Timeline



Apr 13, 2016:

11:37 PM Changeset in webkit [199531] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

Unreviewed. Fix GObject DOM bindings API break after r199392.

Since r199392 webkit_dom_attr_set_value() no longer raises exceptions, but we need to keep the GError parameter
to keep backwards compatibility.

  • bindings/scripts/CodeGeneratorGObject.pm:

(FunctionUsedToRaiseException):

10:56 PM Changeset in webkit [199530] by achristensen@apple.com
  • 5 edits in trunk

CMake MiniBrowser should be an app bundle
https://bugs.webkit.org/show_bug.cgi?id=156521

Reviewed by Brent Fulgham.

Source/JavaScriptCore:

  • PlatformMac.cmake:

Unreviewed build fix. Define STDC_WANT_LIB_EXT1 so we can find memset_s.

Tools:

  • MiniBrowser/mac/CMakeLists.txt:

Make an app bundle and compile nibs.

  • MiniBrowser/mac/Info.plist:

CMake doesn't know what to do with :rfc1034identifier and there's no reason to keep it. This is just MiniBrowser.

9:59 PM Changeset in webkit [199529] by commit-queue@webkit.org
  • 6 edits in trunk

JSContext Inspector: Improve Class instances and JSC API Exported Values view in Console / ObjectTree
https://bugs.webkit.org/show_bug.cgi?id=156566
<rdar://problem/16392365>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-13
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

  • inspector/InjectedScriptSource.js:

(InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
Treat non-basic object types as not lossless so they can be expanded.
Show non-enumerable native getters in Object previews.

LayoutTests:

  • inspector/console/console-table-expected.txt:
  • inspector/model/remote-object.html:
  • platform/mac/inspector/model/remote-object-expected.txt:

More values are treated as not-lossless and therefore expandable.

8:21 PM Changeset in webkit [199528] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r199401): Internal builds of Safari hang on launch
https://bugs.webkit.org/show_bug.cgi?id=156545
<rdar://problem/25697779>

As pointed out by Darin Adler, remove RELEASE_ASSERT() that I inadvertently left in
WebCore::secCodeForProcess() as part of r199504. For now, we handle
SecCodeCopyGuestWithAttributes() returning an error. In a subsequent commit we will
look to re-introduce the use of a RELEASE_ASSERT() to enforce the invariant that
SecCodeCopyGuestWithAttributes() returns a success status.

  • Shared/mac/CodeSigning.mm:

(WebKit::secCodeForProcess):

7:39 PM Changeset in webkit [199527] by dbates@webkit.org
  • 3 edits
    16 adds in trunk

CSP: Nested browsing context created for <object> or <embed> should respect object-src directive
https://bugs.webkit.org/show_bug.cgi?id=156563
<rdar://problem/25715713>

Reviewed by Darin Adler.

Source/WebCore:

As per section object-src of the Content Security Policy Level 2 spec.,
<https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), a nested browsing
context created for an HTML object or HTML embed element should respect the object-src directive.

Currently a nested browsing context created for an HTML object or HTML embed element respects
the child-src directive or frame-src directive (in that order). Instead such nested browsing
contexts should respect the object-src directive.

Tests: http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src.html

http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src.html
http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src.html
http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src.html
http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src.html
http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src.html
http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src.html
http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src.html

  • loader/PolicyChecker.cpp:

(WebCore::isAllowedByContentSecurityPolicy): Added. Checks whether the specified URL is allowed by the
object-src or the child-src/frame-src directive for a plugin element and non-plugin element, respectively.
(WebCore::PolicyChecker::checkNavigationPolicy): Modified to call isAllowedByContentSecurityPolicy().

LayoutTests:

Add tests to ensure that nested browsing context created for <object> and <embed> respect
the object-src directive.

  • http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src.html: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src.html: Added.
7:35 PM Changeset in webkit [199526] by dbates@webkit.org
  • 1 edit
    2 deletes in trunk/LayoutTests

CSP: Remove duplicate test meta-outside-head.html
https://bugs.webkit.org/show_bug.cgi?id=156556

Reviewed by Brent Fulgham.

It is unnecessary to keep the test http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html as
the functionality it exercises is covered by test http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html.
The output of the latter test better conveys the purpose of the test and how to interpret its result than
the former.

  • http/tests/security/contentSecurityPolicy/1.1/meta-outside-head-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html: Removed.
7:29 PM Changeset in webkit [199525] by dbates@webkit.org
  • 179 edits
    63 deletes in trunk

CSP: Remove experimental directive reflected-xss
https://bugs.webkit.org/show_bug.cgi?id=156554

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy directive reflected-xss was removed from the Content Security
Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015).
This directive was considered experimental and was guarded by a run-time flag that was never
enabled by default. We should remove support for this directive.

  • html/parser/XSSAuditor.cpp:

(WebCore::XSSAuditor::XSSAuditor): Initialize m_xssProtection to XSSProtectionDisposition::Enabled.
(WebCore::XSSAuditor::init): Write logic in terms of enum class XSSProtectionDisposition.
(WebCore::XSSAuditor::filterToken): Ditto.
(WebCore::combineXSSProtectionHeaderAndCSP): Deleted.

  • html/parser/XSSAuditor.h: Change data type of m_xssProtection from ContentSecurityPolicy::ReflectedXSSDisposition

to XSSProtectionDisposition.

  • html/parser/XSSAuditorDelegate.cpp: Ditto.

(WebCore::buildConsoleError): Remove logic to emit a remarks in the console error when a XSS is
blocked because of the directive reflected-xss. Also substituted "because" for "as" in the remark
added to the error message when the XSS Auditor is enabled because the server did not send HTTP
header X-XSS-Protection.

  • html/parser/XSSAuditorDelegate.h:

(WebCore::XSSInfo::XSSInfo): Removed argument didSendCSPHeader as we are removing support for the
directive reflected-xss.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reflectedXSSDisposition): Deleted.
(WebCore::ContentSecurityPolicy::reportInvalidReflectedXSS): Deleted.

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList): Remove initialization
of m_reflectedXSSDisposition as we are removing support for the directive reflected-xss.
(WebCore::ContentSecurityPolicyDirectiveList::parseReflectedXSS): Deleted.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Remove logic to parse directive reflected-xss.

  • page/csp/ContentSecurityPolicyDirectiveList.h:

(WebCore::ContentSecurityPolicyDirectiveList::reflectedXSSDisposition): Deleted.

  • page/csp/ContentSecurityPolicyDirectiveNames.cpp:
  • page/csp/ContentSecurityPolicyDirectiveNames.h:
  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::isCSPDirectiveName):
(WebCore::isExperimentalDirectiveName): Deleted.

  • platform/network/HTTPParsers.cpp:

(WebCore::parseXSSProtectionHeader): Write it terms of enum class XSSProtectionDisposition.

  • platform/network/HTTPParsers.h: Define enum class XSSProtectionDisposition. Change return type

of parseXSSProtectionHeader() from ContentSecurityPolicy::ReflectedXSSDisposition to XSSProtectionDisposition
as we are removing the former.

LayoutTests:

Remove tests for directive reflected-xss and update the expected results of existing XSS Auditor tests
to reflect the change made to the wording of the error message emitted when an XSS attack is blocked.

  • fast/frames/xss-auditor-handles-file-urls-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html: Removed.
  • http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js: Removed.
  • http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt:
  • http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt:
  • http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char-expected.txt:
  • http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt:
  • http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt:
  • http/tests/security/xssAuditor/base-href-control-char-expected.txt:
  • http/tests/security/xssAuditor/base-href-expected.txt:
  • http/tests/security/xssAuditor/base-href-null-char-expected.txt:
  • http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
  • http/tests/security/xssAuditor/cookie-injection-expected.txt:
  • http/tests/security/xssAuditor/dom-write-URL-expected.txt:
  • http/tests/security/xssAuditor/dom-write-location-expected.txt:
  • http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt:
  • http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-in-path-unterminated-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
  • http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
  • http/tests/security/xssAuditor/form-action-expected.txt:
  • http/tests/security/xssAuditor/formaction-on-button-expected.txt:
  • http/tests/security/xssAuditor/formaction-on-input-expected.txt:
  • http/tests/security/xssAuditor/frameset-injection-expected.txt:
  • http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt:
  • http/tests/security/xssAuditor/get-from-iframe-expected.txt:
  • http/tests/security/xssAuditor/iframe-injection-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt:
  • http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt:
  • http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt:
  • http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt:
  • http/tests/security/xssAuditor/iframe-srcdoc-expected.txt:
  • http/tests/security/xssAuditor/iframe-srcdoc-property-blocked-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-non-ASCII-char-default-encoding-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-default-encoding-expected.txt:
  • http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt:
  • http/tests/security/xssAuditor/img-tag-with-comma-expected.txt:
  • http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-HTML-entities-control-char-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-HTML-entities-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-HTML-entities-named-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-HTML-entities-null-char-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-ampersand-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-control-char-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-null-char-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-one-plus-one-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-url-encoded-expected.txt:
  • http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt:
  • http/tests/security/xssAuditor/link-onclick-control-char-expected.txt:
  • http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
  • http/tests/security/xssAuditor/link-onclick-expected.txt:
  • http/tests/security/xssAuditor/link-onclick-null-char-expected.txt:
  • http/tests/security/xssAuditor/link-opens-new-window-expected.txt:
  • http/tests/security/xssAuditor/malformed-HTML-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt:
  • http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt:
  • http/tests/security/xssAuditor/meta-tag-http-refresh-javascript-url-expected.txt:
  • http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
  • http/tests/security/xssAuditor/object-embed-tag-expected.txt:
  • http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
  • http/tests/security/xssAuditor/object-tag-expected.txt:
  • http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
  • http/tests/security/xssAuditor/open-attribute-body-expected.txt:
  • http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt:
  • http/tests/security/xssAuditor/open-iframe-src-01-expected.txt:
  • http/tests/security/xssAuditor/open-iframe-src-02-expected.txt:
  • http/tests/security/xssAuditor/open-iframe-src-03-expected.txt:
  • http/tests/security/xssAuditor/open-script-src-01-expected.txt:
  • http/tests/security/xssAuditor/open-script-src-02-expected.txt:
  • http/tests/security/xssAuditor/open-script-src-03-expected.txt:
  • http/tests/security/xssAuditor/open-script-src-04-expected.txt:
  • http/tests/security/xssAuditor/post-from-iframe-expected.txt:
  • http/tests/security/xssAuditor/property-escape-comment-01-expected.txt:
  • http/tests/security/xssAuditor/property-escape-comment-02-expected.txt:
  • http/tests/security/xssAuditor/property-escape-comment-03-expected.txt:
  • http/tests/security/xssAuditor/property-escape-entity-01-expected.txt:
  • http/tests/security/xssAuditor/property-escape-entity-02-expected.txt:
  • http/tests/security/xssAuditor/property-escape-entity-03-expected.txt:
  • http/tests/security/xssAuditor/property-escape-expected.txt:
  • http/tests/security/xssAuditor/property-escape-long-expected.txt:
  • http/tests/security/xssAuditor/property-escape-quote-01-expected.txt:
  • http/tests/security/xssAuditor/property-escape-quote-02-expected.txt:
  • http/tests/security/xssAuditor/property-escape-quote-03-expected.txt:
  • http/tests/security/xssAuditor/reflection-in-path-expected.txt:
  • http/tests/security/xssAuditor/resources/echo-intertag.pl:
  • http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode-expected.txt:
  • http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt:
  • http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt:
  • http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt:
  • http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt:
  • http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt:
  • http/tests/security/xssAuditor/script-tag-control-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-convoluted-expected.txt:
  • http/tests/security/xssAuditor/script-tag-entities-expected.txt:
  • http/tests/security/xssAuditor/script-tag-expected.txt:
  • http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt:
  • http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt:
  • http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt:
  • http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt:
  • http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
  • http/tests/security/xssAuditor/script-tag-null-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-post-expected.txt:
  • http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode2-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode3-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode4-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt:
  • http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt:
  • http/tests/security/xssAuditor/svg-animate-expected.txt:
  • http/tests/security/xssAuditor/svg-script-tag-expected.txt:
  • http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt:
  • http/tests/security/xssAuditor/xss-filter-bypass-long-string-expected.txt:
  • http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt:
5:54 PM Changeset in webkit [199524] by beidson@apple.com
  • 37 edits in trunk/Source

Modern IDB (Blob support): Support retrieving Blobs from IDB.
https://bugs.webkit.org/show_bug.cgi?id=156367

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No testable change in behavior yet, current tests pass).

This patch does the following:

  • Pulls BlobURLs and stored filenames out of IDB whenever an IDB record is fetched.
  • Adds those URLs and filenames to IDBValue.
  • Uses IDBValue in more places instead of SharedBuffer/ThreadSafeBuffer.
  • Teaches SerializedScriptValue, Blob, and File how to read the URLs and filenames when they exist.
  • Teaches the Blob registry to register a new type of Blob that is not a "File" but is backed by one.
  • Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::setGetResult):

  • Modules/indexeddb/IDBGetResult.h:

(WebCore::IDBGetResult::IDBGetResult):

  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::setResultToStructuredClone):

  • Modules/indexeddb/IDBRequest.h:
  • Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::didGetRecordOnServer):

  • Modules/indexeddb/IDBValue.cpp:

(WebCore::IDBValue::IDBValue):

  • Modules/indexeddb/IDBValue.h:
  • Modules/indexeddb/server/MemoryIndexCursor.cpp:

(WebCore::IDBServer::MemoryIndexCursor::currentData):

  • Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:

(WebCore::IDBServer::MemoryObjectStoreCursor::currentData):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::getBlobRecordsForObjectStoreRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.h:
  • Modules/indexeddb/server/SQLiteIDBCursor.cpp:

(WebCore::IDBServer::SQLiteIDBCursor::currentData):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

  • Modules/indexeddb/server/SQLiteIDBCursor.h:

(WebCore::IDBServer::SQLiteIDBCursor::currentValue):
(WebCore::IDBServer::SQLiteIDBCursor::currentValueBuffer): Deleted.

  • Modules/indexeddb/server/SQLiteIDBTransaction.h:

(WebCore::IDBServer::SQLiteIDBTransaction::backingStore):

  • Modules/websockets/WorkerThreadableWebSocketChannel.cpp:

(WebCore::WorkerThreadableWebSocketChannel::Bridge::send):

  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::deserializeIDBValueDataToJSValue):
(WebCore::deserializeIDBValueData):
(WebCore::deserializeIDBValue):

  • bindings/js/IDBBindingUtilities.h:
  • bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::CloneDeserializer):
(WebCore::CloneDeserializer::readFile):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::CloneDeserializer::blobFilePathForBlobURL):
(WebCore::SerializedScriptValue::deserialize):

  • bindings/js/SerializedScriptValue.h:
  • fileapi/Blob.cpp:

(WebCore::Blob::Blob):

  • fileapi/Blob.h:

(WebCore::Blob::deserialize):

  • fileapi/File.cpp:

(WebCore::File::File):

  • fileapi/ThreadableBlobRegistry.cpp:

(WebCore::threadableQueue):
(WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked):

  • fileapi/ThreadableBlobRegistry.h:
  • platform/CrossThreadTask.h:

(WebCore::createCrossThreadTask):

  • platform/network/BlobRegistry.h:
  • platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::registerBlobURL):
(WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):

  • platform/network/BlobRegistryImpl.h:

Source/WebKit2:

  • NetworkProcess/FileAPI/NetworkBlobRegistry.cpp:

(WebKit::NetworkBlobRegistry::registerBlobURLOptionallyFileBacked):

  • NetworkProcess/FileAPI/NetworkBlobRegistry.h:
  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::registerBlobURLOptionallyFileBacked):

  • NetworkProcess/NetworkConnectionToWebProcess.h:
  • NetworkProcess/NetworkConnectionToWebProcess.messages.in:
  • WebProcess/FileAPI/BlobRegistryProxy.cpp:

(WebKit::BlobRegistryProxy::registerBlobURLOptionallyFileBacked):

  • WebProcess/FileAPI/BlobRegistryProxy.h:
5:47 PM Changeset in webkit [199523] by msaboff@apple.com
  • 7 edits in trunk

Some tests fail with ES6 u (Unicode) flag for regular expressions
https://bugs.webkit.org/show_bug.cgi?id=151597

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Added two new tables to handle the anomolies of \w and \W CharacterClassEscapes
when specified in RegExp's with both the unicode and ignoreCase flags. Given the
case folding rules described in the standard vie the meta function Canonicalize(),
which allow cross ASCII case folding when unicode is specified, the unicode characters
\u017f (small sharp s) and \u212a (kelvin symbol) are part of the \w (word) characterClassEscape.
This is true because they case fold to 's' and 'k' respectively. Because they case fold
to lower case letters, the corresponding letters, 'k', 'K', 's' and 'S', are also matched with
\W with the unicode and ignoreCase flags.

  • create_regex_tables:
  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPatternConstructor::atomBuiltInCharacterClass):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
(JSC::Yarr::YarrPattern::YarrPattern):

  • yarr/YarrPattern.h:

(JSC::Yarr::YarrPattern::wordcharCharacterClass):
(JSC::Yarr::YarrPattern::wordUnicodeIgnoreCaseCharCharacterClass):
(JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
(JSC::Yarr::YarrPattern::nonwordUnicodeIgnoreCaseCharCharacterClass):

LayoutTests:

Updated tests.

  • js/regexp-unicode-expected.txt:
  • js/script-tests/regexp-unicode.js:
5:42 PM Changeset in webkit [199522] by bshafiei@apple.com
  • 5 edits in branches/safari-601-branch/Source

Versioning.

5:14 PM Changeset in webkit [199521] by Chris Dumez
  • 7 edits
    5 adds in trunk

We should not speculatively revalidate cached redirects
https://bugs.webkit.org/show_bug.cgi?id=156548
<rdar://problem/25583886>

Reviewed by Darin Adler.

Source/WebKit2:

Stop speculatively revalidating cached redirects. This matches matches
the behavior in NetworkCache's makeUseDecision() which reuses cached
redirects only if they do not need revalidation.

This was breaking fonts.css loading on stripe.com because the
SpeculativeLoadManager would wrongly speculatively revalidate the
redirect and then serve a 302 response the NetworkResourceLoader
when the actual request came in. This would cause us to not follow
the redirect.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::willSendRedirectedRequest):
Abort the speculative load if it hits a redirect. This is the safe thing
to do in this case, as we are supposed to do a hand-shake with WebCore
in such case.

(WebKit::NetworkCache::SpeculativeLoad::didReceiveResponse):
Let successful validations fall through instead of calling didComplete()
early. This matches what is not in NetworkResourceLoader. This way,
didFinishLoading() ends up getting called for both successful and
unsuccessful (i.e. did not return a 302 status code) network validation.

(WebKit::NetworkCache::SpeculativeLoad::didFinishLoading):

  • Stop dealing with redirects as we abort the load as soon as we hit a redirect now.
  • Stop asserting that m_cacheEntryForValidation is null now that this is called for successful validations as well.

(WebKit::NetworkCache::SpeculativeLoad::abort):
New method that aborts the network loads, calls the completion handler
and clean up. It is called in the case we hit a redirect while
revalidating.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:

Drop m_redirectChainCacheStatus member as we no longer deal with
redirects.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
If the resource needs revalidation AND is a cached redirect, then do not
use it. This matches what is done in NetworkCache's makeUseDecision().

Tools:

Re-enable speculative loading in the context of layout tests. This was
turned off by mistake when speculative loading was turned into a
setting recently.

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::generatePageConfiguration):

LayoutTests:

Add layout test to make sure that speculative loading does not break
redirects. This replicates the issue seen with fonts.css on stripe.com.

  • http/tests/cache/disk-cache/speculative-validation/cacheable-redirect-expected.txt: Added.
  • http/tests/cache/disk-cache/speculative-validation/cacheable-redirect.html: Added.
  • http/tests/cache/disk-cache/speculative-validation/resources/cacheable-redirect-frame.php: Added.
  • http/tests/cache/disk-cache/speculative-validation/resources/css-to-revalidate.php: Added.
  • http/tests/cache/disk-cache/speculative-validation/resources/redirect-to-css.php: Added.
5:13 PM Changeset in webkit [199520] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.6.16

New tag.

5:13 PM Changeset in webkit [199519] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.6.15

New tag.

3:58 PM Changeset in webkit [199518] by commit-queue@webkit.org
  • 2 edits in trunk

FindWebP should not be misguided by pkg-config when cross-compiling.
https://bugs.webkit.org/show_bug.cgi?id=156544

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-04-13
Reviewed by Michael Catanzaro.

We should use pkg-config output only as a hint, like other modules do.

  • Source/cmake/FindWebP.cmake:
3:45 PM Changeset in webkit [199517] by beidson@apple.com
  • 2 edits in trunk/Source/WebKit2

Modern IDB: NetworkProcessConnection::didClose needs to have a self ref.
<rdar://problem/25700864> and https://bugs.webkit.org/show_bug.cgi?id=156559

Reviewed by Alex Christensen.

  • WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::didClose): Self ref to protect this.

3:11 PM Changeset in webkit [199516] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Text on compositing layer with negative letter-spacing is truncated.
https://bugs.webkit.org/show_bug.cgi?id=156550
<rdar://problem/24212140>

Reviewed by Antti Koivisto.

Negative letter-spacing affects the right edge of content's visual overflow (for both RTL and LTR).
This is similar to how normal line layout adjusts it at InlineFlowBox::addTextBoxVisualOverflow().

Source/WebCore:

Test: fast/text/negative-letter-spacing-visual-overflow.html

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::computeOverflow):
(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

  • fast/text/negative-letter-spacing-visual-overflow-expected.html: Added.
  • fast/text/negative-letter-spacing-visual-overflow.html: Added.
3:09 PM Changeset in webkit [199515] by eric.carlson@apple.com
  • 3 edits
    2 adds in trunk

[iOS] remote command should be considered user events
https://bugs.webkit.org/show_bug.cgi?id=156546
<rdar://problem/25560877>

Reviewed by Jer Noble.

Source/WebCore:

Test: media/remote-control-command-is-user-gesture.html

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::didReceiveRemoteControlCommand): Increment/decrement

m_processingRemoteControlCommand around calling remote command method.

(WebCore::HTMLMediaElement::processingUserGesture): Return true if called while handling

a remote control command.

  • html/HTMLMediaElement.h:

LayoutTests:

  • media/remote-control-command-is-user-gesture-expected.txt: Added.
  • media/remote-control-command-is-user-gesture.html: Added.
3:02 PM Changeset in webkit [199514] by commit-queue@webkit.org
  • 40 edits
    74 deletes in trunk

Unreviewed, rolling out r199502 and r199511.
https://bugs.webkit.org/show_bug.cgi?id=156557

Appears to have in-browser perf regression (Requested by mlam
on #webkit).

Reverted changesets:

"ES6: Implement String.prototype.split and
RegExp.prototype[@@split]."
https://bugs.webkit.org/show_bug.cgi?id=156013
http://trac.webkit.org/changeset/199502

"ES6: Implement RegExp.prototype[@@search]."
https://bugs.webkit.org/show_bug.cgi?id=156331
http://trac.webkit.org/changeset/199511

1:49 PM Changeset in webkit [199513] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

isJSArray should use ArrayType rather than the ClassInfo
https://bugs.webkit.org/show_bug.cgi?id=156551

Reviewed by Filip Pizlo.

Using the JSType rather than the ClassInfo should be slightly faster
since the type is inline on the cell whereas the ClassInfo is only
on the structure.

  • runtime/JSArray.h:

(JSC::isJSArray):

1:40 PM Changeset in webkit [199512] by tonikitoo@webkit.org
  • 7 edits
    4 adds in trunk

Non-resizable text field looks resizable
https://bugs.webkit.org/show_bug.cgi?id=152271

Reviewed by Darin Adler.

Source/WebCore:

The 'resizability' of an HTML element is controlled by its 'resize' CSS property value.
By default it is 'none', but certain HTML elements, including <textarea>, have it
set to 'both' by default (defined in html.css). These values mean no resize at all, and
resizable in both vertical and horizontal axis, respectively.
Additionally, 'vertical' and 'horizontal' values are also valid.

Problem here is that the way WebKit handles the 'resize' property on single line
input elements (e.g. <input>) is different than other engines (read Gecko, Blink and Presto):

  • Match: WebKit, Firefox, Presto and Blink all force single line input elements to be non-resizable,

regardless of either the 'resize' properly is set or not.

  • Mismatch: WebKit is the only engine that actually paints the resize control on single line

input elements, even it having no effect.

On WebKit, this happens because the 'resize' property is wrongly implemented as 'inheritable',
differently from other engines. In the way WebKit contructs its RenderTree, 'resize' property
ends up spilling out of <input> and entering its shadow representation, carrying the 'resize'
property on.

Patch fixes this by making the 'resize' properly be non-inherited, matching other vendors
and the spec [1].

[1] https://drafts.csswg.org/css-ui/#resize

Tests: fast/css/resize-not-inherited.html

fast/css/resize-single-line-input-no-paint.html

  • rendering/style/RenderStyle.h:
  • rendering/style/StyleRareInheritedData.cpp:

(WebCore::StyleRareInheritedData::StyleRareInheritedData):
(WebCore::StyleRareInheritedData::operator==):

  • rendering/style/StyleRareInheritedData.h:
  • rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):

  • rendering/style/StyleRareNonInheritedData.h:

LayoutTests:

  • fast/css/resize-not-inherited-expected.html: Added.
  • fast/css/resize-not-inherited.html: Added.
  • fast/css/resize-single-line-input-no-paint-expected.html: Added.
  • fast/css/resize-single-line-input-no-paint.html: Added.
1:00 PM Changeset in webkit [199511] by mark.lam@apple.com
  • 27 edits
    18 adds in trunk

ES6: Implement RegExp.prototype[@@search].
https://bugs.webkit.org/show_bug.cgi?id=156331

Reviewed by Keith Miller.

Source/JavaScriptCore:

What changed?

  1. Implemented search builtin in RegExpPrototype.js. The native path is now used as a fast path.
  2. Added DFG support for an IsRegExpObjectIntrinsic (modelled after the IsJSArrayIntrinsic).
  3. Renamed @isRegExp to @isRegExpObject to match the new IsRegExpObjectIntrinsic.
  4. Change the esSpecIsRegExpObject() implementation to check if the object's JSType is RegExpObjectType instead of walking the classinfo chain.
  • builtins/RegExpPrototype.js:

(search):

  • builtins/StringPrototype.js:

(search):

  • fixed some indentation.
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileIsRegExpObject):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileIsRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::isExoticForTypeof):
(JSC::FTL::DFG::LowerDFGToB3::isRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::isType):

  • runtime/Intrinsic.h:
  • Added IsRegExpObjectIntrinsic.
  • runtime/CommonIdentifiers.h:
  • runtime/ECMAScriptSpecInternalFunctions.cpp:

(JSC::esSpecIsConstructor):

  • Changed to use uncheckedArgument since this is only called from internal code.

(JSC::esSpecIsRegExpObject):
(JSC::esSpecIsRegExp): Deleted.

  • runtime/ECMAScriptSpecInternalFunctions.h:
  • Changed to check the object for a JSType of RegExpObjectType.
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • Added split fast path.
  • runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncSearchFast):
(JSC::regExpProtoFuncSearch): Deleted.

  • runtime/RegExpPrototype.h:
  • tests/es6.yaml:
  • tests/stress/regexp-search.js:
  • Rebased test.

LayoutTests:

  • js/regress/regexp-prototype-search-observable-side-effects-expected.txt: Added.
  • js/regress/regexp-prototype-search-observable-side-effects.html: Added.
  • js/regress/regexp-prototype-search-observable-side-effects2-expected.txt: Added.
  • js/regress/regexp-prototype-search-observable-side-effects2.html: Added.
  • js/regress/script-tests/regexp-prototype-search-observable-side-effects.js: Added.
  • js/regress/script-tests/regexp-prototype-search-observable-side-effects2.js: Added.
  • js/regress/script-tests/string-prototype-search-observable-side-effects.js: Added.
  • js/regress/script-tests/string-prototype-search-observable-side-effects2.js: Added.
  • js/regress/script-tests/string-prototype-search-observable-side-effects3.js: Added.
  • js/regress/script-tests/string-prototype-search-observable-side-effects4.js: Added.
  • js/regress/string-prototype-search-observable-side-effects-expected.txt: Added.
  • js/regress/string-prototype-search-observable-side-effects.html: Added.
  • js/regress/string-prototype-search-observable-side-effects2-expected.txt: Added.
  • js/regress/string-prototype-search-observable-side-effects2.html: Added.
  • js/regress/string-prototype-search-observable-side-effects3-expected.txt: Added.
  • js/regress/string-prototype-search-observable-side-effects3.html: Added.
  • js/regress/string-prototype-search-observable-side-effects4-expected.txt: Added.
  • js/regress/string-prototype-search-observable-side-effects4.html: Added.
12:35 PM Changeset in webkit [199510] by jiewen_tan@apple.com
  • 2 edits in trunk/LayoutTests

Mark fast/canvas/webgl/gl-teximage.html as flaky on Macs
https://bugs.webkit.org/show_bug.cgi?id=58766

Unreviewed test gardening.

  • platform/mac/TestExpectations:
12:07 PM Changeset in webkit [199509] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.28/Source/WebKit2

Merged r199504. rdar://problem/25697779

12:04 PM Changeset in webkit [199508] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

PolymorphicAccess::regenerate() shouldn't have to clone non-generated AccessCases
https://bugs.webkit.org/show_bug.cgi?id=156493

Reviewed by Geoffrey Garen.

Cloning AccessCases is only necessary if they hold some artifacts that are used by code that
they already generated. So, if the state is not Generated, we don't have to bother with
cloning them.

This should speed up PolymorphicAccess regeneration a bit more.

  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::commit):
(JSC::PolymorphicAccess::regenerate):

11:52 AM Changeset in webkit [199507] by jiewen_tan@apple.com
  • 2 edits in trunk/LayoutTests

Mark imported/w3c/web-platform-tests/streams/readable-streams/general.https.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=155760

Unreviewed test gardening.

11:17 AM Changeset in webkit [199506] by jiewen_tan@apple.com
  • 2 edits in trunk/LayoutTests

Mark media/track/track-in-band-duplicate-tracks-when-source-changes.html as flaky on Yosemite
https://bugs.webkit.org/show_bug.cgi?id=124222

Unreviewed test gardening.

  • platform/mac/TestExpectations:
10:51 AM Changeset in webkit [199505] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

10:51 AM Changeset in webkit [199504] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r199401): Internal builds of Safari hang on launch
https://bugs.webkit.org/show_bug.cgi?id=156545
<rdar://problem/25697779>

Reviewed by Anders Carlsson.

For some reason SecCodeCopyGuestWithAttributes() is failing with an error in Apple Internal
Safari builds. For now, temporarily allow the failure while I investigate the cause in
<rdar://problem/25706517>.

  • Shared/mac/CodeSigning.mm:

(WebKit::secCodeForProcess): Log the failure with OSStatus code and return nullptr;
(WebKit::codeSigningIdentifierForProcess): Return a null string if secCodeForProcess() returns a nullptr.
This will cause us to treat affected Apple Internal Safari builds the same as we would treat
an unsigned or third-party signed app.

10:50 AM Changeset in webkit [199503] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.28

New tag.

10:44 AM Changeset in webkit [199502] by mark.lam@apple.com
  • 24 edits
    56 copies in trunk

ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Reviewed by Keith Miller.

Re-landing r199393 now that the shadow chicken crash has been fixed.

Source/JavaScriptCore:

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/GlobalObject.js:

(speciesConstructor):

  • builtins/PromisePrototype.js:
  • refactored to use the @speciesConstructor internal function.
  • builtins/RegExpPrototype.js:

(advanceStringIndex):

  • refactored from @advanceStringIndexUnicode() to be match the spec. Benchmarks show that there's no advantage in doing the unicode check outside of the advanceStringIndexUnicode part. So, I simplified the code to match the spec (especially since @@split needs to call advanceStringIndex from more than 1 location).

(match):

  • Removed an unnecessary call to @Object because it was already proven above.
  • Changed to use advanceStringIndex instead of advanceStringIndexUnicode. Again, there's no perf regression for this.

(regExpExec):
(hasObservableSideEffectsForRegExpSplit):
(split):
(advanceStringIndexUnicode): Deleted.

  • builtins/StringPrototype.js:

(split):

  • Modified to use RegExp.prototype[@@split].
  • bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):

  • bytecode/BytecodeIntrinsicRegistry.h:
  • Added the @@split symbol.
  • runtime/CommonIdentifiers.h:
  • runtime/ECMAScriptSpecInternalFunctions.cpp: Added.

(JSC::esSpecIsConstructor):
(JSC::esSpecIsRegExp):

  • runtime/ECMAScriptSpecInternalFunctions.h: Added.
  • runtime/JSGlobalObject.cpp:

(JSC::getGetterById):
(JSC::JSGlobalObject::init):

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setDescriptor):

  • Removed an assert that is no longer valid.
  • runtime/RegExpObject.h:
  • Made advanceStringUnicode() public so that it can be re-used by the regexp split fast path.
  • runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex):
(JSC::regExpProtoFuncSplitFast):

  • runtime/RegExpPrototype.h:
  • runtime/StringObject.h:

(JSC::jsStringWithReuse):
(JSC::jsSubstring):

  • Hoisted some utility functions from StringPrototype.cpp so that they can be reused by the regexp split fast path.
  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::builtinStringSubstrInternal):
(JSC::stringProtoFuncSubstring):
(JSC::stringIncludesImpl):
(JSC::stringProtoFuncIncludes):
(JSC::builtinStringIncludesInternal):
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
(JSC::stringProtoFuncSplit): Deleted.

  • runtime/StringPrototype.h:
  • tests/es6.yaml:

LayoutTests:

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/dom/string-prototype-properties-expected.txt:
  • js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects2.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-global.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects4.html: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Added.
  • js/regress/string-prototype-split-observable-side-effects-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects.html: Added.
  • js/regress/string-prototype-split-observable-side-effects2-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects2.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-flags.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-global.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-multiline.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-sticky.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-unicode.html: Added.
  • js/regress/string-prototype-split-observable-side-effects4-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects4.html: Added.
  • js/script-tests/Object-getOwnPropertyNames.js:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
10:37 AM Changeset in webkit [199501] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebKit2

Fix client certificate authentication with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=156527
<rdar://problem/25489156>

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-13
Reviewed by Darin Adler.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
We only want to use serverTrustCredential for ServerTrustEvaluation authentication challenges, not

  • Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
(WebKit::AuthenticationManager::useCredentialForSingleChallenge):

  • Shared/Authentication/AuthenticationManager.h:
  • Shared/Authentication/mac/AuthenticationManager.mac.mm:

(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
Don't use challenge.sender with NSURLSession, which requires callbacks instead.

10:13 AM Changeset in webkit [199500] by Darin Adler
  • 2 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from DataTransfer
https://bugs.webkit.org/show_bug.cgi?id=156495

Reviewed by Chris Dumez.

  • dom/DataTransfer.idl: Removed UsePointersEvenForNonNullableObjectArguments

and marked the element argument to setDragImage as nullable.

9:35 AM WebKitGTK/StableRelease edited by Andres Gomez
(diff)
9:28 AM Changeset in webkit [199499] by beidson@apple.com
  • 5 edits in trunk/Source/WebCore

Modern IDB (Blob support): Support deleting stored blob files.
https://bugs.webkit.org/show_bug.cgi?id=156523

Reviewed by Alex Christensen.

No new tests (No testable change in behavior yet, current tests pass).

There's 3 points in time when we need to delete blob files (and records of them):
1 - When deleting a specific object store record.
2 - When deleting an entire object store.
3 - When deleting a whole database.

This patch does those three things.

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.h:
  • Modules/indexeddb/server/SQLiteIDBTransaction.cpp:

(WebCore::IDBServer::SQLiteIDBTransaction::commit):
(WebCore::IDBServer::SQLiteIDBTransaction::deleteBlobFilesIfNecessary):
(WebCore::IDBServer::SQLiteIDBTransaction::addRemovedBlobFile):

  • Modules/indexeddb/server/SQLiteIDBTransaction.h:
9:25 AM Changeset in webkit [199498] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

REGRESSION(r199444): Perf dashboard always fetches all measurement sets
https://bugs.webkit.org/show_bug.cgi?id=156534

Reviewed by Darin Adler.

The bug was cased by SummaryPage's constructor fetching all measurement sets. Since each page is always
constructed in main(), this resulted in all measurement sets being fetched on all pages.

  • public/v3/pages/summary-page.js:

(SummaryPage):
(SummaryPage.prototype.open): Fetch measurement set JSONs here.
(SummaryPage.prototype._createConfigurationGroup): Renamed from _createConfigurationGroupAndStartFetchingData.

9:16 AM Changeset in webkit [199497] by fred.wang@free.fr
  • 2 edits in trunk/Source/WebCore

Fix two coding mistakes in MathMLInlineContainerElement::childrenChanged
https://bugs.webkit.org/show_bug.cgi?id=156538

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-13
Reviewed by Darin Adler.

We fix the call to updateOperatorProperties inside MathMLInlineContainerElement::childrenChanged
for the <math> and <msqrt> tags.

The <math> tag is already a RenderMathMLRow so the hasTagName(mathTag)
conditional is never executed. The tag does not create any anonymous
wrapper so we do not need a special case for it anyway.

The <msqrt> tag is not a RenderMathMLRow (yet). However, the anonymous
wrapper behaving as a RenderMathMLRow is actually the last child, not
the first one.

No new tests, this is already covered by mathml/presentation/mo-form-dynamic.html
Note that for some reason the coding error for <msqrt> only shows up
after the refactoring of bug 152244.

  • mathml/MathMLInlineContainerElement.cpp:

(WebCore::MathMLInlineContainerElement::childrenChanged): Fix the two mistakes and add some FIXME comments.

9:10 AM Changeset in webkit [199496] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

ShadowChicken::visitChildren() should not visit tailMarkers and throwMarkers.
https://bugs.webkit.org/show_bug.cgi?id=156532

Reviewed by Saam Barati and Filip Pizlo.

ShadowChicken can store tailMarkers and throwMarkers in its log, specifically in
the callee field of a log packet. However, ShadowChicken::visitChildren()
unconditionally visits the callee field of each packet as if they are real
objects. If visitChildren() encounters one of these markers in the log, we get a
crash.

This crash was observed in the v8-v6/v8-regexp.js stress test running with shadow
chicken when r199393 landed. r199393 introduced tail calls to a RegExp split
fast path, and the v8-regexp.js test exercised this fast path a lot. Throw in
some timely GCs, and we get a crash party.

The fix is to have ShadowChicken::visitChildren() filter out the tailMarker and
throwMarker.

Alternatively, if perf is an issue, we can allocate 2 dedicated objects for
these markers so that ShadowChicken can continue to visit them. For now, I'm
going with the filter.

  • interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::visitChildren):

8:54 AM WebKitGTK/2.12.x edited by Carlos Garcia Campos
(diff)
8:53 AM Changeset in webkit [199495] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r199458 - Fix build in glibc-based BSD systems
https://bugs.webkit.org/show_bug.cgi?id=156533

Reviewed by Carlos Garcia Campos.

Change the order of the #elif conditionals so glibc-based BSD
systems (e.g. Debian GNU/kFreeBSD) use the code inside the
OS(FREEBSD) blocks.

  • heap/MachineStackMarker.cpp:

(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::Registers::framePointer):
(JSC::MachineThreads::Thread::Registers::instructionPointer):
(JSC::MachineThreads::Thread::Registers::llintPC):

8:53 AM Changeset in webkit [199494] by Carlos Garcia Campos
  • 4 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r199229 - AX: [ATK] Crash getting text under element in CSS table
https://bugs.webkit.org/show_bug.cgi?id=156328

Reviewed by Chris Fleizach.

Source/WebCore:

AccessibilityRenderObject::textUnderElement() assumes (and asserts) that
the first and last child of an anonymous block will each have nodes with
which to define positions. This is not the case for CSS Tables and their
anonymous descendants. AccessibilityNodeObject:textUnderElement() is our
fallback for the instances where a text range cannot be created based on
positions, so let it handle anonymous RenderTable parts.

Test: accessibility/generated-content-with-display-table-crash.html

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::textUnderElement):
(WebCore::AccessibilityRenderObject::shouldGetTextFromNode):

  • accessibility/AccessibilityRenderObject.h:

LayoutTests:

While this crash is currently seen only for ATK, there is nothing to
prevent another port from attempting to get all the text under a CSS
RenderTable. Hence the shared test.

  • accessibility/generated-content-with-display-table-crash.html: Added.
  • platform/gtk/accessibility/generated-content-with-display-table-crash-expected.txt: Added.
  • platform/mac/accessibility/generated-content-with-display-table-crash-expected.txt: Added.
8:51 AM Changeset in webkit [199493] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198945 - [JSC] Missing PATH_MAX definition
https://bugs.webkit.org/show_bug.cgi?id=156102

Reviewed by Yusuke Suzuki.

Not all systems define PATH_MAX, so add a fallback value that is
long enough.

  • jsc.cpp:
8:42 AM Changeset in webkit [199492] by Jon Davis
  • 1 edit in trunk/Websites/webkit.org/ChangeLog

Remove database quote escapes from pushed tweets.

Reviewed by Timothy Hatcher.

  • wp-content/plugins/tweet-listener.php:
8:42 AM Changeset in webkit [199491] by Jon Davis
  • 2 edits in trunk/Websites/webkit.org

Remove database quote escapes.

Reviewed by Timothy Hatcher.

  • wp-content/plugins/tweet-listener.php:
8:28 AM Changeset in webkit [199490] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WTF

Merge r199366 - S390X and PPC64 architectures detection is wrong
https://bugs.webkit.org/show_bug.cgi?id=156337

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Carlos Garcia Campos.

After the http://trac.webkit.org/changeset/198919 was committed
it showed that the PPC64 detection is wrong as the CPU(PPC) path was
activated even for PPC64. The thing is that GCC defines ppc
even on PPC64 and not just on PPC(32). The same applies for S390X.

  • wtf/Platform.h:
8:28 AM WebKitGTK/2.12.x edited by Carlos Garcia Campos
(diff)
8:18 AM Changeset in webkit [199489] by Carlos Garcia Campos
  • 5 edits
    11 adds in releases/WebKitGTK/webkit-2.12

Merge r199087 - MessageEvent.source window is incorrect once window has been reified
https://bugs.webkit.org/show_bug.cgi?id=156227
<rdar://problem/25545831>

Reviewed by Mark Lam.

Source/WebCore:

MessageEvent.source window was incorrect once window had been reified.

If the Window had not been reified, we kept constructing new
postMessage() functions when calling window.postMessage(). We used to
pass activeDOMWindow(execState) as source Window to
DOMWindow::postMessage(). activeDOMWindow() uses
exec->lexicalGlobalObject() which did the right thing because we
used to construct a new postMessage() function in the caller's context.

However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
was implemented, we would stop constructing new postMessage() functions
when calling window.postMessage(). As a result, the source window would
become incorrect because exec->lexicalGlobalObject() would return the
target Window instead.

In this patch, the following is done:

  1. Stop constructing a new function every time in the same origin case for postMessage, blur, focus and close. This was inefficient and lead to incorrect behavior:
    • The behavior would differ depending if the Window is reified or not
    • It would be impossible to delete those operations, which is incompatible with the specification and other browsers (tested Firefox and Chrome).
  2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState) as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow() is a new utility function that returns the caller's Window object.

Tests: fast/dom/Window/delete-operations.html

fast/dom/Window/messageevent-source-postmessage-reified.html
fast/dom/Window/messageevent-source-postmessage.html
fast/dom/Window/messageevent-source-postmessage2.html
fast/dom/Window/window-postmessage-clone-frames.html
fast/dom/Window/post-message-crash2.html

  • bindings/js/JSDOMBinding.cpp:

(WebCore::GetCallerCodeBlockFunctor::operator()):
(WebCore::GetCallerCodeBlockFunctor::codeBlock):
(WebCore::callerDOMWindow):

  • bindings/js/JSDOMBinding.h:
  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::handlePostMessage):

LayoutTests:

Add tests that cover using MessageEvent.source Window for messaging
using postMessage(). There are 2 versions of the test, one where the
main window is reified and one where it is not. The test that has a
reified main window was failing because this fix.

  • fast/dom/Window/delete-operations-expected.txt: Added.
  • fast/dom/Window/delete-operations.html: Added.

Make sure that operations on Window are indeed deletable. Previously,
it would be impossible to delete postMessage, blur, focus and close.

  • fast/dom/Window/messageevent-source-postmessage-expected.txt: Added.
  • fast/dom/Window/messageevent-source-postmessage-reified-expected.txt: Added.
  • fast/dom/Window/messageevent-source-postmessage-reified.html: Added.
  • fast/dom/Window/messageevent-source-postmessage.html: Added.
  • fast/dom/Window/messageevent-source-postmessage2.html: Added.
  • fast/dom/Window/resources/messageevent-source-postmessage-frame.html: Added.
  • fast/dom/Window/post-message-crash2-expected.txt: Added.
  • fast/dom/Window/post-message-crash2.html: Added.
8:06 AM Changeset in webkit [199488] by Jon Davis
  • 2 edits in trunk/Websites/webkit.org

Added background color for Safari Technology Preview posts.

Reviewed by Timothy Hatcher.

  • wp-content/themes/webkit/style.css:

(.tile.category-safari-technology-preview .background-image):

8:04 AM Changeset in webkit [199487] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/gtk/po

Merge r199063 - Updated Brazilian Portuguese translation
https://bugs.webkit.org/show_bug.cgi?id=156236

Patch by Rafael Fontenelle <rafaelff@gnome.org> on 2016-04-05
Rubber-stamped by Michael Catanzaro.

  • pt_BR.po:
8:03 AM Changeset in webkit [199486] by Carlos Garcia Campos
  • 4 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r199061 - We sometimes fail to remove outdated entry from the disk cache after revalidation and when the resource is no longer cacheable
https://bugs.webkit.org/show_bug.cgi?id=156048
<rdar://problem/25514480>

Reviewed by Antti Koivisto.

Source/WebKit2:

We would sometimes fail to remove outdated entry from the disk cache
after revalidation and when the resource is no longer cacheable. This
was due to Storage::removeFromPendingWriteOperations() only removing
the first pending write operation with a given key instead of actually
removing all of the operations with this key.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::removeFromPendingWriteOperations):

  • NetworkProcess/cache/NetworkCacheStorage.h:

LayoutTests:

Add test coverage for the bug.

  • http/tests/cache/disk-cache/disk-cache-remove-several-pending-writes-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-remove-several-pending-writes.html: Added.
  • http/tests/cache/disk-cache/resources/json.php: Added.
7:59 AM Changeset in webkit [199485] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r199045 - [TexMap] Improve viewport array access in TextureMapperGL::bindDefaultSurface()
https://bugs.webkit.org/show_bug.cgi?id=156159

Reviewed by Antonio Gomes.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::bindDefaultSurface): Create a reference to the
viewport array in the TextureMapperGLData object. Inline the IntSize constructor
for the object that's passed to createProjectionMatrix(), and use the reference
to access all four elements of the array as necessary.

7:59 AM Changeset in webkit [199484] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r199044 - [TexMap] resolveOverlaps() should be passed-in the first Region parameter via a reference
https://bugs.webkit.org/show_bug.cgi?id=156158

Reviewed by Antonio Gomes.

  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::resolveOverlaps): Don't copy the Region object that's passed through
the first parameter by accepting a reference to the object instead. This does
modify the passed-in object, but these modifications don't have any effect on
any state via the call sites in TextureMapperLayer::computeOverlapRegions().

7:57 AM WebKitGTKStableReleases edited by Andres Gomez
(diff)
7:56 AM Changeset in webkit [199483] by Carlos Garcia Campos
  • 33 edits in releases/WebKitGTK/webkit-2.12

Merge r199034 - CSS Triangles Rendering Regression affecting CSS Ribbons.
https://bugs.webkit.org/show_bug.cgi?id=156121

Reviewed by Simon Fraser.

Source/WebCore:

We use floored border width values for painting (see BorderEdge).
However border-box sizing is based on rounded border values. This mismatch could result in a 2 device pixel
gap when both top and bottom (or left and right) borders are present.

This patch applies flooring on the computed border width value.

It matches FireFox (44.0.2) behaviour (both by inspecting box-sizing visually and through getComputedStyle() values on border-width).

Covered by existing tests.

  • css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertLineWidth):

LayoutTests:

Rebeaseline to match current behaviour.

  • fast/inline/hidpi-inline-text-decoration-with-subpixel-value-expected.html:
  • platform/mac/css1/units/length_units-expected.txt:
  • platform/mac/fast/css/bidi-override-in-anonymous-block-expected.txt:
  • platform/mac/fast/multicol/span/anonymous-style-inheritance-expected.txt:
  • platform/mac/fast/repaint/repaint-during-scroll-with-zoom-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-initial-value-001-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-style-001-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-style-002-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-style-004-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-with-three-values-001-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-radius-with-two-values-001-expected.txt:
  • platform/mac/ietestcenter/css3/bordersbackgrounds/border-top-left-radius-values-003-expected.txt:
  • platform/mac/media/video-zoom-expected.txt:
  • platform/mac/svg/custom/svg-fonts-in-html-expected.txt:
  • platform/mac/svg/zoom/page/zoom-background-image-tiled-expected.txt:
  • platform/mac/svg/zoom/page/zoom-background-images-expected.txt:
  • platform/mac/svg/zoom/page/zoom-img-preserveAspectRatio-support-1-expected.txt:
  • platform/mac/svg/zoom/page/zoom-replaced-intrinsic-ratio-001-expected.txt:
  • platform/mac/svg/zoom/page/zoom-svg-float-border-padding-expected.txt:
  • platform/mac/svg/zoom/page/zoom-svg-through-object-with-auto-size-expected.txt:
  • platform/mac/tables/mozilla_expected_failures/bugs/bug1055-2-expected.txt:
7:56 AM WebKitGTK/StableRelease edited by Andres Gomez
(diff)
7:52 AM Changeset in webkit [199482] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r199027 - Tapping on tabs in webpages caused WK crash at WebKit: WebKit::WebFrame::didReceivePolicyDecision
https://bugs.webkit.org/show_bug.cgi?id=156119
<rdar://problem/20732167>

Reviewed by Andy Estes.

Protect the m_frame so that it is present for completion handlers.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

7:52 AM WebKitGTK/StartHacking edited by Andres Gomez
(diff)
7:51 AM Changeset in webkit [199481] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r199025 - [JSC][x86] Fix an assertion in MacroAssembler::branch8()
https://bugs.webkit.org/show_bug.cgi?id=156181

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-04
Reviewed by Geoffrey Garen.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::branch8):
The test was wrong because valid negative numbers have ones
in the top bits.

I replaced the assertion to be explicit about the valid range.

7:42 AM WebKitGTK/Releasing edited by Andres Gomez
(diff)
7:41 AM WebKitGTK edited by Andres Gomez
Pointing to the StableReleases page always (diff)
6:52 AM Changeset in webkit [199480] by Carlos Garcia Campos
  • 7 edits
    5 deletes in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r199002 - Fix WEB_PROCESS_CMD_PREFIX and NETWORK_PROCESS_CMD_PREFIX after r196500
https://bugs.webkit.org/show_bug.cgi?id=156060

Patch by Emanuele Aina <Emanuele Aina> on 2016-04-04
Reviewed by Darin Adler.

Commit r196500 was a bit too eager in removing the
platformGetLaunchOptions() callsites as non-mac platform still use
that in debug builds to attach debugging tools to spawned
subprocesses (eg. gdbserver).

Instead of reinstating them and relying on each subprocess type to
implement its own platformGetLaunchOptions() version (all alike),
avoid duplication and check the *_PROCESS_CMD_PREFIX environment
variables in a single place, ChildProcessProxy::getLaunchOptions().

Doing so also improves consistency in *_PROCESS_CMD_PREFIX support:
only WEB_PROCESS_CMD_PREFIX and NETWORK_PROCESS_CMD_PREFIX worked with
both the GTK and EFL ports while PLUGIN_PROCESS_CMD_PREFIX only
worked for EFL and there was no corresponding
DATABASE_PROCESS_CMD_PREFIX implementation.

  • UIProcess/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::getLaunchOptions): Check the
appropriate *_PROCESS_CMD_PREFIX environment variable.

  • UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:

(WebKit::PluginProcessProxy::platformGetLaunchOptions): Drop
check for PLUGIN_PROCESS_COMMAND_PREFIX, now handled by
ChildProcessProxy::getLaunchOptions().

  • UIProcess/Databases/DatabaseProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/WebProcessProxy.h: Drop platformGetLaunchOptions()

prototypes.

  • UIProcess/Network/soup/NetworkProcessProxySoup.cpp:
  • UIProcess/Databases/efl/DatabaseProcessProxyEfl.cpp:
  • UIProcess/Databases/gtk/DatabaseProcessProxyGtk.cpp:
  • UIProcess/efl/WebProcessProxyEfl.cpp:
  • UIProcess/gtk/WebProcessProxyGtk.cpp: Removed, they only contained

platformGetLaunchOptions() implementations.

  • PlatformEfl.cmake:
  • PlatformGTK.cmake: Drop removed files.
6:47 AM Changeset in webkit [199479] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r199001 - [TexMap] Trim redundant guards
https://bugs.webkit.org/show_bug.cgi?id=155927

Patch by Emanuele Aina <Emanuele Aina> on 2016-04-04
Reviewed by Žan Doberšek.

  • platform/graphics/GraphicsContext3DPrivate.cpp: Drop some redundant

checks in preprocessor guards.

6:46 AM Changeset in webkit [199478] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r199000 - Rely on PlatformLayer to choose the TextureMapperPlatformLayer impl
https://bugs.webkit.org/show_bug.cgi?id=155926

Patch by Emanuele Aina <Emanuele Aina> on 2016-04-04
Reviewed by Žan Doberšek.

Use PlatformLayer to replace a bunch of subtly different #ifdef
scattered over the codebase to choose between TextureMapperPlatformLayer
and TextureMapperPlatformLayerProxyProvider.

  • platform/graphics/GraphicsContext3DPrivate.h:
  • platform/graphics/cairo/ImageBufferDataCairo.h:
  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Use

PlatformLayer.h an inherit from PlatformLayer instead of choosing the
right implementation every time.

  • platform/graphics/texmap/TextureMapperPlatformLayer.h: Add

TEXTURE_MAPPER guards to make it unconditionally usable.

  • platform/graphics/texmap/TextureMapperPlatformLayerProxy.h: Add

COORDINATED_GRAPHICS_THREADED guards to make it unconditionally
usable.

6:40 AM Changeset in webkit [199477] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r199344 - [GTK] Rework scrollbars theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156462

Reviewed by Michael Catanzaro.

In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
GtkStyleContext cache.

  • platform/gtk/RenderThemeGadget.cpp:

(WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
(WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
be able to get non-CSS style properties.
(WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
(WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
steppers used by the theme.

  • platform/gtk/RenderThemeGadget.h:
  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::themeChangedCallback):
(WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
(WebCore::createStyleContext):
(WebCore::createChildStyleContext):
(WebCore::ScrollbarThemeGtk::themeChanged):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::scrollbarPartStateFlags):
(WebCore::scrollbarGadgetForLayout):
(WebCore::contentsGadgetForLayout):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::hasThumb):
(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::paintStepper):
(WebCore::adjustRectAccordingToMargin):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):

  • platform/gtk/ScrollbarThemeGtk.h:
6:40 AM Changeset in webkit [199476] by Carlos Garcia Campos
  • 7 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r199292 - [GTK] Rework the theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156333

Reviewed by Michael Catanzaro.

.:

Add a manual test to check how themed elements are rendered.

  • ManualTests/gtk/theme.html: Added.

Source/WebCore:

During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
Adwaita uses them like we currently do.
This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
ifdef blocks in the functions, and we ensure we don't break previous rendering.

  • PlatformGTK.cmake: Add new files to compilation.
  • html/shadow/SpinButtonElement.cpp:

(WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
current buttons state.

  • platform/gtk/RenderThemeGadget.cpp: Added.

(WebCore::RenderThemeGadget::create):
(WebCore::createStyleContext):
(WebCore::appendElementToPath):
(WebCore::RenderThemeGadget::RenderThemeGadget):
(WebCore::RenderThemeGadget::~RenderThemeGadget):
(WebCore::RenderThemeGadget::marginBox):
(WebCore::RenderThemeGadget::borderBox):
(WebCore::RenderThemeGadget::paddingBox):
(WebCore::RenderThemeGadget::contentsBox):
(WebCore::RenderThemeGadget::color):
(WebCore::RenderThemeGadget::backgroundColor):
(WebCore::RenderThemeGadget::minimumSize):
(WebCore::RenderThemeGadget::preferredSize):
(WebCore::RenderThemeGadget::render):
(WebCore::RenderThemeGadget::renderFocus):
(WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
(WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
(WebCore::RenderThemeTextFieldGadget::minimumSize):
(WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
(WebCore::RenderThemeToggleGadget::render):
(WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
(WebCore::RenderThemeArrowGadget::render):
(WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
(WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
(WebCore::RenderThemeIconGadget::render):
(WebCore::RenderThemeIconGadget::minimumSize):

  • platform/gtk/RenderThemeGadget.h: Added.

(WebCore::RenderThemeGadget::context):

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
buttons.

  • rendering/RenderThemeGtk.cpp:

(WebCore::themeChangedCallback): Just moved this code to a common place.
(WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
(WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
(WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
(WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
(WebCore::setToggleSize):
(WebCore::paintToggle):
(WebCore::RenderThemeGtk::paintButton):
(WebCore::RenderThemeGtk::popupInternalPaddingBox):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
so if the text field is for a spin button, we adjust the desired size here.
(WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
different, so we check here if this is the entry of a spin button to use the right gadgets.
(WebCore::adjustSearchFieldIconStyle):
(WebCore::RenderThemeGtk::paintTextArea):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
(WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
(WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
(WebCore::paintSearchFieldIcon):
(WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
(WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
(WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::RenderThemeGtk::paintSliderTrack):
(WebCore::RenderThemeGtk::adjustSliderThumbSize):
(WebCore::RenderThemeGtk::paintSliderThumb):
(WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
(WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
(WebCore::RenderThemeGtk::paintInnerSpinButton):
(WebCore::styleColor):
(WebCore::RenderThemeGtk::paintMediaButton):

  • rendering/RenderThemeGtk.h:
6:40 AM Changeset in webkit [199475] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198983 - Replace all RenderTheme::popupInternalPadding methods with a single one returning a LengthBox
https://bugs.webkit.org/show_bug.cgi?id=156098

Reviewed by Darin Adler.

The caller always wants all padding sides, so we can simplify both the caller and the implementations by using a
single method. It's also more efficient for the GTK+ port that creates and destroys the same style contexts on
every call.

  • rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::adjustInnerStyle):

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::popupInternalPaddingBox):
(WebCore::RenderTheme::popupInternalPaddingLeft): Deleted.
(WebCore::RenderTheme::popupInternalPaddingRight): Deleted.
(WebCore::RenderTheme::popupInternalPaddingTop): Deleted.
(WebCore::RenderTheme::popupInternalPaddingBottom): Deleted.

  • rendering/RenderThemeGtk.cpp:

(WebCore::RenderThemeGtk::popupInternalPaddingBox):
(WebCore::getComboBoxMetrics): Deleted.
(WebCore::RenderThemeGtk::popupInternalPaddingLeft): Deleted.
(WebCore::RenderThemeGtk::popupInternalPaddingRight): Deleted.
(WebCore::RenderThemeGtk::popupInternalPaddingTop): Deleted.
(WebCore::RenderThemeGtk::popupInternalPaddingBottom): Deleted.

  • rendering/RenderThemeGtk.h:
  • rendering/RenderThemeIOS.h:
  • rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::popupInternalPaddingBox):
(WebCore::RenderThemeIOS::popupInternalPaddingRight): Deleted.

  • rendering/RenderThemeMac.h:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::popupInternalPaddingBox):
(WebCore::RenderThemeMac::popupInternalPaddingLeft): Deleted.
(WebCore::RenderThemeMac::popupInternalPaddingRight): Deleted.
(WebCore::RenderThemeMac::popupInternalPaddingTop): Deleted.
(WebCore::RenderThemeMac::popupInternalPaddingBottom): Deleted.

6:39 AM Changeset in webkit [199474] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197170 - RenderTheme::controlSize* methods should take const RenderStyle&.
https://bugs.webkit.org/show_bug.cgi?id=154708

Reviewed by Darin Adler.

No change in functionality.

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::minimumMenuListSize):
(WebCore::RenderTheme::popupInternalPaddingLeft):
(WebCore::RenderTheme::popupInternalPaddingRight):
(WebCore::RenderTheme::popupInternalPaddingTop):
(WebCore::RenderTheme::popupInternalPaddingBottom):

  • rendering/RenderThemeMac.h:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::sizeForFont):
(WebCore::RenderThemeMac::sizeForSystemFont):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::minimumProgressBarHeight):
(WebCore::RenderThemeMac::popupInternalPaddingLeft):
(WebCore::RenderThemeMac::popupInternalPaddingRight):
(WebCore::RenderThemeMac::popupInternalPaddingTop):
(WebCore::RenderThemeMac::popupInternalPaddingBottom):
(WebCore::RenderThemeMac::minimumMenuListSize):

6:25 AM Changeset in webkit [199473] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198958 - putImageData leaves visible artifacts on retina display
https://bugs.webkit.org/show_bug.cgi?id=156039
<rdar://problem/25482243>

Reviewed by Simon Fraser.

Inflate the repaint rect to cover anti-aliasing bits.

Source/WebCore:

Test: fast/canvas/hidpi-repaint-on-retina-leaves-bits-behind.html

  • html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::didDraw):

LayoutTests:

  • fast/canvas/hidpi-repaint-on-retina-leaves-bits-behind-expected.html: Added.
  • fast/canvas/hidpi-repaint-on-retina-leaves-bits-behind.html: Added.
6:24 AM Changeset in webkit [199472] by Carlos Garcia Campos
  • 8 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r198956 - WebKit should dispatchDidFailProvisionalLoad while loading invalid URLs
https://bugs.webkit.org/show_bug.cgi?id=155995
<rdar://problem/14967004>

Reviewed by Andy Estes.

Source/WebCore:

Added API Tests.

If a loading request contains an invalid URL, DocumentLoader will now dispatch
cannotShowURLError to the clients.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::startLoadingMainResource):

Source/WebKit2:

Ensure that alternative HTML string will not be loaded back to back for
failing provisional loads.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::loadAlternateHTMLString):
(WebKit::WebPageProxy::didFinishLoadForFrame):

  • UIProcess/WebPageProxy.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/LoadAlternateHTMLString.mm:

(-[LoadAlternateHTMLStringFromProvisionalLoadErrorController webView:didFailProvisionalNavigation:withError:]):
(-[LoadAlternateHTMLStringFromProvisionalLoadErrorController webView:didStartProvisionalNavigation:]):
(TEST):

  • TestWebKitAPI/Tests/WebKit2Cocoa/LoadInvalidURLRequest.mm: Added.

(literalURL):
(-[LoadInvalidURLNavigationActionDelegate webView:didCommitNavigation:]):
(-[LoadInvalidURLNavigationActionDelegate webView:didFailProvisionalNavigation:withError:]):
(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/mac/LoadInvalidURLRequest.html: Added.
  • TestWebKitAPI/Tests/mac/LoadInvalidURLRequest.mm: Added.

(-[LoadInvalidURLWebFrameLoadDelegate webView:didCommitLoadForFrame:]):
(-[LoadInvalidURLWebFrameLoadDelegate webView:didFailProvisionalLoadWithError:forFrame:]):
(TestWebKitAPI::TEST):

6:14 AM Changeset in webkit [199471] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198924 - REGRESSION (r195605): ASSERTION FAILED: !NoEventDispatchAssertion::isEventDispatchForbidden()
when pressing the back button on a page with a focused subframe
https://bugs.webkit.org/show_bug.cgi?id=156033
<rdar://problem/25446561>

Reviewed by Chris Dumez.

Source/WebCore:

Fixes an assertion failure when navigating back, by pressing the browser back button, to
the previous page from a page with a focused subframe.

Following r195605 (https://bugs.webkit.org/show_bug.cgi?id=153449), the responsibility for
dispatching a DOM pagehide event moved from CachedFrame to PageCache and we now instantiate
a NoEventDispatchAssertion object to enforce the invariant that no additional DOM events are
dispatched as part of adding a page to the page cache. When adding a page with a focused
subframe to the page cache we focus its main frame, which implicitly defocuses the subframe
and dispatches a DOM blur event at it. Therefore an assertion failure occurs when dispatching
this DOM blur event (because a NoEventDispatchAssertion object was allocated on the stack).

Test: fast/history/back-from-page-with-focused-iframe.html

  • history/CachedFrame.cpp:

(WebCore::CachedFrame::CachedFrame): Move logic to focus the main frame from here...

  • history/PageCache.cpp:

(WebCore::PageCache::addIfCacheable): to here such that any DOM blur and focus events
are dispatched before instantiate the NoEventDispatchAssertion object and enter the page
cache.

LayoutTests:

Add a test to ensure that when navigating back from a page with a focused <iframe> f, a DOM
blur event is dispatched to f, a DOM focus event is dispatched at the main frame and that
an assertion failure does not occur (only applicable in a debug build).

  • fast/history/back-from-page-with-focused-iframe-expected.txt: Added.
  • fast/history/back-from-page-with-focused-iframe.html: Added.
6:13 AM Changeset in webkit [199470] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198919 - Fails to build in Linux / PowerPC due to different ucontext_t definition
https://bugs.webkit.org/show_bug.cgi?id=156015

Reviewed by Michael Catanzaro.

PPC does not have mcontext_t in ucontext_t::uc_mcontext.
So we take the special way to retrieve mcontext_t in PPC.

  • heap/MachineStackMarker.cpp:

(pthreadSignalHandlerSuspendResume):

6:12 AM Changeset in webkit [199469] by Carlos Garcia Campos
  • 4 edits
    5 deletes in releases/WebKitGTK/webkit-2.12

Merge r198917 - REGRESSION (r191180): Safari does not send Referer Header to iframe src in certain situations
https://bugs.webkit.org/show_bug.cgi?id=155754
<rdar://problem/25296445>

Unreviewed, roll out r191180 as it breaks sites and needs to be reworked.

Source/WebCore:

  • html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::tagIdFor): Deleted.
(WebCore::TokenPreloadScanner::initiatorFor): Deleted.
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Deleted.
(WebCore::TokenPreloadScanner::StartTagScanner::resourceType): Deleted.

  • html/parser/HTMLPreloadScanner.h:

LayoutTests:

  • fast/preloader/frame-src-expected.txt: Removed.
  • fast/preloader/frame-src.html: Removed.
  • fast/preloader/resources/testFrame.html: Removed.
  • http/tests/loading/preload-no-store-frame-src-expected: Removed.
  • http/tests/loading/preload-no-store-frame-src.html: Removed.
6:08 AM Changeset in webkit [199468] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198904 - SelectionController::positionForPlatform should ask EditingBehavior for platform specific behavior
https://bugs.webkit.org/show_bug.cgi?id=41976

Reviewed by Darin Adler.

SSIA.

No new tests needed.

  • editing/EditingBehavior.h:

(WebCore::EditingBehavior::shouldAlwaysExtendSelectionFromExtentEndpoint):

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::positionForPlatform):

5:55 AM Changeset in webkit [199467] by Carlos Garcia Campos
  • 27 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r198869 - Make BlobData use ThreadSafeSharedBuffer instead of RawData.
https://bugs.webkit.org/show_bug.cgi?id=156041

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::consumeText):
(WebCore::FetchBody::extractFromText):
(WebCore::blobFromArrayBuffer):

  • Modules/fetch/FetchBody.h:
  • Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:

(WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):

  • Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::didReceiveBinaryData):

  • Modules/websockets/WebSocket.h:
  • Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::processFrame):

  • Modules/websockets/WebSocketChannel.h:
  • Modules/websockets/WebSocketChannelClient.h:

(WebCore::WebSocketChannelClient::didReceiveBinaryData):

  • Modules/websockets/WorkerThreadableWebSocketChannel.cpp:

(WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveBinaryData):

  • Modules/websockets/WorkerThreadableWebSocketChannel.h:
  • fileapi/Blob.cpp:

(WebCore::Blob::Blob):

  • fileapi/Blob.h:

(WebCore::Blob::create):

  • fileapi/WebKitBlobBuilder.h:
  • platform/network/BlobData.cpp:

(WebCore::BlobData::BlobData):
(WebCore::BlobDataItem::length):
(WebCore::BlobData::appendData):
(WebCore::BlobData::setContentType): Deleted.

  • platform/network/BlobData.h:

(WebCore::BlobDataItem::type):
(WebCore::BlobDataItem::data):
(WebCore::BlobDataItem::file):
(WebCore::BlobDataItem::BlobDataItem):
(WebCore::BlobData::create):
(WebCore::RawData::create): Deleted.
(WebCore::RawData::data): Deleted.
(WebCore::RawData::length): Deleted.
(WebCore::RawData::RawData): Deleted.

  • platform/network/BlobPart.h:

(WebCore::BlobPart::BlobPart):
(WebCore::BlobPart::data):
(WebCore::BlobPart::moveData):

  • platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::appendStorageItems):
(WebCore::BlobRegistryImpl::registerFileBlobURL):
(WebCore::BlobRegistryImpl::registerBlobURL):
(WebCore::BlobRegistryImpl::registerBlobURLForSlice):

  • platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::getSizeForNext):
(WebCore::BlobResourceHandle::readSync):
(WebCore::BlobResourceHandle::readDataSync):
(WebCore::BlobResourceHandle::readFileSync):
(WebCore::BlobResourceHandle::readAsync):
(WebCore::BlobResourceHandle::readDataAsync):
(WebCore::BlobResourceHandle::readFileAsync):

  • platform/network/BlobResourceHandle.h:
  • platform/network/FormData.cpp:

(WebCore::appendBlobResolved):

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::blobIsOutOfDate):
(WebCore::addEncodedBlobItemToSoupMessageBody):

  • platform/text/LineEnding.cpp:

(WebCore::normalizeToCROrLF):
(WebCore::normalizeLineEndingsToNative):
(WebCore::normalizeLineEndingsToCR): Deleted.
(WebCore::normalizeLineEndingsToLF): Deleted.

  • platform/text/LineEnding.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::responseBlob):

Source/WebKit2:

  • NetworkProcess/FileAPI/NetworkBlobRegistry.cpp:

(WebKit::NetworkBlobRegistry::filesInBlob):

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<BlobPart>::decode):

5:27 AM Changeset in webkit [199466] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198868 - Change some release asserts in CodeBlock linking into debug asserts
https://bugs.webkit.org/show_bug.cgi?id=155500

Reviewed by Filip Pizlo.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):

5:23 AM Changeset in webkit [199465] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198852 - Random SerializedScriptValue cleanup.
https://bugs.webkit.org/show_bug.cgi?id=156032

Rubberstamped by Tim Hatcher.

  • Remove two unused functions.
  • Make the class always be ThreadSafeRefCounted.
  • bindings/js/SerializedScriptValue.cpp:

(WebCore::SerializedScriptValue::numberValue): Deleted.
(WebCore::SerializedScriptValue::undefinedValue): Deleted.

  • bindings/js/SerializedScriptValue.h:
5:18 AM Changeset in webkit [199464] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Make animation events non-cancelable
https://bugs.webkit.org/show_bug.cgi?id=78110

Reviewed by Dan Bates.

Source/WebCore:

Make the animation events non-cancelable.

Test: animations/animation-events-not-cancelable.html

  • dom/AnimationEvent.cpp:

(WebCore::AnimationEvent::AnimationEvent):

LayoutTests:

  • animations/animation-events-not-cancelable-expected.txt: Added.
  • animations/animation-events-not-cancelable.html: Added.
5:16 AM Changeset in webkit [199463] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12

Merge r198827 - [WTF] Removing a smart pointer from HashTable issues two stores to the same location
https://bugs.webkit.org/show_bug.cgi?id=155676

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-29
Reviewed by Darin Adler.

Source/WTF:

While working on the hot loop of r198376, I noticed something
weird...
Every time we removed a smart pointer from the hash table,
the code generated was something like:

Load([bucket]) -> Tmp
Store(0 -> [bucket])
JumpIfZero(Tmp, ->End)
Call fastFree()
Store(-1 -> [bucket])
-> End:

The useless store before the branch is annoying, especially on ARM.

Here is what happens:

1) The destructor of the smart pointer swaps its internal value with nullptr.
2) Since the smart pointer is not a local in-register value, that nullptr

is stored in memory because it could be observable from fastFree().

3) The destructor destroy the value if not zero (or deref for RefPtr).

The "if-not-zero" may or may not be eliminated depending on what
is between getting the iterator and the call to remove().

4) fastFree() is called.
5) The deleted value is set in the bucket.

This patch adds custom deletion for those cases to avoid the useless
store. The useless null check is still eliminated when we are lucky.

I went this path instead of changing the destructor of RefPtr for two reasons:
-I need this to work in unique_ptr for JSC.
-Nulling the memory may have security advantages in the cases where we do not immediately

write over that memory again.

This patch removes 13kb out of x86_64 WebCore.

  • wtf/HashTable.h:

(WTF::HashTable::deleteBucket):
(WTF::KeyTraits>::removeIf):

  • wtf/HashTraits.h:

(WTF::HashTraits<RefPtr<P>>::customDeleteBucket):
(WTF::hashTraitsDeleteBucket):
(WTF::KeyValuePairHashTraits::customDeleteBucket):

  • wtf/text/AtomicStringHash.h:

(WTF::HashTraits<WTF::AtomicString>::isEmptyValue):
(WTF::HashTraits<WTF::AtomicString>::customDeleteBucket):

  • wtf/text/StringHash.h:

(WTF::HashTraits<String>::customDeleteBucket):

Tools:

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:
  • TestWebKitAPI/Tests/WTF/HashSet.cpp:
4:41 AM Changeset in webkit [199462] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198785 - REGRESSION (r196813): Missing plug-in placeholder is missing
https://bugs.webkit.org/show_bug.cgi?id=155973
<rdar://problem/25068392>

Reviewed by Andy Estes.

Show unavailable plugin indicator when UnavailablePluginIndicatorState (uninitialized, hidden, visible) is not set to hidden explicitly.
It matches pre-196813 behaviour.

Unable to test.

  • rendering/RenderEmbeddedObject.h:

(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

4:38 AM Changeset in webkit [199461] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r198780 - media/track/track-remove-track.html is flaky, crashing and failing
https://bugs.webkit.org/show_bug.cgi?id=130971

Reviewed by Alexey Proskuryakov.
Source/WebCore:

Prevent HTMLMediaElement from being collected while it is creating media controls.
These changes prevent the test from crashing but they do not fix the flakiness,
which is caused by another bug. Fixing that is tracked by
https://bugs.webkit.org/show_bug.cgi?id=155956.

  • html/HTMLMediaElement.cpp:

(WebCore::actionName): New, debugging-only helper function.
(WebCore::HTMLMediaElement::HTMLMediaElement): Initialize new variables.
(WebCore::HTMLMediaElement::scheduleDelayedAction): Log the flag names to make debugging easier.
(WebCore::HTMLMediaElement::scheduleNextSourceChild): Add logging.
(WebCore::HTMLMediaElement::updateActiveTextTrackCues): Update logging.
(WebCore::HTMLMediaElement::configureTextTrackGroup): Drive-by optimization: don't call

updateCaptionContainer here, call it before exiting configureTextTracks so we only call
it once instead of once per track group.

(WebCore::controllerJSValue):
(WebCore::HTMLMediaElement::ensureMediaControlsShadowRoot): New, wrapper around calling

ensureUserAgentShadowRoot so m_creatingControls can be set and cleared appropriately.

(WebCore::HTMLMediaElement::updateCaptionContainer): ensureUserAgentShadowRoot ->

ensureMediaControlsShadowRoot. Drive by optimization: set/test m_haveSetupCaptionContainer
so we only do this setup once.

(WebCore::HTMLMediaElement::configureTextTracks): Call updateCaptionContainer.
(WebCore::HTMLMediaElement::clearMediaPlayer): Log flag names.
(WebCore::HTMLMediaElement::hasPendingActivity): Return true when creating controls so GC

won't happen during controls setup.

(WebCore::HTMLMediaElement::updateTextTrackDisplay): ensureUserAgentShadowRoot ->

ensureMediaControlsShadowRoot.

(WebCore::HTMLMediaElement::createMediaControls): Ditto.
(WebCore::HTMLMediaElement::configureMediaControls): Ditto.
(WebCore::HTMLMediaElement::configureTextTrackDisplay): Ditto.

  • html/HTMLMediaElement.h:

LayoutTests:

  • platform/mac/TestExpectations: Mark crash as flaky only.
4:38 AM Changeset in webkit [199460] by Carlos Garcia Campos
  • 6 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source

Merge r198778 - REGRESSION(r192914): 10% regression on Sunspider's date-format-tofte
https://bugs.webkit.org/show_bug.cgi?id=155559

Reviewed by Saam Barati.

Source/JavaScriptCore:

The fast path of the eval function is the super hot path in date-format-tofte.
Any performance regression is not allowed here.
Before this patch, we allocated SourceCode in the fast path.
This allocation incurs 10% performance regression.

This patch removes this allocation in the fast path.
And change the key of the EvalCodeCache to EvalCodeCache::CacheKey.
It combines RefPtr<StringImpl> and isArrowFunctionContext.
Since EvalCodeCache does not cache any eval code evaluated under the strict mode,
it is unnecessary to include several options (ThisTDZMode, and DerivedContextType) in the cache map's key.
But isArrowFunctionContext is necessary since the sloppy mode arrow function exists.

To validate this change, we add a new test that evaluates the same code
under the non-arrow function context and the arrow function context.

After introducing CacheKey, we observed 1% regression compared to the RefPtr<StringImpl> keyed case.
This is because HashMap<RefPtr<T>, ...>::get(T*) is specially optimized; this path is inlined while the normal ::get() is not inlined.
To avoid this performance regression, we introduce HashMap::fastGet, that aggressively encourages inlining.
The relationship between fastGet() and get() is similar to fastAdd() and add().
After applying this change, the evaluation shows no performance regression in comparison with the RefPtr<StringImpl> keyed case.

  • bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::CacheKey::CacheKey):
(JSC::EvalCodeCache::CacheKey::hash):
(JSC::EvalCodeCache::CacheKey::isEmptyValue):
(JSC::EvalCodeCache::CacheKey::operator==):
(JSC::EvalCodeCache::CacheKey::isHashTableDeletedValue):
(JSC::EvalCodeCache::CacheKey::Hash::hash):
(JSC::EvalCodeCache::CacheKey::Hash::equal):
(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
(JSC::EvalCodeCache::isCacheable):

  • interpreter/Interpreter.cpp:

(JSC::eval):

  • tests/stress/eval-in-arrow-function.js: Added.

(shouldBe):
(i):

Source/WTF:

Add HashTable::inlineLookup and HashMap::fastGet.

  • wtf/HashMap.h:
  • wtf/HashTable.h:
4:16 AM Changeset in webkit [199459] by Yusuke Suzuki
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Add @@toStringTag to GeneratorFunction
https://bugs.webkit.org/show_bug.cgi?id=156499

Reviewed by Mark Lam.

GeneratorFunction.prototype has @@toStringTag property, "GeneratorFunction".
https://tc39.github.io/ecma262/#sec-generatorfunction.prototype-@@tostringtag

  • runtime/GeneratorFunctionPrototype.cpp:

(JSC::GeneratorFunctionPrototype::finishCreation):

  • tests/es6.yaml:
  • tests/es6/well-known_symbols_Symbol.toStringTag_new_built-ins.js: Added.

(test):

3:50 AM Changeset in webkit [199458] by berto@igalia.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix build in glibc-based BSD systems
https://bugs.webkit.org/show_bug.cgi?id=156533

Reviewed by Carlos Garcia Campos.

Change the order of the #elif conditionals so glibc-based BSD
systems (e.g. Debian GNU/kFreeBSD) use the code inside the
OS(FREEBSD) blocks.

  • heap/MachineStackMarker.cpp:

(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::Registers::framePointer):
(JSC::MachineThreads::Thread::Registers::instructionPointer):
(JSC::MachineThreads::Thread::Registers::llintPC):

3:21 AM Changeset in webkit [199457] by Carlos Garcia Campos
  • 10 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198771 - Pixel turds when bordered div is resized on SMF forum software.
https://bugs.webkit.org/show_bug.cgi?id=155957
<rdar://problem/25010646>

Reviewed by Simon Fraser.

Use unmodified, non-snapped bounding box rect when computing dirty rects.

Source/WebCore:

Test: fast/repaint/hidpi-box-with-subpixel-height-inflates.html

  • rendering/RenderBox.h:
  • rendering/RenderBoxModelObject.h:
  • rendering/RenderElement.cpp:

(WebCore::RenderElement::getTrailingCorner):

  • rendering/RenderInline.h:
  • rendering/RenderLineBreak.cpp:

(WebCore::RenderLineBreak::borderBoundingBox): Deleted.

  • rendering/RenderLineBreak.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::setBestTruncatedAt):

LayoutTests:

  • fast/repaint/hidpi-box-with-subpixel-height-inflates-expected.txt: Added.
  • fast/repaint/hidpi-box-with-subpixel-height-inflates.html: Added.
3:03 AM Changeset in webkit [199456] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198753 - Setup cloned continuation renderer properly.
https://bugs.webkit.org/show_bug.cgi?id=155640

Reviewed by Simon Fraser.

Set the "renderer has outline ancestor" flag on the cloned inline renderer when
we split the original renderer for continuation.
It ensures that when the cloned part of the continuation requests repaint, we properly
invalidate the ancestor outline (if needed).

Source/WebCore:

Test: fast/inline/outline-with-continuation-assert.html

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::clone):

LayoutTests:

  • fast/inline/outline-with-continuation-assert-expected.txt: Added.
  • fast/inline/outline-with-continuation-assert.html: Added.
3:00 AM Changeset in webkit [199455] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198701 - RenderImage::repaintOrMarkForLayout fails when the renderer is detached.
https://bugs.webkit.org/show_bug.cgi?id=155885
<rdar://problem/25359164>

Reviewed by Simon Fraser.

Making containingBlockFor* functions standalone ensures that we don't
call them on an invalid object.

Covered by existing tests.

  • dom/Element.cpp:

(WebCore::layoutOverflowRectContainsAllDescendants):

  • rendering/LogicalSelectionOffsetCaches.h:

(WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):

  • rendering/RenderElement.cpp:

(WebCore::containingBlockForFixedPosition):
(WebCore::containingBlockForAbsolutePosition):
(WebCore::containingBlockForObjectInFlow):
(WebCore::RenderElement::containingBlockForFixedPosition): Deleted.
(WebCore::RenderElement::containingBlockForAbsolutePosition): Deleted.
(WebCore::isNonRenderBlockInline): Deleted.
(WebCore::RenderElement::containingBlockForObjectInFlow): Deleted.

  • rendering/RenderElement.h:
  • rendering/RenderInline.cpp:

(WebCore::RenderInline::styleWillChange):

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::containingBlock):

2:52 AM WebKitGTK/2.12.x edited by berto@igalia.com
(diff)
2:39 AM Changeset in webkit [199454] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r199246 - bmalloc: stress_aligned test fails if you increase smallMax
https://bugs.webkit.org/show_bug.cgi?id=156414

Reviewed by Oliver Hunt.

When size exceeds alignment and is a multiple of alignment and is not
a power of two, such as 24kB with 8kB alignment, the small allocator
did not always guarantee alignment. Let's fix that.

  • bmalloc/Algorithm.h:

(bmalloc::divideRoundingUp): Math is hard.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::allocate): Align to the page size unconditionally.
Even if the page size is not a power of two, it might be a multiple of
a power of two, and we want alignment to that smaller power of two to
be guaranteed.

2:39 AM Changeset in webkit [199453] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r199115 - bmalloc: handle aligned allocations on the fast path
https://bugs.webkit.org/show_bug.cgi?id=156302

Reviewed by Michael Saboff.

This helps keep the JavaScriptCore GC on the fast path, and it also
helps avoid fragmentation on our website stress test:

nimlang 209,584kB 198,076kB 1.06x smaller

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::allocate): Because we arrange for power-of-two size
classes to allocate at power-of-two alignments, we can allocate any
small aligned request on the small path.

  • bmalloc/Chunk.h:

(bmalloc::Chunk::bytes):
(bmalloc::Chunk::lines):
(bmalloc::Chunk::pages):
(bmalloc::Chunk::boundaryTags):
(bmalloc::Chunk::objectType): Moved some code around to provide better
API.

(bmalloc::Chunk::Chunk): Moved this code to VMHeap.

(bmalloc::Chunk::offset):
(bmalloc::Chunk::object): Use our new bytes() helper function.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::allocateChunk): Moved code here from Chunk.

(bmalloc::VMHeap::allocateSmallChunk): Ensure that power-of-two page
sizes always begin allocation at the same alignment. Power-of-two object
sizes always request power-of-two page sizes (since that's the least
wasteful option), so if we also ensure that power-of-two page sizes get
power-of-two alignment, then everything is aligned for all small objects.

2:39 AM Changeset in webkit [199452] by Carlos Garcia Campos
  • 13 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198995 - bmalloc: segregate small and large objects again, and allocate more objects on the small path
https://bugs.webkit.org/show_bug.cgi?id=156152

Reviewed by Sam Weinig.

Microbenchmark data suggested that it was a good idea for small and large
objects to share memory. But r198675 did not improve memory use in
full browser benchmarks.

This patch reverts to segregating small and large objects -- but without
going back to doubled VM usage -- in order to capture a few benefits:

(*) Small pages fragment the large heap. Separating them out saves a lot
of memory in our worst case fragmentation recording:

nimlang 276,076kB 209,636kB 1.32x smaller

(*) Small objects are common enough that even their slow paths benefit
from simpler code:

Execution Time:

...
facebook 234ms 216ms 1.08x faster
reddit 114ms 108ms
1.06x faster
flickr 118ms 111ms 1.06x faster
theverge 146ms 140ms
1.04x faster
...
<arithmetic mean> 107ms 102ms 1.04x faster

(*) We can use less metadata:

Memory at End:

...
list_allocate 460kB 384kB 1.2x smaller
tree_allocate 492kB 424kB
1.16x smaller
tree_churn 480kB 404kB 1.19x smaller
fragment 532kB 452kB
1.18x smaller
fragment_iterate 712kB 588kB 1.21x smaller
medium 15,152kB 11,796kB
1.28x smaller
big 15,044kB 10,976kB 1.37x smaller
...
<arithmetic mean> 7,724kB 7,190kB
1.07x smaller

This patch also takes advantage of our support for varying the page size
at runtime by allocating more objects on the small object path:

medium 178ms 150ms 1.19x faster

Some microbenchmarks report memory use increases from this change -- like
they reported memory use decreases from r198675 -- but I'm ignoring them
for now because I expect our full browser memory benchmarks to confirm
that this patch is fine.

  • bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::BumpAllocator): Use a full unsigned because we
can allocate objects larger than 16kB - 1, and a full unsigned does not
make BumpAllocator any larger on 64bit systems.

  • bmalloc/Chunk.h:

(bmalloc::Chunk::begin):
(bmalloc::Chunk::end):
(bmalloc::Chunk::size):
(bmalloc::Chunk::objectType): Store ObjectType in the Chunk, since it only
varies by Chunk now, and not from page to page within a Chunk. Also,
union together small and large object metadata, since we will only use
one or the other. This saves memory.

(bmalloc::Chunk::Chunk): Conditionalize initialization based on object
type, since only one kind of metadata or the other can be used at runtime.

(bmalloc::Object::Object):
(bmalloc::Object::begin):
(bmalloc::SmallPage::end): Deleted.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):
(bmalloc::Heap::initializeLineMetadata): Save a little space, since we
know that lines are only 256 bytes long.

(bmalloc::Heap::initializePageMetadata): Store a dynamic page size for
each size class. We used to use only one page size (the system page size)
but that limited our ability to allocate objects larger than 1kB on the
small object path. Now we can handle any object size we want by storing
objects of that size in a custom page size.

(bmalloc::Heap::concurrentScavenge):
(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages): Revert to our old linked list
strategy for storing small pages.

(bmalloc::Heap::splitAndAllocate): Object type is per Chunk now.

(bmalloc::Heap::allocateLarge): Don't nuke the small page list when
allocating a large object because the two don't share memory anymore.

(bmalloc::Heap::allocateSmallPage): Revert to our old linked list
strategy for storing small pages.

(bmalloc::Heap::deallocateSmallLine): Don't return early in the case
where this is the first free object in the page. In the case of large-ish
objects, the first free object might also be the last free object,
since there's one object per page.

(bmalloc::Heap::allocateSmallBumpRangesByMetadata): Split out some helper
lambdas to make this code clearer.

(bmalloc::Heap::allocateSmallBumpRangesByObject): Added a fast scan
for objects larger than the line size. When multiple objects fit in
a single line, it's an optimization to scan a line at a time. But when
it's one object per line, or one object per 64 lines, it's better just
to scan an object at a time.

  • bmalloc/Heap.h:

(bmalloc::Heap::allocateSmallBumpRanges):
(bmalloc::Heap::derefSmallLine): Match the changes above.

  • bmalloc/LineMetadata.h: We weren't using all those bits.
  • bmalloc/List.h:

(bmalloc::List::remove): Put a removed Node fully back into the default
(empty) state it was in before it entered the list. This change is not
observable, but it makes things clearer when you're debugging.

  • bmalloc/Object.h:

(bmalloc::Object::Object):
(bmalloc::Object::chunk):
(bmalloc::Object::offset):
(bmalloc::Object::operator+):
(bmalloc::Object::operator<=): Added some helpers for iterating by object.

  • bmalloc/ObjectType.cpp:

(bmalloc::objectType): Updated for API change.

  • bmalloc/Sizes.h:

(bmalloc::Sizes::maskObjectSize):
(bmalloc::Sizes::objectSize):
(bmalloc::Sizes::pageSize): Support more page sizes.

  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage):
(bmalloc::SmallPage::objectType): Deleted.
(bmalloc::SmallPage::setObjectType): Deleted.
(bmalloc::SmallPage::smallPageCount): Deleted.
(bmalloc::SmallPage::setSmallPageCount): Deleted. Object type is per
Chunk now, and we can infer page count from size class.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::allocateChunk):
(bmalloc::VMHeap::allocateSmallChunk):

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::deallocateSmallPage):
(bmalloc::VMHeap::allocateLargeObject): Support our old behavior of
storing free pages in linked lists.

2:38 AM Changeset in webkit [199451] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198829 - bmalloc: support physical page sizes that don't match the virtual page size (take 2)
https://bugs.webkit.org/show_bug.cgi?id=156003

Reviewed by Andreas Kling.

This is a memory savings on iOS devices where the virtual page size
is 16kB but the physical page size is 4kB.

Take 1 was a memory regression on 16kB virtual / 16kB physical systems
because it used a 4kB page size within a 16kB page size, allowing up to
4 different object types to mix within a physical page. Because objects
of the same type tend to deallocate at the same time, mixing objects of
different types made pages less likely to become completely empty.

(Take 1 also had a bug where it used a platform #ifdef that didn't exist.
Oops.)

Take 2 allocates units of SmallPages equal to the physical page size.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):
(bmalloc::Heap::initializeLineMetadata):
(bmalloc::Heap::allocateSmallBumpRanges):
(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::tryAllocateXLarge):
(bmalloc::Heap::shrinkXLarge):

  • bmalloc/Heap.h: Use the physical page size for our VM operations because

we're only concerned with returning physical pages to the OS.

  • bmalloc/VMAllocate.h:

(bmalloc::vmPageSize):
(bmalloc::vmPageShift):
(bmalloc::vmSize):
(bmalloc::vmValidate):
(bmalloc::vmPageSizePhysical):
(bmalloc::vmValidatePhysical):
(bmalloc::tryVMAllocate):
(bmalloc::vmDeallocatePhysicalPages):
(bmalloc::vmAllocatePhysicalPages):
(bmalloc::vmDeallocatePhysicalPagesSloppy):
(bmalloc::vmAllocatePhysicalPagesSloppy): Use the physical page size.

2:38 AM Changeset in webkit [199450] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198821 - bmalloc: page size should be configurable at runtime
https://bugs.webkit.org/show_bug.cgi?id=155993

Reviewed by Andreas Kling.

This is a memory win on 32bit iOS devices, since their page sizes are
4kB and not 16kB.

It's also a step toward supporting 64bit iOS devices that have a
16kB/4kB virtual/physical page size split.

  • bmalloc/Chunk.h: Align to largeAlignment since 2 * smallMax isn't

required by the boundary tag allocator.

(bmalloc::Chunk::page): Account for the slide when accessing a page.
Each SmallPage hashes 4kB of memory. When we want to allocate a region
of memory larger than 4kB, we store our metadata in the first SmallPage
in the region and we assign a slide to the remaining SmallPages, so
they forward to that first SmallPage when accessed.

NOTE: We could use a less flexible technique that just hashed by
vmPageSize() instead of 4kB at runtime, with no slide, but I think we'll
be able to use this slide technique to make even more page sizes
dynamically at runtime, which should save some memory and simplify
the allocator.

(bmalloc::SmallPage::begin): It's invalid to access a SmallPage with
a slide, since such SmallPages do not contain meaningful data.

(bmalloc::SmallPage::end): Account for smallPageCount when computing
the size of a page.

(bmalloc::Chunk::pageBegin): Deleted.
(bmalloc::Chunk::pageEnd): Deleted.
(bmalloc::Object::pageBegin): Deleted.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap): Cache vmPageSize because computing it might require
a syscall.

(bmalloc::Heap::initializeLineMetadata): Line metadata is a vector instead
of a 2D array because we don't know how much metadata we'll need until
we know the page size.

(bmalloc::Heap::scavengeSmallPage): Be sure to revert the slide when
deallocating a page. Otherwise, the next attempt to allocate the page
will slide when initializing it, sliding to nowhere.

(bmalloc::Heap::allocateSmallBumpRanges): Account for vector change to
line metadata.

(bmalloc::Heap::allocateSmallPage): Initialize slide and smallPageCount
since they aren't constant anymore.

(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::tryAllocateXLarge):
(bmalloc::Heap::shrinkXLarge): Adopt dynamic page size.

  • bmalloc/Heap.h:
  • bmalloc/Sizes.h: smallPageSize is no longer equal to the VM page

size -- it's just the smallest VM page size we're interested in supporting.

  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::slide):
(bmalloc::SmallPage::setSlide):
(bmalloc::SmallPage::smallPageCount):
(bmalloc::SmallPage::setSmallPageCount):
(bmalloc::SmallPage::ref):
(bmalloc::SmallPage::deref): Support slide and small page count as
dynamic values. This doesn't increase metadata size since sizeof(SmallPage)
rounds up to alignment anyway.

  • bmalloc/VMAllocate.h:

(bmalloc::vmPageSize):
(bmalloc::vmPageShift):
(bmalloc::vmSize):
(bmalloc::vmValidate):
(bmalloc::tryVMAllocate):
(bmalloc::vmDeallocatePhysicalPagesSloppy):
(bmalloc::vmAllocatePhysicalPagesSloppy): Treat page size as a variable.

  • bmalloc/Vector.h:

(bmalloc::Vector::initialCapacity):
(bmalloc::Vector<T>::insert):
(bmalloc::Vector<T>::grow):
(bmalloc::Vector<T>::shrink):
(bmalloc::Vector<T>::shrinkCapacity):
(bmalloc::Vector<T>::growCapacity): Treat page size as a variable.

2:38 AM Changeset in webkit [199449] by Carlos Garcia Campos
  • 5 edits
    4 adds in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198809 - bmalloc: add logging for mmap() failures
<http://webkit.org/b/155409>
<rdar://problem/24568515>

Reviewed by Saam Barati.

This patch causes additional logging to be generated on internal
iOS builds when mmap() fails. We are trying to track down an
issue where the WebContent process runs out of VM address space
before it is killed by jetsam.

  • CMakeLists.txt: Add Logging.cpp.
  • bmalloc.xcodeproj/project.pbxproj: Add new files.
  • bmalloc/BAssert.h:

(RELEASE_BASSERT_WITH_MESSAGE): Add macro.

  • bmalloc/Logging.cpp: Added.

(bmalloc::logVMFailure): Implementation.

  • bmalloc/Logging.h: Added.

(bmalloc::logVMFailure): Declaration.

  • bmalloc/VMAllocate.h:

(bmalloc::tryVMAllocate): Call logVMFailure() on mmap() failure.

  • bmalloc/darwin/BSoftLinking.h: Copied from Source/WebCore/platform/mac/SoftLinking.h.
2:37 AM Changeset in webkit [199448] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198680 - bmalloc: stress_aligned fails when allocating a zero-sized object with XLarge alignment
https://bugs.webkit.org/show_bug.cgi?id=155896

Reviewed by Andreas Kling.

We normally filter zero-sized allocations into small allocations, but
a zero-sized allocation can sneak through if it requires sufficiently
large alignment.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::tryAllocateXLarge): Set a floor on allocation size to
catch zero-sized allocations.

2:37 AM Changeset in webkit [199447] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198693 - Unreviewed, try to fix a crash seen on the bots.

  • bmalloc/Allocator.cpp: (bmalloc::Allocator::reallocate): We have to take the lock even if we're only reading our own data becuse LargeObject contains validation code that will read our neighbors' data as well.
2:37 AM Changeset in webkit [199446] by Carlos Garcia Campos
  • 15 edits
    1 move
    1 delete in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198679 - bmalloc: Renamed LargeChunk => Chunk
https://bugs.webkit.org/show_bug.cgi?id=155894

Reviewed by Michael Saboff.

A Chunk can contain both small and large objects now.

  • bmalloc.xcodeproj/project.pbxproj:
  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::allocate):

  • bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::isFree):

  • bmalloc/Chunk.h: Copied from Source/bmalloc/bmalloc/LargeChunk.h.

(bmalloc::Chunk::pages):
(bmalloc::Chunk::begin):
(bmalloc::Chunk::end):
(bmalloc::Chunk::Chunk):
(bmalloc::Chunk::get):
(bmalloc::Chunk::beginTag):
(bmalloc::Chunk::endTag):
(bmalloc::Chunk::offset):
(bmalloc::Chunk::object):
(bmalloc::Chunk::page):
(bmalloc::Chunk::line):
(bmalloc::SmallLine::begin):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Object::Object):
(bmalloc::Object::begin):
(bmalloc::LargeChunk::pages): Deleted.
(bmalloc::LargeChunk::begin): Deleted.
(bmalloc::LargeChunk::end): Deleted.
(bmalloc::LargeChunk::LargeChunk): Deleted.
(bmalloc::LargeChunk::get): Deleted.
(bmalloc::LargeChunk::beginTag): Deleted.
(bmalloc::LargeChunk::endTag): Deleted.
(bmalloc::LargeChunk::offset): Deleted.
(bmalloc::LargeChunk::object): Deleted.
(bmalloc::LargeChunk::page): Deleted.
(bmalloc::LargeChunk::line): Deleted.

  • bmalloc/Deallocator.cpp:
  • bmalloc/FreeList.cpp:
  • bmalloc/Heap.cpp:

(bmalloc::Heap::allocateLarge):

  • bmalloc/LargeChunk.h: Removed.
  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::LargeObject):
(bmalloc::LargeObject::merge):
(bmalloc::LargeObject::split):

  • bmalloc/Object.h:

(bmalloc::Object::chunk):

  • bmalloc/ObjectType.cpp:
  • bmalloc/Sizes.h:
  • bmalloc/SmallAllocator.h: Removed.
  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateChunk):
(bmalloc::VMHeap::allocateLargeChunk): Deleted.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateLargeObject):

  • bmalloc/Zone.cpp:

(bmalloc::enumerator):

  • bmalloc/Zone.h:

(bmalloc::Zone::chunks):
(bmalloc::Zone::addChunk):
(bmalloc::Zone::largeChunks): Deleted.
(bmalloc::Zone::addLargeChunk): Deleted.

2:36 AM Changeset in webkit [199445] by Carlos Garcia Campos
  • 19 edits
    2 deletes in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198675 - bmalloc: small and large objects should share memory
https://bugs.webkit.org/show_bug.cgi?id=155866

Reviewed by Andreas Kling.

This patch cuts our VM footprint in half. (VM footprint usually doesn't
matter, but on iOS there's an artificial VM limit around 700MB, and if
you hit it you jetsam / crash.)

It's also a step toward honoring the hardware page size at runtime,
which will reduce memory usage on iOS.

This patch is a small improvement in peak memory usage because it allows
small and large objects to recycle each other's memory. The tradeoff is
that we require more metadata, which causes more memory usage after
shrinking down from peak memory usage. In the end, we have some memory
wins and some losses, and a small win in the mean on our standard memory
benchmarks.

  • bmalloc.xcodeproj/project.pbxproj: Removed SuperChunk.
  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate): Adopt a new Heap API for shrinking
large objects because it's a little more complicated than it used to be.

Don't check for equality in the XLarge case because we don't do it in
other cases, and it's unlikely that we'll be called for no reason.

  • bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::allocate): Don't ASSERT isSmall because that's
an old concept from when small and large objects were in distinct memory
regions.

  • bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::deallocateSlowCase): Large objects are not
segregated anymore.

(bmalloc::Deallocator::deallocateLarge): Deleted.

  • bmalloc/Deallocator.h:

(bmalloc::Deallocator::deallocateFastCase): Don't ASSERT isSmall(). See
above.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPage):
(bmalloc::Heap::scavengeSmallPages): New helpers for returning cached
small pages to the large object heap.

(bmalloc::Heap::allocateSmallPage): Allocate small pages from the large
object heap. This is how we accomplish sharing.

(bmalloc::Heap::deallocateSmallLine): Handle large objects since we can
encounter them on this code path now.

(bmalloc::Heap::splitAndAllocate): Fixed a bug where we would sometimes
not split even though we could.

Allocating a large object also requires ref'ing its small line so that
we can alias memory between small and large objects.

(bmalloc::Heap::allocateLarge): Return cached small pages before
allocating a large object that would fit in a cached small page. This
allows some large allocations to reuse small object memory.

(bmalloc::Heap::shrinkLarge): New helper.

(bmalloc::Heap::deallocateLarge): Deleted.

  • bmalloc/Heap.h:
  • bmalloc/LargeChunk.h:

(bmalloc::LargeChunk::pageBegin):
(bmalloc::LargeChunk::pageEnd):
(bmalloc::LargeChunk::lines):
(bmalloc::LargeChunk::pages):
(bmalloc::LargeChunk::begin):
(bmalloc::LargeChunk::end):
(bmalloc::LargeChunk::LargeChunk):
(bmalloc::LargeChunk::get):
(bmalloc::LargeChunk::endTag):
(bmalloc::LargeChunk::offset):
(bmalloc::LargeChunk::object):
(bmalloc::LargeChunk::page):
(bmalloc::LargeChunk::line):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Object::Object):
(bmalloc::Object::begin):
(bmalloc::Object::pageBegin):
(bmalloc::Object::line):
(bmalloc::Object::page): I merged all the SmallChunk metadata and code
into LargeChunk. Now we use a single class to track both small and large
metadata, so we can share memory between small and large objects.

I'm going to rename this class to Chunk in a follow-up patch.

  • bmalloc/Object.h:

(bmalloc::Object::chunk): Updated for LargeChunk transition.

  • bmalloc/ObjectType.cpp:

(bmalloc::objectType):

  • bmalloc/ObjectType.h:

(bmalloc::isXLarge):
(bmalloc::isSmall): Deleted. The difference between small and large
objects is now stored in metadata and is not a property of their
virtual address range.

  • bmalloc/SegregatedFreeList.h: One more entry because we cover all of

what used to be the super chunk in a large chunk now.

  • bmalloc/Sizes.h: Removed bit masking helpers because we don't use

address masks to distinguish small vs large object type anymore.

  • bmalloc/SmallChunk.h: Removed.
  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage): Store object type per page because any
given page can be used for large objects or small objects.

  • bmalloc/SuperChunk.h: Removed.
  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateLargeChunk):
(bmalloc::VMHeap::allocateSmallChunk): Deleted.
(bmalloc::VMHeap::allocateSuperChunk): Deleted.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateLargeObject):
(bmalloc::VMHeap::allocateSmallPage): Deleted.
(bmalloc::VMHeap::deallocateSmallPage): Deleted. Removed super chunk and
small chunk support.

  • bmalloc/Zone.cpp:

(bmalloc::enumerator):

  • bmalloc/Zone.h:

(bmalloc::Zone::largeChunks):
(bmalloc::Zone::addLargeChunk):
(bmalloc::Zone::superChunks): Deleted.
(bmalloc::Zone::addSuperChunk): Deleted. Removed super chunk and
small chunk support.

2:26 AM Changeset in webkit [199444] by rniwa@webkit.org
  • 9 edits
    2 adds in trunk/Websites/perf.webkit.org

Add a summary page to v3 UI
https://bugs.webkit.org/show_bug.cgi?id=156531

Reviewed by Stephanie Lewis.

Add new "Summary" page, which shows the average difference (better or worse) from the baseline across
multiple platforms and tests by a single number.

  • public/include/manifest.php:

(ManifestGenerator::generate): Include "summary" in manifest.json.

  • public/shared/statistics.js:

(Statistics.mean): Added.
(Statistics.median): Added.

  • public/v3/components/ratio-bar-graph.js: Added.

(RatioBarGraph): Shows a horizontal bar graph that visualizes the relative difference (e.g. 3% better).
(RatioBarGraph.prototype.update):
(RatioBarGraph.prototype.render):
(RatioBarGraph.cssTemplate):
(RatioBarGraph.htmlTemplate):

  • public/v3/index.html:
  • public/v3/main.js:

(main): Instantiate SummaryPage and add it to the navigation bar and the router.

  • public/v3/models/manifest.js:

(Manifest._didFetchManifest): Let "summary" pass through from manifest.json to main().

  • public/v3/models/measurement-set.js:

(MeasurementSet.prototype._failedToFetchJSON): Invoke the callback with an error or true in order for
the callback can detect a failure.
(MeasurementSet.prototype._invokeCallbacks): Ditto.

  • public/v3/pages/charts-page.js:

(ChartsPage.createStateForConfigurationList): Added to add a hyperlink from summary page to charts page.

  • public/v3/pages/summary-page.js: Added.

(SummaryPage): Added.
(SummaryPage.prototype.routeName): Added.
(SummaryPage.prototype.open): Added.
(SummaryPage.prototype.render): Added.
(SummaryPage.prototype._createConfigurationGroupAndStartFetchingData): Added.
(SummaryPage.prototype._constructTable): Added.
(SummaryPage.prototype._constructRatioGraph): Added.
(SummaryPage.htmlTemplate): Added.
(SummaryPage.cssTemplate): Added.
(SummaryPageConfigurationGroup): Added. Represents a set of platforms and tests shown in a single cell.
(SummaryPageConfigurationGroup.prototype.ratio): Added.
(SummaryPageConfigurationGroup.prototype.label): Added.
(SummaryPageConfigurationGroup.prototype.changeType): Added.
(SummaryPageConfigurationGroup.prototype.configurationList): Added.
(SummaryPageConfigurationGroup.prototype.fetchAndComputeSummary): Added.
(SummaryPageConfigurationGroup.prototype._computeSummary): Added.
(SummaryPageConfigurationGroup.prototype._fetchAndComputeRatio): Added. Invoked for each time series in
the set, and stores the computed ratio of the current values to the baseline in this._setToRatio.
The results are aggregated by _computeSummary as a single number later.
(SummaryPageConfigurationGroup._medianForTimeRange): Added.
(SummaryPageConfigurationGroup._fetchData): A thin wrapper to make MeasurementSet.fetchBetween promise
friendly since MeasurementSet doesn't support Promise at the moment (but it should!).

  • server-tests/api-manifest.js: Updated a test case.
2:20 AM Changeset in webkit [199443] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r198629 - Fix null dereferencing in NetworkLoad::continueCanAuthenticateAgainstProtectionSpace
https://bugs.webkit.org/show_bug.cgi?id=155799
rdar://25289012

Reviewed by Tim Horton.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
Null-check all the things!

2:19 AM Changeset in webkit [199442] by Carlos Garcia Campos
  • 9 edits
    1 copy in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198606 - bmalloc: Added an Object helper class
https://bugs.webkit.org/show_bug.cgi?id=155818

Reviewed by Gavin Barraclough.

Object is an abstraction that breaks out a void* into its component
metadata pointers.

This is slightly faster than recomputing them, and it enables a future
patch in which Object will tell us whether it is small or large.

  • bmalloc.xcodeproj/project.pbxproj: Added to the project.
  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate): Use Object to compute size.

  • bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::processObjectLog):

  • bmalloc/Heap.cpp:

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::deallocateSmallLine):

  • bmalloc/Heap.h:

(bmalloc::Heap::derefSmallLine): Use Object to deallocate.

  • bmalloc/Object.h: Added.

(bmalloc::Object::Object):
(bmalloc::Object::chunk):
(bmalloc::Object::line):
(bmalloc::Object::page): Helper class to break out a void* into its
component metadata pointers.

  • bmalloc/SmallChunk.h:

(bmalloc::SmallChunk::SmallChunk): SmallPage::get doesn't exist anymore
so we use our new helper functions instead.

(bmalloc::SmallChunk::offset):
(bmalloc::SmallChunk::object):
(bmalloc::SmallChunk::page):
(bmalloc::SmallChunk::line):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::begin): New helpers that operate on the data
stored in Object.

(bmalloc::SmallLine::get): Deleted.
(bmalloc::SmallPage::get): Deleted.

  • bmalloc/SmallLine.h:

(bmalloc::SmallLine::refCount): Added a default ref value for convenience.

  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage):

2:17 AM Changeset in webkit [199441] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198597 - ASSERTION FAILED: y2 >= y1 in WebCore::RenderElement::drawLineForBoxSide
https://bugs.webkit.org/show_bug.cgi?id=155791

Reviewed by Simon Fraser.

With certain combination of border rect and adjacent width, we could end up with an empty final rect.
This patch ensures that we don't try to paint this empty rect.

Source/WebCore:

Test: fast/borders/empty-outline-border-assert.html

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::drawLineForBoxSide):

LayoutTests:

  • fast/borders/empty-outline-border-assert-expected.txt: Added.
  • fast/borders/empty-outline-border-assert.html: Added.
2:16 AM Changeset in webkit [199440] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198594 - bmalloc: process the object log before asking for new memory
https://bugs.webkit.org/show_bug.cgi?id=155801

Reviewed by Gavin Barraclough.

This is a step toward merging large and small objects: In future, if we
have large objects in the log, we need to process them right away to
avoid pushing up peak memory use.

But it also appears to be a speedup and memory use improvement now.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::allocate):
(bmalloc::Allocator::refillAllocatorSlowCase):
(bmalloc::Allocator::allocateLarge): Process the log before asking for
more memory.

  • bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::processObjectLog):
(bmalloc::Deallocator::deallocateSlowCase):

  • bmalloc/Deallocator.h: Provide a public API for processing the object log.
  • bmalloc/Heap.cpp:

(bmalloc::Heap::allocateSmallPage): Pop fragmented pages from the front
instead of from the back. This resolves a regression on tree_churn
--parallel. Popping from the front gives us the oldest pages. The oldest
pages have had the most time to accumulate free lines. They are therefore
the least fragmented on average.

  • bmalloc/List.h:

(bmalloc::List::popFront):
(bmalloc::List::insertAfter): New API to pop from front.

2:15 AM Changeset in webkit [199439] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198588 - [WebGL] Non-power-of-two texture optimization
https://bugs.webkit.org/show_bug.cgi?id=118409

Reviewed by Dean Jackson.

Source/WebCore:

Based on a patch by Przemyslaw Szymanski <p.szymanski3@samsung.com>

This patch optimizes usage of handleNPOTTextures. We do not need to
iterate over each texture unit if no black textures were set. This
optimization provides a few more frames per seconds for certain
draw calls.

Tested by:
(1) Existing tests: webgl/resources/webgl_test_files/conformance/textures/texture-npot.html
(2) New test case: fast/canvas/webgl/texture-alternating-npot.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::compressedTexImage2D): Use new helper method.
(WebCore::WebGLRenderingContextBase::validateNPOTTextureLevel): Added.
(WebCore::WebGLRenderingContextBase::drawArrays): Only check texture completeness
if a black texture was used.
(WebCore::WebGLRenderingContextBase::drawElements): Ditto.
(WebCore::WebGLRenderingContextBase::texImage2DBase): Use new helper method.
(WebCore::WebGLRenderingContextBase::validateTexFunc): Ditto.
(WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Return flag to indicate
if a black fallbacktexture was used.

  • html/canvas/WebGLRenderingContextBase.h:

LayoutTests:

  • fast/canvas/webgl/texture-alternating-npot-expected.txt: Added.
  • fast/canvas/webgl/texture-alternating-npot.html: Added.
2:13 AM Changeset in webkit [199438] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198584 - Share style by sharing RenderStyle substructures not the object itself
https://bugs.webkit.org/show_bug.cgi?id=155787

Reviewed by Anreas Kling.

The current approach where we share RenderStyle objects between elements leads to lot of awkward and bug-prone code.
Most of the RenderStyle consists of shareable substructures. It is better to just share those.

With this patch we create shared styles with RenderStyle::clone(). Sharing is traced as state in Style::SharingResolver
instead of relying on RenderStyle equality to locate potential sharing cousins.

  • rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::operator==):

m_altText was missing from operator==
This was exposed by TreeResolver::resolveElement change, tested by fast/css/alt-inherit-initial.html

  • style/StyleSharingResolver.cpp:

(WebCore::Style::elementHasDirectionAuto):
(WebCore::Style::SharingResolver::resolve):

Save share results to a map.

(WebCore::Style::SharingResolver::findSibling):
(WebCore::Style::SharingResolver::locateCousinList):

Instead of traversing we can now just do a hash lookup to locate a candidate cousin list.
There is no need for recursion anymore, the map covers sharing beyond immediate siblings too.
Remove most tests here as they have been already covered when sharing occured.

(WebCore::Style::canShareStyleWithControl):

  • style/StyleSharingResolver.h:
  • style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):
(WebCore::Style::TreeResolver::resolveElement):

No need to do forced setting anymore just to support style sharing.

2:11 AM Changeset in webkit [199437] by Carlos Garcia Campos
  • 4 edits
    4 adds in releases/WebKitGTK/webkit-2.12

Merge r198575 - showModalDialog code runs with “first window” set to wrong window
https://bugs.webkit.org/show_bug.cgi?id=155710

Source/WebCore:

Reviewed by Brent Fulgham.

Test: http/tests/security/cross-origin-modal-dialog-base.html

  • page/Chrome.cpp:

(WebCore::Chrome::runModal): Null out entryScope so that the "first window"
checks inside the modal dialog won't run in the context of the original window
that presented the dialog.

LayoutTests:

Test by John Wilander.

Reviewed by Brent Fulgham.

  • http/tests/security/cross-origin-modal-dialog-base-expected.txt: Added.
  • http/tests/security/cross-origin-modal-dialog-base.html: Added.
  • http/tests/security/resources/cross-origin-modal-dialog-base-1.html: Added.
  • http/tests/security/resources/cross-origin-modal-dialog-base-2.html: Added.
  • platform/wk2/TestExpectations: Skip test until we get better showModalDialog support.
2:09 AM Changeset in webkit [199436] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198574 - userSpaceOnUse patterns are not stroked for empty object bounding box elements
https://bugs.webkit.org/show_bug.cgi?id=109758

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-03-22
Reviewed by Brent Fulgham.
Source/WebCore:

Checking whether the patternUnits is objectBoundingBox needs to be done
after calling collectPatternAttributes(). Otherwise the default value
will be always checked which is 'objectBoundingBox'.

Tests: svg/custom/pattern-units-fill-stroke.svg

  • rendering/svg/RenderSVGResourcePattern.cpp:

(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):

LayoutTests:

Ensure the SVG pattern is drawn correctly if it is used as a stroke for
empty objectBoundingBox elements.

  • svg/custom/pattern-units-fill-stroke-expected.svg: Added.
  • svg/custom/pattern-units-fill-stroke.svg: Added.
1:54 AM Changeset in webkit [199435] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198571 - bmalloc: use a log scale for large-ish size classes
https://bugs.webkit.org/show_bug.cgi?id=155770

Reviewed by Michael Saboff.

At larger sizes, precise allocation sizes don't save much memory -- and
they can cost memory when objects of distinct size classes can't
allocate together.

This is a small savings up to our current allocation limits, and it may
enable changing those limits in the long term.

  • bmalloc/Algorithm.h:

(bmalloc::log2): We use this to compute large-ish size classes.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::Allocator): Iterate by size class instead of by
object size so we can change object size limits without breaking stuff.

(bmalloc::Allocator::scavenge): Ditto.

(bmalloc::Allocator::allocateLogSizeClass): New helper function for
allocating based on log size classes.

(bmalloc::Allocator::allocateSlowCase): Account for extra size class
possibilities.

  • bmalloc/Allocator.h:

(bmalloc::Allocator::allocateFastCase): We only handle up to 512b on
the fastest fast path now.

  • bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::validate): Deleted. I noticed that this function
had been refactored not to do anything anymore.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::initializeLineMetadata): Iterate by size class. (See
Allocator::Allocator.)

  • bmalloc/Heap.h: Use the sizeClassCount constant instead of hard coding

things.

  • bmalloc/Sizes.h:

(bmalloc::Sizes::maskSizeClass):
(bmalloc::Sizes::maskObjectSize):
(bmalloc::Sizes::logSizeClass):
(bmalloc::Sizes::logObjectSize):
(bmalloc::Sizes::sizeClass):
(bmalloc::Sizes::objectSize): Separate size class calculation between
simple size classes that can be computed with a mask and are 8-byte-precise
and complex size classes that require more math and are less precise.

  • bmalloc/SmallLine.h:

(bmalloc::SmallLine::ref):

  • bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage):
(bmalloc::SmallPage::ref):
(bmalloc::SmallPage::deref): Cleaned up some ASSERTs that triggered
while working on this patch.

  • bmalloc/Zone.cpp:

(bmalloc::statistics):
(bmalloc::zoneSize):
(bmalloc::Zone::Zone):
(bmalloc::size): Deleted. Renamed these symbols to work around an lldb
bug that makes it impossible to print out variables named 'size' -- which
can be a problem when working on malloc.

1:52 AM Changeset in webkit [199434] by Carlos Garcia Campos
  • 7 edits
    1 copy
    2 moves
    21 adds in releases/WebKitGTK/webkit-2.12

Merge r198561 - Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
https://bugs.webkit.org/show_bug.cgi?id=82714

Patch by John Wilander <wilander@apple.com> on 2016-03-22
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html

http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html
http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html
http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html

  • Modules/websockets/WebSocketHandshake.cpp:

(WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
(WebCore::headerHasValidHTTPVersion):

  • Check for HTTP version 1.1 and above.

(WebCore::WebSocketHandshake::readStatusLine):

  • Only allow ASCII characters in status line.
  • Only allow HTTP version 1.1 and above in status line.

(WebCore::WebSocketHandshake::readHTTPHeaders):

  • Only allow ASCII characters in values for new HTTP headers.

LayoutTests:

  • http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt: Removed.
    • See comment below on the associated HTML file.
  • http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
  • http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html: Added.
    • Uses PHP to respond with an HTTP 1.1 404. The old (now removed) test case failed once we restricted WebSockets to HTTP 1.1 and above because the test server responded with an HTTP 1.0 404 for non-existing files.
  • http/tests/websocket/tests/hybi/error-event-ready-state.html: Removed.
    • This test case was renamed "error-event-ready-state-non-existent-url-with-server-responding-404" to make it clear it now relies on a server responding with HTTP 1.1 404.
  • http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for lower than HTTP 1.1 versions.
  • http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt:
  • http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt:
  • http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt:
    • Updated to pass with lowercase 'must not' in the failure reason.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Accept.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Extensions.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Protocol.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for non-ASCII characters in HTTP status line.
  • http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html: Added.
  • http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for null character in the middle of the HTTP status line.
  • http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py:

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • This test case was changed to prepend a null character to the actual status line. Previously it used a WebSockets frame with a prepended null before the status line. The Python WebSockets lib uses non-ASCII characters in that frame which meant the test case hit the non-ASCII check before the null check. It was confusing to me that the description and intent of the test was to run with a null in the status line, not in a frame before the status line. I believe the changed test case better reflects the intention of the test.
  • http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
  • http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html: Added.
  • http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

  • Test case for HTTP versions higher than 1.1.
  • http/tests/websocket/tests/hybi/resources/status-404-without-body.php: Added.
    • To use with the error-event-ready-state-non-existent-url-with-server-responding-404.html test described above.
1:47 AM Changeset in webkit [199433] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r198545 - bmalloc: shrink largeMax
https://bugs.webkit.org/show_bug.cgi?id=155759

Reviewed by Michael Saboff.

If a largeChunk contains N bytes and we allocate objects of size
N / 2 + 8 bytes, then we waste 50% of physical memory at peak.

This patch sets largeMax to N / 2, reducing maximum waste to 25%.

  • bmalloc/BoundaryTag.h:
  • bmalloc/LargeChunk.h:

(bmalloc::LargeChunk::LargeChunk):

  • bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert): Honor largeMax vs largeObjectMax.

  • bmalloc/Sizes.h: Distinguish between the largest thing we can store

in a free list (largeObjectMax) and the largest thing we're willing to
allocate (largeMax).

1:46 AM Changeset in webkit [199432] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198542 - Add null check in CachedResourceLoader::determineRevalidationPolicy
https://bugs.webkit.org/show_bug.cgi?id=155758
rdar://problem/25108408

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-22
Reviewed by Jer Noble.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::frame):
(WebCore::CachedResourceLoader::determineRevalidationPolicy):
Null-check frame() before dereferencing it.

1:43 AM Changeset in webkit [199431] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r198530 - SharedBuffer::copy() can cause a segmentation fault.
https://bugs.webkit.org/show_bug.cgi?id=155739

Reviewed by Ryosuke Niwa.

Based on a Blink patch by Huang Dongsung <luxtella@company100.net>.
<https://src.chromium.org/viewvc/blink?revision=153850&view=revision>

After SharedBuffer::copy(), SharedBuffer::append() can cause segmentation fault,
because copy() calls clone->m_buffer.append(m_segments[i], segmentSize) even if
'i' is the last index. The data size of m_segments.last() is often less than
segmentSize. So, in the cloned instance m_size < (m_buffer.size() + SUM(m_segments[i].size())).
This patch appends the exact size of the last segment instead of segmentSize.

Tested by TestWebKitAPI SharedBufferTest::copy

  • platform/SharedBuffer.cpp:

(SharedBuffer::copy):

Tools:
[Win] SharedBuffer::copy() can cause a segmentation fault.
https://bugs.webkit.org/show_bug.cgi?id=155739

Reviewed by Ryosuke Niwa.

  • TestWebKitAPI/PlatformWin.cmake: Build and run the

SharedBuffer tests.

1:41 AM Changeset in webkit [199430] by Carlos Garcia Campos
  • 33 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r198527 - Unreviewed typo fix.

  • src/compiler/translator/InfoSink.cpp:

(TInfoSinkBase::prefix): "UNKOWN" => "UNKOWN".

Source/WebCore:
Unreviewed typo fix.

  • platform/gtk/LocalizedStringsGtk.cpp:

(WebCore::textTrackAutomaticMenuItemText): "choosen" => "chosen"

Source/WebCore/platform/gtk/po:
Unreviewed typo fix "choosen" => "chosen"

  • as.po:
  • bg.po:
  • ca.po:
  • de.po:
  • en_GB.po:
  • es.po:
  • fr.po:
  • gl.po:
  • gu.po:
  • he.po:
  • hi.po:
  • it.po:
  • ja.po:
  • kn.po:
  • mr.po:
  • nl.po:
  • or.po:
  • pl.po:
  • pt_BR.po:
  • sl.po:
  • sv.po:
  • ta.po:
  • te.po:
  • tr.po:

Source/WebKit2:
Unreviewed typo fixes.

  • Shared/linux/WebMemorySamplerLinux.cpp:

(WebKit::WebMemorySampler::sampleWebKit): "Commited" => "Committed"

  • UIProcess/API/gtk/WebKitFileChooserRequest.cpp:

(webkit_file_chooser_request_select_files): "choosen" => "chosen"

  • UIProcess/API/gtk/WebKitUserMediaPermissionRequest.cpp:

(webkit_user_media_permission_request_class_init): "Wether" => "Whether"

1:38 AM Changeset in webkit [199429] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198521 - [TextureMapper] Destructing TextureMapperLayer should clean up its effect target
https://bugs.webkit.org/show_bug.cgi?id=155718

Reviewed by Darin Adler.

TextureMapperLayer destructor should, in case of non-null effect target,
null out the effect target's mask and replica layer pointers if those
pointers point to the TextureMapperLayer object that's being destroyed,
avoiding use-after-free occurrences.

  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::~TextureMapperLayer):

1:37 AM Changeset in webkit [199428] by Antti Koivisto
  • 1 edit
    2 adds in trunk/LayoutTests

Crash at com.apple.JavaScriptCore: bool WTF::startsWith<WTF::StringImpl, WTF::StringImpl> + 8
https://bugs.webkit.org/show_bug.cgi?id=156512
rdar://problem/24220567

Reviewed by Benjamin Poulain.

Land a test that verifies that setting attr to null does not crash with attribute selectors.
This was fixed by http://trac.webkit.org/changeset/199392.

  • fast/css/attribute-selector-null-crash-expected.html: Added.
  • fast/css/attribute-selector-null-crash.html: Added.
1:36 AM Changeset in webkit [199427] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198506 - WebCore::RenderTableCell::setCol should put a cap on the column value.
https://bugs.webkit.org/show_bug.cgi?id=155642
<rdar://problem/15895201>

Reviewed by Simon Fraser.

This patch ensures that we don't crash when the column number is large enough.
see webkit.org/b/71135 for more information.

Source/WebCore:

Test: tables/colspan-with-large-value-crash.html

  • rendering/RenderTableCell.h:

(WebCore::RenderTableCell::setCol):

LayoutTests:

  • tables/colspan-with-large-value-crash-expected.txt: Added.
  • tables/colspan-with-large-value-crash.html: Added.
1:32 AM Changeset in webkit [199426] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198498 - Very flashy scrolling on http://quellish.tumblr.com page
https://bugs.webkit.org/show_bug.cgi?id=155728
rdar://problem/22299375

Reviewed by Zalan Bujtas.

http://quellish.tumblr.com/post/126712999812/how-on-earth-the-facebook-ios-application-is-so
has many elements that are nested inside elements with non-equal corner radius clipping.
This requires building bezier paths for the rounded-rect clip which is expensive.

For many rows of the table, we can avoid the rounded-rect clipping because the intersection
of the paintDirtyRect and the clip is actually rectangular.

  • platform/graphics/FloatRoundedRect.cpp:

(WebCore::FloatRoundedRect::intersectionIsRectangular):

  • platform/graphics/FloatRoundedRect.h:
  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::clipToRect):

1:24 AM Changeset in webkit [199425] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.12

Merge r198482 - The setter of binaryType attribute in WebSocket should raise the exception.
https://bugs.webkit.org/show_bug.cgi?id=135874

Patch by Jinwoo Jeong <jw00.jeong@samsung.com> on 2016-03-20
Reviewed by Antonio Gomes.

Source/WebCore:

According to W3C WebSocket Specification, <https://www.w3.org/TR/2012/CR-websockets-20120920/>
when an invalid value is set on binaryType of WebSocket, a SyntaxError should be raised.

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::setBinaryType): Add a parameter to set an exception.

  • Modules/websockets/WebSocket.h: Ditto.
  • Modules/websockets/WebSocket.idl: Update that setter of binaryType could raise an exception.

LayoutTests:

According to W3C WebSocket Specification, <https://www.w3.org/TR/2012/CR-websockets-20120920/>,
when an invalid value is set on binaryType of WebSocket, a SyntaxError should be raised.

  • http/tests/websocket/tests/hybi/binary-type.html: Catch a syntax exception when binary type is set with invalid values.
1:14 AM Changeset in webkit [199424] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198478 - Crash in stress/regexp-matches-array-slow-put.js due to stomping on memory when having bad time
https://bugs.webkit.org/show_bug.cgi?id=155679

Reviewed by Saam Barati.

Allocate out of line storage based on what the structure says it needs
in JSArray::tryCreateUninitialized.

  • runtime/JSArray.h:

(JSC::JSArray::tryCreateUninitialized):

12:51 AM Changeset in webkit [199423] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198477 - Crash on DFG::WorkList thread in JSC::Heap::isCollecting for destroyed Web Worker
https://bugs.webkit.org/show_bug.cgi?id=155678
<rdar://problem/25251439>

Reviewed by Filip Pizlo.

This fixes a crash that we saw with GuardMalloc. If the Plan was
Cancelled it may not be safe to access the VM. If the Plan was
cancelled we are just going to bail anyways, so keep the ASSERT but
short-circuit if the plan was Cancelled.

  • dfg/DFGWorklist.cpp:

(JSC::DFG::Worklist::runThread):

12:39 AM Changeset in webkit [199422] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198471 - Data URL DecodeTask may get deleted outside main thread
https://bugs.webkit.org/show_bug.cgi?id=155584
rdar://problem/24492104

Reviewed by David Kilzer.

Follow-up: fix a possible null pointer crash.

  • platform/network/DataURLDecoder.cpp:

(WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):

If timer fires under startOneShot m_decodeTask may become zero before schedule() is called.
Fix by copying schedule context to a local before calling startOneShot.

12:37 AM Changeset in webkit [199421] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198451 - ASSERTION FAILED: m_isValid == valid() in WebCore::HTMLFormControlElement::isValidFormControlElement
https://bugs.webkit.org/show_bug.cgi?id=139481

Reviewed by Daniel Bates.

Source/WebCore:

Test: fast/forms/validity-assertion-inserting-into-datalist.html

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::insertedInto): Set the flags that will cause
"will validate" to be recomputed *before* calling willValidate().

LayoutTests:

  • fast/forms/validity-assertion-inserting-into-datalist-expected.txt: Added.
  • fast/forms/validity-assertion-inserting-into-datalist.html: Added.
12:35 AM Changeset in webkit [199420] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r198439 - Local file restrictions should not block sessionStorage access
https://bugs.webkit.org/show_bug.cgi?id=155609
<rdar://problem/25229461>

Reviewed by Andy Estes.

Source/WebCore:

Use of 'sesssionStorage' is governed by SecurityOrigin with third party access
set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
reject local files for this combination of arguments.

Test: storage/domstorage/sessionstorage/blocked-file-access.html

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
allow local file access.

LayoutTests:

  • storage/domstorage/sessionstorage/blocked-file-access-expected.txt: Added.
  • storage/domstorage/sessionstorage/blocked-file-access.html: Added.
  • storage/domstorage/sessionstorage/resources/blocked-example.html: Added.
12:32 AM Changeset in webkit [199419] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r198429 - Protect against excessive cache traversal
https://bugs.webkit.org/show_bug.cgi?id=155635
rdar://problem/24241008

Reviewed by Darin Adler.

We can't handle unlimited number of parallel cache traversal requests from the client.
We'll run out of dispatch queues and other system resources. CPU will spin.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::traverse):

Add limit of maximum 3 traversals. When exceeded return nothing and log an error.

  • NetworkProcess/cache/NetworkCache.h:
12:30 AM Changeset in webkit [199418] by Carlos Garcia Campos
  • 8 edits
    11 adds in releases/WebKitGTK/webkit-2.12

Merge r198395 - crossorigin element resource loading should check HTTP redirection
https://bugs.webkit.org/show_bug.cgi?id=130578

Reviewed by Daniel Bates and Brent Fulgham.

Source/WebCore:

Moved part of DocumentThreadableLoader redirection cross origin control code
into functions in CrossOriginAccessControl.cpp. Added cross origin control for
redirections in SubResourceLoader when policy is set to PotentiallyCrossOriginEnabled
using CrossOriginAccessControl.cpp new functions. Added a new test that checks that
cross-origin redirections are checked against CORS.

Test: http/tests/security/shape-image-cors-redirect.html

  • loader/CrossOriginAccessControl.cpp:

(WebCore::isValidCrossOriginRedirectionURL): Returns true if the redirected URL is a valid URL for cross-origin requests.
(WebCore::cleanRedirectedRequestForAccessControl): Removes all headers added by the network backend that may cause the response CORS validation to fail.

  • loader/CrossOriginAccessControl.h: Added above function prototypes.
  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived): Used new CORS redirection methods of CrossOriginAccessControl.cpp.

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::init): Initialize the SecurityOrigin to be used for loading the resource.
(WebCore::SubresourceLoader::willSendRequest): Added cross-origin redirection response check.
(WebCore::SubresourceLoader::checkCrossOriginAccessControl): Checks CORS and update request if needed. Returns true if control checks passed.

  • loader/SubresourceLoader.h: Added checkCrossOriginAccessControl declaration and m_origin declaration.

LayoutTests:

shape-image-cors-redirect.html checks that cross-origin redirections are checked against CORS.
It also checks that same-origin redirections are not checked against CORS.

  • http/tests/security/resources/redirect-allow-star.php: Added.
  • http/tests/security/shape-image-cors-redirect-expected.html: Added.
  • http/tests/security/shape-image-cors-redirect.html: Added.
12:25 AM Changeset in webkit [199417] by Carlos Garcia Campos
  • 8 edits
    247 copies
    737 moves
    2 adds
    245 deletes in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r198394 - Move IndexedDB regular test to web-platform-tests
https://bugs.webkit.org/show_bug.cgi?id=155581

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Moving regular IndexedDB tests from LayoutTests/imported/w3c/indexeddb to LayoutTests/imported/w3c/web-platform-tests/IndexedDB.
Moving private browsing IndexedDB tests from LayoutTests/imported/w3c/indexeddb to LayoutTests/imported/w3c/IndexedDB-private-browsing.
Removed private prefix from private browsing IndexedDB tests since they are stored in their own folder.

Modified support.js to remove unnecessary calls to testRunner API.
Modified also IndexedDB-private-browsing/support.js to always activate testRunner private browsing mode.

LayoutTests:

Renaming indexeddb test expectation according new path and directory name.

  • TestExpectations:
  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator-wk1/TestExpectations:
  • platform/mac-wk2/TestExpectations:
  • platform/win/TestExpectations:

Apr 12, 2016:

11:53 PM Changeset in webkit [199416] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198387 - Data URL DecodeTask may get deleted outside main thread
https://bugs.webkit.org/show_bug.cgi?id=155584
rdar://problem/24492104

Reviewed by Darin Adler.

This is unsafe as it owns strings and other types that are only safe to delete in the main thread.

There is a race between deref in dispatch() and deref in timerFired(). If the timer fires before dispatch()
exits the implicit deref will trigger deletion of DecodingResultDispatcher in the dispatching thread.

(WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

Fix by clearing m_decodeTask when the timer fires.

11:51 PM Changeset in webkit [199415] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198377 - [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
https://bugs.webkit.org/show_bug.cgi?id=155624
<rdar://problem/25219962>

Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=201803&view=revision>

Source/WebCore:

Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html

  • html/parser/XSSAuditor.cpp:

(WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.

LayoutTests:

  • http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
  • http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.
11:48 PM Changeset in webkit [199414] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198374 - Images in feed on ebay.com jiggle when one is hovered
https://bugs.webkit.org/show_bug.cgi?id=155608
<rdar://problem/25160681>

The content offset in compositing layer = subpixel gap between the graphics layer and the layer bounds + layer bounds top left.

Reviewed by Simon Fraser.

Source/WebCore:

Test: compositing/hidpi-viewport-clipping-on-composited-content.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):
(WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):

  • rendering/RenderLayerBacking.h:

LayoutTests:

  • compositing/hidpi-viewport-clipping-on-composited-content-expected.html: Added.
  • compositing/hidpi-viewport-clipping-on-composited-content.html: Added.
11:47 PM Changeset in webkit [199413] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198372 - Don't initiate a style recall while drawing text
https://bugs.webkit.org/show_bug.cgi?id=155618

Patch by Zalan Bujtas <Alan Bujtas> on 2016-03-17
Reviewed by Simon Fraser.

This patch ensures that we don't initiate a style recalc while in the middle of text drawing.

Source/WebCore:

Test: fast/canvas/crash-while-resizing-canvas.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawTextInternal):

LayoutTests:

  • fast/canvas/crash-while-resizing-canvas-expected.txt: Added.
  • fast/canvas/crash-while-resizing-canvas.html: Added.
11:46 PM Changeset in webkit [199412] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198370 - Improve some metadata tests
https://bugs.webkit.org/show_bug.cgi?id=155616

Patch by Eric Carlson <eric.carlson@apple.com> on 2016-03-17
Reviewed by Saam Barati.

  • html/track/DataCue.cpp:

(WebCore::DataCue::DataCue):
(WebCore::DataCue::setData):

11:45 PM Changeset in webkit [199411] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198361 - Some media tests are flaky.
https://bugs.webkit.org/show_bug.cgi?id=155614

Reviewed by Eric Carlson.

  • html/track/TextTrack.cpp:

(WebCore::TextTrack::~TextTrack):

11:44 PM Changeset in webkit [199410] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r198357 - Don't try to restore deleted MemoryIndexes if their owning object store is not restored.
https://bugs.webkit.org/show_bug.cgi?id=155068

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/deleteindex-4-private.html

  • Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):

LayoutTests:

  • storage/indexeddb/modern/deleteindex-4-private-expected.txt: Added.
  • storage/indexeddb/modern/deleteindex-4-private.html: Added.
  • storage/indexeddb/modern/resources/deleteindex-4.js: Added.
11:41 PM Changeset in webkit [199409] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WTF

Merge r198345 - Silence leaks in ParkingLot
https://bugs.webkit.org/show_bug.cgi?id=155510

Reviewed by Alexey Proskuryakov.

ParkingLot has a concurrent hashtable that it reallocates on demand. It will not reallocate
it in steady state. The hashtable is sized to accommodate the high watermark of the number
of active threads - so long as the program doesn't just keep starting an unbounded number
of threads that are all active, the hashtable will stop resizing. Each resize operation is
designed to stay out of the way of the data-access-parallel normal path, in which two
threads operating on different lock addresses don't have to synchronize. To do this, it
simply drops the old hashtable without deleting it, so that threads that were still using
it don't crash. They will realize that they have the wrong hashtable before doing anything
bad, but we don't have a way of proving when all of those threads are no longer going to
read from the old hashtables. So, we just leak them.

This is a bounded leak, since the hashtable resizes exponentially. Thus the total memory
utilization of all hashtables, including the leaked ones, converges to a linear function of
the current hashtable's size (it's 2 * size of current hashtable).

But this leak is a problem for leaks tools, which will always report this leak. This is not
useful. It's better to silence the leak. That's what this patch does by ensuring that all
hashtables, including leaked ones, end up in a global vector. This is perf-neutral.

This requires making a StaticWordLock variant of WordLock. That's probably the biggest part
of this change.

  • wtf/ParkingLot.cpp:
  • wtf/WordLock.cpp:

(WTF::WordLockBase::lockSlow):
(WTF::WordLockBase::unlockSlow):
(WTF::WordLock::lockSlow): Deleted.
(WTF::WordLock::unlockSlow): Deleted.

  • wtf/WordLock.h:

(WTF::WordLockBase::lock):
(WTF::WordLockBase::isLocked):
(WTF::WordLock::WordLock):
(WTF::WordLock::lock): Deleted.
(WTF::WordLock::isLocked): Deleted.

11:37 PM Changeset in webkit [199408] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198309 - Subpixel rendering: Directly composited image layers need pixelsnapping.
https://bugs.webkit.org/show_bug.cgi?id=155558

Reviewed by Simon Fraser.

In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
layer bounds for directly composited images.

Source/WebCore:

Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::resetContentsRect):
(WebCore::RenderLayerBacking::updateChildClippingStrategy):
(WebCore::RenderLayerBacking::updateImageContents):

LayoutTests:

  • fast/images/hidpi-directly-composited-image-on-subpixel-position-expected.html: Added.
  • fast/images/hidpi-directly-composited-image-on-subpixel-position.html: Added.
11:35 PM Changeset in webkit [199407] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198305 - Fix assertion failure on drive.google.com after r196052
https://bugs.webkit.org/show_bug.cgi?id=155562

Reviewed by Jer Noble.

  • rendering/RenderGeometryMap.cpp:

(WebCore::RenderGeometryMap::mapToContainer):
Change float equality check to areEssentiallyEqual.
This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
but result was (944.335693, 232.047394). They differ by (0, 0.000015).

11:34 PM Changeset in webkit [199406] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198296 - ASSERTION FAILED: !edge->isPhantomAllocation() in regress/script-tests/sink-huge-activation.js.ftl-eager in debug mode
https://bugs.webkit.org/show_bug.cgi?id=153805

Reviewed by Mark Lam.

The object allocation sinking phase uses InferredValue::isStillValid() in the opposite
way from most clients: it will do an *extra* optimization if it returns false. The
phase will first compute sink candidates and then it will compute materialization
points. If something is a sink candidate then it is not a materialization point. A
NewFunction node may appear as not being a sink candidate during the first pass, so it's
not added to the set of things that will turn into PhantomNewFunction. But on the second
pass where we add materializations, we check isStillValid() again. Now this may become
false, so that second pass thinks that NewFunction is a sink candidate (even though it's
not in the sink candidates set) and so is not a materialization point.

This manifests as the NewFunction referring to a PhantomCreateActivation or whatever.

The solution is to have the phase cache results of calls to isStillValid(). It's OK if
we just remember the result of the first call and assume that it's not a sink candidate.
That's the worst that can happen.

No new tests since this is a super hard race and sink-huge-activation seemed to already
be catching it.

  • dfg/DFGObjectAllocationSinkingPhase.cpp:
11:26 PM Changeset in webkit [199405] by Carlos Garcia Campos
  • 22 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198289 - URL Parsing should signal failure for illegal IDN
https://bugs.webkit.org/show_bug.cgi?id=154945
<rdar://problem/8014795>

Reviewed by Brent Fulgham.

Source/WebCore:

WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
that deal with IDN mapping will now return nil to signal error.

Test: fast/url/invalid-idn.html

  • platform/URL.cpp:

(WebCore::isSchemeFirstChar):
(WebCore::URL::init):
(WebCore::appendEncodedHostname):
(WebCore::encodeHostnames):
(WebCore::encodeRelativeString):

  • platform/mac/WebCoreNSURLExtras.h:
  • platform/mac/WebCoreNSURLExtras.mm:

(WebCore::mapHostNameWithRange):
(WebCore::hostNameNeedsDecodingWithRange):
(WebCore::hostNameNeedsEncodingWithRange):
(WebCore::decodeHostNameWithRange):
(WebCore::encodeHostNameWithRange):
(WebCore::decodeHostName):
(WebCore::encodeHostName):
(WebCore::collectRangesThatNeedMapping):
(WebCore::mapHostNames):
(WebCore::URLWithData):
(WebCore::dataWithUserTypedString):
(WebCore::URLWithUserTypedString):
(WebCore::URLWithUserTypedStringDeprecated):
(WebCore::userVisibleString):

Source/WebKit/ios:

  • Misc/WebNSStringExtrasIOS.m:

(-[NSString _web_possibleURLsForForUserTypedString:]):

  • WebView/WebPDFViewPlaceholder.mm:

(-[WebPDFViewPlaceholder _updateTitleForURL:]):

Source/WebKit/mac:

In this patch, we add new SPIs _webkit_URLWithUserTypedString, _webkit_decodeHostName and
_webkit_encodeHostName which will return nil while dealing with illegal IDN.

Old SPIs _web_URLWithUserTypedString, _web_decodeHostName and _web_encodeHostName are marked
deprecated as they ignore URL parsing failure.

  • History/WebHistoryItem.mm:

(-[WebHistoryItem initFromDictionaryRepresentation:]):

  • Misc/WebKitErrors.m:

(+[NSError _webKitErrorWithCode:failingURL:]):

  • Misc/WebNSFileManagerExtras.mm:

(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):

  • Misc/WebNSPasteboardExtras.mm:

(-[NSPasteboard _web_bestURL]):

  • Misc/WebNSURLExtras.h:
  • Misc/WebNSURLExtras.mm:

(+[NSURL _web_URLWithUserTypedString:]):
(+[NSURL _webkit_URLWithUserTypedString:relativeToURL:]):
(+[NSURL _webkit_URLWithUserTypedString:]):
(-[NSString _web_decodeHostName]):
(-[NSString _web_encodeHostName]):
(-[NSString _webkit_decodeHostName]):
(-[NSString _webkit_encodeHostName]):

  • Panels/WebAuthenticationPanel.m:

(-[WebAuthenticationPanel setUpForChallenge:]):

  • WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::canonicalizeURLString):

Tools:

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]):

  • TestWebKitAPI/Tests/Cocoa/URLExtras.mm:

(TestWebKitAPI::TEST):

LayoutTests:

  • fast/url/host-expected.txt:
  • fast/url/idna2003-expected.txt:
  • fast/url/invalid-idn-expected.txt: Added.
  • fast/url/invalid-idn.html: Added.
11:20 PM Changeset in webkit [199404] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198284 - Don't invalidate style unnecessarily when setting inline style cssText
https://bugs.webkit.org/show_bug.cgi?id=155541
rdar://problem/23318893

Reviewed by Simon Fraser.

Source/WebCore:

We currently invalidate style when cssText is set whether the style declaration changed or not.

Based on a patch by Simon.

Test: fast/css/style-invalidation-inline-csstext.html

  • css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::cssText):
(WebCore::PropertySetCSSStyleDeclaration::setCssText):

Invalidate only if the parsed style changed.

  • css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::parseDeclaration):

Compare the original and new style after parsing, return result.

  • css/StyleProperties.h:

LayoutTests:

  • fast/css/style-invalidation-inline-csstext-expected.txt: Added.
  • fast/css/style-invalidation-inline-csstext.html: Added.
8:57 PM Changeset in webkit [199403] by ap@apple.com
  • 2 edits in trunk/Tools

Python test webkitpy.common.system.executive_unittest.ExecutiveTest.serial_test_kill_process is flaky
https://bugs.webkit.org/show_bug.cgi?id=155367

Reviewed by Darin Adler.

  • Scripts/webkitpy/common/system/executive.py: (Executive.kill_process):

Don't flakily consume the return code with waitpid, callers need to do waitpid on
their own. Not sure if this line of code was even intentional.

8:14 PM Changeset in webkit [199402] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed undo change from ArrayClass to ArrayWithUndecided, which
was not intedend to land with r199397.

  • runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::createStructure):

7:29 PM Changeset in webkit [199401] by dbates@webkit.org
  • 5 edits
    2 adds in trunk/Source/WebKit2

REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Darin Adler.

Reverts the workaround landed in r199301 and teaches ProcessLauncherMac to use the code
signing identifier of the UI process as the client-identifier if it is signed. Otherwise,
we fall back to using the main bundle identifier or _NSGetProgname() depending on whether
the UI process has an associated app bundle.

  • PlatformMac.cmake: Add file Shared/mac/CodeSigning.mm.
  • Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):
(WebKit::codeSigningIdentifierForProcess): Deleted; moved from here to file Shared/mac/CodeSigning.mm.

  • Shared/mac/CodeSigning.h: Added.
  • Shared/mac/CodeSigning.mm: Added.

(WebKit::secCodeForCurrentProcess): Added.
(WebKit::secCodeForProcess): Added.
(WebKit::secCodeSigningInformation): Added.
(WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Added.
(WebKit::secCodeSigningIdentifier): Added.
(WebKit::codeSigningIdentifier): Returns the code signing identifier for the current process.
(WebKit::codeSigningIdentifierForProcess): Moved from file Shared/mac/ChildProcessMac.mm. Extracted logic
into various helper functions (above) so that it can be shared with WebKit::codeSigningIdentifier() as
well as to improve the readability of the code. Removed the OSStatus out argument that was used by callers
for logging purposes and moved such logging responsibility into WebKit::secCodeSigningIdentifier() as
a release assertion message since we always want to log this error when code signing validation fails. We
use a release assertion to cause a noticeable crash because we such failures should not occur and if they
do then we want to see crash reports so that we can handle such failures. Using a release assertion for
validation failures also simplifies the possible return values of this function as such failures represented
the only case where this function would return an empty string. We now return either a null string or a non-
empty string. We return a null string when the specified process is either unsigned or signed by a third-party;
otherwise, we return a non-empty string that represents the code signing identifier.

  • UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService): Use the code signing identifier for the client-identifier if we have one (e.g.
we are signed app). If we do not have a code signing identifier then take client-identifier to be the
bundle identifier of our main bundle. Failing that we take client-identifier to be _NSGetProgname().

  • WebKit2.xcodeproj/project.pbxproj: Add files Shared/mac/CodeSigning.{h, mm}.
6:31 PM Changeset in webkit [199400] by mark.lam@apple.com
  • 24 edits
    56 deletes in trunk

Rollout: ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Speculative rollout to fix 32-bit shadow-chicken.yaml/tests/v8-v6/v8-regexp.js.shadow-chicken test failure.

Not reviewed.

Source/JavaScriptCore:

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/GlobalObject.js:

(speciesGetter):
(speciesConstructor): Deleted.

  • builtins/PromisePrototype.js:
  • builtins/RegExpPrototype.js:

(advanceStringIndexUnicode):
(match):
(advanceStringIndex): Deleted.
(regExpExec): Deleted.
(hasObservableSideEffectsForRegExpSplit): Deleted.
(split): Deleted.

  • builtins/StringPrototype.js:

(repeat):
(split): Deleted.

  • bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):

  • bytecode/BytecodeIntrinsicRegistry.h:
  • runtime/CommonIdentifiers.h:
  • runtime/ECMAScriptSpecInternalFunctions.cpp: Removed.
  • runtime/ECMAScriptSpecInternalFunctions.h: Removed.
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::setGlobalThis):
(JSC::JSGlobalObject::init):
(JSC::getGetterById): Deleted.

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setDescriptor):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::offsetOfLastIndexIsWritable):

  • runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex): Deleted.
(JSC::regExpProtoFuncSplitFast): Deleted.

  • runtime/RegExpPrototype.h:
  • runtime/StringObject.h:

(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
(JSC::substituteBackreferencesSlow):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncEndsWith):
(JSC::stringProtoFuncIncludes):
(JSC::stringProtoFuncIterator):
(JSC::stringProtoFuncSplitFast): Deleted.
(JSC::builtinStringSubstrInternal): Deleted.
(JSC::stringIncludesImpl): Deleted.
(JSC::builtinStringIncludesInternal): Deleted.

  • runtime/StringPrototype.h:
  • tests/es6.yaml:

LayoutTests:

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/dom/string-prototype-properties-expected.txt:
  • js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects2.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-global.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Removed.
  • js/regress/regexp-prototype-split-observable-side-effects4.html: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Removed.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Removed.
  • js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Removed.
  • js/regress/string-prototype-split-observable-side-effects-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects2-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects2.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-flags.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-global.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-multiline.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-sticky.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects3-unicode.html: Removed.
  • js/regress/string-prototype-split-observable-side-effects4-expected.txt: Removed.
  • js/regress/string-prototype-split-observable-side-effects4.html: Removed.
  • js/script-tests/Object-getOwnPropertyNames.js:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
6:07 PM Changeset in webkit [199399] by enrica@apple.com
  • 9 edits in trunk/Source/WebKit2

Should retrieve text surrounding the selection when performing lookup.
https://bugs.webkit.org/show_bug.cgi?id=156525
rdar://problem/25043678

Reviewed by Tim Horton.

The lookup functionality requires the surrounding text to improve
the quality of the results. This patch changes the implementation of
_lookup to retrieve the text before and the text after the selection.
It also renames DictationContextCallback to SelectionContextCallback so
that it can be used for both dictation and lookup, since they both need
the surrounding text.

  • UIProcess/AutoCorrectionCallback.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _lookup:]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::autocorrectionDataCallback):
(WebKit::WebPageProxy::selectionContextCallback):
(WebKit::WebPageProxy::getAutocorrectionContext):
(WebKit::WebPageProxy::getSelectionContext):
(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):
(WebKit::WebPageProxy::dictationContextCallback): Deleted.
(WebKit::WebPageProxy::getLookupContextAtPoint): Deleted.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::performDefaultBehaviorForKeyEvent):
(WebKit::WebPage::getSelectionContext):
(WebKit::WebPage::accessibilityObjectForMainFramePlugin):
(WebKit::WebPage::requestDictationContext):
(WebKit::WebPage::replaceSelectedText):
(WebKit::WebPage::getLookupContextAtPoint): Deleted.

5:48 PM Changeset in webkit [199398] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Remove 2 unused JSC options.
https://bugs.webkit.org/show_bug.cgi?id=156526

Reviewed by Benjamin Poulain.

The options JSC_assertICSizing and JSC_dumpFailedICSizing are no longer in use
now that we have B3.

  • runtime/Options.h:
5:37 PM Changeset in webkit [199397] by keith_miller@apple.com
  • 40 edits
    5 adds in trunk

[ES6] Add support for Symbol.isConcatSpreadable.
https://bugs.webkit.org/show_bug.cgi?id=155351

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to do so it was necessary to move the
Array.prototype.concat function to JS. A number of different optimizations were needed to make such the move to
a builtin performant. First, four new DFG intrinsics were added.

1) IsArrayObject (I would have called it IsArray but we use the same name for an IndexingType): an intrinsic of

the Array.isArray function.

2) IsJSArray: checks the first child is a JSArray object.
3) IsArrayConstructor: checks the first child is an instance of ArrayConstructor.
4) CallObjectConstructor: an intrinsic of the Object constructor.

IsActualObject, IsJSArray, and CallObjectConstructor can all be converted into constants in the abstract interpreter if
we are able to prove that the first child is an Array or for ToObject an Object.

In order to further improve the perfomance we also now cover more indexing types in our fast path memcpy
code. Before we would only memcpy Arrays if they had the same indexing type and did not have Array storage and
were not undecided. Now the memcpy code covers the following additional two cases: One array is undecided and
the other is a non-array storage and the case where one array is Int32 and the other is contiguous (we map this
into a contiguous array).

This patch also adds a new fast path for concat with more than one array argument by using memcpy to append
values onto the result array. This works roughly the same as the two array fast path using the same methodology
to decide if we can memcpy the other butterfly into the result butterfly.

Two new debugging tools are also added to the jsc cli. One is a version of the print function with a private
name so it can be used for debugging builtins. The other is dumpDataLog, which takes a JSValue and runs our
dataLog function on it.

Finally, this patch add a new constructor to JSValueRegsTemporary that allows it to reuse the the registers of a
JSValueOperand if the operand's use count is one.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/ArrayPrototype.js:

(concatSlowPath):
(concat):

  • bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):

  • bytecode/BytecodeIntrinsicRegistry.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileIsArrayObject):
(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayConstructor):
(JSC::FTL::DFG::LowerDFGToB3::isArray):

  • jit/JITOperations.h:
  • jsc.cpp:

(GlobalObject::finishCreation):
(functionDataLogValue):

  • runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):

  • runtime/ArrayConstructor.h:

(JSC::isArrayConstructor):

  • runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation):
(JSC::arrayProtoPrivateFuncIsJSArray):
(JSC::moveElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
(JSC::arrayProtoPrivateFuncAppendMemcpy):
(JSC::arrayProtoFuncConcat): Deleted.

  • runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::createStructure):

  • runtime/CommonIdentifiers.h:
  • runtime/Intrinsic.h:
  • runtime/JSArray.cpp:

(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.

  • runtime/JSArray.h:

(JSC::JSArray::createStructure):
(JSC::JSArray::fastConcatType): Deleted.

  • runtime/JSArrayInlines.h: Added.

(JSC::JSArray::memCopyWithIndexingType):
(JSC::JSArray::canFastCopy):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSType.h:
  • runtime/ObjectConstructor.h:

(JSC::constructObject):

  • tests/es6.yaml:
  • tests/stress/array-concat-spread-object.js: Added.

(arrayEq):

  • tests/stress/array-concat-spread-proxy-exception-check.js: Added.

(arrayEq):

  • tests/stress/array-concat-spread-proxy.js: Added.

(arrayEq):

  • tests/stress/array-concat-with-slow-indexingtypes.js: Added.

(arrayEq):

  • tests/stress/array-species-config-array-constructor.js:

LayoutTests:

Fix tests for Symbol.isConcatSpreadable on the Symbol object.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/dom/array-prototype-properties-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
4:57 PM Changeset in webkit [199396] by Brian Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: save inspector's zoom factor as a persistent setting across sessions
https://bugs.webkit.org/show_bug.cgi?id=156522
<rdar://problem/25635774>

Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector.loaded):
Initialize the setting and immediately set the zoom before the frontend page loads.

(WebInspector._increaseZoom):
(WebInspector._decreaseZoom):
(WebInspector._resetZoom):
Use the internal get/set method which updates the WebInspector.Setting.

(WebInspector._setZoomFactor):
Added. Round-trip through the frontend host method in case it further clamps the value.

(WebInspector._zoomFactor):
Added. Just return the setting, since there's no other way for zoom to have changed.

3:48 PM Changeset in webkit [199395] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Web Inspector: Dock controls are not available in toolbar if Web Inspector window leaves fullscreen
https://bugs.webkit.org/show_bug.cgi?id=156520
<rdar://problem/22101106>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-12
Reviewed by Timothy Hatcher.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCanAttach):
Be more explicit about the attachment view check. Its intent
was to prevent allowing a 2nd level inspector from attaching
to a 1st level inspector. We can use a stronger check. Also,
remove deprecated pragmas by switching to new value.

3:42 PM Changeset in webkit [199394] by sbarati@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Lets not iterate over the constant pool twice every time we link a code block
https://bugs.webkit.org/show_bug.cgi?id=156517

Reviewed by Mark Lam.

I introduced a second iteration over the constant pool when I implemented
block scoping. I did this because we must clone all the symbol tables when
we link a CodeBlock. We can just do this cloning when setting the constant
registers for the first time. There is no need to iterate over the constant
pool a second time.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::setAlternative):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::replaceConstant):
(JSC::CodeBlock::setConstantRegisters): Deleted.

3:40 PM Changeset in webkit [199393] by mark.lam@apple.com
  • 24 edits
    56 adds in trunk

ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Reviewed by Keith Miller.

Source/JavaScriptCore:

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/GlobalObject.js:

(speciesConstructor):

  • builtins/PromisePrototype.js:
  • refactored to use the @speciesConstructor internal function.
  • builtins/RegExpPrototype.js:

(advanceStringIndex):

  • refactored from @advanceStringIndexUnicode() to be match the spec. Benchmarks show that there's no advantage in doing the unicode check outside of the advanceStringIndexUnicode part. So, I simplified the code to match the spec (especially since @@split needs to call advanceStringIndex from more than 1 location).

(match):

  • Removed an unnecessary call to @Object because it was already proven above.
  • Changed to use advanceStringIndex instead of advanceStringIndexUnicode. Again, there's no perf regression for this.

(regExpExec):
(hasObservableSideEffectsForRegExpSplit):
(split):
(advanceStringIndexUnicode): Deleted.

  • builtins/StringPrototype.js:

(split):

  • Modified to use RegExp.prototype[@@split].
  • bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):

  • bytecode/BytecodeIntrinsicRegistry.h:
  • Added the @@split symbol.
  • runtime/CommonIdentifiers.h:
  • runtime/ECMAScriptSpecInternalFunctions.cpp: Added.

(JSC::esSpecIsConstructor):
(JSC::esSpecIsRegExp):

  • runtime/ECMAScriptSpecInternalFunctions.h: Added.
  • runtime/JSGlobalObject.cpp:

(JSC::getGetterById):
(JSC::JSGlobalObject::init):

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setDescriptor):

  • Removed an assert that is no longer valid.
  • runtime/RegExpObject.h:
  • Made advanceStringUnicode() public so that it can be re-used by the regexp split fast path.
  • runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex):
(JSC::regExpProtoFuncSplitFast):

  • runtime/RegExpPrototype.h:
  • runtime/StringObject.h:

(JSC::jsStringWithReuse):
(JSC::jsSubstring):

  • Hoisted some utility functions from StringPrototype.cpp so that they can be reused by the regexp split fast path.
  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::builtinStringSubstrInternal):
(JSC::stringProtoFuncSubstring):
(JSC::stringIncludesImpl):
(JSC::stringProtoFuncIncludes):
(JSC::builtinStringIncludesInternal):
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
(JSC::stringProtoFuncSplit): Deleted.

  • runtime/StringPrototype.h:
  • tests/es6.yaml:

LayoutTests:

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/dom/string-prototype-properties-expected.txt:
  • js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects2.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-global.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Added.
  • js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Added.
  • js/regress/regexp-prototype-split-observable-side-effects4.html: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Added.
  • js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Added.
  • js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Added.
  • js/regress/string-prototype-split-observable-side-effects-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects.html: Added.
  • js/regress/string-prototype-split-observable-side-effects2-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects2.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-flags.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-global.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-multiline.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-sticky.html: Added.
  • js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects3-unicode.html: Added.
  • js/regress/string-prototype-split-observable-side-effects4-expected.txt: Added.
  • js/regress/string-prototype-split-observable-side-effects4.html: Added.
  • js/script-tests/Object-getOwnPropertyNames.js:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
3:38 PM Changeset in webkit [199392] by Chris Dumez
  • 7 edits
    2 adds in trunk

Attr.value should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=156515

Reviewed by Benjamin Poulain.

Source/WebCore:

Update Attr.value so that it is no longer nullable, as per:
https://dom.spec.whatwg.org/#interface-attr

This aligns our behavior with Firefox and Chrome as well.

Test: fast/dom/Attr/value-not-nullable.html

  • dom/Attr.cpp:

(WebCore::Attr::setValueForBindings):
(WebCore::Attr::setNodeValue):
(WebCore::Attr::setValue):

  • dom/Attr.h:
  • dom/Attr.idl:

LayoutTests:

Add layout test and rebaseline existing one now that Attr.value is no
longer nullable.

  • fast/dom/Attr/value-not-nullable-expected.txt: Added.
  • fast/dom/Attr/value-not-nullable.html: Added.
  • fast/dom/coreDOM-element-attribute-js-null-expected.txt:
  • fast/dom/coreDOM-element-attribute-js-null.xhtml:
2:52 PM Changeset in webkit [199391] by keith_miller@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

AbstractValue should use the result type to filter structures
https://bugs.webkit.org/show_bug.cgi?id=156516

Reviewed by Geoffrey Garen.

When filtering an AbstractValue with a SpeculatedType we would not use the merged type when
filtering out the valid structures (despite what the comment directly above said). This
would cause us to crash if our structure-set was Top and the two speculated types were
different kinds of cells.

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filter):

  • tests/stress/ai-consistency-filter-cells.js: Added.

(get value):
(attribute.value.get record):
(attribute.attrs.get this):
(get foo):
(let.thisValue.return.serialize):
(let.thisValue.transformFor):

2:35 PM Changeset in webkit [199390] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Show the normal Native icon for all Internal objects in Heap Snapshots
https://bugs.webkit.org/show_bug.cgi?id=156513

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-12
Reviewed by Timothy Hatcher.

  • UserInterface/Views/HeapSnapshotClusterContentView.js:

(WebInspector.HeapSnapshotClusterContentView.iconStyleClassNameForClassName):
Show the native icon for internal objects.

2:10 PM Changeset in webkit [199389] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove FIXME for https://bugs.webkit.org/show_bug.cgi?id=156457 and replace it
with a comment that describes what we do now.

  • bytecode/PolymorphicAccess.h:
2:04 PM Changeset in webkit [199388] by rniwa@webkit.org
  • 5 edits in trunk/Websites/perf.webkit.org

Make sync-buildbot.js fault safe
https://bugs.webkit.org/show_bug.cgi?id=156498

Reviewed by Chris Dumez.

Fixed a bug that sync-buildbot.js will continue to schedule build requests from multiple test groups
if multiple test groups are simultaneously in-progress on the same builder. Also fixed a bug that if
a build request had failed without leaving a trace (i.e. no entry on any of the builders we know of),
sync-buildbot.js throws an exception.

  • server-tests/tools-buildbot-triggerable-tests.js: Added test cases.
  • tools/js/buildbot-syncer.js:

(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Renamed. Optionally takes the slave name.
When this parameter is specified, schedule the request only if the specified slave is available.

  • tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Always use
scheduleRequestInGroupIfAvailable to schedule a new build request. Using scheduleRequest for non-first
build requests was problematic when there were multiple test groups with pending requests because then
we would schedule those pending requests without checking whether there is already a pending job or if
we have previously scheduled a job. Also fallback to use any syncer / builder when groupInfo.syncer is
not set even if the next request was not the first one in the test group since we can't determine on
which builder preceding requests are processed in such cases.

  • unit-tests/buildbot-syncer-tests.js:
2:03 PM Changeset in webkit [199387] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156077>

Unreviewed test expectations update.

  • platform/mac-wk2/TestExpectations:

(inspector/heap/getRemoteObject.html): Update bug number.

1:56 PM Changeset in webkit [199386] by ddkilzer@apple.com
  • 2 edits in trunk/LayoutTests

Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156514>

Unreviewed test expectations update.

  • platform/mac-wk2/TestExpectations:

(inspector/heap/getRemoteObject.html): Mark as flakey.

1:47 PM Changeset in webkit [199385] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fixed uninitialization of Node::DataUnion with GCC 4.8.
https://bugs.webkit.org/show_bug.cgi?id=156507

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-04-12
Reviewed by Michael Catanzaro.

This change fixes run time crashes caused by access to uninitialized
memory in Node::renderer().

No new tests needed.

  • dom/Node.h:
1:47 PM Changeset in webkit [199384] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

isLocked() assertion broke builds because ConcurrentJITLock isn't always a real lock.

Rubber-stamped by Filip Pizlo.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):

1:40 PM Changeset in webkit [199383] by eric.carlson@apple.com
  • 3 edits in trunk/Source/WebCore

[iOS] do not exit AirPlay when the screen locks
https://bugs.webkit.org/show_bug.cgi?id=156502
<rdar://problem/24616592>

Reviewed by Jer Noble.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction): Add logging.
(WebCore::HTMLMediaElement::purgeBufferedDataIfPossible): Don't tell the media engine to purge

data if it is playing to a wireless target because that will drop the connection.

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::playbackPermitted): Add logging.
(WebCore::MediaElementSession::canPlayToWirelessPlaybackTarget): Drive by fix: iOS doesn't

have an explicit playbackTarget, don't test for it.

(WebCore::MediaElementSession::isPlayingToWirelessPlaybackTarget): Ditto.

1:06 PM Changeset in webkit [199382] by fpizlo@apple.com
  • 14 edits in trunk/Source

PolymorphicAccess should buffer AccessCases before regenerating
https://bugs.webkit.org/show_bug.cgi?id=156457

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Prior to this change, whenever we added an AccessCase to a PolymorphicAccess, we would
regenerate the whole stub. That meant that we'd do O(N2) work for N access cases.

One way to fix this is to have each AccessCase generate a stub just for itself, which
cascades down to the already-generated cases. But that removes the binary switch
optimization, which makes the IC perform great even when there are many cases.

This change fixes the issue by buffering access cases. When we take slow path and try to add
a new case, the StructureStubInfo will usually just buffer the new case without generating
new code. We simply guarantee that after we buffer a case, we will take at most
Options::repatchBufferingCountdown() slow path calls before generating code for it. That
option is currently 7. Taking 7 more slow paths means that we have 7 more opportunities to
gather more access cases, or to realize that this IC is too crazy to bother with.

This change ensures that the DFG still gets the same kind of profiling. This is because the
buffered AccessCases are still part of PolymorphicAccess and so are still scanned by
GetByIdStatus and PutByIdStatus. The fact that the AccessCases hadn't been generated and so
hadn't executed doesn't change much. Mainly, it increases the likelihood that the DFG will
see an access case that !couldStillSucceed(). The DFG's existing profile parsing logic can
handle this just fine.

There are a bunch of algorithmic changes here. StructureStubInfo now caches the set of
structures that it has seen as a guard to prevent adding lots of redundant cases, in case
we see the same 7 cases after buffering the first one. This cache means we won't wastefully
allocate 7 identical AccessCase instances. PolymorphicAccess is now restructured around
having separate addCase() and regenerate() calls. That means a bit more moving data around.
So far that seems OK for performance, probably since it's O(N) work rather than O(N2) work.
There is room for improvement for future patches, to be sure.

This is benchmarking as slightly positive or neutral on JS benchmarks. It's meant to reduce
pathologies I saw in page loads.

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

  • bytecode/PolymorphicAccess.cpp:

(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::addCases):
(JSC::PolymorphicAccess::addCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::commit):
(JSC::PolymorphicAccess::regenerate):
(JSC::PolymorphicAccess::aboutToDie):
(WTF::printInternal):
(JSC::PolymorphicAccess::regenerateWithCases): Deleted.
(JSC::PolymorphicAccess::regenerateWithCase): Deleted.

  • bytecode/PolymorphicAccess.h:

(JSC::AccessCase::isGetter):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessGenerationResult::AccessGenerationResult):
(JSC::AccessGenerationResult::madeNoChanges):
(JSC::AccessGenerationResult::gaveUp):
(JSC::AccessGenerationResult::buffered):
(JSC::AccessGenerationResult::generatedNewCode):
(JSC::AccessGenerationResult::generatedFinalCode):
(JSC::AccessGenerationResult::shouldGiveUpNow):
(JSC::AccessGenerationResult::generatedSomeCode):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):

  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeForStubInfo):

  • bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):

  • bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::considerCaching):
(JSC::StructureStubInfo::willRepatch): Deleted.
(JSC::StructureStubInfo::willCoolDown): Deleted.

  • jit/JITOperations.cpp:
  • jit/Repatch.cpp:

(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::putByIndex):
(JSC::JSValue::structureOrNull):
(JSC::JSValue::structureOrUndefined):

  • runtime/Options.h:

Source/WTF:

  • wtf/TinyPtrSet.h:

(WTF::TinyPtrSet::add): Add a helpful comment because I had forgotten what the bool return meant.

12:37 PM Changeset in webkit [199381] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Rubber stamped by Chris Dumez.

Temporarily disable on iOS - this broke a test.
(storage/websql/alter-to-info-table.html)

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

12:35 PM Changeset in webkit [199380] by Joseph Pecoraro
  • 22 edits in trunk/Source

Web Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector is open.
https://bugs.webkit.org/show_bug.cgi?id=111193
<rdar://problem/13325889>

Reviewed by Timothy Hatcher.

Source/WebCore:

  • inspector/InspectorClient.h:

(WebCore::InspectorClient::elementSelectionChanged):

  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::setSearchingForNode):
Inform the client when element selection changes.

Source/WebInspectorUI:

  • UserInterface/Controllers/DOMTreeManager.js:

(WebInspector.DOMTreeManager.prototype.set inspectModeEnabled):
(WebInspector.DOMTreeManager.set inspectModeEnabled.callback):

  • UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setElementSelectionEnabled):
Frontend API to enable element selection.

Source/WebKit2:

  • UIProcess/API/C/WKInspector.cpp:

(WKInspectorIsElementSelectionActive):
(WKInspectorToggleElementSelection):

  • UIProcess/API/C/WKInspector.h:

API for WebKit clients to toggle element selection.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::toggleElementSelection):
(WebKit::WebInspectorProxy::elementSelectionChanged):

  • UIProcess/WebInspectorProxy.h:

(WebKit::WebInspectorProxy::isElementSelectionActive):

  • UIProcess/WebInspectorProxy.messages.in:

UIProcess update according to the state of the page
and action to tell the page to toggle.
When starting, pre-connect the inspector. When the
state changes, if we were stopping and nothing was
selected, then disconnect. Otherwise, we will bring
the inspector to the front.

  • WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::elementSelectionChanged):

  • WebProcess/WebCoreSupport/WebInspectorClient.h:

Let the UIProcess update its cached state of whether or
not element selection is enabled or disabled.

  • WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::startElementSelection):
(WebKit::WebInspector::stopElementSelection):
(WebKit::WebInspector::elementSelectionChanged):

  • WebProcess/WebPage/WebInspector.h:
  • WebProcess/WebPage/WebInspector.messages.in:

Messages in both directions.
UIProcess -> InspectorProcess enable/disable.
WebProcess -> UIProcess updated element selection state.

  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::startElementSelection):
(WebKit::WebInspectorUI::stopElementSelection):

  • WebProcess/WebPage/WebInspectorUI.h:
  • WebProcess/WebPage/WebInspectorUI.messages.in:

Open the inspector and enable element selection.

12:35 PM Changeset in webkit [199379] by Joseph Pecoraro
  • 16 edits in trunk

Web Inspector: Should be able to expand Objects in Heap Allocations View to see exactly what it retains
https://bugs.webkit.org/show_bug.cgi?id=156419
<rdar://problem/25633863>

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Main.html:

Remove strings, and fix sort.

  • UserInterface/Models/HeapSnapshotRootPath.js:

(WebInspector.HeapSnapshotRootPath.pathComponentForIndividualEdge):
(WebInspector.HeapSnapshotRootPath.canPropertyNameBeDotAccess):
(WebInspector.HeapSnapshotRootPath.prototype.appendPropertyName):
(WebInspector.HeapSnapshotRootPath.prototype._canPropertyNameBeDotAccess):
Provide a helper to get an path component string for an individual edge.

  • UserInterface/Models/PropertyPreview.js:

(WebInspector.PropertyPreview):
Fix an assert that may have errantly fired for an empty string name.

  • UserInterface/Proxies/HeapSnapshotNodeProxy.js:

(WebInspector.HeapSnapshotNodeProxy):
(WebInspector.HeapSnapshotNodeProxy.deserialize):
Include "hasChildren" property in the original proxy message.

(WebInspector.HeapSnapshotNodeProxy.prototype.retainedNodes):
The method now also returns a list of edges for each of the retained nodes.

  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.sort):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._populate):
An instance DataGrid node can now show children. It can expand to show
its retained node graph.

  • UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:

(HeapSnapshot.instancesWithClassName):
(HeapSnapshot.prototype.dominatedNodes):
(HeapSnapshot.prototype.retainers):
(HeapSnapshot.prototype.serializeNode):
Remove unnecessary calls to bind in favor of using the thisObject argument.

(HeapSnapshot.prototype.retainedNodes):
Return a parallel list of edges for each of the nodes.

  • UserInterface/Views/HeapSnapshotClassDataGridNode.js:

(WebInspector.HeapSnapshotClassDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):

  • UserInterface/Views/HeapSnapshotClusterContentView.js:

(WebInspector.HeapSnapshotClusterContentView.prototype.get summaryContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get instancesContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.shown):
(WebInspector.HeapSnapshotClusterContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get navigationItems): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._contentViewExtraArguments): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._toggleShowInternalObjectsSetting): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateViewsForShowInternalObjectsSettingValue): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateShowInternalObjectsButtonNavigationItem): Deleted.

  • UserInterface/Views/HeapSnapshotInstancesContentView.js:

(WebInspector.HeapSnapshotInstancesContentView):
(WebInspector.HeapSnapshotInstancesContentView.prototype.get showInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesContentView.prototype.set showInternalObjects): Deleted.

  • UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:

(WebInspector.HeapSnapshotInstancesDataGridTree.prototype._populateTopLevel):
(WebInspector.HeapSnapshotInstancesDataGridTree):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get includeInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set includeInternalObjects): Deleted.

  • UserInterface/Views/HeapSnapshotSummaryContentView.js:

Remove the show/hide internal objects button. In the Instances view we will
only show non-Internal objects at the top level, and show internal objects
when those instances are expanded.

LayoutTests:

  • inspector/unit-tests/heap-snapshot-expected.txt:
  • inspector/unit-tests/heap-snapshot.html:

Add a quick test that retainedNodes returns a list of edges.

11:44 AM Changeset in webkit [199378] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Regression(r199360): assertion hit in Element::fastGetAttribute()
https://bugs.webkit.org/show_bug.cgi?id=156509

Reviewed by Ryosuke Niwa.

Stop using fastGetAttribute() / setAttributeWithoutSynchronization()
given that DOMTokenList is used for the class attribute and we need
to synchronize in this case.

No new tests, already covered by existing tests.

  • html/DOMTokenList.cpp:

(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):

11:40 AM Changeset in webkit [199377] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

[RTL Scrollbars] Overlay scrollbars push contents inwards
https://bugs.webkit.org/show_bug.cgi?id=156225
<rdar://problem/25137040>

Reviewed by Darin Adler.

Source/WebCore:

The contents should be pushed in by the occupied width of the
scrollbar, which is 0 for overlay scrollbars.

Test: fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::computeScrollDimensions):

LayoutTests:

  • fast/scrolling/rtl-scrollbars-overlay-no-push-contents-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html: Added.
11:38 AM Changeset in webkit [199376] by sbarati@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

There is a race with the compiler thread and the main thread with result profiles
https://bugs.webkit.org/show_bug.cgi?id=156503

Reviewed by Filip Pizlo.

The compiler thread should not be asking for a result
profile while the execution thread is creating one.
We must guard against such races with a lock.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):
(JSC::CodeBlock::capabilityLevel):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::numberOfResultProfiles):
(JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile): Deleted.

11:33 AM Changeset in webkit [199375] by mmaxfield@apple.com
  • 14 edits in trunk

[OS X] Flakey crash after ScrollAnimatorMac destruction
https://bugs.webkit.org/show_bug.cgi?id=156372

Reviewed by Darin Adler.

Source/WebCore:

Previously, we were disabling the mock scrollbars using JavaScript after
the WebView was created. However, enabling these mock scrollbars can be
triggered with a bit of state inside the WebPreferences object, which
means WebKit clients can change it at any point. DumpRenderTree is doing
this during the document's lifetime.

This means that the creation of the Scrollbar objects saw a non-mock
ScrollbarTheme, but the destruction of the Scrollbar objects saw a mock
ScrollbarTheme. Therefore, the non-mock ScrollbarTheme doesn't get
cleaned up correctly (ScrollAnimatorMac::willRemoveVerticalScrollbar()
returns early because it sees that there is nothing to deregister
due to the ScrollbarTheme being mocked).

This cleanup is necessary because it sets the NSScrollerImp's delegate
to nil before the NSScrollerImpDelegate gets destroyed. Because the
cleanup wasn't happening, the delegate pointer wasn't getting set to
nil, so the pointer was dangling, and AppKit was following it and
crashing.

Because the clients of this bit of state can change it at any time,
it is incorrect to change it in JavaScript. Instead, the client must
manage this bit of state (so the client and the web process are always
in sync). Therefore, the correct way to set this bit of state must be
done in the test runner rather than Javascript internals. The mechanism
we have to do that is the <!-- webkit-test-runner --> comment at the
beginning of the test. This patch migrates to this mechanism and removes
the old internals method.

Test: fast/scrolling/rtl-scrollbars-animation-property.html

  • page/Settings.cpp:
  • testing/Internals.cpp:

(WebCore::Internals::setMockScrollbarsEnabled): Deleted.

  • testing/Internals.h:
  • testing/Internals.idl:

Tools:

Implement the new <!-- webkit-test-runner --> flag.

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::TestController::resetStateToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):

  • WebKitTestRunner/TestController.h:
  • WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::invoke):

  • WebKitTestRunner/TestOptions.h:
  • WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WKR::PlatformWebView::viewSupportsOptions):

LayoutTests:

Migrate to the new mechanism for disabling mock scrollbars in tests.

  • fast/scrolling/rtl-scrollbars-animation-property.html:
10:55 AM Changeset in webkit [199374] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: clearing the console should exit all console groups
https://bugs.webkit.org/show_bug.cgi?id=156496
<rdar://problem/25676416>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype._logCleared):
Reset nesting level to zero.

10:40 AM Changeset in webkit [199373] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r199339.
https://bugs.webkit.org/show_bug.cgi?id=156505

memset_s is indeed necessary (Requested by alexchristensen_ on
#webkit).

Reverted changeset:

"Build fix after r199299."
https://bugs.webkit.org/show_bug.cgi?id=155508
http://trac.webkit.org/changeset/199339

10:27 AM Changeset in webkit [199372] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

MIPS: add MacroAssemblerMIPS::store8(TrustedImm32,ImplicitAddress)
https://bugs.webkit.org/show_bug.cgi?id=156481

This method with this signature is used by r199075, and therefore
WebKit doesn't build on MIPS since then.

Patch by Guillaume Emont <guijemont@igalia.com> on 2016-04-12
Reviewed by Mark Lam.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::store8):

10:08 AM Changeset in webkit [199371] by Darin Adler
  • 7 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from SVG lists
https://bugs.webkit.org/show_bug.cgi?id=156494

Reviewed by Chris Dumez.

  • bindings/scripts/CodeGenerator.pm:

(ShouldPassWrapperByReference): For now, don't do this for any tear-off classes.
This includes the items stored in most SVG list classes.

  • svg/SVGLengthList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
  • svg/SVGNumberList.idl: Ditto.
  • svg/SVGPointList.idl: Ditto.
  • svg/SVGTransformList.idl: Ditto.
  • svg/SVGPathSegList.idl: Removed UsePointersEvenForNonNullableObjectArguments.

Marked the arguments nullable, and added FIXMEs about returning later since they
don't really need to be nullable. But fixing this requires some reworking of the
SVG list template and it's not urgent at this time. Preserves behavior where we
get an exception when passing null, it's just an SVG exception instead of TypeError.

9:58 AM Changeset in webkit [199370] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198243 - Occasional crash under GraphicsContext::platformContext() when dragging Google maps
https://bugs.webkit.org/show_bug.cgi?id=155521
rdar://problem/24357307

Reviewed by Tim Horton.

It's possible for createDragImageForSelection() to return a null image, if the bounds
of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
because a zero-sized ShareableBitmap will return a null GraphicsContext.

To avoid this, early return from DragController::startDrag() if the dragImage is null.

I wasn't able to come up with a test for this.

  • page/DragController.cpp:

(WebCore::DragController::startDrag):

9:57 AM Changeset in webkit [199369] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198238 - Delay HTMLFormControlElement::focus() call until after layout is finished.
https://bugs.webkit.org/show_bug.cgi?id=155503
<rdar://problem/24046635>

Reviewed by Simon Fraser.

Calling focus on a form element can trigger arbitrary JS code which could interfere with
the ongoing layout.
This patch delays HTMLFormControlElement::focus() call until after layout is finished.
If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
after style resolution is done.

Covered by LayoutTests/fast/dom/adopt-node-crash-2.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::updateBackingStore):

  • dom/Document.cpp:

(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::updateLayout):
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

  • html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::didAttachRenderers):

  • page/FrameView.cpp:

(WebCore::FrameView::layout):
(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):
(WebCore::FrameView::performPostLayoutTasks):
(WebCore::FrameView::sendResizeEventIfNeeded):

  • page/FrameView.h:
  • rendering/RenderBox.cpp:

(WebCore::RenderBox::imageChanged):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

9:50 AM Changeset in webkit [199368] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12

Merge r198216 - REGRESSION (196383): Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

We fail to invalidate bar style in

:not(.foo) bar { }

when class foo is added or removed.

There is a logic error in the invalidation code. It assumes that class addition can only make new selectors match
and removal make them not match. This is not true when :not is present.

  • style/AttributeChangeInvalidation.h:

(WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):

  • style/ClassChangeInvalidation.cpp:

(WebCore::Style::ClassChangeInvalidation::invalidateStyle):

Invalidate style and collect full set of rules that may affect descendant style.

(WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle):

Invalidate with this set both before and after committing the changes.

(WebCore::Style::ClassChangeInvalidation::computeClassChange): Deleted.

  • style/ClassChangeInvalidation.h:

(WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
(WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

LayoutTests:
Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

  • fast/css/style-invalidation-attribute-change-descendants-expected.txt:
  • fast/css/style-invalidation-attribute-change-descendants.html:

Also add :not case for attribute changes (which handles this correctly already).

  • fast/css/style-invalidation-class-change-descendants-expected.txt:
  • fast/css/style-invalidation-class-change-descendants.html:

Add :not case.

9:46 AM Changeset in webkit [199367] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198205 - Leak: Accelerated ImageBufferCairo doesn't destroy the used textures
https://bugs.webkit.org/show_bug.cgi?id=155431

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-15
Reviewed by Žan Doberšek.

When using the Cairo backend, add a destructor to ImageBufferData and use it to destroy the
textures created if the buffer is being accelerated.

No new tests, already covered by existing ones.

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::ImageBufferData):
Store the renderingMode flag.
(WebCore::ImageBufferData::~ImageBufferData):
Destroy gl resources if renderingMode is accelerated.
(WebCore::ImageBuffer::ImageBuffer):
Pass renderingMode to the data class and use it fro checks instead of the function parameter.

  • platform/graphics/cairo/ImageBufferDataCairo.h:

Add destructor and a renderingMode flag.

9:44 AM Changeset in webkit [199366] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WTF

S390X and PPC64 architectures detection is wrong
https://bugs.webkit.org/show_bug.cgi?id=156337

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Carlos Garcia Campos.

After the http://trac.webkit.org/changeset/198919 was committed
it showed that the PPC64 detection is wrong as the CPU(PPC) path was
activated even for PPC64. The thing is that GCC defines ppc
even on PPC64 and not just on PPC(32). The same applies for S390X.

  • wtf/Platform.h:
9:41 AM Changeset in webkit [199365] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198173 - [mips] Fix unaligned access in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=153228

Address loads used with btbxx opcodes were wrongly converted to lw
instruction instead of lbu, leading to unaligned access on mips
platforms. This is not a bug as it's silently fixed up by kernel,
but it's more efficient to avoid unaligned accesses for mips.

Reviewed by Geoffrey Garen.

  • offlineasm/mips.rb:
9:40 AM Changeset in webkit [199364] by Carlos Garcia Campos
  • 4 edits
    6 adds in releases/WebKitGTK/webkit-2.12

Merge r198163 - Selecting with shift+drag results in unexpected drag-n-drop
https://bugs.webkit.org/show_bug.cgi?id=155314

Reviewed by Darin Adler.

Source/WebCore:

Test: editing/selection/shift-drag-selection-no-drag-n-drop.html

Whenever user tries to extend an existing text selection by dragging the mouse
(left button hold) with shift key pressed, WebKit enters drag-n-drop mode.
This behavior does not match common editing behavior out there, including other
browsers' (Firefox, Opera/Presto and IE).

Patch changes WebKit so that whenever one extends a selection with mouse
and shift key pressed off of a #text node, it does not enter drag-n-drop mode.

Additionally, patch also adds some further tests to ensure that when
selection is extended off of either a link or an image, drag-n-drop does
get triggered, no matter if shift key is pressed.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

Tests that ensure that WebKit:

1) does not enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a #text node.

2) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a link.

3) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of an image.

Note that (1) is a behavior changed by this patch, whereas (2) and (3) represent existing
behavior that is kept.
Tests are also skip for iOS similarly to other drag-n-drop related tests.

  • fast/events/shift-drag-selection-no-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-no-drag-n-drop.html: Added.
  • fast/events/shift-drag-selection-on-link-triggers-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-on-link-triggers-drag-n-drop.html: Added.
  • fast/events/shift-drag-selection-on-image-triggers-drag-n-drop-expected.txt: Added.
  • fast/events/shift-drag-selection-on-image-triggers-drag-n-drop.html: Added.
9:32 AM Changeset in webkit [199363] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198090 - REGRESSION (r190840): crash inside details element's slotNameFunction
https://bugs.webkit.org/show_bug.cgi?id=155388

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by HTMLDetailsElement::isActiveSummary calling findAssignedSlot with a summary element
inside the shadow tree of the detials element. Fixed it by existing early when the summary element passed
to isActiveSummary is not a direct child of the details element.

Test: fast/html/details-summary-tabindex-crash.html

  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::findAssignedSlot): Added an assertion for regression testing.

  • dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::findAssignedSlot): Removed the superfluous call to assignSlots added in r190840.
There is no need to update the slot assignments here (entires in m_slots are added or removed by
addSlotElementByName or removeSlotElementByName and assignSlots only updates assignedNodes in each SlotInfo
which is never used in this function or findFirstSlotElement.

  • html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::isActiveSummary): Fixed the bug.

LayoutTests:

Added a regression test.

  • fast/html/details-summary-tabindex-crash-expected.txt: Added.
  • fast/html/details-summary-tabindex-crash.html: Added.
9:30 AM Changeset in webkit [199362] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r198087 - ComposedTreeIterator fails to traverse slots if root is shadow host
https://bugs.webkit.org/show_bug.cgi?id=155407

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-shadow-subtree.html

  • dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::ComposedTreeIterator):

Traversal functions assume m_contextStack is deeper than 1 before they need to enter slot traversal code paths.
Call initializeContextStack in case of shadow host which does the right thing.

(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::composedTreeAsText):

Add option to include pointers as debugging aid.

  • dom/ComposedTreeIterator.h:

(WebCore::composedTreeChildren):

LayoutTests:

  • fast/shadow-dom/composed-tree-shadow-subtree-expected.txt: Added.
  • fast/shadow-dom/composed-tree-shadow-subtree.html: Added.
9:27 AM Changeset in webkit [199361] by Carlos Garcia Campos
  • 5 edits
    4 adds in releases/WebKitGTK/webkit-2.12

Merge r198075 - REGRESSION (r188647): Teamtreehouse website sidebar buttons are not rendered
https://bugs.webkit.org/show_bug.cgi?id=155400
<rdar://problem/24818602>

Reviewed by Anders Carlsson.

Source/WebCore:

When we unprefixed CSS filters we accidentally
stopped SVG elements that use the CSS filter shorthands
from rendering. We still don't actually support
the shorthands in this case, but we should render
the element without the filter.

Tests: css3/filters/filters-on-svg-element.html

css3/filters/filters-on-svg-root.html

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::hasReferenceFilterOnly): Add
this new function that tells us if we have the
style of filter that we can handle in SVG content.

  • rendering/style/RenderStyle.h:
  • rendering/svg/SVGRenderingContext.cpp:

(WebCore::SVGRenderingContext::prepareToRenderSVGContent):
We can mark an element as ready to render if it
has a shorthand filter.

LayoutTests:

Add tests with SVG content that uses CSS filter
shorthands. These particular filters are no-ops
so should not affect rendering. If they actually
tried to do something you wouldn't see them work
until we enable shorthand filters on SVG content.

  • css3/filters/filters-on-svg-element-expected.html: Added.
  • css3/filters/filters-on-svg-element.html: Added.
  • css3/filters/filters-on-svg-root-expected.html: Added.
  • css3/filters/filters-on-svg-root.html: Added.
9:21 AM Changeset in webkit [199360] by Chris Dumez
  • 8 edits in trunk/Source/WebCore

Lazily update tokens in DOMTokenList when the associated attribute value changes
https://bugs.webkit.org/show_bug.cgi?id=156474

Reviewed by Ryosuke Niwa.

Lazily update tokens in DOMTokenList when the associated attribute value
changes for performance. Constructing the sanitized vector of tokens
every time the associated Element attribute changes is too expensive.
Instead, we mark the vector as dirty whenever the attribute changes, and
we only construct the sanitized vector when it is actually required.

Also do some renaming for clarity.

There is no web-exposed behavior change.

  • dom/Element.cpp:

(WebCore::Element::classAttributeChanged):

  • html/DOMTokenList.cpp:

(WebCore::DOMTokenList::contains):
(WebCore::DOMTokenList::addInternal):
(WebCore::DOMTokenList::removeInternal):
(WebCore::DOMTokenList::toggle):
(WebCore::DOMTokenList::value):
(WebCore::DOMTokenList::setValue):
(WebCore::DOMTokenList::updateTokensFromAttributeValue):
(WebCore::DOMTokenList::associatedAttributeValueChanged):
(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::DOMTokenList): Deleted.

  • html/DOMTokenList.h:

(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::length):
(WebCore::DOMTokenList::item):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::parseAttribute):

  • html/HTMLIFrameElement.cpp:

(WebCore::HTMLIFrameElement::parseAttribute):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::parseAttribute):

  • html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::parseAttribute):

9:16 AM Changeset in webkit [199359] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r198050 - WebKit should not be redirected to an invalid URL
https://bugs.webkit.org/show_bug.cgi?id=155263
<rdar://problem/22820172>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/navigation/redirect-to-invalid-url.html

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

LayoutTests:

  • http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
  • http/tests/navigation/redirect-to-invalid-url.html: Added.
  • http/tests/navigation/resources/redirect-to-invalid-url-frame.php: Added.
9:15 AM Changeset in webkit [199358] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198044 - Fix typo in StyleTreeResolver.cpp
https://bugs.webkit.org/show_bug.cgi?id=139946

Patch by Maksim Kisilev <mkisilev@yandex-team.ru> on 2016-03-10
Reviewed by Andy Estes.

The constructor for CheckForVisibilityChangeOnRecalcStyle was improperly comparing the
result of WKContentChange() (which is not a function) to WKContentVisibilityChange. I
believe the above cast would implicitly resolve to WKContentNoChange in all cases,
whether a visibility change had been observed or not.

This patch corrects this problem. I would expect that this might affect some content
visibility change behavior, but I'm not sure what the appropriate test case would be
since this was apparently found through code inspection.

  • style/StyleTreeResolver.cpp:

(WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::CheckForVisibilityChangeOnRecalcStyle):

9:11 AM Changeset in webkit [199357] by Darin Adler
  • 2 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
https://bugs.webkit.org/show_bug.cgi?id=156492

Reviewed by Chris Dumez.

  • html/HTMLMediaElement.idl: Removed UsePointersEvenForNonNullableObjectArguments,

sorted remaining class attributes, simplified #if around canPlayType a bit,
removed comment that is not all that useful, made the argument to
webkitSetMediaKeys nullable since the implementation supports that.

9:10 AM Changeset in webkit [199356] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12

Merge r197989 - CRASH at WebCore::RenderView::updateVisibleViewportRect
https://bugs.webkit.org/show_bug.cgi?id=155209
<rdar://problem/23997530>

Reviewed by Simon Fraser.

Source/WebCore:

Test: media/video-crash-invisible-autoplay-display-none.html

Between the time when the video element's renderer is created and destroyed, we may have unset the
InvisibleAutoplayNotPermitted restriction. So rather than check for that restriction before
unregistering for the "visible in viewport" notification, unregister only if the renderer
was previously registered.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::willDetachRenderers):

LayoutTests:

(These files were mistakenly landed in a previous commit:)

  • media/video-crash-invisible-autoplay-display-none-expected.txt: Added.
  • media/video-crash-invisible-autoplay-display-none.html: Added.
9:08 AM Changeset in webkit [199355] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197967 - REGRESSION: GuardMallloc crash in SVGListPropertyTearOff<SVGPointList>::processIncomingListItemWrapper
https://bugs.webkit.org/show_bug.cgi?id=154969

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-03-10
Reviewed by Darin Adler.

The life cycle of the SVGAnimatedPropertyTearOff::m_baseVal and m_animVal
was not correct. Like what was done in SVGAnimatedListPropertyTearOff,
m_baseVal and m_animVal have to be raw RefCounted pointers. When requested
through, SVGAnimatedPropertyTearOff::baseVal() and animVal() they are
encapsulated in a RefPtr to ensure they existence as long as they are
referenced. When the animated property object (which is stored in either
m_baseVal or m_animVal) is not referenced by anyone, it is going to be
deleted. In the destructor of their class, SVGAnimatedPropertyTearOff
will be notified of this deletion through propertyWillBeDeleted() to clean
its member m_baseVal or m_animVal.

  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Now all the SVG animated property return RefPtrs. In
addition to that, SVGViewSpec.transform also returns
RefPtr<SVGTransformListPropertyTearOff>.

  • svg/properties/SVGAnimatedListPropertyTearOff.h:

(WebCore::SVGAnimatedListPropertyTearOff::animVal):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Change propertyWillBeDeleted() to be virtual and make it takes an SVGProperty*.
Rename m_animatingAnimVal to be m_animatedProperty. Add isAnimating() which
returns true if m_animatedProperty is not null. Use isAnimating() instead of
m_isAnimating because it's deleted from the base class.

  • svg/properties/SVGAnimatedProperty.cpp:

(WebCore::SVGAnimatedProperty::SVGAnimatedProperty):
(WebCore::SVGAnimatedProperty::~SVGAnimatedProperty):

  • svg/properties/SVGAnimatedProperty.h:

(WebCore::SVGAnimatedProperty::isAnimating):
(WebCore::SVGAnimatedProperty::propertyWillBeDeleted):
Delete m_isAnimating since its value can be deduced from the value of
m_animatedProperty in the derived class. Add propertyWillBeDeleted() and
isAnimating() as virtual functions with the default behavior.

  • svg/properties/SVGAnimatedPropertyTearOff.h:

(WebCore::SVGAnimatedPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPropertyTearOff::animVal):
Like SVGAnimatedListPropertyTearOff::baseVal() and animVal() create the
value if it does not exist. Keep a raw RefCounted pointer but return a
RefPtr.

(WebCore::SVGAnimatedPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedPropertyTearOff::propertyWillBeDeleted):
Override virtual functions.

(WebCore::SVGAnimatedPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedPropertyTearOff::animValDidChange):
Replace m_isAnimating with isAnimating(). Ensure that we get a new animated
property through animVal() and store it in a RefPtr to ensure it will not
go away while animating.

  • svg/properties/SVGAnimatedStaticPropertyTearOff.h:

(WebCore::SVGAnimatedStaticPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedStaticPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValDidChange):
Add isAnimating() and replace all the instances of m_isAnimating with calls
to isAnimating().

  • svg/properties/SVGPropertyTearOff.h:

(WebCore::SVGPropertyTearOff::animatedProperty):
(WebCore::SVGPropertyTearOff::setAnimatedProperty):
(WebCore::SVGPropertyTearOff::contextElement):
(WebCore::SVGPropertyTearOff::SVGPropertyTearOff):
(WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
SVGPropertyTearOff is what SVGAnimatedPropertyTearOff creates for its
baseVal() and animVal() values. These values can be null anytime once
they are not referenced. The SVGAnimatedPropertyTearOff holds only raw
RefCounted pointer for them. So (1) SVGPropertyTearOff needs to hold a
RefPtr for its SVGAnimatedProperty and (2) it needs to notify its
SVGAnimatedProperty when it's deleted by calling propertyWillBeDeleted()
from the destructor. Also there is no need to get the contextElement()
and save it in class member, m_contextElement since it can be always be
retrieved from SVGAnimatedProperty::contextElement().

8:53 AM WebKitGTK/2.12.x edited by tpopela@redhat.com
(diff)
8:46 AM Changeset in webkit [199354] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r197788 - Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

  • wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -

the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

  • TestWebKitAPI/Test.h:

(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.

  • TestWebKitAPI/Tests/WTF/OptionSet.cpp:

(TestWebKitAPI::TEST):

8:45 AM Changeset in webkit [199353] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197191,r197523 - Add WTF::OptionSet and use it for the website data types enum
https://bugs.webkit.org/show_bug.cgi?id=154733

Patch by Anders Carlsson <andersca@apple.com> on 2016-02-26
Reviewed by Geoffrey Garen.

Add WTF::OptionSet which makes it easier to use strong enums as flags.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/Forward.h:
  • wtf/OptionSet.h: Copied from Source/WebKit2/Shared/WebsiteData/WebsiteData.h.

(WTF::OptionSet::fromRaw):
(WTF::OptionSet::OptionSet):
(WTF::OptionSet::toRaw):
(WTF::OptionSet::contains):
(WTF::OptionSet::operator|=):

8:21 AM Changeset in webkit [199352] by sbarati@apple.com
  • 9 edits in trunk

We incorrectly parse arrow function expressions
https://bugs.webkit.org/show_bug.cgi?id=156373

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch removes the notion of "isEndOfArrowFunction".
This was a very weird function and it was incorrect.
It checked that the arrow functions with concise body
grammar production "had a valid ending". "had a valid
ending" is in quotes because concise body arrow functions
have a valid ending as long as their body has a valid
assignment expression. I've removed all notion of this
function because it was wrong and was causing us
to throw syntax errors on valid programs.

  • parser/Lexer.cpp:

(JSC::Lexer<T>::nextTokenIsColon):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::setTokenPosition): Deleted.

  • parser/Lexer.h:

(JSC::Lexer::setIsReparsingFunction):
(JSC::Lexer::isReparsingFunction):
(JSC::Lexer::lineNumber):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBodySourceElements):
(JSC::Parser<LexerType>::parseFunctionInfo):

  • parser/Parser.h:

(JSC::Parser::matchIdentifierOrKeyword):
(JSC::Parser::tokenStart):
(JSC::Parser::autoSemiColon):
(JSC::Parser::canRecurse):
(JSC::Parser::isEndOfArrowFunction): Deleted.
(JSC::Parser::setEndOfStatement): Deleted.

  • tests/stress/arrowfunction-others.js:

(testCase):
(simpleArrowFunction):
(truthy):
(falsey):

LayoutTests:

  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:

(catch):

8:19 AM Changeset in webkit [199351] by eric.carlson@apple.com
  • 10 edits in trunk/Source/WebCore

[iOS] media title sometimes remain in Control Center after tab is closed
https://bugs.webkit.org/show_bug.cgi?id=156243
<rdar://problem/20167445>

Reviewed by Darin Adler.

  • Modules/webaudio/AudioContext.h: Implement characteristics.
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaLoadingFailed): Call mediaSession->clientCharacteristicsChanged.
(WebCore::HTMLMediaElement::setReadyState): Ditto.
(WebCore::HTMLMediaElement::clearMediaPlayer): Ditto.
(WebCore::HTMLMediaElement::stop): Call mediaSession->stopSession.
(WebCore::HTMLMediaElement::characteristics): New, return current characteristics.

  • html/HTMLMediaElement.h:
  • platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::stopSession): Suspend playback, and remove the session

from the manager, it will never play again.

(WebCore::PlatformMediaSession::characteristics): Return client characteristics.
(WebCore::PlatformMediaSession::clientCharacteristicsChanged):

  • platform/audio/PlatformMediaSession.h:
  • platform/audio/PlatformMediaSessionManager.cpp:

(WebCore::PlatformMediaSessionManager::stopAllMediaPlaybackForProcess): Call stopSession

instead of pauseSession to signal that playback will never start again.

  • platform/audio/PlatformMediaSessionManager.h:
  • platform/audio/ios/MediaSessionManagerIOS.h:
  • platform/audio/ios/MediaSessionManagerIOS.mm:

(WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Add logging.
(WebCore::MediaSessionManageriOS::removeSession): Update NowPlaying.
(WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Add logging.
(WebCore::MediaSessionManageriOS::clientCharacteristicsChanged): Update NowPlaying.
(WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): New, return the first session

that is an audio or video element with playable audio. WebAudio is not currently controllable
so it isn't appropriate to show it in the NowPlaying info center.

(WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Remember the last state passed to

NowPlaying so we can call it only when something has changed.

7:56 AM Changeset in webkit [199350] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Modify the CXXFLAGS in webkitdirs.pm just on architectures where the flags are supported
https://bugs.webkit.org/show_bug.cgi?id=156338

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Michael Catanzaro.

Add the "-march=pentium4 -msse2 -mfpmath=sse " into the CXXFLAGS just
for the i686 where it is supported and not for other architectures
(such as s390(x) and ppc(64)) where the build will fail with these
CXXFLAGS.

  • Scripts/webkitdirs.pm:

(generateBuildSystemFromCMakeProject):

6:52 AM Changeset in webkit [199349] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.12

Merge r197874 - Move attributes to the instance for most interfaces that have "Error" in their name
https://bugs.webkit.org/show_bug.cgi?id=155231

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Our bindings generator was keeping attributes on the instances for
interfaces having "Error" or "Exception" in their name. The reason is
that interfaces that have "Error" in their prototype would not behave
correctly otherwise because "Error" incorrectly has its attributes on
the instance at the moment. However, in our bindings generator, the
condition to decide if an interface's prototype should be "Error" is
if $interface->isException. Therefore, we should use the same condition
to decide if we should keep attributes on the instance until "Error"
is updated to have its attributes on the prototype. Doing this for any
interface having "Error" or "Exception" in their name is overkill.

No new tests, already covered by existing test.

  • bindings/scripts/CodeGeneratorJS.pm:

(InterfaceRequiresAttributesOnInstance):

6:33 AM Changeset in webkit [199348] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r197868 - Removing and re-adding a script message handler with the same name results in an unusable message handler
https://bugs.webkit.org/show_bug.cgi?id=155223

Reviewed by Sam Weinig.
Source/WebCore:

New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

  • page/UserMessageHandler.h:

(WebCore::UserMessageHandler::descriptor):

  • page/UserMessageHandlersNamespace.cpp:

(WebCore::UserMessageHandlersNamespace::handler):
This lazy removal mechanism combined with the fact that we only compare
handler name and world makes it such that m_messageHandlers could have
a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
only in client.

It is safe to compare the descriptors by pointer instead because m_messageHandler
holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
that the add-remove-add path (with identical name and world) causes a new
UserContentController to be created.

We also now clean up any stale UserMessageHandlers whenever we're about to
add a new one, by removing any which the UserContentController no longer knows about.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

(TEST):
Add a test ensuring that it is possible to remove and re-add a script message handler
with the same name and still dispatch messages to it.

6:25 AM Changeset in webkit [199347] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197858 - Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

  • storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
  • storage/domstorage/localstorage/blocked-file-access.html: Added.
  • storage/domstorage/localstorage/resources/blocked-example.html: Added.
6:25 AM Changeset in webkit [199346] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r198532 - [GTK] WebInspector broken after r197620
https://bugs.webkit.org/show_bug.cgi?id=155497
<rdar://problem/25171910>

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2016-03-22
Reviewed by Philippe Normand.

Source/WebCore:

Add resource scheme to the list of secure protocols.

  • platform/SchemeRegistry.cpp:

(WebCore::secureSchemes):

Source/WebKit2:

Stop registering resource:// URLs as local, because they are not
like a local file at all. Compare also the URL protocols when
checking whether requested URL is main or test inspector page
instead of checking that the protocol is registered as local.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::isMainOrTestInspectorPage): Compare also the URL protocols.

  • UIProcess/WebInspectorProxy.h:
  • UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage): Do not
set setAllowFileAccessFromFileURLs setting to true.

  • UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::platformInitializeWebProcess): Do not
register resource:// URLS as local.

6:14 AM Changeset in webkit [199345] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197856 - ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

This got rolled out the first time because it failed on bots. It failed due
to expecting a specific number of documents to be live at the start of the
test, which was not reliable on bots since we appear to have more leaks(!)

Tweaked the test to check the delta in live document count instead.

  • fast/dom/ImageDocument-world-leak-expected.txt: Added.
  • fast/dom/ImageDocument-world-leak.html: Added.
5:42 AM Changeset in webkit [199344] by Carlos Garcia Campos
  • 5 edits in trunk/Source/WebCore

[GTK] Rework scrollbars theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156462

Reviewed by Michael Catanzaro.

In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
GtkStyleContext cache.

  • platform/gtk/RenderThemeGadget.cpp:

(WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
(WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
be able to get non-CSS style properties.
(WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
(WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
steppers used by the theme.

  • platform/gtk/RenderThemeGadget.h:
  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::themeChangedCallback):
(WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
(WebCore::createStyleContext):
(WebCore::createChildStyleContext):
(WebCore::ScrollbarThemeGtk::themeChanged):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::scrollbarPartStateFlags):
(WebCore::scrollbarGadgetForLayout):
(WebCore::contentsGadgetForLayout):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::hasThumb):
(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::paintStepper):
(WebCore::adjustRectAccordingToMargin):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):

  • platform/gtk/ScrollbarThemeGtk.h:
5:21 AM Changeset in webkit [199343] by svillar@igalia.com
  • 9 edits
    4 adds in trunk

[css-grid] Add parsing support for <auto-repeat> syntax
https://bugs.webkit.org/show_bug.cgi?id=155583

Reviewed by Antti Koivisto.

Source/WebCore:

The repeat() notation allows now to specify auto-fill or auto-fit instead of
a fixed number of repetitions meaning that it will be automatically computed
depending on the available space.

This patch just adds the parsing support, the expansion of the repeat notation
will be implemented in a follow up patch because it cannot be done at
parsing level (since it requires knowledge about the available space).

Test: fast/css-grid-layout/grid-element-auto-repeat-get-set.html

  • CMakeLists.txt:
  • css/CSSGridAutoRepeatValue.cpp: Added.

(WebCore::CSSGridAutoRepeatValue::customCSSText):

  • css/CSSGridAutoRepeatValue.h: Added.

(WebCore::CSSGridAutoRepeatValue::create):
(WebCore::CSSGridAutoRepeatValue::autoRepeatID):
(WebCore::CSSGridAutoRepeatValue::CSSGridAutoRepeatValue):

  • css/CSSParser.cpp:

(WebCore::allTracksAreFixedSized):
(WebCore::CSSParser::parseGridTrackList):
(WebCore::CSSParser::parseGridTrackRepeatFunction):
(WebCore::CSSParser::parseGridTrackSize):
(WebCore::CSSParser::parseGridBreadth):

  • css/CSSParser.h:
  • css/CSSValue.cpp:

(WebCore::CSSValue::equals):
(WebCore::CSSValue::cssText):
(WebCore::CSSValue::destroy):

  • css/CSSValue.h:

(WebCore::CSSValue::isGridAutoRepeatValue):

  • css/CSSValueKeywords.in:

LayoutTests:

  • fast/css-grid-layout/grid-element-auto-repeat-get-set-expected.txt: Added.
  • fast/css-grid-layout/grid-element-auto-repeat-get-set.html: Added.
1:25 AM Changeset in webkit [199342] by Yusuke Suzuki
  • 7 edits in trunk/Source

[JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant folding in DFG
https://bugs.webkit.org/show_bug.cgi?id=155110

Reviewed by Saam Barati.

Source/JavaScriptCore:

addStaticGlobals does not emit SymbolTableEntry watchpoints for the added entries.
So, all the global variable lookups pointing to these static globals are not converted
into constants in DFGBytecodeGenerator: this fact leaves these lookups as GetGlobalVar.
Such thing avoids constant folding chance and emits CheckCell for @privateFunction inlining.
This operation is pure overhead.

Static globals are not configurable, and they are typically non-writable.
So they are constants in almost all the cases.

This patch initializes watchpoints for these static globals.
These watchpoints allow DFG to convert these nodes into constants in DFG BytecodeParser.
These watchpoints includes many builtin operations and undefined.

The microbenchmark, many-foreach-calls shows 5 - 7% improvement since it removes unnecessary CheckCell.

  • bytecode/VariableWriteFireDetail.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addStaticGlobals):

  • runtime/JSSymbolTableObject.h:

(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet): Deleted.

  • runtime/SymbolTable.h:

(JSC::SymbolTableEntry::SymbolTableEntry):
(JSC::SymbolTableEntry::operator=):
(JSC::SymbolTableEntry::swap):

Source/WebCore:

  • bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::updateDocument):

1:24 AM Changeset in webkit [199341] by svillar@igalia.com
  • 3 edits in trunk/Source/WebCore

[css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
https://bugs.webkit.org/show_bug.cgi?id=156466

Reviewed by Darin Adler.

Several methods used to compute the items' size contribution to the tracks they span in, get
as an argument a vector with the sizes of the column tracks.

In order to support grids with orthogonal flows (among other things) it's much better to
pass the GridSizingData struct and let those methods decide whether to use the columns or
the rows.

No new tests as this is just a minor refactoring with no change in behavior.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::logicalContentHeightForChild):
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):

  • rendering/RenderGrid.h:
12:38 AM Changeset in webkit [199340] by commit-queue@webkit.org
  • 4 edits
    2 adds in trunk

Remove failing assertion in ANGLE
https://bugs.webkit.org/show_bug.cgi?id=156485

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-12
Reviewed by Dean Jackson.

Source/ThirdParty/ANGLE:

  • src/compiler/translator/glslang.l:
  • src/compiler/translator/glslang_lex.cpp:

LayoutTests:

  • fast/canvas/webgl/fragment-shader-assertion-expected.txt: Added.
  • fast/canvas/webgl/fragment-shader-assertion.html: Added.
12:29 AM Changeset in webkit [199339] by achristensen@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Build fix after r199299.
https://bugs.webkit.org/show_bug.cgi?id=155508

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
memset_s is not defined. STDC_WANT_LIB_EXT1 is not defined anywhere.
Since the return value is unused and set_constraint_handler_s is never called
I'm chaning it to memset.

Apr 11, 2016:

11:53 PM Changeset in webkit [199338] by achristensen@apple.com
  • 6 edits
    1 add in trunk

Build MiniBrowser with CMake on Mac
https://bugs.webkit.org/show_bug.cgi?id=156471

Reviewed by Daniel Bates.

Source/WebKit2:

  • DatabaseProcess/DatabaseProcess.messages.in:

Tools:

  • CMakeLists.txt:
  • DumpRenderTree/CMakeLists.txt:
  • DumpRenderTree/PlatformWin.cmake:
  • MiniBrowser/mac/CMakeLists.txt: Added.
11:16 PM Changeset in webkit [199337] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

[JSC] B3 can use undefined bits or not defined required bits when spilling
https://bugs.webkit.org/show_bug.cgi?id=156486

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-11
Reviewed by Filip Pizlo.

Spilling had issues when replacing arguments in place.

The problems are:
1) If we have a 32bit stackslot, a x86 instruction could still try to load 64bits from it.
2) If we have a 64bit stackslot, Move32 would only set half the bits.
3) We were reducing Move to Move32 even if the top bits are read from the stack slot.

The case 1 appear with something like this:

Move32 %tmp0, %tmp1
Op64 %tmp1, %tmp2, %tmp3

When we spill %tmp1, the stack slot is 32bit, Move32 sets 32bits
but Op64 supports addressing for %tmp1. When we substitute %tmp1 in Op64,
we are creating a 64bit read for a 32bit stack slot.

The case 2 is an other common one. If we have:

BB#1

Move32 %tmp0, %tmp1
Jump #3

BB#2

Op64 %tmp0, %tmp1
Jump #3

BB#3

Use64 %tmp1

We have a stack slot of 64bits. When spilling %tmp1 in #1, we are
effectively doing a 32bit store on the stack slot, leaving the top bits undefined.

Case 3 is pretty much the same as 2 but we create the Move32 ourself
because the source is a 32bit with ZDef.

Case (1) is solved by requiring that the stack slot is at least as large as the largest
use/def of that tmp.

Case (2) and (3) are solved by not replacing a Tmp by an Address if the Def
is smaller than the stack slot.

  • b3/air/AirIteratedRegisterCoalescing.cpp:
  • b3/testb3.cpp:

(JSC::B3::testSpillDefSmallerThanUse):
(JSC::B3::testSpillUseLargerThanDef):
(JSC::B3::run):

11:12 PM Changeset in webkit [199336] by ryuan.choi@navercorp.com
  • 12 edits in trunk

[EFL] Do not pass context to EwkViewCreate
https://bugs.webkit.org/show_bug.cgi?id=156461

Reviewed by Darin Adler.

Source/WebKit2:

EWKViewCreate already has pageConfiguration which contains context.
So, this patch removes context argument from EWKViewCreate.

  • UIProcess/API/C/CoordinatedGraphics/WKView.cpp:

(WKViewCreate):

  • UIProcess/API/C/CoordinatedGraphics/WKView.h:
  • UIProcess/API/efl/ewk_view.cpp:

(EWKViewCreate): Call WebView::Create instead of WKViewCreate not to use WK API.
(ewk_view_smart_add):
(ewk_view_add_with_configuration):
(ewk_view_add_with_context):

  • UIProcess/API/efl/ewk_view_private.h:
  • UIProcess/efl/WebInspectorProxyEfl.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

  • UIProcess/efl/WebView.cpp:

(WebKit::WebView::create):
(WebKit::WebView::WebView):

  • UIProcess/efl/WebView.h:

Tools:

  • TestWebKitAPI/Tests/WebKit2/CoordinatedGraphics/WKViewUserViewportToContents.cpp:

(TestWebKitAPI::TEST): Removed context argument from EwkViewCreate calls.

  • TestWebKitAPI/efl/PlatformWebView.cpp:

(TestWebKitAPI::PlatformWebView::PlatformWebView): Ditto.

  • WebKitTestRunner/efl/PlatformWebViewEfl.cpp:

(WTR::PlatformWebView::PlatformWebView): Ditto.

10:49 PM Changeset in webkit [199335] by Darin Adler
  • 4 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from HTMLOptionsCollection
https://bugs.webkit.org/show_bug.cgi?id=156491

Reviewed by Chris Dumez.

  • html/HTMLOptionsCollection.cpp:

(WebCore::HTMLOptionsCollection::add): Take a reference instead of a pointer.

  • html/HTMLOptionsCollection.h: Removed unneeded forward declaration. Changed

add to take a reference instead of a pointer for the element to add. Used
final instead of override on virtual functions.

  • html/HTMLOptionsCollection.idl: Removed now-unneeded attribute

UsePointersEvenForNonNullableObjectArguments; the only function affected was
add, and the overloading code was already checking for null.

9:15 PM Changeset in webkit [199334] by Darin Adler
  • 20 edits in trunk/Source

Remove UsePointersEvenForNonNullableObjectArguments from HTMLSelectElement
https://bugs.webkit.org/show_bug.cgi?id=156458

Reviewed by Chris Dumez.

Source/WebCore:

  • bindings/js/JSHTMLOptionsCollectionCustom.cpp:

(WebCore::JSHTMLOptionsCollection::remove): Updated to call remove with a reference
rather than a pointer.

  • bindings/js/JSHTMLSelectElementCustom.cpp:

(WebCore::JSHTMLSelectElement::remove): Updated to call remove with a reference
rather than a pointer.
(WebCore::selectIndexSetter): Updated to call setOption with a reference rather
than a pointer.

  • bindings/scripts/CodeGeneratorGObject.pm:

(GenerateFunction): Added basic support for passing wrappers by reference.
GObject bindings already check arguments for null, so didn't add any new checks.

  • bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestCallbackFunction.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

Updated.

  • editing/FrameSelection.cpp: Updated includes.
  • html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::setSelected): Pass reference when calling
HTMLSelectElement::optionSelectionStateChanged.
(WebCore::HTMLOptionElement::insertedInto): Ditto.

  • html/HTMLOptionsCollection.cpp:

(WebCore::HTMLOptionsCollection::add): Moved null checking behavior here.
Preserves existing "silently do nothing if null".
(WebCore::HTMLOptionsCollection::remove): Changed function to take a reference
instead of a pointer.

  • html/HTMLOptionsCollection.h: Updated include. Changed remove to take a

reference instead of a pointer.

  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::add): Changed to take a reference instead of
a pointer. Also removed unneeded protect code, since insertBefore already
protects itself, and unneeded call to updateValidity, since the
HTMLSelectElement::childrenChanged function already calls updateValidity.
(WebCore::HTMLSelectElement::remove): Changed to take a reference instead
of a pointer.
(WebCore::HTMLSelectElement::setOption): Changed to take a reference
instead of a pointer.
(WebCore::HTMLSelectElement::setLength): Renamed "newLen" to "newLength".
Use Ref instead of RefPtr for result of createElement, which makes the
argument passed to add be a reference rather than a pointer.
(WebCore::HTMLSelectElement::willRespondToMouseClickEvents): Put the #if
for this here instead of in the header.
(WebCore::HTMLSelectElement::optionSelectionStateChanged): Changed to take
a reference instead of a pointer for the option element.

  • html/HTMLSelectElement.h: Removed unneeded includes. Derive privately

from TypeAheadDataSource instead of publicly. Make all overrides final
except for the one that is actually overridden by a derived class.
Changed the arguments of the add, remove, setOption, and
optionSelectionStateChanged functions to be references instead of pointers.
Tweaked formatting a bit and used nullptr instead of 0. Override
willRespondToMouseClickEvents on all platforms, not just iOS.

  • html/HTMLSelectElement.idl: Removed UsePointersEvenForNonNullableObjectArguments.

Removed a comment that is no longer needed. Made some types nullable to match
the specification, in places that currently have no effect on code generation.
Added a FIXME comment about the argument to setCustomValidity incorrectly being
marked as nullable.

Source/WebKit/win:

  • DOMCoreClasses.cpp: Added now-needed include.

Source/WebKit2:

  • WebProcess/Plugins/PDF/PDFPluginAnnotation.mm: Updated includes.
8:42 PM Changeset in webkit [199333] by rniwa@webkit.org
  • 1 edit
    1 add
    2 deletes in trunk/Websites/perf.webkit.org

Replace script runner to use mocha.js tests
https://bugs.webkit.org/show_bug.cgi?id=156490

Reviewed by Chris Dumez.

Replaced run-tests.js, which was a whole test harness for running legacy tests by tools/run-tests.py
which is a thin wrapper around mocha.js.

  • run-tests.js: Removed.
  • tests: Removed.
  • tools/run-tests.py: Added.

(main):

8:18 PM Changeset in webkit [199332] by rniwa@webkit.org
  • 6 edits in trunk/Websites/perf.webkit.org

New syncing script sometimes schedules a build request on a wrong builder
https://bugs.webkit.org/show_bug.cgi?id=156489

Reviewed by Stephanie Lewis.

The bug was caused by _scheduleNextRequestInGroupIfSlaveIsAvailable scheduling the next build request on
any available syncer regardless of whether the request is the first one in the test group or not because
BuildRequest.order was returning a string instead of a number.

Also fixed a bug that BuildbotTriggerable.syncOnce was re-ordering test groups by their id's instead of
respecting the order in which the perf dashboard returned.

  • public/v3/models/build-request.js:

(BuildRequest.prototype.order): Force the order to be a number.

  • server-tests/api-build-requests-tests.js: Assert the order as numbers.
  • server-tests/resources/mock-data.js:

(MockData.addAnotherMockTestGroup): Changed the test group id to 601, which is after the first mock data.
The old number was masking a bug in BuildbotTriggerable that it was re-ordering test groups by their id's
instead of using the order set forth by the perf dashboard.
(MockData.mockTestSyncConfigWithSingleBuilder):

  • server-tests/tools-buildbot-triggerable-tests.js: Added a test case for scheduling two build requests in

a single call to syncOnce. Each build request should be scheduled on the same builder as the previous build
requests in the same test group.

  • tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype.syncOnce): Order test groups by groupOrder, which is the index at which first
build request in the group appeared.
(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Don't re-order build requests
as they're already sorted on the server side.
(BuildbotTriggerable._testGroupMapForBuildRequests): Added groupOrder to test group info

8:07 PM Changeset in webkit [199331] by Brent Fulgham
  • 13 edits
    2 adds in trunk

Use WeakPtrs to avoid using deallocated Widgets and ScrollableAreas
https://bugs.webkit.org/show_bug.cgi?id=156420
<rdar://problem/25637378>

Reviewed by Darin Adler.

Source/WebCore:

Avoid the risk of using deallocated Widgets and ScrollableAreas by using WeakPtrs instead of
bare pointers. This allows us to remove some explicit calls to get ScrollableArea and Widget
members in the event handling logic. Instead, null checks are sufficient to ensure we never
accidentally dereference a deleted element.

  1. Modify the ScrollableArea class to support vending WeakPtrs.
  2. Modify the Event Handling code to use WeakPtrs to hold ScrollableArea and RenderWidget objects, and to null-check these elements after event handling dispatching is finished to handle cases where these objects are destroyed.

Test: fast/events/wheel-event-destroys-frame.html

fast/events/wheel-event-destroys-overflow.html

  • page/EventHandler.cpp:

(WebCore::EventHandler::platformPrepareForWheelEvents): Change signature for WeakPtr.
(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
(WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
(WebCore::widgetForElement): Change to return a WeakPtr.
(WebCore::EventHandler::handleWheelEvent): Use WeakPtrs to hold elements that might be destroyed
during event handling.

  • page/EventHandler.h:
  • page/mac/EventHandlerEfl.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
  • page/mac/EventHandlerGtk.cpp: Ditto.
  • page/mac/EventHandlerIOS.mm: Ditto.
  • page/mac/EventHandlerMac.mm:

(WebCore::scrollableAreaForEventTarget): Renamed from scrollViewForEventTarget. Return
a WeakPtr rather than a bare pointer.
(WebCore::scrollableAreaForContainerNode): Return WeakPtr rather than bare pointer.
(WebCore::EventHandler::completeWidgetWheelEvent): Added.
(WebCore::EventHandler::passWheelEventToWidget): Deleted.
(WebCore::EventHandler::platformPrepareForWheelEvents): Convert to WeakPtrs.
(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
(WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Ditto.
(WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
(WebCore::EventHandler::widgetDidHandleWheelEvent): Renamed from passWheelEventToWidget.
(WebCore::EventHandler::widgetForEventTarget): Converted from static function to static
method so it can be shared with EventHandlerMac.
(WebCore::scrollViewForEventTarget): Deleted.

  • page/mac/EventHandlerWin.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
  • platform/ScrollableArea.cpp:
  • platform/ScrollableArea.h:

(WebCore::ScrollableArea::createWeakPtr): Added.

  • platform/Widget.h:

(WebCore::ScrollableArea::createWeakPtr): Added.

LayoutTests:

  • fast/events/wheel-event-destroys-overflow-expected.txt: Added.
  • fast/events/wheel-event-destroys-overflow.html: Added.
  • platform/ios-simulator/TestExpectations: Skip wheel-event test on iOS.
7:57 PM Changeset in webkit [199330] by dino@apple.com
  • 3 edits
    2 adds in trunk

putImageData needs to premultiply input
https://bugs.webkit.org/show_bug.cgi?id=156488
<rdar://problem/25672675>

Reviewed by Zalan Bujtas.

Source/WebCore:

I made a mistake in r187534 as I was converting get and putImageData
to use Accelerate. The incoming data is unmultiplied, and should
be premultiplied before copying into the backing store. I was
accidentally unmultiplying unmultiplied data, which caused
some pretty psychedelic results.

Test: fast/canvas/putImageData-unmultiplied.html

  • platform/graphics/cg/ImageBufferDataCG.cpp:

(WebCore::ImageBufferData::putData): Call premultiply, not unpremultiply.

LayoutTests:

Tests that putImageData is taking unmultiplied data,
premultiplying it, then copying into the backing store.

  • fast/canvas/putImageData-unmultiplied-expected.html: Added.
  • fast/canvas/putImageData-unmultiplied.html: Added.
7:20 PM Changeset in webkit [199329] by bshafiei@apple.com
  • 5 edits in branches/safari-601.1.46-branch/Source

Versioning.

7:12 PM Changeset in webkit [199328] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Update Animometer to accommodate different screens
https://bugs.webkit.org/show_bug.cgi?id=156449

Reviewed by Darin Adler.
Provisionally reviewed by Said Abou-Hallawa.

  • Animometer/index.html: Wrap button in a container to add padding at the bottom.
  • Animometer/resources/debug-runner/animometer.css:

(@media screen and (min-device-width: 1800px)): Deleted.
(@media screen and (min-width: 1800px)): Cannot use min-device-width since it may match incorrectly.
(screen and (max-device-height: 414px) and (orientation: landscape)): Some devices swap device width
and height with orientation change.

  • Animometer/resources/runner/animometer.css: Similar.

(screen and (min-device-width: 1024px) and (orientation: landscape)):
(screen and (max-device-height: 414px) and (orientation: landscape)):
(.frame-container): On smaller iPhones, adding 1px prevents the navigation bars from appearing.
(@media screen and (min-device-width: 768px) and (max-device-width: 1024px)): Deleted.
(@media (min-device-height: 768px) and (max-device-height: 1024px)): Target iPad Airs and similar.
(@media screen and (min-device-width: 1024px) and (max-device-width: 1366px)): Deleted.
(@media screen and (max-device-width: 1024px) and (min-device-height: 1366px)): Target iPad Pro.
(#results footer): Add padding below the button for testing again.

  • Animometer/tests/master/multiply.html: Remove the center text.
  • Animometer/tests/master/resources/text.js: Update the test so that in every frame the text moves.
  • Animometer/tests/master/text.html: Update the text sizing depending on the size of the device.
6:32 PM Changeset in webkit [199327] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.46.126

New tag.

6:00 PM Changeset in webkit [199326] by commit-queue@webkit.org
  • 28 edits in trunk/Source

When clearing cache, also clear AVFoundation cache.
https://bugs.webkit.org/show_bug.cgi?id=155783
rdar://problem/25252541

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-04-11
Reviewed by Darin Adler.

Source/WebCore:

Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
can then be used to manage the cache storage used by AVFoundation. It is used to query the
contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
clearMediaCache() and clearMediaCacheForOrigins().

Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

  • html/HTMLMediaElement.cpp:

(WebCore::sharedMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::originsInMediaCache): Added.
(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
(WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
(WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
(WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.

  • platform/graphics/MediaPlayer.cpp:

(WebCore::addMediaEngine): Add new cache methods.
(WebCore::addToHash): Added.
(WebCore::MediaPlayer::originsInMediaCache): Added.
(WebCore::MediaPlayer::clearMediaCache): Added parameter.
(WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.

  • platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.

  • platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
(WebCore::assetCacheForPath): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
(WebCore::toSystemClockTime): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.

  • platform/graphics/mac/MediaPlayerPrivateQTKit.h:
  • platform/graphics/mac/MediaPlayerPrivateQTKit.mm:

(WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
(WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.

  • platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

Include the HTMLMediaElement media cache when doing disk cache operations.
Add a sandbox extension for media cache directory. This allows the UI process and the web process
to access the same cache.

  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Add media cache directory.
(WebKit::WebProcessCreationParameters::decode): Add media cache directory.

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::ProcessPoolConfiguration): Add media cache directory.
(API::ProcessPoolConfiguration::copy): Add media cache directory.

  • UIProcess/API/APIProcessPoolConfiguration.h:
  • UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Default implementation.

  • UIProcess/API/APIWebsiteDataStore.h:
  • UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Media cache is in temporary directory.
(API::WebsiteDataStore::tempDirectoryFileSystemRepresentation): For resources in temporary directory.
(API::WebsiteDataStore::defaultDataStoreConfiguration): Init media cache directory.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory):

  • UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Add mediaCacheDirectory.
(WebKit::WebProcessPool::createNewWebProcess): Add mediaCacheDirectory.

  • UIProcess/WebProcessPool.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData): Implement for mediaCacheDirectory.
(WebKit::WebsiteDataStore::removeData): Implement for mediaCacheDirectory.

  • UIProcess/WebsiteData/WebsiteDataStore.h:
  • UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

  • UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Initialize media cache directory.

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess): Consume sandbox extension.

5:48 PM Changeset in webkit [199325] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Tab Bar items get unreadable at narrow window widths, should collapse earlier
https://bugs.webkit.org/show_bug.cgi?id=156477

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-11
Reviewed by Timothy Hatcher.

  • UserInterface/Views/TabBar.js:

(WebInspector.TabBar.prototype.layout):
Hide-titles sooner since a width of 60 results in only a few characters
and looks poor.

5:45 PM Changeset in webkit [199324] by jiewen_tan@apple.com
  • 2 edits in trunk/LayoutTests

Unskip imported/w3c/web-platform-tests/IndexedDB/idbindex-multientry-big.htm
https://bugs.webkit.org/show_bug.cgi?id=156480

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
4:49 PM Changeset in webkit [199323] by commit-queue@webkit.org
  • 25 edits in trunk/Source/WebCore

Unreviewed, rolling out r199310.
https://bugs.webkit.org/show_bug.cgi?id=156483

This change turns many indexeddb tests into crashes (Requested
by jwtan on #webkit).

Reverted changeset:

"Clean up IDBBindingUtilities."
https://bugs.webkit.org/show_bug.cgi?id=156472
http://trac.webkit.org/changeset/199310

4:47 PM Changeset in webkit [199322] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Unstyled nodes in ObjectTree previews look poor
https://bugs.webkit.org/show_bug.cgi?id=156475
<rdar://problem/25667351>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-11
Reviewed by Timothy Hatcher.

  • UserInterface/Views/ObjectPreviewView.js:

(WebInspector.ObjectPreviewView.prototype._appendPreview):
Treat nodes as simple values.

(WebInspector.ObjectPreviewView.prototype._initTitleElement):
(WebInspector.ObjectPreviewView.prototype._appendValuePreview):
Format nodes nicely, and treat them as lossy since they have properties.

4:46 PM Changeset in webkit [199321] by commit-queue@webkit.org
  • 28 edits in trunk/Source

Unreviewed, rolling out r199315.
https://bugs.webkit.org/show_bug.cgi?id=156482

This change broke the OS X Yosemite build. (Requested by jwtan
on #webkit).

Reverted changeset:

"When clearing cache, also clear AVFoundation cache."
https://bugs.webkit.org/show_bug.cgi?id=155783
http://trac.webkit.org/changeset/199315

4:22 PM Changeset in webkit [199320] by Brian Burg
  • 9 edits in trunk/Source

Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
https://bugs.webkit.org/show_bug.cgi?id=156407
<rdar://problem/25627659>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

There's no point having these subclasses as they don't save any space.
Add a StringImpl to the union and merge some implementations of writeJSON.

Rename m_data to m_map and explicitly name the union as InspectorValue::m_value.
If the value is a string and the string is not empty or null (i.e., it has a
StringImpl), then we need to ref() and deref() the string as the InspectorValue
is created or destroyed.

Move uses of the subclass to InspectorValue and delete redundant methods.
Now, most InspectorValue methods are non-virtual so they can be templated.

  • bindings/ScriptValue.cpp:

(Deprecated::jsToInspectorValue):

  • inspector/InjectedScriptBase.cpp:

(Inspector::InjectedScriptBase::makeCall):
Don't used deleted subclasses.

  • inspector/InspectorValues.cpp:

(Inspector::InspectorValue::null):
(Inspector::InspectorValue::create):
(Inspector::InspectorValue::asValue):
(Inspector::InspectorValue::asBoolean):
(Inspector::InspectorValue::asDouble):
(Inspector::InspectorValue::asInteger):
(Inspector::InspectorValue::asString):
These only need one implementation now.

(Inspector::InspectorValue::writeJSON):
Still a virtual method since Object and Array need their members.

(Inspector::InspectorObjectBase::InspectorObjectBase):
(Inspector::InspectorBasicValue::asBoolean): Deleted.
(Inspector::InspectorBasicValue::asDouble): Deleted.
(Inspector::InspectorBasicValue::asInteger): Deleted.
(Inspector::InspectorBasicValue::writeJSON): Deleted.
(Inspector::InspectorString::asString): Deleted.
(Inspector::InspectorString::writeJSON): Deleted.
(Inspector::InspectorString::create): Deleted.
(Inspector::InspectorBasicValue::create): Deleted.

  • inspector/InspectorValues.h:

(Inspector::InspectorObjectBase::find):
(Inspector::InspectorObjectBase::setBoolean):
(Inspector::InspectorObjectBase::setInteger):
(Inspector::InspectorObjectBase::setDouble):
(Inspector::InspectorObjectBase::setString):
(Inspector::InspectorObjectBase::setValue):
(Inspector::InspectorObjectBase::setObject):
(Inspector::InspectorObjectBase::setArray):
(Inspector::InspectorArrayBase::pushBoolean):
(Inspector::InspectorArrayBase::pushInteger):
(Inspector::InspectorArrayBase::pushDouble):
(Inspector::InspectorArrayBase::pushString):
(Inspector::InspectorArrayBase::pushValue):
(Inspector::InspectorArrayBase::pushObject):
(Inspector::InspectorArrayBase::pushArray):
Use new factory methods.

  • replay/EncodedValue.cpp:

(JSC::ScalarEncodingTraits<bool>::encodeValue):
(JSC::ScalarEncodingTraits<double>::encodeValue):
(JSC::ScalarEncodingTraits<float>::encodeValue):
(JSC::ScalarEncodingTraits<int32_t>::encodeValue):
(JSC::ScalarEncodingTraits<int64_t>::encodeValue):
(JSC::ScalarEncodingTraits<uint32_t>::encodeValue):
(JSC::ScalarEncodingTraits<uint64_t>::encodeValue):

  • replay/EncodedValue.h:

Use new factory methods.

Source/WebCore:

  • inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.
4:16 PM Changeset in webkit [199319] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.27.0.1/Source/WebCore

Merged r199317. rdar://problem/25627389

4:16 PM Changeset in webkit [199318] by jiewen_tan@apple.com
  • 2 edits in trunk/LayoutTests

Skip imported/w3c/web-platform-tests/IndexedDB/idbindex-multientry-big.htm on ios-simulators
https://bugs.webkit.org/show_bug.cgi?id=156480

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
4:13 PM Changeset in webkit [199317] by achristensen@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r198909.
https://bugs.webkit.org/show_bug.cgi?id=156479

made double-click-and-drag on text drag instead of
highlighting (Requested by alexchristensen_ on #webkit).

Reverted changeset:

"eventMayStartDrag() does not check for shiftKey or
isOverLink"
https://bugs.webkit.org/show_bug.cgi?id=155746
http://trac.webkit.org/changeset/198909

Patch by Commit Queue <commit-queue@webkit.org> on 2016-04-11

4:00 PM Changeset in webkit [199316] by Chris Dumez
  • 7 edits in trunk/Source/WebCore

[WebIDL] Add support for [ImplementedAs] for EventHandler attributes
https://bugs.webkit.org/show_bug.cgi?id=156421

Reviewed by Darin Adler.

Add support for [ImplementedAs] for EventHandler attributes so we can
get rid of some ugly name hard-coding in the bindings generator.

  • Modules/notifications/Notification.idl:
  • bindings/scripts/CodeGeneratorJS.pm:

(EventHandlerAttributeEventName):

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjOnwebkitfoo):
(WebCore::setJSTestObjOnwebkitfoo):

  • bindings/scripts/test/TestObj.idl:
  • dom/Element.idl:
  • page/DOMWindow.idl:
3:43 PM Changeset in webkit [199315] by commit-queue@webkit.org
  • 28 edits in trunk/Source

When clearing cache, also clear AVFoundation cache.
https://bugs.webkit.org/show_bug.cgi?id=155783
rdar://problem/25252541

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-04-11
Reviewed by Darin Adler.

Source/WebCore:

Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
can then be used to manage the cache storage used by AVFoundation. It is used to query the
contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
clearMediaCache() and clearMediaCacheForOrigins().

Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

  • html/HTMLMediaElement.cpp:

(WebCore::sharedMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::originsInMediaCache): Added.
(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
(WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
(WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
(WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.

  • platform/graphics/MediaPlayer.cpp:

(WebCore::addMediaEngine): Add new cache methods.
(WebCore::addToHash): Added.
(WebCore::MediaPlayer::originsInMediaCache): Added.
(WebCore::MediaPlayer::clearMediaCache): Added parameter.
(WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.

  • platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.

  • platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
(WebCore::assetCacheForPath): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
(WebCore::toSystemClockTime): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.

  • platform/graphics/mac/MediaPlayerPrivateQTKit.h:
  • platform/graphics/mac/MediaPlayerPrivateQTKit.mm:

(WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
(WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.

  • platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

Include the HTMLMediaElement media cache when doing disk cache operations.
Add a sandbox extension for media cache directory. This allows the UI process and the web process
to access the same cache.

  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Add media cache directory.
(WebKit::WebProcessCreationParameters::decode): Add media cache directory.

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::ProcessPoolConfiguration): Add media cache directory.
(API::ProcessPoolConfiguration::copy): Add media cache directory.

  • UIProcess/API/APIProcessPoolConfiguration.h:
  • UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Default implementation.

  • UIProcess/API/APIWebsiteDataStore.h:
  • UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Media cache is in temporary directory.
(API::WebsiteDataStore::tempDirectoryFileSystemRepresentation): For resources in temporary directory.
(API::WebsiteDataStore::defaultDataStoreConfiguration): Init media cache directory.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory):

  • UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Add mediaCacheDirectory.
(WebKit::WebProcessPool::createNewWebProcess): Add mediaCacheDirectory.

  • UIProcess/WebProcessPool.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData): Implement for mediaCacheDirectory.
(WebKit::WebsiteDataStore::removeData): Implement for mediaCacheDirectory.

  • UIProcess/WebsiteData/WebsiteDataStore.h:
  • UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

  • UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Initialize media cache directory.

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess): Consume sandbox extension.

2:42 PM Changeset in webkit [199314] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

[WebGL2] Use Open GL ES 3.0 to back WebGL2 contexts
https://bugs.webkit.org/show_bug.cgi?id=141178

Patch by Antoine Quint <Antoine Quint> on 2016-04-11
Reviewed by Dean Jackson.

We add a new useGLES3 attribute when creating a GraphicsContext3D in the event that the
context type is "webgl2". This attribute is then read by the GraphicsContext3D constructor
to request an Open GL ES 3.0 backend when creating the EAGLContext on iOS.

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::create):

  • platform/graphics/GraphicsContext3D.h:

(WebCore::GraphicsContext3D::Attributes::Attributes):

  • platform/graphics/mac/GraphicsContext3DMac.mm:

(WebCore::GraphicsContext3D::GraphicsContext3D):

2:35 PM Changeset in webkit [199313] by jiewen_tan@apple.com
  • 4 edits
    2 adds in trunk

fast/loader/opaque-base-url.html crashing during mac and ios debug tests
https://bugs.webkit.org/show_bug.cgi?id=156179
<rdar://problem/25507719>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Navigate to about:blank if the provided src of an iframe/frame cannot be
resolved to a valid URL.

Test: fast/loader/iframe-src-invalid-url.html

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::requestFrame):

LayoutTests:

  • fast/loader/iframe-src-invalid-url-expected.txt: Added.
  • fast/loader/iframe-src-invalid-url.html: Added.
2:33 PM Changeset in webkit [199312] by commit-queue@webkit.org
  • 25 edits
    2 adds
    1 delete in trunk

Merge CG ImageSource and non CG ImageSource implementation in one file
https://bugs.webkit.org/show_bug.cgi?id=155456

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-11
Reviewed by Darin Adler.
Source/WebCore:

ImageSource for CG and CG code paths look very similar. All the platform
specific code can be moved to ImageDecoder classes for CG and non CG. And
we can have the ImageSource be platform independent and we get rid of
ImageSourceCG.cpp.

Test: fast/images/image-subsampling.html

  • CMakeLists.txt:
  • PlatformAppleWin.cmake:
  • PlatformMac.cmake:
  • WebCore.xcodeproj/project.pbxproj:

Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
CMakeLists.txt.

  • platform/Cursor.cpp:

(WebCore::determineHotSpot):

  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::hotSpot):
(WebCore::BitmapImage::getHotSpot): Deleted.

  • platform/graphics/BitmapImage.h:
  • platform/graphics/Image.h:

(WebCore::Image::hotSpot):
(WebCore::Image::getHotSpot): Deleted.
Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.

  • platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
(WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
(WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.

(WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
The value of const static int CG ImageDecoder::m_maxNumPixels will be set
based on IMAGE_DECODER_DOWN_SAMPLING.

(WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.

(WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
subsampling level allowed for an image.

(WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
a particular image.

(WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
of encoded bytes which can determine the image properties. For non CG it's
zero. For CG it is a maximum value which can be corrected later.

(WebCore::ImageSource::isSizeAvailable):
(WebCore::ImageSource::sizeRespectingOrientation):
(WebCore::ImageSource::frameCount):
(WebCore::ImageSource::repetitionCount):
(WebCore::ImageSource::filenameExtension):
(WebCore::ImageSource::getHotSpot):
(WebCore::ImageSource::frameIsCompleteAtIndex):
(WebCore::ImageSource::frameHasAlphaAtIndex):
(WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageSource::frameSizeAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):
(WebCore::ImageSource::frameDurationAtIndex):
(WebCore::ImageSource::orientationAtIndex):
(WebCore::ImageSource::createFrameImageAtIndex):
These are wrappers for the ImageDecoder APIs. The purpose of these functions
is to ensure the ImageDecoder is created.

(WebCore::ImageSource::dump): Called from BitmapImage::dump().

(WebCore::ImageSource::getHotSpot): Deleted.

  • platform/graphics/ImageSource.h:

(WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().

(WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
(WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.

  • platform/graphics/cg/ImageDecoderCG.cpp:

(WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

(WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
The code was moved to ImageSource::subsamplingLevelForScale().

  • platform/graphics/cg/ImageDecoderCG.h:

(WebCore::ImageDecoder::create): Make the prototype of this function
suitable for CG and non CG cases.
(WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.

  • platform/graphics/cg/ImageSourceCG.cpp: Removed.
  • platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
whether the frame decoding is complete or not.

(WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.

(WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
ImageSource::frameDurationAtIndex() in ImageSource.cpp.

(WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
ImageSource::createFrameImageAtIndex() in ImageSource.cpp.

  • platform/image-decoders/ImageDecoder.h:

(WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
(WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
(WebCore::ImageDecoder::setData): Change the type of the argument from
SharedBuffer* to SharedBuffer&.
(WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
so it can have the same prototype as CG.
(WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.

(WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
(WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
and return the default values so we do not have to add directive compiled
non CG blocks in ImageSource.cpp.

(WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.

(WebCore::ImageDecoder::orientation): Deleted.
(WebCore::ImageDecoder::setMaxNumPixels): Deleted.

  • platform/image-decoders/bmp/BMPImageDecoder.cpp:

(WebCore::BMPImageDecoder::setData):

  • platform/image-decoders/bmp/BMPImageDecoder.h:
  • platform/image-decoders/gif/GIFImageDecoder.cpp:

(WebCore::GIFImageDecoder::setData):
(WebCore::GIFImageDecoder::decode):

  • platform/image-decoders/gif/GIFImageDecoder.h:
  • platform/image-decoders/gif/GIFImageReader.h:

(GIFImageReader::setData):

  • platform/image-decoders/ico/ICOImageDecoder.cpp:

(WebCore::ICOImageDecoder::setData):
Use reference SharedBuffer instead of pointer SharedBuffer.

(WebCore::ICOImageDecoder::hotSpot):
(WebCore::ICOImageDecoder::hotSpotAtIndex):
Change hotSpot() to return Optional<IntPoint>.

  • platform/image-decoders/ico/ICOImageDecoder.h:

(WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
Pass reference SharedBuffer instead of pointer SharedBuffer.

Source/WebKit2:

  • UIProcess/API/efl/EwkView.cpp:

(EwkView::setCursor):
Replace the call to Image::getHotSpot() by Image::hotSpot().

LayoutTests:

Add a test for image sub-sampling. The image subsampling is enabled by
default for iOS platform only. But it can be explicitly enabled through
the setting ImageSubsamplingEnabled.

  • fast/images/image-subsampling-expected.html: Added.
  • fast/images/image-subsampling.html: Added.
2:32 PM Changeset in webkit [199311] by andersca@apple.com
  • 6 edits
    2 moves in trunk/Source/WebKit2

Rename WKOpenPanelParameters files to WKOpenPanelParametersRef
https://bugs.webkit.org/show_bug.cgi?id=156473

Reviewed by Alex Christensen.

  • UIProcess/API/C/WKOpenPanelParameters.cpp:

(WKOpenPanelParametersGetTypeID): Deleted.
(WKOpenPanelParametersGetAllowsMultipleFiles): Deleted.
(WKOpenPanelParametersCopyAcceptedMIMETypes): Deleted.
(WKOpenPanelParametersCopyCapture): Deleted.
(WKOpenPanelParametersGetCaptureEnabled): Deleted.
(WKOpenPanelParametersCopySelectedFileNames): Deleted.

  • UIProcess/API/C/WKOpenPanelParametersRef.cpp: Renamed from Source/WebKit2/UIProcess/API/C/WKOpenPanelParameters.cpp.

(WKOpenPanelParametersGetTypeID):
(WKOpenPanelParametersGetAllowsMultipleFiles):
(WKOpenPanelParametersCopyAcceptedMIMETypes):
(WKOpenPanelParametersCopyCapture):
(WKOpenPanelParametersGetCaptureEnabled):
(WKOpenPanelParametersCopySelectedFileNames):

  • UIProcess/API/C/WKOpenPanelParametersRef.h: Renamed from Source/WebKit2/UIProcess/API/C/WKOpenPanelParameters.h.
  • UIProcess/API/C/WebKit2_C.h:
  • UIProcess/API/efl/ewk_file_chooser_request.cpp:
  • UIProcess/mac/WebInspectorProxyMac.mm:
  • WebKit2.xcodeproj/project.pbxproj:
2:31 PM Changeset in webkit [199310] by beidson@apple.com
  • 25 edits in trunk/Source/WebCore

Clean up IDBBindingUtilities.
https://bugs.webkit.org/show_bug.cgi?id=156472

Reviewed by Alex Christensen.

No new tests (No change in behavior).

  • Get rid of a whole bunch of unused functions (since we got rid of Legacy IDB).
  • Make more functions deal in ExecState/ScriptExecutionContexts instead of DOMRequestState.
  • Make more functions deal in JSValue instead of Deprecated::ScriptValue.
  • bindings/scripts/IDLAttributes.txt: Add a new attribute to signify that an implementation returns JSValues instead of Deprecated::ScriptState
  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Use that new attribute.

  • Modules/indexeddb/IDBAny.cpp:

(WebCore::IDBAny::IDBAny):
(WebCore::IDBAny::scriptValue):

  • Modules/indexeddb/IDBAny.h:

(WebCore::IDBAny::create):

  • Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::key):
(WebCore::IDBCursor::primaryKey):
(WebCore::IDBCursor::value):
(WebCore::IDBCursor::update):
(WebCore::IDBCursor::continueFunction):
(WebCore::IDBCursor::deleteFunction):
(WebCore::IDBCursor::setGetResult):

  • Modules/indexeddb/IDBCursor.h:
  • Modules/indexeddb/IDBCursor.idl:
  • Modules/indexeddb/IDBCursorWithValue.idl:
  • Modules/indexeddb/IDBFactory.cpp:

(WebCore::IDBFactory::cmp):

  • Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::count):
(WebCore::IDBIndex::get):
(WebCore::IDBIndex::getKey):

  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::lowerValue):
(WebCore::IDBKeyRange::upperValue):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:
  • Modules/indexeddb/IDBKeyRange.idl:
  • Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::get):
(WebCore::IDBObjectStore::modernDelete):
(WebCore::IDBObjectStore::count):

  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::setResult):
(WebCore::IDBRequest::setResultToStructuredClone):

  • Modules/indexeddb/server/MemoryObjectStore.cpp:

(WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord):
(WebCore::IDBServer::MemoryObjectStore::populateIndexWithExistingRecords):

  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::idbKeyPathFromValue):
(WebCore::deserializeIDBValueDataToJSValue):
(WebCore::scriptValueToIDBKey):
(WebCore::idbKeyDataToScriptValue):
(WebCore::idbKeyDataToJSValue): Deleted.
(WebCore::injectIDBKeyIntoScriptValue): Deleted.
(WebCore::createIDBKeyFromScriptValueAndKeyPath): Deleted.
(WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
(WebCore::canInjectIDBKeyIntoScriptValue): Deleted.
(WebCore::deserializeIDBValue): Deleted.
(WebCore::deserializeIDBValueData): Deleted.
(WebCore::deserializeIDBValueBuffer): Deleted.
(WebCore::idbValueDataToJSValue): Deleted.
(WebCore::idbKeyToScriptValue): Deleted.

  • bindings/js/IDBBindingUtilities.h:
  • bindings/js/JSIDBAnyCustom.cpp:

(WebCore::toJS):

  • bindings/js/JSIDBDatabaseCustom.cpp:

(WebCore::JSIDBDatabase::createObjectStore):

  • bindings/js/JSIDBObjectStoreCustom.cpp:

(WebCore::JSIDBObjectStore::createIndex):

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::execState):

  • dom/ScriptExecutionContext.h:
  • inspector/InspectorIndexedDBAgent.cpp:
1:10 PM Changeset in webkit [199309] by barraclough@apple.com
  • 16 edits in trunk/Source

WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Reviewed by Darin Adler.

Source/WebCore:

The statement intended to enable WAL mode is always failing because it is missing a
prepare(). Fix this. We were also previously permitting SQLITE_OK results - this
was in error (we were only getting these because stepping the unprepared statement
returned SQLITE_OK). Also set the SQLITE_OPEN_AUTOPROXY flag when opening the
database - this will improve perfomance when the database is accessed via an AFP
mount.

This exposed a bug, that deleteAllDatabases does not actually delete the databases on
iOS, for testing to reset back to a known state between tests it should be doing so.

  • Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::deleteAllDatabases):

  • force databases to actually be deleted on iOS. This method is only used from testing code (DumpRenderTree / WebKitTestRunner).

(WebCore::DatabaseTracker::deleteOrigin):

  • added IOSDeletionMode.

(WebCore::DatabaseTracker::deleteDatabaseFile):

  • added IOSDeletionMode, modified to actually delete if this is set.
  • Modules/webdatabase/DatabaseTracker.h:
    • added IOSDeletionMode.
  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

  • call prepareAndStep(), only check for SQLITE_ROW result.
  • platform/sql/SQLiteFileSystem.cpp:

(WebCore::SQLiteFileSystem::openDatabase):

  • should set SQLITE_OPEN_AUTOPROXY flag when opening database.

Source/WebKit/mac:

  • Storage/WebDatabaseManagerPrivate.h:
    • renamed deleteAllDatabases -> deleteAllDatabasesImmediately.

Source/WebKit/win:

  • WebDatabaseManager.cpp:

(WebDatabaseManager::deleteAllDatabases):

  • renamed deleteAllDatabases -> deleteAllDatabasesImmediately.

Source/WebKit2:

  • WebProcess/InjectedBundle/API/c/WKBundle.cpp:

(WKBundleClearAllDatabases):

  • renamed deleteAllDatabases -> deleteAllDatabasesImmediately.
1:00 PM Changeset in webkit [199308] by Joseph Pecoraro
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: HeapSnapshot instance property path popover should include a descriptive header
https://bugs.webkit.org/show_bug.cgi?id=156431
<rdar://problem/25633594>

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendTitle):
Title for the popover. Because localization may change the location of the @1234
in the string, localize first with a placeholder, and then replace the placeholder
with the @1234 link.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPath):
Give the table a container for extra padding.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPathRow):
Do not include the space before @1234 as part of the clickable link.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler):
Include a title when the popover shows a root path.

  • UserInterface/Views/HeapSnapshotInstancesContentView.css:

(.heap-snapshot-instance-popover-content > .title):
(.heap-snapshot-instance-popover-content):
(.heap-snapshot-instance-popover-content > .table-container):
(.heap-snapshot-instance-popover-content table):
Provide styles for the title. Let the title extend across the entire
popover horizontally, but pad the table so that it appears more
centered under the title. Because the table has border collapse we have
to wrap it in a container to give it back the padding we want.

12:52 PM Changeset in webkit [199307] by Alan Bujtas
  • 4 edits in trunk/Source/WebCore

Simplify InlineTextBox::selectionStartEnd()
https://bugs.webkit.org/show_bug.cgi?id=156459

Reviewed by Darin Adler.

No change in functionality.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::selectionState):
(WebCore::InlineTextBox::paint):
(WebCore::InlineTextBox::selectionStartEnd):
(WebCore::InlineTextBox::paintSelection):
(WebCore::InlineTextBox::paintCompositionBackground):

  • rendering/InlineTextBox.h:
  • rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paintText):

12:37 PM Changeset in webkit [199306] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.27.0.1/Source/WebKit2

Merged r199301. rdar://problem/25628133

12:33 PM Changeset in webkit [199305] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.27.0.1/Source

Versioning.

12:31 PM Changeset in webkit [199304] by Alan Bujtas
  • 4 edits
    2 adds in trunk

REGRESSION (r193857): Text selection causes text to disappear.
https://bugs.webkit.org/show_bug.cgi?id=156448
rdar://problem/25578952

Reviewed by Simon Fraser.

Apparently when the end position of the selection range is smaller than the start position, we need
to repaint the entire text as it indicates selection clearing.

Source/WebCore:

Test: fast/text/text-disappear-on-deselect.html

  • rendering/TextPainter.cpp:

(WebCore::TextPainter::paintText):

LayoutTests:

  • fast/text/text-disappear-on-deselect-expected.html: Added.
  • fast/text/text-disappear-on-deselect.html: Added.
12:31 PM Changeset in webkit [199303] by fpizlo@apple.com
  • 21 edits in trunk/Source/JavaScriptCore

It should be possible to edit StructureStubInfo without recompiling the world
https://bugs.webkit.org/show_bug.cgi?id=156470

Reviewed by Keith Miller.

This change makes it less painful to make changes to the IC code. It used to be that any
change to StructureStubInfo caused every JIT-related file to get recompiled. Now only a
smaller set of files - ones that actually peek into StructureStubInfo - will recompile. This
is mainly because CodeBlock.h no longer includes StructureStubInfo.h.

  • bytecode/ByValInfo.h:
  • bytecode/CodeBlock.cpp:
  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:
  • bytecode/GetByIdStatus.h:
  • bytecode/PutByIdStatus.cpp:
  • bytecode/PutByIdStatus.h:
  • bytecode/StructureStubInfo.h:

(JSC::getStructureStubInfoCodeOrigin):

  • dfg/DFGByteCodeParser.cpp:
  • dfg/DFGJITCompiler.cpp:
  • dfg/DFGOSRExitCompilerCommon.cpp:
  • dfg/DFGSpeculativeJIT.h:
  • ftl/FTLLowerDFGToB3.cpp:
  • ftl/FTLSlowPathCall.h:
  • jit/IntrinsicEmitter.cpp:
  • jit/JITInlineCacheGenerator.cpp:
  • jit/JITInlineCacheGenerator.h:
  • jit/JITOperations.cpp:
  • jit/JITPropertyAccess.cpp:
  • jit/JITPropertyAccess32_64.cpp:
12:20 PM Changeset in webkit [199302] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.27.0.1

New tag.

12:06 PM Changeset in webkit [199301] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Anders Carlsson.

Temporarily perform code signing verification only for Mac App Store- and Apple Developer- signed apps.

  • Shared/mac/ChildProcessMac.mm:

(WebKit::codeSigningIdentifierForProcess):

12:04 PM Changeset in webkit [199300] by gskachkov@gmail.com
  • 19 edits in trunk/Source/JavaScriptCore

Remove NewArrowFunction from DFG IR
https://bugs.webkit.org/show_bug.cgi?id=156439

Reviewed by Saam Barati.

It seems that NewArrowFunction was left in DFG IR during refactoring by mistake.

  • dfg/DFGAbstractInterpreterInlines.h:
  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGClobbersExitState.cpp:
  • dfg/DFGDoesGC.cpp:
  • dfg/DFGFixupPhase.cpp:
  • dfg/DFGMayExit.cpp:
  • dfg/DFGNode.h:

(JSC::DFG::Node::convertToPhantomNewFunction):

  • dfg/DFGNodeType.h:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

  • dfg/DFGSpeculativeJIT32_64.cpp:
  • dfg/DFGSpeculativeJIT64.cpp:
  • dfg/DFGStoreBarrierInsertionPhase.cpp:
  • dfg/DFGStructureRegistrationPhase.cpp:
  • ftl/FTLCapabilities.cpp:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):

12:00 PM Changeset in webkit [199299] by oliver@apple.com
  • 21 edits in trunk

Remove compile time define for SEPARATED_HEAP
https://bugs.webkit.org/show_bug.cgi?id=155508

Reviewed by Mark Lam.

Source/JavaScriptCore:

Remove the SEPARATED_HEAP compile time flag. The separated
heap is available, but off by default, on x86_64, ARMv7, and
ARM64.

Working through the issues that happened last time essentially
required implementing the ARMv7 path for the separated heap
just so I could find all the ways it was going wrong.

We fixed all the logic by making the branch and jump logic in
the linker and assemblers take two parameters, the location to
write to, and the location we'll actually be writing to. We
need to do this because it's no longer sufficient to compute
jumps relative to region the linker is writing to.

The repatching jump, branch, and call functions only need the
executable address as the patching is performed directly using
performJITMemcpy function which works in terms of the executable
address.

There is no performance impact on jsc-benchmarks with the separate
heap either emabled or disabled.

  • Configurations/FeatureDefines.xcconfig:
  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::linkJump):
(JSC::ARM64Assembler::linkCall):
(JSC::ARM64Assembler::relinkJump):
(JSC::ARM64Assembler::relinkCall):
(JSC::ARM64Assembler::link):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::relinkJumpOrCall):

  • assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
(JSC::ARMv7Assembler::revertJumpTo_movT3):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::linkJump):
(JSC::ARMv7Assembler::relinkJump):
(JSC::ARMv7Assembler::repatchCompact):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::replaceWithLoad):
(JSC::ARMv7Assembler::replaceWithAddressComputation):
(JSC::ARMv7Assembler::setInt32):
(JSC::ARMv7Assembler::setUInt7ForLoad):
(JSC::ARMv7Assembler::isB):
(JSC::ARMv7Assembler::isBX):
(JSC::ARMv7Assembler::isMOV_imm_T3):
(JSC::ARMv7Assembler::isMOVT):
(JSC::ARMv7Assembler::isNOP_T1):
(JSC::ARMv7Assembler::isNOP_T2):
(JSC::ARMv7Assembler::linkJumpT1):
(JSC::ARMv7Assembler::linkJumpT2):
(JSC::ARMv7Assembler::linkJumpT3):
(JSC::ARMv7Assembler::linkJumpT4):
(JSC::ARMv7Assembler::linkConditionalJumpT4):
(JSC::ARMv7Assembler::linkBX):
(JSC::ARMv7Assembler::linkConditionalBX):
(JSC::ARMv7Assembler::linkJumpAbsolute):

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::link):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::link):

  • jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
(JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted.

  • runtime/Options.cpp:

(JSC::recomputeDependentOptions):

  • runtime/Options.h:

Source/WebCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

Source/WTF:

  • wtf/FeatureDefines.h:
  • wtf/Platform.h:
11:49 AM Changeset in webkit [199298] by Chris Dumez
  • 15 edits
    2 deletes in trunk/Source/WebCore

Merge AttributedDOMTokenList into DOMTokenList
https://bugs.webkit.org/show_bug.cgi?id=156468

Reviewed by Ryosuke Niwa.

Merge AttributedDOMTokenList into DOMTokenList to simplify the code.
DOMTokenList is not constructible and AttributedDOMTokenList is its
only constructible subclass after r196123.

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • dom/Element.cpp:

(WebCore::Element::classList):

  • dom/ElementRareData.h:

(WebCore::ElementRareData::classList):
(WebCore::ElementRareData::setClassList):

  • html/AttributeDOMTokenList.cpp: Removed.
  • html/AttributeDOMTokenList.h: Removed.
  • html/DOMTokenList.cpp:

(WebCore::DOMTokenList::DOMTokenList):
(WebCore::DOMTokenList::attributeValueChanged):
(WebCore::DOMTokenList::updateAfterTokenChange):

  • html/DOMTokenList.h:

(WebCore::DOMTokenList::ref):
(WebCore::DOMTokenList::deref):
(WebCore::DOMTokenList::element):
(WebCore::DOMTokenList::~DOMTokenList): Deleted.
(WebCore::DOMTokenList::updateAfterTokenChange): Deleted.

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::relList):

  • html/HTMLAnchorElement.h:
  • html/HTMLIFrameElement.cpp:

(WebCore::HTMLIFrameElement::sandbox):

  • html/HTMLIFrameElement.h:
  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::sizes):
(WebCore::HTMLLinkElement::relList):

  • html/HTMLLinkElement.h:
  • html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::htmlFor):

  • html/HTMLOutputElement.h:
11:20 AM Changeset in webkit [199297] by fpizlo@apple.com
  • 9 edits in trunk/Source/JavaScriptCore

Clean up how we reason about the states of AccessCases
https://bugs.webkit.org/show_bug.cgi?id=156454

Reviewed by Mark Lam.

Currently when we add an AccessCase to a PolymorphicAccess stub, we regenerate the stub.
That means that as we grow a stub to have N cases, we will do O(N2) generation work. I want
to explore buffering AccessCases so that we can do O(N) generation work instead. But to
before I go there, I want to make sure that the statefulness of AccessCase makes sense. So,
I broke it down into three different states and added assertions about the transitions. I
also broke out a separate operation called AccessCase::commit(), which is the work that
cannot be buffered since there cannot be any JS effects between when the AccessCase was
created and when we do the work in commit().

This opens up a fairly obvious path to buffering AccessCases: add them to the list without
regenerating. Then when we do eventually trigger regeneration, those cases will get cloned
and generated automagically. This patch doesn't implement this technique yet, but gives us
an opportunity to independently test the scaffolding necessary to do it.

This is perf-neutral on lots of tests.

  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationResult::dump):
(JSC::AccessCase::clone):
(JSC::AccessCase::commit):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::dump):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::AccessCase::generateImpl):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):

  • bytecode/PolymorphicAccess.h:

(JSC::AccessCase::type):
(JSC::AccessCase::state):
(JSC::AccessCase::offset):
(JSC::AccessCase::viaProxy):
(JSC::AccessCase::callLinkInfo):

  • bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::addAccessCase):

  • bytecode/Watchpoint.h:
  • dfg/DFGOperations.cpp:
  • jit/Repatch.cpp:

(JSC::repatchGetByID):
(JSC::repatchPutByID):
(JSC::repatchIn):

  • runtime/VM.cpp:

(JSC::VM::dumpRegExpTrace):
(JSC::VM::ensureWatchpointSetForImpureProperty):
(JSC::VM::registerWatchpointForImpureProperty):
(JSC::VM::addImpureProperty):

  • runtime/VM.h:
9:50 AM Changeset in webkit [199296] by Chris Dumez
  • 15 edits in trunk

DOMTokenList.contains() should not throw
https://bugs.webkit.org/show_bug.cgi?id=156453

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Re-sync dom/nodes/Element-classlist.html with upstream @26308720.

  • web-platform-tests/dom/nodes/Element-classlist-expected.txt:
  • web-platform-tests/dom/nodes/Element-classlist.html:

Source/WebCore:

DOMTokenList.contains() should not throw if the input token is invalid:
https://github.com/whatwg/dom/commit/6d3076e3cbcba662489b272a718bc6b8c0082a74

We now return false in such cases, instead of throwing, which should be
safe with regards to backward compatibility.

No new tests, already covered by existing tests.

  • html/DOMTokenList.cpp:

(WebCore::DOMTokenList::contains):

  • html/DOMTokenList.h:
  • html/DOMTokenList.idl:

LayoutTests:

Update existing layout tests now that DOMTokenList.contains() no longer
throws when called with an invalid token.

  • fast/dom/HTMLElement/class-list-expected.txt:
  • fast/dom/HTMLElement/class-list-quirks-expected.txt:
  • fast/dom/HTMLElement/script-tests/class-list.js:

(shouldThrowDOMException): Deleted.

  • fast/dom/HTMLOutputElement/dom-settable-token-list-expected.txt:
  • fast/dom/HTMLOutputElement/script-tests/dom-settable-token-list.js:

(shouldThrowDOMException): Deleted.

  • fast/dom/rel-list-expected.txt:
  • fast/dom/rel-list.html:
9:07 AM WebKitIDL edited by Chris Dumez
Add [ExportMacro] (diff)
8:45 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
8:38 AM Changeset in webkit [199295] by fred.wang@free.fr
  • 15 edits
    2 adds in trunk

Refactor RenderMathMLFraction layout to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153917

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-11
Reviewed by Sergio Villar Senin.

Source/WebCore:

Based on a patch by Alejandro G. Castro <alex@igalia.com>

Implement the layoutBlock method to handle the layout calculations
directly in the class. This also fixes parsing of absolute values for
linethickness attribute (e.g. 10px) and adds support for the AxisHeight
and FractionRuleThickness MATH parameters.

Test: mathml/opentype/fraction-line.html

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::mathLineThickness): Use the thickness relative to the
default line thickness since that's really what is expected by mathml-line-fraction.html

  • css/mathml.css: Remove flexbox properties for mfrac.

(mfrac): Deleted.
(mfrac > *): Deleted.
(mfrac[numalign="left"] > :first-child): Deleted.
(mfrac[numalign="right"] > :first-child): Deleted.
(mfrac[denomalign="left"] > :last-child): Deleted.
(mfrac[denomalign="right"] > :last-child): Deleted.
(mfrac > :first-child): Deleted.
(mfrac > :last-child): Deleted.
(mfrac): Deleted.

  • rendering/mathml/RenderMathMLBlock.cpp: Introduce a helper function to retrieve the math

axis height.
(WebCore::RenderMathMLBlock::mathAxisHeight):

  • rendering/mathml/RenderMathMLBlock.h: Declare mathAxisHeight.
  • rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::RenderMathMLFraction):
(WebCore::RenderMathMLFraction::parseAlignmentAttribute): Helper function to parse the align
attribute.
(WebCore::RenderMathMLFraction::isValid): Helper function to verify whether the child list
is valid with respect to the MathML specificitation.
(WebCore::RenderMathMLFraction::numerator): Helper function to retrieve the numerator.
(WebCore::RenderMathMLFraction::denominator): Helper function to retrieve the denominator.
(WebCore::RenderMathMLFraction::updateFromElement): Use the FractionRuleThickness parameter
when avaiable to calculate the default linethickness.
Fix computation of linethickness for absolute values (e.g. 10px), the default linethickness
must not be involved for such values.
We no longer need to manage style of anonymous wrappers.
(WebCore::RenderMathMLFraction::unembellishedOperator): Use the helper function and we no
longer care about anonymous wrappers.
(WebCore::RenderMathMLFraction::computePreferredLogicalWidths): Implement this function
without using flexbox.
(WebCore::RenderMathMLFraction::horizontalOffset): Helper function to get the horizontal
offsets of children depending of the alignment.
(WebCore::RenderMathMLFraction::layoutBlock): Implement this function without using flexbox.
(WebCore::RenderMathMLFraction::paint): Do not paint if the fraction is invalid. Use helper
function. Use the width of the renderer (instead of the one of the denominator) as the
length of the fraction bar.
(WebCore::RenderMathMLFraction::firstLineBaseline): Use the helper functions to get children
and axis height.
(WebCore::RenderMathMLFraction::paintChildren): Temporary function to remove in a
follow-up patch.
(WebCore::RenderMathMLFraction::fixChildStyle): Deleted. We no longer need to manage style
of anonymous wrappers.
(WebCore::RenderMathMLFraction::addChild): Deleted. We no longer need to manage
anonymous wrappers.
(WebCore::RenderMathMLFraction::styleDidChange): We no longer need to manage style of
anonymous wrappers.
(WebCore::RenderMathMLFraction::layout): Deleted.

  • rendering/mathml/RenderMathMLFraction.h: Replace lineThickness with relativeLineThickness,

as needed by the accessibility code. Update function and members declarations.

LayoutTests:

  • TestExpectations: No longer skip mathml/presentation/fractions-positions.html
  • mathml/opentype/fraction-line-expected.html: Added. New test to verify AxisHeight and

FractionRuleThickness parameters.

  • mathml/opentype/fraction-line.html: Added. New test to verify axis height and rule

thickness parameters.

  • mathml/presentation/fractions-linethickness-expected.html: Adjust the test to be sure that

the default rule thickness is 1px.

  • mathml/presentation/fractions-linethickness.html: Adjust the test to be sure that the

default rule thickness is 1px.

  • platform/gtk/mathml/presentation/roots-expected.txt: Update reference to take into account

changes in the render tree.

  • platform/ios-simulator/mathml/presentation/roots-expected.txt: Ditto
  • platform/mac/TestExpectations: Mark fraction-line and fractions-linethickness as

possibly failing since these tests require Latin Modern Math to work reliably.

  • platform/ios-simulator/TestExpectations: Ditto
5:46 AM Changeset in webkit [199294] by commit-queue@webkit.org
  • 25 edits
    1 copy
    2 deletes in trunk

Unreviewed, rolling out r199290.
https://bugs.webkit.org/show_bug.cgi?id=156465

broke 300 tests (Requested by mcatanzaro on #webkit).

Reverted changeset:

"Merge CG ImageSource and non CG ImageSource implementation in
one file"
https://bugs.webkit.org/show_bug.cgi?id=155456
http://trac.webkit.org/changeset/199290

5:12 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
5:11 AM Changeset in webkit [199293] by fred.wang@free.fr
  • 13 edits
    2 adds in trunk

Refactor RenderMathMLUnderOver layout functions to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153742

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-11
Reviewed by Sergio Villar Senin.

Source/WebCore:

Based on a patch by Javier Fernandez <jfernandez@igalia.com>

Refactor the UnderOver renderer to use its own layoutBlock method that
does all the layout calculations without considering the flexbox
restrictions.

  • css/mathml.css:

(mo, mfrac, munder, mover, munderover): Delete the underover elements from the line defining
the column direction.
(munder, mover, munderover): Deleted. This flexbox property is no longer needed.
(mover > :last-child, munderover > :last-child): Deleted. This flexbox property is no longer
needed.

  • rendering/mathml/RenderMathMLUnderOver.cpp:

(WebCore::RenderMathMLUnderOver::firstLineBaseline): Use ascentForChild.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Avoid stretching
operators that are not stretchy.
(WebCore::RenderMathMLUnderOver::isValid): Helper function to ensure that the child list is
valid with respect to the MathML specification.
(WebCore::RenderMathMLUnderOver::base): Added. Helper function.
(WebCore::RenderMathMLUnderOver::under): Added. Helper function.
(WebCore::RenderMathMLUnderOver::over): Added. Helper function.
(WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): Added.
The preferred width is the maximum preferred width of the base, under and over scripts.
(WebCore::RenderMathMLUnderOver::horizontalOffset): Added, helper to calculate the
horizontal position of children (horizontally centered).
(WebCore::RenderMathMLUnderOver::layoutBlock): Added, it lays out the base, underscript and
overscript. It calculates the exact logical width, which may differ from the preferred width when
one child contains stretchy operators. It later sets the locations of children accordingly
and sets the heigth of the render element.
(WebCore::RenderMathMLUnderOver::paintChildren): Added, we have to use the usual traverse
instead of the one that comes from the flexbox. This will be removed in a follow-up patch.
(WebCore::RenderMathMLUnderOver::layout): Deleted.

  • rendering/mathml/RenderMathMLUnderOver.h: Added new functions definitions.

LayoutTests:

Apply some small adjustments to the expectations of MathML tests after
the refactoring of RenderMathMLUnderOver. We also add a test for
non-stretchy horizontal operators in underover.

  • platform/gtk/mathml/opentype/horizontal-expected.png:
  • platform/gtk/mathml/opentype/horizontal-expected.txt:
  • platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.png:
  • platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
  • platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.png:
  • platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
  • mathml/mn-as-list-item-assert.html: Move the test description out of the invalid munderover

so that it is still displayed.

  • mathml/mn-as-list-item-assert-expected.txt: Update the text expectation.
  • mathml/presentation/underover-nonstretchy-horizontal.html: Ensure that nonstretchy horizontal operators are not stretched in munderover.
  • mathml/presentation/underover-nonstretchy-horizontal-expected.html: Ditto.
3:59 AM Changeset in webkit [199292] by Carlos Garcia Campos
  • 7 edits
    3 adds in trunk

[GTK] Rework the theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156333

Reviewed by Michael Catanzaro.

.:

Add a manual test to check how themed elements are rendered.

  • ManualTests/gtk/theme.html: Added.

Source/WebCore:

During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
Adwaita uses them like we currently do.
This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
ifdef blocks in the functions, and we ensure we don't break previous rendering.

  • PlatformGTK.cmake: Add new files to compilation.
  • html/shadow/SpinButtonElement.cpp:

(WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
current buttons state.

  • platform/gtk/RenderThemeGadget.cpp: Added.

(WebCore::RenderThemeGadget::create):
(WebCore::createStyleContext):
(WebCore::appendElementToPath):
(WebCore::RenderThemeGadget::RenderThemeGadget):
(WebCore::RenderThemeGadget::~RenderThemeGadget):
(WebCore::RenderThemeGadget::marginBox):
(WebCore::RenderThemeGadget::borderBox):
(WebCore::RenderThemeGadget::paddingBox):
(WebCore::RenderThemeGadget::contentsBox):
(WebCore::RenderThemeGadget::color):
(WebCore::RenderThemeGadget::backgroundColor):
(WebCore::RenderThemeGadget::minimumSize):
(WebCore::RenderThemeGadget::preferredSize):
(WebCore::RenderThemeGadget::render):
(WebCore::RenderThemeGadget::renderFocus):
(WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
(WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
(WebCore::RenderThemeTextFieldGadget::minimumSize):
(WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
(WebCore::RenderThemeToggleGadget::render):
(WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
(WebCore::RenderThemeArrowGadget::render):
(WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
(WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
(WebCore::RenderThemeIconGadget::render):
(WebCore::RenderThemeIconGadget::minimumSize):

  • platform/gtk/RenderThemeGadget.h: Added.

(WebCore::RenderThemeGadget::context):

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
buttons.

  • rendering/RenderThemeGtk.cpp:

(WebCore::themeChangedCallback): Just moved this code to a common place.
(WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
(WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
(WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
(WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
(WebCore::setToggleSize):
(WebCore::paintToggle):
(WebCore::RenderThemeGtk::paintButton):
(WebCore::RenderThemeGtk::popupInternalPaddingBox):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
so if the text field is for a spin button, we adjust the desired size here.
(WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
different, so we check here if this is the entry of a spin button to use the right gadgets.
(WebCore::adjustSearchFieldIconStyle):
(WebCore::RenderThemeGtk::paintTextArea):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
(WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
(WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
(WebCore::paintSearchFieldIcon):
(WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
(WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
(WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::RenderThemeGtk::paintSliderTrack):
(WebCore::RenderThemeGtk::adjustSliderThumbSize):
(WebCore::RenderThemeGtk::paintSliderThumb):
(WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
(WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
(WebCore::RenderThemeGtk::paintInnerSpinButton):
(WebCore::styleColor):
(WebCore::RenderThemeGtk::paintMediaButton):

  • rendering/RenderThemeGtk.h:
2:13 AM Changeset in webkit [199291] by Antti Koivisto
  • 13 edits in trunk

Implement functional :host() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=156397
<rdar://problem/25621445>

Reviewed by Darin Adler.

Source/WebCore:

We already support :host. Add functional syntax too.

  • css/CSSGrammar.y.in:

Parse functional :host().

  • css/CSSParser.cpp:

(WebCore::CSSParser::detectFunctionTypeToken):

  • css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):

  • css/CSSParserValues.h:
  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchedRuleList):
(WebCore::ElementRuleCollector::addMatchedRule):

Factor some shared code here.

(WebCore::ElementRuleCollector::matchHostPseudoClassRules):

Instead of using the generic paths use a :host specific code path for matching.
This makes it easier to avoid :host matching when it shouldn't.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):

  • css/ElementRuleCollector.h:
  • css/RuleSet.cpp:

(WebCore::computeMatchBasedOnRuleHash):

:host is always handled by the special matching path.

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::match):
(WebCore::SelectorChecker::matchHostPseudoClass):

Add a function specifically for checking :host. In always fails on the normal code paths.
Check the argument selector if provided.

(WebCore::hasScrollbarPseudoElement):

  • css/SelectorChecker.h:

LayoutTests:

Enable, fix and expand the test.

  • fast/shadow-dom/css-scoping-shadow-host-functional-rule.html:
  • platform/mac/TestExpectations:
12:30 AM MathML edited by fred.wang@free.fr
Update Bugzilla links (diff)
12:29 AM Changeset in webkit [199290] by commit-queue@webkit.org
  • 25 edits
    2 adds
    1 delete in trunk

Merge CG ImageSource and non CG ImageSource implementation in one file
https://bugs.webkit.org/show_bug.cgi?id=155456

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-11
Reviewed by Darin Adler.
Source/WebCore:

ImageSource for CG and CG code paths look very similar. All the platform
specific code can be moved to ImageDecoder classes for CG and non CG. And
we can have the ImageSource be platform independent and we get rid of
ImageSourceCG.cpp.

Test: fast/images/image-subsampling.html

  • CMakeLists.txt:
  • PlatformAppleWin.cmake:
  • PlatformMac.cmake:
  • WebCore.xcodeproj/project.pbxproj:

Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
CMakeLists.txt.

  • platform/Cursor.cpp:

(WebCore::determineHotSpot):

  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::hotSpot):
(WebCore::BitmapImage::getHotSpot): Deleted.

  • platform/graphics/BitmapImage.h:
  • platform/graphics/Image.h:

(WebCore::Image::hotSpot):
(WebCore::Image::getHotSpot): Deleted.
Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.

  • platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
(WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
(WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.

(WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
The value of const static int CG ImageDecoder::m_maxNumPixels will be set
based on IMAGE_DECODER_DOWN_SAMPLING.

(WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.

(WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
subsampling level allowed for an image.

(WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
a particular image.

(WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
of encoded bytes which can determine the image properties. For non CG it's
zero. For CG it is a maximum value which can be corrected later.

(WebCore::ImageSource::isSizeAvailable):
(WebCore::ImageSource::sizeRespectingOrientation):
(WebCore::ImageSource::frameCount):
(WebCore::ImageSource::repetitionCount):
(WebCore::ImageSource::filenameExtension):
(WebCore::ImageSource::getHotSpot):
(WebCore::ImageSource::frameIsCompleteAtIndex):
(WebCore::ImageSource::frameHasAlphaAtIndex):
(WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageSource::frameSizeAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):
(WebCore::ImageSource::frameDurationAtIndex):
(WebCore::ImageSource::orientationAtIndex):
(WebCore::ImageSource::createFrameImageAtIndex):
These are wrappers for the ImageDecoder APIs. The purpose of these functions
is to ensure the ImageDecoder is created.

(WebCore::ImageSource::dump): Called from BitmapImage::dump().

(WebCore::ImageSource::getHotSpot): Deleted.

  • platform/graphics/ImageSource.h:

(WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().

(WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
(WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.

  • platform/graphics/cg/ImageDecoderCG.cpp:

(WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

(WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
The code was moved to ImageSource::subsamplingLevelForScale().

  • platform/graphics/cg/ImageDecoderCG.h:

(WebCore::ImageDecoder::create): Make the prototype of this function
suitable for CG and non CG cases.
(WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.

  • platform/graphics/cg/ImageSourceCG.cpp: Removed.
  • platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
whether the frame decoding is complete or not.

(WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.

(WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
ImageSource::frameDurationAtIndex() in ImageSource.cpp.

(WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
ImageSource::createFrameImageAtIndex() in ImageSource.cpp.

  • platform/image-decoders/ImageDecoder.h:

(WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
(WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
(WebCore::ImageDecoder::setData): Change the type of the argument from
SharedBuffer* to SharedBuffer&.
(WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
so it can have the same prototype as CG.
(WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.

(WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
(WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
and return the default values so we do not have to add directive compiled
non CG blocks in ImageSource.cpp.

(WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.

(WebCore::ImageDecoder::orientation): Deleted.
(WebCore::ImageDecoder::setMaxNumPixels): Deleted.

  • platform/image-decoders/bmp/BMPImageDecoder.cpp:

(WebCore::BMPImageDecoder::setData):

  • platform/image-decoders/bmp/BMPImageDecoder.h:
  • platform/image-decoders/gif/GIFImageDecoder.cpp:

(WebCore::GIFImageDecoder::setData):
(WebCore::GIFImageDecoder::decode):

  • platform/image-decoders/gif/GIFImageDecoder.h:
  • platform/image-decoders/gif/GIFImageReader.h:

(GIFImageReader::setData):

  • platform/image-decoders/ico/ICOImageDecoder.cpp:

(WebCore::ICOImageDecoder::setData):
Use reference SharedBuffer instead of pointer SharedBuffer.

(WebCore::ICOImageDecoder::hotSpot):
(WebCore::ICOImageDecoder::hotSpotAtIndex):
Change hotSpot() to return Optional<IntPoint>.

  • platform/image-decoders/ico/ICOImageDecoder.h:

(WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
Pass reference SharedBuffer instead of pointer SharedBuffer.

Source/WebKit2:

  • UIProcess/API/efl/EwkView.cpp:

(EwkView::setCursor):
Replace the call to Image::getHotSpot() by Image::hotSpot().

LayoutTests:

Add a test for image sub-sampling. The image subsampling is enabled by
default for iOS platform only. But it can be explicitly enabled through
the setting ImageSubsamplingEnabled.

  • fast/images/image-subsampling-expected.html: Added.
  • fast/images/image-subsampling.html: Added.
12:28 AM Changeset in webkit [199289] by commit-queue@webkit.org
  • 28 edits in trunk

[CMake] Make FOLDER property INHERITED
https://bugs.webkit.org/show_bug.cgi?id=156460

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-04-11
Reviewed by Brent Fulgham.

.:

Some CMake targets are not setting the FOLDER property. This causes the
generated projects to be displayed in the top-level folder of the solution.

Making the FOLDER property INHERITED ensures that all the targets
are placed in their proper directories.

  • Source/cmake/OptionsCommon.cmake:

Define FOLDER property as a inherited property.

  • Source/cmake/WebKitMacros.cmake:

Do not set FOLDER target property.

Source/bmalloc:

  • CMakeLists.txt:

Set FOLDER property as a directory property not a target property

Source/JavaScriptCore:

  • CMakeLists.txt:
  • shell/CMakeLists.txt:
  • shell/PlatformWin.cmake:

Set FOLDER property as a directory property not a target property

Source/ThirdParty/ANGLE:

  • CMakeLists.txt:

Set FOLDER property as a directory property not a target property

Source/WebCore:

  • CMakeLists.txt:

Set FOLDER property as a directory property not a target property

Source/WebKit:

  • CMakeLists.txt:
  • PlatformWin.cmake:

Set FOLDER property as a directory property not a target property

Source/WebKit2:

  • CMakeLists.txt:

Set FOLDER property as a directory property not a target property

Source/WTF:

  • CMakeLists.txt:

Set FOLDER directory property

Tools:

  • CMakeLists.txt:
  • DumpRenderTree/CMakeLists.txt:
  • DumpRenderTree/PlatformWin.cmake:
  • ImageDiff/CMakeLists.txt:
  • MiniBrowser/efl/CMakeLists.txt:
  • MiniBrowser/gtk/CMakeLists.txt:
  • MiniBrowser/win/CMakeLists.txt:

Set FOLDER property as a directory property not a target property

12:22 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)

Apr 10, 2016:

5:10 PM Changeset in webkit [199288] by commit-queue@webkit.org
  • 3 edits in trunk/Tools

[Tools] correctly check for braces in multiline branches in macro definition
https://bugs.webkit.org/show_bug.cgi?id=156441

Patch by Caitlin Potter <caitp@igalia.com> on 2016-04-10
Reviewed by Darin Adler.

Prevents emitting whitespace/braces warning for code like the
following:

`
#define MACRO(x) \

if (x) { \

doTheThing(); \
continue; \

}

`

  • Scripts/webkitpy/style/checkers/cpp.py:

(check_braces):

  • Scripts/webkitpy/style/checkers/cpp_unittest.py:

(WebKitStyleTest.test_line_breaking):

12:04 PM Changeset in webkit [199287] by weinig@apple.com
  • 2 edits in trunk/Source/WebCore

Fix the build.

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

11:48 AM Changeset in webkit [199286] by weinig@apple.com
  • 39 edits in trunk/Source

Remove support for custom target picker actions
<rdar://problem/24987783>
https://bugs.webkit.org/show_bug.cgi?id=156434

Reviewed by Eric Carlson.

This mostly entailed rolling out r197429 and r197569.

Source/WebCore:

  • Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::WebMediaSessionManager::removeAllPlaybackTargetPickerClients):
(WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
(WebCore::WebMediaSessionManager::clientStateDidChange):
(WebCore::WebMediaSessionManager::externalOutputDeviceAvailableDidChange):
(WebCore::WebMediaSessionManager::configureNewClients):
(WebCore::WebMediaSessionManager::customPlaybackActionSelected): Deleted.

  • Modules/mediasession/WebMediaSessionManager.h:
  • Modules/mediasession/WebMediaSessionManagerClient.h:
  • dom/Document.cpp:

(WebCore::Document::removePlaybackTargetPickerClient):
(WebCore::Document::showPlaybackTargetPicker):
(WebCore::Document::playbackTargetPickerClientStateDidChange):
(WebCore::Document::setShouldPlayToPlaybackTarget):
(WebCore::Document::customPlaybackActionSelected): Deleted.

  • dom/Document.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent):
(WebCore::HTMLMediaElement::setShouldPlayToPlaybackTarget):
(WebCore::HTMLMediaElement::webkitCurrentPlaybackTargetIsWireless):
(WebCore::HTMLMediaElement::customPlaybackActionSelected): Deleted.
(WebCore::HTMLMediaElement::playbackTargetPickerCustomActionName): Deleted.

  • html/HTMLMediaElement.h:
  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::showPlaybackTargetPicker):
(WebCore::MediaElementSession::hasWirelessPlaybackTargets):
(WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
(WebCore::MediaElementSession::mediaStateDidChange):
(WebCore::MediaElementSession::customPlaybackActionSelected): Deleted.

  • html/MediaElementSession.h:
  • page/ChromeClient.h:
  • page/Page.cpp:

(WebCore::Page::removePlaybackTargetPickerClient):
(WebCore::Page::showPlaybackTargetPicker):
(WebCore::Page::setShouldPlayToPlaybackTarget):
(WebCore::Page::ensureTestTrigger):
(WebCore::Page::customPlaybackActionSelected): Deleted.

  • page/Page.h:

(WebCore::Page::testTrigger):

  • platform/audio/PlatformMediaSession.h:

(WebCore::PlatformMediaSessionClient::canPlayToWirelessPlaybackTarget):
(WebCore::PlatformMediaSessionClient::isPlayingToWirelessPlaybackTarget):
(WebCore::PlatformMediaSessionClient::setShouldPlayToPlaybackTarget):
(WebCore::PlatformMediaSessionClient::customPlaybackActionSelected): Deleted.

  • platform/graphics/MediaPlaybackTargetClient.h:
  • platform/graphics/MediaPlaybackTargetPicker.cpp:

(WebCore::MediaPlaybackTargetPicker::pendingActionTimerFired):
(WebCore::MediaPlaybackTargetPicker::addPendingAction):
(WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker):

  • platform/graphics/MediaPlaybackTargetPicker.h:

(WebCore::MediaPlaybackTargetPicker::availableDevicesDidChange):
(WebCore::MediaPlaybackTargetPicker::currentDeviceDidChange):
(WebCore::MediaPlaybackTargetPicker::Client::customPlaybackActionSelected): Deleted.
(WebCore::MediaPlaybackTargetPicker::customPlaybackActionSelected): Deleted.

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::devicePicker):
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

  • platform/mac/WebVideoFullscreenInterfaceMac.h:
  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(WebCore::WebVideoFullscreenInterfaceMac::preparedToReturnToInline):
(WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
(WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Deleted.

  • platform/mock/MediaPlaybackTargetPickerMock.cpp:

(WebCore::MediaPlaybackTargetPickerMock::timerFired):
(WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):

  • platform/mock/MediaPlaybackTargetPickerMock.h:
  • platform/spi/cocoa/AVKitSPI.h:

Source/WebKit/mac:

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::removePlaybackTargetPickerClient):
(WebChromeClient::showPlaybackTargetPicker):

  • WebView/WebMediaPlaybackTargetPicker.h:
  • WebView/WebMediaPlaybackTargetPicker.mm:

(WebMediaPlaybackTargetPicker::removePlaybackTargetPickerClient):
(WebMediaPlaybackTargetPicker::showPlaybackTargetPicker):
(WebMediaPlaybackTargetPicker::playbackTargetPickerClientStateDidChange):
(WebMediaPlaybackTargetPicker::setShouldPlayToPlaybackTarget):
(WebMediaPlaybackTargetPicker::invalidate):
(WebMediaPlaybackTargetPicker::customPlaybackActionSelected): Deleted.

  • WebView/WebView.mm:

(-[WebView _showPlaybackTargetPicker:location:hasVideo:]):
(-[WebView _playbackTargetPickerClientStateDidChange:state:]):

Source/WebKit2:

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::removePlaybackTargetPickerClient):
(WebKit::WebPageProxy::showPlaybackTargetPicker):
(WebKit::WebPageProxy::playbackTargetPickerClientStateDidChange):
(WebKit::WebPageProxy::setShouldPlayToPlaybackTarget):
(WebKit::WebPageProxy::didChangeBackgroundColor):
(WebKit::WebPageProxy::customPlaybackActionSelected): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::removePlaybackTargetPickerClient):
(WebKit::WebChromeClient::showPlaybackTargetPicker):
(WebKit::WebChromeClient::playbackTargetPickerClientStateDidChange):

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::setShouldPlayToPlaybackTarget):
(WebKit::WebPage::customPlaybackActionSelected): Deleted.

3:14 AM Changeset in webkit [199285] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.4.11

WebKitGTK+ 2.4.11

3:14 AM Changeset in webkit [199284] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.4

Unreviewed. Update NEWS and Versions.m4 for 2.4.11 release.

.:

  • Source/autotools/Versions.m4: Bump version numbers.

Source/WebKit/gtk:

  • NEWS: Added release notes for 2.4.11.
1:53 AM Changeset in webkit [199283] by Carlos Garcia Campos
  • 2 adds in releases/WebKitGTK/webkit-2.4/Source/WebCore/platform/gtk/po

Translation updates: Chinese, Japanese

12:50 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos
(diff)
12:49 AM Changeset in webkit [199282] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r165044 - REGRESSION(r164856): Use after free in WebCore::QualifiedName::operator== / WebCore::StyledElement::attributeChanged
https://bugs.webkit.org/show_bug.cgi?id=129550

Reviewed by Andreas Kling.

Source/WebCore:

We can't store a reference to QualifiedName here because ensureUniqueElementData could delete QualifiedName inside Attribute.

Test: fast/dom/uniquing-attributes-via-setAttribute.html

  • dom/Element.cpp:

(WebCore::Element::setAttributeInternal):

LayoutTests:

Added a regression test.

  • fast/dom/uniquing-attributes-via-setAttribute-expected.txt: Added.
  • fast/dom/uniquing-attributes-via-setAttribute.html: Added.
12:45 AM Changeset in webkit [199281] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r166233 - [ARM64] GNU assembler fails in TransformationMatrix::multiply
https://bugs.webkit.org/show_bug.cgi?id=130454

Reviewed by Zoltan Herczeg.

Change the NEON intstructions to the proper style.

  • platform/graphics/transforms/TransformationMatrix.cpp:

(WebCore::TransformationMatrix::multiply):

12:45 AM Changeset in webkit [199280] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

Merge r166234 - [ARM64] GCC generates wrong code with -O2 flag in WTF::weakCompareAndSwap
https://bugs.webkit.org/show_bug.cgi?id=130500

Reviewed by Filip Pizlo.

Set the first operand to the exact register in the inline assembly with GCC.

  • wtf/Atomics.h:

(WTF::weakCompareAndSwap):

Apr 9, 2016:

8:38 PM Changeset in webkit [199279] by keith_miller@apple.com
  • 21 edits in trunk/Source/JavaScriptCore

tryGetById should be supported by the DFG/FTL
https://bugs.webkit.org/show_bug.cgi?id=156378

Reviewed by Filip Pizlo.

This patch adds support for tryGetById in the DFG/FTL. It adds a new DFG node
TryGetById, which acts similarly to the normal GetById DFG node. One key
difference between GetById and TryGetById is that in the LLInt and Baseline
we do not profile the result type. This profiling is unnessary for the current
use case of tryGetById, which is expected to be a strict equality comparision
against a specific object or undefined. In either case other DFG optimizations
will make this equally fast with or without the profiling information.

Additionally, this patch adds new reuse modes for JSValueRegsTemporary that take
an operand and attempt to reuse the registers for that operand if they are free
after the current DFG node.

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasIdentifier):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileTryGetById):
(JSC::DFG::JSValueRegsTemporary::JSValueRegsTemporary):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::GPRTemporary::operator=):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetById):
(JSC::FTL::DFG::LowerDFGToB3::getById):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • tests/stress/try-get-by-id.js:

(tryGetByIdTextStrict):
(get let):
(let.get createBuiltin):
(get throw):
(getCaller.obj.1.throw.new.Error): Deleted.

6:46 PM Changeset in webkit [199278] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fixed compilation of JPEGImageDecoder with libjpeg v9.
https://bugs.webkit.org/show_bug.cgi?id=156445

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-04-09
Reviewed by Michael Catanzaro.

ICU defines TRUE and FALSE macros, breaking libjpeg v9 headers.

No new tests needed.

  • platform/image-decoders/jpeg/JPEGImageDecoder.h:
5:26 PM Changeset in webkit [199277] by sbarati@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Allocation sinking SSA Defs are allowed to have replacements
https://bugs.webkit.org/show_bug.cgi?id=156444

Reviewed by Filip Pizlo.

Consider the following program and the annotations that explain why
the SSA defs we create in allocation sinking can have replacements.

function foo(a1) {

let o1 = {x: 20, y: 50};
let o2 = {y: 40, o1: o1};
let o3 = {};


We're Defing a new variable here, call it o3_field.
o3_field is defing the value that is the result of
a GetByOffset that gets eliminated through allocation sinking.
o3.field = o1.y;


dontCSE();


This control flow is here to not allow the phase to consult
its local SSA mapping (which properly handles replacements)
for the value of o3_field.
if (a1) {

a1 = true;

} else {

a1 = false;

}


Here, we ask for the reaching def of o3_field, and assert
it doesn't have a replacement. It does have a replacement
though. The original Def was the GetByOffset. We replaced
that GetByOffset with the value of the o1_y variable.
let value = o3.field;
assert(value === 50);

}

  • dfg/DFGObjectAllocationSinkingPhase.cpp:
  • tests/stress/allocation-sinking-defs-may-have-replacements.js: Added.

(dontCSE):
(assert):
(foo):

1:54 PM Changeset in webkit [199276] by commit-queue@webkit.org
  • 9 edits in trunk/Source

Unreviewed, rolling out r199242.
https://bugs.webkit.org/show_bug.cgi?id=156442

Caused many many leaks (Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: get rid of InspectorBasicValue and
InspectorString subclasses"
https://bugs.webkit.org/show_bug.cgi?id=156407
http://trac.webkit.org/changeset/199242

1:41 PM Changeset in webkit [199275] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Debug JSC test failure: stress/multi-put-by-offset-reallocation-butterfly-cse.js.ftl-no-cjit-small-pool
https://bugs.webkit.org/show_bug.cgi?id=156406

Reviewed by Saam Barati.

The failure was because the GC ran from within the butterfly allocation call in a put_by_id
transition AccessCase that had to deal with indexing storage. When the GC runs in a call from a stub,
then we need to be extra careful:

1) The GC may reset the IC and delete the stub. So, the stub needs to tell the GC that it might be on

the stack during GC, so that the GC keeps it alive if it's currently running.


2) If the stub uses (dereferences or stores) some object after the call, then we need to ensure that

the stub routine knows about that object independently of the IC.


In the case of put_by_id transitions that use a helper to allocate the butterfly, we have both
issues. A long time ago, we had to deal with (2), and we still had code to handle that case, although
it appears to be dead. This change revives that code and glues it together with PolymorphicAccess.

  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::alternateBase):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::couldStillSucceed):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::regenerate):

  • bytecode/PolymorphicAccess.h:

(JSC::AccessCase::customSlotBase):
(JSC::AccessCase::isGetter):
(JSC::AccessCase::doesCalls): Deleted.

  • jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::~MarkingGCAwareJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::markRequiredObjectsInternal):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::createJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject): Deleted.
(JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject): Deleted.
(JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal): Deleted.

  • jit/GCAwareJITStubRoutine.h:

(JSC::createJITStubRoutine):

1:13 PM Changeset in webkit [199274] by commit-queue@webkit.org
  • 13 edits in trunk

Unreviewed, rolling out r199268.
https://bugs.webkit.org/show_bug.cgi?id=156440

Broke Windows build (Requested by ap on #webkit).

Reverted changeset:

"Implement functional :host() pseudo class"
https://bugs.webkit.org/show_bug.cgi?id=156397
http://trac.webkit.org/changeset/199268

11:16 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
11:16 AM Changeset in webkit [199273] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Update another GStreamer test expectation

Unreviewed.

  • platform/gtk/TestExpectations:
11:11 AM Changeset in webkit [199272] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Update some more IndexedDB test expectations.

Unreviewed.

  • platform/gtk/TestExpectations:
10:59 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
10:58 AM Changeset in webkit [199271] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Remove failure expectation from storage/indexeddb/connection-leak.html

It's skipped in the global TestExpectations, see bug #152643.

  • platform/gtk/TestExpectations:
10:45 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
10:38 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
10:37 AM WebKitGTK/Gardening/Calendar edited by Michael Catanzaro
(diff)
10:29 AM Changeset in webkit [199270] by Michael Catanzaro
  • 2 edits in trunk/LayoutTests

[GTK] Gardening unexpected passes and IndexedDB tests.

Unreviewed gardening.

  • platform/gtk/TestExpectations:
12:40 AM Changeset in webkit [199269] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Build fix. Don't treat a build number 0 as a pending build.

  • tools/js/buildbot-syncer.js:

(BuildbotBuildEntry.prototype.isPending):

12:38 AM Changeset in webkit [199268] by Antti Koivisto
  • 13 edits in trunk

Implement functional :host() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=156397
<rdar://problem/25621445>

Reviewed by Darin Adler.

Source/WebCore:

We already support :host. Add functional syntax too.

  • css/CSSGrammar.y.in:

Parse functional :host().

  • css/CSSParser.cpp:

(WebCore::CSSParser::detectFunctionTypeToken):

  • css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):

  • css/CSSParserValues.h:
  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchedRuleList):
(WebCore::ElementRuleCollector::addMatchedRule):

Factor some shared code here.

(WebCore::ElementRuleCollector::matchHostPseudoClassRules):

Instead of using the generic paths use a :host specific code path for matching.
This makes it easier to avoid :host matching when it shouldn't.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):

  • css/ElementRuleCollector.h:
  • css/RuleSet.cpp:

(WebCore::computeMatchBasedOnRuleHash):

:host is always handled by the special matching path.

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::match):
(WebCore::SelectorChecker::matchHostPseudoClass):

Add a function specifically for checking :host. In always fails on the normal code paths.
Check the argument selector if provided.

(WebCore::hasScrollbarPseudoElement):

  • css/SelectorChecker.h:

LayoutTests:

Enable, fix and expand the test.

  • fast/shadow-dom/css-scoping-shadow-host-functional-rule.html:
  • platform/mac/TestExpectations:
Note: See TracTimeline for information about the timeline view.