Timeline



Mar 17, 2016:

11:56 PM Changeset in webkit [198383] by Carlos Garcia Campos
  • 5 edits in trunk/Source/WebCore

REGRESSION(r195661): [GTK] very slow scrolling
https://bugs.webkit.org/show_bug.cgi?id=155334

Reviewed by Michael Catanzaro.

We need to also restore the PerAxisData visible length when it's
reset because of a non animated scroll. To prevent making the same
mistake in the future, the current position and visible lengths
members are now required to construct PerAxisData. This also
simplifies the code and ensures that when the ScrollAnimatorSmooth
is created, it's updated to the current position.

  • platform/ScrollAnimationSmooth.cpp:

(WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
Initialize PerAxisData members.
(WebCore::ScrollAnimationSmooth::setCurrentPosition): Pass the
current position and visible length as parameters to the
PerAxisData constructor.
(WebCore::ScrollAnimationSmooth::animateScroll): Ditto.

  • platform/ScrollAnimationSmooth.h: Add a PerAxisData constructor

that receives current position and visible length and disallow to
use the default constructor.

  • platform/ScrollAnimatorSmooth.cpp:

(WebCore::ScrollAnimatorSmooth::ScrollAnimatorSmooth): Pass the
current position to the ScrollAnimationSmooth constructor.

  • platform/gtk/ScrollAnimatorGtk.cpp:

(WebCore::ScrollAnimatorGtk::ensureSmoothScrollingAnimation): Ditto.

11:53 PM Changeset in webkit [198382] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432

Reviewed by Daniel Bates.

Allow Web Inspector to load resource: image resources.

  • UserInterface/Main.html:
11:52 PM Changeset in webkit [198381] by Chris Fleizach
  • 7 edits in trunk

AX: WEB: VoiceOver does not announce some WAI-ARIA document structures
https://bugs.webkit.org/show_bug.cgi?id=155603
<rdar://problem/25227385>

Reviewed by Darin Adler.

Source/WebCore:

Expose more ARIA landmark type roles on iOS for accessibility.

Updated test: accessibility/ios-simulator/landmark-type.html

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):
(-[WebAccessibilityObjectWrapper accessibilityLabel]):

  • platform/LocalizedStrings.cpp:

(WebCore::searchMenuClearRecentSearchesText):
(WebCore::AXWebAreaText):
(WebCore::AXListItemActionVerb):
(WebCore::AXAutoFillCredentialsLabel):

  • platform/LocalizedStrings.h:

LayoutTests:

  • accessibility/ios-simulator/landmark-type-expected.txt:
  • accessibility/ios-simulator/landmark-type.html:
11:36 PM Changeset in webkit [198380] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

11:32 PM Changeset in webkit [198379] by dbates@webkit.org
  • 7 edits in trunk/Source/WebCore

Cleanup: Remove the need to pass reporting status to ContentSecurityPolicy functions
https://bugs.webkit.org/show_bug.cgi?id=155623

Reviewed by Andy Estes and Alex Christensen.

ScriptController::initScript() is the only function that passes ContentSecurityPolicy::ReportingStatus::SuppressReport
following the removal of the SecurityPolicy script interface in <http://trac.webkit.org/changeset/197142>. It
passes this reporting status to prevent sending a violation report when determining whether the CSP policy allows
use of the JavaScript eval()/operator eval so that it enable or disable this capability as appropriate. We
should teach ScriptController::initScript() to delegate the responsibility of enabling/disabling this capability
to the ContentSecurityPolicy. Then we can remove the need to expose ContentSecurityPolicy::ReportingStatus as
part of the ContentSecurityPolicy interface.

No functionality changed. So, no new tests.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::createWindowShell): Return a reference to a JSDOMWindowShell object
instead of a pointer as the pointer is always non-null.
(WebCore::ScriptController::initScript): Updated as needed now that ScriptController::createWindowShell()
returns a reference. Moved logic to enable/disable JavaScript eval() and operator eval from here into
ContentSecurityPolicy::didCreateWindowShell() and make use of this member function.

  • bindings/js/ScriptController.h:
  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::didCreateWindowShell): Added. Moved logic from to enable/disable JavaScript
eval() and operator eval from ScriptController::initScript() to here.
(WebCore::ContentSecurityPolicy::didReceiveHeader): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
to ContentSecurityPolicyDirectiveList. Fix minor code style nit; substitute nullptr for 0 in the first argument
to ContentSecurityPolicyDirectiveList::allowEval().
(WebCore::isAllowedByAllWithFrame): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
to ContentSecurityPolicyDirectiveList.
(WebCore::isAllowedByAll): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
to ContentSecurityPolicyDirectiveList. Also make this function static so that it has internal linkage.
(WebCore::isAllowedByAllWithState): Ditto.
(WebCore::isAllowedByAllWithContext): Ditto.
(WebCore::isAllowedByAllWithHashFromContent): Ditto.
(WebCore::isAllowedByAllWithURL): Ditto.
(WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Remove argument reportingStatus and always pass
ContentSecurityPolicyDirectiveList::ReportingStatus::SendReport to the directive list member function. In a
subsequent patch we will remove the need to pass the reporting status to the directive list member function.
(WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
(WebCore::ContentSecurityPolicy::allowEval): Ditto.
(WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
(WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
(WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
(WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
(WebCore::ContentSecurityPolicy::evalDisabledErrorMessage): Deleted.

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::allowJavaScriptURLs): Substitute ReportingStatus for
ContentSecurityPolicy::ReportingStatus as the enum has moved from class ContentSecurityPolicy to this class.
(WebCore::ContentSecurityPolicyDirectiveList::allowInlineEventHandlers): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowInlineScript): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyle): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowEval): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowPluginType): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowScriptFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowObjectFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowImageFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowStyleFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowFontFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowMediaFromSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowConnectToSource): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowFormAction): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowBaseURI): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::allowFrameAncestors): Ditto.

  • page/csp/ContentSecurityPolicyDirectiveList.h:
11:12 PM Changeset in webkit [198378] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit2

SpeculativeLoad needs to continue NetworkLoad when it receives a redirect response
https://bugs.webkit.org/show_bug.cgi?id=155612

Reviewed by Andy Estes.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::willSendRedirectedRequest):
Call continueWillSendRequest. Otherwise, we will hang a thread in the NetworkProcess
if we are using ResourceHandle or we will not call the willPerformHTTPRedirection
completion handler if we are using NetworkSession. This will cause us to stop loading
from the server after the maximum number of connections is reached.

9:45 PM Changeset in webkit [198377] by Brent Fulgham
  • 3 edits
    2 adds in trunk

[XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
https://bugs.webkit.org/show_bug.cgi?id=155624
<rdar://problem/25219962>

Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=201803&view=revision>

Source/WebCore:

Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html

  • html/parser/XSSAuditor.cpp:

(WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.

LayoutTests:

  • http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
  • http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.
9:06 PM Changeset in webkit [198376] by commit-queue@webkit.org
  • 8 edits in trunk/Source

[JSC] Make CSE's ImpureData faster when dealing with large blocks
https://bugs.webkit.org/show_bug.cgi?id=155594

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-17
Reviewed by Filip Pizlo.

Source/JavaScriptCore:

In some tests with large blocks, the time spent in DFG's LocalCSE
can be over 10% of the total compile time.
In those cases, LocalCSE is completely dominated by handling large
blocks.

This patch addresses the most obvious hot spots ImpureData's handling.

Initially, most of the time was going into HashTable::rehash().
The reason is the buckets are <HeapLocation, LazyNode> gigantic.
The hash table would easily get into several kilobytes and the CPU
was spending more time dealing with memory than anything.

To solve that, I moved the pairs lazily to the heap. The table itself
just contains the unique_ptr to those values. This makes the table
reasonably small and the alloc/dealloc are paid for by the fast rehash().

Once addImpure() was better, the next big bottleneck was clobber().
For each clobber(), we need to go over the entire map and test each value.
That loop was where most of the time was going.

Most calls to clobber() come from two kinds: SideState and Stack.

SideState is easy: it is never def'ed so we can always skip it.

Stack is disjoint from Heap too so we can also put it separately.

Splitting the map into 2 helped reduce the overhead. The maps are:
-Stack
-Heap

Having Stack alone was not enough for many blocks. In some cases,
you have a ton of SetLocal/GetLocal and having Stack separately
makes no difference.

To solve that, I split Stack in two: a map addressed by AbstractHeap
+ unique HeapLocation and a fallback map for everything else.
Since most Stack are not TOP and are unique per AbstractHeap,
I get O(1) clobber in most cases.

I could achieve the same result with a custom hash structure.
I don't think it is worth the effort, in most cases, m_fallbackStackMap
has a size of zero or one.

This patch introduces a lot of coupling between CSE and AbstractHeap.
To reduce the risk of bugs, the old map is still maintained in debug
and each step checks that the results are the same as the new implementation.

A new validation step also verify the strong assumptions made by CSE:
-SideState and World are never def().
-We never write HEAP TOP, we only write specific heap location.

  • dfg/DFGCSEPhase.cpp:
  • dfg/DFGHeapLocation.h:
  • dfg/DFGLazyNode.h:

(JSC::DFG::LazyNode::hash):

Source/WTF:

  • wtf/HashSet.h:

(WTF::V>::removeIf):

7:11 PM Changeset in webkit [198375] by sbarati@apple.com
  • 7 edits
    1 add in trunk/Source

Implement SmallPtrSet and integrate it into the Parser
https://bugs.webkit.org/show_bug.cgi?id=155552

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Using SmallPtrSet instead of HashSet really helps speed
up the parser. What saves us most is not needing to always
malloc/free memory in the HashSet.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):

  • parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::startSwitch):
(JSC::Scope::endSwitch):
(JSC::Scope::startLoop):
(JSC::Scope::hasDeclaredParameter):
(JSC::Scope::declareWrite):
(JSC::Scope::declareParameter):
(JSC::Scope::usedVariablesContains):
(JSC::Scope::useVariable):
(JSC::Scope::collectFreeVariables):
(JSC::Scope::getCapturedVars):
(JSC::Scope::isValidStrictMode):
(JSC::Scope::shadowsArguments):
(JSC::Scope::copyCapturedVariablesToVector):
(JSC::Scope::setIsModule):
(JSC::Parser::pushScope):
(JSC::Scope::getUsedVariables): Deleted.

Source/WTF:

This patch implements the SmallPtrSet data struture.
Inspired by the implementation in llvm:
http://llvm.org/docs/doxygen/html/SmallPtrSet_8h_source.html

The data structure uses an inline array for storage up until
a fixed limit (8 entries in our implementation). If that storage
fills up, we fall back to a simple hash table implementation.
Crucially, this implementation doesn't support the remove
operation. This is on purpose. The hash table will only ever
grow.

Also, the implementation allows for it to be memcopied around.
I.e, we can put SmallPtrSet inside a Vector and allow that
Vector to use memcpy as its move operation (of course this
is only valid if the SmallPtrSet in the old memory doesn't have
its destructor called unless it is set back to its initial state.)

For now, SmallPtrSet only supports pointer types that are trivially
destructible. It's probably not too difficult to extend this to
smart pointers, but it's not part of this original implementation.

I've also implemented a pure forwarding varargs constructAndAppend
method on Vector. This allows you to do:
Vector<T> v;
v.constructAndAppend(a1, a2, ...)
as long as T has a constructor that accepts arguments (a1, a2, ...).

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/SmallPtrSet.h: Added.

(WTF::SmallPtrSet::SmallPtrSet):
(WTF::SmallPtrSet::operator=):
(WTF::SmallPtrSet::~SmallPtrSet):
(WTF::SmallPtrSet::add):
(WTF::SmallPtrSet::contains):
(WTF::SmallPtrSet::iterator::operator++):
(WTF::SmallPtrSet::iterator::operator*):
(WTF::SmallPtrSet::iterator::operator==):
(WTF::SmallPtrSet::iterator::operator!=):
(WTF::SmallPtrSet::begin):
(WTF::SmallPtrSet::end):
(WTF::SmallPtrSet::size):
(WTF::SmallPtrSet::emptyValue):
(WTF::SmallPtrSet::isValidEntry):
(WTF::SmallPtrSet::isSmall):
(WTF::SmallPtrSet::initialize):
(WTF::SmallPtrSet::grow):
(WTF::SmallPtrSet::bucket):

  • wtf/Vector.h:

(WTF::Vector::append):
(WTF::Vector::uncheckedAppend):
(WTF::minCapacity>::append):
(WTF::minCapacity>::constructAndAppend):
(WTF::minCapacity>::appendSlowCase):
(WTF::minCapacity>::constructAndAppendSlowCase):

6:53 PM Changeset in webkit [198374] by Alan Bujtas
  • 4 edits
    2 adds in trunk

Images in feed on ebay.com jiggle when one is hovered
https://bugs.webkit.org/show_bug.cgi?id=155608
<rdar://problem/25160681>

The content offset in compositing layer = subpixel gap between the graphics layer and the layer bounds + layer bounds top left.

Reviewed by Simon Fraser.

Source/WebCore:

Test: compositing/hidpi-viewport-clipping-on-composited-content.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):
(WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):

  • rendering/RenderLayerBacking.h:

LayoutTests:

  • compositing/hidpi-viewport-clipping-on-composited-content-expected.html: Added.
  • compositing/hidpi-viewport-clipping-on-composited-content.html: Added.
6:43 PM Changeset in webkit [198373] by BJ Burg
  • 4 edits in trunk/Source/JavaScriptCore

Web Inspector: protocol generator shouldn't generate enums for parameters with non-anonymous enum types
https://bugs.webkit.org/show_bug.cgi?id=155610
<rdar://problem/25229878>

Reviewed by Joseph Pecoraro.

If a command parameter has an anonymous enum type, the backend dispatcher generator
makes a C++ enum for the parameter. However, if the parameter references a named enum
type specified in a domain's 'type' section, then there's no need to generate an enum.

  • inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:

(CppBackendDispatcherHeaderGenerator._generate_handler_declaration_for_command):
Add a missing check for the is_anonymous flag. Type references to named enums are resolved
to the underlying aliased EnumType instead of an AliasedType, so we have to check the flag.

Rebaseline tests.

  • inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
  • inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
6:26 PM Changeset in webkit [198372] by Brent Fulgham
  • 3 edits
    2 adds in trunk

Don't initiate a style recall while drawing text
https://bugs.webkit.org/show_bug.cgi?id=155618

Patch by Zalan Bujtas <Alan Bujtas> on 2016-03-17
Reviewed by Simon Fraser.

This patch ensures that we don't initiate a style recalc while in the middle of text drawing.

Source/WebCore:

Test: fast/canvas/crash-while-resizing-canvas.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawTextInternal):

LayoutTests:

  • fast/canvas/crash-while-resizing-canvas-expected.txt: Added.
  • fast/canvas/crash-while-resizing-canvas.html: Added.
6:13 PM Changeset in webkit [198371] by Ryan Haddad
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r198335.
https://bugs.webkit.org/show_bug.cgi?id=155617

This change caused existing LayoutTests to crash
intermittently (Requested by ryan|afk on #webkit).

Reverted changeset:

"DataURLDecoder::DecodingResultDispatcher may get deleted
outside main thread"
https://bugs.webkit.org/show_bug.cgi?id=155584
http://trac.webkit.org/changeset/198335

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-17

6:12 PM Changeset in webkit [198370] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Improve some metadata tests
https://bugs.webkit.org/show_bug.cgi?id=155616

Patch by Eric Carlson <eric.carlson@apple.com> on 2016-03-17
Reviewed by Saam Barati.

  • html/track/DataCue.cpp:

(WebCore::DataCue::DataCue):
(WebCore::DataCue::setData):

6:02 PM Changeset in webkit [198369] by mmaxfield@apple.com
  • 14 edits
    26 adds in trunk

[RTL Scrollbars] Position: absolute divs are covered by vertical scrollbar
https://bugs.webkit.org/show_bug.cgi?id=155531

Reviewed by Darin Adler.

Source/WebCore:

This patch updates ScrollView::documentScrollPositionRelativeToViewOrigin(), which is
a helper function primarily used by WebCore::ScrollView::viewToContents() and
WebCore::ScrollView::contentsToView().

Tests: fast/scrolling/rtl-scrollbars-elementFromPoint-static.html

fast/scrolling/rtl-scrollbars-elementFromPoint.html
fast/scrolling/rtl-scrollbars-iframe-offset.html
fast/scrolling/rtl-scrollbars-iframe-position-absolute.html
fast/scrolling/rtl-scrollbars-iframe-scrolled.html
fast/scrolling/rtl-scrollbars-iframe.html
fast/scrolling/rtl-scrollbars-overflow-elementFromPoint.html
fast/scrolling/rtl-scrollbars-overflow-position-absolute.html
fast/scrolling/rtl-scrollbars-overflow-text-selection-scrolled.html
fast/scrolling/rtl-scrollbars-position-absolute.html
fast/scrolling/rtl-scrollbars-position-fixed.html
fast/scrolling/rtl-scrollbars-text-selection-scrolled.html
fast/scrolling/rtl-scrollbars-text-selection.html

  • platform/ScrollView.cpp:

(WebCore::ScrollView::documentScrollPositionRelativeToViewOrigin):

LayoutTests:

Add a bunch of tests. Also, this patch adds some tests that caught
https://bugs.webkit.org/show_bug.cgi?id=155533 (but they are disabled).

  • fast/scrolling/rtl-scrollbars-elementFromPoint-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-elementFromPoint-static-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-elementFromPoint-static.html: Added.
  • fast/scrolling/rtl-scrollbars-elementFromPoint.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-iframe-offset-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe-offset.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe-position-absolute-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-iframe-position-absolute.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe-scrolled-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe-scrolled.html: Added.
  • fast/scrolling/rtl-scrollbars-iframe.html: Added.
  • fast/scrolling/rtl-scrollbars-overflow-elementFromPoint-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-overflow-elementFromPoint.html: Added.
  • fast/scrolling/rtl-scrollbars-overflow-position-absolute-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-overflow-position-absolute.html: Added.
  • fast/scrolling/rtl-scrollbars-overflow-text-selection-scrolled-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-overflow-text-selection-scrolled.html: Added.
  • fast/scrolling/rtl-scrollbars-position-absolute-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-position-absolute.html: Added.
  • fast/scrolling/rtl-scrollbars-position-fixed-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-position-fixed.html: Added.
  • fast/scrolling/rtl-scrollbars-text-selection-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-text-selection-scrolled-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-text-selection-scrolled.html: Added.
  • fast/scrolling/rtl-scrollbars-text-selection.html: Added.
  • TestExpectations:
6:00 PM Changeset in webkit [198368] by matthew_hanson@apple.com
  • 1 delete in branches/Safari-601.6.10

Delete incorrect tag

5:59 PM Changeset in webkit [198367] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-601.6.10

New Tag.

5:57 PM Changeset in webkit [198366] by matthew_hanson@apple.com
  • 1 copy in branches/Safari-601.6.10

New Tag.

5:55 PM Changeset in webkit [198365] by timothy_horton@apple.com
  • 2 edits in trunk/Tools

Fix some deprecation warnings in WebEditingTester
https://bugs.webkit.org/show_bug.cgi?id=155601

Reviewed by Simon Fraser.

  • WebEditingTester/AppDelegate.m:

(-[WebEditingAppDelegate showOperations:]):
(-[WebEditingAppDelegate _updateNewWindowKeyEquivalents]):

5:53 PM Changeset in webkit [198364] by fpizlo@apple.com
  • 95 edits
    2 adds
    2 deletes in trunk/Source

Replace all of the various non-working and non-compiling sampling profiler hacks with a single super hack
https://bugs.webkit.org/show_bug.cgi?id=155561

Reviewed by Saam Barati.

Source/JavaScriptCore:

A VM needs some internal profiling hacks in addition to the profiler(s) that the user sees, because
you can squeeze out more fidelity if you're willing to make some kind of deal with the devil. Prior
to this change JSC had a bunch of these:

  • CodeBlock sampling profiler
  • Bytecode sampling profiler
  • Sampling flags
  • Sampling regions
  • Some other stuff

I tried using these recently. They didn't even build. Initially I fixed that, but then I found that
these profilers had some serious bugs that made them report bogus results - like underreporting the
time spent in regions of code by more than 2x.

Part of the problem here is that a profiler loses fidelity as it gains power. The more general it
tries to be, the more code gets executed on the hot path for the profiler, which increasingly
perturbs the results. I believe that's the reason for the underreporting - code ran sufficiently
slower, and in a sufficiently different way when profiling, that the results were just wrong.

This change attacks this problem directly by replacing all of the diverse profiling hacks with just
one, which I call the SuperSampler. It consists of exactly one counter. When enabled, the sampler
will periodically print (via dataLog()) the percentage of samples that saw a non-zero count. Because
it's so simple, it gives better accuracy. This comes about in two ways:

  • It runs at a lower rate. That's fine since it's only checking one flag. You don't need a high rate for just one flag.


  • The fact that there is only *one* flag means that the user must choose a hypothesis about what is slow. This turns the problem of profiling into a hypothesis testing problem, which is an inherently less flaky kind of experiment to run.


The SuperSampler is enabled with a runtime flag rather than a compile-time flag, so it's much less
likely to break. That also means that you can enable it without rebuilding the universe. The old
samplers all had ENABLE flags in Platform.h, which was rather unfortunate for compile times.

SuperSampler supports both JIT and C++ users. C++ users should use SuperSamplerScope. The default
idiom is to create one and pass "true" to it. You can disable a scope by passing "false" instead.
This patch puts a bunch of scopes in places I care about. I think it's probably OK if people check in
these deactivated scopes. That makes it convenient to retest things we've tested previously.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/SamplingTool.cpp: Removed.
  • bytecode/SamplingTool.h: Removed.
  • bytecode/SuperSampler.cpp: Added.

(JSC::initializeSuperSampler):
(JSC::printSuperSamplerState):

  • bytecode/SuperSampler.h: Added.

(JSC::SuperSamplerScope::SuperSamplerScope):
(JSC::SuperSamplerScope::~SuperSamplerScope):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):

  • bytecompiler/NodesCodegen.cpp:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::forAllValues):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberStructures):

  • dfg/DFGArgumentsEliminationPhase.cpp:

(JSC::DFG::performArgumentsElimination):

  • dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::performBackwardsPropagation):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::parse):

  • dfg/DFGCFAPhase.cpp:

(JSC::DFG::performCFA):

  • dfg/DFGCFGSimplificationPhase.cpp:

(JSC::DFG::performCFGSimplification):

  • dfg/DFGCPSRethreadingPhase.cpp:

(JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
(JSC::DFG::CPSRethreadingPhase::propagatePhis):
(JSC::DFG::performCPSRethreading):

  • dfg/DFGCSEPhase.cpp:

(JSC::DFG::performLocalCSE):
(JSC::DFG::performGlobalCSE):

  • dfg/DFGCleanUpPhase.cpp:

(JSC::DFG::performCleanUp):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::performConstantFolding):

  • dfg/DFGConstantHoistingPhase.cpp:

(JSC::DFG::performConstantHoisting):

  • dfg/DFGCriticalEdgeBreakingPhase.cpp:

(JSC::DFG::performCriticalEdgeBreaking):

  • dfg/DFGDCEPhase.cpp:

(JSC::DFG::performDCE):

  • dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::performFixup):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dethread):

  • dfg/DFGIntegerCheckCombiningPhase.cpp:

(JSC::DFG::performIntegerCheckCombining):

  • dfg/DFGIntegerRangeOptimizationPhase.cpp:

(JSC::DFG::performIntegerRangeOptimization):

  • dfg/DFGInvalidationPointInjectionPhase.cpp:

(JSC::DFG::performInvalidationPointInjection):

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGLICMPhase.cpp:

(JSC::DFG::performLICM):

  • dfg/DFGLiveCatchVariablePreservationPhase.cpp:

(JSC::DFG::performLiveCatchVariablePreservationPhase):

  • dfg/DFGLivenessAnalysisPhase.cpp:

(JSC::DFG::performLivenessAnalysis):

  • dfg/DFGLoopPreHeaderCreationPhase.cpp:

(JSC::DFG::performLoopPreHeaderCreation):

  • dfg/DFGMaximalFlushInsertionPhase.cpp:

(JSC::DFG::performMaximalFlushInsertion):

  • dfg/DFGMovHintRemovalPhase.cpp:

(JSC::DFG::performMovHintRemoval):

  • dfg/DFGOSRAvailabilityAnalysisPhase.cpp:

(JSC::DFG::performOSRAvailabilityAnalysis):

  • dfg/DFGOSREntrypointCreationPhase.cpp:

(JSC::DFG::performOSREntrypointCreation):

  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:

(JSC::DFG::performObjectAllocationSinking):

  • dfg/DFGOperations.cpp:
  • dfg/DFGPhantomInsertionPhase.cpp:

(JSC::DFG::performPhantomInsertion):

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThread):

  • dfg/DFGPredictionInjectionPhase.cpp:

(JSC::DFG::performPredictionInjection):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::performPredictionPropagation):

  • dfg/DFGPutStackSinkingPhase.cpp:

(JSC::DFG::performPutStackSinking):

  • dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::performSSAConversion):

  • dfg/DFGSSALoweringPhase.cpp:

(JSC::DFG::performSSALowering):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::performStackLayout):

  • dfg/DFGStaticExecutionCountEstimationPhase.cpp:

(JSC::DFG::performStaticExecutionCountEstimation):

  • dfg/DFGStoreBarrierInsertionPhase.cpp:

(JSC::DFG::performFastStoreBarrierInsertion):
(JSC::DFG::performGlobalStoreBarrierInsertion):

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::performStrengthReduction):

  • dfg/DFGStructureAbstractValue.cpp:

(JSC::DFG::StructureAbstractValue::assertIsRegistered):
(JSC::DFG::StructureAbstractValue::clobber):
(JSC::DFG::StructureAbstractValue::observeTransition):
(JSC::DFG::StructureAbstractValue::observeTransitions):
(JSC::DFG::StructureAbstractValue::add):
(JSC::DFG::StructureAbstractValue::merge):
(JSC::DFG::StructureAbstractValue::mergeSlow):
(JSC::DFG::StructureAbstractValue::mergeNotTop):
(JSC::DFG::StructureAbstractValue::filter):
(JSC::DFG::StructureAbstractValue::filterSlow):
(JSC::DFG::StructureAbstractValue::contains):
(JSC::DFG::StructureAbstractValue::isSubsetOf):
(JSC::DFG::StructureAbstractValue::isSupersetOf):
(JSC::DFG::StructureAbstractValue::overlaps):
(JSC::DFG::StructureAbstractValue::equalsSlow):

  • dfg/DFGStructureRegistrationPhase.cpp:

(JSC::DFG::performStructureRegistration):

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::performTierUpCheckInjection):

  • dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::performTypeCheckHoisting):

  • dfg/DFGUnificationPhase.cpp:

(JSC::DFG::performUnification):

  • dfg/DFGVarargsForwardingPhase.cpp:

(JSC::DFG::performVarargsForwarding):

  • dfg/DFGVirtualRegisterAllocationPhase.cpp:

(JSC::DFG::performVirtualRegisterAllocation):

  • dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::performWatchpointCollection):

  • dynbench.cpp:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRegExpObjectLastIndex):

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileFTLOSRExit):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::store):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::incrementSuperSamplerCount):
(JSC::FTL::Output::decrementSuperSamplerCount):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::baseIndex):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::anchor):
(JSC::FTL::Output::absolute): Deleted.

  • heap/Heap.cpp:

(JSC::Heap::markRoots):
(JSC::Heap::collectAndSweep):
(JSC::Heap::collectImpl):
(JSC::Heap::zombifyDeadObjects):

  • heap/MarkedBlock.cpp:

(JSC::MarkedBlock::specializedSweep):

  • interpreter/Interpreter.cpp:

(JSC::setupVarargsFrameAndSetThis):
(JSC::Interpreter::Interpreter):
(JSC::Interpreter::initialize):
(JSC::checkedReturn):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::debug):
(JSC::SamplingScope::SamplingScope): Deleted.
(JSC::SamplingScope::~SamplingScope): Deleted.
(JSC::Interpreter::enableSampler): Deleted.
(JSC::Interpreter::dumpSampleData): Deleted.
(JSC::Interpreter::startSampling): Deleted.
(JSC::Interpreter::stopSampling): Deleted.

  • interpreter/Interpreter.h:

(JSC::Interpreter::isCallBytecode):
(JSC::Interpreter::sampler): Deleted.

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::branchIfNotFastTypedArray):
(JSC::AssemblyHelpers::incrementSuperSamplerCount):
(JSC::AssemblyHelpers::decrementSuperSamplerCount):
(JSC::AssemblyHelpers::purifyNaN):

  • jit/AssemblyHelpers.h:
  • jit/JIT.cpp:
  • jit/JIT.h:
  • jit/JITArithmetic.cpp:
  • jit/JITArithmetic32_64.cpp:
  • jit/JITCall.cpp:
  • jit/JITCall32_64.cpp:
  • jit/JITOperations.cpp:
  • jit/JITPropertyAccess.cpp:
  • jit/JITPropertyAccess32_64.cpp:
  • jsc.cpp:

(runWithScripts):
(jscmain):

  • parser/Nodes.cpp:
  • parser/Parser.h:

(JSC::parse):

  • runtime/Executable.h:
  • runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

  • runtime/Options.h:
  • runtime/RegExpCachedResult.h:
  • runtime/RegExpMatchesArray.h:

(JSC::createRegExpMatchesArray):

  • runtime/StringPrototype.cpp:

(JSC::removeUsingRegExpSearch):
(JSC::stringProtoFuncSubstring):

  • runtime/VM.cpp:

(JSC::VM::resetDateCache):
(JSC::VM::whenIdle):
(JSC::VM::deleteAllCode):
(JSC::VM::addSourceProviderCache):
(JSC::VM::startSampling): Deleted.
(JSC::VM::stopSampling): Deleted.
(JSC::VM::dumpSampleData): Deleted.

  • runtime/VM.h:

(JSC::VM::regExpCache):

  • testRegExp.cpp:

(runFromFiles):

  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::interpret):

Source/WebCore:

No new tests because no new behavior.

  • platform/audio/ios/MediaSessionManagerIOS.mm:
  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

Source/WTF:

This patch replaces all of our various ad hoc profiling hacks with a single ad hoc profiling hack.
That needs to be able to sleep a thread, so I added a portable way to do it.

This also removes a bunch of ENABLE flags for all of the old non-working hacks.

  • wtf/CurrentTime.cpp:

(WTF::currentCPUTime):
(WTF::sleep):

  • wtf/CurrentTime.h:

(WTF::sleepMS):

  • wtf/Platform.h:
5:50 PM Changeset in webkit [198363] by timothy_horton@apple.com
  • 4 edits in trunk

Find-in-page indicator in Mail viewer is the wrong scale and cut off
https://bugs.webkit.org/show_bug.cgi?id=155605
<rdar://problem/23948165>

Reviewed by Simon Fraser.

Source/WebKit2:

  • UIProcess/mac/WKTextFinderClient.mm:

(-[WKTextFinderClient didGetImageForMatchResult:]):
Initialize the NSImage with the correct size, instead of inferring the
size from the bitmap, so that we don't lose information about device pixel ratio.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/FindInPage.mm:

(TEST):
Add a test that ensures that the find result image is correctly @2x.
The NSImage size should be in points.

5:46 PM Changeset in webkit [198362] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Fix a typo which was supposed to be fixed in r198351.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage.prototype.render):

5:42 PM Changeset in webkit [198361] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Some media tests are flaky.
https://bugs.webkit.org/show_bug.cgi?id=155614

Reviewed by Eric Carlson.

  • html/track/TextTrack.cpp:

(WebCore::TextTrack::~TextTrack):

4:55 PM Changeset in webkit [198360] by sbarati@apple.com
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Make GetProperty(.) inside ArrayPrototype.cpp spec compatible.
https://bugs.webkit.org/show_bug.cgi?id=155575

Reviewed by Filip Pizlo and Mark Lam.

This patch makes various Array.prototype.(shift | unshift | splice)
spec compliant. Before, they were performing Get and HasProperty as one
operation. Instead, they need to be performed as two distinct operations
when it would be observable.

  • runtime/ArrayPrototype.cpp:

(JSC::getProperty):

  • runtime/PropertySlot.h:

(JSC::PropertySlot::PropertySlot):
(JSC::PropertySlot::isCacheableValue):
(JSC::PropertySlot::isCacheableGetter):
(JSC::PropertySlot::isCacheableCustom):
(JSC::PropertySlot::setIsTaintedByProxy):
(JSC::PropertySlot::isTaintedByProxy):
(JSC::PropertySlot::internalMethodType):
(JSC::PropertySlot::getValue):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::getOwnPropertySlotCommon):

  • tests/es6.yaml:
  • tests/stress/proxy-array-prototype-methods.js: Added.

(assert):
(test):
(shallowEq):

4:26 PM Changeset in webkit [198359] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

4:25 PM Changeset in webkit [198358] by commit-queue@webkit.org
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: Prefer retained size to the shallow size in Heap Snapshot data grids
https://bugs.webkit.org/show_bug.cgi?id=155597
<rdar://problem/25225087>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-17
Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

New datagrid column and tooltip strings.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype.insertColumn):
Allow a column definition to provide a tooltip for the header cell.

  • UserInterface/Views/HeapSnapshotClassDataGridNode.js:

(WebInspector.HeapSnapshotClassDataGridNode.prototype.createCellContent):
Include retained size column data.

(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):
Fix non-batched populate to sort instances on first population.

  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
Include retained size column data.

  • UserInterface/Views/HeapSnapshotInstancesContentView.js:

(WebInspector.HeapSnapshotInstancesContentView):
Include a retained size column. Update initial sort and column widths.

  • UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:

(WebInspector.HeapSnapshotInstancesDataGridTree.buildSortComparator):
Include a numeric sort comparator for the new retained size column.

(WebInspector.HeapSnapshotInstancesDataGridTree.prototype._populateTopLevel):
Include retained size, and lazily calculate percentage later.

3:48 PM Changeset in webkit [198357] by beidson@apple.com
  • 3 edits
    3 adds in trunk

Don't try to restore deleted MemoryIndexes if their owning object store is not restored.
https://bugs.webkit.org/show_bug.cgi?id=155068

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/deleteindex-4-private.html

  • Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):

LayoutTests:

  • storage/indexeddb/modern/deleteindex-4-private-expected.txt: Added.
  • storage/indexeddb/modern/deleteindex-4-private.html: Added.
  • storage/indexeddb/modern/resources/deleteindex-4.js: Added.
3:43 PM Changeset in webkit [198356] by commit-queue@webkit.org
  • 11 edits
    13 moves
    2 adds in trunk

AX: attributes to retrieve focusable and editable ancestors
https://bugs.webkit.org/show_bug.cgi?id=155554

Patch by Doug Russell <d_russell@apple.com> on 2016-03-17
Reviewed by Chris Fleizach.

Add attributes to help give context to focus changes:
AXFocusableAncestor - nearest accessibility ancestor that returns true for
canSetFocusAttribute().
AXEditableAncestor - nearest accessibility ancestor that returns true for
isTextControl().
AXHighestEditableAncestor - highest element in accessibility that returns true
for isTextControl().

Source/WebCore:

Test: accessibility/mac/ancestor-attributes.html

  • accessibility/AccessibilityNodeObject.cpp:
  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::focusableAncestor):
(WebCore::AccessibilityObject::editableAncestor):
(WebCore::AccessibilityObject::highestEditableAncestor):

  • accessibility/AccessibilityObject.h:
  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:

  • accessibility/image-link-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/image-link-expected.txt.
  • accessibility/image-map2-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/image-map2-expected.txt.
  • accessibility/internal-link-anchors2-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/internal-link-anchors2-expected.txt.
  • accessibility/lists-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/lists-expected.txt.
  • accessibility/mac/ancestor-attributes-expected.txt: Added.
  • accessibility/mac/ancestor-attributes.html: Added.
  • accessibility/mac/aria-columnrowheaders-expected.txt:
  • accessibility/mac/bounds-for-range-expected.txt:
  • accessibility/mac/document-links-expected.txt:
  • accessibility/mac/internal-link-anchors-expected.txt:
  • accessibility/math-multiscript-attributes-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/math-multiscript-attributes-expected.txt.
  • accessibility/plugin-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/plugin-expected.txt.
  • accessibility/table-attributes-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-attributes-expected.txt.
  • accessibility/table-cell-spans-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-cell-spans-expected.txt.
  • accessibility/table-cells-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-cells-expected.txt.
  • accessibility/table-detection-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-detection-expected.txt.
  • accessibility/table-one-cell-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-one-cell-expected.txt.
  • accessibility/table-sections-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-sections-expected.txt.
  • accessibility/table-with-rules-expected.txt: Renamed from LayoutTests/platform/mac/accessibility/table-with-rules-expected.txt.
  • accessibility/transformed-element-expected.txt:
3:17 PM Changeset in webkit [198355] by Joseph Pecoraro
  • 2 edits in trunk/LayoutTests

Unreviewed follow-up fix to test after r198353.

  • inspector/unit-tests/heap-snapshot.html:

Account for <root> in a few places.

2:04 PM Changeset in webkit [198354] by weinig@apple.com
  • 11 edits in trunk

Implement document.queryCommandSupported("copy")
https://bugs.webkit.org/show_bug.cgi?id=155548
<rdar://problem/25195295>

Reviewed by Enrica Casucci.

Source/WebCore:

  • document.queryCommandSupported("copy") and document.queryCommandSupported("cut") need to return true if the ClipboardAccessPolicy is either Allow or RequiresUserGesture. But, document.queryCommandEnabled("copy") and document.queryCommandEnabled("cut") should still return false when there is no user gesture. I also had to maintain a weird quirk that copy and cut should be allowed to execute, and thus fire the oncopy and oncut events, even when disabled, if coming from a "MenuOrKeyBinding" source. To do this, I upgraded the allowExecutionWhenDisabled bit to a function taking a source, and return true only when the correct source is specified.
  • editing/Editor.h:
  • editing/EditorCommand.cpp:

(WebCore::defaultValueForSupportedCopyCut):
(WebCore::allowCopyCutFromDOM):
(WebCore::enabledCopy):
(WebCore::enabledCut):
(WebCore::allowExecutionWhenDisabled):
(WebCore::doNotAllowExecutionWhenDisabled):
(WebCore::allowExecutionWhenDisabledCopyCut):
(WebCore::Editor::Command::execute):
(WebCore::Editor::Command::allowExecutionWhenDisabled):

LayoutTests:

  • editing/execCommand/clipboard-access-with-user-gesture-expected.txt:
  • editing/execCommand/clipboard-access-with-user-gesture.html:

document.queryCommandSupported('copy') should be returning true.

  • editing/pasteboard/can-read-in-copy-and-cut-events.html:
  • editing/pasteboard/copy-cut-paste-events-fired-when-disabled.html:
  • editing/pasteboard/pasting-empty-html-falls-back-to-text.html:
  • editing/pasteboard/set_data_typeof_return.html:

Use testRunner.execCommand() to test the behavior of a user.

2:02 PM Changeset in webkit [198353] by Joseph Pecoraro
  • 21 edits
    1 move
    11 adds
    3 deletes in trunk

Web Inspector: HeapSnapshots are slow and use too much memory
https://bugs.webkit.org/show_bug.cgi?id=155571

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

This is the first inclusion of Workers into Web Inspector. In this case
the Main side merely needs to make requests of the Worker and get back
objects that it can interact with more.

New file heirarchies:

UserInterface/Proxies

  • new Proxy classes in the Main page.
  • treat like Model classes, but not quite model.

UserInterface/Workers/HeapSnapshotWorker

  • new Worker classes for Workers. No WebInspector namespace.
  • no minification of these resources, they are simply copied.

Remote procedure call interface between the Main/Worker page happens
through the WorkerProxy and Worker classes. There are simple ways
to perform factory style methods and call methods on objects, and
get the result in a callback. Similiar to frontend <-> backend agent
communication:

HeapSnapshotWorkerProxy: (Main world)

  • creates the worker
  • performAction("actionName", arguments, callback)
  • callMethod(objectId, "methodName", arguments, callback)
  • handle message => dispatch event or invoke callback

HeapSnapshotWorker: (Worker world)

  • sendEvent("eventName", eventData)
  • handle message => dispatch action or method on object

Proxy object methods are boilerplate calls to performAction/callMethod
with deserialization of responses. The rest of the frontend can just
treat Proxy objects as Model objects with some data and async methods.

Because the Node/Edge data is so small, objects are cheaply created
when needed and not cached. This means that there may be duplicate
HeapSnapshotNode's for the same node. For example if different Views
both request instancesWithClassName("Foo"). This is fine, as none
of our Views really care about object uniqueness, they are only
interested in the data or querying for more data.

  • Scripts/combine-resources.pl:
  • Scripts/copy-user-interface-resources.pl:

Copy the Workers directory to the resources directory.
Its code is only meant to be loaded by Workers, so it
shouldn't be included in the Main page.

  • UserInterface/Main.html:
  • UserInterface/Test.html:
  • UserInterface/Models/HeapSnapshot.js: Removed.
  • UserInterface/Models/HeapSnapshotDiff.js: Removed.
  • UserInterface/Models/HeapSnapshotEdge.js: Removed.
  • UserInterface/Models/HeapSnapshotNode.js: Removed.

Replace the old simple Model classes with Proxy classes that interact
with the Worker.

  • UserInterface/Models/HeapAllocationsInstrument.js:

(WebInspector.HeapAllocationsInstrument.prototype._takeHeapSnapshot):
(WebInspector.HeapAllocationsInstrument):

  • UserInterface/Models/HeapAllocationsTimelineRecord.js:

(WebInspector.HeapAllocationsTimelineRecord):

  • UserInterface/Models/HeapSnapshotRootPath.js:

(WebInspector.HeapSnapshotRootPath):
(WebInspector.HeapSnapshotRootPath.prototype.appendEdge):

  • UserInterface/Protocol/HeapObserver.js:

(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):

  • UserInterface/Views/ContentView.js:

(WebInspector.ContentView.createFromRepresentedObject):
(WebInspector.ContentView.isViewable):

  • UserInterface/Views/HeapAllocationsTimelineView.js:

(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotDiff):
(WebInspector.HeapAllocationsTimelineView.prototype._takeHeapSnapshotClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._dataGridNodeSelected):
(WebInspector.HeapAllocationsTimelineView):

  • UserInterface/Views/HeapSnapshotClassDataGridNode.js:

(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):

  • UserInterface/Views/HeapSnapshotClusterContentView.js:
  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode.node.shortestGCRootPath.):
(WebInspector.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPath):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.stringifyEdge):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler):

  • UserInterface/Views/HeapSnapshotInstancesContentView.js:

(WebInspector.HeapSnapshotInstancesContentView):

  • UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:

(WebInspector.HeapSnapshotInstancesDataGridTree):

  • UserInterface/Views/HeapSnapshotSummaryContentView.js:

(WebInspector.HeapSnapshotSummaryContentView):
Update existing code to expect the new Proxy objects or create
the new HeapSnapshot using workers.

  • UserInterface/Proxies/HeapSnapshotDiffProxy.js: Added.

(WebInspector.HeapSnapshotDiffProxy):
(WebInspector.HeapSnapshotDiffProxy.deserialize):
(WebInspector.HeapSnapshotDiffProxy.prototype.get snapshot1):
(WebInspector.HeapSnapshotDiffProxy.prototype.get snapshot2):
(WebInspector.HeapSnapshotDiffProxy.prototype.get totalSize):
(WebInspector.HeapSnapshotDiffProxy.prototype.get totalObjectCount):
(WebInspector.HeapSnapshotDiffProxy.prototype.get categories):
(WebInspector.HeapSnapshotDiffProxy.prototype.allocationBucketCounts):
(WebInspector.HeapSnapshotDiffProxy.prototype.instancesWithClassName):
(WebInspector.HeapSnapshotDiffProxy.prototype.nodeWithIdentifier):
A HeapSnapshotDiffProxy looks like a HeapSnapshotProxy and responds to
the same methods, but has the extra snapshot1/2 pointers.

  • UserInterface/Proxies/HeapSnapshotEdgeProxy.js:

(WebInspector.HeapSnapshotEdgeProxy):
(WebInspector.HeapSnapshotEdgeProxy.deserialize):
Edge data. No methods are proxied at this point.

  • UserInterface/Proxies/HeapSnapshotNodeProxy.js: Added.

(WebInspector.HeapSnapshotNodeProxy):
(WebInspector.HeapSnapshotNodeProxy.deserialize):
(WebInspector.HeapSnapshotNodeProxy.prototype.shortestGCRootPath):
(WebInspector.HeapSnapshotNodeProxy.prototype.dominatedNodes):
(WebInspector.HeapSnapshotNodeProxy.prototype.retainedNodes):
(WebInspector.HeapSnapshotNodeProxy.prototype.retainers):
Node data and methods to query for node relationships.

  • UserInterface/Proxies/HeapSnapshotProxy.js: Added.

(WebInspector.HeapSnapshotProxy):
(WebInspector.HeapSnapshotProxy.deserialize):
(WebInspector.HeapSnapshotProxy.prototype.get proxyObjectId):
(WebInspector.HeapSnapshotProxy.prototype.get identifier):
(WebInspector.HeapSnapshotProxy.prototype.get totalSize):
(WebInspector.HeapSnapshotProxy.prototype.get totalObjectCount):
(WebInspector.HeapSnapshotProxy.prototype.get categories):
(WebInspector.HeapSnapshotProxy.prototype.allocationBucketCounts):
(WebInspector.HeapSnapshotProxy.prototype.instancesWithClassName):
(WebInspector.HeapSnapshotProxy.prototype.nodeWithIdentifier):
Snapshot data and methods to query for nodes.

  • UserInterface/Proxies/HeapSnapshotWorkerProxy.js: Added.

(WebInspector.HeapSnapshotWorkerProxy):
(WebInspector.HeapSnapshotWorkerProxy.singleton):
(WebInspector.HeapSnapshotWorkerProxy.prototype.createSnapshot):
(WebInspector.HeapSnapshotWorkerProxy.prototype.createSnapshotDiff):
(WebInspector.HeapSnapshotWorkerProxy.prototype.performAction):
(WebInspector.HeapSnapshotWorkerProxy.prototype.callMethod):
(WebInspector.HeapSnapshotWorkerProxy.prototype._postMessage):
(WebInspector.HeapSnapshotWorkerProxy.prototype._handleMessage):
Singleton factory for the worker and proxied communication with the worker.
Provide means for invoking "factory actions" and "object methods".

  • UserInterface/Workers/HeapSnapshot/HeapSnapshotWorker.js: Added.

(HeapSnapshotWorker):
(HeapSnapshotWorker.prototype.createSnapshot):
(HeapSnapshotWorker.prototype.createSnapshotDiff):
(HeapSnapshotWorker.prototype.sendEvent):
(HeapSnapshotWorker.prototype._handleMessage):
Main worker code. Handle dispatching actions and methods.

  • UserInterface/Workers/HeapSnapshot/HeapSnapshot.js: Added.

(HeapSnapshot):
(HeapSnapshot.buildCategories):
(HeapSnapshot.allocationBucketCounts):
(HeapSnapshot.instancesWithClassName):
(HeapSnapshot.prototype.allocationBucketCounts):
(HeapSnapshot.prototype.instancesWithClassName):
(HeapSnapshot.prototype.nodeWithIdentifier):
(HeapSnapshot.prototype.shortestGCRootPath):
(HeapSnapshot.prototype.dominatedNodes):
(HeapSnapshot.prototype.retainedNodes):
(HeapSnapshot.prototype.retainers):
(HeapSnapshot.prototype.serialize):
(HeapSnapshot.prototype.serializeNode):
(HeapSnapshot.prototype.serializeEdge):
(HeapSnapshot.prototype._buildOutgoingEdges):
(HeapSnapshot.prototype._buildIncomingEdges):
(HeapSnapshot.prototype._buildPostOrderIndexes):
(HeapSnapshot.prototype._buildDominatorIndexes):
(HeapSnapshot.prototype._buildRetainedSizes):
(HeapSnapshot.prototype._gcRootPathes.visitNode):
(HeapSnapshot.prototype._gcRootPathes):
(HeapSnapshotDiff):
(HeapSnapshotDiff.prototype.allocationBucketCounts):
(HeapSnapshotDiff.prototype.instancesWithClassName):
(HeapSnapshotDiff.prototype.nodeWithIdentifier):
(HeapSnapshotDiff.prototype.shortestGCRootPath):
(HeapSnapshotDiff.prototype.dominatedNodes):
(HeapSnapshotDiff.prototype.retainedNodes):
(HeapSnapshotDiff.prototype.retainers):
(HeapSnapshotDiff.prototype.serialize):
New HeapSnapshot data processing implementation. Instead of creating
a new object per Node or per Edge create data arrays containing data
per-Node. Operate on these lists of data instead of creating many objects.

LayoutTests:

  • inspector/heap/getPreview.html:
  • inspector/heap/getRemoteObject.html:
  • inspector/heap/snapshot.html:

Update tests to use the new HeapSnapshotWorker frontend code.

  • inspector/unit-tests/heap-snapshot-expected.txt: Added.
  • inspector/unit-tests/heap-snapshot.html: Added.

Verify the data processing in and worker communication work HeapSnapshotWorker
produces expected values when compared with the simple HeapSnapshot/Node/Edge
implentation.

2:01 PM Changeset in webkit [198352] by andersca@apple.com
  • 3 edits
    1 delete in trunk/Source/WebKit2

Remove use of dyld_register_image_state_change_handler() in PluginProcessMac.mm
https://bugs.webkit.org/show_bug.cgi?id=155596

Reviewed by Dan Bernstein.

Use _dyld_register_func_for_add_image instead which is API. Use dladdr to find the image path given its header.

  • Platform/spi/Cocoa/DyldSPI.h: Removed.
  • PluginProcess/mac/PluginProcessMac.mm:

(WebKit::PluginProcess::platformInitializeProcess):

  • WebKit2.xcodeproj/project.pbxproj:
1:48 PM Changeset in webkit [198351] by rniwa@webkit.org
  • 5 edits in trunk/Websites/perf.webkit.org

An analysis task should be closed if a progression cause is identified
https://bugs.webkit.org/show_bug.cgi?id=155549

Reviewed by Chris Dumez.

Since a progression is desirable, we should close an analysis task once its cause is identified.

Also fix some typos.

  • init-database.sql: Fixed a typo.
  • public/api/analysis-tasks.php:
  • public/v3/models/analysis-task.js:

(AnalysisTask.prototype.dissociateBug): Renamed from dissociateBug.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage.prototype.render):
(AnalysisTaskPage.prototype._dissociateBug): Renamed from _dissociateBug.
(AnalysisTaskPage.prototype._dissociateCommit): Fixed the typo in the alert.

1:46 PM Changeset in webkit [198350] by Chris Dumez
  • 5 edits in trunk/Source

Set the WebContent process's main thread QoS to USER-INTERACTIVE
https://bugs.webkit.org/show_bug.cgi?id=155595
<rdar://problem/22534965>

Reviewed by Antti Koivisto.

Source/WebKit2:

Increase the WebContent process main thread's QoS to USER-INTERACTIVE
instead of USER-INITIATED as it is drawing UI. However, use a relative
priority of -1 so that its priority is lower than the one of the
scrolling thread.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):

Source/WTF:

Add a relativePriority parameter to setCurrentThreadIsUser*() so that
we can do more fine-grained prioritization of threads that have the
same QoS.

  • wtf/Threading.cpp:

(WTF::setCurrentThreadIsUserInteractive):
(WTF::setCurrentThreadIsUserInitiated):
(WTF::createThread): Deleted.

  • wtf/Threading.h:
1:38 PM Changeset in webkit [198349] by mark.lam@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Make FunctionMode an enum class.
https://bugs.webkit.org/show_bug.cgi?id=155587

Reviewed by Saam Barati.

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • parser/NodeConstructors.h:

(JSC::BaseFuncExprNode::BaseFuncExprNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrowFuncExprNode::ArrowFuncExprNode):
(JSC::MethodDefinitionNode::MethodDefinitionNode):

  • parser/ParserModes.h:

(JSC::functionNameIsInScope):

1:13 PM Changeset in webkit [198348] by msaboff@apple.com
  • 7 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Getters and Setters should be prefixed appropriately
https://bugs.webkit.org/show_bug.cgi?id=155593

Reviewed by Mark Lam.

Changed the putDirectNativeIntrinsicGetter() to prepend "get " to the funtion name.

Updated places that had their own macro or hand constructed a getter function to use
the JSC_NATIVE_GETTER macro which will properly append "get ".

Prepended "get " and "set " to the proto accessor created on the Object prototype.

When we create the Symbol.species getter, added an explicit function name of "get [Symbol.species]".

  • inspector/JSInjectedScriptHostPrototype.cpp:

(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):

  • inspector/JSJavaScriptCallFramePrototype.cpp:

(Inspector::JSJavaScriptCallFramePrototype::finishCreation):
(Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSObject.cpp:

(JSC::JSObject::putDirectNativeIntrinsicGetter):

  • runtime/MapPrototype.cpp:

(JSC::MapPrototype::finishCreation):
(JSC::MapPrototype::getOwnPropertySlot):

  • runtime/SetPrototype.cpp:

(JSC::SetPrototype::finishCreation):
(JSC::SetPrototype::getOwnPropertySlot):

  • tests/stress/accessors-get-set-prefix.js: Added.

(tryGetOwnPropertyDescriptorGetName):

12:28 PM Changeset in webkit [198347] by achristensen@apple.com
  • 4 edits in trunk/Source/WebKit2

Support manually accepting invalid SSL certificates with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155442
<rdar://problem/24847398>

Reviewed by Darin Adler.

When we click continue after getting a warning about an invalid SSL certificate, we call
NSURLRequest setAllowsSpecificHTTPSCertificate in NetworkProcess::allowSpecificHTTPSCertificateForHost,
which stores information in CFNetwork about the specific invalid SSL certificate we want to accept.
If we see such a certificate during a server trust evaluation, we want to tell CFNetwork to accept it.
This fixes a loop when going to https://badssl.com, clicking on expired, and clicking continue.

  • NetworkProcess/NetworkDataTask.h:
  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::transferSandboxExtensionToDownload):
(WebKit::certificatesMatch):
(WebKit::NetworkDataTask::allowsSpecificHTTPSCertificateForHost):
(WebKit::NetworkDataTask::suggestedFilename):

12:07 PM Changeset in webkit [198346] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Large repaints when typing any character in console
https://bugs.webkit.org/show_bug.cgi?id=155387
<rdar://problem/25125720>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/Main.css:

(#content):

11:54 AM Changeset in webkit [198345] by fpizlo@apple.com
  • 4 edits in trunk/Source/WTF

Silence leaks in ParkingLot
https://bugs.webkit.org/show_bug.cgi?id=155510

Reviewed by Alexey Proskuryakov.

ParkingLot has a concurrent hashtable that it reallocates on demand. It will not reallocate
it in steady state. The hashtable is sized to accommodate the high watermark of the number
of active threads - so long as the program doesn't just keep starting an unbounded number
of threads that are all active, the hashtable will stop resizing. Each resize operation is
designed to stay out of the way of the data-access-parallel normal path, in which two
threads operating on different lock addresses don't have to synchronize. To do this, it
simply drops the old hashtable without deleting it, so that threads that were still using
it don't crash. They will realize that they have the wrong hashtable before doing anything
bad, but we don't have a way of proving when all of those threads are no longer going to
read from the old hashtables. So, we just leak them.

This is a bounded leak, since the hashtable resizes exponentially. Thus the total memory
utilization of all hashtables, including the leaked ones, converges to a linear function of
the current hashtable's size (it's 2 * size of current hashtable).

But this leak is a problem for leaks tools, which will always report this leak. This is not
useful. It's better to silence the leak. That's what this patch does by ensuring that all
hashtables, including leaked ones, end up in a global vector. This is perf-neutral.

This requires making a StaticWordLock variant of WordLock. That's probably the biggest part
of this change.

  • wtf/ParkingLot.cpp:
  • wtf/WordLock.cpp:

(WTF::WordLockBase::lockSlow):
(WTF::WordLockBase::unlockSlow):
(WTF::WordLock::lockSlow): Deleted.
(WTF::WordLock::unlockSlow): Deleted.

  • wtf/WordLock.h:

(WTF::WordLockBase::lock):
(WTF::WordLockBase::isLocked):
(WTF::WordLock::WordLock):
(WTF::WordLock::lock): Deleted.
(WTF::WordLock::isLocked): Deleted.

10:37 AM Changeset in webkit [198344] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking http/tests/security/aboutBlank/window-open-self-about-blank.html as flaky on ios-sim-debug
https://bugs.webkit.org/show_bug.cgi?id=94458

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
10:20 AM Changeset in webkit [198343] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

10:18 AM Changeset in webkit [198342] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.24

New tag.

10:05 AM Changeset in webkit [198341] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198331 - REGRESSION(r197380): Build fails with new GCC and Clang
https://bugs.webkit.org/show_bug.cgi?id=155044

Reviewed by Michael Catanzaro.

In C++, std math functions ceil and floor are overloaded for double and float.
Without explicit cast or function pointer assignment, compilers cannot
determine which function address is used in the given context.

  • b3/B3LowerMacrosAfterOptimizations.cpp:
10:04 AM Changeset in webkit [198340] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Tools

Merge r197241 - [GTK] Fix incorrect cast

Unreviewed.

  • MiniBrowser/gtk/main.c:

(createBrowserWindow):

10:03 AM Changeset in webkit [198339] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Tools

Merge r197719 - Update perf bot configuration for Animometer
https://bugs.webkit.org/show_bug.cgi?id=155134

Reviewed by Ryosuke Niwa.

  • Scripts/webkitpy/benchmark_runner/data/patches/Animometer.patch: Refactor the patch

to work with the latest version of the harness.

  • Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Bump up the timeout,

and use the latest version of the harness.

10:03 AM Changeset in webkit [198338] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Tools

Merge r197615 - [GTK] Fix logging details after r197505 (Run the run-benchmark script on the performance bot.)
https://bugs.webkit.org/show_bug.cgi?id=154595

Unreviewed.

  • Scripts/webkitpy/benchmark_runner/run_benchmark.py:

(start): Use logging.exception when a test fails in order to get the details about the error.

10:03 AM Changeset in webkit [198337] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Tools

Merge r197505 - [GTK] Run the run-benchmark script on the performance bot.
https://bugs.webkit.org/show_bug.cgi?id=154595

Reviewed by Carlos Garcia Campos.

  • BuildSlaveSupport/build.webkit.org-config/master.cfg: Add new RunBenchmarkTests step on the perf bots (only for the GTK+ port at this moment).

(RunBenchmarkTests):
(RunBenchmarkTests.start):
(RunBenchmarkTests.getText):
(RunBenchmarkTests.getText2):
(BuildAndPerfTestFactory.init):
(DownloadAndPerfTestFactory.init):

  • BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py: Add new test for RunBenchmarkTests and update expected steps of GTK+ perf bot.

(RunBenchmarkTest):
(RunBenchmarkTest.assertResults):
(RunBenchmarkTest.test_success):
(RunBenchmarkTest.test_tests_failed):

  • Scripts/webkitpy/benchmark_runner/benchmark_runner.py: Log both the current iteration as also the total iterations for the current benchmark/plan.

(BenchmarkRunner._run_benchmark):

  • Scripts/webkitpy/benchmark_runner/browser_driver/gtk_minibrowser_driver.py: Use python logging also for errors.

(GTKMiniBrowserDriver.close_browsers):

  • Scripts/webkitpy/benchmark_runner/run_benchmark.py: Implement support for running all available benchmark plans.

(parse_args):
(start):
(main):

10:02 AM Changeset in webkit [198336] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.12/Tools

Merge r196979 - [GTK] Allow to run the WebKitGTK+ MiniBrowser with the run-benchmark script.
https://bugs.webkit.org/show_bug.cgi?id=153993

Reviewed by Carlos Garcia Campos.

  • MiniBrowser/gtk/main.c:

(createBrowserWindow): Support --geometry argument for MiniBrowser.
We use this on the gtk_minibrowser_driver script to start the MiniBrowser maximized.

  • Scripts/webkitpy/benchmark_runner/browser_driver/init.py: Fix loading of subclasses:

The base class has to be loaded first, otherwise any subclase referencing it will give import error.
In OSX the ordering of os.listdir() causes the base class (browser_driver.py) to be first on the list, but not on Linux.
By specifiying the name of the base class file, we ensure it is always loaded first on any system despite the ordering of listdir.

  • Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver_factory.py:

(BrowserDriverFactory.create):

  • Scripts/webkitpy/benchmark_runner/browser_driver/gtk_browser_driver.py: Added.

(GTKBrowserDriver):
(GTKBrowserDriver.prepare_env):
(GTKBrowserDriver.restore_env):
(GTKBrowserDriver.close_browsers):
(GTKBrowserDriver._launch_process):
(GTKBrowserDriver._terminate_processes):
(GTKBrowserDriver._screen_size):

  • Scripts/webkitpy/benchmark_runner/browser_driver/gtk_minibrowser_driver.py: Added.

(GTKMiniBrowserDriver):
(GTKMiniBrowserDriver.prepare_env):
(GTKMiniBrowserDriver.launch_url):
(GTKMiniBrowserDriver.close_browsers):

  • Scripts/webkitpy/benchmark_runner/http_server_driver/init.py: Fix loading of subclasses. See description above.
  • Scripts/webkitpy/benchmark_runner/http_server_driver/simple_http_server_driver.py:

(SimpleHTTPServerDriver):
(SimpleHTTPServerDriver.kill_server): Check if the server is still running before trying to terminate it.
Usually the server ends gracefully (no need to terminate it), so this was causing ugly errors on the log.

  • Scripts/webkitpy/benchmark_runner/utils.py: Fix loading of subclasses. See description above.

(load_subclasses):

10:02 AM Changeset in webkit [198335] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

DataURLDecoder::DecodingResultDispatcher may get deleted outside main thread
https://bugs.webkit.org/show_bug.cgi?id=155584
rdar://problem/24492104

Reviewed by Chris Dumez.

This is unsafe as it owns strings and other types that are only safe to delete in the main thread.

  • platform/network/DataURLDecoder.cpp:

(WebCore::DataURLDecoder::DecodingResultDispatcher::dispatch):

The problem is that this was a refcounted type. This created a race. If the timer fired before dispatch()
was exited the implicit deref here would trigger the deletion in the dispatching thread.

Fix by getting rid of the unnecessary refcounting. Timer firing will now delete the instance explicitly.

(WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):
(WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

9:43 AM Changeset in webkit [198334] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r198201.
https://bugs.webkit.org/show_bug.cgi?id=155585

That was not the proper solution (Requested by KaL on
#webkit).

Reverted changeset:

"REGRESSION (r197724): [GTK] Web Inspector: Images being
blocked by CSP 2.0"
https://bugs.webkit.org/show_bug.cgi?id=155432
http://trac.webkit.org/changeset/198201

9:38 AM Changeset in webkit [198333] by Chris Fleizach
  • 11 edits
    2 adds in trunk

AX: Implement AutoFill Available attribute for a text field
https://bugs.webkit.org/show_bug.cgi?id=155567

Reviewed by Darin Adler.

Source/WebCore:

Expose the auto fill buttons to the AX hierarchy.
Add an attribute for the textfield to inform when the auto fill button is available.

Test: accessibility/auto-fill-types.html

  • English.lproj/Localizable.strings:
  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::isValueAutofillAvailable):
(WebCore::AccessibilityObject::isValueAutofilled):

  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::passwordFieldValue):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::addTextFieldChildren):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

  • html/TextFieldInputType.cpp:

(WebCore::limitLength):
(WebCore::autoFillButtonTypeToAccessibilityLabel):
(WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
(WebCore::TextFieldInputType::createAutoFillButton):
(WebCore::TextFieldInputType::updateAutoFillButton):

  • platform/LocalizedStrings.cpp:

(WebCore::AXListItemActionVerb):
(WebCore::AXAutoFillCredentialsLabel):
(WebCore::AXAutoFillContactsLabel):
(WebCore::AXARIAContentGroupText):

  • platform/LocalizedStrings.h:

LayoutTests:

  • accessibility/auto-fill-types-expected.txt: Added.
  • accessibility/auto-fill-types.html: Added.
7:58 AM Changeset in webkit [198332] by mark.lam@apple.com
  • 16 edits
    3 adds in trunk

Method names should not appear in the lexical scope of the method's body.
https://bugs.webkit.org/show_bug.cgi?id=155568

Reviewed by Saam Barati.

Source/JavaScriptCore:

Consider this scenario:

var f = "foo";
var result = ({

f() {

return f; f should be the string "foo", not this method f.

}

}).f();
result === "foo"; Should be true.

The reason this is not current working is because the parser does not yet
distinguish between FunctionExpressions and MethodDefinitions. The ES6 spec
explicitly distinguishes between the 2, and we should do the same.

This patch changes all methods (and getters and setters which are also methods)
to have a FunctionMode of MethodDefinition (instead of FunctionExpression).
functionNameIsInScope() is responsible for determining whether a function's name
should be in its scope or not. It already returns false for any function
whose FunctionMode is not FunctionExpression. Giving methods the MethodDefinition
FunctionMode gets us the correct behavior ES6 expects.

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedFunctionExecutable.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitNewMethodDefinition):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::ArrowFuncExprNode::emitBytecode):
(JSC::MethodDefinitionNode::emitBytecode):
(JSC::YieldExprNode::emitBytecode):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createMethodDefinition):
(JSC::ASTBuilder::createFunctionMetadata):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createArguments):

  • parser/NodeConstructors.h:

(JSC::FunctionParameters::FunctionParameters):
(JSC::BaseFuncExprNode::BaseFuncExprNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrowFuncExprNode::ArrowFuncExprNode):
(JSC::MethodDefinitionNode::MethodDefinitionNode):
(JSC::YieldExprNode::YieldExprNode):

  • parser/Nodes.h:

(JSC::BaseFuncExprNode::metadata):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parsePropertyMethod):

  • parser/ParserModes.h:
  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionMetadata):
(JSC::SyntaxChecker::createArrowFunctionExpr):
(JSC::SyntaxChecker::createMethodDefinition):
(JSC::SyntaxChecker::setFunctionNameStart):
(JSC::SyntaxChecker::createArguments):

  • tests/es6.yaml:

LayoutTests:

  • inspector/model/scope-chain-node-expected.txt:
  • rebased expected result.
  • js/script-tests/function-toString-vs-name.js:
  • fixed a bug in the shouldBe() function.
  • js/methods-names-should-not-be-in-lexical-scope-expected.txt: Added.
  • js/methods-names-should-not-be-in-lexical-scope.html: Added.
  • js/script-tests/methods-names-should-not-be-in-lexical-scope.js: Added.
  • test all variations of methods.
6:57 AM Changeset in webkit [198331] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r197380): Build fails with new GCC and Clang
https://bugs.webkit.org/show_bug.cgi?id=155044

Reviewed by Michael Catanzaro.

In C++, std math functions ceil and floor are overloaded for double and float.
Without explicit cast or function pointer assignment, compilers cannot
determine which function address is used in the given context.

  • b3/B3LowerMacrosAfterOptimizations.cpp:
6:17 AM Changeset in webkit [198330] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

[Mac][cmake] Unreviewed speculative buildfix after r198179. Just for fun.

  • PlatformMac.cmake:
6:14 AM Changeset in webkit [198329] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

[Mac][cmake] Unreviewed buildfix after r198070. Just for fun.

  • PlatformMac.cmake:
5:59 AM Changeset in webkit [198328] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit/mac

[cmake][Mac] Unreviewed speculative buildfix after r198088. Just for fun.

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

5:28 AM Changeset in webkit [198327] by Csaba Osztrogonác
  • 13 edits in trunk

Unreviewed, line ending fixes.

Source/ThirdParty:

  • gtest/codegear/gtest_all.cc:
  • gtest/codegear/gtest_link.cc:

LayoutTests:

  • css2.1/20110323/support/at-import-001.css:
  • css2.1/20110323/support/at-import-002.css:
  • css2.1/20110323/support/at-import-004.css:
  • css2.1/20110323/support/at-import-005.css:
  • css2.1/20110323/support/at-import-006.css:
  • css2.1/20110323/support/at-import-007.css:
  • css2.1/20110323/support/eof-green.css:
  • storage/indexeddb/set_version_blocked.html:
  • storage/indexeddb/transaction-read-only.html:
4:25 AM Changeset in webkit [198326] by youenn.fablet@crf.canon.fr
  • 8 edits in trunk

[Fetch API] response-consume.html is crashing on Mac WK1 Debug builds
https://bugs.webkit.org/show_bug.cgi?id=155490

Reviewed by Darin Adler.

Source/WebCore:

Covered by existing tests.

Ensured to lock state before calling JSC:JSONParse.
Adding fulfillPromiseWithJSON routine to handle it.
Applied it to FetchBody.

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::json):
(WebCore::FetchBody::loadedAsText):
(WebCore::FetchBody::resolveAsJSON): Deleted.

  • Modules/fetch/FetchBody.h:
  • Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::loadedBlobAsText):

  • bindings/js/JSDOMPromise.cpp:

(WebCore::parseAsJSON):
(WebCore::fulfillPromiseWithJSON):

  • bindings/js/JSDOMPromise.h:

LayoutTests:

3:52 AM Changeset in webkit [198325] by adam.bergkvist@ericsson.com
  • 13 edits in trunk

WebRTC: Update RTCIceCandidate
https://bugs.webkit.org/show_bug.cgi?id=155535

Reviewed by Eric Carlson.

Source/WebCore:

Update the RTCIceCandidate constructor procedure to match the WebRTC 1.0 specification [1].
In short: The "candidate" init dictionary member is required. At least one of the dictionary
members "sdpMid" and "sdpMLine" needs to be present; the corresponding attribute of the
other, is initialized to null.

[1] https://w3c.github.io/webrtc-pc/archives/20160215/webrtc.html

Tests: Updated fast/mediastream/RTCIceCandidate.htm

  • Modules/mediastream/RTCIceCandidate.cpp:

(WebCore::RTCIceCandidate::create):
(WebCore::RTCIceCandidate::RTCIceCandidate):

  • Modules/mediastream/RTCIceCandidate.h:

(WebCore::RTCIceCandidate::sdpMLineIndex):
(WebCore::RTCIceCandidate::setSdpMLineIndex):

  • Modules/mediastream/RTCIceCandidate.idl:
  • bindings/js/JSRTCIceCandidateCustom.cpp:

(WebCore::JSRTCIceCandidate::sdpMid):
(WebCore::JSRTCIceCandidate::sdpMLineIndex):

LayoutTests:

RTCIceCandidate.html is updated to test the new construction behavior and the nullable
attributes. The remaining updated tests simply construct an RTCIceCandidate to be used for
test purposes.

  • fast/mediastream/RTCIceCandidate-expected.txt:
  • fast/mediastream/RTCIceCandidate.html:
  • fast/mediastream/RTCPeerConnection-closed-state.html:
  • fast/mediastream/RTCPeerConnection-overloaded-operations-expected.txt:
  • fast/mediastream/RTCPeerConnection-overloaded-operations-params-expected.txt:
  • fast/mediastream/RTCPeerConnection-overloaded-operations-params.html:
  • fast/mediastream/RTCPeerConnection-overloaded-operations.html:
2:46 AM Changeset in webkit [198324] by gskachkov@gmail.com
  • 12 edits
    1 add in trunk

Invoking super()/super inside of the eval should not lead to SyntaxError
https://bugs.webkit.org/show_bug.cgi?id=153864

Reviewed by Saam Barati.

Source/JavaScriptCore:

Added support of the invoking super/super() inside of the eval within class.
Also support cases when eval is invoked in constructor, class method directly
or via arrow function. Access to the new.target in eval is not part of this patch
and will be implemented in https://bugs.webkit.org/show_bug.cgi?id=155545

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::isThisUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isNewTargetUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isSuperUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isSuperCallUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):

  • interpreter/Interpreter.cpp:

(JSC::eval):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseMemberExpression):

  • parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::isEvalContext):
(JSC::Scope::setIsEvalContext):
(JSC::parse):

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):

  • tests/stress/arrowfunction-lexical-bind-supercall-4.js:
  • tests/stress/arrowfunction-lexical-bind-superproperty.js:
  • tests/stress/class-syntax-super-in-eval.js: Added.
  • tests/stress/generator-with-super.js:

LayoutTests:

  • js/class-syntax-super-expected.txt:
  • js/script-tests/class-syntax-super.js:
12:46 AM Changeset in webkit [198323] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.10.9

WebKitGTK+ 2.10.9

12:45 AM Changeset in webkit [198322] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.10

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.10.9 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.10.9
12:44 AM Changeset in webkit [198321] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r196467 - [GTK] Allow applications to disable Accelerated Compositing mode.
https://bugs.webkit.org/show_bug.cgi?id=154147

Reviewed by Carlos Garcia Campos.

  • UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformInitializeStore): if the environment
variable WEBKIT_DISABLE_COMPOSITING_MODE is defined, then disable AC.

12:44 AM Changeset in webkit [198320] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10/Source

Merge r194518 - WebKit fails to build with musl libc library
https://bugs.webkit.org/show_bug.cgi?id=152625

Patch by Khem Raj <raj.khem@gmail.com> on 2016-01-03
Source/JavaScriptCore:

Reviewed by Daniel Bates.

Qualify isnan() calls with std namespace.

  • runtime/Options.cpp:

(Option::operator==): Add std namespace qualifier.

Source/WebCore:

Reviewed by Daniel Bates and Alexey Proskuryakov.

malloc_trim is glibc specific API so guard it with GLIBC.

  • platform/linux/MemoryPressureHandlerLinux.cpp:

(MemoryPressureHandler::platformReleaseMemory): Guard malloc_trim()
call with GLIBC_.

Source/WTF:

Reviewed by Daniel Bates.

Disable ctype.h check for musl C library on Linux.
Enable backtrace on Linux when using glibc.
We don't have backtrace() implemented on non-glibc system
C libraries on Linux e.g. musl.

  • wtf/DisallowCType.h: Check for GLIBC.
  • wtf/Assertions.cpp:

(WTFGetBacktrace): Check if libc is glibc.

12:43 AM Changeset in webkit [198319] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.10/Source

Revert "Merge r196803 - [GTK] Limit the number of tiles according to the visible area"

This reverts commit f4b75bd5443ace0a438a43f9b73ff6de303d3858.

12:05 AM Changeset in webkit [198318] by aestes@apple.com
  • 4 edits in trunk/Source

[Mac] Enable Content-Disposition: attachment sandbox
https://bugs.webkit.org/show_bug.cgi?id=155578
<rdar://problem/21886326>

Reviewed by Dan Bernstein.

Covered by the existing set of attachment sandbox tests, which have always been run on Mac.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):

Source/WebKit2:

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):

Mar 16, 2016:

11:52 PM WebKitGTK/2.10.x edited by Carlos Garcia Campos
(diff)
9:42 PM Changeset in webkit [198317] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Uncaught Exception: SyntaxError: Invalid regular expression: \ at end of pattern
https://bugs.webkit.org/show_bug.cgi?id=155556
<rdar://problem/25200058>

Reviewed by Timothy Hatcher.

Use simpleGlobStringToRegExp, which returns a valid regular expression
for strings with trailing backslashes, and also provides globbing.
String.escapeForRegExp returns a JS string ending in "
", which isn't
a valid regular expression.

  • UserInterface/Views/OpenResourceDialog.js:

(WebInspector.OpenResourceDialog):
(WebInspector.OpenResourceDialog.prototype._handleMousedownEvent):
Fixed typo.

(WebInspector.OpenResourceDialog.prototype._updateFilter):
Switch to simpleGlobStringToRegExp.

8:36 PM Changeset in webkit [198316] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

SVG tear offs should return a const reference if possible
https://bugs.webkit.org/show_bug.cgi?id=153214

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-03-16
Reviewed by Alex Christensen.

A smaller change than expected because the returned reference is being copied into a value in additional locations that baseVal and animVal are used.

No new tests as there is no change in behaviour.

  • svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
  • svg/properties/SVGAnimatedStaticPropertyTearOff.h:

(WebCore::SVGAnimatedStaticPropertyTearOff::baseVal):
(WebCore::SVGAnimatedStaticPropertyTearOff::animVal):

7:49 PM Changeset in webkit [198315] by jonlee@apple.com
  • 3 edits
    4 adds in trunk/PerformanceTests

Add a new benchmark test
https://bugs.webkit.org/show_bug.cgi?id=155570

Reviewed by Simon Fraser.

New Leaves test includes various image sizes and opacity.

  • Animometer/resources/debug-runner/tests.js: Add it to the HTML test suite.
  • Animometer/tests/dom/leaves.html: Added.
  • Animometer/tests/dom/resources/leaves.js: Added. Override the

(Particle.call.reset): Uses a range of sizes, and opacity.
(Particle.call.animate): Opacity goes up then down. When it hits 0, reset the particle.
(Particle.call.move): Set transform and opacity.

  • Animometer/tests/master/resources/leaves.js: Get rid of the closure so that it

can be used in this test. Update the relative path so that it works in both the master
and dom test suite.

7:18 PM Changeset in webkit [198314] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed, partial roll out of r197254.
<rdar://problem/25078552>

It caused a ~1.1% PLT regression on iOS.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad): Deleted.

6:48 PM Changeset in webkit [198313] by matthew_hanson@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

6:45 PM Changeset in webkit [198312] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-601.1.46.120

New Tag.

5:56 PM Changeset in webkit [198311] by enrica@apple.com
  • 2 edits in trunk/Source/WebCore

Recognize mailto and tel url as data detector links.
https://bugs.webkit.org/show_bug.cgi?id=155569
rdar://problem/24836185

Reviewed by Sam Weinig.

When we check if the element is a data detector link,
we should return true also for URLs with mailto: and tel: scheme.

  • editing/cocoa/DataDetection.mm:

(WebCore::DataDetection::isDataDetectorLink):

5:13 PM Changeset in webkit [198310] by Chris Dumez
  • 4 edits in trunk/Tools

Unreviewed, rolling out r198187.
https://bugs.webkit.org/show_bug.cgi?id=155564

Potentially break testing on iOS (Requested by Guest23 on
#webkit).

Reverted changeset:

"Add twisted-15.5.0 module to
webkitpy.thirdparty.autoinstalled."
https://bugs.webkit.org/show_bug.cgi?id=154667
http://trac.webkit.org/changeset/198187

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-16

5:07 PM Changeset in webkit [198309] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Subpixel rendering: Directly composited image layers need pixelsnapping.
https://bugs.webkit.org/show_bug.cgi?id=155558

Reviewed by Simon Fraser.

In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
layer bounds for directly composited images.

Source/WebCore:

Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::resetContentsRect):
(WebCore::RenderLayerBacking::updateChildClippingStrategy):
(WebCore::RenderLayerBacking::updateImageContents):

LayoutTests:

  • fast/images/hidpi-directly-composited-image-on-subpixel-position-expected.html: Added.
  • fast/images/hidpi-directly-composited-image-on-subpixel-position.html: Added.
4:37 PM Changeset in webkit [198308] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping mathml/very-large-stretchy-operators.html on ios-simulator debug
https://bugs.webkit.org/show_bug.cgi?id=155565

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
4:32 PM Changeset in webkit [198307] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Marking compositing/visible-rect/animated-from-none.html as flaky on ios-sim-wk2, failing on ios-sim-wk1
https://bugs.webkit.org/show_bug.cgi?id=155495

Unreviewed test gardening.

  • platform/ios-simulator-wk1/TestExpectations:
  • platform/ios-simulator-wk2/TestExpectations:
4:25 PM Changeset in webkit [198306] by Beth Dakin
  • 28 edits in trunk/Source

Provide NSSpellChecker spellChecking methods with the current insertion point
https://bugs.webkit.org/show_bug.cgi?id=155532
-and corresponding-
rdar://problem/24066952

Reviewed by Simon Fraser.

Source/WebCore:

Pass the Frame’s selection to a handful of spelling checking methods that
call into WebKit/WebKit2 to ultimately call into NSSpellChecker.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::hasMisspelling):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(AXAttributeStringSetSpelling):

  • editing/AlternativeTextController.cpp:

(WebCore::AlternativeTextController::timerFired):

  • editing/Editor.cpp:

(WebCore::Editor::guessesForMisspelledWord):
(WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):

  • editing/SpellChecker.cpp:

(WebCore::SpellChecker::invokeRequest):
(WebCore::SpellChecker::enqueueRequest):

  • editing/TextCheckingHelper.cpp:

(WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
(WebCore::TextCheckingHelper::guessesForMisspelledOrUngrammaticalRange):
(WebCore::TextCheckingHelper::unifiedTextCheckerEnabled):
(WebCore::checkTextOfParagraph):

  • editing/TextCheckingHelper.h:
  • loader/EmptyClients.cpp:

(WebCore::EmptyFrameLoaderClient::createNetworkingContext):
(WebCore::EmptyTextCheckerClient::requestCheckingOfString):

  • loader/EmptyClients.h:
  • platform/text/TextCheckerClient.h:

(WebCore::TextCheckerClient::~TextCheckerClient):

The key needed to include the insertion point.

  • platform/spi/mac/NSSpellCheckerSPI.h:

Source/WebKit/mac:

Extract the insertion point from the VisibleSelection that WebCore has
passed.

  • WebCoreSupport/WebEditorClient.h:

(WebEditorClient::getGuessesForWord):

  • WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::checkTextOfParagraph):
(insertionPointFromCurrentSelection):
(WebEditorClient::getGuessesForWord):
(WebEditorClient::requestCheckingOfString):

Source/WebKit2:

Pass the insertionPoint to the UIProcess

  • UIProcess/TextChecker.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::checkTextOfParagraph):
(WebKit::WebPageProxy::getGuessesForWord):
(WebKit::WebPageProxy::requestCheckingOfString):

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/efl/TextCheckerEfl.cpp:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):

  • UIProcess/gtk/TextCheckerGtk.cpp:

(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):
(WebKit::TextChecker::checkTextOfParagraph):

  • UIProcess/ios/TextCheckerIOS.mm:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):

  • UIProcess/mac/TextCheckerMac.mm:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::ignoreWord):
(WebKit::TextChecker::requestCheckingOfString):

Extract the insertion point from the VisibleSelection that WebCore has
passed.

  • WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::insertionPointFromCurrentSelection):
(WebKit::WebEditorClient::checkTextOfParagraph):
(WebKit::WebEditorClient::getGuessesForWord):
(WebKit::WebEditorClient::requestCheckingOfString):

  • WebProcess/WebCoreSupport/WebEditorClient.h:
3:10 PM Changeset in webkit [198305] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix assertion failure on drive.google.com after r196052
https://bugs.webkit.org/show_bug.cgi?id=155562

Reviewed by Jer Noble.

  • rendering/RenderGeometryMap.cpp:

(WebCore::RenderGeometryMap::mapToContainer):
Change float equality check to areEssentiallyEqual.
This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
but result was (944.335693, 232.047394). They differ by (0, 0.000015).

3:06 PM Changeset in webkit [198304] by ddkilzer@apple.com
  • 3 edits in trunk/Tools

check-webkit-style: should warn about blank lines after #include "config.h" in TestWebKitAPI
<http://webkit.org/b/155445>

Reviewed by Darin Adler.

  • Scripts/webkitpy/style/checker.py:

(_PATH_RULES_SPECIFIER): Do not ignore "build/include*" checks
on TestWebKitAPI since this project uses a config.h header as of
r95188. Also remove references to WebKitAPITest, which ceased
to exist in r95944.

  • Scripts/webkitpy/style/checker_unittest.py:

(GlobalVariablesTest.test_path_rules_specifier): Add tests.
Remove reference to WebKitAPITest project.

2:49 PM Changeset in webkit [198303] by n_wang@apple.com
  • 3 edits
    2 adds in trunk

AX: Expose aria-current status to children
https://bugs.webkit.org/show_bug.cgi?id=155469

Reviewed by Chris Fleizach.

Source/WebCore:

Added aria-current to the global ARIA attributes list.

Test: accessibility/aria-current-global-attribute.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::supportsARIAAttributes):

LayoutTests:

  • accessibility/aria-current-global-attribute-expected.txt: Added.
  • accessibility/aria-current-global-attribute.html: Added.
2:31 PM Changeset in webkit [198302] by timothy_horton@apple.com
  • 6 edits in trunk

[mac] Printing test snapshots are upside-down after r198242
https://bugs.webkit.org/show_bug.cgi?id=155543

Reviewed by Simon Fraser.

Source/WebCore:

  • page/PrintContext.cpp:

(WebCore::PrintContext::spoolAllPagesWithBoundaries):
Stop PLATFORM(COCOA)-conditionally flipping here. Just paint.
This function is only used by the test runners so this doesn't have a
huge impact on anything else.

Tools:

  • DumpRenderTree/mac/PixelDumpSupportMac.mm:

(createPagedBitmapContext):
Flip printing snapshots in DRT so that everything is right-side-up.

LayoutTests:

Re-un-skip these tests.

1:58 PM Changeset in webkit [198301] by dbates@webkit.org
  • 2 edits in trunk/Source/WebCore

Update WebKit Feature Status page to include the status of Content Security Policy Level 2 and Level 3

  • features.json:
1:44 PM Changeset in webkit [198300] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebCore

Merge r188574. rdar://problem/25070230

1:44 PM Changeset in webkit [198299] by matthew_hanson@apple.com
  • 18 edits
    12 deletes in branches/safari-601-branch

Merge r188566. rdar://problem/25070230

1:17 PM Changeset in webkit [198298] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r192184): CleanMyDrive 2's tutorial window is blank
https://bugs.webkit.org/show_bug.cgi?id=155550
<rdar://problem/24250689>

Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setDrawsTransparentBackground:]):
The app is using this SPI via key-value coding, so just keeping the implementation
is sufficient to make AppKit stop throwing an undefined key exception.
Log once that this is deprecated (... it's also SPI) and then forward to setDrawsBackground.

1:13 PM Changeset in webkit [198297] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking inspector/controller/runtime-controller.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154688

Unreviewed test gardening.

  • platform/mac/TestExpectations:
1:12 PM Changeset in webkit [198296] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

ASSERTION FAILED: !edge->isPhantomAllocation() in regress/script-tests/sink-huge-activation.js.ftl-eager in debug mode
https://bugs.webkit.org/show_bug.cgi?id=153805

Reviewed by Mark Lam.

The object allocation sinking phase uses InferredValue::isStillValid() in the opposite
way from most clients: it will do an *extra* optimization if it returns false. The
phase will first compute sink candidates and then it will compute materialization
points. If something is a sink candidate then it is not a materialization point. A
NewFunction node may appear as not being a sink candidate during the first pass, so it's
not added to the set of things that will turn into PhantomNewFunction. But on the second
pass where we add materializations, we check isStillValid() again. Now this may become
false, so that second pass thinks that NewFunction is a sink candidate (even though it's
not in the sink candidates set) and so is not a materialization point.

This manifests as the NewFunction referring to a PhantomCreateActivation or whatever.

The solution is to have the phase cache results of calls to isStillValid(). It's OK if
we just remember the result of the first call and assume that it's not a sink candidate.
That's the worst that can happen.

No new tests since this is a super hard race and sink-huge-activation seemed to already
be catching it.

  • dfg/DFGObjectAllocationSinkingPhase.cpp:
1:09 PM Changeset in webkit [198295] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=94458

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
12:49 PM Changeset in webkit [198294] by sbarati@apple.com
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Make Array.prototype.reverse spec compatible.
https://bugs.webkit.org/show_bug.cgi?id=155528

Reviewed by Michael Saboff.

This patch make Array.prototype.reverse spec compatible.
Before, we weren't performing a HasProperty of each index
before performing a Get on that index. We now do that on
the slow path.

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncReverse):

  • tests/stress/array-reverse-proxy.js: Added.

(assert):
(test):
(shallowCopy):
(shallowEqual):
(let.handler.get getSet):
(test.let.handler.get getSet):

12:47 PM Changeset in webkit [198293] by ap@apple.com
  • 2 edits in trunk/Tools

Update unit test for iOS debug queues.

  • BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py:
12:46 PM Changeset in webkit [198292] by dbates@webkit.org
  • 20 edits
    1 move
    48 adds in trunk

<video> and <audio> elements do not obey Content Security Policy on redirect
https://bugs.webkit.org/show_bug.cgi?id=155509
<rdar://problem/10234844>

Reviewed by Alex Christensen.

Source/WebCore:

Fixes an issue where the Content Security Policy of the page was not enforced
on redirects when loading a media subresource via an HTML video or HTML audio
element.

Tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed.html

http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html
http/tests/security/contentSecurityPolicy/font-redirect-allowed.html
http/tests/security/contentSecurityPolicy/font-redirect-blocked.html
http/tests/security/contentSecurityPolicy/image-redirect-allowed.html
http/tests/security/contentSecurityPolicy/image-redirect-blocked.html
http/tests/security/contentSecurityPolicy/script-redirect-allowed.html
http/tests/security/contentSecurityPolicy/script-redirect-blocked.html
http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed.html
http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked.html
http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed.html
http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked.html
http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed.html
http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked.html
http/tests/security/contentSecurityPolicy/track-redirect-allowed.html
http/tests/security/contentSecurityPolicy/track-redirect-blocked.html
http/tests/security/contentSecurityPolicy/video-redirect-allowed.html
http/tests/security/contentSecurityPolicy/video-redirect-blocked.html
http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html
http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::cachedResourceContent): Treat media resources as raw resources just as we do currently.
(WebCore::InspectorPageAgent::cachedResourceType): Ditto.

  • loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::requestResource): Modified to use CachedResourceLoader::requestMedia() instead
of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
more details.

  • loader/ResourceLoadInfo.cpp:

(WebCore::toResourceType): Treat media resources as raw resources just as we do currently. Also, add cases for
CachedResource::LinkPrefetch and CachedResource::LinkSubresource (when ENABLE(LINK_PREFETCH) is enabled) and
remove the default statement to force a compile-time error when a new CachedResource enumerator is added and
the switch block in this function is not updated.

  • loader/SubresourceLoader.cpp:

(WebCore::logResourceLoaded): Ditto.

  • loader/cache/CachedRawResource.cpp:

(WebCore::CachedRawResource::CachedRawResource): Substitute CachedResource::isMainOrMediaOrRawResource() for
CachedResource::isMainOrRawResource() as the latter was renamed to the former.

  • loader/cache/CachedRawResource.h:

(isType): Ditto.

  • loader/cache/CachedResource.cpp:

(WebCore::defaultPriorityForResourceType): Use priority ResourceLoadPriority::Medium for media resources just as
we do currently.

  • loader/cache/CachedResource.h:

(WebCore::CachedResource::isMainOrMediaOrRawResource): Formerly named isMainOrRawResource. Returns true if the type
of this resource is a main resource, media resource, or raw resource.
(WebCore::CachedResource::isMainOrRawResource): Deleted.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::createResource): Treat media resources as raw resources just as we do currently.
(WebCore::CachedResourceLoader::requestMedia): Added.
(WebCore::contentTypeFromResourceType): Consider media resources as MixedContentChecker::ContentType::Active
just as we do currently.
(WebCore::CachedResourceLoader::checkInsecureContent): Apply the mixed content policy to media resources
just as we do currently.
(WebCore::CachedResourceLoader::canRequest): Apply the Same Origin Policy to media resources just as we
do currently. Query the Content Security Policy of the page to determine if the media resource can be
requested.
(WebCore::CachedResourceLoader::determineRevalidationPolicy): Substitute CachedResource::isMainOrMediaOrRawResource()
for CachedResource::isMainOrRawResource() as the latter was renamed to the former.

  • loader/cache/CachedResourceLoader.h:
  • platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:

(WebCore::WebCoreAVFResourceLoader::startLoading): Modified to use CachedResourceLoader::requestMedia() instead
of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
more details. Additionally, simplified code that determined whether to request the media resource or error out
by coalescing two conditional expressions into one conditional on whether we have a loader and substituted
nullptr for 0.

Source/WebKit2:

Use 0ms as the maximum buffering time for media resource just as we do currently.

  • WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::maximumBufferingTime):

LayoutTests:

Add tests to ensure that the Content Security Policy is enforced on redirects when
loading a subresource, including a video or audio file.

  • http/tests/resources/redirect.php: Fix PHP "undefined index" warnings when either query

parameter code or refresh (or both) are not specified.

  • http/tests/security/contentSecurityPolicy/audio-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/audio-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/audio-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/font-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/font-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/font-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/font-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/image-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/image-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/ABCFont.svg: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg.
  • http/tests/security/contentSecurityPolicy/resources/alert-fail.xsl: Added.
  • http/tests/security/contentSecurityPolicy/resources/alert-pass.xsl: Added.
  • http/tests/security/contentSecurityPolicy/resources/green-square.svg: Added.
  • http/tests/security/contentSecurityPolicy/resources/red-square.svg: Added.
  • http/tests/security/contentSecurityPolicy/resources/xsl-redirect-allowed.php: Added.
  • http/tests/security/contentSecurityPolicy/resources/xsl-redirect-blocked.php: Added.
  • http/tests/security/contentSecurityPolicy/script-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/script-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/script-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/script-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/track-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/track-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/track-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/track-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html:
  • http/tests/security/contentSecurityPolicy/video-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/video-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-redirect-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/xsl-redirect-allowed-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html: Added.
  • http/tests/security/contentSecurityPolicy/xsl-redirect-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html: Added.
  • platform/efl/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html

until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. We will also need to fix
<https://bugs.webkit.org/show_bug.cgi?id=153866> before we can unskip test http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
As far as I can tell the functionality exercised by these tests is not being using by the EFL port.

  • platform/gtk/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html

until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. As far as I can tell the functionality
exercised by these tests is not being using by the GTK port.

  • platform/ios-simulator/http/tests/security/contentSecurityPolicy/audio-redirect-blocked-expected.txt: Added expected failure result as

AV Foundation is responsible for loading media on iOS. That is, WebCore is not responsible for loading media.

  • platform/ios-simulator/http/tests/security/contentSecurityPolicy/video-redirect-blocked-expected.txt: Ditto.
  • platform/mac/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html

until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. The functionality exercised by these
tests is not used on OS X. Additionally, mark as Failure on Yosemite and ElCapitan the added tests
http/tests/security/contentSecurityPolicy/{video, audio}-redirect-blocked.html as we do not support
Content Security Policy for media redirects in these versions of OS X.

12:33 PM Changeset in webkit [198291] by Chris Dumez
  • 17 edits in trunk/Source

Unreviewed, rolling out r198235, r198240, r198241, and
r198252.

Causing crashes on ARM

Reverted changesets:

"Remove compile time define for SEPARATED_HEAP"
https://bugs.webkit.org/show_bug.cgi?id=155508
http://trac.webkit.org/changeset/198235

"Gardening: build fix after r198235."
http://trac.webkit.org/changeset/198240

"Build fix."
http://trac.webkit.org/changeset/198241

"Rename performJITMemcpy to something more inline with our
normal webkit function names"
https://bugs.webkit.org/show_bug.cgi?id=155525
http://trac.webkit.org/changeset/198252

12:03 PM Changeset in webkit [198290] by BJ Burg
  • 4 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r198257.
https://bugs.webkit.org/show_bug.cgi?id=155553

This change is unnecessary, clients can instead compile the
file with ARC enabled (Requested by brrian on #webkit).

Reverted changeset:

"REGRESSION(r198077): generated Objective-C protocol object
getters leak their wrappers"
https://bugs.webkit.org/show_bug.cgi?id=155523
http://trac.webkit.org/changeset/198257

11:31 AM Changeset in webkit [198289] by jiewen_tan@apple.com
  • 22 edits
    2 adds in trunk

URL Parsing should signal failure for illegal IDN
https://bugs.webkit.org/show_bug.cgi?id=154945
<rdar://problem/8014795>

Reviewed by Brent Fulgham.

Source/WebCore:

WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
that deal with IDN mapping will now return nil to signal error.

Test: fast/url/invalid-idn.html

  • platform/URL.cpp:

(WebCore::isSchemeFirstChar):
(WebCore::URL::init):
(WebCore::appendEncodedHostname):
(WebCore::encodeHostnames):
(WebCore::encodeRelativeString):

  • platform/mac/WebCoreNSURLExtras.h:
  • platform/mac/WebCoreNSURLExtras.mm:

(WebCore::mapHostNameWithRange):
(WebCore::hostNameNeedsDecodingWithRange):
(WebCore::hostNameNeedsEncodingWithRange):
(WebCore::decodeHostNameWithRange):
(WebCore::encodeHostNameWithRange):
(WebCore::decodeHostName):
(WebCore::encodeHostName):
(WebCore::collectRangesThatNeedMapping):
(WebCore::mapHostNames):
(WebCore::URLWithData):
(WebCore::dataWithUserTypedString):
(WebCore::URLWithUserTypedString):
(WebCore::URLWithUserTypedStringDeprecated):
(WebCore::userVisibleString):

Source/WebKit/ios:

  • Misc/WebNSStringExtrasIOS.m:

(-[NSString _web_possibleURLsForForUserTypedString:]):

  • WebView/WebPDFViewPlaceholder.mm:

(-[WebPDFViewPlaceholder _updateTitleForURL:]):

Source/WebKit/mac:

In this patch, we add new SPIs _webkit_URLWithUserTypedString, _webkit_decodeHostName and
_webkit_encodeHostName which will return nil while dealing with illegal IDN.

Old SPIs _web_URLWithUserTypedString, _web_decodeHostName and _web_encodeHostName are marked
deprecated as they ignore URL parsing failure.

  • History/WebHistoryItem.mm:

(-[WebHistoryItem initFromDictionaryRepresentation:]):

  • Misc/WebKitErrors.m:

(+[NSError _webKitErrorWithCode:failingURL:]):

  • Misc/WebNSFileManagerExtras.mm:

(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):

  • Misc/WebNSPasteboardExtras.mm:

(-[NSPasteboard _web_bestURL]):

  • Misc/WebNSURLExtras.h:
  • Misc/WebNSURLExtras.mm:

(+[NSURL _web_URLWithUserTypedString:]):
(+[NSURL _webkit_URLWithUserTypedString:relativeToURL:]):
(+[NSURL _webkit_URLWithUserTypedString:]):
(-[NSString _web_decodeHostName]):
(-[NSString _web_encodeHostName]):
(-[NSString _webkit_decodeHostName]):
(-[NSString _webkit_encodeHostName]):

  • Panels/WebAuthenticationPanel.m:

(-[WebAuthenticationPanel setUpForChallenge:]):

  • WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::canonicalizeURLString):

Tools:

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]):

  • TestWebKitAPI/Tests/Cocoa/URLExtras.mm:

(TestWebKitAPI::TEST):

LayoutTests:

  • fast/url/host-expected.txt:
  • fast/url/idna2003-expected.txt:
  • fast/url/invalid-idn-expected.txt: Added.
  • fast/url/invalid-idn.html: Added.
11:16 AM Changeset in webkit [198288] by mark.lam@apple.com
  • 42 edits
    1 add in trunk

Add support for setting Function.name from computed properties.
https://bugs.webkit.org/show_bug.cgi?id=155437

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

In JS code, we can have initialization of computed properties with function and
class objects e.g.

var o = {

[x]: function() {},
[y]: class {}

}

The ES6 spec states that the function and class in the example above (being
anonymous) should take on the value of x and y respectively as their names:

o[x].name; should be the "stringified" value of x.
o[y].name;
should be the "stringified" value of y.

To achieve this, we will now inject an op_set_function_name bytecode at property
initialization sites if:

  1. the property assigned value is a function or class, and
  2. the function and class is anonymous, and
  3. if property assigned value is a class, it doesn't have a static method that is statically named "name".

The op_set_function_name will result in JSFunction::setFunctionName() being
called on the target function / class before it is assigned to the property.
JSFunction::setFunctionName() will take care of:

  1. computing the name to use from the value of the computed property name e.g. x and y in the example above.

If the computed property name is not a symbol, then the function / class name
should be the toString() value of that computed property name.

If the computed property name is a symbol, then ...

  1. if the Symbol has a defined description (e.g. Symbol("foo")), then the function / class name should be "[<symbol description>]" e.g. "[foo]".
  2. if the Symbol has an undefined description (e.g. Symbol()), then the function / class name should be "".

Note: Symbol("") is not the same as Symbol(). The former has a defined
descriptor "", and hence, yields a function / class name of "[]". The latter
yields a function / class name of "".

  1. reifying the lazy name property with this function / class name.

op_set_function_name is named after the SetFunctionName internal function
in the ES6 spec that performs the above operation.

It is behaviorally correct to use op_set_function_name at every property
initialization site with computed property names. However, we choose to not
emit the op_set_function_name bytecode when we already know that it will do
nothing i.e. when the target function / class is proven to already have a name or
name property. This is done as an optimization to avoid unnecessary calls to
JSFunction::setFunctionName().

Note: we could further check if the class has a static method with a computed
name that is a constant string "name" and elide op_set_function_name there too.
However, we don't bother because this should be rare. JSFunction::setFunctionName()
will still do the right thing.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
(JSC::BytecodeGenerator::emitCall):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):
(JSC::PropertyListNode::emitPutConstantProperty):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileSetFunctionName):
(JSC::DFG::SpeculativeJIT::compileForwardVarargs):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStoreBarrierInsertionPhase.cpp:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileSetFunctionName):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_strcat):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_strcat):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • parser/Nodes.cpp:

(JSC::FunctionNode::finishParsing):
(JSC::PropertyListNode::hasStaticallyNamedProperty):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

  • parser/Nodes.h:
  • runtime/JSFunction.cpp:

(JSC::getCalculatedDisplayName):
(JSC::JSFunction::setFunctionName):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyName):

  • runtime/JSFunction.h:
  • tests/es6.yaml:
  • tests/stress/computed-function-names.js: Added.

(toKeyString):
(toFuncName):
(shouldBe):
(return.propKey):

LayoutTests:

  • js/object-literal-computed-methods-expected.txt:
  • Exercise op_set_function_name at all tiers.
  • js/script-tests/function-toString-vs-name.js:
  • Added tests for computed properties.
  • js/script-tests/object-literal-computed-methods.js:
  • rebased results.
10:20 AM Changeset in webkit [198287] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking imported/blink/fast/multicol/dynamic/relayout-abspos-in-relpos-spanner.html as flaky on ios-sim
https://bugs.webkit.org/show_bug.cgi?id=155339

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
10:17 AM Changeset in webkit [198286] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebCore

Merge r192054. rdar://problem/25152937

9:58 AM Changeset in webkit [198285] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping failing printing tests
https://bugs.webkit.org/show_bug.cgi?id=155543

Unreviewed test gardening.

Three printing tests that rely on software snapshotting are failing after r198242 exposed
an underlying issue. Skipping these tests to get the bots back to green during investigation.

9:46 AM Changeset in webkit [198284] by Antti Koivisto
  • 5 edits
    2 adds in trunk

Don't invalidate style unnecessarily when setting inline style cssText
https://bugs.webkit.org/show_bug.cgi?id=155541
rdar://problem/23318893

Reviewed by Simon Fraser.

Source/WebCore:

We currently invalidate style when cssText is set whether the style declaration changed or not.

Based on a patch by Simon.

Test: fast/css/style-invalidation-inline-csstext.html

  • css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::cssText):
(WebCore::PropertySetCSSStyleDeclaration::setCssText):

Invalidate only if the parsed style changed.

  • css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::parseDeclaration):

Compare the original and new style after parsing, return result.

  • css/StyleProperties.h:

LayoutTests:

  • fast/css/style-invalidation-inline-csstext-expected.txt: Added.
  • fast/css/style-invalidation-inline-csstext.html: Added.
9:26 AM Changeset in webkit [198283] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline fast/css/getPropertyValue-webkit-marquee.html after r198255
https://bugs.webkit.org/show_bug.cgi?id=155544

Unreviewed test gardening.

  • fast/css/getPropertyValue-webkit-marquee-expected.txt:
8:35 AM Changeset in webkit [198282] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.11.92

WebKitGTK+ 2.11.92

8:31 AM Changeset in webkit [198281] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198127 - Enable GSS-Negotiate support in libsoup
https://bugs.webkit.org/show_bug.cgi?id=155354

Patch by Tomas Popela <tpopela@redhat.com> on 2016-03-14
Reviewed by Carlos Garcia Campos.

Enable the SOUP_TYPE_AUTH_NEGOTIATE feature if libsoup was compiled
with the GSS-Negotiate support.

  • platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

8:16 AM Changeset in webkit [198280] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.11.92 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.11.92.
8:16 AM Changeset in webkit [198279] by Carlos Garcia Campos
  • 22 edits
    6 deletes in releases/WebKitGTK/webkit-2.12

Revert "Merge r197549 - DFG/FTL should inline accesses to RegExpObject::m_lastIndex"

This reverts commit 75a052408f9d2d6401972afb8a422f0e5979aeff.

8:15 AM Changeset in webkit [198278] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197622 - The most aggressive form of RegExpTest/RegExpExec should speculate more aggressively than just cell"

This reverts commit 782aaddfb605fb925d3de4cb1e7b562cc26821b7.

8:15 AM Changeset in webkit [198277] by Carlos Garcia Campos
  • 33 edits
    5 deletes in releases/WebKitGTK/webkit-2.12

Revert "Merge r197641 - RegExpMatchesArray doesn't know how to have a bad time"

This reverts commit 240414640dd08dd67d4866c3992f399cb1035bc1.

8:14 AM Changeset in webkit [198276] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197715 - RegExp.prototype.exec() should call into Yarr at most once"

This reverts commit 2731cf7e9df14edf11cba6984e4c8cd1b14e752b.

8:14 AM Changeset in webkit [198275] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197730 - Reduce the number of instructions needed to record the last regexp result"

This reverts commit 074b9a12367b04dd3cd70f9d7c73695f8184fbb6.

8:14 AM Changeset in webkit [198274] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197729 - createRegExpMatchesArray should allocate substrings more quickly"

This reverts commit 5127c006fe6f7fcb4a512376866bce75b83a1c27.

8:13 AM Changeset in webkit [198273] by Carlos Garcia Campos
  • 9 edits
    2 deletes in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197796 - Regexp matching should incur less call overhead"

This reverts commit 462dd3fe9ae1b6992bbf331c52e9d4d440298a16.

8:13 AM Changeset in webkit [198272] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198269 - REGRESSION(r195661): [GTK] very slow scrolling
https://bugs.webkit.org/show_bug.cgi?id=155334

Reviewed by Sergio Villar Senin.

Fix smooth scrolling behaviour change after r195661.

  • platform/ScrollAnimationSmooth.cpp:

(WebCore::getAnimationParametersForGranularity): Fix a typo,
animationTime for pixel granularity should be 11 * tickTime.
(WebCore::ScrollAnimationSmooth::animateScroll): Previous code
reset all the data except the visibleLenght, so keep it in the
PerAxisData after the reset.

8:13 AM Changeset in webkit [198271] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r198266 - Unreviewed, rolling out r196803.
https://bugs.webkit.org/show_bug.cgi?id=155534

Introduced several rendering issues in popular websites
(Requested by KaL on #webkit).

Reverted changeset:

"[GTK] Limit the number of tiles according to the visible
area"
https://bugs.webkit.org/show_bug.cgi?id=126122
http://trac.webkit.org/changeset/196803

6:59 AM Changeset in webkit [198270] by Yusuke Suzuki
  • 29 edits
    1 copy
    3 adds in trunk

[ES6] Reflect.set with receiver
https://bugs.webkit.org/show_bug.cgi?id=155294

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch introduces the receiver parameter support for Reflect.set.
Reflect.set can alter the receiver with arbitrary values.
Each property descriptor uses the receiver in Set.

1) In the accessor descriptor case, the receiver is used as |this| value for setter calls.
2) In the data descriptor case, the actual property will be set onto the receiver objects.

The current put operation does not support the receiver that is different from the base object.
In particular, (2) case is not supported.
The naive implementation adds one more GetOwnProperty for the receiver per Set (9.1.9.1-4-c [1]), and it is unacceptable.
To keep the fast path efficiently, we fall back to the slow but generic implementation (ordinarySetSlow)
only when the receiver is altered.

We need not to change any JIT part, because the JS code cannot alter the receiver without Reflect.set.
The property accesses generated by the JIT code always have the receiver that is the same to the base object.
ProxyObject can alter the receiver, but this situation has no problem because ProxyObject disables Inline Caching.
NOTE: Generating Inline Caching for JSProxy (that is used for the Window proxy) is already disabled before this change.

[1]: https://tc39.github.io/ecma262/#sec-ordinaryset

  • jsc.cpp:

(functionCreateProxy):

  • runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::put):

  • runtime/JSArray.cpp:

(JSC::JSArray::put):

  • runtime/JSArrayBuffer.cpp:

(JSC::JSArrayBuffer::put):

  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::put):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::isThisValueAltered):

  • runtime/JSDataView.cpp:

(JSC::JSDataView::put):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::put):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::put):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::put):

  • runtime/JSObject.cpp:

(JSC::ordinarySetSlow):
(JSC::JSObject::putInlineSlow):

  • runtime/JSObject.h:
  • runtime/JSObjectInlines.h:

(JSC::JSObject::putInline):

  • runtime/JSProxy.h:

(JSC::JSProxy::createStructure):

  • runtime/Lookup.h:

(JSC::putEntry):

  • runtime/PropertySlot.h:
  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::put):

  • runtime/PutPropertySlot.h:

(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableSetter):
(JSC::PutPropertySlot::isCacheableCustom):
(JSC::PutPropertySlot::isCustomAccessor):
(JSC::PutPropertySlot::disableCaching):
(JSC::PutPropertySlot::isCacheable):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectSet):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::reject): Deleted.

  • runtime/StringObject.cpp:

(JSC::StringObject::put):

  • tests/es6.yaml:
  • tests/stress/ordinary-set-exceptions.js: Added.

(shouldBe):
(shouldThrow):
(shouldThrow.set get var):

  • tests/stress/proxy-set.js:
  • tests/stress/reflect-set-proxy-set.js: Copied from Source/JavaScriptCore/tests/stress/proxy-set.js.

(shouldBe):
(unreachable):
(assert):
(throw.new.Error.let.handler.set 45):
(throw.new.Error):
(let.target.set x):
(let.target.get x):
(set let):

  • tests/stress/reflect-set-receiver-proxy-set.js: Added.

(shouldBe):
(unreachable):
(assert):
(let.handler.set 45):
(catch):
(let.target.set x):
(let.target.get x):
(set let):

  • tests/stress/reflect-set-with-global-proxy.js: Added.

(shouldBe):
(unreachable):
(get shouldBe):
(set shouldBe):
(set test1):
(set test2):
(set test3):

  • tests/stress/reflect-set.js:

(shouldThrow):
(unreachable):
(get shouldBe):
(set shouldBe):
(receiverTestIndexed):
(set get Uint8Array):
(receiverCase): Deleted.
(proxyCase): Deleted.
(stringObjectCase.set get shouldBe): Deleted.
(regExpLastIndex): Deleted.

LayoutTests:

Currently, putDelegate (JSLocation is special case) and CustomIndexedSetter work as special setters.

  • js/dom/reflect-set-onto-dom-expected.txt:
  • js/dom/script-tests/reflect-set-onto-dom.js:
2:36 AM Changeset in webkit [198269] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

REGRESSION(r195661): [GTK] very slow scrolling
https://bugs.webkit.org/show_bug.cgi?id=155334

Reviewed by Sergio Villar Senin.

Fix smooth scrolling behaviour change after r195661.

  • platform/ScrollAnimationSmooth.cpp:

(WebCore::getAnimationParametersForGranularity): Fix a typo,
animationTime for pixel granularity should be 11 * tickTime.
(WebCore::ScrollAnimationSmooth::animateScroll): Previous code
reset all the data except the visibleLenght, so keep it in the
PerAxisData after the reset.

12:18 AM Changeset in webkit [198268] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit/win

Unreviewed, rolling out r196951 and r197031.

Revert also WinCairo follow ups after r196803

Reverted changesets:

"[WinCairo] Compile fix."
https://bugs.webkit.org/show_bug.cgi?id=154545
http://trac.webkit.org/changeset/196951

"[WinCairo] Mark layer as non composited."
https://bugs.webkit.org/show_bug.cgi?id=154640
http://trac.webkit.org/changeset/197031

12:11 AM Changeset in webkit [198267] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit/win

Unreviewed, rolling out r197693.

197031

Reverted changeset:

"[WinCairo][AcceleratedCompositing] Rendering issues on
www.bbc.com."
https://bugs.webkit.org/show_bug.cgi?id=154912
http://trac.webkit.org/changeset/197693

12:05 AM Changeset in webkit [198266] by commit-queue@webkit.org
  • 7 edits in trunk/Source

Unreviewed, rolling out r196803.
https://bugs.webkit.org/show_bug.cgi?id=155534

Introduced several rendering issues in popular websites
(Requested by KaL on #webkit).

Reverted changeset:

"[GTK] Limit the number of tiles according to the visible
area"
https://bugs.webkit.org/show_bug.cgi?id=126122
http://trac.webkit.org/changeset/196803

12:02 AM Changeset in webkit [198265] by rniwa@webkit.org
  • 11 edits
    2 adds in trunk/Websites/perf.webkit.org

Analysis task page should allow specifying commits that caused or fixed a regression or a progression
https://bugs.webkit.org/show_bug.cgi?id=155529

Reviewed by Chris Dumez.

Added the capability to associate revisions that caused or fixed a progression or a regression for which
an analysis task was created. Added task_commits that stores this relationship and added the backend
support to retrieve this table in /api/analysis-tasks and an privileged API to update this table at
/privileged-api/associate-commit.

Also extracted a new component, MutableListView, out of AnalysisTaskPage to render and manipulate a list
of mutable items, and used it to render the list of associated bugs and commits. The view takes a list of
kinds (e.g. repositories or bug trackers), and accepts a pair of a kind and arbitrary text as a new item
value.

  • init-database.sql: Added task_commits table.
  • public/api/analysis-tasks.php:

(main):
(fetch_associated_data_for_tasks): Renamed from fetch_and_push_bugs_to_tasks now that it also fetches
the list of commits associated with each analysis task by calling CommitLogFetcher::fetch_for_tasks.
Also fixe the bug that we were not taking
(format_task): No longer sets 'category' since the computation of category now depends on the list of
commits associated with this analysis task which aren't available until fetch_associated_data_for_tasks.
(determine_category): Added. Categorize any analysis tasks with "fixes" commits as "closed" and "causes"
commits as "identified".

  • public/include/commit-log-fetcher.php:

(CommitLogFetcher::construct): Remove the unused instance variable.
(CommitLogFetcher::fetch_for_tasks): Added. Fetches all commits associated with a list of analysis tasks.
Assumes the caller (fetch_associated_data_for_tasks) had setup "fixes" and "causes" fields on each task.

  • public/privileged-api/associate-commit.php: Added. Updates task_commits table to associate or disassociate

a commit with an analysis task. When the specified analysis task and the specified commit are already
associated, we simply update the table instead of adding a duplicating entry or error. For dissociation,
the front-end specifies the commit ID.
(main): Added.

  • public/v3/index.html:
  • public/v3/components/mutable-list-view.js: Added. Used by the list associated bugs and commits.

(MutableListView): Added.
(MutableListView.prototype.setList): Added.
(MutableListView.prototype.setKindList): Added.
(MutableListView.prototype.setAddCallback): Added. This callback is invoked when the user tries to add
a new item to the list.
(MutableListView.prototype.render): Added.
(MutableListView.prototype._submitted): Added.
(MutableListView.cssTemplate):
(MutableListView.htmlTemplate):
(MutableListItem): Added. RemovalLink could be a hyperlink or a callback and gets involved when the user
tries to delete this item.
(MutableListItem.prototype.content):

  • public/v3/models/analysis-task.js:

(AnalysisTask): Added the support of the list of commits that fixed and caused changes.
(AnalysisTask.prototype.updateSingleton): Ditto.
(AnalysisTask.prototype.causes): Added.
(AnalysisTask.prototype.fixes): Added.
(AnalysisTask.prototype.associateCommit): Added. Use the API added at /privileged-api/associate-commit
to associate a new commit with this analysis task. Each commit has either caused or fixed the change.
(AnalysisTask.prototype.dissociateCommit): Added. Use the same API to disassociate each commit.
(AnalysisTask._constructAnalysisTasksFromRawData): Find all commits associated with each analysis task.
Because commit log objects use a fake ID fdue to /api/measurement-set not providing commit IDs, we must
use CommitLog.findByRemoteId to find each commit instead of usual CommitLog.findById.
(AnalysisTask._constructAnalysisTasksFromRawData.resolveCommits): Added.

  • public/v3/models/build-request.js:

(BuildRequest.prototype.hasFinished): Renamed from hasCompleted since it was confusing for this._status
being "completed" wasn't a necessary condition for this function to return true.

  • public/v3/models/commit-log.js:

(CommitLog): Added the static map for actual commit ID instead of a fake ID created in ensureSingleton.
(CommitLog.prototype.remoteId): Added. Returns the real commit ID.
(CommitLog.findByRemoteId): Added. Finds an CommitLog object using the real ID.

  • public/v3/models/test-group.js:

(TestGroup.prototype.hasFinished): Renamed from hasCompleted to match the rename in BuildRequest.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage): Added lists for the commits that fixed and caused the change using MutableListView.
Also adopted MutableListView for the list of associated bugs.
(AnalysisTaskPage.prototype.render): Added the code to populate the newly added lists.
(AnalysisTaskPage.prototype._makeCommitListItem): Added.
(AnalysisTaskPage.prototype._associateBug): Now this is a callback from MutableListView.
(AnalysisTaskPage.prototype._associateCommit): Added.
(AnalysisTaskPage.prototype._dissociateCommit): Added.
(AnalysisTaskPage.htmlTemplate):
(AnalysisTaskPage.cssTemplate):

  • public/v3/remote.js:

(getJSON): Spit out the entire responseText when JSON failed to parse to make debugging easier.

Mar 15, 2016:

11:48 PM Changeset in webkit [198264] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Remove hint from SlowCaseEntry
https://bugs.webkit.org/show_bug.cgi?id=155530

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-15
Reviewed by Alex Christensen.

  • jit/JIT.h:

(JSC::SlowCaseEntry::SlowCaseEntry):

11:30 PM Changeset in webkit [198263] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.5.17.2.1

New tag.

11:26 PM Changeset in webkit [198262] by bshafiei@apple.com
  • 2 edits in branches/safari-601-branch/Source/WebKit/win

Merged r198244. rdar://problem/25181891

11:25 PM Changeset in webkit [198261] by bshafiei@apple.com
  • 5 edits in branches/safari-601.5.17.2-branch/Source

Versioning.

11:23 PM Changeset in webkit [198260] by bshafiei@apple.com
  • 2 edits in branches/safari-601.5.17.2-branch/Source/WebKit/win

Merged r198244. rdar://problem/25181891

11:22 PM Changeset in webkit [198259] by bshafiei@apple.com
  • 5 edits in branches/safari-601.5.17.2-branch/Source

Versioning.

11:18 PM Changeset in webkit [198258] by bshafiei@apple.com
  • 1 copy in branches/safari-601.5.17.2-branch

New Branch.

8:31 PM Changeset in webkit [198257] by BJ Burg
  • 4 edits in trunk/Source/JavaScriptCore

REGRESSION(r198077): generated Objective-C protocol object getters leak their wrappers
https://bugs.webkit.org/show_bug.cgi?id=155523
<rdar://problem/25181764>

Reviewed by Joseph Pecoraro.

Since the code may not be compiled with ARC, autorelease the returned wrapper.

  • inspector/scripts/codegen/objc_generator.py:

(ObjCGenerator.protocol_to_objc_expression_for_member):

  • inspector/scripts/tests/expected/type-declaration-object-type.json-result:
  • inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
7:16 PM Changeset in webkit [198256] by commit-queue@webkit.org
  • 6 edits in trunk/Source/JavaScriptCore

[JSC] Help clang generate better code on arrayProtoFuncToString()
https://bugs.webkit.org/show_bug.cgi?id=155512

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-15
Reviewed by Mark Lam.

3d-raytrace hits Array.toString() hard with small arrays.
Half of the time is going into overhead around the StringJoiner.
This patch makes the function shorter and the layout better.

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncToString):
Add "UNLIKELY" on rare cases. Clang pushes that code to the tail.

Factor the code of jsMakeNontrivialString() so that the operation
is not duplicated in the function.

  • runtime/JSStringBuilder.h:

(JSC::jsMakeNontrivialString):
jsNontrivialString() supports r-value reference.
Move the result string into jsNontrivialString(), this removes
the deref+destructor from the function.

  • runtime/JSStringJoiner.cpp:

(JSC::JSStringJoiner::~JSStringJoiner):
The destructor is pretty large. No point in inlining it.

(JSC::joinStrings):

  • runtime/JSStringJoiner.h:

(JSC::JSStringJoiner::JSStringJoiner):
(JSC::JSStringJoiner::append):
The calls were duplicated. That's unnecessary.

  • runtime/NumericStrings.h:

(JSC::NumericStrings::add):
Return a reference in all cases.
This removes a deref+destructor.

6:51 PM Changeset in webkit [198255] by Alan Bujtas
  • 13 edits
    2 deletes in trunk

Remove overflow: -webkit-marquee
https://bugs.webkit.org/show_bug.cgi?id=155517
<rdar://problem/25028481>

Reviewed by Simon Fraser.

This patch is based on Blink patch from jchaffraix@chromium.org (https://src.chromium.org/viewvc/blink?revision=151756&view=revision)

Source/WebCore:

  • css/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue):

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Deleted.
(WebCore::CSSPrimitiveValue::operator EOverflow): Deleted.

  • css/CSSValueKeywords.in:
  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle):

  • css/html.css:

(marquee): Deleted.

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::sizesLogicalWidthToFitContent):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):
(WebCore::RenderLayer::updateScrollInfoAfterLayout):
(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLayer.h:
  • rendering/RenderMarquee.h:
  • rendering/style/RenderStyleConstants.h:

LayoutTests:

  • fast/css/getPropertyValue-webkit-marquee.html:
  • fast/css/webkit-marquee-anonymous-node-crash-expected.txt: Removed.
  • fast/css/webkit-marquee-anonymous-node-crash.html: Removed.
6:45 PM Changeset in webkit [198254] by jdiggs@igalia.com
  • 11 edits in trunk

AX: Expose pointers to SVG elements referenced by aria-labelledby
https://bugs.webkit.org/show_bug.cgi?id=155481

Reviewed by Chris Fleizach.

Source/WebCore:

Expose elements referenced by aria-labelledby via ATK_RELATION_LABELLED_BY.
Stop calling the supportsARIA* methods before getting the elements referred
to by the associated ARIA property in the accessible wrapper for ATK and
the inspector: Getting the elements will be just as fast when there are no
such elements, and faster when there are.

Modified the w3c-svg-name-calculation.html test to include AXTitleUIElement
in its output.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::supportsARIAAttributes):
(WebCore::AccessibilityObject::ariaElementsFromAttribute): Added.
(WebCore::AccessibilityObject::ariaControlsElements): Added.
(WebCore::AccessibilityObject::ariaDescribedByElements): Added.
(WebCore::AccessibilityObject::ariaFlowToElements): Added.
(WebCore::AccessibilityObject::ariaLabelledByElements): Added.
(WebCore::AccessibilityObject::ariaOwnsElements): Added.

  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::ariaOwnsElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIAFlowTo): Deleted.
(WebCore::AccessibilityObject::ariaFlowToElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIADescribedBy): Deleted.
(WebCore::AccessibilityObject::ariaDescribedByElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIAControls): Deleted.
(WebCore::AccessibilityObject::ariaControlsElements): No longer virtual.

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::ariaElementsFromAttribute): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIAFlowTo): Deleted.
(WebCore::AccessibilityRenderObject::ariaFlowToElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIADescribedBy): Deleted.
(WebCore::AccessibilityRenderObject::ariaDescribedByElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIAControls): Deleted.
(WebCore::AccessibilityRenderObject::ariaControlsElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::ariaOwnsElements): Moved to AccessibilityObject.

  • accessibility/AccessibilityRenderObject.h:
  • accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(setAtkRelationSetFromCoreObject):

  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

LayoutTests:

  • accessibility/w3c-svg-name-calculation.html: Modified to also output AXTitleUIElement.
  • platform/gtk/accessibility/w3c-svg-name-calculation-expected.txt: Updated.
  • platform/mac/accessibility/w3c-svg-name-calculation-expected.txt: Updated.
6:07 PM Changeset in webkit [198253] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Remove stale ArrayPrototype declarations
https://bugs.webkit.org/show_bug.cgi?id=155520

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-15
Reviewed by Mark Lam.

  • runtime/ArrayPrototype.cpp:

The implementations went away when the methods were moved to builtins
but the declarations were left behind.

6:02 PM Changeset in webkit [198252] by oliver@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

Rename performJITMemcpy to something more inline with our normal webkit function names
https://bugs.webkit.org/show_bug.cgi?id=155525

Reviewed by Saam Barati.

Simple bulk search/replace with a better name.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):

  • jit/ExecutableAllocator.h:

(JSC::writeToExecutableRegion):
(JSC::performJITMemcpy): Deleted.

5:45 PM Changeset in webkit [198251] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebKit/mac

[ios-sim debug] API test WebKit1.AudioSessionCategoryIOS timing out
https://bugs.webkit.org/show_bug.cgi?id=155275

Reviewed by Alexey Proskuryakov.

The videoPlaybackRequiresUserGesture and audioPlaybackRequiresUserGesture should both defalut to
NO, so that legacy clients of -[UIWebView setMediaPlaybackRequiresUserAction:] continue to work
as expected.

  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

5:22 PM Changeset in webkit [198250] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1.46-branch/Source/WebKit2

Merge r195982. rdar://problem/24560759

5:22 PM Changeset in webkit [198249] by matthew_hanson@apple.com
  • 4 edits
    1 add in branches/safari-601.1.46-branch

Merge r194060. rdar://problem/24560757

5:22 PM Changeset in webkit [198248] by matthew_hanson@apple.com
  • 4 edits in branches/safari-601.1.46-branch/Source/WebCore

Merge r197125. rdar://problem/24860685

5:22 PM Changeset in webkit [198247] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601.1.46-branch/Source/WebCore

Merge r196670. rdar://problem/24860681

5:22 PM Changeset in webkit [198246] by matthew_hanson@apple.com
  • 19 edits
    2 adds in branches/safari-601.1.46-branch

Merge r196268. rdar://problem/24748259

5:02 PM Changeset in webkit [198245] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

Follow up to r195769.
https://bugs.webkit.org/show_bug.cgi?id=155519
rdar://problem/25146483

Reviewed by Tim Horton.

There are two code paths that lead to calling handleSyntheticClick()
where we need to check if the default action can be performed on the
data detector link.
Only one was covered in r195769 and this patch addresses the missing one.
I've also discovered that the point reported in DidNotHandleTapAsClick was
incorrectly always (0, 0) and I've fixed it.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleTap):

5:00 PM Changeset in webkit [198244] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit/win

[Win] Correct double-release of CFURLConnectionRef
https://bugs.webkit.org/show_bug.cgi?id=155515
<rdar://problem/25159143>

Reviewed by Tim Horton.

Tested by http/tests/download suite.

  • WebDownloadCFNet.cpp: Remove extra CFRelease.
4:59 PM Changeset in webkit [198243] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Occasional crash under GraphicsContext::platformContext() when dragging Google maps
https://bugs.webkit.org/show_bug.cgi?id=155521
rdar://problem/24357307

Reviewed by Tim Horton.

It's possible for createDragImageForSelection() to return a null image, if the bounds
of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
because a zero-sized ShareableBitmap will return a null GraphicsContext.

To avoid this, early return from DragController::startDrag() if the dragImage is null.

I wasn't able to come up with a test for this.

  • page/DragController.cpp:

(WebCore::DragController::startDrag):

4:51 PM Changeset in webkit [198242] by timothy_horton@apple.com
  • 2 edits in trunk/Tools

[iOS Simulator] Test result snapshots are upside down
https://bugs.webkit.org/show_bug.cgi?id=154761

Reviewed by Simon Fraser.

  • WebKitTestRunner/cg/TestInvocationCG.cpp:

(WTR::createCGContextFromImage):
(WTR::TestInvocation::dumpPixelsAndCompareWithExpected):
In r97104, Simon added code to take WindowServer snapshots, which came
in flipped, and added code to flip them back. At this point, WindowServer
snapshots got flipped, and software snapshots did not.

In r140067, Simon noticed that WindowServer ref test images were upside-down
on Mac (not sure why this changed), so turned off the flipping code (but
didn't delete it!). Now, WindowServer snapshots and software snapshots both
are not flipped.

In r190304, Carlos added an enum for the source of the snapshot ("WebView"
for window server snapshots, and "WebContent" for software snapshots),
and - critically - changed the flipping logic to flip software snapshots!

We didn't notice this on Mac because at this point we've made it so that
we *always* have WindowServer snapshots, but on iOS we still don't have
WindowServer snapshots, so now they're flipped.

And that's how we got here.

To restore the behavior from r140067, and correctly unflip snapshots on
iOS, just delete this code.

4:29 PM Changeset in webkit [198241] by oliver@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Improved build fix.

4:24 PM Changeset in webkit [198240] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Gardening: build fix after r198235.

Not Reviewed.

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

4:13 PM Changeset in webkit [198239] by timothy_horton@apple.com
  • 12 edits
    2 adds in trunk

iOS <attachment> element should allow customization of action text color
https://bugs.webkit.org/show_bug.cgi?id=155513
<rdar://problem/24805991>

Reviewed by Simon Fraser.

Test: fast/attachment/attachment-action.html

  • css/html.css:

(attachment):
On iOS (the only place it is used), <attachment> color should default to system blue.

  • rendering/RenderThemeIOS.mm:

(WebCore::attachmentActionColor):
(WebCore::AttachmentInfo::AttachmentInfo):
Make use of the <attachment>'s CSS color for the action text.
This is a little weird because there are multiple bits of text in an
<attachment>, but only the action text ever changes color.

  • fast/attachment/attachment-action-expected.html: Added.
  • fast/attachment/attachment-action.html: Added.
  • platform/ios-simulator/fast/attachment/attachment-label-highlight-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-progress-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-rendering-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-select-on-click-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-select-on-click-inside-user-select-all-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-subtitle-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-title-expected.txt:

Rebaseline some tests and add one that action text matches the requested color.

4:10 PM Changeset in webkit [198238] by Alan Bujtas
  • 9 edits in trunk/Source/WebCore

Delay HTMLFormControlElement::focus() call until after layout is finished.
https://bugs.webkit.org/show_bug.cgi?id=155503
<rdar://problem/24046635>

Reviewed by Simon Fraser.

Calling focus on a form element can trigger arbitrary JS code which could interfere with
the ongoing layout.
This patch delays HTMLFormControlElement::focus() call until after layout is finished.
If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
after style resolution is done.

Covered by LayoutTests/fast/dom/adopt-node-crash-2.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::updateBackingStore):

  • dom/Document.cpp:

(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::updateLayout):
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

  • html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::didAttachRenderers):

  • page/FrameView.cpp:

(WebCore::FrameView::layout):
(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):
(WebCore::FrameView::performPostLayoutTasks):
(WebCore::FrameView::sendResizeEventIfNeeded):

  • page/FrameView.h:
  • rendering/RenderBox.cpp:

(WebCore::RenderBox::imageChanged):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

3:57 PM Changeset in webkit [198237] by Ryan Haddad
  • 2 edits in trunk/Source/WebKit2

Unreviewed, rolling out r198230.

This change caused LayoutTests to fail on Mac

Reverted changeset:

"REGRESSION (r194660): Navigating to HTTPS sites may fail with
error"
https://bugs.webkit.org/show_bug.cgi?id=155455
http://trac.webkit.org/changeset/198230

3:46 PM Changeset in webkit [198236] by Simon Fraser
  • 2 edits
    7 adds in trunk/PerformanceTests

Add developer Animometer test that bounces P3-tagged images
https://bugs.webkit.org/show_bug.cgi?id=155511

Reviewed by Tim Horton.

Add a test for rendering performance of tagged images. The 5 images are tagged
with the Display P3 colorspace.

  • Animometer/resources/debug-runner/tests.js:
  • Animometer/tests/bouncing-particles/bouncing-tagged-images.html: Added.
  • Animometer/tests/bouncing-particles/resources/bouncing-tagged-images.js: Added.
  • Animometer/tests/bouncing-particles/resources/image1.jpg: Added.
  • Animometer/tests/bouncing-particles/resources/image2.jpg: Added.
  • Animometer/tests/bouncing-particles/resources/image3.jpg: Added.
  • Animometer/tests/bouncing-particles/resources/image4.jpg: Added.
  • Animometer/tests/bouncing-particles/resources/image5.jpg: Added.
3:44 PM Changeset in webkit [198235] by oliver@apple.com
  • 16 edits in trunk/Source

Remove compile time define for SEPARATED_HEAP
https://bugs.webkit.org/show_bug.cgi?id=155508

Reviewed by Mark Lam.

Source/JavaScriptCore:

This removes the compile time define for the SEPARATED_HEAP
feature, and moves to a default-off runtime preference.

This happily also removes the need for world rebuilds while
bringing it up on different platforms.

  • Configurations/FeatureDefines.xcconfig:
  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):

  • jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
(JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted.

  • runtime/Options.cpp:

(JSC::recomputeDependentOptions):

  • runtime/Options.h:

Source/WebCore:

Remove the feature define.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Remove the feature define.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Remove the feature define.

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

Remove the feature define.

  • wtf/FeatureDefines.h:
  • wtf/Platform.h:
3:42 PM Changeset in webkit [198234] by rniwa@webkit.org
  • 2 edits
    1 add in trunk/Websites/perf.webkit.org

Extract the code to format commit logs into its own PHP file
https://bugs.webkit.org/show_bug.cgi?id=155514

Rubber-stamped by Chris Dumez.

Extracted CommitLogFetcher out of /api/commits so that it could be used in analysis-tasks.php
in the future to support associating cause/fix for each analysis task.

  • public/api/commits.php:
  • public/include/commit-log-fetcher.php: Added.

(CommitLogFetcher)
(CommitLogFetcher::construct): Added.
(CommitLogFetcher::repository_id_from_name): Added.
(CommitLogFetcher::fetch_between): Added.
(CommitLogFetcher::fetch_oldest): Added.
(CommitLogFetcher::fetch_latest): Added.
(CommitLogFetcher::fetch_last_reported): Added.
(CommitLogFetcher::fetch_revision): Added.
(CommitLogFetcher::commit_for_revision): Added.
(CommitLogFetcher::format_single_commit): Added.
(CommitLogFetcher::format_commit): Added.

3:38 PM Changeset in webkit [198233] by commit-queue@webkit.org
  • 6 edits in trunk

Unreviewed, rolling out r198148.
https://bugs.webkit.org/show_bug.cgi?id=155518

"Lets do this patch at a later time" (Requested by saamyjoon
on #webkit).

Reverted changeset:

"[ES6] Disallow var assignments in for-in loops"
https://bugs.webkit.org/show_bug.cgi?id=155451
http://trac.webkit.org/changeset/198148

3:22 PM Changeset in webkit [198232] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Test result gardening for
ASSERT_NOT_REACHED on imported/w3c/web-platform-tests/html/semantics/embedded-content/the-area-element/area-coords.html
https://bugs.webkit.org/show_bug.cgi?id=155516

  • TestExpectations: Skip the test in debug, as it's not useful to crash every time.
3:04 PM Changeset in webkit [198231] by ap@apple.com
  • 2 edits in trunk/Tools

run-api-tests doesn't print test name when the test crashes
https://bugs.webkit.org/show_bug.cgi?id=155476

Reviewed by Daniel Bates.

  • Scripts/run-api-tests: Print "UNEXPECTEDLY EXITED" with a test name when output

doesn't contain the test name yet. Changed test name output to always be before raw
stdout for clarity.

2:55 PM Changeset in webkit [198230] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r194660): Navigating to HTTPS sites may fail with error
https://bugs.webkit.org/show_bug.cgi?id=155455
<rdar://problem/24308793>

Reviewed by Alexey Proskuryakov.

Fixes an issue where navigating to an HTTPS site may fail because the Security Framework uses
a cache directory that it does not have permission to use.

  • Shared/mac/ChildProcessMac.mm:

(WebKit::codeSigningIdentifierForProcess): Queries the Security Framework for the code signed
bundle identifier/code signing identifier.
(WebKit::ChildProcess::initializeSandbox): Use the client identifier as part of the user directory
suffix. Verify that the client identifier matches the code signed bundled identifier/code
signing identifier for the code signed app/tool. Fix minor code style issue; use a C++-style cast
instead of a C-style cast when casting an OSStatus to a long.
(WebKit::findSecCodeForProcess): Deleted; incorporated logic into WebKit::codeSigningIdentifierForProcess().

2:48 PM Changeset in webkit [198229] by commit-queue@webkit.org
  • 4 edits in trunk

REGRESSION: ASSERTION FAILED: !m_lastActiveBlock on js/function-apply.html
https://bugs.webkit.org/show_bug.cgi?id=155411
<rdar://problem/25134537>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-15
Reviewed by Mark Lam.

Source/JavaScriptCore:

  • heap/Heap.cpp:

(JSC::Heap::collectImpl):
(JSC::Heap::didFinishCollection):
During collection allocators are stop/reset. The HeapProfiler tasks
were using HeapIterationScope (to satisfy MarkedSpace forEachCell API
contracts) which was doing its own stop/resume of allocators. Doing a
stop/resume in between the normal stop/reset of collection is unexpected.

Move this to didFinishCollection, alongside other heap iterations
like zombies and immortal objects. Putting this after those tasks
also means the heap snapshots will respect the zombies/immortal options
when deciding if the cell is alive or not.

LayoutTests:

  • platform/mac/TestExpectations:

Unmark test as flakey.

1:41 PM Changeset in webkit [198228] by sbarati@apple.com
  • 13 edits in trunk/Source/JavaScriptCore

We should have different JSTypes for JSGlobalLexicalEnvironment and JSLexicalEnvironment and JSModuleEnvironment
https://bugs.webkit.org/show_bug.cgi?id=152406

Reviewed by Mark Lam.

This makes testing for a JSGlobalLexicalEnvironment faster
because we can just check the Cell's type instead of using
jsDynamicCast. I also changed code that does jsDynamicCast<JSGlobalObject*>
instead of isGlobalObject().

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

  • runtime/JSGlobalLexicalEnvironment.h:

(JSC::JSGlobalLexicalEnvironment::createStructure):

  • runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::createStructure):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):

  • runtime/JSModuleEnvironment.h:

(JSC::JSModuleEnvironment::createStructure):
(JSC::JSModuleEnvironment::offsetOfModuleRecord):

  • runtime/JSObject.h:

(JSC::JSObject::isGlobalObject):
(JSC::JSObject::isJSLexicalEnvironment):
(JSC::JSObject::isGlobalLexicalEnvironment):
(JSC::JSObject::isErrorInstance):

  • runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::isUnscopable):
(JSC::JSScope::resolve):
(JSC::JSScope::collectVariablesUnderTDZ):
(JSC::JSScope::isVarScope):
(JSC::JSScope::isLexicalScope):
(JSC::JSScope::isModuleScope):
(JSC::JSScope::isCatchScope):
(JSC::JSScope::isFunctionNameScopeObject):
(JSC::JSScope::isNestedLexicalScope):
(JSC::JSScope::constantScopeForCodeBlock):
(JSC::isScopeType): Deleted.
(JSC::JSScope::isGlobalLexicalEnvironment): Deleted.

  • runtime/JSScope.h:
  • runtime/JSType.h:
1:31 PM Changeset in webkit [198227] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Fixing expectation for css3/masking/mask-svg-script-none-to-png.html on ios-simulator

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
1:27 PM Changeset in webkit [198226] by timothy_horton@apple.com
  • 12 edits in trunk/LayoutTests

Unskip and rebaseline <attachment> tests on iOS
<rdar://problem/24805991>

  • fast/attachment/attachment-default-icon.html:
  • fast/attachment/attachment-folder-icon.html:
  • fast/attachment/attachment-type-attribute.html:

Make these tests have identical titles between ref and actual, because
on iOS the layout differs if you have a title or not (unlike on Mac).

  • platform/ios-simulator/TestExpectations:
  • platform/ios-simulator/fast/attachment/attachment-label-highlight-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-progress-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-rendering-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-select-on-click-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-select-on-click-inside-user-select-all-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-subtitle-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-title-expected.txt:

Unskip and rebaseline all but one of the attachment tests on iOS.

1:01 PM Changeset in webkit [198225] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Restore pre-r197244 behavior on Mac
https://bugs.webkit.org/show_bug.cgi?id=155507
<rdar://problem/25174132>

Reviewed by Gavin Barraclough.

<http://trac.webkit.org/changeset/197244> changed the session restore
behavior to disallow stale content on all platforms except iOS.
We would also like to maintain the behavior on Mac for performance
reasons and consistency between iOS and Mac.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadDifferentDocumentItem):

12:46 PM Changeset in webkit [198224] by Antti Koivisto
  • 2 edits in trunk/Source/WebKit2

Add Antti to WebKit2 Owners file
https://bugs.webkit.org/show_bug.cgi?id=155504

Reviewed by Anders Carlsson and Sam Weinig.

  • Owners:
12:45 PM Changeset in webkit [198223] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

<attachment> on iOS isn't quite vertically centered
https://bugs.webkit.org/show_bug.cgi?id=155502
<rdar://problem/24805991>

Reviewed by Beth Dakin.

No new tests; there are existing tests that will be enabled shortly.

  • rendering/RenderThemeIOS.mm:

(WebCore::AttachmentInfo::AttachmentInfo):
We were overcounting the total height of the attachment content by one margin, because each item
would add in its margin, including the last one. Remove one margin.

12:43 PM Changeset in webkit [198222] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Remove flaky expectation for webgl/1.0.2/conformance/rendering/gl-scissor-test.html for mac
https://bugs.webkit.org/show_bug.cgi?id=126586

Unreviewed test gardening.

  • platform/mac/TestExpectations:
12:24 PM Changeset in webkit [198221] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Fixing a typo in the ios-simulator TestExpectations file

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
12:15 PM Changeset in webkit [198220] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking animations/3d/transform-origin-vs-functions.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155501

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
12:03 PM Changeset in webkit [198219] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: certain elements not included in accessibility tree
https://bugs.webkit.org/show_bug.cgi?id=155480

Reviewed by Beth Dakin.

Source/WebCore:

This test case exposed a hole in the nextSibling logic where you can get into a state where we skip content.
The fix is to check if an inline element continuation has no sibling, to fall back on to the parent case to see if that has a sibling.

Test: accessibility/double-nested-inline-element-missing-from-tree.html

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::nextSibling):

LayoutTests:

  • accessibility/double-nested-inline-element-missing-from-tree-expected.txt: Added.
  • accessibility/double-nested-inline-element-missing-from-tree.html: Added.
11:26 AM Changeset in webkit [198218] by Chris Dumez
  • 22 edits
    2 deletes in trunk

Unreviewed, rolling out r198203.

Favorites view is no longer loading on iOS

Reverted changeset:

"URL Parsing should signal failure for illegal IDN"
https://bugs.webkit.org/show_bug.cgi?id=154945
http://trac.webkit.org/changeset/198203

11:25 AM Changeset in webkit [198217] by timothy_horton@apple.com
  • 3 edits in trunk/Source/WebCore

<attachment> on iOS should use short and emphasized fonts
https://bugs.webkit.org/show_bug.cgi?id=155485
<rdar://problem/24805991>

Reviewed by Simon Fraser.

No new tests; there are existing tests that will be enabled shortly.

  • rendering/RenderThemeIOS.mm:

(WebCore::attachmentActionFont):
(WebCore::attachmentTitleFont):
(WebCore::attachmentSubtitleFont):
(WebCore::AttachmentInfo::buildTitleLines):
(WebCore::AttachmentInfo::buildSingleLine):
(WebCore::AttachmentInfo::AttachmentInfo):
No need for UIFonts, we can use CoreText, and that allows us to ask for the
correct Short and Emphasized variants that we need.

10:26 AM Changeset in webkit [198216] by Antti Koivisto
  • 9 edits in trunk

Source/WebCore:
REGRESSION (196383): Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

We fail to invalidate bar style in

:not(.foo) bar { }

when class foo is added or removed.

There is a logic error in the invalidation code. It assumes that class addition can only make new selectors match
and removal make them not match. This is not true when :not is present.

  • style/AttributeChangeInvalidation.h:

(WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):

  • style/ClassChangeInvalidation.cpp:

(WebCore::Style::ClassChangeInvalidation::invalidateStyle):

Invalidate style and collect full set of rules that may affect descendant style.

(WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle):

Invalidate with this set both before and after committing the changes.

(WebCore::Style::ClassChangeInvalidation::computeClassChange): Deleted.

  • style/ClassChangeInvalidation.h:

(WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
(WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

LayoutTests:
Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

  • fast/css/style-invalidation-attribute-change-descendants-expected.txt:
  • fast/css/style-invalidation-attribute-change-descendants.html:

Also add :not case for attribute changes (which handles this correctly already).

  • fast/css/style-invalidation-class-change-descendants-expected.txt:
  • fast/css/style-invalidation-class-change-descendants.html:

Add :not case.

8:30 AM Changeset in webkit [198215] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

8:28 AM Changeset in webkit [198214] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.23

New tag.

8:27 AM Changeset in webkit [198213] by bshafiei@apple.com
  • 1 delete in tags/Safari-602.1.23

Delete tag.

8:26 AM Changeset in webkit [198212] by fpizlo@apple.com
  • 45 edits
    2 deletes in trunk/Source/JavaScriptCore

Remove the Baker barrier from JSC
https://bugs.webkit.org/show_bug.cgi?id=155479

Reviewed by Saam Barati.

It's been a while since I added a Baker barrier, but I never followed it up with an actual
concurrent GC. While thinking about the GC, I became convinced that the right path forward
is to do a non-copying concurrent GC. That is, remove the copied space and just use the
marked space. The downside of using marked space cannot be more than the overhead of the
Baker barrier, so concurrent non-copying GC is definitely better than copying
non-concurrent GC. I also suspect that just plain non-copying non-concurrent GC is going to
be fine also, so the path forward will probably be to first just remove CopiedSpace.

Anyway, for now this patch just removes the Baker barrier. It was a cute implementation but
it just cost performance and I don't think we'll ever use it.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGCopyBarrierOptimizationPhase.cpp: Removed.
  • dfg/DFGCopyBarrierOptimizationPhase.h: Removed.
  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
(JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
(JSC::DFG::SpeculativeJIT::compileGetButterfly):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetButterfly):
(JSC::FTL::DFG::LowerDFGToB3::compileConstantStoragePointer):
(JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckArray):
(JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayByteOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiGetByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileGetDirectPname):
(JSC::FTL::DFG::LowerDFGToB3::storageForTransition):
(JSC::FTL::DFG::LowerDFGToB3::getById):
(JSC::FTL::DFG::LowerDFGToB3::isFastTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileGetButterflyReadOnly): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::loadButterflyWithBarrier): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::loadVectorWithBarrier): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::copyBarrier): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::isInToSpace): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::loadButterflyReadOnly): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::loadVectorReadOnly): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::removeSpaceBits): Deleted.

  • heap/CopyBarrier.h:

(JSC::CopyBarrierBase::CopyBarrierBase):
(JSC::CopyBarrierBase::operator bool):
(JSC::CopyBarrierBase::get):
(JSC::CopyBarrierBase::clear):
(JSC::CopyBarrierBase::setWithoutBarrier):
(JSC::CopyBarrier::CopyBarrier):
(JSC::CopyBarrier::get):
(JSC::CopyBarrier::set):
(JSC::CopyBarrier::setWithoutBarrier):
(JSC::CopyBarrierBase::operator!): Deleted.
(JSC::CopyBarrierBase::getWithoutBarrier): Deleted.
(JSC::CopyBarrierBase::getPredicated): Deleted.
(JSC::CopyBarrierBase::copyState): Deleted.
(JSC::CopyBarrierBase::setCopyState): Deleted.
(JSC::CopyBarrierBase::weakCASWithoutBarrier): Deleted.
(JSC::CopyBarrier::getWithoutBarrier): Deleted.
(JSC::CopyBarrier::getPredicated): Deleted.
(JSC::CopyBarrier::weakCASWithoutBarrier): Deleted.

  • heap/Heap.cpp:

(JSC::Heap::addToRememberedSet):
(JSC::Heap::collectAndSweep):
(JSC::Heap::copyBarrier): Deleted.

  • heap/Heap.h:

(JSC::Heap::writeBarrierBuffer):

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::branchIfNotFastTypedArray):
(JSC::AssemblyHelpers::purifyNaN):
(JSC::AssemblyHelpers::loadTypedArrayVector): Deleted.

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::branchStructure):
(JSC::AssemblyHelpers::addressForByteOffset):
(JSC::AssemblyHelpers::branchIfToSpace): Deleted.
(JSC::AssemblyHelpers::branchIfNotToSpace): Deleted.
(JSC::AssemblyHelpers::removeSpaceBits): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emitSlow_op_has_indexed_property):
(JSC::JIT::emit_op_get_direct_pname):
(JSC::JIT::emitSlow_op_get_direct_pname):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_get_direct_pname):
(JSC::JIT::emitSlow_op_get_direct_pname):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitDoubleLoad):
(JSC::JIT::emitContiguousLoad):
(JSC::JIT::emitArrayStorageLoad):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitArrayStoragePutByVal):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emitIntTypedArrayGetByVal):
(JSC::JIT::emitFloatTypedArrayGetByVal):
(JSC::JIT::emitIntTypedArrayPutByVal):
(JSC::JIT::emitFloatTypedArrayPutByVal):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::visitChildren):
(JSC::DirectArguments::copyBackingStore):
(JSC::DirectArguments::overrideArgument):
(JSC::DirectArguments::copyToArguments):

  • runtime/DirectArguments.h:

(JSC::DirectArguments::canAccessIndexQuickly):
(JSC::DirectArguments::canAccessArgumentIndexQuicklyInDFG):

  • runtime/JSArray.cpp:

(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::push):
(JSC::JSArray::fastSlice):
(JSC::JSArray::fastConcatWith):
(JSC::JSArray::shiftCountWithArrayStorage):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
(JSC::JSArray::fillArgList):
(JSC::JSArray::copyToArguments):

  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::finalize):

  • runtime/JSArrayBufferView.h:

(JSC::JSArrayBufferView::isNeutered):
(JSC::JSArrayBufferView::vector):
(JSC::JSArrayBufferView::length):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
(JSC::JSGenericTypedArrayView<Adaptor>::copyBackingStore):

  • runtime/JSObject.cpp:

(JSC::JSObject::visitChildren):
(JSC::JSObject::copyBackingStore):
(JSC::JSObject::heapSnapshot):
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::putByIndex):
(JSC::JSObject::enterDictionaryIndexingMode):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::setIndexQuicklyToUndecided):
(JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::putIndexedDescriptor):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
(JSC::JSObject::getNewVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::reallocateAndShrinkButterfly):
(JSC::JSObject::growOutOfLineStorage):
(JSC::getBoundSlotBaseFunctionForGetterSetter):
(JSC::JSObject::getEnumerableLength):

  • runtime/JSObject.h:

(JSC::JSObject::getArrayLength):
(JSC::JSObject::getVectorLength):
(JSC::JSObject::canGetIndexQuickly):
(JSC::JSObject::getIndexQuickly):
(JSC::JSObject::tryGetIndexQuickly):
(JSC::JSObject::canSetIndexQuickly):
(JSC::JSObject::canSetIndexQuicklyForPutDirect):
(JSC::JSObject::setIndexQuickly):
(JSC::JSObject::initializeIndex):
(JSC::JSObject::hasSparseMap):
(JSC::JSObject::inSparseIndexingMode):
(JSC::JSObject::inlineStorage):
(JSC::JSObject::butterfly):
(JSC::JSObject::outOfLineStorage):
(JSC::JSObject::locationForOffset):
(JSC::JSObject::ensureInt32):
(JSC::JSObject::ensureDouble):
(JSC::JSObject::ensureContiguous):
(JSC::JSObject::ensureArrayStorage):
(JSC::JSObject::arrayStorage):
(JSC::JSObject::arrayStorageOrNull):
(JSC::JSObject::ensureLength):
(JSC::JSObject::putDirectWithoutTransition):

  • runtime/MapData.h:

(JSC::JSIterator>::IteratorData::next):
(JSC::JSIterator>::IteratorData::refreshCursor):

  • runtime/MapDataInlines.h:

(JSC::JSIterator>::find):
(JSC::JSIterator>::add):
(JSC::JSIterator>::remove):
(JSC::JSIterator>::replaceAndPackBackingStore):
(JSC::JSIterator>::replaceBackingStore):
(JSC::JSIterator>::ensureSpaceForAppend):
(JSC::JSIterator>::visitChildren):
(JSC::JSIterator>::copyBackingStore):

  • runtime/Options.h:
8:20 AM Changeset in webkit [198211] by jer.noble@apple.com
  • 5 edits
    2 adds in trunk

Video elements with autoplay do not begin playing when scrolling into view if InvisibleAutoplayNotPermitted is set.
https://bugs.webkit.org/show_bug.cgi?id=155468

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/video-restricted-invisible-autoplay-allowed-when-visible.html

A few bugs came together to cause this behavior. We were not telling the media session that we were going to begin
the autoplaying state, we were not restoring the correct state when the interruption ended, and we were not checking
to see if we could actually play correctly when the interruption ended.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::prepareForLoad):
(WebCore::HTMLMediaElement::canTransitionFromAutoplayToPlay):
(WebCore::HTMLMediaElement::setReadyState):
(WebCore::HTMLMediaElement::resumeAutoplaying):
(WebCore::HTMLMediaElement::updateShouldPlay):
(WebCore::elementCanTransitionFromAutoplayToPlay): Deleted.

  • html/HTMLMediaElement.h:
  • platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::endInterruption):

LayoutTests:

  • media/video-restricted-invisible-autoplay-allowed-when-visible-expected.txt: Added.
  • media/video-restricted-invisible-autoplay-allowed-when-visible.html: Added.
8:10 AM Changeset in webkit [198210] by Manuel Rego Casasnovas
  • 10 edits
    1 move in trunk/Source/WebCore

[css-grid] Rename GridCoordinate to GridArea
https://bugs.webkit.org/show_bug.cgi?id=155489

Reviewed by Sergio Villar Senin.

As the comment in GridCoordinate states,
it actually represents a grid area as it stores
the initial and final positions in both axis (columns and rows).

Someone can think about a grid coordinate just like a single cell.
However this class was representing an area of several cells.

On top of that the "grid area" concept is defined in the spec:
https://drafts.csswg.org/css-grid/#grid-area-concept

No new tests, no change of behavior.

  • WebCore.xcodeproj/project.pbxproj:
  • css/CSSGridTemplateAreasValue.cpp:

(WebCore::stringForPosition):

  • css/CSSGridTemplateAreasValue.h:
  • css/CSSParser.cpp:

(WebCore::CSSParser::parseGridTemplateAreasRow):

  • css/CSSParser.h:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::clearGrid):
(WebCore::RenderGrid::cachedGridArea):
(WebCore::RenderGrid::cachedGridSpan):

  • rendering/RenderGrid.h:
  • rendering/style/GridArea.h: Renamed from Source/WebCore/rendering/style/GridCoordinate.h.

(WebCore::GridSpan::untranslatedDefiniteGridSpan):
(WebCore::GridSpan::translatedDefiniteGridSpan):
(WebCore::GridSpan::indefiniteGridSpan):
(WebCore::GridSpan::operator==):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::untranslatedResolvedInitialPosition):
(WebCore::GridSpan::untranslatedResolvedFinalPosition):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator):
(WebCore::GridSpan::GridSpanIterator::operator unsigned&):
(WebCore::GridSpan::GridSpanIterator::operator*):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::isTranslatedDefinite):
(WebCore::GridSpan::isIndefinite):
(WebCore::GridSpan::translate):
(WebCore::GridSpan::GridSpan):
(WebCore::GridArea::GridArea):
(WebCore::GridArea::operator==):
(WebCore::GridArea::operator!=):

  • rendering/style/GridPositionsResolver.cpp:
  • rendering/style/StyleGridData.h:
7:21 AM Changeset in webkit [198209] by jh718.park@samsung.com
  • 2 edits in trunk/Source/WebCore

[GTK] Remove duplicate HashMap traversal and unneeded reference count churn in DataObjectGtk::forClipboard
https://bugs.webkit.org/show_bug.cgi?id=155470

Reviewed by Carlos Garcia Campos.

No new tests, no new behaviours.

  • platform/gtk/DataObjectGtk.cpp:

(WebCore::DataObjectGtk::forClipboard):

3:42 AM Changeset in webkit [198208] by Gyuyoung Kim
  • 2 edits in trunk/Source/WebKit2

EFL build has been broken since r198180
https://bugs.webkit.org/show_bug.cgi?id=155488

Unreviewed build fix.

  • WebProcess/UserContent/WebUserContentController.h: Use ENABLE(USER_MESSAGE_HANDLERS) guard.
3:38 AM Changeset in webkit [198207] by Manuel Rego Casasnovas
  • 7 edits
    2 moves in trunk/Source/WebCore

[css-grid] Rename GridResolvedPosition to GridPositionsResolver
https://bugs.webkit.org/show_bug.cgi?id=155486

Reviewed by Sergio Villar Senin.

GridResolvedPosition is not storing a position (track or line) anymore.
Currently it's just a class wrapping the methods to resolve
grid positions from style.
Renamed the class to avoid confusions.

No new tests, no change of behavior.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

  • rendering/RenderGrid.h:
  • rendering/style/GridCoordinate.h:
  • rendering/style/GridPositionsResolver.cpp: Renamed from Source/WebCore/rendering/style/GridResolvedPosition.cpp.

(WebCore::isColumnSide):
(WebCore::isStartSide):
(WebCore::initialPositionSide):
(WebCore::finalPositionSide):
(WebCore::gridLinesForSide):
(WebCore::implicitNamedGridLineForSide):
(WebCore::GridPositionsResolver::isNonExistentNamedLineOrArea):
(WebCore::adjustGridPositionsFromStyle):
(WebCore::GridPositionsResolver::explicitGridColumnCount):
(WebCore::GridPositionsResolver::explicitGridRowCount):
(WebCore::explicitGridSizeForSide):
(WebCore::lookAheadForNamedGridLine):
(WebCore::lookBackForNamedGridLine):
(WebCore::resolveNamedGridLinePositionFromStyle):
(WebCore::definiteGridSpanWithNamedLineSpanAgainstOpposite):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::GridPositionsResolver::spanSizeForAutoPlacedItem):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridPositionsResolver::resolveGridPositionsFromStyle):

  • rendering/style/GridPositionsResolver.h: Renamed from Source/WebCore/rendering/style/GridResolvedPosition.h.
  • rendering/style/StyleAllInOne.cpp:
1:59 AM Changeset in webkit [198206] by sbarati@apple.com
  • 5 edits
    2 adds in trunk/Source/JavaScriptCore

Destructuring parameters are evaluated in the wrong scope
https://bugs.webkit.org/show_bug.cgi?id=155454

Reviewed by Geoffrey Garen.

This patch makes our engine compatible with how parameter
lists are evaluated in ES6. A parameter list that contains
a rest parameter, any destructuring patterns, or default parameter values,
is classified as being non-simple. Non-simple parameter lists
must get their own scope to live in, and the variables in the
scope are under TDZ. This means that functions evaluated in the
parameter list don't have access to variables inside the function
body. Also, non-simple parameter lists get the strict-mode arguments object.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):
(JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):

  • bytecompiler/BytecodeGenerator.h:
  • parser/Nodes.h:

(JSC::FunctionParameters::size):
(JSC::FunctionParameters::at):
(JSC::FunctionParameters::append):
(JSC::FunctionParameters::hasDefaultParameterValues): Deleted.

  • tests/es6.yaml:
  • tests/stress/parameter-scoping.js: Added.

(assert):
(test):
(test.foo):
(test.):

1:58 AM Changeset in webkit [198205] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Leak: Accelerated ImageBufferCairo doesn't destroy the used textures
https://bugs.webkit.org/show_bug.cgi?id=155431

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-15
Reviewed by Žan Doberšek.

When using the Cairo backend, add a destructor to ImageBufferData and use it to destroy the
textures created if the buffer is being accelerated.

No new tests, already covered by existing ones.

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::ImageBufferData):
Store the renderingMode flag.
(WebCore::ImageBufferData::~ImageBufferData):
Destroy gl resources if renderingMode is accelerated.
(WebCore::ImageBuffer::ImageBuffer):
Pass renderingMode to the data class and use it fro checks instead of the function parameter.

  • platform/graphics/cairo/ImageBufferDataCairo.h:

Add destructor and a renderingMode flag.

1:49 AM Changeset in webkit [198204] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198201 - REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432

Reviewed by Darin Adler.

The GTK+ port Web Inspector uses GResources for all internal
resources (images, fonts, scripts, etc.) that are now blocked by
the CSP. GResouces are like data URLs in practice, so we should
always allow them.

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

12:53 AM Changeset in webkit [198203] by jiewen_tan@apple.com
  • 22 edits
    2 adds in trunk

URL Parsing should signal failure for illegal IDN
https://bugs.webkit.org/show_bug.cgi?id=154945
<rdar://problem/8014795>

Reviewed by Brent Fulgham.

Source/WebCore:

WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
that deal with IDN mapping will now return nil to signal error.

Test: fast/url/invalid-idn.html

  • platform/URL.cpp:

(WebCore::isSchemeFirstChar):
(WebCore::URL::init):
(WebCore::appendEncodedHostname):
(WebCore::encodeHostnames):
(WebCore::encodeRelativeString):

  • platform/mac/WebCoreNSURLExtras.h:
  • platform/mac/WebCoreNSURLExtras.mm:

(WebCore::mapHostNameWithRange):
(WebCore::hostNameNeedsDecodingWithRange):
(WebCore::hostNameNeedsEncodingWithRange):
(WebCore::decodeHostNameWithRange):
(WebCore::encodeHostNameWithRange):
(WebCore::decodeHostName):
(WebCore::encodeHostName):
(WebCore::collectRangesThatNeedMapping):
(WebCore::mapHostNames):
(WebCore::URLWithData):
(WebCore::dataWithUserTypedString):
(WebCore::URLWithUserTypedString):
(WebCore::URLWithUserTypedStringDeprecated):
(WebCore::userVisibleString):

Source/WebKit/ios:

  • Misc/WebNSStringExtrasIOS.m:

(-[NSString _web_possibleURLsForForUserTypedString:]):

  • WebView/WebPDFViewPlaceholder.mm:

(-[WebPDFViewPlaceholder _updateTitleForURL:]):

Source/WebKit/mac:

In this patch, we add new SPIs _webkit_URLWithUserTypedString, _webkit_decodeHostName and
_webkit_encodeHostName which will return nil while dealing with illegal IDN.

Old SPIs _web_URLWithUserTypedString, _web_decodeHostName and _web_encodeHostName are marked
deprecated as they ignore URL parsing failure.

  • History/WebHistoryItem.mm:

(-[WebHistoryItem initFromDictionaryRepresentation:]):

  • Misc/WebKitErrors.m:

(+[NSError _webKitErrorWithCode:failingURL:]):

  • Misc/WebNSFileManagerExtras.mm:

(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):

  • Misc/WebNSPasteboardExtras.mm:

(-[NSPasteboard _web_bestURL]):

  • Misc/WebNSURLExtras.h:
  • Misc/WebNSURLExtras.mm:

(+[NSURL _web_URLWithUserTypedString:]):
(+[NSURL _webkit_URLWithUserTypedString:relativeToURL:]):
(+[NSURL _webkit_URLWithUserTypedString:]):
(-[NSString _web_decodeHostName]):
(-[NSString _web_encodeHostName]):
(-[NSString _webkit_decodeHostName]):
(-[NSString _webkit_encodeHostName]):

  • Panels/WebAuthenticationPanel.m:

(-[WebAuthenticationPanel setUpForChallenge:]):

  • WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::canonicalizeURLString):

Tools:

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]):

  • TestWebKitAPI/Tests/Cocoa/URLExtras.mm:

(TestWebKitAPI::TEST):

LayoutTests:

  • fast/url/host-expected.txt:
  • fast/url/idna2003-expected.txt:
  • fast/url/invalid-idn-expected.txt: Added.
  • fast/url/invalid-idn.html: Added.
12:37 AM Changeset in webkit [198202] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

Regression(r197939): ASSERTION FAILED: url.containsOnlyASCII() in URL.cpp
https://bugs.webkit.org/show_bug.cgi?id=155449
<rdar://problem/25134826>

Reviewed by Carlos Garcia Campos.

Bump WK2 Network Disk Cache version after r197939 as the new cache format
is not compatible with the old one and leads to assertions being hit when
browsing in Debug builds.

SubresourceInfo used to only contain a boolean and would therefore be
serialized as "0" / "1". However, after r197939, a URL field was added
and when trying to decode old cache entries with the new format, we
would try to construct a URL from the String "0" or "1". This would
assert because these are not valid URLs.

  • NetworkProcess/cache/NetworkCacheStorage.h:
12:01 AM Changeset in webkit [198201] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432

Reviewed by Darin Adler.

The GTK+ port Web Inspector uses GResources for all internal
resources (images, fonts, scripts, etc.) that are now blocked by
the CSP. GResouces are like data URLs in practice, so we should
always allow them.

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

Mar 14, 2016:

10:47 PM Changeset in webkit [198200] by bshafiei@apple.com
  • 4 edits
    1 copy in tags/Safari-602.1.22.0.2/Source/WebKit2

Merged r198089. rdar://problem/24428418

10:46 PM Changeset in webkit [198199] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.22.0.2/Source

Versioning.

10:39 PM Changeset in webkit [198198] by ggaren@apple.com
  • 9 edits
    1 copy
    1 delete in trunk/Source/bmalloc

Unreviewed, rolling out r197955.

I decided to go in another direction

Reverted changeset:

"bmalloc: Rename SmallPage to SmallRun"
https://bugs.webkit.org/show_bug.cgi?id=155320
http://trac.webkit.org/changeset/197955

10:32 PM Changeset in webkit [198197] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Fix WinCairo build after r198195.

  • platform/network/NetworkingContext.h:

curl networking now uses NetworkingContext::storageSession. That's everybody!

10:02 PM Changeset in webkit [198196] by commit-queue@webkit.org
  • 9 edits
    1 add in trunk/Source/WebInspectorUI

Web Inspector: Show path from root to instances in the Heap Snapshot content view
https://bugs.webkit.org/show_bug.cgi?id=155478
<rdar://problem/25157408>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-14
Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Main.html:

New strings and resources.

  • UserInterface/Models/HeapSnapshotNode.js:

(WebInspector.HeapSnapshotNode.prototype.get shortestGCRootPath):
(WebInspector.HeapSnapshotNode.prototype._gcRootPaths.visitNode):
(WebInspector.HeapSnapshotNode.prototype._gcRootPaths):
Helper to get the shortest path from a GC root to the node.

  • UserInterface/Models/HeapSnapshotRootPath.js: Added.

(WebInspector.HeapSnapshotRootPath):
(WebInspector.HeapSnapshotRootPath.emptyPath):
(WebInspector.HeapSnapshotRootPath.prototype.get node):
(WebInspector.HeapSnapshotRootPath.prototype.get parent):
(WebInspector.HeapSnapshotRootPath.prototype.get pathComponent):
(WebInspector.HeapSnapshotRootPath.prototype.get rootNode):
(WebInspector.HeapSnapshotRootPath.prototype.get fullPath):
(WebInspector.HeapSnapshotRootPath.prototype.isRoot):
(WebInspector.HeapSnapshotRootPath.prototype.isEmpty):
(WebInspector.HeapSnapshotRootPath.prototype.isGlobalScope):
(WebInspector.HeapSnapshotRootPath.prototype.isPathComponentImpossible):
(WebInspector.HeapSnapshotRootPath.prototype.isFullPathImpossible):
(WebInspector.HeapSnapshotRootPath.prototype.appendInternal):
(WebInspector.HeapSnapshotRootPath.prototype.appendArrayIndex):
(WebInspector.HeapSnapshotRootPath.prototype.appendPropertyName):
(WebInspector.HeapSnapshotRootPath.prototype.appendVariableName):
(WebInspector.HeapSnapshotRootPath.prototype.appendGlobalScopeName):
(WebInspector.HeapSnapshotRootPath.prototype.appendEdge):
(WebInspector.HeapSnapshotRootPath.prototype._canPropertyNameBeDotAccess):
Helper class, like PropertyPath, for building a string path to
a HeapSnapshotNode. Typically the path is built up with
HeapSnapshotEdges and so you can build a string such as:
window.foo[0]["prop erty"]._foo.

  • UserInterface/Views/HeapAllocationsTimelineView.js:

(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotList):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotTimelineRecord):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotDiff):
(WebInspector.HeapAllocationsTimelineView.prototype.shown):
(WebInspector.HeapAllocationsTimelineView.prototype.hidden):
(WebInspector.HeapAllocationsTimelineView.prototype.closed):
Propogate shown/hidden to the contentViewContainer.
Cleanup the contentViewContainer when closing.

  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode):
Helper for logging a HeapSnapshotNode value to the console. If the
path is possible from the root, just output the path in the console
otherwise use a synthetic "Heap Snapshot Object (@1234)" like string.
For strings, just get the preview as we won't get a real RemoteObject.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPath):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPathRow):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.sanitizeClassName):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.stringifyEdge):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler):
Give the @1234 id element a mouseover handler to display a popover
with the path from a root. Stop the path at "Window" if possible
to avoid displaying internals like "JSDOMWindowShell".

  • UserInterface/Views/HeapSnapshotInstancesContentView.css:

(.heap-snapshot .object-id):
(.heap-snapshot .object-id:hover):
(.heap-snapshot > .data-grid tr:not(.selected) td .object-id): Deleted.
(.heap-snapshot .icon):
(.heap-snapshot-instance-popover-content):
(.heap-snapshot-instance-popover-content table):
(.heap-snapshot-instance-popover-content tr):
(.heap-snapshot-instance-popover-content td):
(.heap-snapshot-instance-popover-content td.edge-name):
(.heap-snapshot-instance-popover-content td.object-data):
(.heap-snapshot-instance-popover-content .node):
(.heap-snapshot-instance-popover-content .node *):
Styles for contents of the popover.

  • UserInterface/Views/HeapSnapshotInstancesContentView.js:

(WebInspector.HeapSnapshotInstancesContentView.prototype.hidden):

  • UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:

(WebInspector.HeapSnapshotInstancesDataGridTree):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get popover):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get popoverNode):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set popoverNode):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.hidden):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.willDismissPopover):
Have a single popover for the entire tree. Cache and clear
contents of the popover when appropriate.

9:59 PM Changeset in webkit [198195] by achristensen@apple.com
  • 5 edits in trunk/Source

[WinCairo] Compile fix.
https://bugs.webkit.org/show_bug.cgi?id=155463

Patch by Per Arne Vollan <peavo@outlook.com> on 2016-03-14
Reviewed by Alex Christensen.

Get the NetworkStorageSession object from the document in the same way as other platforms do.

Source/WebCore:

  • loader/CookieJar.cpp:

(WebCore::storageSession):

Source/WebKit/win:

  • WebCoreSupport/WebFrameNetworkingContext.cpp:

(WebFrameNetworkingContext::storageSession):

  • WebCoreSupport/WebFrameNetworkingContext.h:

(WebFrameNetworkingContext::storageSession):

9:39 PM Changeset in webkit [198194] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.22.0.2

New tag.

9:26 PM Changeset in webkit [198193] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.6.9

New tag.

9:08 PM Changeset in webkit [198192] by Yusuke Suzuki
  • 6 edits in trunk/Source/JavaScriptCore

[JSC] Don't reference the properties of @Reflect directly
https://bugs.webkit.org/show_bug.cgi?id=155436

Reviewed by Geoffrey Garen.

Reflect.ownKeys and Reflect.getOwnPropertyDescriptor can be altered with the user-crafted values.
Instead of referencing them directly, let's reference them through private names.

  • builtins/ObjectConstructor.js:

(assign):

  • runtime/CommonIdentifiers.h:
  • runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructor::finishCreation): Deleted.

  • runtime/ReflectObject.cpp:

(JSC::ReflectObject::finishCreation):

  • tests/stress/object-assign-correctness.js:

(runTests.):
(runTests.get let):
(Reflect.ownKeys):
(Reflect.getOwnPropertyDescriptor):
(test.let.handler.switch.case.string_appeared_here.return.get enumerable): Deleted.
(test.let.handler.getOwnPropertyDescriptor): Deleted.
(test.let.handler.ownKeys): Deleted.
(test.let.handler.get getProps): Deleted.
(test.let.handler): Deleted.
(test): Deleted.

9:01 PM Changeset in webkit [198191] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

<attachment> on iOS should paint its progress indicator instead of a green square
https://bugs.webkit.org/show_bug.cgi?id=155482
<rdar://problem/24805991>

Reviewed by Simon Fraser.

No new tests; there are existing tests that will be enabled shortly.

  • rendering/RenderThemeIOS.mm:

(WebCore::getAttachmentProgress):
Clamp progress to 0-1.

(WebCore::paintAttachmentProgress):
Paint a pie.

8:53 PM Changeset in webkit [198190] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.23

New tag.

8:53 PM Changeset in webkit [198189] by Chris Dumez
  • 37 edits in trunk

Unreviewed, rolling out r197981.

Caused a massive PLT regression on Mac.

Reverted changeset:

"Font antialiasing (smoothing) changes when elements are
rendered into compositing layers"
https://bugs.webkit.org/show_bug.cgi?id=23364
http://trac.webkit.org/changeset/197981

8:51 PM Changeset in webkit [198188] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r198145.

This attempt to disable the feature did not fix the PLT
regression

Reverted changeset:

"Regression(r197981): Huge regression on Mac PLT"
https://bugs.webkit.org/show_bug.cgi?id=155443
http://trac.webkit.org/changeset/198145

7:19 PM WebKitGTK/2.12.x edited by Michael Catanzaro
(diff)
6:52 PM Changeset in webkit [198187] by Dewei Zhu
  • 4 edits in trunk/Tools

Add twisted-15.5.0 module to webkitpy.thirdparty.autoinstalled.
https://bugs.webkit.org/show_bug.cgi?id=154667

Reviewed by Ryosuke Niwa and Simon Fraser.

Add twisted-15.5.0 to webkitpy.thirdparty.autoinstalled.
Minor fix for twsited_http_server used by run-benchmark that we should only stop http server while recieving 'GET /shutdown'.

  • Scripts/webkitpy/benchmark_runner/http_server_driver/http_server/twisted_http_server.py:

(ServerControl.render_POST): Deleted.

  • Scripts/webkitpy/thirdparty/init.py:

(AutoinstallImportHook.find_module):
(AutoinstallImportHook._install_twisted_15_5_0):

  • Scripts/webkitpy/thirdparty/init_unittest.py:

(ThirdpartyTest.test_imports):

6:40 PM Changeset in webkit [198186] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46.101-branch/Source

Versioning.

6:36 PM Changeset in webkit [198185] by bshafiei@apple.com
  • 1 copy in branches/safari-601.1.46.101-branch

New Branch.

6:31 PM Changeset in webkit [198184] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

6:27 PM Changeset in webkit [198183] by weinig@apple.com
  • 2 edits in trunk/Source/WebCore

Remove errant space.

  • page/UserContentController.cpp:
6:21 PM Changeset in webkit [198182] by weinig@apple.com
  • 2 edits in trunk/Source/WebCore

Fix the windows build.

  • page/UserContentController.cpp:
5:59 PM Changeset in webkit [198181] by Brent Fulgham
  • 2 edits in trunk/LayoutTests

REGRESSION (r197114): Crash in WebCore::MediaDevicesRequest::didCompletePermissionCheck
https://bugs.webkit.org/show_bug.cgi?id=155453

Reviewed by Eric Carlson.
<rdar://problem/24879447>

Reviewed by Dan Bates.

Further refinement to test case: Remove use of 'setTimeout', and ensure the code gets
called by using 'testRunner.waitUntilDone()'/'testRunner.notifyDone()'.

  • fast/mediastream/enumerating-crash.html:
5:48 PM Changeset in webkit [198180] by weinig@apple.com
  • 42 edits
    4 adds in trunk/Source

Add a baseURL parameter to _WKUserStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=155219

Reviewed by Tim Horton.

Source/WebCore:

  • Moves to a model for user content where instead of each page having a WebCore::UserContentController object, we have an abstract WebCore::UserContentProvider interface that can be implemented at the WebKit level. For now, legacy WebKit continues to use the old UserContentController, which implements WebCore::UserContentProvider, and WebKit2 implements its own implementation so it can store additional state.
  • WebCore.xcodeproj/project.pbxproj:

Add new files.

  • dom/ExtensionStyleSheets.cpp:

(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
Switch to using forEachUserStyleSheet on the UserContentProvider.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource):
Remove null check now that we always have a UserContentProvider.

  • loader/EmptyClients.cpp:

(WebCore::fillWithEmptyClients):

  • loader/EmptyClients.h:

Add new EmptyClients.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadResourceSynchronously):
Remove null check now that we always have a UserContentProvider.

  • loader/PingLoader.cpp:

(WebCore::processContentExtensionRulesForLoad):
Remove null check now that we always have a UserContentProvider.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::willSendRequestInternal):
Remove null check now that we always have a UserContentProvider.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):
Remove null check now that we always have a UserContentProvider.

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::shouldHaveWebKitNamespaceForWorld):
Remove null checks now that we always have a UserContentProvider, and userMessageHandlerDescriptors
returns a reference.

(WebCore::DOMWindow::open):
Remove null check now that we always have a UserContentProvider.

  • page/Frame.cpp:

(WebCore::Frame::injectUserScripts):
Simplify by lifting document check out of the main loop and using forEachUserScript.

  • page/Page.cpp:

(WebCore::Page::Page):
(WebCore::Page::~Page):
(WebCore::Page::userContentProvider):
(WebCore::Page::setUserContentProvider):
(WebCore::Page::setUserContentController): Deleted.

  • page/Page.h:

(WebCore::Page::userContentController): Deleted.

  • page/PageConfiguration.h:

Store the UserContentProvider in a Ref, and require PageConfigurations to provide one. This
removes a bunch of null checks and simplifies the code.

  • page/UserContentController.cpp:

(WebCore::UserContentController::~UserContentController):
(WebCore::UserContentController::forEachUserScript):
(WebCore::UserContentController::forEachUserStyleSheet):
(WebCore::UserContentController::addUserScript):
(WebCore::UserContentController::removeUserScript):
(WebCore::UserContentController::removeUserScripts):
(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::addUserMessageHandlerDescriptor):
(WebCore::UserContentController::removeUserMessageHandlerDescriptor):
(WebCore::UserContentController::addUserContentExtension):
(WebCore::UserContentController::removeUserContentExtension):
(WebCore::UserContentController::removeAllUserContentExtensions):
(WebCore::UserContentController::removeAllUserContent):
(WebCore::UserContentController::addPage): Deleted.
(WebCore::UserContentController::removePage): Deleted.
(WebCore::contentExtensionsEnabled): Deleted.
(WebCore::UserContentController::processContentExtensionRulesForLoad): Deleted.
(WebCore::UserContentController::actionsForResourceLoad): Deleted.

  • page/UserContentController.h:

(WebCore::UserContentController::userScripts): Deleted.
(WebCore::UserContentController::userStyleSheets): Deleted.
(WebCore::UserContentController::userMessageHandlerDescriptors): Deleted.
Add inheritance from UserContentProvider and simplify things by removing unique_ptrs
that were holding the member variables. There is usually only one UserContentController
so having these in unique_ptrs doesn't make much sense.

  • page/UserContentProvider.cpp: Added.

(WebCore::UserContentProvider::UserContentProvider):
(WebCore::UserContentProvider::~UserContentProvider):
(WebCore::UserContentProvider::addPage):
(WebCore::UserContentProvider::removePage):
(WebCore::UserContentProvider::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
(WebCore::contentExtensionsEnabled):
(WebCore::UserContentProvider::processContentExtensionRulesForLoad):
(WebCore::UserContentProvider::actionsForResourceLoad):

  • page/UserContentProvider.h: Added.

Add abstract class for providing user content and add some helpers on it.

  • page/UserMessageHandlerDescriptor.h:

(WebCore::UserMessageHandlerDescriptor::create):
(WebCore::UserMessageHandlerDescriptor::client):
(WebCore::UserMessageHandlerDescriptor::invalidateClient):

  • page/UserMessageHandlersNamespace.cpp:

(WebCore::UserMessageHandlersNamespace::handler):
Simplify now that userContentProvider() and userMessageHandlerDescriptors() are references.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):
(-[WebView setGroupName:]):
Update to account for the name change from UserContentController -> UserContentProvider.

Source/WebKit2:

  • Moves to a model for user content where instead of using a WebCore::UserContentController object, we implement the new WebCore::UserContentProvider interface (on the existing WebUserContentController object).
  • Uses this to maintain maps of UserStylesSheets and UserScripts along with their identifiers, freeing up the URL, which had been acting as the identifier, to be used as the baseURL which was what it was intended for.
  • Adds a baseURL property to _WKUserStyleSheet.
  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • Scripts/webkit/messages.py:

(headers_for_type):
Add support for sending WebUserContentControllerDataTypes.

  • Shared/WebUserContentControllerDataTypes.cpp: Added.

(WebKit::WebUserScriptData::encode):
(WebKit::WebUserScriptData::decode):
(WebKit::WebUserStyleSheetData::encode):
(WebKit::WebUserStyleSheetData::decode):

  • Shared/WebUserContentControllerDataTypes.h: Added.

Add helper types for sending user content over IPC.

  • UIProcess/API/APIUserScript.cpp:

(API::UserScript::generateUniqueURL):
(API::UserScript::UserScript):

  • UIProcess/API/APIUserScript.h:
  • UIProcess/API/APIUserStyleSheet.cpp:

(API::UserStyleSheet::generateUniqueURL):
(API::UserStyleSheet::UserStyleSheet):

  • UIProcess/API/APIUserStyleSheet.h:

Add identifiers for tracking across processes.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:baseURL:userContentWorld:]):
(-[_WKUserStyleSheet baseURL]):
Add new initializer which takes a baseURL as well as an accessor for the baseURL.

  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
Pass identifiers as well as user content.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::addUserScript):
(WebKit::InjectedBundle::addUserStyleSheet):
Move user content in via move semantics rather than using a unique_ptr.

(WebKit::InjectedBundle::removeUserScript):
(WebKit::InjectedBundle::removeUserStyleSheet):
(WebKit::InjectedBundle::removeUserScripts):
(WebKit::InjectedBundle::removeUserStyleSheets):
(WebKit::InjectedBundle::removeAllUserContent):
Update for new function signatures.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::WebUserContentController):
(WebKit::WebUserContentController::~WebUserContentController):
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):
(WebKit::WebUserContentController::addUserScriptMessageHandlers):
(WebKit::WebUserContentController::removeUserScriptMessageHandler):
(WebKit::WebUserContentController::addUserContentExtensions):
(WebKit::WebUserContentController::removeUserContentExtension):
(WebKit::WebUserContentController::removeAllUserContentExtensions):
(WebKit::WebUserContentController::addUserScriptInternal):
(WebKit::WebUserContentController::addUserScript):
(WebKit::WebUserContentController::removeUserScriptWithURL):
(WebKit::WebUserContentController::removeUserScriptInternal):
(WebKit::WebUserContentController::removeUserScripts):
(WebKit::WebUserContentController::addUserStyleSheetInternal):
(WebKit::WebUserContentController::addUserStyleSheet):
(WebKit::WebUserContentController::removeUserStyleSheetWithURL):
(WebKit::WebUserContentController::removeUserStyleSheetInternal):
(WebKit::WebUserContentController::removeUserStyleSheets):
(WebKit::WebUserContentController::removeAllUserContent):
(WebKit::WebUserContentController::forEachUserScript):
(WebKit::WebUserContentController::forEachUserStyleSheet):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:

Convert to inheriting from UserContentProvider, rather than containing a UserContentController.
This means adding the storage for the user content, which has been simplified to avoid using
unique_ptrs.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):
Update to call the WebUserContentController, rather than going to the UserContentController, which
no longer exists.

  • WebProcess/WebPage/WebPageGroupProxy.cpp:

(WebKit::WebPageGroupProxy::userContentController):

  • WebProcess/WebPage/WebPageGroupProxy.h:

Return the WebUserContentController rather than old UserContentController.

5:47 PM Changeset in webkit [198179] by enrica@apple.com
  • 4 edits
    1 add
    2 deletes in trunk/Source/WebCore

iOS: RTFD format is not available in the pasteboard after copy/cut.
https://bugs.webkit.org/show_bug.cgi?id=155477
rdar://problem/23500600

Reviewed by Tim Horton.

WebKit is using UTTypeRTFD instead of UTTypeFlatRTFD that is the
proper RTFD format for pastedboard. I also discovered that, when
we create the NSTextAttachment in the NSAttributedString we produce
from the DOM range, we are not generating a file name with the
appropriate extension for the MIME type. The iOS specific implementation
of the MIMETypeRegistry functions were empty.
There is no need to have a differentiation between OS X and iOS, so
we now have only one file called MIMETypeRegistryCocoa.mm.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/cocoa/MIMETypeRegistryCocoa.mm: Added.

(WebCore::MIMETypeRegistry::getMIMETypeForExtension):
(WebCore::MIMETypeRegistry::getExtensionsForMIMEType):
(WebCore::MIMETypeRegistry::getPreferredExtensionForMIMEType):
(WebCore::MIMETypeRegistry::isApplicationPluginMIMEType):

  • platform/ios/MIMETypeRegistryIOS.mm: Removed.
  • platform/ios/PasteboardIOS.mm:

(WebCore::Pasteboard::read):
(WebCore::Pasteboard::supportedPasteboardTypes):
(WebCore::Pasteboard::hasData):

  • platform/ios/PlatformPasteboardIOS.mm:

(WebCore::PlatformPasteboard::write):

  • platform/mac/MIMETypeRegistryMac.mm: Removed.
5:39 PM Changeset in webkit [198178] by dbates@webkit.org
  • 9 edits
    4 adds in trunk

Web Inspector: Display Content Security Policy hash in details sidebar for script and style elements
https://bugs.webkit.org/show_bug.cgi?id=155466
<rdar://problem/25152480>

Reviewed by Joseph Pecoraro and Timothy Hatcher.

Source/JavaScriptCore:

Add property contentSecurityPolicyHash to store the CSP hash for an HTML style element or an
applicable HTML script element.

  • inspector/protocol/DOM.json:

Source/WebCore:

For convenience, display the SHA-256 Content Security Policy (CSP) hash in the node details
sidebar for the selected HTML script element or HTML style element. A CSP script hash is
only applicable to inline JavaScript scripts. Therefore, we will display a hash for HTML
script elements only if they do not have a src attribute.

Tests: inspector/dom/csp-big5-hash.html

inspector/dom/csp-hash.html

  • inspector/InspectorDOMAgent.cpp:

(WebCore::computeContentSecurityPolicySHA256Hash): Added.
(WebCore::InspectorDOMAgent::buildObjectForNode): For an applicable HTML script- or style-
element, pass the computed SHA-256 CSP hash to the Inspector front end.

Source/WebInspectorUI:

  • Localizations/en.lproj/localizedStrings.js: Add English localized string for the CSP hash UI label.
  • UserInterface/Models/DOMNode.js:

(WebInspector.DOMNode): Initialize the instance variable this._contentSecurityPolicyHash
with the value passed from the Inspector back end.
(WebInspector.DOMNode.prototype.contentSecurityPolicyHash): Returns the CSP hash for this node.

  • UserInterface/Views/DOMNodeDetailsSidebarPanel.js:

(WebInspector.DOMNodeDetailsSidebarPanel): Append a row to the end of section Identity to display
the CSP hash (if applicable).
(WebInspector.DOMNodeDetailsSidebarPanel.prototype.refresh): Query the underlying WebInspector.DOMNode
for the CSP hash of the selected node.

LayoutTests:

Add tests to ensure that the WebInspector.DOMNode object associated with an HTML style element
or applicable HTML script element has a valid CSP hash.

  • inspector/dom/csp-big5-hash-expected.txt: Added.
  • inspector/dom/csp-big5-hash.html: Added.
  • inspector/dom/csp-hash-expected.txt: Added.
  • inspector/dom/csp-hash.html: Added.
5:22 PM Changeset in webkit [198177] by jh718.park@samsung.com
  • 94 edits in trunk/Source

Purge PassRefPtr from ArrayBuffer, ArchiveResource, Pasteboard, LegacyWebArchive and DataObjectGtk
https://bugs.webkit.org/show_bug.cgi?id=150497

Reviewed by Darin Adler.

Source/JavaScriptCore:

  • runtime/ArrayBuffer.h:

(JSC::ArrayBuffer::create):
(JSC::ArrayBuffer::createAdopted):
(JSC::ArrayBuffer::createFromBytes):
(JSC::ArrayBuffer::createUninitialized):
(JSC::ArrayBuffer::slice):
(JSC::ArrayBuffer::sliceImpl):

Source/WebCore:

No new tests, no new behaviours.

  • Modules/indexeddb/IDBGetResult.h:

(WebCore::IDBGetResult::IDBGetResult):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):

  • Modules/mediastream/RTCDataChannel.cpp:

(WebCore::RTCDataChannel::didReceiveRawData):

  • dom/MessageEvent.cpp:

(WebCore::MessageEvent::MessageEvent):

  • dom/MessageEvent.h:
  • editing/Editor.cpp:

(WebCore::Editor::selectedRange):

  • editing/Editor.h:
  • editing/FrameSelection.h:

(WebCore::FrameSelection::toNormalizedRange):

  • editing/VisiblePosition.cpp:

(WebCore::makeRange):

  • editing/VisiblePosition.h:
  • editing/VisibleSelection.cpp:

(WebCore::VisibleSelection::toNormalizedRange):

  • editing/VisibleSelection.h:
  • editing/VisibleUnits.cpp:

(WebCore::enclosingTextUnitOfGranularity):
(WebCore::wordRangeFromPosition):
(WebCore::rangeExpandedByCharactersInDirectionAtWordBoundary):
(WebCore::rangeExpandedAroundPositionByCharacters):

  • editing/VisibleUnits.h:
  • editing/cocoa/HTMLConverter.mm:

(HTMLConverter::_addAttachmentForElement):
(fileWrapperForURL):

  • editing/efl/EditorEfl.cpp:

(WebCore::Editor::webContentFromPasteboard):

  • editing/gtk/EditorGtk.cpp:

(WebCore::createFragmentFromPasteboardData):
(WebCore::Editor::webContentFromPasteboard):

  • editing/ios/EditorIOS.mm:

(WebCore::dataInRTFDFormat):
(WebCore::dataInRTFFormat):
(WebCore::Editor::selectionInWebArchiveFormat):
(WebCore::Editor::WebContentReader::addFragment):
(WebCore::Editor::WebContentReader::readWebArchive):
(WebCore::Editor::WebContentReader::readRTFD):
(WebCore::Editor::WebContentReader::readRTF):
(WebCore::Editor::WebContentReader::readImage):
(WebCore::Editor::WebContentReader::readURL):
(WebCore::Editor::webContentFromPasteboard):
(WebCore::Editor::pasteWithPasteboard):
(WebCore::Editor::createFragmentAndAddResources):
(WebCore::Editor::createFragmentForImageResourceAndAddResource):

  • editing/mac/EditorMac.mm:

(WebCore::Editor::selectionInWebArchiveFormat):
(WebCore::Editor::adjustedSelectionRange):
(WebCore::dataInRTFDFormat):
(WebCore::dataInRTFFormat):
(WebCore::Editor::dataSelectionForPasteboard):
(WebCore::Editor::WebContentReader::readWebArchive):
(WebCore::Editor::WebContentReader::readRTFD):
(WebCore::Editor::WebContentReader::readRTF):
(WebCore::Editor::WebContentReader::readImage):
(WebCore::Editor::WebContentReader::readURL):
(WebCore::Editor::webContentFromPasteboard):
(WebCore::Editor::createFragmentForImageResourceAndAddResource):
(WebCore::Editor::createFragmentAndAddResources):

  • editing/win/EditorWin.cpp:

(WebCore::createFragmentFromPlatformData):
(WebCore::Editor::webContentFromPasteboard):

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::archive):

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::mainResourceData):
(WebCore::DocumentLoader::maybeCreateArchive):
(WebCore::DocumentLoader::addArchiveResource):
(WebCore::DocumentLoader::mainResource):

  • loader/DocumentLoader.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadArchive):

  • loader/SubstituteData.h:

(WebCore::SubstituteData::SubstituteData):
(WebCore::SubstituteData::isValid):

  • loader/SubstituteResource.h:

(WebCore::SubstituteResource::data):
(WebCore::SubstituteResource::SubstituteResource):

  • loader/appcache/ApplicationCacheGroup.cpp:

(WebCore::ApplicationCacheGroup::didReceiveResponse):
(WebCore::ApplicationCacheGroup::didReceiveData):
(WebCore::ApplicationCacheGroup::didFail):
(WebCore::ApplicationCacheGroup::didReceiveManifestData):
(WebCore::ApplicationCacheGroup::didFinishLoadingManifest):

  • loader/appcache/ApplicationCacheHost.cpp:

(WebCore::ApplicationCacheHost::maybeLoadMainResource):
(WebCore::ApplicationCacheHost::maybeLoadSynchronously):
(WebCore::ApplicationCacheHost::maybeLoadFallbackSynchronously):

  • loader/appcache/ApplicationCacheResource.cpp:

(WebCore::ApplicationCacheResource::ApplicationCacheResource):
(WebCore::ApplicationCacheResource::deliver):
(WebCore::ApplicationCacheResource::estimatedSizeInStorage):

  • loader/appcache/ApplicationCacheResource.h:

(WebCore::ApplicationCacheResource::create):

  • loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::store):
(WebCore::ApplicationCacheStorage::writeDataToUniqueFileInDirectory):

  • loader/appcache/ApplicationCacheStorage.h:
  • loader/archive/ArchiveFactory.cpp:

(WebCore::archiveFactoryCreate):
(WebCore::ArchiveFactory::create):

  • loader/archive/ArchiveFactory.h:
  • loader/archive/ArchiveResource.cpp:

(WebCore::ArchiveResource::ArchiveResource):
(WebCore::ArchiveResource::create):

  • loader/archive/ArchiveResource.h:
  • loader/archive/ArchiveResourceCollection.cpp:

(WebCore::ArchiveResourceCollection::addResource):

  • loader/archive/ArchiveResourceCollection.h:
  • loader/archive/cf/LegacyWebArchive.cpp:

(WebCore::LegacyWebArchive::createPropertyListRepresentation):
(WebCore::LegacyWebArchive::createResource):
(WebCore::LegacyWebArchive::create):
(WebCore::LegacyWebArchive::createFromSelection):

  • loader/archive/cf/LegacyWebArchive.h:
  • loader/archive/mhtml/MHTMLArchive.cpp:

(WebCore::MHTMLArchive::create):

  • loader/archive/mhtml/MHTMLArchive.h:
  • loader/archive/mhtml/MHTMLParser.cpp:

(WebCore::MHTMLParser::parseArchive):
(WebCore::MHTMLParser::parseArchiveWithHeader):
(WebCore::MHTMLParser::parseNextPart):

  • loader/archive/mhtml/MHTMLParser.h:
  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::didAddClient):

  • loader/icon/IconDatabase.cpp:

(WebCore::loadDefaultIconRecord):

  • loader/icon/IconRecord.cpp:

(WebCore::IconRecord::setImageData):

  • loader/icon/IconRecord.h:
  • platform/Pasteboard.h:
  • platform/PasteboardStrategy.h:
  • platform/PlatformPasteboard.h:
  • platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::createArrayBuffer):
(WebCore::utf8Buffer):

  • platform/SharedBuffer.h:

(WebCore::SharedBuffer::create):

  • platform/cf/SharedBufferCF.cpp:

(WebCore::SharedBuffer::wrapCFData):

  • platform/cocoa/NetworkExtensionContentFilter.mm:

(WebCore::NetworkExtensionContentFilter::replacementData):

  • platform/cocoa/ParentalControlsContentFilter.mm:

(WebCore::ParentalControlsContentFilter::replacementData):

  • platform/graphics/Image.cpp:

(WebCore::Image::setData):

  • platform/graphics/Image.h:
  • platform/gtk/DataObjectGtk.cpp:

(WebCore::DataObjectGtk::forClipboard):

  • platform/gtk/DataObjectGtk.h:

(WebCore::DataObjectGtk::create):

  • platform/gtk/PasteboardGtk.cpp:

(WebCore::Pasteboard::Pasteboard):
(WebCore::Pasteboard::dataObject):

  • platform/ios/PasteboardIOS.mm:

(WebCore::Pasteboard::read):

  • platform/ios/PlatformPasteboardIOS.mm:

(WebCore::PlatformPasteboard::bufferForType):
(WebCore::PlatformPasteboard::readBuffer):

  • platform/mac/PasteboardMac.mm:

(WebCore::writeFileWrapperAsRTFDAttachment):
(WebCore::Pasteboard::read):

  • platform/mac/PlatformPasteboardMac.mm:

(WebCore::PlatformPasteboard::bufferForType):

  • platform/mac/SharedBufferMac.mm:

(WebCore::SharedBuffer::wrapNSData):
(WebCore::SharedBuffer::createFromReadingFile):

  • platform/network/MIMEHeader.cpp:

(WebCore::retrieveKeyValuePairs):
(WebCore::MIMEHeader::parseHeader):

  • platform/network/MIMEHeader.h:
  • platform/soup/SharedBufferSoup.cpp:

(WebCore::SharedBuffer::wrapSoupBuffer):

  • platform/win/ClipboardUtilitiesWin.cpp:

(WebCore::fragmentFromFilenames):
(WebCore::fragmentFromCFHTML):
(WebCore::fragmentFromHTML):

  • platform/win/ClipboardUtilitiesWin.h:
  • platform/win/PasteboardWin.cpp:

(WebCore::Pasteboard::documentFragment):

Source/WebKit/mac:

  • DOM/WebDOMOperations.mm:

(-[DOMNode webArchive]):
(-[DOMNode webArchiveByFilteringSubframes:]):

  • WebCoreSupport/WebPlatformStrategies.h:
  • WebCoreSupport/WebPlatformStrategies.mm:

(WebPlatformStrategies::bufferForType):
(WebPlatformStrategies::readBufferFromPasteboard):

  • WebView/WebArchive.mm:

(-[WebArchive initWithData:]):

  • WebView/WebDataSource.mm:

(-[WebDataSource webArchive]):
(-[WebDataSource addSubresource:]):

  • WebView/WebResource.mm:

(-[WebResource encodeWithCoder:]):
(-[WebResource data]):
(-[WebResource _stringValue]):
(-[WebResource _initWithCoreResource:]): Deleted.

Source/WebKit/win:

  • WebArchive.cpp:

(WebArchive::initWithNode):

Source/WebKit2:

  • Shared/APIWebArchive.mm:

(API::WebArchive::WebArchive):

  • Shared/APIWebArchiveResource.mm:

(API::WebArchiveResource::data):

  • WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::PDFPlugin::addArchiveResource):

  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::bufferForType):
(WebKit::WebPlatformStrategies::readBufferFromPasteboard):

  • WebProcess/WebCoreSupport/WebPlatformStrategies.h:
  • WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm:

(WebKit::WebEditorClient::documentFragmentFromAttributedString):

  • WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::WebDragClient::declareAndWriteDragImage):

  • WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::webArchiveData):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::resourceDataForFrame):

4:35 PM Changeset in webkit [198176] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Andy VanWagoner no longer has time to own Intl

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-14

  • features.json:

Andy is busy with other things.

Andy, thanks for your amazing work on Intl and your dedication
to making things right.

4:35 PM Changeset in webkit [198175] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION(r197974): HeapAllocationsTimelineView broken, doesn't handle Timeline Sidebar Navigation removal
https://bugs.webkit.org/show_bug.cgi?id=155458
<rdar://problem/25150803>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-14
Reviewed by Timothy Hatcher.

  • UserInterface/Views/HeapAllocationsTimelineView.js:

(WebInspector.HeapAllocationsTimelineView):
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotTimelineRecord):
(WebInspector.HeapAllocationsTimelineView.prototype.get selectionPathComponents):
(WebInspector.HeapAllocationsTimelineView.prototype.layout):
(WebInspector.HeapAllocationsTimelineView.prototype._compareHeapSnapshotsClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._dataGridNodeSelected):
(WebInspector.HeapAllocationsTimelineView.prototype.get navigationSidebarTreeOutlineLabel): Deleted.
Update the TimelineView now that there is no sidebar.
Remove any TreeOutline logic and replace with DataGrid logic.

4:33 PM Changeset in webkit [198174] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION(r198026): Can't click on Snapshot in Timeline Overview
https://bugs.webkit.org/show_bug.cgi?id=155457
<rdar://problem/25150706>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-14
Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._handleClick):
The conditional was accidentally inverted in r198026.

4:31 PM Changeset in webkit [198173] by Julien Brianceau
  • 2 edits in trunk/Source/JavaScriptCore

[mips] Fix unaligned access in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=153228

Address loads used with btbxx opcodes were wrongly converted to lw
instruction instead of lbu, leading to unaligned access on mips
platforms. This is not a bug as it's silently fixed up by kernel,
but it's more efficient to avoid unaligned accesses for mips.

Reviewed by Geoffrey Garen.

  • offlineasm/mips.rb:
4:28 PM Changeset in webkit [198172] by bshafiei@apple.com
  • 8 edits in tags/Safari-602.1.22.2/Source

Merged r198167. rdar://problem/25128146

4:28 PM Changeset in webkit [198171] by fpizlo@apple.com
  • 9 edits in trunk

REGRESSION(r194394): >2x slow-down on CDjs
https://bugs.webkit.org/show_bug.cgi?id=155471

Unreviewed (rollout).

Source/JavaScriptCore:

This revision changes localeCompare() so that it's *much* slower than before. It's
understandable that sometimes things will get a tiny bit slower when implementing new
language features, but more than 2x regression on a major benchmark is not OK.

This rolls out that change. We can reland it once we think about how to do it in a
performant way.

  • builtins/StringPrototype.js:

(search):
(localeCompare): Deleted.

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):

LayoutTests:

  • js/dom/script-tests/string-prototype-properties.js:
  • js/dom/string-prototype-properties-expected.txt:
  • js/script-tests/string-localeCompare.js:
  • js/string-localeCompare-expected.txt:
  • js/string-localeCompare.html:
4:26 PM Changeset in webkit [198170] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.22.2/Source

Versioning.

4:23 PM Changeset in webkit [198169] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.22.2

New tag.

4:20 PM Changeset in webkit [198168] by mark.lam@apple.com
  • 8 edits in trunk

Need to distinguish between Symbol() and Symbol("").
https://bugs.webkit.org/show_bug.cgi?id=155438

Reviewed by Saam Barati.

Source/JavaScriptCore:

  • runtime/PrivateName.h:

(JSC::PrivateName::PrivateName):

Source/WTF:

While toString of both Symbol() and Symbol("") yields "Symbol()", Function.name
should yield "" and "[]" respectively. Hence, we need to tell between the two.
This functionality will be needed later in https://bugs.webkit.org/show_bug.cgi?id=155437.

We achieve this by creating another singleton instance like the empty StringImpl
as the null StringImpl. isNullSymbol() tests if the Stringimpl instance is a
symbol, and its substring is the null() singleton.

  • wtf/text/StringImpl.cpp:

(WTF::StringImpl::createSymbol):
(WTF::StringImpl::createNullSymbol):
(WTF::StringImpl::containsOnlyWhitespace):
(WTF::StringImpl::createSymbolEmpty): Deleted.

  • wtf/text/StringImpl.h:

(WTF::StringImpl::tryCreateUninitialized):
(WTF::StringImpl::stringKind):
(WTF::StringImpl::isSymbol):
(WTF::StringImpl::isAtomic):
(WTF::StringImpl::isNullSymbol):

  • wtf/text/StringStatics.cpp:

(WTF::StringImpl::null):

Tools:

  • TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(TestWebKitAPI::TEST):

  • Test that the a symbol with an empty string is not equivalent to a null symbol.
4:14 PM Changeset in webkit [198167] by oliver@apple.com
  • 8 edits in trunk/Source

Temporarily disable the separated heap.
https://bugs.webkit.org/show_bug.cgi?id=155472

Reviewed by Geoffrey Garen.

Temporarily disable this.

  • Configurations/FeatureDefines.xcconfig:
3:58 PM Changeset in webkit [198166] by Beth Dakin
  • 3 edits in trunk/Source/WebKit2

[iOS] WKPreviewAction conforms to NSCopying but doesn’t override -
copyWithZone:
https://bugs.webkit.org/show_bug.cgi?id=155395

Reviewed by Sam Weinig.

  • UIProcess/API/Cocoa/WKPreviewActionItem.mm:

(-[WKPreviewAction copyWithZone:]):

3:38 PM Changeset in webkit [198165] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking js/funcion-apply.html as flaky on mac debug
https://bugs.webkit.org/show_bug.cgi?id=155411

Unreviewed test gardening.

  • platform/mac/TestExpectations:
3:22 PM Changeset in webkit [198164] by timothy@apple.com
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: cssmin.py does not handle calc(var(--toolbar-height) + var(--tab-bar-height))

https://bugs.webkit.org/show_bug.cgi?id=155464
rdar://problem/25152196

Reviewed by Joseph Pecoraro.

  • Scripts/cssmin.py:

(cssminify): Check for var when stripping spaces around + and -.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview.prototype._viewModeDidChange):
Drive-by fix to add a missing semi-colon found by the copy-user-interface-resources-dryrun.rb script.

3:08 PM Changeset in webkit [198163] by tonikitoo@webkit.org
  • 4 edits
    6 adds in trunk

Selecting with shift+drag results in unexpected drag-n-drop
https://bugs.webkit.org/show_bug.cgi?id=155314

Reviewed by Darin Adler.

Source/WebCore:

Test: editing/selection/shift-drag-selection-no-drag-n-drop.html

Whenever user tries to extend an existing text selection by dragging the mouse
(left button hold) with shift key pressed, WebKit enters drag-n-drop mode.
This behavior does not match common editing behavior out there, including other
browsers' (Firefox, Opera/Presto and IE).

Patch changes WebKit so that whenever one extends a selection with mouse
and shift key pressed off of a #text node, it does not enter drag-n-drop mode.

Additionally, patch also adds some further tests to ensure that when
selection is extended off of either a link or an image, drag-n-drop does
get triggered, no matter if shift key is pressed.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

Tests that ensure that WebKit:

1) does not enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a #text node.

2) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a link.

3) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of an image.

Note that (1) is a behavior changed by this patch, whereas (2) and (3) represent existing
behavior that is kept.
Tests are also skip for iOS similarly to other drag-n-drop related tests.

  • fast/events/shift-drag-selection-no-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-no-drag-n-drop.html: Added.
  • fast/events/shift-drag-selection-on-link-triggers-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-on-link-triggers-drag-n-drop.html: Added.
  • fast/events/shift-drag-selection-on-image-triggers-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-on-image-triggers-drag-n-drop.html: Added.
3:03 PM Changeset in webkit [198162] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/indexeddb/transaction-abort-private.html as flaky on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=155067

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
3:03 PM Changeset in webkit [198161] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Skip test storage/indexeddb/odd-strings.html
https://bugs.webkit.org/show_bug.cgi?id=154975

Unreviewed test gardening.

Removing duplicate expectation for test and skipping since it fails or times out on every run.

2:53 PM Changeset in webkit [198160] by Brent Fulgham
  • 3 edits
    2 adds in trunk

REGRESSION (r197114): Crash in WebCore::MediaDevicesRequest::didCompletePermissionCheck
https://bugs.webkit.org/show_bug.cgi?id=155453
<rdar://problem/24879447>

Reviewed by Daniel Bates.

Source/WebCore:

Tested by fast/mediastream/enumerating-crash.html.

  • Modules/mediastream/MediaDevicesRequest.cpp:

(WebCore::MediaDevicesRequest::didCompletePermissionCheck): Prevent UserMediaPermissionCheck object from being
destroyed before the method completes.

LayoutTests:

  • fast/mediastream/enumerating-crash-expected.txt: Added.
  • fast/mediastream/enumerating-crash.html: Added.
2:50 PM Changeset in webkit [198159] by commit-queue@webkit.org
  • 6 edits in trunk/Source

Reduce generated JSON HeapSnapshot size
https://bugs.webkit.org/show_bug.cgi?id=155460

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-14
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Adjust the HeapSnapshot JSON to better reduce its size.
Changes include:

  • avoid inner array groups and instead just have a large array for nodes/edges. This removes lots of small array allocations.
  • eliminate duplicate edges
  • avoid duplicating edge names by including them in their own table;
  • now both the nodes and edges lists hold only integers
  • heap/HeapSnapshotBuilder.cpp:

(JSC::HeapSnapshotBuilder::json):
Add some more documentation for the slightly modified format.
While generating, clear data structures as early as possible.

  • heap/HeapSnapshotBuilder.h:

(JSC::HeapSnapshotEdge::HeapSnapshotEdge):
During JSON building, the edge's cell pointers are converted to the
identifier they point to. This avoids having to re-lookup the identifier.

  • tests/heapProfiler/driver/driver.js:

(CheapHeapSnapshotEdge):
(CheapHeapSnapshot):
(CheapHeapSnapshot.prototype.edgeNameFromTableIndex):
(HeapSnapshot):
Update test driver for slightly different snapshot format.

Source/WebInspectorUI:

  • UserInterface/Models/HeapSnapshot.js:

(WebInspector.HeapSnapshot.fromPayload):
Update for the slightly modified format.

2:44 PM Changeset in webkit [198158] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Unreviewed, rolling out r198095.
https://bugs.webkit.org/show_bug.cgi?id=155467

Made text look poor (Requested by JoePeck on #webkit).

Reverted changeset:

"Web Inspector: Large repaints when typing any character in
console"
https://bugs.webkit.org/show_bug.cgi?id=155387
http://trac.webkit.org/changeset/198095

2:33 PM WebKitGTK/2.10.x edited by clopez@igalia.com
(diff)
2:32 PM Changeset in webkit [198157] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Fix crash when reloading a page using requestAnimationFrame on iOS
https://bugs.webkit.org/show_bug.cgi?id=155465
rdar://problem/25100202

Reviewed by Tim Horton.

On iOS, it's possible for all clients for a DisplayRefreshMonitor
to be unregistered, but still get a subsequent displayDidRefresh() for that monitor.
In this case, we would remove(notFound) which release-asserts.

Fix by just checking for notFound.

Unable to test because requestAnimationFrame doesn't work in the simulator.

  • platform/graphics/DisplayRefreshMonitorManager.cpp:

(WebCore::DisplayRefreshMonitorManager::displayDidRefresh):

2:16 PM Changeset in webkit [198156] by andersca@apple.com
  • 3 edits in trunk/Source/WebKit2

Remove usage of -[UIGestureRecognizer requireOtherGestureToFail:]
https://bugs.webkit.org/show_bug.cgi?id=155461
rdar://problem/25143282

Reviewed by Beth Dakin.

Use -[UIGestureRecognizer requireGestureRecognizerToFail:] instead, which has been API ever since UIGestureRecognizer was added.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _createAndConfigureDoubleTapGestureRecognizer]):

1:55 PM Changeset in webkit [198155] by peavo@outlook.com
  • 3 edits in trunk/Source/WebCore

[WinCairo][MediaFoundation] Implement float versions of MediaPlayer methods.
https://bugs.webkit.org/show_bug.cgi?id=155357

Reviewed by Brent Fulgham.

It is better to implement the float versions of some of the MediaPlayer methods,
since the default implementation of the double versions is to call the float version.
Also added override keyword to overridden methods.

  • platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:

(WebCore::MediaPlayerPrivateMediaFoundation::seeking):
(WebCore::MediaPlayerPrivateMediaFoundation::seek):
(WebCore::MediaPlayerPrivateMediaFoundation::setRate):
(WebCore::MediaPlayerPrivateMediaFoundation::duration):
(WebCore::MediaPlayerPrivateMediaFoundation::currentTime):
(WebCore::MediaPlayerPrivateMediaFoundation::seekDouble): Deleted.
(WebCore::MediaPlayerPrivateMediaFoundation::setRateDouble): Deleted.
(WebCore::MediaPlayerPrivateMediaFoundation::durationDouble): Deleted.

  • platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
1:55 PM Changeset in webkit [198154] by keith_miller@apple.com
  • 26 edits
    1 add in trunk/Source/JavaScriptCore

We should be able to eliminate cloned arguments objects that use the length property
https://bugs.webkit.org/show_bug.cgi?id=155391

Reviewed by Geoffrey Garen.

Previously if a programmer tried to use arguments.length in a strict function we would not eliminate the
arguments object. We were unable to eliminate the arguments object because the user would get a cloned arguments
object, which does not special case the length property. Thus, in order to get arguments elimination for cloned
we need to add a special case. There are two things that need to happen for the elimination to succeed.

First, we need to eliminate the CheckStructure blocking the GetByOffset for the length property. In order to
eliminate the check structure we need to prove to the Abstract Interpreter that this structure check is
unnesssary. This didn't occur before for two reasons: 1) CreateClonedArguments did not set the structure it
produced. 2) Even if CreateClonedArguments provided the global object's cloned arguments structure we would
transition the new argements object when we added the length property during construction. To fix the second
problem we now pre-assign a slot on clonedArgumentsStructure for the length property. Additionally, in order to
prevent future transitions of the structure we need to choose an indexing type for the structure. Since, not
eliminating the arguments object is so expensive we choose to have all cloned arguments start with continuous
indexing type, this avoids transitioning when otherwise we would not have to. In the future we should be smarter
about choosing the indexing type but since its relatively rare to have a arguments object escape we don't worry
about this for now.

Additionally, this patch renames all former references of outOfBandArguments to clonedArguments and adds
extra instrumentation to DFGArgumentsEliminationPhase.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecode/ValueRecovery.h:

(JSC::ValueRecovery::clonedArgumentsThatWereNotCreated):
(JSC::ValueRecovery::outOfBandArgumentsThatWereNotCreated): Deleted.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):

  • dfg/DFGStructureRegistrationPhase.cpp:

(JSC::DFG::StructureRegistrationPhase::run):

  • dfg/DFGVariableEventStream.cpp:

(JSC::DFG::VariableEventStream::tryToSetConstantRecovery):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCreateClonedArguments):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_cloned_arguments):
(JSC::JIT::emit_op_create_out_of_band_arguments): Deleted.

  • llint/LowLevelInterpreter.asm:
  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::ClonedArguments):
(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
(JSC::ClonedArguments::createStructure):

  • runtime/ClonedArguments.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::clonedArgumentsStructure):
(JSC::JSGlobalObject::outOfBandArgumentsStructure): Deleted.

1:54 PM Changeset in webkit [198153] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r191691): Can't Share Selected Text
https://bugs.webkit.org/show_bug.cgi?id=155459
rdar://problem/24893625

Reviewed by Tim Horton.

Add the selected text as well. Somehow this got lost in the refactoring.

  • UIProcess/mac/WebContextMenuProxyMac.mm:

(WebKit::WebContextMenuProxyMac::createShareMenuItem):

1:27 PM Changeset in webkit [198152] by timothy_horton@apple.com
  • 10 edits in trunk/Source

Revert r194125 and r194186: We're going to fix this a different way.

  • page/EventHandler.cpp:

(WebCore::EventHandler::clear):

  • page/EventHandler.h:
  • Shared/NativeWebGestureEvent.h:
  • Shared/mac/NativeWebGestureEventMac.mm:

(WebKit::pointForEvent):
(WebKit::NativeWebGestureEvent::NativeWebGestureEvent):
(WebKit::distanceForTouches): Deleted.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView selectFindMatch:completionHandler:]):
(-[WKWebView _web_superInputContext]):
(-[WKWebView touchesBeganWithEvent:]): Deleted.
(-[WKWebView touchesMovedWithEvent:]): Deleted.
(-[WKWebView touchesEndedWithEvent:]): Deleted.
(-[WKWebView touchesCancelledWithEvent:]): Deleted.

  • UIProcess/API/mac/WKView.mm:

(-[WKView namesOfPromisedFilesDroppedAtDestination:]):
(-[WKView initWithFrame:processPool:configuration:webView:]):
(-[WKView touchesBeganWithEvent:]): Deleted.
(-[WKView touchesMovedWithEvent:]): Deleted.
(-[WKView touchesEndedWithEvent:]): Deleted.
(-[WKView touchesCancelledWithEvent:]): Deleted.

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::WebViewImpl):
(WebKit::WebViewImpl::magnifyWithEvent):
(WebKit::WebViewImpl::smartMagnifyWithEvent):
(WebKit::WebViewImpl::rotateWithEvent):
(WebKit::WebViewImpl::touchesOrderedByAge): Deleted.
(WebKit::WebViewImpl::touchesBeganWithEvent): Deleted.
(WebKit::WebViewImpl::touchesMovedWithEvent): Deleted.
(WebKit::WebViewImpl::touchesEndedWithEvent): Deleted.
(WebKit::WebViewImpl::touchesCancelledWithEvent): Deleted.

1:13 PM Changeset in webkit [198151] by youenn.fablet@crf.canon.fr
  • 7 edits in trunk

[Fetch API] FetchLoader should check for empty bodies
https://bugs.webkit.org/show_bug.cgi?id=155440

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/request/request-consume-empty-expected.txt:
  • web-platform-tests/fetch/api/request/request-consume-empty.html:
  • web-platform-tests/fetch/api/response/response-consume-empty-expected.txt:
  • web-platform-tests/fetch/api/response/response-consume-empty.html:

Source/WebCore:

Covered by added tests.

  • Modules/fetch/FetchLoader.cpp:

(WebCore::FetchLoader::didFinishLoading): returning empty array buffer/empty string if no data received during loading.

1:07 PM Changeset in webkit [198150] by sbarati@apple.com
  • 6 edits in trunk/Source/JavaScriptCore

[ES6] Make JSON.stringify ES6 compatible
https://bugs.webkit.org/show_bug.cgi?id=155448

Reviewed by Sam Weinig and Mark Lam.

We weren't following the spec with respect to the "toJSON" property
of the thing being stringified. We were perform hasProperty(.)
on "toJSON" instead of get(.). This patch changes it our
implementation to perform get(value, "toJSON").

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::isFunction):
(JSC::JSValue::isCallable):

  • runtime/JSONObject.cpp:

(JSC::Stringifier::toJSON):
(JSC::Stringifier::toJSONImpl):
(JSC::Stringifier::appendStringifiedValue):

  • tests/es6.yaml:
  • tests/stress/proxy-json.js:

(test):
(test.let.handler.get assert):
(test.let.handler):

1:06 PM Changeset in webkit [198149] by andersca@apple.com
  • 6 edits in trunk/Source

Fix build.

Source/WebKit/mac:

Ignore nullability warnings, create an empty PDF selection.

  • WebView/WebPDFView.mm:

(-[WebPDFView centerSelectionInVisibleArea:]):
(-[WebPDFView searchFor:direction:caseSensitive:wrap:startInSelection:]):
(+[WebPDFView _PDFSelectionClass]):
(-[WebPDFView _nextMatchFor:direction:caseSensitive:wrap:fromSelection:startInSelection:]):

Source/WebKit2:

Create an empty PDF selection.

  • Shared/mac/PDFKitImports.h:
  • Shared/mac/PDFKitImports.mm:

(WebKit::pdfSelectionClass):

  • WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::PDFPlugin::nextMatchForString):

12:40 PM Changeset in webkit [198148] by sbarati@apple.com
  • 6 edits in trunk

[ES6] Disallow var assignments in for-in loops
https://bugs.webkit.org/show_bug.cgi?id=155451

Reviewed by Mark Lam.

Source/JavaScriptCore:

We're doing this in its own patch instead of the patch for https://bugs.webkit.org/show_bug.cgi?id=155384
because last time we made this change it broke some websites. Lets try making
it again because it's what the ES6 mandates. If it still breaks things we will
roll it out.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseForStatement):

LayoutTests:

  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:
12:33 PM Changeset in webkit [198147] by Beth Dakin
  • 3 edits in trunk/Source/WebKit2

Unable to commit previews in Mobile Safari
https://bugs.webkit.org/show_bug.cgi?id=155450
-and corresponding-
rdar://problem/25135529

Reviewed by Tim Horton.

_uiDelegateProvidedPreviewingViewController was being consulted before
invoking the old SPI, which was always wrong. It should have been consulted
before calling the new API! But also, it doesn’t seem to be necessary at all
since [WKContentView _previewItemController:commitPreview:] is only invoked
when a custom view controller has been provided.

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _registerPreview]):
(-[WKContentView _unregisterPreview]):
(-[WKContentView _interactionShouldBeginFromPreviewItemController:forPosition:]):
(-[WKContentView _presentedViewControllerForPreviewItemController:]):
(-[WKContentView _previewItemController:commitPreview:]):

12:15 PM Changeset in webkit [198146] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

12:01 PM Changeset in webkit [198145] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Regression(r197981): Huge regression on Mac PLT
https://bugs.webkit.org/show_bug.cgi?id=155443
<rdar://problem/25113391>

Reviewed by Gavin Barraclough.

We have experience a huge regression on Mac PLT after r197981, so
disable the feature until the performance issue is resolved.

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayer::supportsSmoothedLayerText):

11:38 AM Changeset in webkit [198144] by sbarati@apple.com
  • 7 edits in trunk

assignments in for-in/for-of header not allowed
https://bugs.webkit.org/show_bug.cgi?id=155384

Reviewed by Darin Adler.

Source/JavaScriptCore:

This patch prevents assignments to the loop variable
in for in/of loops in all but one situation. The following
syntax is still allowed even though the spec prevents it:
`
for (var i = X in blah) ;
`
If the loop contains let/const, destructuring, or is a for-of
loop, we always throw a syntax error if there is an assignment.
We can do this with full backwards compatibility.
We only allow the above type of for-in loops because Oliver told
me that when he tried to make such programs illegal he ran
into real websites breaking.

This patch also removed the !::CreatesAST compile-time branch when checking
assignments to new.target. This was a dangerous thing for me
to introduce into our parser. There are times where ::CreatesAST
is true but we also want to check for syntax errors. For example,
when parsing the top-level AST of a program. Though this check
was technically correct, it's dangerous to have. It was correct
because we would always be reparsing the new.target assignment
because new.target is only allowed inside a function. That made it
so that (!::CreatesAST <=> we care about new.target assignment syntax errors).
But, (!::CreatesAST <=> we care about syntax error X) is not true in general.
I think it's safer to remove such code.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createNewTargetExpr):
(JSC::ASTBuilder::isNewTarget):
(JSC::ASTBuilder::createResolve):

  • parser/Nodes.h:

(JSC::ExpressionNode::isBoolean):
(JSC::ExpressionNode::isSpreadExpression):
(JSC::ExpressionNode::isSuperNode):
(JSC::ExpressionNode::isNewTarget):
(JSC::ExpressionNode::isBytecodeIntrinsicNode):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):

LayoutTests:

  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:
11:29 AM Changeset in webkit [198143] by Brent Fulgham
  • 7 edits in trunk/Source

PingHandle delete's itself but pointer is still used by handleDataURL
https://bugs.webkit.org/show_bug.cgi?id=154752
<rdar://problem/24872347>

Source/WebCore:

Patch by Chris Vienneau <chris.vno@outlook.com> on 2016-03-14
Reviewed by Alex Christensen.

When a PingHandle is destroyed, we should tell its client so that the client can clear the pointer it
holds to the element to avoid accidentally attempting to use deallocated memory.

The ResourceHandle's client member may be null after "didReceiveResponse" is called. We should confirm
the client is still valid after these calls.

  • platform/network/DataURL.cpp:

(WebCore::handleDataURL): Check the client pointer before using it.

  • platform/network/PingHandle.h:

(WebCore::PingHandle::~PingHandle): Notify the client we are being destroyed.

  • platform/platform/network/ResourceHandle.h:

Source/WebKit2:

Reviewed by Alex Christensen.

When a PingLoad is destroyed, we should tell its client so that the client can clear the pointer it
holds to the element to avoid accidentally attempting to use deallocated memory.

  • NetworkProcess/PingLoad.h:

(WebKit::PingLoad::~PingLoad): Notify the client we are being destroyed.

11:13 AM Changeset in webkit [198142] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Negative outline offset could break curved outline-style: auto
https://bugs.webkit.org/show_bug.cgi?id=155416

Reviewed by Tim Horton.

When radius becomes negative the rounded rect could end up being un-renderable -> no rounded corners at all.

Source/WebCore:

Test: fast/inline/hidpi-outline-auto-negative-offset-with-border-radius.html

  • platform/graphics/PathUtilities.cpp:

(WebCore::adjustedtRadiiForHuggingCurve):

LayoutTests:

  • fast/inline/hidpi-outline-auto-negative-offset-with-border-radius-expected.html: Added.
  • fast/inline/hidpi-outline-auto-negative-offset-with-border-radius.html: Added.
11:09 AM Changeset in webkit [198141] by ddkilzer@apple.com
  • 3 edits in trunk/Tools

Remove blank lines after #include "config.h"

Follow-up fix from review comments on Bug 155394.

  • TestWebKitAPI/PlatformUtilities.cpp:
  • TestWebKitAPI/Tests/WTF/RefLogger.cpp:
11:01 AM Changeset in webkit [198140] by Alan Bujtas
  • 5 edits
    2 adds in trunk

[Outline: auto] Fractional radius value could result in non-renderable rounded border.
https://bugs.webkit.org/show_bug.cgi?id=155420

Reviewed by Tim Horton.

RoundedRect::pixelSnappedRoundedRectForPainting ensures that the rounded rect is always renderable.

Source/WebCore:

Test: fast/inline/hidpi-outline-auto-with-fractional-radius.html

  • platform/graphics/PathUtilities.cpp:

(WebCore::PathUtilities::pathWithShrinkWrappedRectsForOutline):

  • platform/graphics/PathUtilities.h:
  • rendering/RenderElement.cpp:

(WebCore::RenderElement::paintFocusRing):

LayoutTests:

  • fast/inline/hidpi-outline-auto-with-fractional-radius-expected.html: Added.
  • fast/inline/hidpi-outline-auto-with-fractional-radius.html: Added.
10:53 AM WebKitIDL edited by youenn.fablet@crf.canon.fr
(diff)
10:30 AM Changeset in webkit [198139] by youenn.fablet@crf.canon.fr
  • 1 edit in trunk/LayoutTests/TestExpectations

Unreviewed.
Marking imported/fetch/api/request/request-consume.html as flaky on debug builds.

10:22 AM Changeset in webkit [198138] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Outline: auto has sharp corners with single line contenteditable.
https://bugs.webkit.org/show_bug.cgi?id=155418

Reviewed by Tim Horton.

Multiple rectangles assumed multiline content and it broke bottomLeft and bottomRight corner check.
This patch adds fast path for polygons with 4 corners.

Source/WebCore:

Test: fast/inline/hidpi-outline-auto-with-one-focusring-rect.html

  • platform/graphics/PathUtilities.cpp:

(WebCore::cornerType):
(WebCore::cornerTypeForMultiline):
(WebCore::rectFromPolygon):
(WebCore::PathUtilities::pathWithShrinkWrappedRectsForOutline):

LayoutTests:

  • fast/inline/hidpi-outline-auto-with-one-focusring-rect-expected.html: Added.
  • fast/inline/hidpi-outline-auto-with-one-focusring-rect.html: Added.
10:18 AM Changeset in webkit [198137] by jdiggs@igalia.com
  • 7 edits in trunk

[AX] SVG element with child desc not exposed
https://bugs.webkit.org/show_bug.cgi?id=155374

Reviewed by Darin Adler.

Source/WebCore:

Covered by the accessibility/w3c-svg-roles.html test, which was updated.

AccessibilitySVGRoot is now a subclass of AccessibilitySVGElement, which
exposes SVG elements with a child desc element as per the specification.
Also made existing protected methods private.

  • accessibility/AccessibilitySVGElement.h:
  • accessibility/AccessibilitySVGRoot.cpp:

(WebCore::AccessibilitySVGRoot::AccessibilitySVGRoot):
(WebCore::AccessibilitySVGRoot::parentObject):

  • accessibility/AccessibilitySVGRoot.h:

LayoutTests:

  • platform/gtk/accessibility/w3c-svg-roles-expected.txt: Updated.
  • platform/mac/accessibility/w3c-svg-roles-expected.txt: Updated.
9:55 AM Changeset in webkit [198136] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip asserting test http/tests/security/aboutBlank/security-context-write.html
https://bugs.webkit.org/show_bug.cgi?id=94458

Unreviewed test gardening.

9:27 AM Changeset in webkit [198135] by Darin Adler
  • 3 edits in trunk/LayoutTests

Add copy/paste plug-in check for XHTML document
https://bugs.webkit.org/show_bug.cgi?id=106350

  • TestExpectations: Re-enable test now that it works in WebKit 1.
  • editing/pasteboard/paste-noplugin-xhtml.xhtml: Fixed problem where test would try to

call setBlockAllPlugins even when it did not exist. Turns out that's needed for the
test to run under WebKit 2, but not needed at all under WebKit 1.

9:16 AM Changeset in webkit [198134] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Build fix.

  • Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::loadedBlobAsText):

8:58 AM Changeset in webkit [198133] by youenn.fablet@crf.canon.fr
  • 15 edits
    3 copies
    1 add in trunk

[Fetch API] Implement data resolution for blob stored in Body
https://bugs.webkit.org/show_bug.cgi?id=155359

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/request/request-consume-expected.txt:
  • web-platform-tests/fetch/api/request/request-consume.html:
  • web-platform-tests/fetch/api/request/request-init-002-expected.txt:
  • web-platform-tests/fetch/api/response/response-consume-expected.txt:
  • web-platform-tests/fetch/api/response/response-consume.html:
  • web-platform-tests/fetch/api/response/response-init-002-expected.txt:

Source/WebCore:

Introducing FetchLoader as a wrapper around ThreadableLoader to load resources.
FetchLoader can retrieve data as text or array buffer. It only supports blob currently.

Introducing FetchLoaderClient interface and FetchBodyOwner::BlobLoader as specifc blob loader client.

Covered by existing rebased tests.

  • CMakeLists.txt:
  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::loadingType):
(WebCore::FetchBody::loadedAsArrayBuffer):
(WebCore::FetchBody::loadedAsText):

  • Modules/fetch/FetchBody.h:
  • Modules/fetch/FetchBodyOwner.cpp: Added.

(WebCore::FetchBodyOwner::FetchBodyOwner):
(WebCore::FetchBodyOwner::loadBlob):
(WebCore::FetchBodyOwner::finishBlobLoading):
(WebCore::FetchBodyOwner::blobLoadingFailed):
(WebCore::FetchBodyOwner::BlobLoader::didReceiveResponse):

  • Modules/fetch/FetchBodyOwner.h:

(WebCore::FetchBodyOwner::loadedBlobAsText):
(WebCore::FetchBodyOwner::loadedBlobAsArrayBuffer):
(WebCore::FetchBodyOwner::blobLoadingSucceeded):

  • Modules/fetch/FetchLoader.cpp: Added.

(WebCore::FetchLoader::start):
(WebCore::FetchLoader::FetchLoader):
(WebCore::FetchLoader::stop):
(WebCore::FetchLoader::didReceiveResponse):
(WebCore::FetchLoader::didReceiveData):
(WebCore::FetchLoader::didFinishLoading):
(WebCore::FetchLoader::didFail):

  • Modules/fetch/FetchLoader.h: Added.
  • Modules/fetch/FetchLoaderClient.h: Added.

(WebCore::FetchLoaderClient::~FetchLoaderClient):
(WebCore::FetchLoaderClient::didReceiveResponse):
(WebCore::FetchLoaderClient::didFinishLoadingAsText):
(WebCore::FetchLoaderClient::didFinishLoadingAsArrayBuffer):

  • WebCore.xcodeproj/project.pbxproj:
8:42 AM Changeset in webkit [198132] by commit-queue@webkit.org
  • 5 edits in trunk

Restored ENABLE_WEBCORE option and used it in JSCOnly port.
https://bugs.webkit.org/show_bug.cgi?id=155428

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-14
Reviewed by Michael Catanzaro.

This is a partial revert of r182624.

  • CMakeLists.txt:
  • Source/CMakeLists.txt:
  • Source/cmake/OptionsJSCOnly.cmake:
  • Source/cmake/WebKitFS.cmake:
8:40 AM Changeset in webkit [198131] by fred.wang@free.fr
  • 2 edits in trunk/Tools

Unreviewed: Add my professional email address.

  • Scripts/webkitpy/common/config/contributors.json:
8:26 AM Changeset in webkit [198130] by fred.wang@free.fr
  • 2 edits in trunk/LayoutTests

Skip accessibility/internal-link-anchors2.html as the linked ui element API is not supported for links.

Unreviewed test gardening.

  • platform/gtk/TestExpectations:
8:19 AM Changeset in webkit [198129] by fred.wang@free.fr
  • 4 edits
    2 adds in trunk

Make MathML colspan/rowspan consistent with HTML table cells.
https://bugs.webkit.org/show_bug.cgi?id=150253

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-14
Reviewed by Martin Robinson.

Source/WebCore:

Test: mathml/rowspan-crash.xhtml

We make MathMLElement::colSpan and MathMLElement::rowSpan consistent with the corresponding functions in HTMLTableCellElement.cpp.
These functions now return unsigned integers, use the same parsing functions and set a maximum for rowspan.
This latter change fixes crash/timeout with large values of rowspan.

  • mathml/MathMLElement.cpp: Include HTMLParserIdioms to use limitToOnlyHTMLNonNegative.

(WebCore::MathMLElement::colSpan): Use unsigned integer and limitToOnlyHTMLNonNegative.
(WebCore::MathMLElement::rowSpan): ditto. We also use the same maximum limit as HTMLTableCellElement.

  • mathml/MathMLElement.h: Make colSpan and rowSpan return unsigned integers.

LayoutTests:

We import crashing test from bug 150253.

  • mathml/rowspan-crash-expected.txt: Added.
  • mathml/rowspan-crash.xhtml: Added.
8:17 AM Changeset in webkit [198128] by Darin Adler
  • 2 edits in trunk/LayoutTests

Continue work on https://bugs.webkit.org/show_bug.cgi?id=106350

  • TestExpectations: Disable test fow now since it seems to be failing in WebKit 1 and depends on hooks not present in WebKit 1 test runner.
8:13 AM Changeset in webkit [198127] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Enable GSS-Negotiate support in libsoup
https://bugs.webkit.org/show_bug.cgi?id=155354

Patch by Tomas Popela <tpopela@redhat.com> on 2016-03-14
Reviewed by Carlos Garcia Campos.

Enable the SOUP_TYPE_AUTH_NEGOTIATE feature if libsoup was compiled
with the GSS-Negotiate support.

  • platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

7:17 AM Changeset in webkit [198126] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r198124 - [GTK] Reimplement webkit_web_context_clear_cache functionality.
https://bugs.webkit.org/show_bug.cgi?id=146041

Reviewed by Michael Catanzaro.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_clear_cache):

7:13 AM Changeset in webkit [198125] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Fix the GTK+ build after r198124.

WebsiteDataTypes is now an OptionSet.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_clear_cache):

6:36 AM Changeset in webkit [198124] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[GTK] Reimplement webkit_web_context_clear_cache functionality.
https://bugs.webkit.org/show_bug.cgi?id=146041

Reviewed by Michael Catanzaro.

  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_clear_cache):

6:16 AM Changeset in webkit [198123] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r198098 - Install WebKit2 WebProcess NetworkProcess on OSX when not building the Mac PORT
https://bugs.webkit.org/show_bug.cgi?id=152651

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-03-14
Reviewed by Philippe Normand.

  • CMakeLists.txt:
6:12 AM WebKitGTK/2.12.x edited by Carlos Garcia Campos
(diff)
6:12 AM Changeset in webkit [198122] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r198058 - [GTK][Mac] Don't force ENABLE_INTROSPECTION=OFF on Mac
https://bugs.webkit.org/show_bug.cgi?id=152650

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-03-12
Reviewed by Carlos Garcia Campos.

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:
[GTK][Mac] Use DYLD_LIBRARY_PATH on OSX rather then LD_LIBRARY_PATH
https://bugs.webkit.org/show_bug.cgi?id=152650

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-03-12
Reviewed by Carlos Garcia Campos.

  • PlatformGTK.cmake:
6:09 AM Changeset in webkit [198121] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197927 - [GTK] Artifacts when using web view background color
https://bugs.webkit.org/show_bug.cgi?id=155229

Reviewed by Mario Sanchez Prada.

This is because when using a web view color, we fill with the
color every rectangle updated by the web process, but we should
always fill the entire backing store before rendering the actual
contents on top.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::display): Ensure the web process always
renders the whole visible rectangle when background is rendered by
the UI process.

6:08 AM Changeset in webkit [198120] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197998 - [GTK] Fix rendering of slider input elements
https://bugs.webkit.org/show_bug.cgi?id=155296

Reviewed by Michael Catanzaro.

Use the new gadgets for newer GTK+ and improve a bit the rendering
for previous versions to better match GTK+.

  • rendering/RenderThemeGtk.cpp:

(WebCore::createStyleContext): Add ScaleContents and
ScaleHighlight parts that are only used with GTK+ 3.19.
(WebCore::RenderThemeGtk::paintSliderTrack): Use a smaller trough,
centered in the given rectangle to better match GTK+. Also render
the hightlight gadget with GTK+ 3.19.
(WebCore::RenderThemeGtk::paintSliderThumb): Also create the style
context for contents gadget.
(WebCore::RenderThemeGtk::adjustSliderThumbSize): Take into
account the slider border when calculating the slider thumb size.

6:07 AM Changeset in webkit [198119] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197997 - [GTK] Scrollbars are broken once again with current GTK+ master
https://bugs.webkit.org/show_bug.cgi?id=155292

Reviewed by Michael Catanzaro.

Most of the trough theming properties have been moved to the
scrollbar, and a new gadget "contents" has been added between the
scrollbar and its children.

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Add
left/bottom style classes to ensure the scrollbars border is taken
into account and rendered.
(WebCore::ScrollbarThemeGtk::paintTrackBackground): Also create
style context for contents gadget.
(WebCore::ScrollbarThemeGtk::paintThumb): Ditto.
(WebCore::ScrollbarThemeGtk::paintButton): Ditto.
(WebCore::ScrollbarThemeGtk::scrollbarThickness): Take the
scrollbar border into account.
(WebCore::ScrollbarThemeGtk::buttonSize): Also create style
context for contents gadget.
(WebCore::ScrollbarThemeGtk::getStepperSpacing): Ditto.
(WebCore::ScrollbarThemeGtk::minimumThumbLength): Ditto.
(WebCore::ScrollbarThemeGtk::thumbFatness): Ditto.
(WebCore::ScrollbarThemeGtk::getTroughBorder): Take the scrollbar
border into account.

6:06 AM Changeset in webkit [198118] by Carlos Garcia Campos
  • 12 edits in releases/WebKitGTK/webkit-2.12

Merge r197811 - Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

  • css3/calc/font-size-fractional-expected.txt:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
  • editing/mac/attributed-string/font-size-expected.txt:
  • editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:
5:15 AM Changeset in webkit [198117] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197802 - Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Daniel Bates.

  • UserInterface/Main.html:

Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

5:10 AM Changeset in webkit [198116] by youenn.fablet@crf.canon.fr
  • 8 edits in trunk

Web platform test server should not try to launch servers on already bound sockets
https://bugs.webkit.org/show_bug.cgi?id=141157

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • resources/config.json: Changed wpt https port from 8443 to 9443.
  • web-platform-tests/fetch/api/basic/mode-no-cors-expected.txt: Updated according https port change.
  • web-platform-tests/fetch/api/basic/mode-no-cors-worker-expected.txt: Ditto.
  • web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt: Ditto.
  • web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt: Ditto.

Tools:

  • Scripts/webkitpy/layout_tests/servers/web_platform_test_server.py:

(wpt_config_json): Load WPT config from LayoutTests/imported/w3c/resources/config.json.
(base_url): Refactored to use wpt_config_json routine.
(WebPlatformTestServer.init): Fill port mappings according WPT config.

5:02 AM Changeset in webkit [198115] by rniwa@webkit.org
  • 17 edits
    2 adds in trunk

Add slotchange event
https://bugs.webkit.org/show_bug.cgi?id=155424
<rdar://problem/24997534>

Reviewed by Antti Koivisto.

Source/WebCore:

Added slotchange event as discussed on https://github.com/w3c/webcomponents/issues/288.

While the exact semantics of it could still evolve over time, this patch implements as
an asynchronous event that fires on a slot element whenever its distributed nodes change
(flattened assigned nodes):
http://w3c.github.io/webcomponents/spec/shadow/#dfn-distributed-nodes

Since inserting or removing an element from a shadow host could needs to enqueue this event
on the right slot element, this patch moves the invalidation point of element removals and
insertions from Element::childrenChanged to Element::insertedInto and Element::removedFrom.
Text nodes are still invalidated at Element::childrenChanged for performance reasons
since it could only appear within a default slot element.

Because this more fine-grained invalidation needs to be overridden by HTMLDetailsElement,
we now subclass SlotAssignment in HTMLDetailsElement instead of passing in a std::function.

Test: fast/shadow-dom/slotchange-event.html

  • dom/Document.cpp:

(WebCore::Document::enqueueSlotchangeEvent): Added.

  • dom/Document.h:
  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Call hostChildElementDidChangeSlotAttr.
(WebCore::Element::insertedInto): Call hostChildElementDidChange.
(WebCore::Element::removedFrom): Ditto.
(WebCore::Element::childrenChanged): Don't invalidate the slots on ElementInserted and
ElementRemoved since they're now done in Element::insertedInto and Element::removedFrom.

  • dom/Event.cpp:

(WebCore::Event::scoped): slotchange event is scoped.

  • dom/EventNames.h: Added eventNames().slotchange.
  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::invalidateSlotAssignments): Deleted.
(WebCore::ShadowRoot::invalidateDefaultSlotAssignments): Deleted.

  • dom/ShadowRoot.h:

(ShadowRoot): Added more fine-grained invalidators, mirroring changes to SlotAssignment.

  • dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::SlotAssignment): Removed a variant that takes SlotNameFunction
since HTMLDetailsElement now subclasses SlotAssignment.
(WebCore::SlotAssignment::~SlotAssignment): Added now that the class is virtual.
(WebCore::recursivelyFireSlotChangeEvent): Added.
(WebCore::SlotAssignment::didChangeSlot): Added. Invalidates the style tree only if there
is a corresponding slot element, and fires slotchange event. When the slot element we found
in this shadow tree is assigned to a slot element inside an inner shadow tree, recursively
fire slotchange event on each such inner slots.
(WebCore::SlotAssignment::hostChildElementDidChange): Added. Update the matching slot when
an element is inserted or removed under a shadow host.
(WebCore::SlotAssignment::assignedNodesForSlot): Removed the superfluous early exit to an
release assert since addSlotElementByName should always create a SlotInfo for each element.
(WebCore::SlotAssignment::slotNameForHostChild): Added. This is the equivalent of old
m_slotNameFunction which DetailsSlotAssignment overrides.
(WebCore::SlotAssignment::invalidateDefaultSlot): Deleted.
(WebCore::SlotAssignment::findFirstSlotElement): Added an assertion. slotInfo.element must
be nullptr if elementCount is 0, and elementCount must be 0 if slotInfo.element is nullptr
after calling resolveAllSlotElements, which traverses the entire shadow tree to find all
slot elements.
(WebCore::SlotAssignment::assignSlots):

  • dom/SlotAssignment.h: Implemented inline functions of ShadowRoot here to avoid including

SlotAssignment.h in ShadowRoot.h. Not inlining them results in extra function calls for all
builtin elements with shadow root without slot elements, which impacts performance.
(WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost): Added.
(WebCore::ShadowRoot::didChangeDefaultSlot): Added.
(WebCore::ShadowRoot::hostChildElementDidChange): Added.
(WebCore::ShadowRoot::hostChildElementDidChangeSlotAttribute): Added.
(WebCore::ShadowRoot::innerSlotDidChange):

  • html/HTMLDetailsElement.cpp:

(WebCore::DetailsSlotAssignment): Added. Subclasses SlotAssignment to override
hostChildElementDidChange and slotNameForHostChild.
(WebCore::DetailsSlotAssignment::hostChildElementDidChange): Added. We don't check if this
is the first summary element since we don't know the answer when this function is called
inside Element::removedFrom.
(WebCore::DetailsSlotAssignment::slotNameForHostChild): Renamed from slotNameFunction. Also
removed the code to return nullAtom when details element is not open as that messes up new
fine-grained invalidation. Insert/remove the slot element in parseAttribute instead.
(WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot): Don't insert the slot element for
the summary since the details element is not open now.
(WebCore::HTMLDetailsElement::parseAttribute): Remove and insert the slot element for the
summary here instead of changing the behavior of slotNameForHostChild.

  • html/HTMLDetailsElement.h:
  • html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::enqueueSlotChangeEvent): Added. Enqueues a new slotchange event
if we haven't done so for this element yet.
(WebCore::HTMLSlotElement::dispatchEvent): Added. Clear m_hasEnqueuedSlotChangeEvent when
dispatching a slotchange event so that a subsequent call to enqueueSlotChangeEvent would
enqueue a new event. Note scripts call EventTarget::dispatchEventForBindings instead.

  • html/HTMLSlotElement.h:

LayoutTests:

Added a W3C style testharness.js test.

  • fast/shadow-dom/ShadowRoot-interface-expected.txt:
  • fast/shadow-dom/ShadowRoot-interface.html: Don't import testharness.css from svn.webkit.org.
  • fast/shadow-dom/slotchange-event-expected.txt: Added.
  • fast/shadow-dom/slotchange-event.html: Added.
4:57 AM Changeset in webkit [198114] by Carlos Garcia Campos
  • 9 edits
    2 adds in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197796 - Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGOperations.cpp:
  • runtime/RegExp.cpp:

(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.

  • runtime/RegExp.h:
  • runtime/RegExpInlines.h: Added.

(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.

  • runtime/RegExpMatchesArray.h:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.

  • runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):

  • runtime/RegExpObjectInlines.h: Added.

(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

4:38 AM Changeset in webkit [198113] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Reduce unnecessary dashboard repaints
https://bugs.webkit.org/show_bug.cgi?id=155425
<rdar://problem/25138247>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DefaultDashboardView.js:

(WebInspector.DefaultDashboardView.prototype._appendElementForNamedItem.):
newText is a number for console message counters.

4:31 AM Changeset in webkit [198112] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197784 - Scrolling does not work when the mouse down is handled by a node
https://bugs.webkit.org/show_bug.cgi?id=19033

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

When a mouse press/down event happens on a scrollbar area, but event
is default prevented in the document level, for example, event does not get
properly passed to scrollbars, although it should.

Problem started long ago with r17770, and was improved with r19596.
However, years later, the way Scrollbar* is obtained is still currently different
weither event is default prevented or not.

Patch uniforms the logic for both cases, and fixes the bug.

Note: code before used to look like

if (swallowEvent) {

<code>

} else {

<bleh>
<foo>

}

.. and now looks like

if (!swallowEvent)

<bleh>

<code>

if (!swallowEvent)

<foo>

e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

  • page/EventHandler.cpp:

(WebCore::scrollbarForMouseEvent):
(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

  • fast/events/prevent-default-prevents-interaction-with-scrollbars-expected.txt: Added.
  • fast/events/prevent-default-prevents-interaction-with-scrollbars.html: Added.
4:24 AM Changeset in webkit [198111] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197774 - WeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
<https://webkit.org/b/155154>

Reviewed by Darin Adler.

Reorder the checks in WeakBlock::visit() so we don't look at the mark bits in MarkedBlock
unless the current WeakImpl has a WeakHandleOwner we need to consult.

I was originally hoping to make an optimization that could skip over entire WeakBlocks
if they didn't have a single WeakHandleOwner, but it turns out that scenario is not as
common as I suspected.

  • heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):

4:11 AM Changeset in webkit [198110] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197730 - Reduce the number of instructions needed to record the last regexp result
https://bugs.webkit.org/show_bug.cgi?id=155161

Reviewed by Sam Weinig.

This tightens up RegExpCachedResult::record(). My profiling shows that we spend just
over 1% of the time in Octane/regexp in this function. This function had two obvious
redundancies:

1) It executed the write barrier on owner twice. It only needs to execute it once. Since

the same RegExpConstructor is likely to be used many times, it makes sense to do the
barrier without looking at the 'to' objects at all. In steady state, this means that
the RegExpConstructor will simply be OldGrey so this one barrier will always skip the
slow path.

2) It cleared some fields that didn't need to be cleared, since we can just use

m_reified to indicate that the fields are not meaningful anymore.

This is meant to be a microscopic regexp speed-up.

  • runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::visitChildren):
(JSC::RegExpCachedResult::lastResult):

  • runtime/RegExpCachedResult.h:

(JSC::RegExpCachedResult::record):

4:02 AM Changeset in webkit [198109] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197729 - createRegExpMatchesArray should allocate substrings more quickly
https://bugs.webkit.org/show_bug.cgi?id=155160

Reviewed by Sam Weinig.

This was calling a version of jsSubstring() that isn't inlineable because it was doing a lot
of checks in finishCreation(). In particular, it was checking that the base string is not
itself a substring and that it's been resolved. We don't need those checks here, since the
string must have been resolved prior to regexp processing.

This patch is also smart about whether to do checks for the empty and full substrings. In
the matches array loop, these checks are super unlikely to be profitable, so we just
unconditionally allocate the substring.

This removes those checks and makes the allocation inlineable. It looks like a 1% speed-up
on Octane/regexp.

  • runtime/JSString.h:

(JSC::jsSubstring):
(JSC::jsSubstringOfResolved):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):

3:27 AM Changeset in webkit [198108] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197725 - [JSC] Small clean up of how we use SSA's valuesAtHead
https://bugs.webkit.org/show_bug.cgi?id=155152

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Filip Pizlo.

liveAtHead and valuesAtHead contain the same nodes,
we do not need the extra look up.

This also opens the way to use the same kind of liveness
analysis as Air (where live values at head do not use a set).

  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

3:20 AM Changeset in webkit [198107] by Carlos Garcia Campos
  • 6 edits
    34 adds in releases/WebKitGTK/webkit-2.12

Merge r197724 - CSP: Source '*' should not match URLs with schemes blob, data, or filesystem
https://bugs.webkit.org/show_bug.cgi?id=154122
<rdar://problem/24613336>

Reviewed by Brent Fulgham.

Source/WebCore:

Restrict matching of source expression * to HTTP or HTTPS URLs for all directives except
img-src and media-src. This policy is more restrictive than the policy described in section
Matching Source Expressions of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721>,
which restricts matching * to schemes that are not blob, data, or filesystem.

For directive img-src we restrict matching of * to HTTP, HTTPS, and data URLs. For directive
media-src we restrict matching of * to HTTP, HTTPS, data URLs and blob URLs. We use a
more lenient interpretation of * for directives img-src and media-src than required by
the spec. to mitigate web compatibility issues.

Tests: fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html

fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html
fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html
fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html
http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html
http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html
media/video-with-blob-url-allowed-by-csp-media-src-star.html
media/video-with-data-url-allowed-by-csp-media-src-star.html
media/video-with-file-url-blocked-by-csp-media-src-star.html

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Added.
(WebCore::ContentSecurityPolicySourceList::matches): Modified to only match * if ContentSecurityPolicySourceList::isProtocolAllowedByStar().
evaluates to true.

  • page/csp/ContentSecurityPolicySourceList.h:

LayoutTests:

Add tests to ensure that we do not regress our interpretation of * with respect to directives
img-src, media-src, style-src, and default-src.

When running in WebKitTestRunner, skip the tests fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
and media/video-with-blob-url-allowed-by-csp-media-src-star.html as they make use of eventSender.beginDragWithFiles(),
which is not implement. We will need to fix <https://bugs.webkit.org/show_bug.cgi?id=64285>
before we can run these tests in WebKitTestRunner.

  • TestExpectations:
  • fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html: Added.
  • fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html: Added.
  • fast/dom/HTMLImageElement/resources/green.png: Added.
  • fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html: Added.
  • fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html: Added.
  • fast/dom/HTMLLinkElement/resources/red-background-color.css: Added.

(#test):

  • http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html: Added.
  • http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html: Added.
  • media/video-with-blob-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-data-url-allowed-by-csp-media-src-star-expected.html: Added.
  • media/video-with-data-url-allowed-by-csp-media-src-star.html: Added.
  • media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Added.
  • media/video-with-file-url-blocked-by-csp-media-src-star.html: Added.
  • platform/wk2/TestExpectations:
3:19 AM Changeset in webkit [198106] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197706 - Cleanup: Add convenience function URL::procotolIsBlob()
https://bugs.webkit.org/show_bug.cgi?id=155127
<rdar://problem/25016829>

Reviewed by Brent Fulgham.

Source/WebCore:

Similar to the class member function URL::protocolIsData(), add a class member function to
class URL to determine if a URL is a blob URL.

No functionality was changed. So, no new tests.

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::shouldUseInnerURL): Modified to use URL::protocolIsBlob().
(WebCore::getCachedOrigin): Ditto.

  • platform/URL.h:

(WebCore::URL::protocolIsBlob): Added.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcStart): Modified to use URL::protocolIsBlob().
(urlHasSupportedProtocol): Ditto.

  • workers/Worker.cpp:

(WebCore::Worker::didReceiveResponse): Ditto.

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Ditto.

Source/WebKit2:

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): Modified to use URL::protocolIsBlob().

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::NetworkResourceLoader): Ditto.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::canHandleRequest): Ditto.

2:57 AM Changeset in webkit [198105] by Carlos Garcia Campos
  • 7 edits
    1 copy in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r197797 - Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

2:52 AM Changeset in webkit [198104] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197716 - Crash in WebCore::RenderElement::containingBlockForObjectInFlow
https://bugs.webkit.org/show_bug.cgi?id=155109

Reviewed by Simon Fraser.

It's unsafe to call containingBlock() on RenderView.

Unable to reproduce.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::styleWillChange):
(WebCore::RenderBlock::isSelfCollapsingBlock):
(WebCore::RenderBlock::selectionGaps):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::computePercentageLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):

  • rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
(WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
(WebCore::RenderLayer::updatePagination):
(WebCore::inContainingBlockChain):

  • rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::isValidColumnSpanner):

  • rendering/RenderNamedFlowThread.cpp:

(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):

  • rendering/RenderObject.cpp:

(WebCore::hasFixedPosInNamedFlowContainingBlock):

  • rendering/RenderReplaced.cpp:

(WebCore::firstContainingBlockWithLogicalWidth):

  • rendering/RenderView.cpp:

(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

2:46 AM Changeset in webkit [198103] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197715 - RegExp.prototype.exec() should call into Yarr at most once
https://bugs.webkit.org/show_bug.cgi?id=155139

Reviewed by Saam Barati.

For apparently no good reason, RegExp.prototype.match() was calling into Yarr twice, almost
as if it was hoping that the non-matching case was so common that it was best to have the
matching case do the work all over again.

This is a 4% speed-up on Octane/regexp. It's also a matter of common sense: we should not be
in the business of presuming whether someone's match will succeed or fail. The increased
cost of running Yarr twice is so much larger than whatever savings we were getting from
running a match-only regexp that this is just not a good overall deal for the engine.

Also, it's interesting that we are seeing a 4% speed-up on regexp despite the fact that a
majority (almost a supermajority, I think) of calls into RegExp.prototype.match() are failed
matches. So, this change is a 4% speed-up despite being a slow down on the common case. That
tells you just how bad the old behavior was on the uncommon case.

  • runtime/MatchResult.h:

(MatchResult::MatchResult):
(MatchResult::failed):
(MatchResult::operator bool):

  • runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::lastResult):

  • runtime/RegExpConstructor.h:

(JSC::RegExpConstructor::setMultiline):
(JSC::RegExpConstructor::multiline):
(JSC::RegExpConstructor::performMatch):
(JSC::RegExpConstructor::recordMatch):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):

  • runtime/RegExpMatchesArray.h:

(JSC::createRegExpMatchesArray):

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::getLastIndexAsUnsigned):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

2:44 AM Changeset in webkit [198102] by youenn.fablet@crf.canon.fr
  • 20 edits in trunk/Source/WebCore

Introduce CallWith=Document in binding generator
https://bugs.webkit.org/show_bug.cgi?id=155358

Reviewed by Darin Adler.

Covered by existing tests and binding test.

  • Modules/notifications/Notification.cpp:

(WebCore::Notification::permission): Taking a Document& instead of ScriptExecutionContext&.
(WebCore::Notification::requestPermission): Ditto.

  • Modules/notifications/Notification.h:
  • Modules/notifications/Notification.idl: Using CallWith=Document.
  • bindings/scripts/CodeGeneratorJS.pm: Adding support for CallWith=Document and changed name from scriptContext to context.

(GenerateCallWith):
(GenerateConstructorDefinition):

  • bindings/scripts/IDLAttributes.txt: Adding support for CallWith=Document.
  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

(webkit_dom_test_obj_with_document_argument):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
(WebCore::jsTestObjPrototypeFunctionWithDocumentArgument):

  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:

(-[DOMTestObj withDocumentArgument]):

  • bindings/scripts/test/TestObj.idl: Adding binding test.
  • page/DOMWindow.cpp:

(WebCore::DOMWindow::focus): Taking a Document& instead of ScriptExecutionContext&.
(WebCore::DOMWindow::close): Ditto.

  • page/DOMWindow.h:
  • page/DOMWindow.idl:
  • page/History.cpp:

(WebCore::History::back): Ditto.
(WebCore::History::forward): Ditto.
(WebCore::History::go): Ditto.

  • page/History.h:
  • page/History.idl:
  • testing/Internals.cpp:

(WebCore::InspectorStubFrontend::closeWindow): Calling DOMWindow::close() directly.

2:21 AM Changeset in webkit [198101] by Carlos Garcia Campos
  • 13 edits
    8 adds
    1 delete in releases/WebKitGTK/webkit-2.12

Merge r197697 - CSP: object-src directive should prohibit creation of nested browsing context
https://bugs.webkit.org/show_bug.cgi?id=153153
<rdar://problem/24383209>

Reviewed by Brent Fulgham.

Source/WebCore:

Enforce the Content Security Policy object-src directive when fetching a URL for content
that will cause an HTML object or HTML embed element to act as a nested browsing context
(i.e. behave as if the content was loaded in an HTML iframe element). This makes our
enforcement of the object-src directive match the behavior of the object-src directive
in the Content Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Tests: http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html

http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Extracted from SubframeLoader::pluginIsLoadable().
Checks if the plugin element is allowed by the Content Security Policy to load the URL and MIME type.
(WebCore::SubframeLoader::pluginIsLoadable): Extract out the logic for determining if
the plugin content is allowed to load by the Content Security Policy into SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
and make use of this function.
(WebCore::SubframeLoader::requestObject): Modified to call SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
before loading plugin content into a sub frame. If the plugin content is not allowed to load then we
mark the plugin as unavailable with the reason being that it was blocked by the Content Security Policy.

  • loader/SubframeLoader.h:

LayoutTests:

Add test to ensure that we enforce the Content Security Policy object-src directive
for HTML object and HTML embed elements that behave like an HTML iframe element.

  • TestExpectations: Remove entries for tests that pass.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-code-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked.html:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked.html:
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-param-url-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html:

Simplify the code used in the above tests and update incorrect expected results.

  • http/tests/security/contentSecurityPolicy/object-src-url-blocked2-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/object-src-param.js: Removed.
1:44 AM Changeset in webkit [198100] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.4.10

WebKitGTK+ 2.4.10

1:43 AM Changeset in webkit [198099] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.4

Unreviewed. Update NEWS and Versions.m4 for 2.4.10 release.

.:

  • Source/autotools/Versions.m4: Bump version numbers.

Source/WebKit/gtk:

  • NEWS: Added release notes for 2.4.10.
1:37 AM Changeset in webkit [198098] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Install WebKit2 WebProcess NetworkProcess on OSX when not building the Mac PORT
https://bugs.webkit.org/show_bug.cgi?id=152651

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-03-14
Reviewed by Philippe Normand.

  • CMakeLists.txt:
12:34 AM Changeset in webkit [198097] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore/platform/gtk/po

Translation updates: German, Spanish, French, Italian, Korean, Brazilian Portuguese, Russian, Chinese

12:07 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos
(diff)

Mar 12, 2016:

11:27 PM Changeset in webkit [198096] by Darin Adler
  • 1 edit
    2 adds in trunk/LayoutTests

Add copy/paste plug-in check for XHTML document
https://bugs.webkit.org/show_bug.cgi?id=106350

Reviewed by David Kilzer.

This bug was filed because of the assumption that there was a bug, but it
turns out that even in XHTML documents, we use HTML tree builder, so there is
no bug. Thus this just adds the test that demonstrates this.

  • editing/pasteboard/paste-noplugin-xhtml-expected.txt: Added.
  • editing/pasteboard/paste-noplugin-xhtml.xhtml: Added.
11:20 PM Changeset in webkit [198095] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Large repaints when typing any character in console
https://bugs.webkit.org/show_bug.cgi?id=155387
<rdar://problem/25125720>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/Main.css:

(#content):

10:57 PM Changeset in webkit [198094] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Memory timeline pie charts are misaligned when there is no recording
https://bugs.webkit.org/show_bug.cgi?id=155421

Patch by Devin Rousso <Devin Rousso> on 2016-03-13
Reviewed by Timothy Hatcher.

  • UserInterface/Views/MemoryTimelineView.css:

(.timeline-view.memory > .content > .overview):
Removed top padding to match bottom padding.

(.timeline-view.memory .legend > .row):
(.timeline-view.memory .legend):
Moved specified width to prevent unrecorded timelines from having graphs
that are offset horizontally.

9:52 PM Changeset in webkit [198093] by commit-queue@webkit.org
  • 22 edits in trunk

Remove ENABLE(ES6_TEMPLATE_LITERAL_SYNTAX) guards
https://bugs.webkit.org/show_bug.cgi?id=155417

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-13
Reviewed by Yusuke Suzuki.

.:

  • Source/cmake/OptionsWin.cmake:
  • Source/cmake/WebKitFeatures.cmake:
  • Source/cmake/tools/vsprops/FeatureDefines.props:
  • Source/cmake/tools/vsprops/FeatureDefinesCairo.props:

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:
  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parsePrimaryExpression): Deleted.
(JSC::Parser<LexerType>::parseMemberExpression): Deleted.

Source/WebCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

  • wtf/FeatureDefines.h:

Tools:

  • Scripts/webkitperl/FeatureList.pm:
  • TestWebKitAPI/Configurations/FeatureDefines.xcconfig:

WebKitLibraries:

  • win/tools/vsprops/FeatureDefines.props:
  • win/tools/vsprops/FeatureDefinesCairo.props:
9:43 PM Changeset in webkit [198092] by weinig@apple.com
  • 6 edits
    3 adds in trunk

Implement unprivileged execCommand("copy") and execCommand("cut")
<rdar://problem/24354406>
https://bugs.webkit.org/show_bug.cgi?id=146336

Reviewed by Dean Jackson.

Source/WebCore:

Test: editing/execCommand/clipboard-access-with-user-gesture.html

  • WebCore.xcodeproj/project.pbxproj:

Add new files.

  • editing/ClipboardAccessPolicy.h:

Added.

  • editing/EditorCommand.cpp:

(WebCore::defaultValueForSupportedCopyCut):
(WebCore::supportedCopyCut):
Match other browsers and allow the copy and cut commands
to be executed when there is a user gesture.

  • page/Settings.h:

Add include of ClipboardAccessPolicy.h.

  • page/Settings.in:

Add new setting for ClipboardAccessPolicy

LayoutTests:

  • editing/execCommand/clipboard-access-with-user-gesture-expected.txt: Added.
  • editing/execCommand/clipboard-access-with-user-gesture.html: Added.

Add test for using execCommand("copy") and execCommand("cut") during a user gesture.

8:58 PM Changeset in webkit [198091] by dino@apple.com
  • 41 edits in trunk

DRT should enable WebGL by default on Mac
https://bugs.webkit.org/show_bug.cgi?id=155419
<rdar://problem/25136981>

Reviewed by Sam Weinig.

Tools:

For some reason, lost in time, WebGL was enabled
by default on trunk, but disabled by default
in DumpRenderTree when using WebKit 1. This
was very annoying, because each test had
an explicit command to enable it.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues): Deleted WebGL line.

LayoutTests:

Update all the tests that no longer have to explicitly
turn WebGL on.

  • compositing/backface-visibility/backface-visibility-webgl.html:
  • compositing/visibility/visibility-simple-webgl-layer.html:
  • compositing/webgl/webgl-background-color.html:
  • compositing/webgl/webgl-no-alpha.html:
  • compositing/webgl/webgl-nonpremultiplied-blend.html:
  • compositing/webgl/webgl-reflection.html:
  • compositing/webgl/webgl-repaint.html:
  • fast/canvas/webgl/antialiasing-enabled.html:
  • fast/canvas/webgl/canvas-resize-crash.html:
  • fast/canvas/webgl/css-webkit-canvas-repaint.html:
  • fast/canvas/webgl/css-webkit-canvas.html:
  • fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays-expected.txt:
  • fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html:
  • fast/canvas/webgl/premultiplyalpha-test.html:
  • fast/canvas/webgl/resources/webgl-test.js:

(initNonKhronosFramework): Deleted.

  • fast/canvas/webgl/texImage2DImageDataTest.html:
  • fast/canvas/webgl/toDataURL-unpremultipliedAlpha.html:
  • fast/canvas/webgl/unprefixed-context.html:
  • fast/canvas/webgl/webgl-composite-modes-repaint.html:
  • fast/canvas/webgl/webgl-composite-modes.html:
  • fast/canvas/webgl/webgl-drawarrays-crash.html:
  • fast/canvas/webgl/webgl-layer-update.html:
  • fast/canvas/webgl/webgl-reload-crash.html:
  • http/tests/canvas/webgl/origin-clean-conformance.html:
  • http/tests/security/webgl-remote-read-remote-image-allowed-with-credentials.html:
  • http/tests/security/webgl-remote-read-remote-image-allowed.html:
  • http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin.html:
  • http/tests/webgl/1.0.2/resources/webgl_test_files/conformance/more/unit.js:
  • http/tests/webgl/1.0.2/resources/webgl_test_files/resources/js-test-pre.js:
  • http/tests/webgl/1.0.2/resources/webkit-webgl-test-harness.js:
  • imported/blink/compositing/draws-content/webgl-simple-background.html:
  • webgl/1.0.2/resources/webgl_test_files/conformance/more/unit.js:
  • webgl/1.0.2/resources/webgl_test_files/resources/js-test-pre.js:
  • webgl/1.0.2/resources/webkit-webgl-test-harness.js:
  • webgl/1.0.3/resources/webgl_test_files/conformance/more/unit.js:
  • webgl/1.0.3/resources/webgl_test_files/resources/js-test-pre.js:
  • webgl/1.0.3/resources/webkit-webgl-test-harness.js:
  • webgl/resources/webkit-webgl-test-harness.js:
6:57 PM Changeset in webkit [198090] by rniwa@webkit.org
  • 5 edits
    2 adds in trunk

REGRESSION (r190840): crash inside details element's slotNameFunction
https://bugs.webkit.org/show_bug.cgi?id=155388

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by HTMLDetailsElement::isActiveSummary calling findAssignedSlot with a summary element
inside the shadow tree of the detials element. Fixed it by existing early when the summary element passed
to isActiveSummary is not a direct child of the details element.

Test: fast/html/details-summary-tabindex-crash.html

  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::findAssignedSlot): Added an assertion for regression testing.

  • dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::findAssignedSlot): Removed the superfluous call to assignSlots added in r190840.
There is no need to update the slot assignments here (entires in m_slots are added or removed by
addSlotElementByName or removeSlotElementByName and assignSlots only updates assignedNodes in each SlotInfo
which is never used in this function or findFirstSlotElement.

  • html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::isActiveSummary): Fixed the bug.

LayoutTests:

Added a regression test.

  • fast/html/details-summary-tabindex-crash-expected.txt: Added.
  • fast/html/details-summary-tabindex-crash.html: Added.
6:44 PM Changeset in webkit [198089] by mitz@apple.com
  • 4 edits
    1 add in trunk/Source/WebKit2

[Mac] Injected bundle in relocatable WebContent service can’t use XPC services from other relocatable frameworks
https://bugs.webkit.org/show_bug.cgi?id=155414
<rdar://problem/24428418>

Reviewed by Sam Weinig.

  • Configurations/DebugRelease.xcconfig: Set WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT to NO, because engineering builds are ad-hoc signed and therefore can’t have a private entitlement.
  • Configurations/WebContent-OSX.entitlements: Added. Includes the XPC domain extension entitlement.
  • Configurations/WebContentService.xcconfig: Set WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT to YES if not already set and the framework is relocatable. Set CODE_SIGN_ENTITLEMENTS to the new entitlements file if the domain extension entitlement is needed.
  • WebKit2.xcodeproj/project.pbxproj: Added reference to new file.
6:09 PM Changeset in webkit [198088] by dino@apple.com
  • 32 edits in trunk

<attachment> should be a runtime-enabled feature
https://bugs.webkit.org/show_bug.cgi?id=155413
<rdar://problem/25120753>

Reviewed by Sam Weinig and Anders Carlsson.

Source/WebKit/mac:

Add an internal setting on WebPreferences
to enable the <attachment> element support.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences attachmentElementEnabled]):
(-[WebPreferences setAttachmentElementEnabled:]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit2:

Add an internal setting on WKWebViewConfiguration
to enable the <attachment> element support.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration init]):
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _attachmentElementEnabled]):
(-[WKWebViewConfiguration _setAttachmentElementEnabled:]):

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

LayoutTests:

Now that <attachment> is disabled by default, use an
internal setting to turn them back on test by test.

  • fast/attachment/attachment-default-icon-expected.html:
  • fast/attachment/attachment-default-icon.html:
  • fast/attachment/attachment-disabled-dom.html:
  • fast/attachment/attachment-disabled-rendering.html:
  • fast/attachment/attachment-dom.html:
  • fast/attachment/attachment-folder-icon-expected.html:
  • fast/attachment/attachment-folder-icon.html:
  • fast/attachment/attachment-icon-from-file-extension-expected.html:
  • fast/attachment/attachment-icon-from-file-extension.html:
  • fast/attachment/attachment-label-highlight.html:
  • fast/attachment/attachment-progress.html:
  • fast/attachment/attachment-rendering.html:
  • fast/attachment/attachment-select-on-click-inside-user-select-all.html:
  • fast/attachment/attachment-select-on-click.html:
  • fast/attachment/attachment-subtitle.html:
  • fast/attachment/attachment-title.html:
  • fast/attachment/attachment-type-attribute-expected.html:
  • fast/attachment/attachment-type-attribute.html:
  • editing/pasteboard/copy-paste-attachment.html:
  • editing/pasteboard/drag-and-drop-attachment-contenteditable.html:
3:54 PM Changeset in webkit [198087] by Antti Koivisto
  • 4 edits
    2 adds in trunk

ComposedTreeIterator fails to traverse slots if root is shadow host
https://bugs.webkit.org/show_bug.cgi?id=155407

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-shadow-subtree.html

  • dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::ComposedTreeIterator):

Traversal functions assume m_contextStack is deeper than 1 before they need to enter slot traversal code paths.
Call initializeContextStack in case of shadow host which does the right thing.

(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::composedTreeAsText):

Add option to include pointers as debugging aid.

  • dom/ComposedTreeIterator.h:

(WebCore::composedTreeChildren):

LayoutTests:

  • fast/shadow-dom/composed-tree-shadow-subtree-expected.txt: Added.
  • fast/shadow-dom/composed-tree-shadow-subtree.html: Added.
3:30 PM Changeset in webkit [198086] by commit-queue@webkit.org
  • 8 edits
    7 adds in trunk

Added new port JSCOnly.
https://bugs.webkit.org/show_bug.cgi?id=154512

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-13
Reviewed by Michael Catanzaro.

This port allows to build JavaScriptCore engine with minimal
dependencies.

.:

  • CMakeLists.txt:
  • Source/cmake/OptionsJSCOnly.cmake: Added.

Source/JavaScriptCore:

  • PlatformJSCOnly.cmake: Added.

Source/WTF:

  • wtf/PlatformJSCOnly.cmake: Added.
  • wtf/none/MainThreadNone.cpp: Added.
  • wtf/none/RunLoopNone.cpp: Added.
  • wtf/none/WorkQueueNone.cpp: Added.

Tools:

  • Scripts/build-jsc:
  • Scripts/webkitdirs.pm:

(argumentsForConfiguration):
(executableProductDir):
(determinePortName):
(isJSCOnly):
(wrapperPrefixIfNeeded):
(generateBuildSystemFromCMakeProject):
(buildCMakeGeneratedProject):

3:28 PM Changeset in webkit [198085] by ddkilzer@apple.com
  • 6 edits
    1 copy in trunk/Tools

TestWebKitAPI: fix linker warnings
<http://webkit.org/b/155394>

Reviewed by Darin Adler.

  • TestWebKitAPI/CMakeLists.txt:
  • Add RefLogger.cpp source file.
  • Add other missing cross-platform source files.
  • Add FIXMEs about RunLoop.cpp and about missing platform-specific source files.
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • Add RefLogger.cpp source file.
  • TestWebKitAPI/Counters.cpp:

(DeleterCounter<ConstructorDestructorCounter>::deleterCount):
Move specific declaration here to fix linker warning.

  • TestWebKitAPI/Counters.h:

(DeleterCounter<T>::deleterCount): Remove declaration of global
template variable.

  • TestWebKitAPI/Tests/WTF/RefLogger.cpp: Added.

(TestWebKitAPI::log): Added. Move inline definition in
RefLogger.h to here to fix linker warning.

  • TestWebKitAPI/Tests/WTF/RefLogger.h:

(TestWebKitAPI::log): Replace inline function with declaration.

3:03 PM Changeset in webkit [198084] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION: Styles sidebar inline swatches are oddly shaped
https://bugs.webkit.org/show_bug.cgi?id=155410

Patch by Devin Rousso <Devin Rousso> on 2016-03-13
Reviewed by Timothy Hatcher.

  • UserInterface/Views/InlineSwatch.css:

(.inline-swatch):
(.inline-swatch > span):
Added more consistent border-radius with UserInterface/Images/CubicBezier.svg.

  • UserInterface/Views/VisualStyleColorPicker.css:

(.visual-style-property-container.input-color-picker > .visual-style-property-value-container > .inline-swatch.color):
Made border-radius consistent with the adjacent input field.

1:12 PM Changeset in webkit [198083] by weinig@apple.com
  • 20 edits in trunk/Source

WebKit can easily crash below NetworkSession::dataTaskForIdentifier() with NSURLSession enabled
<rdar://problem/25129946>
https://bugs.webkit.org/show_bug.cgi?id=155401

Reviewed by Alex Christensen.

Source/WebCore:

Add a SessionID as a member of NetworkStorageSession. This allows us to avoid having HashMaps
to map between the two types.

  • platform/network/NetworkStorageSession.h:

(WebCore::NetworkStorageSession::sessionID):
(WebCore::NetworkStorageSession::credentialStorage):
(WebCore::NetworkStorageSession::platformSession):

  • platform/network/NetworkStorageSessionStub.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession):
(WebCore::NetworkStorageSession::context):
(WebCore::NetworkStorageSession::createPrivateBrowsingSession):
(WebCore::defaultSession):
(WebCore::NetworkStorageSession::defaultStorageSession):
(WebCore::NetworkStorageSession::switchToNewTestingSession):

  • platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession):
(WebCore::NetworkStorageSession::switchToNewTestingSession):
(WebCore::NetworkStorageSession::defaultStorageSession):
(WebCore::NetworkStorageSession::createPrivateBrowsingSession):

  • platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession):
(WebCore::NetworkStorageSession::defaultStorageSession):
(WebCore::NetworkStorageSession::createPrivateBrowsingSession):
(WebCore::NetworkStorageSession::switchToNewTestingSession):
(WebCore::NetworkStorageSession::soupNetworkSession):

Source/WebKit/mac:

  • WebCoreSupport/WebFrameNetworkingContext.mm:

(WebFrameNetworkingContext::ensurePrivateBrowsingSession):
Pass a SessionID to NetworkStorageSession::createPrivateBrowsingSession().

Source/WebKit/win:

  • WebCoreSupport/WebFrameNetworkingContext.cpp:

(WebFrameNetworkingContext::ensurePrivateBrowsingSession):
Pass a SessionID to NetworkStorageSession::createPrivateBrowsingSession().

Source/WebKit2:

The issue was that NSURLSessionDataTasks can continue to invoke their NSURLSession's delegate methods
after -[NSURLSession invalidateAndCancel] is called. So, when the NetworkSession was destroyed, and
still had outstanding data tasks, the session delegate would get called, try to use the session, and
crash. To fix this I:

  • Made NetworkSession RefCounted.
  • Gave NetworkSession two delegates, one for each NSURLSession.
  • Made each delegate have a strong reference to the NetworkSession that gets cleared out in the newly implemented URLSession:didBecomeInvalidWithError: method.
  • Changed from simply destroying the NetworkSession in SessionTracker::destroySession(), to derefing it and explicitly calling invalidateAndCancel on the two associated NSURLSessions (which in turn eventually cause the URLSession:didBecomeInvalidWithError: to fire).
  • To ensure the correct lifetime of the WebCore::NetworkStorageSession, I made it a member of the NetworkSession. This also allowed some simplification inside SessionTracker.
  • NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTask::setPendingDownload):
(WebKit::NetworkDataTask::pendingDownloadLocation):

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad):

  • NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::sessionID):

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::~NetworkDataTask):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate initWithNetworkSession:]):
(-[WKNetworkSessionDelegate URLSession:didBecomeInvalidWithError:]):
(WebKit::NetworkSession::setCustomProtocolManager):
(WebKit::NetworkSession::create):
(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::invalidateAndCancel):
(WebKit::NetworkSession::networkStorageSession):
(WebKit::NetworkSession::clearCredentials):

  • NetworkProcess/mac/RemoteNetworkingContext.mm:

(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession):

  • Shared/SessionTracker.cpp:

(WebKit::identifierBase):
(WebKit::SessionTracker::getIdentifierBase):
(WebKit::SessionTracker::setIdentifierBase):
(WebKit::staticSessionMap):
(WebKit::SessionTracker::networkSession):
(WebKit::SessionTracker::storageSession):
(WebKit::staticStorageSessionMap):
(WebKit::SessionTracker::sessionID):
(WebKit::SessionTracker::setSession):
(WebKit::SessionTracker::destroySession):
(WebKit::SessionTracker::forEachNetworkStorageSession):
(WebKit::storageSessionToID): Deleted.
(WebKit::SessionTracker::storageSessionMap): Deleted.

  • Shared/SessionTracker.h:
  • WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:

(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):
(WebKit::WebFrameNetworkingContext::setCookieAcceptPolicyForAllContexts):
(WebKit::WebFrameNetworkingContext::localFileContentSniffingEnabled):
(WebKit::WebFrameNetworkingContext::scheduledRunLoopPairs):

  • WebProcess/WebCoreSupport/soup/WebFrameNetworkingContext.cpp:

(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):
(WebKit::WebFrameNetworkingContext::setCookieAcceptPolicyForAllContexts):
(WebKit::WebFrameNetworkingContext::WebFrameNetworkingContext):

12:51 PM Changeset in webkit [198082] by jonlee@apple.com
  • 2 edits in trunk/Source/WebCore

getUserMedia requests from the main frame should be treated the same as requests from an iframe with the same origin
https://bugs.webkit.org/show_bug.cgi?id=155405
<rdar://problem/25131007>

Reviewed by Eric Carlson.

When gUM is called from the main frame, or from a subframe with the same origin, the
top level document origin should be the same.

  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::userMediaDocumentOrigin): Reverse the logic so that it is similar
to topLevelDocumentOrigin.
(WebCore::UserMediaRequest::topLevelDocumentOrigin): Return the top origin always.

12:02 PM Changeset in webkit [198081] by ddkilzer@apple.com
  • 4 edits in trunk/Source

REGRESSION (r198079): Windows build broke because of "%PRId64" format specifier

Source/WebCore:

  • platform/network/ParsedContentRange.cpp: Add #include

<wtf/StdLibExtras.h> and remove local definition of "PRId64".

Source/WTF:

This fixes the following build failure in WebCore for Windows:

C:\Source\WebCore\page\DOMTimer.cpp(396): error C2146: syntax error: missing ')' before identifier 'PRId64' [C:\WebKitBuild\Debug\Source\WebCore\WebCore.vcxproj]
C:\Source\WebCore\page\DOMTimer.cpp(399): error C2146: syntax error: missing ')' before identifier 'PRId64' [C:\WebKitBuild\Debug\Source\WebCore\WebCore.vcxproj]

  • wtf/StdLibExtras.h: Define "PRId64" for Windows here so it may

be shared. This should fix DOMTimer.cpp after r198079 since it
already includes StdLibExtras.h.

8:46 AM Changeset in webkit [198080] by mark.lam@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

http://kangax.github.io/compat-table/esnext/ crashes reliably.
https://bugs.webkit.org/show_bug.cgi?id=155404

Reviewed by Yusuke Suzuki.

constructObjectFromPropertyDescriptor() was incorrectly assuming that either
both getter and setter will be set or unset. It did not consider that only one
of the getter or setter may be set. This patch fixes that.

  • runtime/ObjectConstructor.h:

(JSC::constructObjectFromPropertyDescriptor):

  • tests/stress/proxy-with-unbalanced-getter-setter.js: Added.

(assert):
(let.handler.defineProperty):
(i.):
(i.assert):
(i.get assert):
(set assert):

7:46 AM Changeset in webkit [198079] by jh718.park@samsung.com
  • 2 edits in trunk/Source/WebCore

[EFL] Fix debug build error since r197690. Unreviewed.
https://bugs.webkit.org/show_bug.cgi?id=155408

Unreviewed. Change %lld to %PRId instead to correct the error below.
error: format ‘%lld’ expects argument of type ‘long long int’,
but argument 5 has type ‘std::chrono::duration<long int, std::ratio<1l, 1000l> >::rep
{aka long int}’ [-Werror=format=]

  • page/DOMTimer.cpp:

(WebCore::DOMTimer::updateTimerIntervalIfNecessary):

Note: See TracTimeline for information about the timeline view.