingLoopHintWithoutOSREnter): Deleted.

  • dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:

(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::Ref<ToFTLForOSREntryDeferredCompilationCallback>ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):

  • dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h:
9:44 AM Changeset in webkit [197860] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Cleaning up TestExpectations files to remove deleted tests and duplicate entries for ios-simulator.

Unreviewed test gardening.

9:25 AM Changeset in webkit [197859] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping fast/events/max-tabindex-focus.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155233

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
9:06 AM Changeset in webkit [197858] by Brent Fulgham
  • 3 edits
    3 adds in trunk

Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

  • storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
  • storage/domstorage/localstorage/blocked-file-access.html: Added.
  • storage/domstorage/localstorage/resources/blocked-example.html: Added.
6:26 AM Changeset in webkit [197857] by Manuel Rego Casasnovas
  • 4 edits
    4 adds in trunk

[css-grid] Allow to place positioned grid items on the padding
https://bugs.webkit.org/show_bug.cgi?id=155199

Reviewed by Sergio Villar Senin.

Source/WebCore:

According to the following discussion on the CSS WG mailing list,
we should be able to place positioned grid items on the padding directly:
https://lists.w3.org/Archives/Public/www-style/2015Nov/0070.html

This means that a positioned grid item can be placed on the padding itself.
The "auto" value resolves to the padding edges (0th and -0th lines).
So if a positioned item is placed with: grid-column: auto / 1;
it'd be placed on the padding, from line 0th to 1st line.

On top of that, we've to detect properly the first and last explicit
grid lines during the layout of positioned grid items.
We have to consider that the grid can have implicit tracks created
previously by regular grid items.

Tests: fast/css-grid-layout/grid-positioned-items-padding.html

fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

Add new tests and updated results in a current one.

  • fast/css-grid-layout/grid-positioned-items-implicit-grid.html:
  • fast/css-grid-layout/grid-positioned-items-padding-expected.txt: Added.
  • fast/css-grid-layout/grid-positioned-items-padding.html: Added.
  • fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track-expected.txt: Added.
  • fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html: Added.
4:00 AM Changeset in webkit [197856] by akling@apple.com
  • 3 edits
    2 adds in trunk

ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

This got rolled out the first time because it failed on bots. It failed due
to expecting a specific number of documents to be live at the start of the
test, which was not reliable on bots since we appear to have more leaks(!)

Tweaked the test to check the delta in live document count instead.

  • fast/dom/ImageDocument-world-leak-expected.txt: Added.
  • fast/dom/ImageDocument-world-leak.html: Added.
3:24 AM Changeset in webkit [197855] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197654 - [JSC] Remove a superfluous Move in front of every double unboxing
https://bugs.webkit.org/show_bug.cgi?id=155064

Reviewed by Saam Barati.

Double unboxing was always doing:

Move source, scratch
Add64 tag, scratch
IntToDouble scratch, fp

We do not need to "Move" to copy the source.
Both x86 and ARM64 have an efficient 3 operands Add instruction.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compileDoubleRep):
(JSC::DFG::SpeculativeJIT::speculateRealNumber):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::unboxDouble):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::unboxDoubleWithoutAssertions):
(JSC::AssemblyHelpers::unboxDouble):
(JSC::AssemblyHelpers::unboxDoubleNonDestructive):

3:02 AM Changeset in webkit [197854] by svillar@igalia.com
  • 7 edits in trunk

[css-grid] Fix auto-track sizing with min-size:auto and specific sizes
https://bugs.webkit.org/show_bug.cgi?id=155165

Reviewed by Darin Adler.

Source/WebCore:

Specs recently changed the way auto tracks are sized. In the
previous versions, when sizing auto minimums, only the
min-width|height of the items spanning through the auto tracks
were used to size them. The new text specifies that for items
with a specified minimum size of auto, the behavior is
equivalent to a min-content minimum.

This means that from now on, auto tracks with min-size:auto
will no longer be smaller than min-content tracks (which was
pretty weird from the user POV).

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::minSizeForChild): use grid items
min-content contributions whenever the specified size is not
auto or when min-size is auto.

LayoutTests:

  • fast/css-grid-layout/grid-automatic-minimum-for-auto-columns-expected.txt:
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-columns.html:
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-rows-expected.txt:
  • fast/css-grid-layout/grid-automatic-minimum-for-auto-rows.html:
2:56 AM Changeset in webkit [197853] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197733 - REGRESSION(r197062): [GTK] Transparent backgrounds no longer work after r197062
https://bugs.webkit.org/show_bug.cgi?id=155119

Reviewed by Martin Robinson.

This is because after r197062 we are now realizing the view too
early, even before the toplevel window has been realized, forcing
the toplevel window to be realized. If the RGBA visual is set on
the window after it has been realzied it doesn't have any
effect. We should wait until the toplevel window is realized to
realize the web view, giving time to the application to set RGBA
visual and background color. If the toplevel window is already
realized we realize the web view immediately, so that this doesn't
affect the tearing problems fixed in r197062.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(toplevelWindowRealized):
(webkitWebViewBaseSetToplevelOnScreenWindow):

2:52 AM Changeset in webkit [197852] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197653 - [JSC] Use 3 operands Add in more places
https://bugs.webkit.org/show_bug.cgi?id=155082

Reviewed by Filip Pizlo.

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::addPtr):
(JSC::MacroAssembler::add32):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::add32):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithAdd):
The case with child1 constant is useless.
The canonical form will have the constant as child2.

Also add register reuse for the fast-add.
Registers are a scarce resource on x86.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::prepareForTailCallSlow):

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generate):

2:28 AM Changeset in webkit [197851] by Carlos Garcia Campos
  • 14 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197652 - [JSC] Improve codegen of Compare and Test
https://bugs.webkit.org/show_bug.cgi?id=155055

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-06
Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch introduces a few improvements on how we lower
Compare and Test with immediates:

-Add certain Immediate forms of ARM64.
-Use CBZ/CBNZ when possible on ARM64.
-When possible, convert a CMP into a TST

On some hardware, we can issue more TST simultaneously.

On x86, any TST+Jump is candidate for macro-fusion.
They are also smaller.
(sections 3.4.2.2 and 3.5.1.9)

-Do not load the mask immediate of a TST

if it only contains ones (mostly useful for ARM64
since that would not have been a valid immediate).

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::compare32):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyAfterFloatingPointCompare):
This is somewhat unrelated but I found that out while working
on moveDoubleConditionallyTest32:

If "thenCase" and "dest" are assigned the same register
by the allocator, then the first (f)fcsel would override
the "thenCase" and the second fcsel would always be "elseCase".

This is covered by testb3 but was only uncovered
after recent "Move" removals in lowering.

(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveConditionally64):
(JSC::MacroAssemblerARM64::moveConditionallyTest32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally64):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerARM64::branch32):
(JSC::MacroAssemblerARM64::branch64):
(JSC::MacroAssemblerARM64::branchTest32):
(JSC::MacroAssemblerARM64::test32):
The version taking an immediate was guarded by

(cond == Zero)
(cond == NonZero). That is overzealous,

and only needed for CBZ/CBNZ.

(JSC::MacroAssemblerARM64::branchTest64):
(JSC::MacroAssemblerARM64::compare32):
(JSC::MacroAssemblerARM64::compare64):
(JSC::MacroAssemblerARM64::commuteCompareToZeroIntoTest):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveConditionallyTest32):
(JSC::MacroAssemblerX86Common::branch32):
(JSC::MacroAssemblerX86Common::test32):
(JSC::MacroAssemblerX86Common::branchTest32):
(JSC::MacroAssemblerX86Common::compare32):
(JSC::MacroAssemblerX86Common::commuteCompareToZeroIntoTest):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::compare64):
(JSC::MacroAssemblerX86_64::branch64):
(JSC::MacroAssemblerX86_64::moveConditionally64):

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createGenericCompare):
Unfortunately this cannot be abstracted by the MacroAssembler.
Those immediates are not valid, we have to pick the better
for right away.

  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::int64Operands):
(JSC::B3::modelCompare):
(JSC::B3::testCompareImpl):
(JSC::B3::testCompare):
(JSC::B3::b3Pow):
(JSC::B3::testPowDoubleByIntegerLoop):
Some versions of pow(double, int) do not return
the exact same bits as our integer loop.
Added a new version to have the same behavior
as the B3 loop.

(JSC::B3::run):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileInt32Compare):
Comparing to an immediate is super common. Do not waste
a register for that!

Source/WebCore:

  • cssjit/FunctionCall.h:

(WebCore::FunctionCall::callAndBranchOnCondition):

2:15 AM Changeset in webkit [197850] by Manuel Rego Casasnovas
  • 10 edits
    2 adds in trunk

[css-grid] Initial support for implicit grid before explicit grid
https://bugs.webkit.org/show_bug.cgi?id=155014

Reviewed by Darin Adler.

Source/WebCore:

Change GridSpan to store int instead of unsigned. This allows us to
resolve positions before the explicit grid with negative values.

This patch adds a new type of GridSpan called "Untranslated".
This type is only used in populateExplicitGridAndOrderIterator().
Where we store the smallest negative position in both axis.

Then the GridSpans are translated into positive values, using the offset
calculated before. This is done in placeItemsOnGrid() and from that
moment the rest of the code uses "Definite" GridSpans, which returns
only positive positions (unsigned instead of int).
This allows us to don't have to modify the rest of the code, as it keeps
using GridSpans as before.

Let's use an example to explain how it works. Imagine that we've a 2
columns grid and 2 items placed like:

  • Item A: grid-column: -5;
  • Item B: grid-column: 1;

Initially we'll use "Unstranslated" GridSpans with the following values:

  • Item A: GridSpan(-2, -1)
  • Item B: GridSpan(0, 1)

Then we'll translate them using the smallest position as offset (-2)
so we've "Definite" GridSpans:

  • Item A: GridSpan(0, 1)
  • Item B: GridSpan(2, 3)

Test: fast/css-grid-layout/implicit-tracks-before-explicit.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseGridTemplateAreasRow):

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::gridTrackSize):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
(WebCore::RenderGrid::layoutPositionedObject): Deleted.

  • rendering/RenderGrid.h:
  • rendering/style/GridCoordinate.h:

(WebCore::GridSpan::untranslatedDefiniteGridSpan):
(WebCore::GridSpan::translatedDefiniteGridSpan):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::untranslatedResolvedInitialPosition):
(WebCore::GridSpan::untranslatedResolvedFinalPosition):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::isTranslatedDefinite):
(WebCore::GridSpan::isIndefinite):
(WebCore::GridSpan::translate):
(WebCore::GridSpan::GridSpan):
(WebCore::GridSpan::operator==): Deleted.
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator): Deleted.
(WebCore::GridSpan::GridSpanIterator::operator unsigned&): Deleted.

  • rendering/style/GridResolvedPosition.cpp:

(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
(WebCore::GridResolvedPosition::spanSizeForAutoPlacedItem): Deleted.

LayoutTests:

Updated results in current tests and added specific test for this.

  • fast/css-grid-layout/grid-auto-flow-resolution.html:
  • fast/css-grid-layout/grid-item-negative-position-resolution.html:
  • fast/css-grid-layout/grid-item-spanning-resolution.html:
  • fast/css-grid-layout/implicit-tracks-before-explicit-expected.txt: Added.
  • fast/css-grid-layout/implicit-tracks-before-explicit.html: Added.
2:05 AM Changeset in webkit [197849] by Carlos Garcia Campos
  • 15 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197649 - DFG should know how to speculate StringOrOther
https://bugs.webkit.org/show_bug.cgi?id=155094

Reviewed by Saam Barati.

Any code that processes the regexp matches array was previously doing a relatively expensive
Branch(Untyped:). This introduces a new use kind called StringOrOther, which is perfect for
code that loops over the matches array and branches on the entries being non-empty.

To do this, I needed to introduce code into the FTL that creates new blocks. We still had that
awful FTL_NEW_BLOCK idiom since the only way to debug LLVM IR was to ascribe names to basic
blocks. B3 IR is inherently more debuggable since unlike LLVM, B3 knows how to always respect
code origin, and it knows how to print the code origin nicely in the dumps. So, rather than
continue using FTL_NEW_BLOCK(m_out, ("things")), I replaced all of that stuff with
m_out.newBlock(). It's much nicer that way.

This is a tiny speed-up on Octane/regexp at best. I was hoping for more. Oh well.

  • bytecode/SpeculatedType.h:

(JSC::isStringSpeculation):
(JSC::isStringOrOtherSpeculation):
(JSC::isSymbolSpeculation):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateString):
(JSC::DFG::Node::shouldSpeculateStringOrOther):
(JSC::DFG::Node::shouldSpeculateStringObject):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStringZeroLength):
(JSC::DFG::SpeculativeJIT::compileLogicalNotStringOrOther):
(JSC::DFG::SpeculativeJIT::emitStringBranch):
(JSC::DFG::SpeculativeJIT::emitStringOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compileConstantStoragePointer):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculateString):
(JSC::DFG::SpeculativeJIT::speculateStringOrOther):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):
(JSC::FTL::DFG::LowerDFGToB3::compileBooleanToNumber):
(JSC::FTL::DFG::LowerDFGToB3::compileToThis):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithDiv):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMod):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMinOrMax):
(JSC::FTL::DFG::LowerDFGToB3::compileArithPow):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayifyToStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileGetById):
(JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayByteOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPop):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCopyRest):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRestLength):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileToPrimitive):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharCodeAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiGetByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
(JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileSwitch):
(JSC::FTL::DFG::LowerDFGToB3::compileIsString):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
(JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::compileOverridesHasInstance):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
(JSC::FTL::DFG::LowerDFGToB3::compileHasStructureProperty):
(JSC::FTL::DFG::LowerDFGToB3::compileGetDirectPname):
(JSC::FTL::DFG::LowerDFGToB3::compileGetEnumeratorStructurePname):
(JSC::FTL::DFG::LowerDFGToB3::compileGetEnumeratorGenericPname):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::checkStructure):
(JSC::FTL::DFG::LowerDFGToB3::numberOrNotCellToInt32):
(JSC::FTL::DFG::LowerDFGToB3::checkInferredType):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::loadVectorWithBarrier):
(JSC::FTL::DFG::LowerDFGToB3::copyBarrier):
(JSC::FTL::DFG::LowerDFGToB3::loadVectorReadOnly):
(JSC::FTL::DFG::LowerDFGToB3::compareEqObjectOrOtherToObject):
(JSC::FTL::DFG::LowerDFGToB3::nonSpeculativeCompare):
(JSC::FTL::DFG::LowerDFGToB3::stringsEqual):
(JSC::FTL::DFG::LowerDFGToB3::allocateCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorageAndGetEnd):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::boolify):
(JSC::FTL::DFG::LowerDFGToB3::equalNullOrUndefined):
(JSC::FTL::DFG::LowerDFGToB3::contiguousPutByValOutOfBounds):
(JSC::FTL::DFG::LowerDFGToB3::switchString):
(JSC::FTL::DFG::LowerDFGToB3::switchStringRecurse):
(JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::strictInt52ToJSValue):
(JSC::FTL::DFG::LowerDFGToB3::jsValueToStrictInt52):
(JSC::FTL::DFG::LowerDFGToB3::convertDoubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateCellOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateObjectOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringIdent):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringOrStringObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRealNumber):
(JSC::FTL::DFG::LowerDFGToB3::speculateNotStringVar):
(JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
(JSC::FTL::DFG::LowerDFGToB3::callCheck):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::initialize):
(JSC::FTL::Output::newBlock):
(JSC::FTL::Output::check):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::setFrequency):
(JSC::FTL::Output::insertNewBlocksBefore):

1:35 AM Changeset in webkit [197848] by Carlos Garcia Campos
  • 33 edits
    5 adds in releases/WebKitGTK/webkit-2.12

Merge r197641 - RegExpMatchesArray doesn't know how to have a bad time
https://bugs.webkit.org/show_bug.cgi?id=155069

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

In trunk if we are having a bad time, the regexp matches array is still allocated with a
non-slow-put indexing shape, which makes it have the wrong behavior on indexed setters on
the prototype chain.

Getting this to work right requires introducing bad time code paths into the regexp matches
array. It also requires something more drastic: making this code not play games with the
global object. The code that creates the matches array needs to have the actual global
object of the regexp native function that it's logically created by.

This is totally different from how we've handled global objects in the past because it means
that the global object is not a constant. Normally we can make it a constant because a
script executable will know its global object. But with native functions, it's the function
instance that knows the global object - not the native executable. When we inline a native
intrinsic, we are guaranteed to know the native executable but we're not guaranteed to know
the functon instance. This means that the global object may be a variable that gets computed
by looking at the instance at run-time. So, the RegExpExec/RegExpTest nodes in DFG IR now
take a global object child. That also meant adding a new node type, GetGlobalObject, which
does the thing to the callee that CallFrame::lexicalGlobalObject() would have done.
Eventually, we'll probably have to make other native intrinsics also use GetGlobalObject. It
turns out that this really isn't so bad because usually it's constant-folded anyway, since
although the intrinsic code supports executable-based inlining (which leaves the callee
instance as an unknown), it happens rarely for intrinsics. So, conveying the global object
via a child isn't any worse than conveying it via meta-data, and it's probably better than
telling the inliner not to do executable-based inlining of native intrinsics. That would
have been a confusing special-case.

This is perf-neutral on my machines but it fixes a bug and it unlocks some interesting
possibilities. For example, RegExpExec can now make a firm promise about the type of array
it's creating.

This also contains some other changes:

  • We are now using Structure::addPropertyTransition() in a lot of places even though it was meant to be an internal method with a quirky contract - for example if only works if you know that there is not existing transition. This relaxes this constraint.
  • Restores the use of "*" for heap references in JSString.h. It's very unusual to have heap references pointed at with "&", since we don't currently do that anywhere. The fact that it was using the wrong reference type also meant that the code couldn't elegantly make use of some our GC pointer helpers like jsCast<>.
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::attemptToInlineCall):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileSkipScope):
(JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileSkipScope):
(JSC::FTL::DFG::LowerDFGToB3::compileGetGlobalObject):
(JSC::FTL::DFG::LowerDFGToB3::compileGetClosureVar):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

  • jit/JITOperations.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::haveABadTime):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:
  • runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):

  • runtime/JSString.h:

(JSC::jsString):
(JSC::jsSubstring):

  • runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::lastResult):

  • runtime/RegExpMatchesArray.cpp:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::createRegExpMatchesArrayStructure):
(JSC::createRegExpMatchesArraySlowPutStructure):

  • runtime/RegExpMatchesArray.h:
  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTest):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncCompile):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

  • runtime/Structure.cpp:

(JSC::Structure::suggestedArrayStorageTransition):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::addNewPropertyTransition):

  • runtime/Structure.h:
  • tests/stress/regexp-matches-array-bad-time.js: Added.
  • tests/stress/regexp-matches-array-slow-put.js: Added.

LayoutTests:

  • js/regress/regexp-exec-expected.txt: Added.
  • js/regress/regexp-exec.html: Added.
  • js/regress/script-tests/regexp-exec.js: Added.
12:54 AM Changeset in webkit [197847] by mmaxfield@apple.com
  • 7 edits
    2 adds in trunk

[iOS] Arabic text on Wikipedia is shown as boxes
https://bugs.webkit.org/show_bug.cgi?id=155129
<rdar://problem/24919902>

Reviewed by Darin Adler.

Source/WebCore:

GeezaPro is the PostScript name, not the family name.

Test: fast/text/arabic-blacklisted.html

  • platform/graphics/ios/FontCacheIOS.mm:

(WebCore::platformLookupFallbackFont):

LayoutTests:

This test is iOS-specific.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/mac/TestExpectations:
  • platform/win/TestExpectations:
  • fast/text/arabic-blacklisted-expected.html: Added.
  • fast/text/arabic-blacklisted.html: Added.
12:46 AM Changeset in webkit [197846] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197640 - [JSC] RegExp#lastIndex should handle writable attribute when defining in defineOwnProperty path
https://bugs.webkit.org/show_bug.cgi?id=155093

Reviewed by Filip Pizlo.

Before this patch, setLastIndex(ExecState* exec, size_t lastIndex) always overwrites the existing value
regardless of writable attribute.
And when defining RegExp#lastIndex in defineOwnProperty, we need to define the value first
before making the attribute readonly. After changing the writable attribute, we cannot define the value.

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::defineOwnProperty):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::setLastIndex):

  • tests/stress/regexp-last-index-writable.js: Added.

(shouldBe):
(shouldThrow):
(regExpLastIndex):

12:32 AM Changeset in webkit [197845] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197622 - The most aggressive form of RegExpTest/RegExpExec should speculate more aggressively than just cell
https://bugs.webkit.org/show_bug.cgi?id=154900

Reviewed by Saam Barati.

These old operations used to speculate cell. That's what they did when they were first
introduced. That was probably about as good as they could do back then because we didn't have
very powerful checks. Now we have powerful checks, so we can do this right.

The most profitable thing to check is that child1 is a RegExpObject and child2 is a JSString.
Sometimes though, we will not know what child2 is even though we know that child1 is a
RegExpObject. So, this patch means that RegExpExec/RegExpTest have the following overloads:

RegExpExec(RegExpObject:, String:)
RegExpExec(RegExpObject:, Untyped:)
RegExpExec(Untyped:, Untyped:)

This shaves off some type checks in Octane/regexp. It also cleans up some problems in our
modeling of the effectfulness of these operations.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):

  • jit/JITOperations.h:
12:05 AM Changeset in webkit [197844] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197609 - [GTK] Scrollbars are broken again with GTK+ >= 3.19.11
https://bugs.webkit.org/show_bug.cgi?id=154890

Reviewed by Michael Catanzaro.

Scrollbar style properties have been deprecated in GTK+, and it
seems that now deprecating means keeping the properties but
ignoring them. So, this reworks the whole scrollbars theme code
again to not cache style properties anymore, but retrieve them
from the GtkStyleContext. Previous GTK+ versions still need to
query the style properties, so I've added helper functions to get
all the style properties with the ifdefs, trying to keep the
common render code free of GTK+ versions ifdefs.

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::thumbRect):
(WebCore::ScrollbarThemeGtk::paintTrackBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::buttonSize):
(WebCore::ScrollbarThemeGtk::stepperSize):
(WebCore::ScrollbarThemeGtk::getStepperSpacing):
(WebCore::ScrollbarThemeGtk::troughUnderSteppers):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):
(WebCore::ScrollbarThemeGtk::thumbFatness):
(WebCore::ScrollbarThemeGtk::getTroughBorder):
(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::ScrollbarThemeGtk::handleMousePressEvent):

  • platform/gtk/ScrollbarThemeGtk.h:

Mar 8, 2016:

11:59 PM Changeset in webkit [197843] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197577 - Remove use of deprecated sqlite3_expired
https://bugs.webkit.org/show_bug.cgi?id=155025

Reviewed by Tim Horton.

Since we exclusively use sqlite3_prepare_v2 and don't use sqlite3_prepare,
manually checking for expired statements is not necessary.

  • platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::isExpired): Null check the statement, but don't bother

with sqlite3_expired.

11:59 PM Changeset in webkit [197842] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197576 - Location.reload should not be writable
https://bugs.webkit.org/show_bug.cgi?id=154989

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

After r196770, operations marked as [Unforgeable] in the IDL (such as
Location.reload) are correctly reported as not writable by
Object.getOwnPropertyDescriptor(). Trying to set such property in JS
is correctly ignored (or throws in strict mode) if the object has
previously been reified. However, due to a bug in putEntry(), it was
still possible to override the property if the object was not reified
yet. This patch fixes the issue by checking in putEntry() that entries
that are functions are not ReadOnly before calling putDirect().

  • runtime/Lookup.h:

(JSC::putEntry):

LayoutTests:

Add a layout test to verify that operations marked as [Unforgeable] in
IDL are indeed not writable.

  • fast/html/unforgeable-operations-readonly-expected.txt: Added.
  • fast/html/unforgeable-operations-readonly.html: Added.
11:45 PM Changeset in webkit [197841] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

Unreviewed, rolling out r197825.
https://bugs.webkit.org/show_bug.cgi?id=155222

It broke the EFL build. It is not dead code. (Requested by
gyuyoung on #webkit).

Reverted changeset:

"Delete dead scrolling code"
https://bugs.webkit.org/show_bug.cgi?id=155210
http://trac.webkit.org/changeset/197825

11:44 PM Changeset in webkit [197840] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.12

Merge r197570 - [iOS] Crash during font loading when injected bundle cancels load
https://bugs.webkit.org/show_bug.cgi?id=155001

Reviewed by Tim Horton.

Source/WebCore:

If a injected bundle cancels the load, the fontLoaded() callback will be
called twice. We can simply detect this condition.

Test: CancelLoading.CancelFontSubresource API test

  • css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::fontLoaded):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2/Ahem.ttf: Added.
  • TestWebKitAPI/Tests/WebKit2/webfont.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresource.mm: Added.

(-[Myles webView:didFinishNavigation:]):
(TEST):

  • TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresourcePlugIn.mm: Added.

(-[CancelFontSubresourcePlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[CancelFontSubresourcePlugIn webProcessPlugInBrowserContextController:frame:willSendRequestForResource:request:redirectResponse:]):

11:42 PM Changeset in webkit [197839] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197552 - Drop DocumentSharedObjectPool immediately when going into PageCache.
<https://webkit.org/b/154986>

Reviewed by Antti Koivisto.

The DocumentSharedObjectPool is a weirdly efficient little optimization
that deduplicates ElementData during the first 10s of a Document's lifetime.
While it's up, every ElementData created will persist so it can be used for
deduplication.

If a Document goes into the PageCache while its shared object pool is still
alive, we can just kill it right away. This will sometimes allow us to free
a bunch of ElementData sooner.

  • dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::setInPageCache):
(WebCore::Document::clearSharedObjectPool):
(WebCore::Document::sharedObjectPoolClearTimerFired): Deleted.

  • dom/Document.h:
11:29 PM Changeset in webkit [197838] by fpizlo@apple.com
  • 2 edits in trunk/Source/WTF

Remove failing assertion. There are strings that claim to be atomic but that the
compiler thread can totally deal with, like the empty string.

Rubber stamped by Mark Lam.

  • wtf/text/StringImpl.h:

(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

11:28 PM Changeset in webkit [197837] by Carlos Garcia Campos
  • 22 edits
    6 adds in releases/WebKitGTK/webkit-2.12

Merge r197549 - DFG/FTL should inline accesses to RegExpObject::m_lastIndex
https://bugs.webkit.org/show_bug.cgi?id=155003

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

The Octane/regexp benchmark sets RegExps' lastIndex a lot. I could imagine this being
something that people want to do. Right now, I'm not convinced that making the RegExp object
be more plain-JS would be a good idea considering that pretty much all uses of it will
require some special compiler magic. Also, it's good that this patch teaches the compiler
how to reason about lastIndex since some of my other plans for regexp involve having the
compiler treat more regexp stuff as intrinsic.

This is a smaller Octane/regexp speed-up than I hoped - maybe around 1%. It's an enormous
speed-up on the microbenchmarks attached to this patch.

  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
(JSC::DFG::SpeculativeJIT::compileGetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStoreBarrierInsertionPhase.cpp:
  • ftl/FTLAbstractHeapRepository.cpp:
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::compileSetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::lowObject):
(JSC::FTL::DFG::LowerDFGToB3::lowRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::lowString):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):
(JSC::RegExpObject::offsetOfLastIndex):

LayoutTests:

  • js/regress/regexp-last-index-expected.txt: Added.
  • js/regress/regexp-last-index.html: Added.
  • js/regress/regexp-set-last-index-expected.txt: Added.
  • js/regress/regexp-set-last-index.html: Added.
  • js/regress/script-tests/regexp-last-index.js: Added.
  • js/regress/script-tests/regexp-set-last-index.js: Added.
11:28 PM Changeset in webkit [197836] by Carlos Garcia Campos
  • 1 edit
    3 deletes in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197547 - Unreviewed, remove test with flaky timeout that doesn't test anything anymore. This test
was relevant back when arguments got torn off; something that we don't do anymore. It
uses a loop that waits for the top-tier compiler to compile it. We don't write tests
like that anymore.

  • js/dfg-osr-exit-between-create-and-tearoff-arguments-expected.txt: Removed.
  • js/dfg-osr-exit-between-create-and-tearoff-arguments.html: Removed.
  • js/script-tests/dfg-osr-exit-between-create-and-tearoff-arguments.js: Removed.
10:27 PM Changeset in webkit [197835] by Chris Dumez
  • 3 edits
    2 adds in trunk

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
https://bugs.webkit.org/show_bug.cgi?id=155215

Reviewed by Ryosuke Niwa.

Source/WebCore:

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
due to a bug in r197726. This patch fixes the issue by only comparing
candidate.tabIndex to winningTabIndex if winner is non-null.

Test: fast/events/max-tabindex-focus.html

  • page/FocusController.cpp:

(WebCore::nextElementWithGreaterTabIndex):

LayoutTests:

Add test to make sure that an Element with a tabIndex equal to
2147483647 (maximum tabIndex) can be focused.

  • fast/events/max-tabindex-focus-expected.txt: Added.
  • fast/events/max-tabindex-focus.html: Added.
9:53 PM Changeset in webkit [197834] by ap@apple.com
  • 2 edits in trunk/Tools

Fix iOS Simulator EWS.

Unreviewed build fix.

  • Scripts/webkitpy/common/config/ports.py:
9:16 PM Changeset in webkit [197833] by fpizlo@apple.com
  • 27 edits
    6 adds in trunk

DFG should be able to constant-fold strings
https://bugs.webkit.org/show_bug.cgi?id=155200

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This adds constant-folding of string1 + string2 and string.length. The actual folding
rule is easy, but there are some gotchas.

The problem is that the DFG cannot allocate new JSString objects until we are on the
main thread. So, DFG IR must have a node for a JSValue string constant that hasn't been
created yet - i.e. it doesn't have any concrete JSValue bits yet.

We have the ability to speak of such things, using LazyJSValue. But that's a class, not
a node type. This patch now adds a node type, LazyJSConstant, which is a Node that holds
a LazyJSValue.

This puts us in a weird situation: AI uses JSValue to represent constants. It would take
a lot of work to change it to use LazyJSValue. So, this implements the constant folding
in StrengthReductionPhase. I created a bug and put a FIXME about moving these rules into
AI.

OTOH, our experience in B3 shows that constant folding in strength reduction is quite
nice. It would totally make sense to have strength reduction have constant folding rules
that mirror the rules in AI, or to factor out the AI constant folding rules, the same
way that B3 factors out those rules into Value methods.

Another issue is how to represent the cumulative result of possibly many foldings. I
initially considered adding LazyJSValue kinds that represented concatenation. Folding
the concatenation to a constant meand that this constant was actually a LazyJSValue that
represented the concatenation of two other things. But this would get super messy if we
wanted to fold an operation that uses the results of another folded operation.

So, the JIT thread folds string operations by creating a WTF::String that contains the
result. The DFG::Graph holds a +1 on the underlying StringImpl, so we can pass the
StringImpl* around without reference counting. The LazyJSValue now has a special kind
that means: we created this StringImpl* on the JIT thread, and once the JIT is done, we
will relinquish ownership of it. LazyJSValue has some magic to emit code for these
to-be-created-JSStrings while also transferring ownership of the StringImpl from the JIT
thread to the main thread and registering the JSString with the GC.

This just implements folding for concatenation and GetArrayLength. It's just a proof of
concept for evil things I want to do later.

This change is a 2.5x speed-up on the string concatenation microbenchmarks I added in
this patch.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGFrozenValue.cpp:

(JSC::DFG::FrozenValue::emptySingleton):
(JSC::DFG::FrozenValue::tryGetString):
(JSC::DFG::FrozenValue::dumpInContext):

  • dfg/DFGFrozenValue.h:

(JSC::DFG::FrozenValue::strength):

  • dfg/DFGGraph.h:
  • dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::newString):
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToStringImpl):
(JSC::DFG::LazyJSValue::tryGetStringImpl):
(JSC::DFG::LazyJSValue::tryGetString):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::switchLookupValue):
(JSC::DFG::LazyJSValue::emit):
(JSC::DFG::LazyJSValue::dumpInContext):

  • dfg/DFGLazyJSValue.h:

(JSC::DFG::LazyJSValue::LazyJSValue):
(JSC::DFG::LazyJSValue::knownStringImpl):
(JSC::DFG::LazyJSValue::kind):
(JSC::DFG::LazyJSValue::tryGetValue):
(JSC::DFG::LazyJSValue::character):
(JSC::DFG::LazyJSValue::stringImpl):

  • dfg/DFGMayExit.cpp:

(JSC::DFG::mayExit):

  • dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):
(JSC::DFG::Node::convertToLazyJSConstant):
(JSC::DFG::Node::convertToPutHint):
(JSC::DFG::Node::convertToPutClosureVarHint):
(JSC::DFG::Node::tryGetString):
(JSC::DFG::Node::promotedLocationDescriptor):

  • dfg/DFGNode.h:

(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::convertToConstantStoragePointer):
(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::hasLazyJSValue):
(JSC::DFG::Node::lazyJSValue):
(JSC::DFG::Node::initializationValueForActivation):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileLazyJSConstant):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Constant):
(JSC::FTL::DFG::LowerDFGToB3::compileLazyJSConstant):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):

Source/WTF:

Also disable assertions about reference counting strings on the JIT thread. We will do
that now and it's OK.

  • wtf/text/StringImpl.h:

(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

LayoutTests:

  • js/regress/script-tests/strcat-const.js: Added.

(foo):
(bar):

  • js/regress/script-tests/strcat-length-const.js: Added.

(foo):
(bar):

  • js/regress/strcat-const-expected.txt: Added.
  • js/regress/strcat-const.html: Added.
  • js/regress/strcat-length-const-expected.txt: Added.
  • js/regress/strcat-length-const.html: Added.
9:02 PM Changeset in webkit [197832] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Timelines keeps switching to overview instead of keeping the selected timeline
https://bugs.webkit.org/show_bug.cgi?id=155212
<rdar://problem/25052504>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie):
The sidebar was using out of date information in its tree outline causing it to
switch to the wrong sidebar. Use the up to date information from the recording view.

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView.prototype._recordingSelected):
Fix typo not getting the right timeline type.

8:39 PM Changeset in webkit [197831] by weinig@apple.com
  • 7 edits in trunk/Source/WebCore

Stop using the UserContentController for injecting the override style sheet from CaptionUserPreferences
https://bugs.webkit.org/show_bug.cgi?id=155211

Reviewed by Dan Bernstein.

The UserContentController is going to become read only from WebCore's perspective. The CaptionUserPreferences
was relying on being able to set a UserStyleSheet on it, but this was really unnecessary complexity. Simplify
things by storing the style sheet's source directly on the Page and teaching ExtensionStyleSheets about it
explicitly.

  • dom/ExtensionStyleSheets.cpp:

(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
If there is a captionUserPreferencesStyleSheet on the page, inject it.

  • page/CaptionUserPreferences.cpp:

(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
Greatly simplify the code. Now, all this does is set the style sheet on each page.

  • page/Page.cpp:

(WebCore::Page::invalidateInjectedStyleSheetCacheInAllFrames):
Extract this out from UserContentController.

(WebCore::Page::setUserContentController):
Call the newly extracted invalidateInjectedStyleSheetCacheInAllFrames().

(WebCore::Page::captionUserPreferencesStyleSheet):
(WebCore::Page::setCaptionUserPreferencesStyleSheet):
Add getter/setter. When setting, invalidate the style sheet cache.

  • page/Page.h:

Add new members and functions.

  • page/UserContentController.cpp:

(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::removeAllUserContent):
Switch to calling invalidateInjectedStyleSheetCacheInAllFramesInAllPages().

(WebCore::UserContentController::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
Rename and implement in terms of Page::invalidateInjectedStyleSheetCacheInAllFrames().

  • page/UserContentController.h:

Rename function.

6:50 PM Changeset in webkit [197830] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Booting multiple iOS simulator parallely fails sometimes
https://bugs.webkit.org/show_bug.cgi?id=155208
<rdar://problem/25019651>

Reviewed by Darin Adler.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run): Increase the time delay between subsequent
simulator boot.

6:27 PM Changeset in webkit [197829] by weinig@apple.com
  • 2 edits in trunk/Source/WebKit2

Roll r197632 back in now that the bots have caught up.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView textInputTraits]):

6:17 PM Changeset in webkit [197828] by ap@apple.com
  • 2 edits in trunk/Tools

Add iOS debug testers to flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=155206

Reviewed by Darin Adler.

  • TestResultServer/static-dashboards/builders.jsonp:
6:06 PM Changeset in webkit [197827] by Joseph Pecoraro
  • 22 edits
    3 copies in trunk/Source

Web Inspector: Memory Timeline should show MemoryPressure events
https://bugs.webkit.org/show_bug.cgi?id=155158
<rdar://problem/25026610>

Reviewed by Brian Burg.

Source/JavaScriptCore:

  • inspector/protocol/Memory.json:

Source/WebCore:

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseMemory):
When responding to memory pressure, notify page inspectors.

  • platform/cocoa/MemoryPressureHandlerCocoa.mm:

Remove unused includes.

  • inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didHandleMemoryPressureImpl):

  • inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::playbackStarted):
(WebCore::InspectorInstrumentation::playbackPaused):
(WebCore::InspectorInstrumentation::playbackFinished):
(WebCore::InspectorInstrumentation::playbackHitPosition):
(WebCore::InspectorInstrumentation::didHandleMemoryPressure):

  • inspector/InspectorMemoryAgent.cpp:

(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):

  • inspector/InspectorMemoryAgent.h:
  • inspector/InstrumentingAgents.cpp:

(WebCore::InstrumentingAgents::reset):

  • inspector/InstrumentingAgents.h:

(WebCore::InstrumentingAgents::inspectorMemoryAgent):
(WebCore::InstrumentingAgents::setInspectorMemoryAgent):
Plumbing to notify the right active inspector.

Source/WebInspectorUI:

  • UserInterface/Main.html:

New resources.

  • UserInterface/Base/Main.js:

(WebInspector.loaded):

  • UserInterface/Controllers/MemoryManager.js:

(WebInspector.MemoryManager):
(WebInspector.MemoryManager.prototype.memoryPressure):

  • UserInterface/Protocol/MemoryObserver.js:

(WebInspector.MemoryObserver.prototype.memoryPressure):
New manager for Memory domain events.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager):
(WebInspector.TimelineManager.defaultInstruments):
(WebInspector.TimelineManager.prototype._memoryPressure):

  • UserInterface/Models/TimelineRecording.js:

(WebInspector.TimelineRecording.prototype.addMemoryPressureEvent):
Add events to the Memory Timeline of the active recording.

  • UserInterface/Models/MemoryTimeline.js:

(WebInspector.MemoryTimeline.prototype.get memoryPressureEvents):
(WebInspector.MemoryTimeline.prototype.addMemoryPressureEvent):
(WebInspector.MemoryTimeline.prototype.reset):
(WebInspector.MemoryTimeline):

  • UserInterface/Models/Timeline.js:

(WebInspector.Timeline.create):
Create a specific MemoryTimeline to hold records and memory pressure events.

  • UserInterface/Models/MemoryPressureEvent.js:

(WebInspector.MemoryPressureEvent):
(WebInspector.MemoryPressureEvent.fromPayload):
(WebInspector.MemoryPressureEvent.prototype.get timestamp):
(WebInspector.MemoryPressureEvent.prototype.get severity):
Model object for a memory pressure event.

  • UserInterface/Views/MemoryTimelineOverviewGraph.css:

(.timeline-overview-graph.memory .memory-pressure-event):

  • UserInterface/Views/MemoryTimelineOverviewGraph.js:

(WebInspector.MemoryTimelineOverviewGraph):
(WebInspector.MemoryTimelineOverviewGraph.prototype.reset):
(WebInspector.MemoryTimelineOverviewGraph.prototype._visibleMemoryPressureEvents):
(WebInspector.MemoryTimelineOverviewGraph.prototype._memoryTimelineMemoryPressureEventAdded):
Include markers for memory pressure events.

6:06 PM Changeset in webkit [197826] by Joseph Pecoraro
  • 7 edits
    2 adds in trunk

Web Inspector: Add Heap domain start/stop tracking commands
https://bugs.webkit.org/show_bug.cgi?id=155190

Reviewed by Brian Burg.

Source/JavaScriptCore:

  • inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::startTracking):
(Inspector::InspectorHeapAgent::stopTracking):

  • inspector/agents/InspectorHeapAgent.h:
  • inspector/protocol/Heap.json:

Source/WebInspectorUI:

  • UserInterface/Protocol/HeapObserver.js:

(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
To be used when we have a HeapAllocationsInstrument and timeline.

LayoutTests:

  • inspector/heap/tracking-expected.txt: Added.
  • inspector/heap/tracking.html: Added.
6:05 PM Changeset in webkit [197825] by mmaxfield@apple.com
  • 8 edits in trunk/Source/WebCore

Delete dead scrolling code
https://bugs.webkit.org/show_bug.cgi?id=155210

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

  • page/FrameView.cpp:

(WebCore::FrameView::layerForScrolling): Deleted.

  • page/FrameView.h:
  • page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::scrollLayerForScrollableArea): Deleted.

  • page/scrolling/ScrollingCoordinator.h:
  • platform/ScrollableArea.h:

(WebCore::ScrollableArea::horizontalScrollbar):
(WebCore::ScrollableArea::verticalScrollbar):
(WebCore::ScrollableArea::tiledBacking):
(WebCore::ScrollableArea::layerForHorizontalScrollbar):
(WebCore::ScrollableArea::layerForVerticalScrollbar):
(WebCore::ScrollableArea::layerForScrollCorner):
(WebCore::ScrollableArea::layerForOverhangAreas):
(WebCore::ScrollableArea::layerForScrolling): Deleted.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects): Deleted.

  • rendering/RenderLayer.h:
5:44 PM Changeset in webkit [197824] by commit-queue@webkit.org
  • 3 edits
    1 move in trunk/Source/WebInspectorUI

Web Inspector: Make debugging Test.html easier
https://bugs.webkit.org/show_bug.cgi?id=155207

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Brian Burg.

  • UserInterface/Base/InspectorFrontendHostStub.js: Renamed from Source/WebInspectorUI/UserInterface/Protocol/InspectorFrontendHostStub.js.

(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.unbufferedLog):
Add new stub for test function.

  • UserInterface/Main.html:
  • UserInterface/Test.html:

Move the stub to the Base directory.

5:40 PM Changeset in webkit [197823] by mmaxfield@apple.com
  • 2 edits in trunk

[EFL] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155192

Reviewed by Gyuyoung Kim.

  • Source/cmake/OptionsEfl.cmake:
5:38 PM Changeset in webkit [197822] by commit-queue@webkit.org
  • 10 edits
    5 adds in trunk

Web Inspector: Add a way to create a Heap Snapshot
https://bugs.webkit.org/show_bug.cgi?id=155188

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Brian Burg.

Source/JavaScriptCore:

  • inspector/agents/InspectorHeapAgent.h:
  • inspector/protocol/Heap.json:
  • inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::snapshot):
Take a heap snapshot and return the JSON string result.

  • inspector/protocol/Debugger.json:

Remove unused optional inferredName. Our displayName would be inferred.

Source/WebInspectorUI:

  • UserInterface/Main.html:
  • UserInterface/Test.html:

Add new Model resources.

  • UserInterface/Models/HeapSnapshot.js: Added.

(WebInspector.HeapSnapshotClassCategory):
(WebInspector.HeapSnapshot):
(WebInspector.HeapSnapshot.fromPayload):
(WebInspector.HeapSnapshot.prototype.get rootNode):
(WebInspector.HeapSnapshot.prototype.get nodes):
(WebInspector.HeapSnapshot.prototype.get identifier):
(WebInspector.HeapSnapshot.prototype.get instances):
(WebInspector.HeapSnapshot.prototype.get categories):
(WebInspector.HeapSnapshot.prototype.get totalSize):
(WebInspector.HeapSnapshot.prototype.get totalObjectCount):
(WebInspector.HeapSnapshot.prototype.instancesWithClassName):
(WebInspector.HeapSnapshot.prototype.nodeWithObjectIdentifier):

  • UserInterface/Models/HeapSnapshotEdge.js: Added.

(WebInspector.HeapSnapshotEdge):
(WebInspector.HeapSnapshotEdge.prototype.stringify):

  • UserInterface/Models/HeapSnapshotNode.js: Added.

(WebInspector.HeapSnapshotNode):
Data structures for a HeapSnapshot.

LayoutTests:

  • inspector/heap/snapshot-expected.txt: Added.
  • inspector/heap/snapshot.html: Added.
5:05 PM Changeset in webkit [197821] by oliver@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix ios bot build.

5:00 PM Changeset in webkit [197820] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Move two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.

Unreviewed test gardening.

4:40 PM Changeset in webkit [197819] by andersca@apple.com
  • 2 edits in trunk/Source/WTF

Fix AppKitCompatibilityDeclarations build.

  • wtf/mac/AppKitCompatibilityDeclarations.h:

Remove duplicate declarations, conditionally define NSTextAlignment and
add a NSWindowStyleMask typedef.

4:25 PM Changeset in webkit [197818] by oliver@apple.com
  • 1 edit in trunk/Source/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp

Build fix

4:21 PM Changeset in webkit [197817] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Rubber-stamped by Joseph Pecoraro.

Follow up to the fix for this bug: adding a few small clean-ups for issues Joe
pointed out in the bug.

  • runtime/JSBoundSlotBaseFunction.cpp:

(JSC::JSBoundSlotBaseFunction::create):

  • runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitiveByIndex):

4:08 PM Changeset in webkit [197816] by oliver@apple.com
  • 21 edits in trunk

Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Fil Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

  • Configurations/FeatureDefines.xcconfig:
  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::LinkBuffer):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):

  • jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

  • runtime/Options.cpp:

(JSC::recomputeDependentOptions):

  • runtime/Options.h:

Source/WebCore:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

  • wtf/FeatureDefines.h:
  • wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

  • Scripts/run-jsc-benchmarks:
4:01 PM Changeset in webkit [197815] by mark.lam@apple.com
  • 21 edits
    3 adds in trunk

Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

  1. toString() no longer uses the value of Function.name as the name of the function in the returned string, because ...
  1. Function.name is supposed to be configurable. Hence, it can be made writable and can be set to any JSValue, or deleted.
  1. Function.prototype.toString() is supposed to produce a string that can be

eval'ed. Hence, for JS functions, the function name in the produced
string must be a legal function name (and not some arbitrary value set in
Function.name). For example, while a number is a legal value for
Function.name, it is not legal as the function name in the toString()
string.

Instead, we'll always use the original name from the JS source that the
function was parsed from.

  1. JSFunction::name() now always return the original name, not the value of the Function.name property. As a result, it also no longer needs an ExecState* arg.

If the original name is an empty string, JSFunction::name() will use the
inferred name.

  1. For JS functions, the original name can be attained from their FunctionExecutable object.

For host/native functions (which do not have a FunctionExecutable), we get the
"original" name from its NativeExecutable.

  1. The m_hostFunctionStubMap now keys its NativeExecutable pointers using the original name, in addition to the native function and constructor pointers.

This is needed because we want a different NativeExecutable for functions with
a different name (to satisfy (3) above).

  1. Changed JSBoundFunction to store the name of its bound function in its NativeExecutable. This will later be used to generate the toString() string. It's Function.name value is eagerly initialized at construction time.
  1. Function.name for getters/setters are now prefixed with "get"/"set". This was done both for the JSBoundSlotBaseFunctions and JS definable get/set functions.
  1. Added InternalFunction::m_originalName so that we can use it to generate the toString() string. We're storing it as a JSString instead of a WTF::String only because we want InternalFunction to be continue to be trivially destructible.
  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::functionDetails):

  • jit/JITThunks.cpp:

(JSC::JITThunks::finalize):
(JSC::JITThunks::hostFunctionStub):

  • jit/JITThunks.h:
  • runtime/Executable.h:
  • runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

  • runtime/InternalFunction.cpp:

(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):

  • runtime/InternalFunction.h:
  • runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::visitChildren):
(JSC::JSBoundFunction::toStringName): Deleted.

  • runtime/JSBoundFunction.h:

(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):

  • runtime/JSBoundSlotBaseFunction.cpp:

(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::create):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::name):
(JSC::JSFunction::displayName):
(JSC::JSFunction::calculatedDisplayName):
(JSC::JSFunction::reifyName):

  • runtime/JSFunction.h:
  • tests/es6.yaml:

LayoutTests:

  • js/function-toString-vs-name-expected.txt: Added.
  • js/function-toString-vs-name.html: Added.
  • js/script-tests/function-toString-vs-name.js: Added.
3:59 PM Changeset in webkit [197814] by mmaxfield@apple.com
  • 2 edits in trunk

[GTK] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155191

Reviewed by Martin Robinson.

  • Source/cmake/OptionsGTK.cmake:
3:58 PM Changeset in webkit [197813] by andersca@apple.com
  • 2 edits in trunk/Tools

Use NSUInteger instead of NSWindowStyleMask.

  • MiniBrowser/mac/MiniBrowser_Prefix.pch:
3:56 PM Changeset in webkit [197812] by andersca@apple.com
  • 4 edits in trunk/Tools

Fix build.

We intentionally don't use AppKitCompatibilityDeclarations.h here, since we want
MiniBrowser to build without WTF.

  • MiniBrowser/mac/AppDelegate.m:

(-[BrowserAppDelegate _updateNewWindowKeyEquivalents]):

  • MiniBrowser/mac/BrowserWindowController.m:

(-[BrowserWindowController windowDidLoad]):

  • MiniBrowser/mac/MiniBrowser_Prefix.pch:
3:52 PM Changeset in webkit [197811] by mmaxfield@apple.com
  • 12 edits in trunk

Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

  • css3/calc/font-size-fractional-expected.txt:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
  • editing/mac/attributed-string/font-size-expected.txt:
  • editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:
3:44 PM Changeset in webkit [197810] by andersca@apple.com
  • 2 edits
    1 add in trunk/Source/WTF

Add AppKit compatibility header
https://bugs.webkit.org/show_bug.cgi?id=155202

Reviewed by Beth Dakin.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/mac/AppKitCompatibilityDeclarations.h: Added.
3:31 PM Changeset in webkit [197809] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155201

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
3:30 PM Changeset in webkit [197808] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
https://bugs.webkit.org/show_bug.cgi?id=155189
<rdar://problem/25042678>

Reviewed by Alexey Proskuryakov.

Update the NetworkProcess sandbox profiles with a declaration that using the
system-fctl to touch the "hot file" flag (to support caching operations)
is allowed. I should have done this in Bug 154503, but did not.

  • NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: Add sandbox permission.
3:16 PM Changeset in webkit [197807] by adachan@apple.com
  • 3 edits in trunk/Source/WebCore

Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFObjC for Mac.
https://bugs.webkit.org/show_bug.cgi?id=153239

Reviewed by Eric Carlson.

Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
layer and the inline layer depending on the current presentation mode.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC):
Create m_videoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer):
Return the video inline layer from the VideoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):
Call VideoFullscreenLayerManager::setVideoLayer() with the m_videoBackgroundLayer. To make sure
the preview layer (a sublayer of m_videoBackgroundLayer) resize according to aspect ratio, set
its contents gravity to kCAGravityResizeAspect. Also, set its autoresizing mask so it'll resize
with its superlayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenFrame):
Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

3:02 PM Changeset in webkit [197806] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Miscellaneous inspector fixes for typos / stale code
https://bugs.webkit.org/show_bug.cgi?id=155193

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Timothy Hatcher.

  • UserInterface/Models/SourceCodeLocation.js:

(WebInspector.SourceCodeLocation.prototype._locationString):
Fix whitespace.

  • UserInterface/Views/ApplicationCacheFrameContentView.js:

(WebInspector.ApplicationCacheFrameContentView):
Remove unused class name.

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype._showPopoverForFunction.didGetDetails):
Remove inferredName, as that was never sent by our backend and is getting removed.

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._handleMouseUp):
Fix variable name typo.

2:29 PM Changeset in webkit [197805] by ap@apple.com
  • 4 edits in trunk/Tools

Add iOS simulator EWS that runs tests
https://bugs.webkit.org/show_bug.cgi?id=155175

Reviewed by Lucas Forschler.

  • QueueStatusServer/config/queues.py:
  • Scripts/webkitpy/common/config/ews.json:
  • Scripts/webkitpy/common/config/ports.py:
2:22 PM Changeset in webkit [197804] by mmaxfield@apple.com
  • 11 edits
    2 adds in trunk

[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

  • css/CSSFontFace.cpp:

(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.

  • css/CSSFontFace.h: Adding a way for clients to make sure they don't register

or deregister another client.

  • css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):

  • css/CSSFontFaceSet.h:
  • css/FontFace.cpp: Ditto.

(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):

  • css/FontFace.h:
  • css/FontFaceSet.cpp:

(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.

  • css/FontFaceSet.h:
  • dom/Document.cpp:

(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

  • fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
  • fast/text/font-face-set-document-multiple-failure.html: Added.
1:58 PM Changeset in webkit [197803] by commit-queue@webkit.org
  • 21 edits
    1 delete in trunk

Unreviewed, rolling out r197793 and r197799.
https://bugs.webkit.org/show_bug.cgi?id=155195

something weird happened while landing this and everything
broke (Requested by olliej on #webkit).

Reverted changesets:

"Start moving to separated writable and executable mappings in
the JIT"
https://bugs.webkit.org/show_bug.cgi?id=155178
http://trac.webkit.org/changeset/197793

"arm64 build fix after r197793."
http://trac.webkit.org/changeset/197799

1:56 PM Changeset in webkit [197802] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Daniel Bates.

  • UserInterface/Main.html:

Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

1:44 PM Changeset in webkit [197801] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[WK2] Grant explicit read access to ManagedPreferences
https://bugs.webkit.org/show_bug.cgi?id=155173
<rdar://problem/24910550>

Reviewed by Alexey Proskuryakov.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Add new

read permission.

1:42 PM Changeset in webkit [197800] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios-simulator

Unreviewed test gardening.

The test relies on mouse events, which are unsupported on ios-simulator.

  • platform/ios-simulator/TestExpectations:
1:36 PM Changeset in webkit [197799] by achristensen@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

arm64 build fix after r197793.

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
Use consistent ENABLE macro. It looks like it was partially renamed.

1:33 PM Changeset in webkit [197798] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip css3/filters tests that seem to cause a crash on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
1:21 PM Changeset in webkit [197797] by ggaren@apple.com
  • 7 edits
    1 add in trunk/Source/bmalloc

Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

1:15 PM Changeset in webkit [197796] by fpizlo@apple.com
  • 9 edits
    2 adds in trunk/Source/JavaScriptCore

Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGOperations.cpp:
  • runtime/RegExp.cpp:

(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.

  • runtime/RegExp.h:
  • runtime/RegExpInlines.h: Added.

(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.

  • runtime/RegExpMatchesArray.h:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.

  • runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):

  • runtime/RegExpObjectInlines.h: Added.

(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

1:02 PM Changeset in webkit [197795] by andersca@apple.com
  • 12 edits in trunk/Source/WebKit2

Ignore deprecation warnings.

  • Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::stopNSAppRunLoop):

  • Shared/mac/WebEventFactory.mm:

(WebKit::mouseButtonForEvent):
(WebKit::mouseEventTypeForEvent):
(WebKit::clickCountForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::textFromEvent):
(WebKit::unmodifiedTextFromEvent):
(WebKit::isKeypadEvent):
(WebKit::isKeyUpEvent):
(WebKit::modifiersForEvent):
(WebKit::WebEventFactory::createWebKeyboardEvent):

  • UIProcess/API/Cocoa/WKNavigationAction.mm:

(toNSEventModifierFlags):

  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::becomeFirstResponder):
(WebKit::WebViewImpl::updateContentInsetsIfAutomatic):
(WebKit::WebViewImpl::viewDidMoveToWindow):
(WebKit::WebViewImpl::postFakeMouseMovedEventForFlagsChangedEvent):
(WebKit::WebViewImpl::createFullScreenWindow):
(WebKit::WebViewImpl::sendToolTipMouseExited):
(WebKit::WebViewImpl::sendToolTipMouseEntered):
(WebKit::applicationFlagsForDrag):
(WebKit::WebViewImpl::setLastMouseDownEvent):
(WebKit::WebViewImpl::doneWithKeyEvent):
(WebKit::WebViewImpl::collectKeyboardLayoutCommandsForEvent):
(WebKit::WebViewImpl::performKeyEquivalent):

  • UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::PluginProcessProxy::beginModal):

  • UIProcess/mac/WebContextMenuProxyMac.mm:

(WebKit::WebContextMenuProxyMac::showContextMenu):

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCanAttach):

  • UIProcess/mac/WebPopupMenuProxyMac.mm:

(WebKit::WebPopupMenuProxyMac::populate):
(WebKit::WebPopupMenuProxyMac::showPopupMenu):

  • WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::modifierFlagsFromWebEvent):
(WebKit::getEventTypeFromWebEvent):

  • WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:

(WebKit::cssAlignmentValueForNSTextAlignment):

  • WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::convertImageToBitmap):

12:57 PM Changeset in webkit [197794] by mark.lam@apple.com
  • 28 edits
    2 deletes in trunk/Source

synthesizePrototype() and friends need to be followed by exception checks (or equivalent).
https://bugs.webkit.org/show_bug.cgi?id=155169

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

With the exception checks, we may end up throwing new exceptions over an existing
one that has been thrown but not handled yet, thereby obscuring it. It may also
mean that the VM will continue running on potentially unstable state, which may
have undesirable consequences.

I first observed this in some failed assertion while running tests on a patch for
https://bugs.webkit.org/show_bug.cgi?id=154865.

Performance is neutral with this patch (tested on x86_64).

  1. Deleted JSNotAnObject, and removed all uses of it.
  1. Added exception checks, when needed, following calls to synthesizePrototype() and JSValue::toObject().

The cases that do not need an exception check are the ones that already ensures
that JSValue::toObject() is only called on a value that is convertible to an
object. In those cases, I added an assertion that no exception was thrown
after the call.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • inspector/ScriptCallStackFactory.cpp:

(Inspector::createScriptCallStackFromException):

  • interpreter/Interpreter.cpp:
  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/ExceptionHelpers.cpp:
  • runtime/JSCJSValue.cpp:

(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):

  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::getPropertySlot):
(JSC::JSValue::get):

  • runtime/JSFunction.cpp:
  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):

  • runtime/JSNotAnObject.cpp: Removed.
  • runtime/JSNotAnObject.h: Removed.
  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):

  • runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncToString):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

Source/WebCore:

No new tests because this issue is covered by existing tests when the fix for
https://bugs.webkit.org/show_bug.cgi?id=154865 lands. That patch is waiting for
this patch to land first so as to not introduce test failures.

  • Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::installReplacement):

  • bindings/js/JSDeviceMotionEventCustom.cpp:

(WebCore::readAccelerationArgument):
(WebCore::readRotationRateArgument):

  • bindings/js/JSGeolocationCustom.cpp:

(WebCore::createPositionOptions):

  • bindings/js/JSHTMLCanvasElementCustom.cpp:

(WebCore::get3DContextAttributes):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition):

  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::construct):

  • contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getTypeFlags):

  • html/HTMLMediaElement.cpp:

(WebCore::setPageScaleFactorProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

  • html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

12:53 PM Changeset in webkit [197793] by oliver@apple.com
  • 21 edits
    1 add in trunk

Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

  • Configurations/FeatureDefines.xcconfig:
  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::LinkBuffer):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):

  • jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

  • runtime/Options.cpp:

(JSC::recomputeDependentOptions):

  • runtime/Options.h:

Source/WebCore:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

  • wtf/FeatureDefines.h:
  • wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

  • Scripts/run-jsc-benchmarks:
12:35 PM Changeset in webkit [197792] by commit-queue@webkit.org
  • 9 edits
    2 deletes in trunk

Unreviewed, rolling out r197766.
https://bugs.webkit.org/show_bug.cgi?id=155183

Has platform-specific code in non-platform files (Requested by
smfr on #webkit).

Reverted changeset:

"AX: Force allow user zoom"
https://bugs.webkit.org/show_bug.cgi?id=155056
http://trac.webkit.org/changeset/197766

12:26 PM Changeset in webkit [197791] by andersca@apple.com
  • 18 edits in trunk/Source/WebKit/mac

Ignore deprecation warnings.

  • Misc/WebNSEventExtras.m:

(-[NSEvent _web_isKeyEvent:]):
(-[NSEvent _web_isOptionTabKeyEvent]):

  • Misc/WebNSViewExtras.m:

(-[NSView _web_dragShouldBeginFromMouseDown:withExpiration:xHysteresis:yHysteresis:]):

  • Plugins/Hosted/NetscapePluginHostProxy.mm:

(WebKit::NetscapePluginHostProxy::beginModal):

  • Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::syntheticKeyDownWithCommandModifier):

  • Plugins/Hosted/WebHostedNetscapePluginView.mm:

(-[WebHostedNetscapePluginView drawRect:]):

  • Plugins/WebNetscapePluginEventHandlerCocoa.mm:

(WebNetscapePluginEventHandlerCocoa::syntheticKeyDownWithCommandModifier):

  • WebCoreSupport/PopupMenuMac.mm:

(PopupMenuMac::populate):
(PopupMenuMac::show):

  • WebCoreSupport/WebContextMenuClient.mm:

(WebContextMenuClient::showContextMenu):

  • WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::actionDictionary):

  • WebCoreSupport/WebInspectorClient.mm:

(WebInspectorFrontendClient::canAttach):
(-[WebInspectorWindowController window]):

  • WebInspector/WebNodeHighlight.mm:

(-[WebNodeHighlight initWithTargetView:inspectorController:]):

  • WebView/WebFrameView.mm:

(-[WebFrameView keyDown:keyDown:]):

  • WebView/WebFullScreenController.mm:

(-[WebFullScreenController init]):
(createBackgroundFullscreenWindow):

  • WebView/WebHTMLView.mm:

(-[WebHTMLView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WebHTMLView _setMouseDownEvent:_setMouseDownEvent:]):
(isQuickLookEvent):
(-[WebHTMLView hitTest:]):
(-[WebHTMLView _sendToolTipMouseExited]):
(-[WebHTMLView _sendToolTipMouseEntered]):
(mouseEventIsPartOfClickOrDrag):
(-[WebHTMLView _updateMouseoverWithEvent:]):
(-[WebHTMLView acceptsFirstResponder]):
(-[WebHTMLView viewDidMoveToWindow]):
(currentKeyboardEvent):
(-[WebHTMLView _handleStyleKeyEquivalent:]):
(-[WebHTMLView _interpretKeyEvent:savingCommands:]):

  • WebView/WebPDFView.mm:

(-[WebPDFView hitTest:]):
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
(-[WebPDFView _fakeKeyEventWithFunctionKey:]):

  • WebView/WebTextCompletionController.mm:

(-[WebTextCompletionController _buildUI]):
(-[WebTextCompletionController _placePopupWindow:]):

  • WebView/WebView.mm:

(-[WebView applicationFlags:]):

12:18 PM Changeset in webkit [197790] by Beth Dakin
  • 6 edits in trunk/Source/WebCore

Add an event for when touch force changes
https://bugs.webkit.org/show_bug.cgi?id=155143
-and corresponding-
rdar://problem/24068726

Reviewed by Darin Adler.

We will be able to test this once we fix the iOS touch tests.

This patch adds touchforcechange which is a lot like the iOS equivalent of
webkitmouseforcechanged. We had originally hoped to use touchmove to dispatch
force changes, but that turned out to be a compatibility nightmare.

  • dom/EventNames.h:

(WebCore::EventNames::isTouchEventType):
(WebCore::EventNames::isWheelEventType):
(WebCore::EventNames::touchEventNames):

  • dom/GlobalEventHandlers.idl:
  • html/HTMLAttributeNames.in:
  • html/HTMLElement.cpp:

(WebCore::HTMLElement::createEventHandlerNameMap):

  • platform/PlatformEvent.h:
12:11 PM Changeset in webkit [197789] by andersca@apple.com
  • 15 edits in trunk/Source/WebCore

Ignore deprecation warnings.

  • editing/cocoa/HTMLConverter.mm:

(HTMLConverter::computedAttributesForElement):
(HTMLConverter::_addMarkersToList):

  • page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::keyEvent):
(WebCore::lastEventIsMouseUp):
(WebCore::EventHandler::passSubframeEventToSubframe):
(WebCore::EventHandler::passWheelEventToWidget):
(WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):

  • page/mac/TextIndicatorWindow.mm:

(WebCore::TextIndicatorWindow::setTextIndicator):

  • platform/graphics/mac/IconMac.mm:

(WebCore::Icon::paint):

  • platform/mac/CursorMac.mm:

(WebCore::createCustomCursor):

  • platform/mac/DragImageMac.mm:

(WebCore::dissolveDragImageToFraction):
(WebCore::createDragImageFromImage):

  • platform/mac/EventLoopMac.mm:

(WebCore::EventLoop::cycle):

  • platform/mac/PasteboardMac.mm:

(WebCore::Pasteboard::setDragImage):

  • platform/mac/PlatformEventFactoryMac.mm:

(WebCore::globalPointForEvent):
(WebCore::pointForEvent):
(WebCore::mouseButtonForEvent):
(WebCore::mouseEventTypeForEvent):
(WebCore::clickCountForEvent):
(WebCore::textFromEvent):
(WebCore::unmodifiedTextFromEvent):
(WebCore::keyIdentifierForKeyEvent):
(WebCore::isKeypadEvent):
(WebCore::windowsKeyCodeForKeyEvent):
(WebCore::isKeyUpEvent):
(WebCore::modifiersForEvent):
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder):

  • platform/mac/ScrollbarThemeMac.mm:

(WebCore::scrollbarControlSizeToNSControlSize):

  • platform/mac/ThemeMac.mm:

(-[WebCoreThemeView window]):
(WebCore::controlSizeForFont):
(WebCore::controlSizeFromPixelSize):
(WebCore::setUpButtonCell):
(WebCore::stepperControlSizeForFont):
(WebCore::paintStepper):
(WebCore::ThemeMac::minimumControlSize):

  • platform/mac/WebVideoFullscreenHUDWindowController.mm:

(-[WebVideoFullscreenHUDWindow initWithContentRect:styleMask:backing:defer:]):
(-[WebVideoFullscreenHUDWindow performKeyEquivalent:]):
(-[WebVideoFullscreenHUDWindowController init]):
(-[WebVideoFullscreenHUDWindowController keyDown:]):
(-[WebVideoFullscreenHUDWindowController windowDidLoad]):

  • platform/mac/WebWindowAnimation.mm:

(WebWindowAnimationDurationFromDuration):

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription):
(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::controlSizeForCell):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::paintProgressBar):
(WebCore::RenderThemeMac::popupMenuSize):
(WebCore::RenderThemeMac::sliderThumbHorizontal):
(WebCore::RenderThemeMac::sliderThumbVertical):

11:33 AM Changeset in webkit [197788] by dbates@webkit.org
  • 5 edits in trunk

Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

  • wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -

the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

  • TestWebKitAPI/Test.h:

(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.

  • TestWebKitAPI/Tests/WTF/OptionSet.cpp:

(TestWebKitAPI::TEST):

11:32 AM Changeset in webkit [197787] by adachan@apple.com
  • 5 edits in trunk/Source/WebKit2

Fix lifetime issues regarding WebVideoFullscreenInterfaceMac
https://bugs.webkit.org/show_bug.cgi?id=155130

Reviewed by Beth Dakin.

Now that both fullscreen and video controls manager rely on WebVideoFullscreenInterface,
we now keep track of a "client count" for each context ID so we'll only remove it
from the context map after all the "clients" are done with it.

Before this change, every time WebVideoFullscreenManager::setUpVideoControlsManager()
is called, the existing interface is cleared and a new one is created even when there's
an existing interface for that. With this change, we reuse the existing interface for
the video element.

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::invalidate):
Also clear out m_clientCounts.
(WebKit::WebVideoFullscreenManagerProxy::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManagerProxy::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from both
m_clientCounts and m_contextMap.
(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count.
(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
If the current controls manager set up has the same context ID as the one
passed in, we don't have to do anything. Otherwise, if we have set up
the video controls manager with a different ID before, call removeClientForContext()
on the old ID to decrement its client count. Set m_controlsManagerContextId
to the new value and call addClientForContext() with it.
(WebKit::WebVideoFullscreenManagerProxy::didCleanupFullscreen):
Instead of removing the mapping from m_contextMap directly, reset the fullscreen
mode on the interface and call removeClientForContext(), which removes the mapping
only if there's no more client using the interface.

  • WebProcess/cocoa/WebVideoFullscreenManager.h:
  • WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::~WebVideoFullscreenManager):
Clear m_clientCounts.
(WebKit::WebVideoFullscreenManager::removeContext):
Add a helper method for removing the context.
(WebKit::WebVideoFullscreenManager::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManager::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from
m_clientCounts and call removeContext() to clean up this context.
(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count. Create a layer hosting
context if it's not there.
(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):
If we have set up a context for this video element before, see if it's
the one we are currently managing video controls for. If it is, return early.
Otherwise, call removeClientForContext() on the previous m_controlsManagerContextId
and update m_controlsManagerContextId to the context ID of this video element.
If there's no context created for this video element yet, set one up.
Send a SetUpVideoControlsManagerWithID message to the proxy object in the UI process
so it'll update its controls manager context ID. Also, conditionalize all of this
under PLATFORM(MAC) to be consistent with WebVideoFullscreenManagerProxy.
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen):
Just reset the fullscreen mode on the interface and call removeClientForContext() which
only cleans up the context if there's no more client using it.

11:02 AM Changeset in webkit [197786] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155174

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
10:58 AM Changeset in webkit [197785] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed attempt to fix the 32bit build after r197782.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

10:57 AM Changeset in webkit [197784] by tonikitoo@webkit.org
  • 3 edits
    2 adds in trunk

Scrolling does not work when the mouse down is handled by a node
https://bugs.webkit.org/show_bug.cgi?id=19033

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

When a mouse press/down event happens on a scrollbar area, but event
is default prevented in the document level, for example, event does not get
properly passed to scrollbars, although it should.

Problem started long ago with r17770, and was improved with r19596.
However, years later, the way Scrollbar* is obtained is still currently different
weither event is default prevented or not.

Patch uniforms the logic for both cases, and fixes the bug.

Note: code before used to look like

if (swallowEvent) {

<code>

} else {

<bleh>
<foo>

}

.. and now looks like

if (!swallowEvent)

<bleh>

<code>

if (!swallowEvent)

<foo>

e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

  • page/EventHandler.cpp:

(WebCore::scrollbarForMouseEvent):
(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

  • fast/events/prevent-default-prevents-interaction-with-scrollbars-expected.txt: Added.
  • fast/events/prevent-default-prevents-interaction-with-scrollbars.html: Added.
10:54 AM Changeset in webkit [197783] by Sukolsak Sakshuwong
  • 1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Unreviewed. Move myself to the reviewers list.

  • Scripts/webkitpy/common/config/contributors.json:
10:51 AM Changeset in webkit [197782] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed Windows build fix after r197728.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

10:35 AM Changeset in webkit [197781] by msaboff@apple.com
  • 10 edits
    3 moves
    3 adds in trunk

[ES6] Regular Expression canonicalization tables for Unicode need to be updated to use Unicode CaseFolding.txt
https://bugs.webkit.org/show_bug.cgi?id=155114

Reviewed by Darin Adler.

Source/JavaScriptCore:

Extracted out the Unicode canonicalization table creation from
YarrCanonicalizeUnicode.js into a new Python script, generateYarrCanonicalizeUnicode.
That script generates the Unicode tables as the file YarrCanonicalizeUnicode.cpp in
DerivedSources/JavaScriptCore.

Updated the processing of ignore case to make the ASCII short cuts dependent on whether
or not we are a Unicode pattern.

Renamed yarr/YarrCanonicalizeUnicode.{cpp,js} back to their prior names,
YarrCanonicalizeUCS2.{cpp,js}.
Renamed yarr/YarrCanonicalizeUnicode.h to YarrCanonicalize.h as it declares both the
legacy UCS2 and Unicode tables.

  • CMakeLists.txt:
  • DerivedSources.make:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • generateYarrCanonicalizeUnicode: Added.
  • ucd: Added.
  • ucd/CaseFolding.txt: Added. The current verion, 8.0, of the Unicode CaseFolding table.
  • yarr/YarrCanonicalizeUCS2.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.cpp.
  • yarr/YarrCanonicalize.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.h.
  • yarr/YarrCanonicalizeUCS2.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.js.

(printHeader):

  • yarr/YarrCanonicalizeUnicode.cpp: Removed.
  • yarr/YarrCanonicalizeUnicode.h: Removed.
  • yarr/YarrCanonicalizeUnicode.js: Removed.
  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::tryConsumeBackReference):

  • yarr/YarrJIT.cpp:
  • yarr/YarrPattern.cpp:

(JSC::Yarr::CharacterClassConstructor::putChar):

LayoutTests:

Updated test cases.

  • js/regexp-unicode-expected.txt:
  • js/script-tests/regexp-unicode.js:
10:19 AM Changeset in webkit [197780] by Ryan Haddad
  • 3 edits
    2 deletes in trunk

Unreviewed, rolling out r197765.
https://bugs.webkit.org/show_bug.cgi?id=155172

The test added with this change is failing on all platforms.
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"ImageDocuments leak their world."
https://bugs.webkit.org/show_bug.cgi?id=155167
http://trac.webkit.org/changeset/197765

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

10:11 AM Changeset in webkit [197779] by Antti Koivisto
  • 21 edits in trunk/Source/WebCore

Make Element const in ElementRuleCollector
https://bugs.webkit.org/show_bug.cgi?id=155170

Reviewed by Andreas Kling.

More const.

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ElementRuleCollector):
(WebCore::ElementRuleCollector::matchAllRules):

  • css/ElementRuleCollector.h:
  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne):
(WebCore::SelectorChecker::matchesFocusPseudoClass):

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
(WebCore::SelectorCompiler::elementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::elementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::isPlaceholderShown):

  • cssjit/SelectorCompiler.h:
  • dom/StyledElement.h:

(WebCore::StyledElement::additionalPresentationAttributeStyle):
(WebCore::StyledElement::inlineStyle):
(WebCore::StyledElement::collectStyleForPresentationAttribute):
(WebCore::StyledElement::invalidateStyleAttribute):
(WebCore::StyledElement::presentationAttributeStyle):

  • html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::parseAttribute):
(WebCore::HTMLTableCellElement::additionalPresentationAttributeStyle):

  • html/HTMLTableCellElement.h:
  • html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::additionalPresentationAttributeStyle):

  • html/HTMLTableColElement.h:
  • html/HTMLTableElement.cpp:

(WebCore::leakBorderStyle):
(WebCore::HTMLTableElement::additionalPresentationAttributeStyle):

  • html/HTMLTableElement.h:
  • html/HTMLTableSectionElement.cpp:

(WebCore::HTMLTableSectionElement::create):
(WebCore::HTMLTableSectionElement::additionalPresentationAttributeStyle):

  • html/HTMLTableSectionElement.h:
  • inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::didUnregisterNamedFlowContentElement):
(WebCore::InspectorCSSAgent::forcePseudoState):

  • inspector/InspectorCSSAgent.h:
  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::pushNodePathToFrontend):
(WebCore::InspectorDOMAgent::boundNodeId):
(WebCore::InspectorDOMAgent::backendNodeIdForNode):

  • inspector/InspectorDOMAgent.h:
  • inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::handleMousePressImpl):
(WebCore::InspectorInstrumentation::forcePseudoStateImpl):

  • inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::handleMousePress):
(WebCore::InspectorInstrumentation::forcePseudoState):

10:09 AM Changeset in webkit [197778] by youenn.fablet@crf.canon.fr
  • 5 edits
    1 copy in trunk/Source/WebCore

[Fetch API] Commonalize handling of FetchBody by FetchRequest and FetchResponse
https://bugs.webkit.org/show_bug.cgi?id=154959

Reviewed by Darin Adler.

Introducing FetchBodyOwner class as base class of FetchRequest and FetchResponse.
This class is an ActiveDOMObject and is responsible of handling the Body API implemented by Request and Response.

Covered by existing tests.

  • Modules/fetch/FetchBodyOwner.h: Added.

(WebCore::FetchBodyOwner::isDisturbed):
(WebCore::FetchBodyOwner::arrayBuffer):
(WebCore::FetchBodyOwner::formData):
(WebCore::FetchBodyOwner::blob):
(WebCore::FetchBodyOwner::json):
(WebCore::FetchBodyOwner::text):
(WebCore::FetchBodyOwner::body):
(WebCore::FetchBodyOwner::FetchBodyOwner):

  • Modules/fetch/FetchRequest.h:

(WebCore::FetchRequest::FetchRequest):

  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::FetchResponse):

  • Modules/fetch/FetchResponse.h:
  • WebCore.xcodeproj/project.pbxproj:
10:06 AM Changeset in webkit [197777] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed, fix 32-bit build after r197726.

Also, re-enable static_assert to check the ElementRareData size.

  • dom/ElementRareData.cpp:
10:03 AM Changeset in webkit [197776] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Rebaseline WPT reflection tests for ios-simulator after r197726

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:
9:59 AM Changeset in webkit [197775] by ap@apple.com
  • 2 edits in trunk/Tools

Add debug iOS Simulator bots to the dashboard
https://bugs.webkit.org/show_bug.cgi?id=155157

Reviewed by Darin Adler.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:
9:57 AM Changeset in webkit [197774] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

WeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
<https://webkit.org/b/155154>

Reviewed by Darin Adler.

Reorder the checks in WeakBlock::visit() so we don't look at the mark bits in MarkedBlock
unless the current WeakImpl has a WeakHandleOwner we need to consult.

I was originally hoping to make an optimization that could skip over entire WeakBlocks
if they didn't have a single WeakHandleOwner, but it turns out that scenario is not as
common as I suspected.

  • heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):

9:55 AM Changeset in webkit [197773] by timothy@apple.com
  • 4 edits in trunk/Source/WebKit2

Web Inspector: Add automation protocol methods for navigation

https://bugs.webkit.org/show_bug.cgi?id=155163
rdar://problem/25029054

Reviewed by Darin Adler.

  • UIProcess/Automation/Automation.json:
  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::getBrowsingContexts): Set url.
(WebKit::WebAutomationSession::getBrowsingContext): Added.
(WebKit::WebAutomationSession::navigateBrowsingContext): Added.
(WebKit::WebAutomationSession::goBackInBrowsingContext): Added.
(WebKit::WebAutomationSession::goForwardInBrowsingContext): Added.
(WebKit::WebAutomationSession::reloadBrowsingContext): Added.

  • UIProcess/Automation/WebAutomationSession.h:
9:41 AM Changeset in webkit [197772] by Ryan Haddad
  • 7 edits
    1 delete in trunk/Source/bmalloc

Unreviewed, rolling out r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

This change caused 800+ JSC test failures (Requested by
ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

9:39 AM Changeset in webkit [197771] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Unreviewed test fix after r197721.
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

If a WK1 client turns on the "Resource Load Statistics" debug flag, but
does not supply a data modification handler, we dereference a null function.

  • loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): Check
for nullptr function before invoking it.

9:25 AM Changeset in webkit [197770] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed, temporarily comment out static_assert while I investigate.

It still did not build on some platforms.

  • dom/ElementRareData.cpp:
9:17 AM Changeset in webkit [197769] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed, another build fix after r197726.

  • dom/ElementRareData.cpp:
9:11 AM Changeset in webkit [197768] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed Windows build fix after r197728.

  • platform/MemoryPressureHandler.cpp:
9:06 AM Changeset in webkit [197767] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r197726.

  • dom/ElementRareData.cpp:
8:13 AM Changeset in webkit [197766] by n_wang@apple.com
  • 9 edits
    2 adds in trunk

AX: Force allow user zoom
https://bugs.webkit.org/show_bug.cgi?id=155056

Reviewed by Chris Fleizach.

Source/WebCore:

Override the maximum scale factor when forceAlwaysUserScalable is true.

Test: accessibility/ios-simulator/force-user-scalable.html

  • page/ViewportConfiguration.h:

(WebCore::ViewportConfiguration::maximumScale):

  • testing/Internals.cpp:

(WebCore::Internals::composedTreeAsText):
(WebCore::Internals::setViewportForceAlwaysUserScalable):
(WebCore::Internals::viewportConfigurationMaximumScale):

  • testing/Internals.h:
  • testing/Internals.idl:

Source/WebKit2:

Soft linked libAccessibility library so that we can observe the accessibility
setting change for the force always user scalable feature.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::forceAlwaysUserScalableChangedCallback):
(WebKit::WebPage::create):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::~WebPage):
(WebKit::WebPage::preferencesDidChange):
(WebKit::WebPage::updateForceAlwaysUserScalable):
(WebKit::WebPage::updatePreferences):

  • WebProcess/WebPage/WebPage.h:

LayoutTests:

  • accessibility/ios-simulator/force-user-scalable-expected.txt: Added.
  • accessibility/ios-simulator/force-user-scalable.html: Added.
7:14 AM Changeset in webkit [197765] by akling@apple.com
  • 3 edits
    2 adds in trunk

ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

  • fast/dom/ImageDocument-world-leak-expected.txt: Added.
  • fast/dom/ImageDocument-world-leak.html: Added.
6:59 AM Changeset in webkit [197764] by Antti Koivisto
  • 30 edits
    2 adds in trunk/Source/WebCore

ElementRuleCollector should not mutate document and style
https://bugs.webkit.org/show_bug.cgi?id=155113

Reviewed by Andreas Kling.

Move applying of style relations out of ElementRuleCollector and StyleResolver.
This gets us closer to making StyleResolver const for Element.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ElementRuleCollector):

No need for style parameter anymore.

(WebCore::ElementRuleCollector::collectMatchingRules):
(WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
(WebCore::ElementRuleCollector::ruleMatches):

Client will now do the style and element mutations. Just collect the data here.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):
(WebCore::ElementRuleCollector::commitStyleRelations): Deleted.

Moves to StyleRelations.cpp

  • css/ElementRuleCollector.h:

(WebCore::ElementRuleCollector::hasMatchedRules):
(WebCore::ElementRuleCollector::matchedPseudoElementIds):
(WebCore::ElementRuleCollector::styleRelations):
(WebCore::ElementRuleCollector::didMatchUncommonAttributeSelector):

  • css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::prepareEvaluator):
(WebCore::MediaQueryMatcher::evaluate):

  • css/SelectorChecker.cpp:

(WebCore::addStyleRelation):
(WebCore::isFirstChildElement):
(WebCore::isFirstOfType):
(WebCore::countElementsBefore):
(WebCore::countElementsOfTypeBefore):
(WebCore::SelectorChecker::matchRecursively):
(WebCore::SelectorChecker::checkOne):

  • css/SelectorChecker.h:

(WebCore::SelectorChecker::CheckingContext::CheckingContext):

  • css/StyleMedia.cpp:

(WebCore::StyleMedia::matchMedium):

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::StyleResolver):
(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):

Apply the style relations affecting current style immediately.
Pass the rest to the client.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::pseudoStyleRulesForElement):

  • css/StyleResolver.h:

(WebCore::ElementStyle::ElementStyle):

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelation):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorCheckerExcludingPseudoElements):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsEmpty):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChildOf):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):

  • dom/Document.cpp:

(WebCore::Document::styleForElementIgnoringPendingStylesheets):

Apply style relations.

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

  • dom/Element.cpp:

(WebCore::Element::styleResolver):
(WebCore::Element::resolveStyle):
(WebCore::Element::didDetachRenderers):
(WebCore::Element::resolveCustomStyle):

Return ElementStyle (which contains style relations along with the render style).
Rename for consistency.

(WebCore::Element::cloneAttributesFromElement):
(WebCore::Element::customStyleForRenderer): Deleted.

  • dom/Element.h:

(WebCore::Element::isVisibleInViewportChanged):

  • dom/PseudoElement.cpp:

(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::resolveCustomStyle):
(WebCore::PseudoElement::didAttachRenderers):
(WebCore::PseudoElement::customStyleForRenderer): Deleted.

  • dom/PseudoElement.h:
  • html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::computedTextWithDirection):

  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::hostInput):
(WebCore::SliderThumbElement::resolveCustomStyle):
(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::createElementRenderer):
(WebCore::SliderContainerElement::resolveCustomStyle):
(WebCore::SliderContainerElement::shadowPseudoId):
(WebCore::SliderThumbElement::customStyleForRenderer): Deleted.
(WebCore::SliderContainerElement::customStyleForRenderer): Deleted.

  • html/shadow/SliderThumbElement.h:
  • html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::resolveCustomStyle):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):
(WebCore::TextControlInnerElement::customStyleForRenderer): Deleted.
(WebCore::TextControlInnerTextElement::customStyleForRenderer): Deleted.
(WebCore::TextControlPlaceholderElement::customStyleForRenderer): Deleted.

  • html/shadow/TextControlInnerElements.h:
  • rendering/RenderElement.cpp:

(WebCore::RenderElement::getUncachedPseudoStyle):

  • rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::computeStyleInRegion):
(WebCore::RenderNamedFlowFragment::computeChildrenStyleInRegion):

  • style/StyleRelations.cpp: Added.

(WebCore::Style::commitRelationsToRenderStyle):

Commit relations affecting style that is being computed.

(WebCore::Style::commitRelationsToDocument):

Commit relations that mutate document.

  • style/StyleRelations.h: Added.

Factor style relation data structures and functions to a file of their own.

(WebCore::Style::Relation::Relation):

  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):

  • style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):

Apply style relations.

  • style/StyleTreeResolver.h:
  • svg/SVGElement.cpp:

(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::resolveCustomStyle):
(WebCore::SVGElement::customStyleForRenderer): Deleted.

  • svg/SVGElement.h:
  • svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

6:50 AM Changeset in webkit [197763] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197546 - [JSC] Add support for MADD, MSUB and MNEG to Air
https://bugs.webkit.org/show_bug.cgi?id=154997

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-03
Reviewed by Filip Pizlo.

ARM64 can do an Add/Sub in the Multiply units.
LLVM was doing so but we lost that when switching to B3.

This patch adds those instructions in Air.

There are more ALUs than multiply units, thus we are more
likely to successfully schedule a Multiply+Add than 2 Multiply.
I am conservative and only emit a multiply-add if the value
can be interned. As far as I can tell from what is generated
by LLVM, that backend had the same rule.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::multiplyAdd32):
(JSC::MacroAssemblerARM64::multiplySub32):
(JSC::MacroAssemblerARM64::multiplyNeg32):
(JSC::MacroAssemblerARM64::multiplyAdd64):
(JSC::MacroAssemblerARM64::multiplySub64):
(JSC::MacroAssemblerARM64::multiplyNeg64):

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testMulAddArgsLeft):
(JSC::B3::testMulAddArgsRight):
(JSC::B3::testMulAddArgsLeft32):
(JSC::B3::testMulAddArgsRight32):
(JSC::B3::testMulSubArgsLeft):
(JSC::B3::testMulSubArgsRight):
(JSC::B3::testMulSubArgsLeft32):
(JSC::B3::testMulSubArgsRight32):
(JSC::B3::testMulNegArgs):
(JSC::B3::testMulNegArgs32):
(JSC::B3::run):

6:28 AM Changeset in webkit [197762] by Carlos Garcia Campos
  • 16 edits
    2 copies
    2 adds in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r197545 - Unreviewed, rolling in r197174.
https://bugs.webkit.org/show_bug.cgi?id=154762

The right calculation for alignment is actually:

vmAlignment - getpagesize() + vmSize

instead of:

vmAlignment - vmPageSize + vmSize

The vmPageSize might be larger than getpagesize().

Restored changeset:

"bmalloc: Added a fast XLarge allocator"
https://bugs.webkit.org/show_bug.cgi?id=154720
http://trac.webkit.org/changeset/197174

6:23 AM Changeset in webkit [197761] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197542 - Octane/regexp's Exec function should benefit from array length accessor inlining
https://bugs.webkit.org/show_bug.cgi?id=154994

Reviewed by Benjamin Poulain.

It does:

var thingy = blahbitty.blah;
if (thingy)

foo = thingy.length;

So, 'thingy' is SpecArray | SpecOther, which prevents the array length accessor inlining from
kicking in. Our strategy for this elsewhere in the DFG is to allow a one-time speculation that
we won't see SpecOther, since *usually* we see SpecOther mixed with other stuff in cases like
this where there is some null check guarding the code.

This gives another slight speed-up on Octane/regexp.

  • bytecode/SpeculatedType.h:

(JSC::isCellSpeculation):
(JSC::isCellOrOtherSpeculation):
(JSC::isNotCellSpeculation):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateCell):
(JSC::DFG::Node::shouldSpeculateCellOrOther):
(JSC::DFG::Node::shouldSpeculateNotCell):

5:57 AM Changeset in webkit [197760] by Carlos Garcia Campos
  • 8 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197520 - DFG should be able to compile StringReplace
https://bugs.webkit.org/show_bug.cgi?id=154979

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Adds support for StringReplace to the DFG tier. This is a 3% speed-up on Octane/regexp.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITOperations.h:

LayoutTests:

Add a microbenchmark for a case of StringReplace that we hadn't covered with a microbenchmark
yet: using something absurd for the replace value. This is interesting for implementing the
32_64 version of StringReplace, which gets really weird in the absurd case because of how it
consumes the entire register file while making the call on x86-32.

  • js/regress/script-tests/string-replace-generic.js: Added.
  • js/regress/string-replace-generic-expected.txt: Added.
  • js/regress/string-replace-generic.html: Added.
5:35 AM Changeset in webkit [197759] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197506 - [TextureMapper] Use RGBA format for textures attached to framebuffers
https://bugs.webkit.org/show_bug.cgi?id=154965

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-03
Reviewed by Žan Doberšek.

Use RGBA format when allocating textures that will be used as framebuffer
attachments. This means adding a new flag to BitmapTexture and modifying
BitmapTextureGL to use the appropriate format according to the flag. Also,
BitmapTexturePool needs to use two vectors to handle both types of textures
separately, as we want to avoid constantly switching the format of a reused
texture.

No new tests since the behavior change is covered by existing tests.

  • platform/graphics/texmap/BitmapTexture.h: Add new flag.
  • platform/graphics/texmap/BitmapTextureGL.cpp:

(WebCore::BitmapTextureGL::BitmapTextureGL): Receive flags on constructor and use RGBA
when the FBOAttachment flag is enabled.
(WebCore::BitmapTextureGL::applyFilters): Use FBOAttachemt flag to request a texture.

  • platform/graphics/texmap/BitmapTextureGL.h: Add flags to the constructor.
  • platform/graphics/texmap/BitmapTexturePool.cpp: Add a new vector of textures to hold

those in RGBA format.
(WebCore::BitmapTexturePool::acquireTexture): Return a texture for the usage specified
in the incoming flags.
(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired): Release textures from
both vectors.
(WebCore::BitmapTexturePool::createTexture): Pass the usage flag when creating a new
texture.

  • platform/graphics/texmap/BitmapTexturePool.h: Add new texture vector and add flags to

the needed headers.

  • platform/graphics/texmap/TextureMapper.cpp:

(WebCore::TextureMapper::acquireTextureFromPool): Pass the received flags to the BitmapTexturePool.

  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::paintIntoSurface): Use FBOAttachemt flag to request a texture.

5:31 AM Changeset in webkit [197758] by Carlos Garcia Campos
  • 7 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197492 - RegExpExec/RegExpTest should not unconditionally speculate cell
https://bugs.webkit.org/show_bug.cgi?id=154901

Reviewed by Benjamin Poulain.

This is a three part change. It all started with a simple goal: end the rage-recompiles in
Octane/regexp by enabling the DFG and FTL to do untyped RegExpExec/RegExpTest. This keeps us
in the optimized code when you do a regexp match on a number, for example.

While implementing this, I realized that DFGOperations.cpp was bad at exception checking. When
it did check for exceptions, it used exec->hadException() instead of vm.exception(). So I
fixed that. I also made sure that the regexp operations checked for exception after doing
toString().

Unfortunately, the introduction of untyped RegExpExec/RegExpTest caused a regression on
Octane/regexp. This was because we were simultaneously scheduling replacement and OSR compiles
of some large functions with the FTL JIT. The OSR compiles were not useful. This was a
regression from the previous changes to make OSR compiles happen sooner. The problem is that
this change also removed the throttling of OSR compiles even in those cases where we suspect
that replacement is more likely. This patch reintroduces that throttling, but only in the
replacement path.

This change ends up being neutral overall.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

  • tests/stress/regexp-exec-effect-after-exception.js: Added.
5:23 AM Changeset in webkit [197757] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197491 - [JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
https://bugs.webkit.org/show_bug.cgi?id=154947

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

This bug was discovered while testing https://bugs.webkit.org/show_bug.cgi?id=154894.

The problem was that JSCell_freeListNext and JSCell_structureID were
considered as disjoint. When reordering instructions, the scheduler
could move the write of the StructureID first to reduce dependencies.
This would erase half of JSCell_freeListNext before we get a chance
to load the value.

This patch changes the hierarchy to make sure nothing is written
until JSCell_freeListNext is processed.

All credits for this patch go to Filip.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):

  • ftl/FTLAbstractHeapRepository.h:
4:57 AM Changeset in webkit [197756] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197490 - [JSC] Improve Select of Doubles based on Double condition
https://bugs.webkit.org/show_bug.cgi?id=154572

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

Octane has a bunch of Select on Double based on comparing Doubles.
A few nodes generate that: ValueRep, Min, Max, etc.

On ARM64, we can improve our code a lot. ARM can do a select
based on flags with the FCSEL instruction.

On x86, this patch adds aggressive aliasing for moveDoubleConditionallyXXX.
This has obviously a much more limited impact.

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::moveDoubleConditionally32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionally64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyDouble): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyFloat): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveDoubleConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyFloat):
(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally64):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest64):
(JSC::MacroAssemblerARM64::branch64):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyFloat):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::moveDoubleConditionally64):
(JSC::MacroAssemblerX86_64::moveDoubleConditionallyTest64):

  • b3/air/AirInstInlines.h:

(JSC::B3::Air::Inst::shouldTryAliasingDef):

  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testSelectCompareFloat):
(JSC::B3::testSelectCompareFloatToDouble):
(JSC::B3::testSelectDoubleCompareDouble):
(JSC::B3::testSelectDoubleCompareDoubleWithAliasing):
(JSC::B3::testSelectFloatCompareFloat):
(JSC::B3::testSelectFloatCompareFloatWithAliasing):
(JSC::B3::run):

4:21 AM Changeset in webkit [197755] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197486 - Paint table borders on empty cells even in quirks mode.
https://bugs.webkit.org/show_bug.cgi?id=154928

Reviewed by David Hyatt.

Enable border painting for empty cells unless 'empty-cells: hide' is set.
This is inline with FF and Chrome behaviour.

Source/WebCore:

Test: fast/table/border-on-empty-table-cells-quirks-mode.html

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::paintBoxDecorations):

LayoutTests:

  • fast/table/border-on-empty-table-cells-quirks-mode-expected.html: Added.
  • fast/table/border-on-empty-table-cells-quirks-mode.html: Added.
4:07 AM Changeset in webkit [197754] by alex
  • 4 edits in trunk

Unreviewed EFL build fix after r197752.

Tools:

  • Scripts/webkitperl/FeatureList.pm: Avoid MEDIA_STREAM

compilation by default until EFL bumps gstreamer to 1.6.

LayoutTests:

  • platform/efl/TestExpectations: Avoid running the mediastream

tests until the support is implemented and compiled by default.

2:58 AM Changeset in webkit [197753] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

One more unreviewed speculative buildfix after r197728.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):

2:36 AM Changeset in webkit [197752] by alex
  • 7 edits
    1 delete in trunk

[GTK] [EFL] Avoid running mediastream tests by default until we compile by default
https://bugs.webkit.org/show_bug.cgi?id=153540

Reviewed by Philippe Normand.

After bumping gstreamer to 1.6.3 in r196804 we can enable again
Tools:

compilation of mediastream and running the tests.

  • Scripts/run-gtk-tests:

(TestRunner): Enable again the UserMedia API test.

  • Scripts/webkitperl/FeatureList.pm: Enable the compilation of the

mediastream by default.

  • gtk/jhbuild-webrtc.modules: Removed the specific jhbuild modules

file.

  • gtk/jhbuild.modules: Bumped the openwebrtc version to the one we

are currently using.

LayoutTests:

compilation of mediastream and running the tests. We have updated
the expectations accordingly.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
2:11 AM Changeset in webkit [197751] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197485 - RegExpPrototype should check for exceptions after calling toString and doing so should not be expensive
https://bugs.webkit.org/show_bug.cgi?id=154927

Reviewed by Saam Barati.

While working on regexp optimizations, I found that RegExpPrototype calls toString(), an
effectful operation that could do anything, without then checking for hadException().

So I added a call to hadException().

But that regressed Octane/regexp by 5%! That's a lot! It turns out that
exec->hadException() is soooper slow. So, I made it cheaper to check for exceptions from
toString(): there is now a variant called toStringFast() that returns null iff it throws an
exception.

This allowed me to add the exception check without regressing perf.

Note that toString() must retain its old behavior of returning an empty string on exception.
There is just too much code that relies on that behavior.

  • runtime/JSCJSValue.cpp:

(JSC::JSValue::isValidCallee):
(JSC::JSValue::toStringSlowCase):
(JSC::JSValue::toWTFStringSlowCase):

  • runtime/JSCJSValue.h:

(JSC::JSValue::asValue):

  • runtime/JSString.h:

(JSC::JSValue::toString):
(JSC::JSValue::toStringFast):
(JSC::JSValue::toWTFString):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTest):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncCompile):

1:48 AM Changeset in webkit [197750] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

Unreviewed speculative buildfix after r197728.

  • WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):

1:47 AM Changeset in webkit [197749] by Carlos Garcia Campos
  • 14 edits
    6 adds in releases/WebKitGTK/webkit-2.12

Merge r197474 - Modern IDB: Close UniqueIDBDatabases once they become unused.
https://bugs.webkit.org/show_bug.cgi?id=154922

Reviewed by Alex Christensen.

Source/WebCore:

Tests: storage/indexeddb/modern/256-open-databases.html

storage/indexeddb/modern/exceed-open-file-limit.html

Without this change, attempts to open a 256th database in the DatabaseProcess will fail on Mac.

Due to SQLite journal files, this limit could come up as early as 128 databases if they are all
in active use.

This is because launchd - by default - limits xpc services to having 256 open file handles by default.

While we should explore raising the limit, we should also close databases we no longer need.

  • Modules/indexeddb/server/IDBBackingStore.h:
  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase):
(WebCore::IDBServer::IDBServer::deleteUniqueIDBDatabase): Deleted.

  • Modules/indexeddb/server/IDBServer.h:
  • Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::MemoryBackingStoreTransaction):

  • Modules/indexeddb/server/MemoryIDBBackingStore.cpp:

(WebCore::IDBServer::MemoryIDBBackingStore::getOrEstablishDatabaseInfo):

  • Modules/indexeddb/server/MemoryIDBBackingStore.h:
  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.h:
  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): Handle the case where opening

the backing store failed by firing an error event instead of pretending everything is okay.

(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::isCurrentlyInUse):
(WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired): If the database is not

currently in use, close it.

(WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

(WebCore::IDBServer::UniqueIDBDatabase::deletePending): Deleted.

  • Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:

(WebCore::IDBObjectStoreInfo::isolatedCopy): Actually get this right.

LayoutTests:

  • platform/mac-wk1/TestExpectations:
  • storage/indexeddb/modern/256-open-databases-expected.txt: Added.
  • storage/indexeddb/modern/256-open-databases.html: Added.
  • storage/indexeddb/modern/exceed-open-file-limit-expected.txt: Added.
  • storage/indexeddb/modern/exceed-open-file-limit.html: Added.
  • storage/indexeddb/modern/resources/256-open-databases.js: Added.
  • storage/indexeddb/modern/resources/exceed-open-file-limit.js: Added.
1:46 AM Changeset in webkit [197748] by youenn.fablet@crf.canon.fr
  • 11 edits
    63 adds in trunk

[Fetch API] Implement fetch skeleton
https://bugs.webkit.org/show_bug.cgi?id=155111

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Importing basic fetch api tests.

  • resources/ImportExpectations: Activating fetch/api/basic import.
  • web-platform-tests/fetch/api/basic/accept-header-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/accept-header-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/accept-header-worker.html: Added.
  • web-platform-tests/fetch/api/basic/accept-header.html: Added.
  • web-platform-tests/fetch/api/basic/accept-header.js: Added.

(promise_test):

  • web-platform-tests/fetch/api/basic/integrity-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/integrity-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/integrity-worker.html: Added.
  • web-platform-tests/fetch/api/basic/integrity.html: Added.
  • web-platform-tests/fetch/api/basic/integrity.js: Added.

(integrity):

  • web-platform-tests/fetch/api/basic/mode-no-cors-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/mode-no-cors-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/mode-no-cors-worker.html: Added.
  • web-platform-tests/fetch/api/basic/mode-no-cors.html: Added.
  • web-platform-tests/fetch/api/basic/mode-no-cors.js: Added.

(fetchNoCors):

  • web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/mode-same-origin-worker.html: Added.
  • web-platform-tests/fetch/api/basic/mode-same-origin.html: Added.
  • web-platform-tests/fetch/api/basic/mode-same-origin.js: Added.

(fetchSameOrigin):

  • web-platform-tests/fetch/api/basic/request-forbidden-headers-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/request-forbidden-headers-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html: Added.
  • web-platform-tests/fetch/api/basic/request-forbidden-headers.html: Added.
  • web-platform-tests/fetch/api/basic/request-forbidden-headers.js: Added.

(requestForbiddenHeaders):

  • web-platform-tests/fetch/api/basic/request-headers-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/request-headers-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/request-headers-worker.html: Added.
  • web-platform-tests/fetch/api/basic/request-headers.html: Added.
  • web-platform-tests/fetch/api/basic/request-headers.js: Added.

(requestHeaders):

  • web-platform-tests/fetch/api/basic/scheme-about-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-about-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-about-worker.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-about.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-about.js: Added.

(checkFetchResponse):
(checkKoUrl):

  • web-platform-tests/fetch/api/basic/scheme-blob-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-blob-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-blob-worker.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-blob.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-blob.js: Added.

(checkFetchResponse):
(checkKoUrl):

  • web-platform-tests/fetch/api/basic/scheme-data-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-data-worker.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-data.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-data.js: Added.

(checkFetchResponse):
(checkKoUrl):

  • web-platform-tests/fetch/api/basic/scheme-others-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-others-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/scheme-others-worker.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-others.html: Added.
  • web-platform-tests/fetch/api/basic/scheme-others.js: Added.

(checkKoUrl):

  • web-platform-tests/fetch/api/basic/stream-response-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/stream-response-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/stream-response-worker.html: Added.
  • web-platform-tests/fetch/api/basic/stream-response.html: Added.
  • web-platform-tests/fetch/api/basic/stream-response.js: Added.

(streamBody):
(promise_test.):
(promise_test):

  • web-platform-tests/fetch/api/basic/w3c-import.log: Added.

Source/WebCore:

Adding skeleton code to call fetch API from normal and worker scopes.
Fetch API implementation is limited to reject the promise.

Updating the binding generator to fix the case of overloaded promise-returning functions.
Made overloaded utility functions "static inline".

Tests: imported/w3c/web-platform-tests/fetch/api/basic/accept-header-worker.html

imported/w3c/web-platform-tests/fetch/api/basic/accept-header.html
imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/integrity.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.html
imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers.html
imported/w3c/web-platform-tests/fetch/api/basic/request-headers-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/request-headers.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-about-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-about.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-others-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-others.html
imported/w3c/web-platform-tests/fetch/api/basic/stream-response-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/stream-response.html

  • CMakeLists.txt:
  • DerivedSources.make:
  • Modules/fetch/DOMWindowFetch.cpp: Added.

(WebCore::DOMWindowFetch::fetch):

  • Modules/fetch/DOMWindowFetch.h: Added.
  • Modules/fetch/DOMWindowFetch.idl: Added.
  • Modules/fetch/WorkerGlobalScopeFetch.cpp: Added.

(WebCore::WorkerGlobalScopeFetch::fetch):

  • Modules/fetch/WorkerGlobalScopeFetch.h: Added.
  • Modules/fetch/WorkerGlobalScopeFetch.idl: Added.
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation): Fixing the case of overloaded promise-returning functions.

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter2):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod11):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod): Deleted.
(WebCore::jsTestObjConstructorFunctionClassMethod2): Deleted.
(WebCore::jsTestObjPrototypeFunctionAny): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise): Deleted.

  • bindings/scripts/test/TestObj.idl:

LayoutTests:

1:44 AM Changeset in webkit [197747] by Carlos Garcia Campos
  • 1 edit
    3 adds in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197465 - Add a benchmark for string transcoding.

Rubber stamped by Saam Barati.

I wrote some code like this while working on
https://github.com/WebAssembly/design/pull/573. I thought I'd add it as a benchmark since
it stresses things that we may not have good bench coverage for.

  • js/regress/script-tests/string-transcoding.js: Added.

(decodeUTF8):
(encodeUTF8):
(arraysEqual):
(arrayToString):
(setHeader):
(print):
(tryArray):
(doSteps):

  • js/regress/string-transcoding-expected.txt: Added.
  • js/regress/string-transcoding.html: Added.
1:36 AM Changeset in webkit [197746] by Carlos Garcia Campos
  • 13 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197462 - Use IndentTextOrNot instead of passing isFirstLine/shouldIndentText as bool.
https://bugs.webkit.org/show_bug.cgi?id=154628

Reviewed by Simon Fraser.

No change in behaviour.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeStartPositionDeltaForChildAvoidingFloats):
(WebCore::RenderBlock::logicalLeftSelectionOffset):
(WebCore::RenderBlock::logicalRightSelectionOffset):

  • rendering/RenderBlock.h:

(WebCore::RenderBlock::availableLogicalWidthForLineInRegion):
(WebCore::RenderBlock::logicalRightOffsetForLineInRegion):
(WebCore::RenderBlock::logicalLeftOffsetForLineInRegion):
(WebCore::RenderBlock::startOffsetForLineInRegion):
(WebCore::RenderBlock::endOffsetForLineInRegion):
(WebCore::RenderBlock::availableLogicalWidthForLine):
(WebCore::RenderBlock::logicalRightOffsetForLine):
(WebCore::RenderBlock::logicalLeftOffsetForLine):
(WebCore::RenderBlock::startOffsetForLine):
(WebCore::RenderBlock::endOffsetForLine):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::getClearDelta):

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::updateLogicalInlinePositions):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
(WebCore::RenderBlockFlow::checkLinesForTextOverflow):
(WebCore::RenderBlockFlow::startAlignedOffsetForLine):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::shrinkLogicalWidthToAvoidFloats):
(WebCore::RenderBox::containingBlockAvailableLineWidthInRegion):

  • rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):

  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::positionListMarker):

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::selectionTop):
(WebCore::RootInlineBox::selectionBottom):

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForWithReason):
(WebCore::SimpleLineLayout::updateLineConstrains):

  • rendering/line/LineBreaker.cpp:

(WebCore::LineBreaker::skipLeadingWhitespace):

  • rendering/line/LineWidth.cpp:

(WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded):
(WebCore::availableWidthAtOffset):

  • rendering/line/LineWidth.h:

(WebCore::LineWidth::shouldIndentText):

1:31 AM Changeset in webkit [197745] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197446 - [JSC] Use a Move without REX byte when possible
https://bugs.webkit.org/show_bug.cgi?id=154801

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Alex Christensen.

Filip wrote an optimization in the register allocator
to use 32bit "Move" when we don't care about the top bytes.

When I moved the commutative ops to the fake 3 operands instruction
I largely destroyed this since all the "Moves" became full register.

In this patch, I switch back to 32bit "Moves" for 32bit operations.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::and32):
(JSC::MacroAssemblerX86Common::lshift32):
(JSC::MacroAssemblerX86Common::mul32):
(JSC::MacroAssemblerX86Common::or32):
(JSC::MacroAssemblerX86Common::rshift32):
(JSC::MacroAssemblerX86Common::urshift32):
(JSC::MacroAssemblerX86Common::xor32):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
(JSC::MacroAssemblerX86Common::move32IfNeeded):

1:10 AM Changeset in webkit [197744] by youenn.fablet@crf.canon.fr
  • 7 edits in trunk/Source/WebCore

[Fetch API] Make FetchRequest and FetchResponse ActiveDOMObject
https://bugs.webkit.org/show_bug.cgi?id=154729

Reviewed by Darin Adler.

Covered by existing tests.

Making FetchRequest and FetchResponse ActiveDOMObject.
Both objects can always be suspended now.
This might be updated when blob conversion is added or when fetching data to fill in FetchResponse.

  • Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):
(WebCore::FetchRequest::activeDOMObjectName):
(WebCore::FetchRequest::canSuspendForDocumentSuspension):

  • Modules/fetch/FetchRequest.h:

(WebCore::FetchRequest::FetchRequest):

  • Modules/fetch/FetchRequest.idl:
  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::FetchResponse):
(WebCore::FetchResponse::clone):
(WebCore::FetchResponse::activeDOMObjectName):
(WebCore::FetchResponse::canSuspendForDocumentSuspension):

  • Modules/fetch/FetchResponse.h:

(WebCore::FetchResponse::create):

  • Modules/fetch/FetchResponse.idl:
1:08 AM Changeset in webkit [197743] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197445 - [JSC] Simplify ArithMod(ArithMod(x, const1), const2) if const2 >= const1
https://bugs.webkit.org/show_bug.cgi?id=154904

Reviewed by Saam Barati.

The ASM test "ubench" has a "x % 10 % 255".
The second modulo should be eliminated.

This is a 15% improvement on ASMJS' ubench.

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

  • tests/stress/arith-modulo-twice.js: Added.

(opaqueModuloSmaller):
(opaqueModuloEqual):
(opaqueModuloLarger):
(opaqueModuloSmallerNeg):
(opaqueModuloEqualNeg):
(opaqueModuloLargerNeg):
(opaqueExpectedOther):

12:55 AM Changeset in webkit [197742] by timothy@apple.com
  • 3 edits in trunk/Source/WebKit2

Web Inspector: Make WebAutomationSession::closeBrowsingContext work as expected

https://bugs.webkit.org/show_bug.cgi?id=155162
rdar://problem/25027191

Reviewed by Brian Burg.

  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::closeBrowsingContext):
Call closePage, the same method ultimately used by window.close().

  • UIProcess/WebPageProxy.h: Make closePage public.
12:49 AM Changeset in webkit [197741] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197438 - Simplify some StringBuilder appends
https://bugs.webkit.org/show_bug.cgi?id=154902

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-01
Reviewed by Mark Lam.

  • runtime/ExceptionHelpers.cpp:

(JSC::notAFunctionSourceAppender):

  • runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::stackTracesAsJSON):
Use StringBuilder::append(char) instead of append(char*) where possible.

12:46 AM Changeset in webkit [197740] by Carlos Garcia Campos
  • 1 edit
    3 adds in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197417 - FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

Really add this new test.

  • js/regress/script-tests/string-replace-empty.js: Added.
  • js/regress/string-replace-empty-expected.txt: Added.
  • js/regress/string-replace-empty.html: Added.
12:38 AM Changeset in webkit [197739] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r197416 - FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

This is a simple and hugely profitable change. If we do a string.replace(/things/, ""), then
this calls directly into StringPrototype's replace-with-empty-string logic instead of going
through stuff that does checks before reaching that same conclusion.

This speeds up Octane/regexp by about 6-10%. It also speeds up the attached microbenchmark by
about 7%.

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):

  • runtime/StringPrototype.cpp:

(JSC::jsSpliceSubstringsWithSeparators):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::operationStringProtoFuncReplaceRegExpString):

  • runtime/StringPrototype.h:
12:20 AM Changeset in webkit [197738] by commit-queue@webkit.org
  • 11 edits
    7 adds in trunk

[SVG2] Implement marker orient='auto-start-reverse'
https://bugs.webkit.org/show_bug.cgi?id=138456

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-03-08
Reviewed by Darin Adler.

Source/WebCore:

https://www.w3.org/TR/SVG2/painting.html#OrientAttribute
marker-start markers must be oriented at 180 degrees to the direction of the path when
the orient attribute of the marker is set to 'auto-start-reverse'.

To acheive this the SVGMarkerData class which calculates the angles for each marker on
a path must know whether the orient type is set to reverse the start marker.

Tests: svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html

svg/animations/animate-marker-orienttype-4.html
svg/custom/marker-auto-start-reverse.html

  • rendering/svg/RenderSVGShape.cpp:

(WebCore::RenderSVGShape::processMarkerPositions):

Create marker data, using animated value of orient to determine
if first marker should be reversed.

  • rendering/svg/SVGMarkerData.h:

(WebCore::SVGMarkerData::SVGMarkerData):

Constructor now requires boolean indicating if start marker is
reversed.

(WebCore::SVGMarkerData::currentAngle):

Take into account whether start marker should be reversed.

  • rendering/svg/SVGResources.cpp:

(WebCore::SVGResources::markerReverseStart):

New function to query whether start marker should be reversed.

  • rendering/svg/SVGResources.h: Add declaration for new function.
  • svg/SVGAnimatedAngle.cpp:

(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):

Support animation including the value auto-start-reverse.

  • svg/SVGMarkerElement.cpp:

(WebCore::SVGMarkerElement::setOrient):

Combine duplicated functionality into one private method

(WebCore::SVGMarkerElement::setOrientToAuto):

Set orient type and angle correctly for orient=auto. Uses setOrient.

(WebCore::SVGMarkerElement::setOrientToAngle):

Set orient type and angle correctly for orient=<angle>. Uses setOrient.

(WebCore::SVGMarkerElement::synchronizeOrientType):

Support auto-start-reverse as a possible case.

  • svg/SVGMarkerElement.h:

(WebCore::SVGIDLEnumLimits<SVGMarkerOrientType>::highestExposedEnumValue):

Limit the orient DOM property so that the new enum value
required for auto-start-reverse is not exposed.

(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::highestEnumValue):

Support auto-start-reverse.

(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::fromString):

Support auto-start-reverse.

LayoutTests:

  • svg/animations/animate-marker-orient-from-angle-to-autostartreverse-expected.txt: Added.
  • svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html: Added.
  • svg/animations/animate-marker-orienttype-4-expected.html: Added.
  • svg/animations/animate-marker-orienttype-4.html: Added. Verify output after animation has run - ensure animation reflected in visual result.
  • svg/animations/script-tests/animate-marker-orient-from-angle-to-autostartreverse.js: Added. Test DOM values at various snap-shot times throughout the animation.

(sample1):
(sample2):
(sample3):
(executeTest):

  • svg/custom/marker-auto-start-reverse-expected.html: Added.
  • svg/custom/marker-auto-start-reverse.html: Added. Verify static result - start marker is oriented at 180 degrees to direction of path.
  • svg/dom/SVGAnimatedEnumeration-SVGMarkerElement-expected.txt:
  • svg/dom/script-tests/SVGAnimatedEnumeration-SVGMarkerElement.js: Check attributes are treated as case sensitive. Check UNKNOWN is returned for enum value when auto-start-reverse set.
12:16 AM Changeset in webkit [197737] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197415 - Timer alignment in separate web processes should not all sync up to the same point.
https://bugs.webkit.org/show_bug.cgi?id=154878

Reviewed by Chris Dumez.

For any given WebContent process it is desirable that timers are synchronized to a single
alignment point, but if all WebContent processes align to the same point then there may
be a thundering herd of processes waking up.

  • page/DOMTimer.cpp:

(WebCore::DOMTimer::alignedFireTime):

  • align to a randomized point.
12:13 AM Changeset in webkit [197736] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197411 - Unreviewed, fix CLOOP build.

  • jit/JITOperations.h:

Mar 7, 2016:

11:58 PM Changeset in webkit [197735] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197452 - REGRESSION(r197409): [GTK] Web process always crashes on WebPage construction after r197409
https://bugs.webkit.org/show_bug.cgi?id=154918

Reviewed by Žan Doberšek.

We have an incorrect check in DrawingAreaImpl constructor that has
never actually worked because it uses the page settings before
they were initialized. But that has been fixed in r197409 and now
we are always forcing accelerated compositing mode incorrectly,
because m_alwaysUseCompositing is set in the constructor and never
changed again.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::DrawingAreaImpl): Remove code to set
settings and m_alwaysUseCompositing, since that should be done in
updatePreferences().
(WebKit::DrawingAreaImpl::updatePreferences): Update the settings
accordingly and always update m_alwaysUseCompositing when AC is
enabled and forced in the settings.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage): WebPage::updatePreferences() calls
DrawingArea::updatePreferences(), but since r197409 it happens
before the drawing area has been created. So, call
DrawingArea::updatePreferences() in the constructor right after
the main frame has been created, since
DrawingArea::updatePreferences() uses the main frame.

11:58 PM Changeset in webkit [197734] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197409 - REGRESSION (r154616): Accelerated drawing is off during the initial load
<https://webkit.org/b/123812>

Reviewed by Tim Horton.

Source/WebCore:

Robustify the hey-the-Settings-changed callbacks in Page to handle document-less frames.
This is needed because now Settings are changed even before the main Frame has a Document.

  • page/Page.cpp:

(WebCore::networkStateChanged):
(WebCore::Page::updateStyleForAllPagesAfterGlobalChangeInEnvironment):
(WebCore::Page::takeAnyMediaCanStartListener):
(WebCore::Page::setMediaVolume):
(WebCore::Page::setPageScaleFactor):
(WebCore::Page::invalidateStylesForAllLinks):
(WebCore::Page::invalidateStylesForLink):
(WebCore::Page::dnsPrefetchingStateChanged):
(WebCore::Page::storageBlockingStateChanged):
(WebCore::Page::setMuted):
(WebCore::Page::captionPreferencesChanged):
(WebCore::Page::setSessionID):
(WebCore::Page::setPlaybackTarget):
(WebCore::Page::playbackTargetAvailabilityDidChange):
(WebCore::Page::setShouldPlayToPlaybackTarget):

  • page/Settings.cpp:

(WebCore::setImageLoadingSettings):

Source/WebKit2:

Load preferences before instantiating the first DrawingArea. This ensures that we do the
initial paint using accelerated drawing, and avoids allocating persistent data structures
only needed by the software rendering path.

  • WebProcess/WebPage/WebPage.cpp:
11:18 PM Changeset in webkit [197733] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r197062): [GTK] Transparent backgrounds no longer work after r197062
https://bugs.webkit.org/show_bug.cgi?id=155119

Reviewed by Martin Robinson.

This is because after r197062 we are now realizing the view too
early, even before the toplevel window has been realized, forcing
the toplevel window to be realized. If the RGBA visual is set on
the window after it has been realzied it doesn't have any
effect. We should wait until the toplevel window is realized to
realize the web view, giving time to the application to set RGBA
visual and background color. If the toplevel window is already
realized we realize the web view immediately, so that this doesn't
affect the tearing problems fixed in r197062.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(toplevelWindowRealized):
(webkitWebViewBaseSetToplevelOnScreenWindow):

11:16 PM Changeset in webkit [197732] by sbarati@apple.com
  • 11 edits
    1 copy
    2 adds in trunk/Source/JavaScriptCore

[ES6] Implement revocable proxies
https://bugs.webkit.org/show_bug.cgi?id=154321

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.revocable
with respect to section 26.2.2.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy.revocable

This patch also fixes a bug in Proxy where we
were incorrectly caching "in", i.e, "x" in proxy.
We should never blatantly cache this because caching is observable
behavior by users of the language. We could come up with
a smarter caching scheme that caches only if the Proxy's
handler doesn't have a "has" property, i.e, we don't have
to call out to JS code. But for now, it's easiest to disable
caching.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::moduleRecordStructure):
(JSC::JSGlobalObject::moduleNamespaceObjectStructure):
(JSC::JSGlobalObject::proxyObjectStructure):
(JSC::JSGlobalObject::proxyRevokeStructure):
(JSC::JSGlobalObject::wasmModuleStructure):

  • runtime/ProxyConstructor.cpp:

(JSC::ProxyConstructor::create):
(JSC::ProxyConstructor::ProxyConstructor):
(JSC::makeRevocableProxy):
(JSC::proxyRevocableConstructorThrowError):
(JSC::ProxyConstructor::finishCreation):
(JSC::constructProxyObject):

  • runtime/ProxyConstructor.h:

(JSC::ProxyConstructor::createStructure):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::revoke):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::create):

  • runtime/ProxyRevoke.cpp: Added.

(JSC::ProxyRevoke::create):
(JSC::ProxyRevoke::ProxyRevoke):
(JSC::ProxyRevoke::finishCreation):
(JSC::performProxyRevoke):
(JSC::ProxyRevoke::getCallData):
(JSC::ProxyRevoke::visitChildren):

  • runtime/ProxyRevoke.h: Added.

(JSC::ProxyRevoke::createStructure):
(JSC::ProxyRevoke::proxy):
(JSC::ProxyRevoke::setProxyToNull):

  • tests/stress/proxy-has-property.js:

(assert):
(assert.let.handler.has):
(assert.let.foo):

  • tests/stress/proxy-revoke.js: Added.

(assert):
(throw.new.Error.):
(throw.new.Error):
(callAllHandlers):
(shouldThrowNullHandler):
(allHandlersShouldThrow):
(i.let.trap.of.traps.trap.string_appeared_here.func):
(i.let.trap.of.traps.else.func):
(i.Proxy.revocable):

11:09 PM Changeset in webkit [197731] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

Fix the ARM build after r197687
https://bugs.webkit.org/show_bug.cgi?id=155128

Reviewed by Saam Barati.

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::moveZeroToDouble):

10:55 PM Changeset in webkit [197730] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Reduce the number of instructions needed to record the last regexp result
https://bugs.webkit.org/show_bug.cgi?id=155161

Reviewed by Sam Weinig.

This tightens up RegExpCachedResult::record(). My profiling shows that we spend just
over 1% of the time in Octane/regexp in this function. This function had two obvious
redundancies:

1) It executed the write barrier on owner twice. It only needs to execute it once. Since

the same RegExpConstructor is likely to be used many times, it makes sense to do the
barrier without looking at the 'to' objects at all. In steady state, this means that
the RegExpConstructor will simply be OldGrey so this one barrier will always skip the
slow path.

2) It cleared some fields that didn't need to be cleared, since we can just use

m_reified to indicate that the fields are not meaningful anymore.

This is meant to be a microscopic regexp speed-up.

  • runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::visitChildren):
(JSC::RegExpCachedResult::lastResult):

  • runtime/RegExpCachedResult.h:

(JSC::RegExpCachedResult::record):

10:53 PM Changeset in webkit [197729] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

createRegExpMatchesArray should allocate substrings more quickly
https://bugs.webkit.org/show_bug.cgi?id=155160

Reviewed by Sam Weinig.

This was calling a version of jsSubstring() that isn't inlineable because it was doing a lot
of checks in finishCreation(). In particular, it was checking that the base string is not
itself a substring and that it's been resolved. We don't need those checks here, since the
string must have been resolved prior to regexp processing.

This patch is also smart about whether to do checks for the empty and full substrings. In
the matches array loop, these checks are super unlikely to be profitable, so we just
unconditionally allocate the substring.

This removes those checks and makes the allocation inlineable. It looks like a 1% speed-up
on Octane/regexp.

  • runtime/JSString.h:

(JSC::jsSubstring):
(JSC::jsSubstringOfResolved):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):

10:44 PM Changeset in webkit [197728] by commit-queue@webkit.org
  • 25 edits in trunk/Source

Enhance logging: Use "always on" macros
https://bugs.webkit.org/show_bug.cgi?id=154499
<rdar://problem/24757730>

Patch by Keith Rollin <Keith Rollin> on 2016-03-07
Reviewed by Chris Dumez.

Source/WebCore:

Make use of new logging macros by reporting on frame and resource
load activity.

Add new logging to memory pressure handler to show when it's called
and its effectiveness. As part of this change, the various
platform-specific implementations have been unified.

No new tests. No new basic functionality has been added. Only new
logging has been added in release mode or has been enabled to execute
in release mode as well as debug mode.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::prepareForLoadStart):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
(WebCore::FrameLoader::isAlwaysOnLoggingAllowed):

  • loader/FrameLoader.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::isAlwaysOnLoggingAllowed):

  • loader/ResourceLoader.h:
  • page/Frame.cpp:

(WebCore::Frame::isAlwaysOnLoggingAllowed):

  • page/Frame.h:
  • page/Page.cpp:

(WebCore::Page::isAlwaysOnLoggingAllowed):

  • page/Page.h:
  • page/SessionID.h:

(WebCore::SessionID::isAlwaysOnLoggingAllowed):

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

  • platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
(WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):

  • platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

  • platform/linux/MemoryPressureHandlerLinux.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

  • platform/win/MemoryPressureHandlerWin.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

Source/WebKit2:

Make use of new logging macros by reporting on frame and resource
load activity.

Connection updated to report IPC errors, helping us identify when
messaging between processes breaks down.

ChildProcess updated to log if it is terminating early. Some
sysdiagnose logging from customers indicate that this is happening in
the wild.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::startNetworkLoad):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::didFailLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::isAlwaysOnLoggingAllowed):

  • NetworkProcess/NetworkResourceLoader.h:
  • Platform/IPC/Connection.cpp:

(IPC::Connection::waitForSyncReply):

  • Shared/ChildProcess.cpp:

(WebKit::didCloseOnConnectionWorkQueue):

  • WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):

  • WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::willSendRequest):
(WebKit::WebResourceLoader::didReceiveResponse):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
(WebKit::WebResourceLoader::didReceiveResource):
(WebKit::WebResourceLoader::isAlwaysOnLoggingAllowed):

  • WebProcess/Network/WebResourceLoader.h:

Source/WTF:

Update LOG_ALWAYS and LOG_ALWAYS_ERROR macros to take an expression to
be evaluated. If the expression evaluates to True, the associated
message is logged. This facility is used to prevent logging from being
performed in private sessions, but it could be extended to prevent
logging under other circumstances as well.

  • wtf/Assertions.h:
10:42 PM Changeset in webkit [197727] by Chris Dumez
  • 6 edits in trunk

Align HTMLCanvasElement.width / height with the specification
https://bugs.webkit.org/show_bug.cgi?id=155156

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

Align HTMLCanvasElement.width / height with the specification:

In particular, the following changes were made:

  1. The attributes are now 'unsigned long' instead of 'long'
  2. The corresponding content attributes are parsed as per the HTML rules for passing non-negative integers.
  3. Upon setting, if the value is out-of-range, the content attributes is set to its default value.

No new tests, already covered by existing test.

  • html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::setHeight):
(WebCore::HTMLCanvasElement::setWidth):
(WebCore::HTMLCanvasElement::reset):

  • html/HTMLCanvasElement.h:
  • html/HTMLCanvasElement.idl:
10:38 PM Changeset in webkit [197726] by Chris Dumez
  • 26 edits
    2 deletes in trunk

Stop clamping HTMLElement.tabIndex to the range of a short
https://bugs.webkit.org/show_bug.cgi?id=155159

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-embedded-expected.txt:
  • web-platform-tests/html/dom/reflection-forms-expected.txt:
  • web-platform-tests/html/dom/reflection-grouping-expected.txt:
  • web-platform-tests/html/dom/reflection-metadata-expected.txt:
  • web-platform-tests/html/dom/reflection-misc-expected.txt:
  • web-platform-tests/html/dom/reflection-obsolete-expected.txt:
  • web-platform-tests/html/dom/reflection-sections-expected.txt:
  • web-platform-tests/html/dom/reflection-tabular-expected.txt:
  • web-platform-tests/html/dom/reflection-text-expected.txt:

Source/WebCore:

Stop clamping HTMLElement.tabIndex to the range of a short. We
apparently did this to match Firefox. However, this no longer matches
Firefox's behavior nor the HTML specification:

No new tests, already covered by existing test.

  • dom/Element.cpp:

(WebCore::Element::setTabIndexExplicitly):
(WebCore::Element::tabIndex):

  • dom/Element.h:
  • dom/ElementRareData.h:

(WebCore::ElementRareData::tabIndex):
(WebCore::ElementRareData::setTabIndexExplicitly):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::tabIndex):

  • html/HTMLAnchorElement.h:
  • html/HTMLElement.cpp:

(WebCore::HTMLElement::parseAttribute):
(WebCore::HTMLElement::tabIndex):

  • html/HTMLElement.h:
  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::tabIndex):

  • html/HTMLFormControlElement.h:
  • page/FocusController.cpp:

(WebCore::nextElementWithGreaterTabIndex):
(WebCore::FocusController::previousFocusableElement):

  • svg/SVGAElement.cpp:

(WebCore::SVGAElement::tabIndex):

  • svg/SVGAElement.h:
  • svg/SVGElement.cpp:

(WebCore::SVGElement::tabIndex):
(WebCore::SVGElement::parseAttribute):

  • svg/SVGElement.h:

LayoutTests:

Drop outdated test.

  • fast/dom/tabindex-clamp-expected.txt: Removed.
  • fast/dom/tabindex-clamp.html: Removed.
9:56 PM Changeset in webkit [197725] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Small clean up of how we use SSA's valuesAtHead
https://bugs.webkit.org/show_bug.cgi?id=155152

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Filip Pizlo.

liveAtHead and valuesAtHead contain the same nodes,
we do not need the extra look up.

This also opens the way to use the same kind of liveness
analysis as Air (where live values at head do not use a set).

  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

9:39 PM Changeset in webkit [197724] by dbates@webkit.org
  • 6 edits
    34 adds in trunk

CSP: Source '*' should not match URLs with schemes blob, data, or filesystem
https://bugs.webkit.org/show_bug.cgi?id=154122
<rdar://problem/24613336>

Reviewed by Brent Fulgham.

Source/WebCore:

Restrict matching of source expression * to HTTP or HTTPS URLs for all directives except
img-src and media-src. This policy is more restrictive than the policy described in section
Matching Source Expressions of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721>,
which restricts matching * to schemes that are not blob, data, or filesystem.

For directive img-src we restrict matching of * to HTTP, HTTPS, and data URLs. For directive
media-src we restrict matching of * to HTTP, HTTPS, data URLs and blob URLs. We use a
more lenient interpretation of * for directives img-src and media-src than required by
the spec. to mitigate web compatibility issues.

Tests: fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html

fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html
fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html
fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html
http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html
http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html
media/video-with-blob-url-allowed-by-csp-media-src-star.html
media/video-with-data-url-allowed-by-csp-media-src-star.html
media/video-with-file-url-blocked-by-csp-media-src-star.html

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Added.
(WebCore::ContentSecurityPolicySourceList::matches): Modified to only match * if ContentSecurityPolicySourceList::isProtocolAllowedByStar().
evaluates to true.

  • page/csp/ContentSecurityPolicySourceList.h:

LayoutTests:

Add tests to ensure that we do not regress our interpretation of * with respect to directives
img-src, media-src, style-src, and default-src.

When running in WebKitTestRunner, skip the tests fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
and media/video-with-blob-url-allowed-by-csp-media-src-star.html as they make use of eventSender.beginDragWithFiles(),
which is not implement. We will need to fix <https://bugs.webkit.org/show_bug.cgi?id=64285>
before we can run these tests in WebKitTestRunner.

  • TestExpectations:
  • fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/resources/green.png: Added.
  • fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/resources/red-background-color.css: Added.

(#test):

  • http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html: Added.
  • media/video-with-blob-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-data-url-allowed-by-csp-media-src-star-expected.html: Added.
  • media/video-with-data-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Added.
  • media/video-with-file-url-blocked-by-csp-media-src-star.html: Added.
  • platform/wk2/TestExpectations:
7:45 PM Changeset in webkit [197723] by jonlee@apple.com
  • 6 edits in trunk/PerformanceTests

Add ability to retrieve raw data from release harness
https://bugs.webkit.org/show_bug.cgi?id=155026

Reviewed by Simon Fraser.

  • Animometer/developer.html: Remove the special UI in the debug

harness.

  • Animometer/resources/runner/animometer.css: Add styles for the

overlay.

  • Animometer/resources/runner/animometer.js: Let 'j' show the JSON

results, but only if the overlay doesn't exist. Add 'esc' key to dismiss
the overlay.
(window.benchmarkController.selectResults): Cycle the cases around
so that the first 's' press selects both the benchmark score and
the individual test scores.

  • Animometer/resources/debug-runner/animometer.css: Remove

unneeded rules.

  • Animometer/resources/debug-runner/animometer.js: Make the same

call to handleKeyPress.

7:01 PM Changeset in webkit [197722] by ggaren@apple.com
  • 7 edits
    1 add in trunk/Source/bmalloc

bmalloc: Use List<T> instead of Vector<T> in some places
https://bugs.webkit.org/show_bug.cgi?id=155150

Reviewed by Andreas Kling.

Vector<T> is expensive when you want a lot of them because our minimum
allocation size is the system page size.

  • bmalloc.xcodeproj/project.pbxproj: Added a List<T> class.
  • bmalloc/Heap.cpp:

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::allocateSmallPage): Use the List<T> API. No need to check
for stale entries anymore because List<T> supports O(1) eager removal
and we remove eagerly now.

(bmalloc::Heap::deallocateSmallLine): Remove eagerly. This simplifies
the allocation code and it is also required for correctness since we
only have enough metadata to be in one list at a time.

  • bmalloc/Heap.h: List!
  • bmalloc/SmallChunk.h: Made this assert a little more precise since this

patch triggered the old version in a benign way.

(bmalloc::SmallChunk::SmallChunk): This code moved to the SmallPage
constructor.

  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage): Accomodate the List<T> data structure.
This is a net memory savings on Mac for heaps smaller than ~128MB and on
iOS for heaps smaller than ~512MB. The maximum memory saved is 512kB on
Mac and 2MB on iOS. For larger heaps, there's a memory cost of 0.4% on
Mac and 0.1% on iOS.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage): Use List<T> API.

6:56 PM Changeset in webkit [197721] by Brent Fulgham
  • 10 edits in trunk/Source

Reduce startup and shutdown cost of resource load statistics
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

Reviewed by Andy Estes.

Source/WebCore:

Move all file-related code out of WebCore.

  • loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::create): Deleted path overload.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): Added.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Added.
(WebCore::ResourceLoadStatisticsStore::ResourceLoadStatisticsStore): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeDataToDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::setStatisticsStorageDirectory): Deleted.
(WebCore::ResourceLoadStatisticsStore::persistentStoragePath): Deleted.
(WebCore::ResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Deleted.
(WebCore::ResourceLoadStatisticsStore::createDecoderFromDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeEncoderToDisk): Deleted.

  • loader/ResourceLoadStatisticsStore.h:

(WebCore::ResourceLoadStatisticsStore::clear): Added.

Source/WebKit/mac:

Remove the Resource Load Statistics stuff from WK1, now that it is up and
running in WK2.

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]): Remove call to read resource load
statistics from disk.
(+[WebView _applicationWillTerminate]): Remove call to write resource load
statistics to disk.

Source/WebKit2:

Use a dedicated WorkQueue to process resource load statistics data. Allow
processing to load (and save) previously stored statistics asynchronously so
that it does not delay startup.

Now that we have a more rational storage situation, get rid of the 'writeToDisk'
method since it is no longer needed in the WK2 layer.

Move all of the Resource Load Statistics file handling code from WebCore to this
API layer.

  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore): Initialize
member variable with storage path, rather than passing to WebCore code.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Revised to
use the new WorkQueue code.
(WebKit::WebResourceLoadStatisticsStore::setResourceLoadStatisticsEnabled): When
activating the feature, purge any old statistics before loading from disk.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Added.
(WebKit::WebResourceLoadStatisticsStore::processWillOpenConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::processDidCloseConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::applicationWillTerminate): Make sure all
of the WorkQueue tasks are done before terminating.
(WebKit::WebResourceLoadStatisticsStore::persistentStoragePath): Moved from WebCore.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::createDecoderFromDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::writeToDisk): Deleted.

  • UIProcess/WebResourceLoadStatisticsStore.h:

(WebKit::WebResourceLoadStatisticsStore::coreStore):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::webProcessWillOpenConnection): Call new WebResourceLoadStatisticsStore code.
(WebKit::WebsiteDataStore::webProcessDidCloseConnection): Ditto.

6:40 PM Changeset in webkit [197720] by achristensen@apple.com
  • 6 edits
    2 adds in trunk

Fix cookies with private browsing and NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155147
rdar://problem/25018279

Reviewed by Brady Eidson.

Source/WebKit2:

In the NetworkSession constructor, we look for a NetworkStorageSession in the SessionTracker
and use that NetworkStorageSession's CFHTTPCookieStorageRef in the NSURLSessionConfiguration.
NetworkStorageSessions were being set in SessionTracker's storageSessionMap after NetworkSessions
were created, causing the NSHTTPCookieStorage of the NSURLSession to be different from the
CFHTTPCookieStorageRef used by document.cookie in newly created private browsing sessions.
This fixes that problem by passing the NetworkStorageSession as a constructor parameter to the
NetworkSession so it can use the correct CFHTTPCookieStorageRef in its NSURLSessionConfiguration
before it is in the storageSessionMap.

  • NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::sessionID):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):

  • NetworkProcess/mac/RemoteNetworkingContext.mm:

(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession):

  • WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:

(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):

LayoutTests:

  • http/tests/cookies/private-cookie-storage-expected.txt: Added.
  • http/tests/cookies/private-cookie-storage.html: Added.
5:51 PM Changeset in webkit [197719] by jonlee@apple.com
  • 3 edits in trunk/Tools

Update perf bot configuration for Animometer
https://bugs.webkit.org/show_bug.cgi?id=155134

Reviewed by Ryosuke Niwa.

  • Scripts/webkitpy/benchmark_runner/data/patches/Animometer.patch: Refactor the patch

to work with the latest version of the harness.

  • Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Bump up the timeout,

and use the latest version of the harness.

5:27 PM WebKitGTK/2.12.x edited by Michael Catanzaro
(diff)
5:23 PM Changeset in webkit [197718] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking media/track/track-cues-pause-on-exit.html as flaky on ElCapitan Debug WK2
https://bugs.webkit.org/show_bug.cgi?id=155151

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
4:49 PM Changeset in webkit [197717] by BJ Burg
  • 18 edits
    1 add in trunk/Source/JavaScriptCore

Web Inspector: the protocol generator should generate factory method stubs for protocol types
https://bugs.webkit.org/show_bug.cgi?id=155103
<rdar://problem/25002772>

Reviewed by Timothy Hatcher.

Generate stubs with unique names so that parsing methods can be used
reflectively at runtime, based on the protocol version that's loaded.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • inspector/scripts/codegen/init.py:
  • inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:

Added. For each type in a domain, add a method of the form
-[ProtocolTypeConversions _parseXXX:fromPayload]. This is in a category
method, and the selector is only ever looked up at runtime.

(ObjCProtocolTypeConversionsHeaderGenerator.generate_output):

  • inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification):

Rebaseline test results with new generator output.

  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
  • inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
  • inspector/scripts/tests/expected/enum-values.json-result:
  • inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
  • inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
  • inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-array-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
4:45 PM Changeset in webkit [197716] by Alan Bujtas
  • 11 edits in trunk/Source/WebCore

Crash in WebCore::RenderElement::containingBlockForObjectInFlow
https://bugs.webkit.org/show_bug.cgi?id=155109

Reviewed by Simon Fraser.

It's unsafe to call containingBlock() on RenderView.

Unable to reproduce.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::styleWillChange):
(WebCore::RenderBlock::isSelfCollapsingBlock):
(WebCore::RenderBlock::selectionGaps):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::computePercentageLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):

  • rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
(WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
(WebCore::RenderLayer::updatePagination):
(WebCore::inContainingBlockChain):

  • rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::isValidColumnSpanner):

  • rendering/RenderNamedFlowThread.cpp:

(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):

  • rendering/RenderObject.cpp:

(WebCore::hasFixedPosInNamedFlowContainingBlock):

  • rendering/RenderReplaced.cpp:

(WebCore::firstContainingBlockWithLogicalWidth):

  • rendering/RenderView.cpp:

(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

4:34 PM Changeset in webkit [197715] by fpizlo@apple.com
  • 9 edits in trunk/Source/JavaScriptCore

RegExp.prototype.exec() should call into Yarr at most once
https://bugs.webkit.org/show_bug.cgi?id=155139

Reviewed by Saam Barati.

For apparently no good reason, RegExp.prototype.match() was calling into Yarr twice, almost
as if it was hoping that the non-matching case was so common that it was best to have the
matching case do the work all over again.

This is a 4% speed-up on Octane/regexp. It's also a matter of common sense: we should not be
in the business of presuming whether someone's match will succeed or fail. The increased
cost of running Yarr twice is so much larger than whatever savings we were getting from
running a match-only regexp that this is just not a good overall deal for the engine.

Also, it's interesting that we are seeing a 4% speed-up on regexp despite the fact that a
majority (almost a supermajority, I think) of calls into RegExp.prototype.match() are failed
matches. So, this change is a 4% speed-up despite being a slow down on the common case. That
tells you just how bad the old behavior was on the uncommon case.

  • runtime/MatchResult.h:

(MatchResult::MatchResult):
(MatchResult::failed):
(MatchResult::operator bool):

  • runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::lastResult):

  • runtime/RegExpConstructor.h:

(JSC::RegExpConstructor::setMultiline):
(JSC::RegExpConstructor::multiline):
(JSC::RegExpConstructor::performMatch):
(JSC::RegExpConstructor::recordMatch):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):

  • runtime/RegExpMatchesArray.h:

(JSC::createRegExpMatchesArray):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::getLastIndexAsUnsigned):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

4:14 PM Changeset in webkit [197714] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

Correct bug in resource load statistics debug flag for legacy clients
https://bugs.webkit.org/show_bug.cgi?id=155118
<rdar://problem/25020088>

Reviewed by Andy Estes.

Some clients launch WebKit2 using the "legacy" configuration for the website data store.
The Resource Load Statistics code was not added to this type of configuration, which
prevents various WebKit2 clients from using this code.

  • UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Tell the legacy initializer where to
find the resource load statistics data.

4:04 PM Changeset in webkit [197713] by jdiggs@igalia.com
  • 4 edits in trunk/Tools

[GTK][jhbuild] OpenWebRTC build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154839

Reviewed by Michael Catanzaro.

Add '-Wno-error' to jhbuildrc; remove it from the module sets for macos.

  • gtk/jhbuild-webrtc.modules:
  • gtk/jhbuild.modules:
  • gtk/jhbuildrc:
3:45 PM Changeset in webkit [197712] by commit-queue@webkit.org
  • 22 edits
    2 adds in trunk/Source/JavaScriptCore

Heap Snapshot should include different Edge types and data (Property, Index, Variable)
https://bugs.webkit.org/show_bug.cgi?id=154937

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-07
Reviewed by Geoffrey Garen.

  • heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendHidden):

  • heap/SlotVisitor.h:
  • heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::appendHidden):
(JSC::SlotVisitor::appendValuesHidden):
Add new visit methods to visit a reference without snapshotting the edge.

  • heap/Heap.cpp:

(JSC::AddExtraHeapSnapshotEdges::AddExtraHeapSnapshotEdges):
(JSC::AddExtraHeapSnapshotEdges::operator()):
(JSC::Heap::addHeapSnapshotEdges):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::collectImpl):

  • heap/Heap.h:

After marking, visit the live cells for a chance to record extra
heap snapshotting information about the cell.

  • heap/HeapSnapshotBuilder.cpp:

(JSC::HeapSnapshotBuilder::appendNode):
(JSC::HeapSnapshotBuilder::appendEdge):
(JSC::HeapSnapshotBuilder::appendPropertyNameEdge):
(JSC::HeapSnapshotBuilder::appendVariableNameEdge):
(JSC::HeapSnapshotBuilder::appendIndexEdge):
(JSC::HeapSnapshotBuilder::json):

  • heap/HeapSnapshotBuilder.h:

(JSC::HeapSnapshotEdge::HeapSnapshotEdge):
Construct edges with extra data.

  • runtime/ClassInfo.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::heapSnapshot):

  • runtime/JSCell.h:

Add a new method to provide cells with an opportunity to provide
extra heap snapshotting information.

  • runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):
(JSC::JSObject::visitChildren):
(JSC::JSObject::heapSnapshot):
(JSC::JSFinalObject::visitChildren):

  • runtime/JSObject.h:

Capture object property names and index names when heap snapshotting.
Do not include them as internal edges in normal visitChildren.

  • runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::visitChildren):
(JSC::JSEnvironmentRecord::heapSnapshot):

  • runtime/JSEnvironmentRecord.h:
  • runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::heapSnapshot):

  • runtime/JSSegmentedVariableObject.h:

Capture scope variable names when heap snapshotting.

  • runtime/Structure.cpp:

(JSC::Structure::visitChildren):

  • runtime/Structure.h:
  • runtime/StructureInlines.h:

(JSC::Structure::propertyTable):
When performing a heap snapshotting collection, don't clear the
property table so that accessing the table during this GC is okay.

  • tests/heapProfiler/driver/driver.js:
  • tests/heapProfiler/property-edge-types.js: Added.
  • tests/heapProfiler/variable-edge-types.js: Added.

Tests covering the different edge types and data we capture.

3:27 PM Changeset in webkit [197711] by sbarati@apple.com
  • 4 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.GetPrototypeOf?
https://bugs.webkit.org/show_bug.cgi?id=155099

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.GetPrototypeOf?
with respect to section 9.5.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::setPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:
  • tests/es6.yaml:
  • tests/stress/proxy-get-prototype-of.js: Added.

(assert):
(throw.new.Error.let.handler.get getPrototypeOf):
(throw.new.Error.get let):
(throw.new.Error.get catch):
(throw.new.Error):
(assert.let.handler.getPrototypeOf):
(assert.get let):
(assert.get catch):
(assert.):
(let.handler.getPrototypeOf):
(get let):
(let.handler.has):

3:24 PM Changeset in webkit [197710] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking imported/w3c/indexeddb/idbcursor-advance-continue-async.htm as flaky on Yosemite Release WK2
https://bugs.webkit.org/show_bug.cgi?id=154606

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
3:16 PM Changeset in webkit [197709] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking js/promises-tests/promises-tests-2-3-3.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=155140

Unreviewed test gardening.

  • platform/mac/TestExpectations:
2:58 PM Changeset in webkit [197708] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking inspector/console/addInspectedNode.html as flaky on Yosemite WK2
https://bugs.webkit.org/show_bug.cgi?id=155138

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
2:24 PM Changeset in webkit [197707] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping css3/filters/huge-region-composited.html on ios-simulator in an
attempt to eliminate a flaky crash.
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
2:17 PM Changeset in webkit [197706] by dbates@webkit.org
  • 10 edits in trunk/Source

Cleanup: Add convenience function URL::procotolIsBlob()
https://bugs.webkit.org/show_bug.cgi?id=155127
<rdar://problem/25016829>

Reviewed by Brent Fulgham.

Source/WebCore:

Similar to the class member function URL::protocolIsData(), add a class member function to
class URL to determine if a URL is a blob URL.

No functionality was changed. So, no new tests.

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::shouldUseInnerURL): Modified to use URL::protocolIsBlob().
(WebCore::getCachedOrigin): Ditto.

  • platform/URL.h:

(WebCore::URL::protocolIsBlob): Added.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcStart): Modified to use URL::protocolIsBlob().
(urlHasSupportedProtocol): Ditto.

  • workers/Worker.cpp:

(WebCore::Worker::didReceiveResponse): Ditto.

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Ditto.

Source/WebKit2:

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): Modified to use URL::protocolIsBlob().

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::NetworkResourceLoader): Ditto.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::canHandleRequest): Ditto.

1:53 PM Changeset in webkit [197705] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip unsupported plugin tests from r197697 on ios-simulator

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
1:40 PM Changeset in webkit [197704] by aakash_jain@apple.com
  • 3 edits in trunk/Tools

webkitpy should verify timestamp from CrashLogs while collecting all crash logs
https://bugs.webkit.org/show_bug.cgi?id=155000
<rdar://problem/24860219>

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/common/system/crashlogs.py:

(CrashLogs._find_all_logs_darwin): Make sure that crash log timestamp is within expected
time range, because file modification time is not always accurate.
(CrashLogs.get_timestamp_from_logs): Parse the timestamp from logs.

  • Scripts/webkitpy/common/system/crashlogs_unittest.py:

(CrashLogsTest.test_get_timestamp_from_logs_darwin): Testcase for above function.

1:39 PM Changeset in webkit [197703] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip storage/indexeddb/intversion-open-in-upgradeneeded.html on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=155050

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
1:25 PM Changeset in webkit [197702] by adam.bergkvist@ericsson.com
  • 13 edits
    5 copies
    6 adds in trunk

WebRTC: Implement MediaEndpointPeerConnection::createOffer()
https://bugs.webkit.org/show_bug.cgi?id=154867

Reviewed by Eric Carlson and Jer Noble.

Source/WebCore:

  • MediaEndpointPeerConnection: Initial implementation of createOffer()

added. createOffer() is split up into a synchronous part, and a
scheduled task. The task will be deferred until information, requiring
some amount of work, such as the DTLS fingerprint is available. Other
async API functions will also follow this pattern.

  • SDPProcessor (added): The SDPProcessors parses SDP to a

MediaEndpointSessionConfiguration object and generates SDP in the
reverse direction. Any SDP string handling is confined to the
SDPProcessor and all configuration of the media session is done via the
MediaEndpointSessionConfiguration object.

The SDP parser and generator logic is implemented in JavaScript and
works with JSON (SDP->JSON, JSON->SDP). The SDPProcessor runs JS in an
isolated scope and converts JSON to a MediaEndpointSessionConfiguration
object and the reverse. Using JSON signaling (nonstandard) can be
helpful during debugging.

  • MockMediaEndpoint (added): Mock MediaEndpoint implementation with

support for generating offers. DTLS information, such as fingerprint,
is hard coded to facilitate testing with expected values.

Test: fast/mediastream/RTCPeerConnection-inspect-offer.html

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

  • CMakeLists.txt:
  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::WrappedSessionDescriptionPromise::create):
(WebCore::WrappedSessionDescriptionPromise::promise):
(WebCore::WrappedSessionDescriptionPromise::WrappedSessionDescriptionPromise):
(WebCore::randomString):
(WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
(WebCore::MediaEndpointPeerConnection::runTask):
(WebCore::MediaEndpointPeerConnection::startRunningTasks):
(WebCore::MediaEndpointPeerConnection::createOffer):
(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::gotDtlsFingerprint):

  • Modules/mediastream/MediaEndpointPeerConnection.h:
  • Modules/mediastream/SDPProcessor.cpp: Added.

(WebCore::SDPProcessor::SDPProcessor):
(WebCore::createCandidateObject):
(WebCore::createCandidate):
(WebCore::configurationFromJSON):
(WebCore::iceCandidateFromJSON):
(WebCore::configurationToJSON):
(WebCore::iceCandidateToJSON):
(WebCore::SDPProcessor::generate):
(WebCore::SDPProcessor::parse):
(WebCore::SDPProcessor::generateCandidateLine):
(WebCore::SDPProcessor::parseCandidateLine):
(WebCore::SDPProcessor::callScript):

  • Modules/mediastream/SDPProcessor.h: Added.
  • Modules/mediastream/sdp.js: Added.

(match):
(addDefaults):
(fillTemplate):
(SDP.parse):
(SDP.generate):
(SDP.generateCandidateLine):
(hasAllProperties):
(SDP.verifyObject):
(generate):
(parse):
(generateCandidateLine):
(parseCandidateLine):

  • PlatformGTK.cmake:
  • WebCore.xcodeproj/project.pbxproj:
  • platform/mediastream/MediaEndpoint.cpp:

(WebCore::createMediaEndpoint):

  • platform/mediastream/MediaEndpoint.h:
  • platform/mediastream/PeerMediaDescription.h:
  • platform/mediastream/SDPProcessorScriptResource.cpp: Added.

(WebCore::SDPProcessorScriptResource::scriptString):

  • platform/mediastream/SDPProcessorScriptResource.h: Added.
  • platform/mediastream/gtk/SDPProcessorScriptResourceGtk.cpp: Added.

(WebCore::SDPProcessorScriptResource::scriptString):

  • platform/mock/MockMediaEndpoint.cpp: Added.

(WebCore::MockMediaEndpoint::create):
(WebCore::MockMediaEndpoint::MockMediaEndpoint):
(WebCore::MockMediaEndpoint::~MockMediaEndpoint):
(WebCore::MockMediaEndpoint::setConfiguration):
(WebCore::MockMediaEndpoint::generateDtlsInfo):
(WebCore::MockMediaEndpoint::getDefaultAudioPayloads):
(WebCore::MockMediaEndpoint::getDefaultVideoPayloads):
(WebCore::MockMediaEndpoint::updateReceiveConfiguration):
(WebCore::MockMediaEndpoint::updateSendConfiguration):
(WebCore::MockMediaEndpoint::addRemoteCandidate):
(WebCore::MockMediaEndpoint::replaceSendSource):
(WebCore::MockMediaEndpoint::stop):

  • platform/mock/MockMediaEndpoint.h: Added.
  • testing/Internals.cpp:

(WebCore::Internals::Internals):
(WebCore::Internals::enableMockMediaEndpoint):

  • testing/Internals.h:

LayoutTests:

The output SDP from createOffer() is processed by verifying all variable
identifiers, such as session and user id, and replacing them with
predefined values to make the SDP comparable with an expected result.

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

  • fast/mediastream/RTCPeerConnection-inspect-offer-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-inspect-offer.html: Added.
  • platform/mac/TestExpectations:
1:22 PM Changeset in webkit [197701] by BJ Burg
  • 21 edits
    1 move in trunk/Source/JavaScriptCore

Web Inspector: rename generated *EnumConversionHelpers.h to *TypeConversions.h
https://bugs.webkit.org/show_bug.cgi?id=155121
<rdar://problem/25010391>

Reviewed by Timothy Hatcher.

Split out this renaming from the work to generate factory method stubs for types.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • inspector/scripts/codegen/init.py:
  • inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:

(ObjCConfigurationImplementationGenerator.generate_output):

  • inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:

(ObjCFrontendDispatcherImplementationGenerator.generate_output):

  • inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objc_conversion_helpers.py.
  • inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:

(ObjCProtocolTypesImplementationGenerator.generate_output):

  • inspector/scripts/codegen/objc_generator_templates.py:
  • inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification):

Rebaseline tests after changing generator order.

  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
  • inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
  • inspector/scripts/tests/expected/enum-values.json-result:
  • inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
  • inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
  • inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-array-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1:08 PM Changeset in webkit [197700] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip storage/indexeddb/modern/exceed-open-file-limit.html
https://bugs.webkit.org/show_bug.cgi?id=155091

Unreviewed test gardening.

  • platform/wk2/TestExpectations:
12:33 PM Changeset in webkit [197699] by Simon Fraser
  • 2 edits in trunk/Source/WebKit2

Use CGColorSpaceCopyICCData instead of CGColorSpaceCopyICCProfile
https://bugs.webkit.org/show_bug.cgi?id=155123
rdar://problem/24990256

Reviewed by Tim Horton.

On newer OSes, use CGColorSpaceCopyICCData().

  • Shared/mac/ColorSpaceData.mm:

(WebKit::ColorSpaceData::encode):

12:28 PM Changeset in webkit [197698] by barraclough@apple.com
  • 3 edits in trunk/Source/WebKit2

Last opened tab does not receive SetHiddenPageTimerThrottlingIncreaseLimit message
https://bugs.webkit.org/show_bug.cgi?id=155126

Reviewed by Chris Dumez.

WebPageProxy will increment the hidden page throttling counter from within its constructor,
which currently causes the WebProcessPool to try to synchronously message all processes.
The web page triggering the increment then fails to receive the message, since it was
still being constructed. Make the update of the limit async, such that the page is fully
constructed before the WebProcessPool processes the update.

  • UIProcess/WebProcessPool.cpp:

(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):

  • This now schedules a zero-delay timer to handle the update.

(WebKit::m_hiddenPageThrottlingTimer):

  • This is now responsible for calling updateHiddenPageThrottlingAutoIncreaseLimit.
  • UIProcess/WebProcessPool.h:
    • Added m_hiddenPageThrottlingTimer.
12:21 PM Changeset in webkit [197697] by dbates@webkit.org
  • 13 edits
    8 adds
    1 delete in trunk

CSP: object-src directive should prohibit creation of nested browsing context
https://bugs.webkit.org/show_bug.cgi?id=153153
<rdar://problem/24383209>

Reviewed by Brent Fulgham.

Source/WebCore:

Enforce the Content Security Policy object-src directive when fetching a URL for content
that will cause an HTML object or HTML embed element to act as a nested browsing context
(i.e. behave as if the content was loaded in an HTML iframe element). This makes our
enforcement of the object-src directive match the behavior of the object-src directive
in the Content Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Tests: http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html

http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Extracted from SubframeLoader::pluginIsLoadable().
Checks if the plugin element is allowed by the Content Security Policy to load the URL and MIME type.
(WebCore::SubframeLoader::pluginIsLoadable): Extract out the logic for determining if
the plugin content is allowed to load by the Content Security Policy into SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
and make use of this function.
(WebCore::SubframeLoader::requestObject): Modified to call SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
before loading plugin content into a sub frame. If the plugin content is not allowed to load then we
mark the plugin as unavailable with the reason being that it was blocked by the Content Security Policy.

  • loader/SubframeLoader.h:

LayoutTests:

Add test to ensure that we enforce the Content Security Policy object-src directive
for HTML object and HTML embed elements that behave like an HTML iframe element.

  • TestExpectations: Remove entries for tests that pass.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-code-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked.html:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked.html:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-url-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html:

Simplify the code used in the above tests and update incorrect expected results.

  • http/tests/security/contentSecurityPolicy/object-src-url-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/object-src-param.js: Removed.
11:39 AM Changeset in webkit [197696] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking js/arraybuffer-wrappers.html as a flaky timeout on Mac
https://bugs.webkit.org/show_bug.cgi?id=155092

Unreviewed test gardening.

  • platform/mac/TestExpectations:
10:57 AM Changeset in webkit [197695] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Improve and64() and or64() with immediate on x86
https://bugs.webkit.org/show_bug.cgi?id=155104

Reviewed by Geoffrey Garen.

GetButterflyReadOnly was doing:

movq 0x8(%rbx), %r9
movq $0xfffffffffffffffc, %r11
andq %r11, %r9

There is no need for the move to load the immediate,
andq sign extend its immediate.

With this patch, we have:

movq 0x8(%rbx), %r9
andq $0xfffffffffffffffc, %r9

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::and64):
(JSC::MacroAssemblerX86_64::or64):

10:52 AM Changeset in webkit [197694] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.21.0.3/Source

Versioning.

10:51 AM Changeset in webkit [197693] by peavo@outlook.com
  • 2 edits in trunk/Source/WebKit/win

[WinCairo][AcceleratedCompositing] Rendering issues on www.bbc.com.
https://bugs.webkit.org/show_bug.cgi?id=154912

Reviewed by Michael Catanzaro.

If we have a scroll layer, we should not include the scroll position in the visible rectangle,
since the scroll position is already reflected in the position of the scroll layer.

  • WebCoreSupport/AcceleratedCompositingContext.cpp:

(AcceleratedCompositingContext::flushPendingLayerChanges):

10:50 AM Changeset in webkit [197692] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.21.0.3

New tag.

10:44 AM Changeset in webkit [197691] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline inspector/model/remote-object.html for mac after r197626
https://bugs.webkit.org/show_bug.cgi?id=155115

Unreviewed test gardening.

  • platform/mac/inspector/model/remote-object-expected.txt:
10:41 AM Changeset in webkit [197690] by barraclough@apple.com
  • 18 edits in trunk/Source

Convert DOMTimer to std::chrono::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155085

Reviewed by Andreas Kling.

DOMTimer currently uses a mix of millisecond (was int, now std::chrono) and second (as double)
time values. Constant conversion back and forth is a complete mess. Stop that.

Source/WebCore:

  • dom/Document.cpp:

(WebCore::Document::minimumTimerInterval):
(WebCore::Document::timerAlignmentInterval):

  • dom/Document.h:
    • double -> std::chrono::milliseconds
  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::adjustMinimumTimerInterval):
(WebCore::ScriptExecutionContext::minimumTimerInterval):
(WebCore::ScriptExecutionContext::timerAlignmentInterval):

  • dom/ScriptExecutionContext.h:
    • double -> std::chrono::milliseconds
  • page/DOMTimer.cpp:

(WebCore::DOMTimer::updateTimerIntervalIfNecessary):
(WebCore::DOMTimer::intervalClampedToMinimum):
(WebCore::DOMTimer::alignedFireTime):

  • page/DOMTimer.h:
    • double -> std::chrono::milliseconds
  • page/Page.cpp:

(WebCore::Page::setTimerThrottlingState):
(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):
(WebCore::Page::updateDOMTimerAlignmentInterval):

  • page/Page.h:
    • double -> std::chrono::milliseconds
  • page/Settings.cpp:

(WebCore::Settings::setNeedsAdobeFrameReloadingQuirk):
(WebCore::Settings::setMinimumDOMTimerInterval):

  • page/Settings.h:
    • double -> std::chrono::milliseconds
  • page/SuspendableTimer.h:

(WebCore::SuspendableTimer::startRepeating):
(WebCore::SuspendableTimer::startOneShot):
(WebCore::SuspendableTimer::repeatIntervalMS):
(WebCore::SuspendableTimer::augmentFireInterval):
(WebCore::SuspendableTimer::augmentRepeatInterval):

  • added std::chrono::milliseconds interface.
  • platform/Timer.cpp:

(WebCore::TimerBase::setNextFireTime):

  • restructured for new alignedFireTime signatured, moved zero-delay handling to here. This change made because inside alignedFireTime fireTime will have already been truncated.
  • platform/Timer.h:

(WebCore::TimerBase::msToSeconds):
(WebCore::TimerBase::secondsToMS):

  • internal helper functions to bridge std::chrono::milliseconds to internal double.

(WebCore::TimerBase::startRepeating):
(WebCore::TimerBase::startOneShot):
(WebCore::TimerBase::repeatIntervalMS):
(WebCore::TimerBase::augmentFireInterval):
(WebCore::TimerBase::augmentRepeatInterval):

  • expanded std::chrono::milliseconds interface.

(WebCore::TimerBase::alignedFireTime):

  • changed to std::chrono::milliseconds, made return value Optional (null means no alignment).
  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::setMinimumTimerInterval):

  • testing/InternalSettings.h:
    • double -> std::chrono::milliseconds

Source/WebKit/win:

  • WebView.cpp:

(WebView::setMinimumTimerInterval):

  • Convert double argument into std::chrono::milliseconds.
10:41 AM Changeset in webkit [197689] by BJ Burg
  • 11 edits in trunk/Source/JavaScriptCore

Web Inspector: It should be possible to initialize generated ObjC protocol types from an NSDictionary payload
https://bugs.webkit.org/show_bug.cgi?id=155102
<rdar://problem/25002015>

Reviewed by Timothy Hatcher.

In Objective-C code, we sometimes prefer to parse JSON using Cocoa rather
than the InspectorValue classes. Support initializing protocol objects
directly from an NSDictionary payload. This delegates validation of values to
the setter methods that already exist on the protocol object classes.

  • inspector/scripts/codegen/generate_objc_header.py:

(ObjCHeaderGenerator._generate_type_interface):

  • inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:

(ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
(ObjCProtocolTypesImplementationGenerator._generate_init_method_for_payload):

  • inspector/scripts/codegen/objc_generator.py:

(ObjCGenerator.payload_to_objc_expression_for_member):
Add a new helper method to generate an expression to unpack the value
from an NSDictionary. If it's not a primitive, the setter performs
validation of the value's kind using -[NSObject isKindOfClass:].

Rebaseline relevant tests.

  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
  • inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
  • inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
  • inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
10:30 AM Changeset in webkit [197688] by benjamin@webkit.org
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Simplify the overflow check of ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=155063

Reviewed by Geoffrey Garen.

The only integer that overflow abs(int32) is INT_MIN.
For some reason, our code testing for that case
was checking the top bit of the result specifically.

The code required a large immediate on x86 and an extra
register on ARM64.

This patch turns the overflow check into a branch on
the sign of the result.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):

  • jit/ThunkGenerators.cpp:

(JSC::absThunkGenerator):

  • tests/stress/arith-abs-overflow.js: Added.

(opaqueAbs):

10:25 AM Changeset in webkit [197687] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

[JSC] Improve how DFG zero Floating Point registers
https://bugs.webkit.org/show_bug.cgi?id=155096

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Geoffrey Garen.

DFG had a weird way of zeroing a FPR:

-zero a GP.
-move that to a FP.

Filip added moveZeroToDouble() for B3. This patch
uses that in the lower tiers.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::moveZeroToDouble):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):

  • jit/ThunkGenerators.cpp:

(JSC::floorThunkGenerator):
(JSC::roundThunkGenerator):

10:24 AM Changeset in webkit [197686] by akling@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
<https://webkit.org/b/154812>

Reviewed by Geoffrey Garen.

Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
profiling data.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):

10:23 AM Changeset in webkit [197685] by benjamin@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

[JSC] Remove a useless "Move" from baseline-JIT op_mul's fast path
https://bugs.webkit.org/show_bug.cgi?id=155071

Reviewed by Geoffrey Garen.

We do not need to multiply to a scratch and then move the result
to the destination. We can just multiply to the destination.

  • jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_mul):

  • jit/JITMulGenerator.cpp:

(JSC::JITMulGenerator::generateFastPath):

10:21 AM Changeset in webkit [197684] by Yusuke Suzuki
  • 2 edits
    2 adds in trunk/Source/JavaScriptCore

[JSC] StringObject.{put, defineOwnProperty} should realize indexed properties
https://bugs.webkit.org/show_bug.cgi?id=155089

Reviewed by Geoffrey Garen.

Through implementing Reflect.set[1], we found StringObject does not obey the spec.
StringObject::put should call putByIndex if the given propertyName is index.
And StringObject::defineOwnProperty should recognize indexed properties since
JSObject::defineOwnIndexedProperty is specialized to JSObject layout.
Before calling JSObject::defineOwnProperty,
StringObject should handle its special indexed own properties.
It is responsibility of StringObject::defineOwnProperty.

And the logic is cleaned up by using validateAndApplyPropertyDescriptor.

[1]: https://bugs.webkit.org/show_bug.cgi?id=155024

  • runtime/StringObject.cpp:

(JSC::StringObject::put):
(JSC::StringObject::putByIndex):
(JSC::isStringOwnProperty):
(JSC::StringObject::defineOwnProperty):
(JSC::StringObject::deleteProperty):

  • tests/stress/string-object-define-own-property.js: Added.

(shouldBe):
(shouldThrow):

  • tests/stress/string-object-put-by-index.js: Added.

(shouldBe):
(shouldThrow):
(testSloppy):
(testStrict):

9:50 AM Changeset in webkit [197683] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.21.0.2/Source

Versioning.

9:49 AM Changeset in webkit [197682] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.21.0.2

New tag.

9:30 AM Changeset in webkit [197681] by Simon Fraser
  • 2 edits
    2 adds in trunk/LayoutTests

[iOS Simulator] Three object-position tests failing after r197618
https://bugs.webkit.org/show_bug.cgi?id=155116

Mark two tests as image failures, and add new results for a compositing test.

  • platform/ios-simulator/TestExpectations:
  • platform/ios-simulator/compositing/video/video-object-position-expected.txt: Added.
7:22 AM Changeset in webkit [197680] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

Make RenderStyle copy-on-write a bit less.
<https://webkit.org/b/155106>

Reviewed by Antti Koivisto.

Add a cheesy SET_NESTED_VAR macro complement to SET_VAR so we can avoid copy-on-write
detachment of nested RenderStyle substructures when the leaf value doesn't change.

I spotted about 300kB of these mistakes being made during PLT on iOS, most of them
in the transformX setter.

  • rendering/style/RenderStyle.h:
4:12 AM Changeset in webkit [197679] by Carlos Garcia Campos
  • 28 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197408 - Turn String.prototype.replace into an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=154835

Reviewed by Michael Saboff.

Source/JavaScriptCore:

Octane/regexp spends a lot of time in String.prototype.replace(). That function does a lot
of checks to see if the parameters are what they are likely to often be (a string, a
regexp, and a string). The intuition of this patch is that it's good to remove those checks
and it's good to call the native function as directly as possible.

This yields a 10% speed-up on a replace microbenchmark and a 3% speed-up on Octane/regexp.
It also improves Octane/jquery.

This is only the beginning of what I want to do with replace optimizations. The other
optimizations will rely on StringReplace being revealed as a construct in DFG IR.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):

  • bytecode/SpeculatedType.h:

(JSC::isStringOrStringObjectSpeculation):
(JSC::isRegExpObjectSpeculation):
(JSC::isBoolInt32Speculation):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateStringOrStringObject):
(JSC::DFG::Node::shouldSpeculateRegExpObject):
(JSC::DFG::Node::shouldSpeculateSymbol):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateFinalObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):

  • jit/JITOperations.h:
  • runtime/Intrinsic.h:
  • runtime/JSType.h:
  • runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpString):
(JSC::replaceUsingStringSearch):
(JSC::stringProtoFuncRepeat):
(JSC::replace):
(JSC::stringProtoFuncReplace):
(JSC::operationStringProtoFuncReplaceGeneric):
(JSC::stringProtoFuncToString):

  • runtime/StringPrototype.h:

LayoutTests:

  • js/regress/script-tests/string-replace.js: Added.
  • js/regress/string-replace-expected.txt: Added.
  • js/regress/string-replace.html: Added.
4:07 AM Changeset in webkit [197678] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[TextureMapper] [BitmapTexturePool] Use appropriate list size when freeing textures
https://bugs.webkit.org/show_bug.cgi?id=155105

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-07
Reviewed by Žan Doberšek.

Use appropriate list size when releasing the textures used as attachment.
This is a fix for the patch to https://bugs.webkit.org/show_bug.cgi?id=154965.

No new tests because no new functionality was added.

  • platform/graphics/texmap/BitmapTexturePool.cpp:

(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

3:36 AM Changeset in webkit [197677] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197405 - Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

  • Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):

  • Modules/indexeddb/shared/IDBDatabaseInfo.h:
  • Modules/indexeddb/shared/IDBTransactionInfo.cpp:

(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy, that

copy needs to be isolated.

3:34 AM Changeset in webkit [197676] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197402 - NetworkCache: Web process leaks resource buffer when using shareable reasources
https://bugs.webkit.org/show_bug.cgi?id=154852

Reviewed by Darin Adler.

ResourceLoader::didReceiveBuffer() expects a PassRefPtr, but we
are passing a raw pointer making PassRefPtr to take another
reference instead of transfering the ownership as expected.

  • WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResource):

3:31 AM Changeset in webkit [197675] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197387 - TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

3:30 AM Changeset in webkit [197674] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197386 - ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::createCairoGLSurface):

3:30 AM Changeset in webkit [197673] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197385 - TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

3:28 AM Changeset in webkit [197672] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197381 - regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:

1) Change an InferredType. This acquires InferredType::m_lock.
2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires

CodeBlock::m_lock.

DFG thread:

1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock.
2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets. That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time. With
this change I cannot get it to deadlock.

  • runtime/InferredType.cpp:

(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):

  • runtime/InferredType.h:
3:08 AM Changeset in webkit [197671] by Carlos Garcia Campos
  • 46 edits
    8 adds in releases/WebKitGTK/webkit-2.12

Merge r197380 - [DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

  1. Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit round.

This Floor functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

  1. Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

  1. Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds -0.6 to -0.0. This should be -1.0.
Using Ceil and Floor instructions, we implement correct ArithRound.

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.

  • b3/B3ConstDoubleValue.cpp:

(JSC::B3::ConstDoubleValue::floorConstant):

  • b3/B3ConstDoubleValue.h:
  • b3/B3ConstFloatValue.cpp:

(JSC::B3::ConstFloatValue::floorConstant):

  • b3/B3ConstFloatValue.h:
  • b3/B3LowerMacrosAfterOptimizations.cpp:
  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/B3Opcode.cpp:

(WTF::printInternal):

  • b3/B3Opcode.h:
  • b3/B3ReduceDoubleToFloat.cpp:
  • b3/B3ReduceStrength.cpp:
  • b3/B3Validate.cpp:
  • b3/B3Value.cpp:

(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

  • b3/B3Value.h:
  • b3/air/AirFixPartialRegisterStalls.cpp:
  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArithMode.cpp:

(WTF::printInternal):

  • dfg/DFGArithMode.h:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::roundShouldSpeculateInt32):

  • dfg/DFGNode.h:

(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::doubleFloor):

  • jit/ThunkGenerators.cpp:

(JSC::ceilThunkGenerator):

  • tests/stress/math-ceil-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-ceil-basics.js: Added.

(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):

  • tests/stress/math-floor-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-floor-basics.js: Added.

(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):

  • tests/stress/math-round-should-not-use-truncate.js: Added.

(mathRoundDoesNotCareAboutMinusZero):

  • tests/stress/math-rounding-infinity.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-nan.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-negative-zero.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

  • docs/b3/intermediate-representation.html:
2:45 AM Changeset in webkit [197670] by Carlos Garcia Campos
  • 29 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197379 - Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

Base implementation (JSCell):

  • returns the MarkedBlock bucket size for this cell.
  • This gets us the object size include inline storage. Basically a better sizeof.

Subclasses with "Extra Memory Cost":

  • Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
  • E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

Subclasses with "Copied Space" storage:

  • Any class with data in copied space (copyBackingStore) should include that in the estimated size.
  • E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

  • runtime/ClassInfo.h:

Add the new estimatedSize method to the table.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):

  • bytecode/UnlinkedCodeBlock.h:

Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::estimatedSize):

  • bytecode/CodeBlock.h:
  • bytecode/UnlinkedInstructionStream.cpp:

(JSC::UnlinkedInstructionStream::sizeInBytes):

  • bytecode/UnlinkedInstructionStream.h:
  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::estimatedSize):

  • runtime/DirectArguments.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):

  • runtime/JSCell.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):

  • runtime/JSMap.cpp:

(JSC::JSMap::estimatedSize):

  • runtime/JSMap.h:
  • runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):

  • runtime/JSObject.h:
  • runtime/JSSet.cpp:

(JSC::JSSet::estimatedSize):

  • runtime/JSSet.h:
  • runtime/JSString.cpp:

(JSC::JSString::estimatedSize):

  • runtime/JSString.h:
  • runtime/MapData.h:

(JSC::MapDataImpl::capacityInBytes):

  • runtime/WeakMapData.cpp:

(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):

  • runtime/WeakMapData.h:

Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

  • runtime/RegExp.cpp:

(JSC::RegExp::estimatedSize):

  • runtime/RegExp.h:
  • yarr/YarrInterpreter.h:

(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):

  • yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

2:43 AM Changeset in webkit [197669] by Manuel Rego Casasnovas
  • 3 edits in trunk/LayoutTests

[css-grid] Add missing test for grid-template shorthand
https://bugs.webkit.org/show_bug.cgi?id=155013

Reviewed by Sergio Villar Senin.

We support the following syntax in grid-template shorthand:

-webkit-grid-template: [foo1] 'a' 50px [foo2]

[bar1] 'b' 50px [bar2] / 100px;

But we don't have a test to check that grid-template-rows value
has the names of the same lines grouped. So it's:

[foo1] 50px [foo2 bar1] 50px [bar2];

This means that if we remove the third argument in
CSSParser::parseGridLineNames(), all the current tests are passing.

Without that argument, the value for grid-template-rows would be:

[foo1] 50px [foo2] [bar1] 50px [bar2];

Which is wrong.

This patch adds a specific test case for this which would fail
in that case.

  • fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt:
  • fast/css-grid-layout/grid-template-shorthand-get-set.html:
2:19 AM Changeset in webkit [197668] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197374 - SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

  • bytecode/SpeculatedType.h:
2:12 AM WebKitGTK/2.4.x edited by tpopela@redhat.com
(diff)
1:58 AM Changeset in webkit [197667] by Carlos Garcia Campos
  • 8 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197372 - Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.
1:56 AM Changeset in webkit [197666] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197370 - OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

1:48 AM Changeset in webkit [197665] by Carlos Garcia Campos
  • 5 edits
    6 adds in releases/WebKitGTK/webkit-2.12

Merge r197366 - B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along

arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in

between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

  • 30% faster to construct an object with many fields.
  • 5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n2)
searches is balanced by the massive reduction in work in the backend. On one of the two
microbenchmarks, overall compile time actually shrank with this optimization even though CSE
itself cost more. That's not too surprising - the backend costs much more per instruction, so
things that remove instructions before we get to the backend tend to be a good idea.

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

  • b3/B3EliminateCommonSubexpressions.cpp:
  • b3/B3MemoryValue.h:
  • b3/B3SuccessorCollection.h:

(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

  • js/regress/build-large-object-expected.txt: Added.
  • js/regress/build-large-object.html: Added.
  • js/regress/many-repeat-stores-expected.txt: Added.
  • js/regress/many-repeat-stores.html: Added.
  • js/regress/script-tests/build-large-object.js: Added.
  • js/regress/script-tests/many-repeat-stores.js: Added.
1:47 AM WebKitGTK/2.4.x edited by berto@igalia.com
(diff)
1:46 AM WebKitGTK/2.4.x edited by berto@igalia.com
(diff)
1:39 AM Changeset in webkit [197664] by Carlos Garcia Campos
  • 9 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197365 - Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGSpeculativeJIT.h:
  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.h:
  • runtime/CommonSlowPaths.h:

(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.

  • runtime/SlowPathReturnType.h: Added.

(JSC::encodeResult):
(JSC::decodeResult):

1:37 AM WebKitGTK/2.4.x edited by tpopela@redhat.com
(diff)
1:36 AM Changeset in webkit [197663] by Carlos Garcia Campos
  • 8 edits
    2 adds in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197357 - FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGNode.h:

(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

  • tests/stress/ftl-regexp-exec.js: Added.
  • tests/stress/ftl-regexp-test.js: Added.
1:25 AM Changeset in webkit [197662] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197352 - Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

1:24 AM Changeset in webkit [197661] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r197351 - [GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

LayoutTests:

  • platform/gtk/TestExpectations:

Remove now passing tests from the expected failures.

Note: See TracTimeline for information about the timeline view.