Timeline



Jun 17, 2016:

10:53 PM Changeset in webkit [202197] by benjamin@webkit.org
  • 21 edits
    8 adds
    1 delete in trunk

:indeterminate pseudo-class should match radios whose group has no checked radio
https://bugs.webkit.org/show_bug.cgi?id=156270

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

  • web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-expected.txt:

One more pass on official tests :)

Source/WebCore:

The pseudo-class ":indeterminate" is supposed to match radio buttons
for which the entire group has no checked button.
Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate

The change is straightforward with one non-obvious choice:
I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().

The reason is shouldAppearIndeterminate() is used for styling and AX of elements
with an indeterminate states (check boxes and progress element). There is no such
UI for radio boxes.
I could have extended shouldAppearIndeterminate() to radio box
then filter out this case in RenderTheme. The problem is doing that would also requires
changes to the repaint logic to match :indeterminate. It seemed overkill to me to
change repaint() for a case that is never used in practice.

Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html

fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html

  • css/SelectorCheckerTestFunctions.h:

(WebCore::shouldAppearIndeterminate):

  • dom/Element.cpp:

(WebCore::Element::matchesIndeterminatePseudoClass):

  • dom/Element.h:
  • dom/RadioButtonGroups.cpp:

(WebCore::RadioButtonGroup::setCheckedButton):
(WebCore::RadioButtonGroup::updateCheckedState):
(WebCore::RadioButtonGroup::remove):
(WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
(WebCore::RadioButtonGroups::hasCheckedButton):

  • dom/RadioButtonGroups.h:
  • html/CheckboxInputType.cpp:

(WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
(WebCore::CheckboxInputType::shouldAppearIndeterminate):
(WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.

  • html/CheckboxInputType.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::setChecked):
(WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
(WebCore::HTMLInputElement::shouldAppearIndeterminate):
(WebCore::HTMLInputElement::radioButtonGroups):

  • html/HTMLInputElement.h:
  • html/InputType.cpp:

(WebCore::InputType::matchesIndeterminatePseudoClass):
(WebCore::InputType::shouldAppearIndeterminate):
(WebCore::InputType::supportsIndeterminateAppearance): Deleted.

  • html/InputType.h:
  • html/RadioInputType.cpp:

(WebCore::RadioInputType::matchesIndeterminatePseudoClass):
(WebCore::RadioInputType::willDispatchClick): Deleted.
(WebCore::RadioInputType::didDispatchClick): Deleted.
(WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
The iOS specific code is just plain wrong.
It was changing the indeterminate state of the input element.
The spec clearly says that state is only used by checkbox:
https://html.spec.whatwg.org/#dom-input-indeterminate

Moreover, the style update would not change the indeterminate state
of other buttons in the Button Group, which is just bizarre.
RenderThemeIOS does not make use of any of this with the current style.

  • html/RadioInputType.h:
  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::canShareStyleWithElement):
(WebCore::Style::canShareStyleWithControl): Deleted.
(WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
Style sharing is unified behind the selector matching which is neat.

LayoutTests:

There are two important aspect to cover for this change:
1) The style is updated correctly when a Button Group composition change.
2) When the checkness changes for a Button Group, all its elements

are invalidated to match :indeterminate.

  • fast/forms/radio/indeterminate-radio.html:

This test was verifying that the property "indeterminate" of the input element
is not reflected to the style through :indeterminate.
I updated the test to still verify that except that we now match :indeterminate
before changing the property.

  • fast/css/pseudo-indeterminate-radio-buttons-basics-expected.html: Added.
  • fast/css/pseudo-indeterminate-radio-buttons-basics.html: Added.
  • fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation-expected.txt: Added.
  • fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html: Added.

Verify that we don't invalidate everything when the checked button changes.
We only need to invalidate everything if the checked state of the whole group changes.

  • fast/selectors/detached-radio-button-checked-and-indeterminate-states-expected.txt: Added.
  • fast/selectors/detached-radio-button-checked-and-indeterminate-states.html: Added.
  • fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update-expected.txt: Added.
  • fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html: Added.
8:33 PM Changeset in webkit [202196] by commit-queue@webkit.org
  • 21 edits
    2 deletes in trunk

Unreviewed, rolling out r202152.
https://bugs.webkit.org/show_bug.cgi?id=158897

The new test is very unstable, timing out frequently
(Requested by ap on #webkit).

Reverted changeset:

"Web Inspector: console.profile should use the new Sampling
Profiler"
https://bugs.webkit.org/show_bug.cgi?id=153499
http://trac.webkit.org/changeset/202152

8:29 PM Changeset in webkit [202195] by commit-queue@webkit.org
  • 6 edits
    2 deletes in trunk

Unreviewed, rolling out r202068, r202115, and r202128.
https://bugs.webkit.org/show_bug.cgi?id=158896

The new test is very unstable, timing out frequently
(Requested by ap on #webkit).

Reverted changesets:

"decompose4 return value is unchecked, leading to potentially
uninitialized data."
https://bugs.webkit.org/show_bug.cgi?id=158761
http://trac.webkit.org/changeset/202068

"[mac] LayoutTest transforms/undecomposable.html is a flaky
timeout"
https://bugs.webkit.org/show_bug.cgi?id=158816
http://trac.webkit.org/changeset/202115

"[mac] LayoutTest transforms/undecomposable.html is a flaky
timeout"
https://bugs.webkit.org/show_bug.cgi?id=158816
http://trac.webkit.org/changeset/202128

6:19 PM Changeset in webkit [202194] by Chris Fleizach
  • 4 edits
    2 adds in trunk

AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
https://bugs.webkit.org/show_bug.cgi?id=158876
<rdar://problem/26842619>

Reviewed by Joanmarie Diggs.

Source/WebCore:

The indeterminate state was not being reported for native checkboxes.

Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
was not being reported correctly. Changed that to check the actual attribute.

Test: accessibility/checkbox-mixed-value.html

  • accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::isIndeterminate):
(WebCore::AccessibilityNodeObject::isPressed):
(WebCore::AccessibilityNodeObject::checkboxOrRadioValue):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::checkboxOrRadioValue):

LayoutTests:

  • accessibility/checkbox-mixed-value-expected.txt: Added.
  • accessibility/checkbox-mixed-value.html: Added.
6:09 PM Changeset in webkit [202193] by bshafiei@apple.com
  • 3 edits
    2 copies in branches/safari-601-branch

Merged r202174. rdar://problem/26701322

6:06 PM Changeset in webkit [202192] by dino@apple.com
  • 4 edits
    2 adds in trunk

REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
https://bugs.webkit.org/show_bug.cgi?id=158895
<rdar://problem/26423617>

Reviewed by Zalan Bujtas.

Source/WebCore:

In r199819 we started resetting contexts if the page had too
many. Unfortunately there were entry points in the WebGL context
that didn't check for the validity of the object before trying
to access the lower level objects.

Test: webgl/many-contexts-access-after-loss.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
(WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.

LayoutTests:

New test to access the contexts after loss. Also cleaned
up the JavaScript code in the existing test (and made sure
it ran outside of the test system).

  • webgl/many-contexts-access-after-loss-expected.txt: Added.
  • webgl/many-contexts-access-after-loss.html: Added.
  • webgl/many-contexts.html:
6:05 PM Changeset in webkit [202191] by bshafiei@apple.com
  • 3 edits
    2 copies in branches/safari-601.1.46-branch

Merged r202174. rdar://problem/26701284

6:03 PM Changeset in webkit [202190] by dbates@webkit.org
  • 6 edits
    2 deletes in trunk

Unreviewed, rolling out r202186.

Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
builds.

Reverted changeset:

"File scheme should not allow access of a resource on a
different volume."
https://bugs.webkit.org/show_bug.cgi?id=158552
http://trac.webkit.org/changeset/202186

6:02 PM Changeset in webkit [202189] by dbates@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r202187.

202186

Reverted changeset:

"Unreviewed clean-up after r202186."
http://trac.webkit.org/changeset/202187

5:25 PM Changeset in webkit [202188] by Chris Dumez
  • 4 edits in trunk/Source

Optimize parseCacheHeader() by using StringView
https://bugs.webkit.org/show_bug.cgi?id=158891

Reviewed by Darin Adler.

Source/WebCore:

Optimize parseCacheHeader() and avoid some temporary String allocations
by using StringView. We now strip the whitespaces in the input string
at the beginning of the function, at the same as as we strip the
control characters. We are then able to leverage StringView in the
rest of the function to get substrings without the need for extra
String allocations.

  • platform/network/CacheValidation.cpp:

(WebCore::isControlCharacterOrSpace):
(WebCore::trimToNextSeparator):
(WebCore::parseCacheHeader):

Source/WTF:

Add a StringView::find() overload which takes a CharacterMatchFunction
to match the one on String.

  • wtf/text/StringView.h:

(WTF::StringView::find):

5:09 PM Changeset in webkit [202187] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Unreviewed clean-up after r202186.

  • platform/FileSystem.cpp:

(WebCore::filesHaveSameVolume): Don't use C-style formatting.

5:03 PM Changeset in webkit [202186] by Brent Fulgham
  • 6 edits
    2 adds in trunk

File scheme should not allow access of a resource on a different volume.
https://bugs.webkit.org/show_bug.cgi?id=158552
<rdar://problem/15307582>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-06-17
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canDisplay):

  • platform/FileSystem.cpp:

(WebCore::platformFileStat):
(WebCore::filesHaveSameVolume):
Returns true if the files are on the same volume

  • platform/FileSystem.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
  • TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.

(-[CrossPartitionFileSchemeAccessNavigationDelegate webView:didFinishNavigation:]):
When the main page load is complete fetch the contents of the document to check if iframe was loaded
(createPartition):
Create a disk image and load the contents of the file.
(cleanUp):
(TestWebKitAPI::TEST):

4:31 PM Changeset in webkit [202185] by enrica@apple.com
  • 15 edits in trunk/Source/WebKit2

Support configurable autocapitalization.
https://bugs.webkit.org/show_bug.cgi?id=158860
rdar://problem/26231403

Reviewed by Tim Horton.

The behavior of spellchecker should be configurable to avoid
unwanted autocapitalization.

  • UIProcess/API/APIPageConfiguration.cpp:

(API::PageConfiguration::copy):

  • UIProcess/API/APIPageConfiguration.h:

(API::PageConfiguration::initialCapitalizationEnabled):
(API::PageConfiguration::setInitialCapitalizationEnabled):

  • UIProcess/API/C/WKPageConfigurationRef.cpp:

(WKPageConfigurationSetIntialCapitalizationEnabled):

  • UIProcess/API/C/WKPageConfigurationRef.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _initialCapitalizationEnabled]):
(-[WKWebViewConfiguration _setInitialCapitalizationEnabled:]):

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
  • UIProcess/TextChecker.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::checkTextOfParagraph):
(WebKit::WebPageProxy::getGuessesForWord):

  • UIProcess/WebPageProxy.h:
  • UIProcess/efl/TextCheckerEfl.cpp:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):

  • UIProcess/gtk/TextCheckerGtk.cpp:

(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::checkTextOfParagraph):

  • UIProcess/ios/TextCheckerIOS.mm:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):

  • UIProcess/mac/TextCheckerMac.mm:

(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):

4:27 PM Changeset in webkit [202184] by Chris Dumez
  • 14 edits in trunk/Source/WebKit2

Use WTF::NoncopyableFunction in NetworkDataTaskClient
https://bugs.webkit.org/show_bug.cgi?id=158887

Reviewed by Alex Christensen.

Use WTF::NoncopyableFunction in NetworkDataTaskClient instead of std::function
and consistently move it around. This avoids some unnecessary copying.

  • NetworkProcess/Downloads/DownloadManager.cpp:

(WebKit::DownloadManager::willDecidePendingDownloadDestination):
(WebKit::DownloadManager::continueDecidePendingDownloadDestination):

  • NetworkProcess/Downloads/DownloadManager.h:
  • NetworkProcess/NetworkDataTask.h:
  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::willPerformHTTPRedirection):
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::didReceiveResponseNetworkSession):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):

  • NetworkProcess/NetworkLoad.h:
  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::findPendingDownloadLocation):

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/PingLoad.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::didReceiveChallenge):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

  • Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::addChallengeToChallengeMap):
(WebKit::AuthenticationManager::coalesceChallengesMatching):
(WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):
(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
(WebKit::AuthenticationManager::useCredentialForSingleChallenge):

  • Shared/Authentication/AuthenticationManager.h:
  • Shared/Authentication/mac/AuthenticationManager.mac.mm:

(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):

3:24 PM Changeset in webkit [202183] by commit-queue@webkit.org
  • 34 edits
    1 move
    2 adds in trunk

Web video playback controls should have RTL volume slider
https://bugs.webkit.org/show_bug.cgi?id=158856
<rdar://problem/25971769>

Patch by Antoine Quint <Antoine Quint> on 2016-06-17
Reviewed by Tim Horton.

Source/WebCore:

We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
propagate the user interface layout direction.

The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
then notifies the Document of a change, which propagates down to registered media elements, and finally sets
the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
.volume-box which applies a translate to the right and flips the volume controls on the x axis.

Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
can easily set a named JS property with a given JSValue.

For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.

Test: fullscreen/video-controls-rtl.html

  • Modules/mediacontrols/mediaControlsApple.css:

(video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.set usesLTRUserInterfaceLayoutDirection):

  • WebCore.xcodeproj/project.pbxproj:
  • dom/Document.cpp:

(WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
(WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
(WebCore::Document::userInterfaceLayoutDirectionChanged):

  • dom/Document.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::registerWithDocument):
(WebCore::HTMLMediaElement::unregisterWithDocument):
(WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
(WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
(WebCore::HTMLMediaElement::setControllerJSProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::pageScaleFactorChanged):
(WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
(WebCore::setPageScaleFactorProperty): Deleted.

  • html/HTMLMediaElement.h:
  • page/Page.cpp:

(WebCore::Page::setUserInterfaceLayoutDirection):

  • page/Page.h:

(WebCore::Page::userInterfaceLayoutDirection):

  • platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
  • testing/Internals.cpp:

(WebCore::Internals::setUserInterfaceLayoutDirection):

  • testing/Internals.h:
  • testing/Internals.idl:

Source/WebKit2:

We now call setUserInterfaceLayoutDirection() on WebCore::Page to propagate
the user interface layout direction down to the Web content. To facilitate this,
the UserInterfaceLayoutDirection enum is now defined in WebCore.

  • Shared/WebPageCreationParameters.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(convertSystemLayoutDirection):
(toUserInterfaceLayoutDirection):

  • UIProcess/API/gtk/PageClientImpl.h:
  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::toUserInterfaceLayoutDirection):
(WebKit::WebViewImpl::userInterfaceLayoutDirection):

  • UIProcess/PageClient.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::userInterfaceLayoutDirection):
(WebKit::WebPageProxy::setUserInterfaceLayoutDirection):

  • UIProcess/WebPageProxy.h:
  • UIProcess/efl/WebView.h:
  • UIProcess/ios/PageClientImplIOS.h:
  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::userInterfaceLayoutDirection):

  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::userInterfaceLayoutDirection):

  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::PendingSwipeTracker::scrollEventCanBecomeSwipe):
(WebKit::ViewGestureController::isPhysicallySwipingLeft):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::m_userInterfaceLayoutDirection):
(WebKit::WebPage::setUserInterfaceLayoutDirection):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performNonEditingBehaviorForSelector):

LayoutTests:

New test that checks that the volume box has the correct CSS class name and the expected
CSS transform value applied to it when the user interface layout direction is right-to-left
and that changing the user interface layout direction dynamically update the media element
shadow tree as expected.

  • fullscreen/video-controls-rtl-expected.txt: Added.
  • fullscreen/video-controls-rtl.html: Added.
2:46 PM Changeset in webkit [202182] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Update LayoutTest fast/canvas/canvas-composite-text-alpha.html
https://bugs.webkit.org/show_bug.cgi?id=158710

Reviewed by Alexey Proskuryakov.

Though this test passes, opening the test file directly reports multiple failures. Updating the
readback locations to get the correct results.

  • fast/canvas/canvas-composite-text-alpha.html:
2:46 PM Changeset in webkit [202181] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking media/video-controls-show-on-kb-or-ax-event.html as flaky on Mac
https://bugs.webkit.org/show_bug.cgi?id=158889

Unreviewed test gardening.

  • platform/mac/TestExpectations:
2:30 PM Changeset in webkit [202180] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html on Mac
https://bugs.webkit.org/show_bug.cgi?id=155196

Unreviewed test gardening.

  • platform/mac/TestExpectations:
2:21 PM Changeset in webkit [202179] by dino@apple.com
  • 3 edits
    2 adds in trunk

REGRESSION: Double tap to zoom does not work on yahoo finance
https://bugs.webkit.org/show_bug.cgi?id=158886
<rdar://problem/24917760>

Reviewed by Simon Fraser.

Source/WebKit2:

We shouldn't enable fast click on pages that have
had to shrink to fit. In other words, we should enable
double-tap-to-zoom if the page has already zoomed.

Test: fast/events/ios/viewport-shrink-to-fit-allows-double-tap.html

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _allowsDoubleTapGestures]):

LayoutTests:

  • fast/events/ios/viewport-shrink-to-fit-allows-double-tap-expected.txt: Added.
  • fast/events/ios/viewport-shrink-to-fit-allows-double-tap.html: Added.
1:51 PM Changeset in webkit [202178] by Chris Dumez
  • 7 edits
    2 adds in trunk

TouchEvent should have a constructor
https://bugs.webkit.org/show_bug.cgi?id=158883
<rdar://problem/26063585>

Reviewed by Benjamin Poulain.

Source/WebCore:

TouchEvent should have a constructor:

Chrome already ships this:

Test: fast/events/touch/touch-event-constructor.html

  • bindings/js/JSDictionary.cpp:

(WebCore::JSDictionary::convertValue):

  • bindings/js/JSDictionary.h:
  • dom/TouchEvent.cpp:

(WebCore::TouchEvent::TouchEvent):

  • dom/TouchEvent.h:
  • dom/TouchEvent.idl:

LayoutTests:

Add layout test coverage for the TouchEvent constructor.

  • fast/events/touch/touch-event-constructor-expected.txt: Added.
  • fast/events/touch/touch-event-constructor.html: Added.
1:21 PM Changeset in webkit [202177] by Alan Bujtas
  • 3 edits in trunk/Source/WebCore

Potential null dereferencing on a detached positioned renderer.
https://bugs.webkit.org/show_bug.cgi?id=158879

Reviewed by Simon Fraser.

This patch fixes the case when the while loop to search for the absolute positioned ancestor
returns null (it happens when positioned renderer has been detached from the render tree).

Speculative fix.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):

  • rendering/RenderBlock.h:
1:18 PM Changeset in webkit [202176] by Chris Dumez
  • 9 edits in trunk

URL hash setter does not remove fragment identifier if argument is an empty string
https://bugs.webkit.org/show_bug.cgi?id=158869
<rdar://problem/26863430>

Reviewed by Darin Adler.

Source/WebCore:

URL hash setter and URLUtils hash setter should remove the fragment identifier
if set to "#" or "":

This patch aligns our behavior with the specification and with other browsers
(tested Firefox and Chrome).

This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
the specification:

No new tests, rebaselined existing tests.

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::origin): Deleted.
(WebCore::HTMLAnchorElement::text): Deleted.
(WebCore::HTMLAnchorElement::setText): Deleted.
(WebCore::HTMLAnchorElement::toString): Deleted.
(WebCore::HTMLAnchorElement::isLiveLink): Deleted.
(WebCore::HTMLAnchorElement::sendPings): Deleted.
(WebCore::HTMLAnchorElement::handleClick): Deleted.
(WebCore::HTMLAnchorElement::eventType): Deleted.
(WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
(WebCore::isEnterKeyKeydownEvent): Deleted.
(WebCore::shouldProhibitLinks): Deleted.
(WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
(WebCore::rootEditableElementMap): Deleted.
(WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
(WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
(WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.

  • html/HTMLAnchorElement.h:

(WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.

  • html/URLUtils.h:

(WebCore::URLUtils<T>::setHash):

LayoutTests:

Update existing layout tests now that setting hash to "" or "#" clears
the fragment identifier.

  • fast/dom/DOMURL/set-href-attribute-hash-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-hash.html:
  • fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hash.js:
  • fast/dom/HTMLAnchorElement/set-href-attribute-hash-expected.txt:
12:51 PM Changeset in webkit [202175] by bshafiei@apple.com
  • 5 edits
    4 copies in branches/safari-601-branch

Merged r202151. rdar://problem/26701322

12:50 PM Changeset in webkit [202174] by wilander@apple.com
  • 3 edits
    2 adds in trunk

Ignore case in the check for security origin inheritance
https://bugs.webkit.org/show_bug.cgi?id=158878

Reviewed by Alex Christensen.

Source/WebCore:

Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
"Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII
case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for
those two lines instead of using ==. URL::parse normalizes letters in the scheme
and host by using toASCIILower, but does not normalize letters elsewhere in the
URL, such as in the "blank" or "srcdoc" in the above URLs."

Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html

  • platform/URL.cpp:

(WebCore::URL::shouldInheritSecurityOriginFromOwner):

LayoutTests:

  • http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt: Added.
  • http/tests/dom/window-open-about-uppercase-blank-and-access-document.html: Added.
12:22 PM Changeset in webkit [202173] by mark.lam@apple.com
  • 3 edits in trunk/Source/WTF

OOM Assertion failure in JSON.stringify.
https://bugs.webkit.org/show_bug.cgi?id=158794
<rdar://problem/26826254>

Reviewed by Saam Barati.

The bug was actually in StringBuilder::appendQuotedJSONString() where it failed
to detect an imminent unsigned int overflow. The fix is to use Checked<unsigned>
for the needed math, and RELEASE_ASSERT afterwards that we did not overflow.

I also added more assertions to detect sooner if any there are any problems with
StringBuilder's m_buffer or m_length being incorrectly sized. These assertions
have been run on the JSC and layout tests without any issue.

  • wtf/text/StringBuilder.cpp:

(WTF::StringBuilder::resize):
(WTF::StringBuilder::allocateBuffer):
(WTF::StringBuilder::allocateBufferUpConvert):
(WTF::StringBuilder::reallocateBuffer<LChar>):
(WTF::StringBuilder::reallocateBuffer<UChar>):
(WTF::StringBuilder::reserveCapacity):
(WTF::StringBuilder::appendUninitializedSlow):
(WTF::StringBuilder::append):
(WTF::StringBuilder::appendQuotedJSONString):

  • wtf/text/StringBuilder.h:

(WTF::StringBuilder::swap):

12:10 PM Changeset in webkit [202172] by hyungwook.lee@navercorp.com
  • 2 edits in trunk/Source/WebCore

Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
https://bugs.webkit.org/show_bug.cgi?id=158868

Reviewed by Alex Christensen.

Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS

  • dom/Node.cpp:

(WebCore::Node::dumpStatistics):

11:47 AM Changeset in webkit [202171] by bshafiei@apple.com
  • 5 edits
    4 copies in branches/safari-601.1.46-branch

Merged r202151. rdar://problem/26701284

10:24 AM Changeset in webkit [202170] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping two new LayoutTests that rely on mouse events on ios-simulator.
https://bugs.webkit.org/show_bug.cgi?id=158855

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
10:20 AM Changeset in webkit [202169] by pvollan@apple.com
  • 2 edits in trunk/Source/WebCore

[Win] Scrolling in popup menu scrolls past last entry.
https://bugs.webkit.org/show_bug.cgi?id=158870

Reviewed by Brent Fulgham.

When the popup has a scrollbar, the content size is not equal to the popup window size.

  • platform/win/PopupMenuWin.cpp:

(WebCore::PopupMenuWin::contentsSize):

9:54 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
9:54 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
9:53 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
9:30 AM Changeset in webkit [202168] by fred.wang@free.fr
  • 27 edits
    1 add
    4 deletes in trunk

Refactor RenderMathMLRoot layout function to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153987

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-17
Reviewed by Brent Fulgham.

Source/WebCore:

No new tests, already covered by existing tests.
A case for RTL root has been added to roots.xhtml.

We reimplement RenderMathMLRoot without any flexbox or anonymous.
The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
the MathOperator class introduced in bug 152244.
msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.

  • CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
  • WebCore.xcodeproj/project.pbxproj: ditto.
  • accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any

radical wrappers.
(WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
roots as rows.
(WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
Root/SquareRoot or nullptr.
(WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
Root and nullptr for SquareRoot.

  • mathml/MathMLInlineContainerElement.cpp:

(WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
for msqrt, it is treated as a normal RenderMathMLRow.
(WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
RenderMathMLRoot object.

  • rendering/RenderObject.h:

(WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.

  • rendering/mathml/RenderMathMLBlock.cpp:

(WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
offset according to the parent width.
(WebCore::RenderMathMLBlock::renderName):

  • rendering/mathml/RenderMathMLBlock.h:

(WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
call to the other mirrorIfNeeded function.

  • rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.

(WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.

  • rendering/mathml/RenderMathMLOperator.h: ditto.
  • rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn

with a MathOperator.

  • rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
  • rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and

anonymous wrappers.
(WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
square root and general root and set the MathOperator member to draw the radical sign.
(WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
(WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
(WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
(WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
MathOperator in sync with ours ; no need to skip empty roots.
(WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
no need to skip empty roots.
(WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
No need to set style for anonymous.
(WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
(WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
(WebCore::RenderMathMLRoot::paintChildren): Implement this function.
(WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
paint the radical sign via MathOperator::paint
(WebCore::RenderMathMLRoot::baseWrapper): Deleted.
(WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
(WebCore::RenderMathMLRoot::indexWrapper): Deleted.
(WebCore::RenderMathMLRoot::radicalOperator): Deleted.
(WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
(WebCore::RenderMathMLRoot::addChild): Deleted.
(WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
(WebCore::RenderMathMLRoot::layout): Deleted.
(WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
(WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
(WebCore::RenderMathMLRootWrapper::removeChild): Deleted.

  • rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.

Make RenderMathMLRoot support <msqrt>.
Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
Update function declaration to implement layout without flexbox and add some helper functions.

  • rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,

for use in RenderMathMLRoot.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
(WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
logical width of the chid row. Set the temporary logical width for RenderMathRoot before
laying the children out.
(WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
parameter.

  • rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by

RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
after the chid row is laid out.

  • rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.

(WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.

  • rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
  • rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
  • rendering/mathml/RenderMathMLSquareRoot.h: Removed.
  • rendering/mathml/MathOperator.cpp:

(WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
in RTL direction.

LayoutTests:

Update expectations for some MathML tests containing radical operators.

that we do not manage anonymous wrappers anymore.

  • mathml/presentation/roots.xhtml: Add one test for RTL roots.
  • platform/gtk/mathml/presentation/mo-stretch-expected.txt: Update expectation to

take into change in the render tree.

  • platform/gtk/mathml/presentation/roots-expected.txt: Ditto.
  • platform/gtk/mathml/presentation/roots-expected.png: Update expectation to take

into account small rendering changes.

  • platform/ios-simulator/mathml/presentation/roots-expected.txt: Ditto.
  • platform/gtk/mathml/radical-fallback-expected.txt: Ditto.
  • platform/gtk/mathml/radical-fallback-expected.png: Ditto.
  • platform/mac/mathml/radical-fallback-expected.txt: Ditto.
  • platform/mac/mathml/radical-fallback-expected.png: Ditto.
  • platform/ios-simulator/mathml/radical-fallback-expected.txt: Ditto.
  • platform/ios-simulator/mathml/radical-fallback-expected.png: Added.
8:43 AM Changeset in webkit [202167] by Chris Dumez
  • 33 edits
    1 add in trunk/Source/WebCore

Drop some unnecessary header includes
https://bugs.webkit.org/show_bug.cgi?id=158864

Reviewed by Alexey Proskuryakov.

Drop some unnecessary header includes to try and reduce build times.

  • WebCore.xcodeproj/project.pbxproj:
  • accessibility/AccessibilityList.cpp:
  • css/CSSComputedStyleDeclaration.cpp:
  • css/MediaQueryMatcher.cpp:
  • css/StyleMedia.cpp:
  • css/TransformFunctions.cpp:
  • dom/NodeRenderStyle.h:
  • dom/PseudoElement.h:

(isType): Deleted.

  • html/HTMLTitleElement.cpp:
  • html/shadow/MediaControlElementTypes.h:
  • html/shadow/MediaControls.cpp:
  • inspector/InspectorDOMAgent.h:
  • inspector/InspectorLayerTreeAgent.h:
  • inspector/InspectorPageAgent.cpp:
  • page/scrolling/AsyncScrollingCoordinator.cpp:
  • page/scrolling/ScrollingCoordinator.h:
  • rendering/BidiRun.h:
  • rendering/BorderEdge.h:
  • rendering/RenderElement.h:
  • rendering/RenderObject.h:

(WebCore::AnnotatedRegionValue::operator==): Deleted.
(WebCore::AnnotatedRegionValue::operator!=): Deleted.

  • rendering/RenderObjectEnums.h: Added.
  • rendering/RenderTheme.h:
  • rendering/SimpleLineLayoutFlowContents.h:
  • rendering/SimpleLineLayoutTextFragmentIterator.h:
  • rendering/TextPainter.h:
  • rendering/style/RenderStyle.h:

(WebCore::pseudoElementRendererIsNeeded):

  • rendering/style/ShapeValue.cpp:
  • rendering/style/ShapeValue.h:
  • style/ClassChangeInvalidation.cpp:
  • style/ClassChangeInvalidation.h:
  • style/InlineTextBoxStyle.h:
  • style/StyleUpdate.cpp:
6:35 AM Changeset in webkit [202166] by akling@apple.com
  • 4 edits in trunk/Source/WebCore

[iOS] Throw away linked code when navigating to a new page.
<https://webkit.org/b/153851>

Reviewed by Antti Koivisto.

When navigating to a new page, tell JSC to throw out any linked code it has lying around.
Linked code is tied to a specific global object, and as we're creating a new one for the
new page, none of it is useful to us here.

In the event that the user navigates back, the cost of relinking some code will be far
lower than the memory cost of keeping all of it around.

This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
due to the benchmark harness using top-level navigations to drive the tests.
This new version avoids that problem by only throwing out code if we haven't navigated
in the last 2 seconds. This also prevents excessive work in response to redirects.

I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):

  • platform/MemoryPressureHandler.h:
4:50 AM Changeset in webkit [202165] by eocanha@igalia.com
  • 2 edits in trunk/Tools

Unreviewed. Added myself to the list of committers.

  • Scripts/webkitpy/common/config/contributors.json:
4:46 AM Changeset in webkit [202164] by commit-queue@webkit.org
  • 2 edits
    3 deletes in trunk/LayoutTests

Update test-expected file for failing fullscreen test
https://bugs.webkit.org/show_bug.cgi?id=158838

Patch by Romain Bellessort <romain.bellessort@crf.canon.fr> on 2016-06-17
Reviewed by Carlos Garcia Campos.

Used MAC version of the test as the default version since only MAC and
GTK do not skip this test and expect the same result. Removed
test-expected files specific to each port when there was one. Prior to
this patch, GTK test was failing unexpectedly.

  • fullscreen/video-controls-override-expected.txt:
  • platform/efl/fullscreen/video-controls-override-expected.txt: Removed.
  • platform/gtk/fullscreen/video-controls-override-expected.txt: Removed.
  • platform/mac/fullscreen/video-controls-override-expected.txt: Removed.
4:19 AM Changeset in webkit [202163] by pvollan@apple.com
  • 2 edits in trunk/Source/WebKit/win

[Win] Rendering is not scaled correctly if process is DPI aware.
https://bugs.webkit.org/show_bug.cgi?id=158781

Reviewed by Brent Fulgham.

Scale the root graphics layer with the device scale factor.

  • WebView.cpp:

(WebView::setAcceleratedCompositing):

3:34 AM Changeset in webkit [202162] by youenn.fablet@crf.canon.fr
  • 13 edits in trunk

CORS preflight with a non-200 response should be a preflight failure
https://bugs.webkit.org/show_bug.cgi?id=111008

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/XMLHttpRequest/data-uri-expected.txt:

Source/WebCore:

Covered by rebased tests.

  • Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
  • loader/CrossOriginPreflightChecker.cpp:

(WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
successful. If not, calling preflight failure callback.
(WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
responses are processed as other responses.

  • loader/ResourceLoaderOptions.h:

(WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
const reference.
(WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.

  • platform/network/ResourceResponseBase.cpp:

(WebCore::ResourceResponseBase::isSuccessful): Utility function.

  • platform/network/ResourceResponseBase.h:

LayoutTests:

  • http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
  • http/tests/xmlhttprequest/access-control-and-redirects-async.html:
  • http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt:
  • http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt:
2:27 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
2:24 AM Changeset in webkit [202161] by fred.wang@free.fr
  • 8 edits
    6 adds in trunk

MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
https://bugs.webkit.org/show_bug.cgi?id=156836

Source/WebCore:

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-17
Reviewed by Sergio Villar Senin.

Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
operators using size variants or glyph assembly. This is especially problematic for the
radical symbol which is used to write roots. Currently, we have some fallback code to draw
that symbol using graphical primitives but it is a bit complex and makes the style of radical
inconsistent with the font used. We solve these issues by just scaling the base glyph via a
scale transform. Such scale transform is also used to mirror the radical symbol so that we
have some support for right-to-left roots until we can do glyph-level mirroring
via the OpenType rtlm feature.

Test: mathml/radical-fallback.html

  • rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.

(WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
symbols so m_radicalVerticalScale is initialized to 1.
(WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
try streching a radical, then we update the vertical metrics to match the target size and
set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
(WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
mirroring or vertical stretching.

  • rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the

scaling to apply to the base radical glyph when the stretchy fallback is necessary.
(WebCore::MathOperator::isStretched): The operator is also considered stretched when the
m_radicalVerticalScale is applied to the base size.

  • rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
  • rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.

LayoutTests:

Reviewed by Sergio Villar Senin.

We add a pixel test to verify the result of stretching a radical operator.
We test RTL/LTR direction as well as default/sans-serif font in order to check the fallback code.

  • mathml/radical-fallback.html: Added.
  • platform/gtk/mathml/radical-fallback-expected.png: Added.
  • platform/gtk/mathml/radical-fallback-expected.txt: Added.
  • platform/ios-simulator/mathml/radical-fallback-expected.txt: Added.
  • platform/mac/mathml/radical-fallback-expected.png: Added.
  • platform/mac/mathml/radical-fallback-expected.txt: Added.
  • platform/ios-simulator/mathml/presentation/roots.txt: Updated.

Jun 16, 2016:

11:23 PM Changeset in webkit [202160] by commit-queue@webkit.org
  • 4 edits
    4 deletes in trunk

Unreviewed, rolling out r202147.
https://bugs.webkit.org/show_bug.cgi?id=158867

Broke scrolling tests on iOS Simulator (Requested by ap on
#webkit).

Reverted changeset:

"Focus event dispatched in iframe causes parent document to
scroll incorrectly"
https://bugs.webkit.org/show_bug.cgi?id=158629
http://trac.webkit.org/changeset/202147

10:19 PM Changeset in webkit [202159] by commit-queue@webkit.org
  • 8 edits
    12 adds in trunk

:in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
https://bugs.webkit.org/show_bug.cgi?id=156530

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-06-16
Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

  • web-platform-tests/html/semantics/selectors/pseudo-classes/inrange-outofrange-expected.txt:

Source/WebCore:

Elements should only match :in-range and :out-of-range
when they are candidate for constraint validation.

Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html

fast/css/pseudo-in-range-on-readonly-input-basics.html
fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
fast/css/pseudo-out-of-range-on-disabled-input-basics.html
fast/css/pseudo-out-of-range-on-readonly-input-basics.html
fast/selectors/in-range-out-of-range-style-update.html

  • html/BaseDateAndTimeInputType.cpp:

(WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):

  • html/NumberInputType.cpp:

(WebCore::NumberInputType::minOrMaxAttributeChanged):
I forgot to handle style update in r202143.
This is covered by the new style invalidation test.

  • html/BaseDateAndTimeInputType.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::isInRange):
(WebCore::HTMLInputElement::isOutOfRange):

LayoutTests:

  • fast/css/pseudo-in-range-on-disabled-input-basics-expected.html: Added.
  • fast/css/pseudo-in-range-on-disabled-input-basics.html: Added.
  • fast/css/pseudo-in-range-on-readonly-input-basics-expected.html: Added.
  • fast/css/pseudo-in-range-on-readonly-input-basics.html: Added.
  • fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial-expected.html: Added.
  • fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html: Added.
  • fast/css/pseudo-out-of-range-on-disabled-input-basics-expected.html: Added.
  • fast/css/pseudo-out-of-range-on-disabled-input-basics.html: Added.
  • fast/css/pseudo-out-of-range-on-readonly-input-basics-expected.html: Added.
  • fast/css/pseudo-out-of-range-on-readonly-input-basics.html: Added.
  • fast/selectors/in-range-out-of-range-style-update-expected.txt: Added.
  • fast/selectors/in-range-out-of-range-style-update.html: Added.
9:56 PM Changeset in webkit [202158] by Gyuyoung Kim
  • 5 edits
    1 add in trunk

[EFL][GTK] LayoutTest doesn't run on Ubuntu 16.04
https://bugs.webkit.org/show_bug.cgi?id=158141

Reviewed by Michael Catanzaro.

Tools:

  • Scripts/webkitpy/port/base.py: Detect php version in system, then use it.

(Port._is_debian_php_version_7):
(Port._debian_php_version):
(Port._apache_config_file_name_for_platform):

  • efl/install-dependencies:
  • gtk/install-dependencies:

LayoutTests:

  • http/conf/debian-httpd-2.4-php7.conf: Added.
9:48 PM Changeset in webkit [202157] by fpizlo@apple.com
  • 25 edits
    5 adds in trunk

Baseline JIT should be concurrent
https://bugs.webkit.org/show_bug.cgi?id=158755

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This makes the baseline JIT concurrent. We want it to be concurrent because it takes up
about 1% of PLT3 and 10% of JSBench (though the JSBench number might be down from recent
optimizations).

The idea is really simple: I separated the compile and link phases of JIT::privateCompile(),
and arranged to call the compile phase from another thread. This doesn't reuse the old
DFG::Worklist code, because that code does things we don't need (like compilation plan
cancellation to allow GC to interleave with compilations) and is structured in a way that
would have required more changes to the baseline JIT. Also, I think that code uses the wrong
API, and as a result, clients of that API have a bad time. For example, it's never clear who
has the responsibility of setting the JIT thresholds and the DFG::Worklist goes to great
lengths to try to help its client set those things correctly, but since it doesn't set them
directly, the client then has to have additional complex logic to combine what it learned
from the Worklist and what it knows to set the thresholds. This patch takes a simpler
approach: the JITWorklist takes complete control over scheduling compilations. It's like a
combination of DFG::Worklist and operationOptimize().

Because the baseline JIT runs quickly, we can take some shortcuts. The JITWorklist requires
that all of its plans complete before a GC begins. This ensures that we don't have to worry
about interactions between the concurrent baseline JIT and the GC.

I needed to do a bunch of minor changes to the JIT to handle the races that emerged. For
example, I needed to do things to opcodes that read profiling both in the main path code
generator and the slow path one. One trick I used was to create a copy of the instruction
stream and provide that for anyone interested in the original value of the profiles. Most
code still uses the CodeBlock's instruction stream because it may emit JIT code that points
at the stream.

This also fixes a LLInt bug in prototype caching. This bug was revealed by this change
because more of our LayoutTests now run in LLInt.

This looks like it might be a ~1% Octane speed-up (on command line) and a ~0.7% PLT3
speed-up. This also looks like a ~2% JSBench speed-up.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • debugger/Debugger.cpp:

(JSC::Debugger::setSteppingMode):
(JSC::Debugger::toggleBreakpoint):
(JSC::Debugger::clearBreakpoints):
(JSC::Debugger::clearDebuggerRequests):

  • dfg/DFGOSRExitPreparation.cpp:

(JSC::DFG::prepareCodeOriginForOSRExit):

  • heap/Heap.cpp:

(JSC::Heap::didFinishIterating):
(JSC::Heap::completeAllJITPlans):
(JSC::Heap::deleteAllCodeBlocks):
(JSC::Heap::collectImpl):
(JSC::Heap::completeAllDFGPlans): Deleted.

  • heap/Heap.h:
  • heap/HeapInlines.h:

(JSC::Heap::forEachCodeBlock):

  • jit/JIT.cpp:

(JSC::JIT::emitNotifyWrite):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::compileWithoutLinking):
(JSC::JIT::link):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):

  • jit/JIT.h:

(JSC::JIT::compile):
(JSC::JIT::getSlowCase):
(JSC::JIT::linkSlowCase):
(JSC::JIT::linkDummySlowCase):

  • jit/JITInlines.h:

(JSC::JIT::emitTagBool):
(JSC::JIT::originalInstruction):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitSlow_op_put_to_scope):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):

  • jit/JITWorklist.cpp: Added.

(JSC::JITWorklist::Plan::Plan):
(JSC::JITWorklist::Plan::compileInThread):
(JSC::JITWorklist::Plan::finalize):
(JSC::JITWorklist::Plan::codeBlock):
(JSC::JITWorklist::Plan::vm):
(JSC::JITWorklist::Plan::isFinishedCompiling):
(JSC::JITWorklist::Plan::isFinalized):
(JSC::JITWorklist::JITWorklist):
(JSC::JITWorklist::~JITWorklist):
(JSC::JITWorklist::completeAllForVM):
(JSC::JITWorklist::poll):
(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):
(JSC::JITWorklist::runThread):
(JSC::JITWorklist::finalizePlans):
(JSC::JITWorklist::instance):

  • jit/JITWorklist.h: Added.
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::jitCompileAndSetHeuristics):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

  • runtime/VM.cpp:

(JSC::VM::~VM):

Source/WTF:

The concurrent baseline JIT needs to be able to clone bytecode to get a consistent snapshot.
So, this adds such a method.

  • wtf/RefCountedArray.h:

(WTF::RefCountedArray::RefCountedArray):
(WTF::RefCountedArray::clone):

Tools:

Need to disable concurrent JIT when running profiler tests. We should have been doing this
all along.

  • Scripts/run-jsc-stress-tests:

LayoutTests:

This change revealed a latent bug in the LLInt. The non-llint version of this new test
would usually fail because it was still in LLInt. This new test always fails.

  • js/dom/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint.html: Added.
  • js/dom/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint-expected.txt: Added.
  • js/dom/script-tests/prototype-chain-caching-with-impure-get-own-property-slot-traps-llint.js: Added.
9:36 PM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
9:34 PM Changeset in webkit [202156] by fred.wang@free.fr
  • 22 edits in trunk

Add separate MathOperator for selection/measuring/drawing of stretchy operators
https://bugs.webkit.org/show_bug.cgi?id=152244

Patch by Frederic Wang <fwang@igalia.com> on 2016-06-16
Reviewed by Brent Fulgham.

Source/WebCore:

We complete the class to select, measure and draw stretchy operators that is independent
from RenderMathMLOperator. That way, we will be able use stretchy operator without having
to introduce & manage anonymous RenderMathMLOperator's
(e.g for <mroot>, <msqrt> and <mfenced>).

No new tests, already covered by existing tests.

  • rendering/mathml/MathOperator.cpp:

(WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
(WebCore::descentForGlyph): Add this helper function to get glyph descent.
(WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
base glyph.
(WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
(WebCore::MathOperator::setGlyphAssembly): Ditto.
(WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
change m_maxPreferredWidth to use the actual width instead.
(WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
(WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
(WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
the same axis, given by m_ascent.
Add a FIXME for bug 155434.
(WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
(WebCore::MathOperator::paint): Public function to do the painting.
(WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.

  • rendering/mathml/MathOperator.h: Update declarations and make most of the members private.

(WebCore::MathOperator::ascent): Function to expose m_ascent.
(WebCore::MathOperator::descent): Function to expose m_descent.

  • rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
(WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
For horizontal operators, we just use the width of the base glyph.
Finally, we remove the dirty flag on preferred logical width.
(WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
(WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
RenderMathMLOperator to avoid test breakage.
(WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
account style change.
(WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
(WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
(WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
MathOperator::descent() functions to calculate the height.
(WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
We center horizontal operator and forward the paint() call to MathOperator.
(WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
between the values returned by MathOperator::maxPreferredWidth() and
MathOperator::width().
(WebCore::boundsForGlyph): Deleted.
(WebCore::heightForGlyph): Deleted.
(WebCore::advanceWidthForGlyph): Deleted.
(WebCore::RenderMathMLOperator::updateStyle): Deleted.

LayoutTests:

Update expectations for some MathML tests containing operators/radicals
to take into account small rendering changes.

  • platform/gtk/mathml/opentype/horizontal-expected.png:
  • platform/gtk/mathml/opentype/horizontal-expected.txt:
  • platform/gtk/mathml/opentype/horizontal-munderover-expected.txt:
  • platform/gtk/mathml/opentype/large-operators-expected.png:
  • platform/gtk/mathml/opentype/large-operators-expected.txt:
  • platform/gtk/mathml/opentype/opentype-stretchy-expected.png:
  • platform/gtk/mathml/opentype/opentype-stretchy-expected.txt:
  • platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.png:
  • platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
  • platform/gtk/mathml/opentype/vertical-expected.png:
  • platform/gtk/mathml/opentype/vertical-expected.txt:
  • platform/gtk/mathml/presentation/mo-stretch-expected.png:
  • platform/gtk/mathml/presentation/mo-stretch-expected.txt:
  • platform/gtk/mathml/presentation/roots-expected.txt:
  • platform/ios-simulator/mathml/opentype/horizontal-munderover-expected.txt:
  • platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.png:
  • platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
8:51 PM Changeset in webkit [202155] by jiewen_tan@apple.com
  • 3 edits
    1 copy
    1 move
    7 adds
    5 deletes in trunk

CSP: Content Security Policy should allow '*' to match the originating page's scheme
https://bugs.webkit.org/show_bug.cgi?id=158811
<rdar://problem/26819568>

Reviewed by Daniel Bates.

Source/WebCore:

Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html

security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html

  • page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

LayoutTests:

  • security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-expected.html: Added.
  • security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html: Added.
  • security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html: Removed.
  • security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html: Removed.
  • security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-expected.html: Added.
  • security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html: Added.
  • security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html: Removed.
  • security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html: Removed.
  • security/contentSecurityPolicy/resources/alert-pass.js: Added.
  • security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star-expected.txt: Added.
  • security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html: Added.
  • security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-expected.html: Copied from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
  • security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html: Renamed from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
  • security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html: Removed.
7:50 PM Changeset in webkit [202154] by Chris Dumez
  • 8 edits in trunk/Source

No need to ref connection in lambda inside NetworkResourceLoader::tryStoreAsCacheEntry()
https://bugs.webkit.org/show_bug.cgi?id=158862

Reviewed by Darin Adler.

Source/WebKit2:

No need to ref connection in lambda inside NetworkResourceLoader::tryStoreAsCacheEntry().
We already ref the NetworkResourceLoader which hold a ref to the connection. Also update
the lambda capture to use Ref<> for the NetworkResourceLoader instead of RefPtr<>.
Switch callback type from std::function to WTF::NoncopyableFunction so we can capture a
Ref<>.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::store):

  • NetworkProcess/cache/NetworkCache.h:
  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::WriteOperation::WriteOperation):

  • NetworkProcess/cache/NetworkCacheStorage.h:

Source/WTF:

Add NoncopyableFunction constructor that takes a nullptr_t in, in order
to match the std::function API and make porting from one to the other
easier.

  • wtf/NoncopyableFunction.h:
7:30 PM Changeset in webkit [202153] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Add HTTPHeaderMap::set() overload taking a NSString*
https://bugs.webkit.org/show_bug.cgi?id=158857

Reviewed by Darin Adler.

Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
the one taking a CFStringRef. It is useful for the Cocoa implementation
of ResourceRequest::doUpdateResourceRequest().

  • platform/network/HTTPHeaderMap.h:

(WebCore::HTTPHeaderMap::set):

7:26 PM Changeset in webkit [202152] by commit-queue@webkit.org
  • 21 edits
    2 adds in trunk

Web Inspector: console.profile should use the new Sampling Profiler
https://bugs.webkit.org/show_bug.cgi?id=153499
<rdar://problem/24352431>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-16
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Currently console.profile/profileEnd behave slightly differently
between JSContext and Web inspection. Unifying will be part of:
<https://webkit.org/b/158753> Generalize the concept of Instruments on the backend

Both JSContext and Web inspection keep track of active
profiles started and stopped via console.profile/profileEnd.

JSContext inspection sends its programmatic start/stop
via the ScriptProfiler domain.

Web inspection sends its programmatic start/stop
via the Timeline domain, and also will start/stop backend
list of Instruments.

The functional differences between these is that for JSContext
inspection, console.profile only starts/stops the ScriptProfiler
domain, and does not auto-start other instruments. This isn't really
a problem right now given the instruments available for JSContext
inspection; but it will be nice to unify as we add more instruments.
Also, JSContext inspection won't have "Profile (name)" records in
its Events view, since those are currently generated only by the
Web's Timeline domain.

  • inspector/protocol/ScriptProfiler.json:
  • inspector/protocol/Timeline.json:

Events to inform the frontend of programmatic start/stop.

  • debugger/Debugger.h:
  • inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::breakpointsActive):
(Inspector::InspectorDebuggerAgent::isPaused):

  • inspector/agents/InspectorDebuggerAgent.h:

Expose breakpoints active state, since programmatic recording
will temporarily disabled breakpoints if needed.

  • inspector/JSGlobalObjectConsoleClient.cpp:

(Inspector::JSGlobalObjectConsoleClient::JSGlobalObjectConsoleClient):
(Inspector::JSGlobalObjectConsoleClient::profile):
(Inspector::JSGlobalObjectConsoleClient::profileEnd):
(Inspector::JSGlobalObjectConsoleClient::startConsoleProfile):
(Inspector::JSGlobalObjectConsoleClient::stopConsoleProfile):

  • inspector/JSGlobalObjectConsoleClient.h:
  • inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):

  • inspector/agents/InspectorScriptProfilerAgent.cpp:

(Inspector::InspectorScriptProfilerAgent::programmaticCaptureStarted):
(Inspector::InspectorScriptProfilerAgent::programmaticCaptureStopped):

  • inspector/agents/InspectorScriptProfilerAgent.h:

JSContext implementation of console.profile/profileEnd.

Source/WebCore:

Test: inspector/timeline/setInstruments-programmatic-capture.html

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::startFromConsole):
(WebCore::InspectorTimelineAgent::stopFromConsole):
(WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
(WebCore::InspectorTimelineAgent::startProgrammaticCapture):
(WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
(WebCore::InspectorTimelineAgent::toggleInstruments):
(WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
(WebCore::InspectorTimelineAgent::toggleHeapInstrument):
(WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
(WebCore::InspectorTimelineAgent::toggleTimelineInstrument):

  • inspector/InspectorTimelineAgent.h:

Web implementation of console.profile/profileEnd.
Make helpers for startings / stopping instruments.

Source/WebInspectorUI:

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype.programmaticCaptureStarted):
(WebInspector.TimelineManager.prototype.programmaticCaptureStopped):
(WebInspector.TimelineManager.prototype.scriptProfilerProgrammaticCaptureStarted):
(WebInspector.TimelineManager.prototype.scriptProfilerProgrammaticCaptureStopped):
For programmatic captures, automatically show the Script Timeline, since
that is guarenteed to have been started by the backend. Start capturing
without creating a new recording.

  • UserInterface/Models/TimelineRecording.js:

(WebInspector.TimelineRecording.prototype.stop):
(WebInspector.TimelineRecording.prototype.addScriptInstrumentForProgrammaticCapture):
When stopping for programmatic capture we don't need to disable
instruments, the backend would have already done this.

  • UserInterface/Protocol/ScriptProfilerObserver.js:

(WebInspector.ScriptProfilerObserver.prototype.programmaticCaptureStarted):
(WebInspector.ScriptProfilerObserver.prototype.programmaticCaptureStopped):
(WebInspector.ScriptProfilerObserver):

  • UserInterface/Protocol/TimelineObserver.js:

(WebInspector.TimelineObserver.prototype.programmaticCaptureStarted):
(WebInspector.TimelineObserver.prototype.programmaticCaptureStopped):
(WebInspector.TimelineObserver):
Pass through Web and JSContext programmatic capture events.

LayoutTests:

  • inspector/timeline/setInstruments-programmatic-capture-expected.txt: Added.
  • inspector/timeline/setInstruments-programmatic-capture.html: Added.

New test that the backend auto-starts instruments during programmatic capture.

6:10 PM Changeset in webkit [202151] by wilander@apple.com
  • 5 edits
    4 adds in trunk

Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
https://bugs.webkit.org/show_bug.cgi?id=158855
<rdar://problem/26142632>

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/dom/window-open-about-blank-and-access-document.html

http/tests/dom/window-open-about-webkit-org-and-access-document.html

Document.cpp previously checked whether a document should inherit its owner's
security origin by checking if the URL is either empty or blank. URL.cpp in
turn only checks if the protocol is "about:" in the isBlankURL() function.
Thus all about:* URLs inherited security origin. This patch restricts
security origin inheritance to empty, about:blank, and about:srcdoc URLs.

Quotes and links from the WHATWG spec regarding about:srcdoc:

7.1 Browsing contexts
A browsing context can have a creator browsing context, the browsing context
that was responsible for its creation. If a browsing context has a parent
browsing context, then that is its creator browsing context. Otherwise, if the
browsing context has an opener browsing context, then that is its creator
browsing context. Otherwise, the browsing context has no creator browsing
context.
https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc

7.1.1 Nested browsing contexts
Certain elements (for example, iframe elements) can instantiate further
browsing contexts. These are called nested browsing contexts. If a browsing
context P has a Document D with an element E that nests another browsing
context C inside it, then C is said to be nested through D, and E is said to
be the browsing context container of C. If the browsing context container
element E is in the Document D, then P is said to be the parent browsing
context of C and C is said to be a child browsing context of P. Otherwise,
the nested browsing context C has no parent browsing context.
https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context

4.8.5 The iframe element
The iframe element represents a nested browsing context.
...
If the srcdoc attribute is specified

Navigate the element's child browsing context to a new response whose
url list consists of about:srcdoc ...

https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc

  • dom/Document.cpp:

(WebCore::Document::initSecurityContext):

Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.

(WebCore::Document::initContentSecurityPolicy):

Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.

(WebCore::shouldInheritSecurityOriginFromOwner): Deleted.

Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.

  • platform/URL.cpp:

(WebCore::URL::shouldInheritSecurityOriginFromOwner):

  • platform/URL.h:

Moved the function from Document and restricted the check to only allow
security origin inheritance for empty, about:blank, and about:srcdoc URLs.

LayoutTests:

  • http/tests/dom/window-open-about-blank-and-access-document-expected.txt: Added.
  • http/tests/dom/window-open-about-blank-and-access-document.html: Added.
  • http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt: Added.
  • http/tests/dom/window-open-about-webkit-org-and-access-document.html: Added.
5:45 PM Changeset in webkit [202150] by jiewen_tan@apple.com
  • 4 edits
    40 moves
    2 adds in trunk/LayoutTests

Move most of CSP tests into security/contentSecurityPolicy/
https://bugs.webkit.org/show_bug.cgi?id=158859

Reviewed by Daniel Bates.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
  • platform/wk2/TestExpectations:
  • security/contentSecurityPolicy/blocks-video-expected.txt: Renamed from LayoutTests/media/csp-blocks-video-expected.txt.
  • security/contentSecurityPolicy/blocks-video.html: Renamed from LayoutTests/media/csp-blocks-video.html.
  • security/contentSecurityPolicy/font-loading-block-all-expected.txt: Renamed from LayoutTests/fast/text/font-loading-csp-block-all-expected.txt.
  • security/contentSecurityPolicy/font-loading-block-all.html: Renamed from LayoutTests/fast/text/font-loading-csp-block-all.html.
  • security/contentSecurityPolicy/image-with-blob-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/image-with-blob-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/image-with-blob-url-blocked-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html.
  • security/contentSecurityPolicy/image-with-blob-url-blocked-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html.
  • security/contentSecurityPolicy/image-with-data-url-allowed-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html.
  • security/contentSecurityPolicy/image-with-data-url-allowed-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html.
  • security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html.
  • security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html: Renamed from LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html.
  • security/contentSecurityPolicy/link-with-blob-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/link-with-blob-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/link-with-blob-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html.
  • security/contentSecurityPolicy/link-with-blob-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html.
  • security/contentSecurityPolicy/link-with-data-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/link-with-data-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/link-with-data-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html.
  • security/contentSecurityPolicy/link-with-data-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html.
  • security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html.
  • security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html: Renamed from LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html.
  • security/contentSecurityPolicy/resources/worker-inherits-blocks-eval.js: Renamed from LayoutTests/fast/workers/resources/worker-inherits-csp-blocks-eval.js.

(catch):

  • security/contentSecurityPolicy/resources/worker-inherits-blocks-xhr.js: Renamed from LayoutTests/fast/workers/resources/worker-inherits-csp-blocks-xhr.js.

(catch):

  • security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html.
  • security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star.html: Renamed from LayoutTests/media/video-with-blob-url-allowed-by-csp-media-src-star.html.
  • security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-data-url-allowed-by-csp-media-src-star-expected.html.
  • security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html: Renamed from LayoutTests/media/video-with-data-url-allowed-by-csp-media-src-star.html.
  • security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Renamed from LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html.
  • security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Renamed from LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html.
  • security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html: Renamed from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html.
  • security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html: Renamed from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
  • security/contentSecurityPolicy/worker-inherits-blocks-eval-expected.txt: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-eval-expected.txt.
  • security/contentSecurityPolicy/worker-inherits-blocks-eval.html: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-eval.html.
  • security/contentSecurityPolicy/worker-inherits-blocks-xhr-expected.txt: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-xhr-expected.txt.
  • security/contentSecurityPolicy/worker-inherits-blocks-xhr.html: Renamed from LayoutTests/fast/workers/worker-inherits-csp-blocks-xhr.html.
5:00 PM Changeset in webkit [202149] by pvollan@apple.com
  • 2 edits in trunk/Tools

[Win] Accessibility implementation unable to recurse through document (sometimes) to find named elements
https://bugs.webkit.org/show_bug.cgi?id=140798

Reviewed by Brent Fulgham.

Make sure layout is up-to-date before trying to find named elements.

  • DumpRenderTree/win/AccessibilityControllerWin.cpp:

(AccessibilityController::rootElement):

4:39 PM Changeset in webkit [202148] by Chris Dumez
  • 9 edits in trunk/Source/WebKit2

[WK2] Improve serialization of SubresourcesEntry to network disk cache
https://bugs.webkit.org/show_bug.cgi?id=158851

Reviewed by Antti Koivisto.

Improve serialization of SubresourcesEntry to network disk cache:

  • Do not bother serializing SubresourceInfo's first party for cookies and HTTP headers data members if the resource is transient. This is because those are never used for transient resources. This patch also makes it so that we do not even bother initializing those data members if the transient flag is set.
  • Update SubresourceInfo::encode() / decode() to encode and decode the HTTPHeaderMap data member with the right NetworkCache::Coder template specialization instead of using directly HTTPHeaderMap::decode() and HTTPHeaderMap::encode(). HTTPHeaderMap::decode() / encode() is unsafe in the disk cache case (see r200394).

Also update entry types as so:

  • "resource" -> "Resource"
  • "subresources" -> "SubResources"

These entry types are used a folder names in the disk cache and other
folder names were capitalized. Antti suggested this was a good time
to harmonize since we're bumping the cache version.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::startSpeculativeRevalidation):

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.h:
  • NetworkProcess/cache/NetworkCacheStorage.h:
  • NetworkProcess/cache/NetworkCacheSubresourcesEntry.cpp:

(WebKit::NetworkCache::SubresourceInfo::encode):
(WebKit::NetworkCache::SubresourceInfo::decode):

  • NetworkProcess/cache/NetworkCacheSubresourcesEntry.h:

(WebKit::NetworkCache::SubresourceInfo::SubresourceInfo):
(WebKit::NetworkCache::SubresourceInfo::isTransient):
(WebKit::NetworkCache::SubresourceInfo::firstPartyForCookies):
(WebKit::NetworkCache::SubresourceInfo::requestHeaders):

4:34 PM Changeset in webkit [202147] by Simon Fraser
  • 4 edits
    4 adds in trunk

Source/WebCore:
[iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
https://bugs.webkit.org/show_bug.cgi?id=158629
rdar://problem/26521616

Reviewed by Enrica Casucci.

When focussing elements in iframes, the page could scroll to an incorrect location.
This happened because code in Element::focus() tried to disable scrolling on focus,
but did so only for the current frame, so ancestor frames got programmatically scrolled.
On iOS we handle the scrolling in the UI process, so never want the web process to
do programmatic scrolling.

Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
rather than manually prohibiting frame scrolling.

Tests: fast/forms/ios/focus-input-in-iframe.html

fast/forms/ios/programmatic-focus-input-in-iframe.html

  • dom/Element.cpp:

(WebCore::Element::focus):

  • history/CachedPage.cpp:

(WebCore::CachedPage::restore):

LayoutTests:
Focus event dispatched in iframe causes parent document to scroll incorrectly
https://bugs.webkit.org/show_bug.cgi?id=158629
rdar://problem/26521616

Reviewed by Enrica Casucci.

Tests for user-initiated and programmatic focus in frames.

  • fast/forms/ios/focus-input-in-iframe-expected.txt: Added.
  • fast/forms/ios/focus-input-in-iframe.html: Added.
  • fast/forms/ios/programmatic-focus-input-in-iframe.html: Added.
  • fast/forms/ios/programmatic-focus-input-in-iframe-expected.txt: Added.
4:27 PM Changeset in webkit [202146] by Alan Bujtas
  • 3 edits
    2 adds in trunk

[New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
https://bugs.webkit.org/show_bug.cgi?id=158854

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/block/inside-inlines/crash-on-first-line-change.html

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::marginCollapseLinesFromStart):

LayoutTests:

  • fast/block/inside-inlines/crash-on-first-line-change-expected.txt: Added.
  • fast/block/inside-inlines/crash-on-first-line-change.html: Added.
4:03 PM Changeset in webkit [202145] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Include cstdlib before using std::atexit
https://bugs.webkit.org/show_bug.cgi?id=158681

Patch by Ting-Wei Lan <Ting-Wei Lan> on 2016-06-16
Reviewed by Brent Fulgham.

  • platform/graphics/PlatformDisplay.cpp:
3:55 PM Changeset in webkit [202144] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
https://bugs.webkit.org/show_bug.cgi?id=158853

Reviewed by Brent Fulgham.

Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
then atomizing it.

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):

3:47 PM Changeset in webkit [202143] by commit-queue@webkit.org
  • 15 edits
    6 adds in trunk

:in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
https://bugs.webkit.org/show_bug.cgi?id=156558

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-06-16
Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

  • web-platform-tests/html/semantics/selectors/pseudo-classes/inrange-outofrange-expected.txt:

One of the previous match was erroneous.
Our results are still very far from being correct. There are several
bugs affecting our range validation.

Source/WebCore:

The pseudo selectors :in-range and :out-of-range should only
apply if:
-minimum/maximum are defined for the input type
-the input value is/is-not suffering from underflow/overflow.

Only certain types have a valid minimum and maximum:
-number
-range
-date
-month
-week
-time
-datetime-local

Of those, only one has a default minimum and maximum: range.
For all the others, the minimum or maximum is only defined
if the min/max attribute is defined and valid.

This patch addresses these constraints for number and range.
The date types range validation is severely broken and is
left untouched. It really needs a clean rewrite.

Tests: fast/css/pseudo-in-range-basics.html

fast/css/pseudo-in-range-out-of-range-trivial.html
fast/css/pseudo-out-of-range-basics.html

  • html/DateInputType.cpp:

(WebCore::DateInputType::createStepRange):

  • html/DateTimeInputType.cpp:

(WebCore::DateTimeInputType::createStepRange):

  • html/DateTimeLocalInputType.cpp:

(WebCore::DateTimeLocalInputType::createStepRange):

  • html/InputType.cpp:

(WebCore::InputType::isInRange):
(WebCore::InputType::isOutOfRange):
Notice the isEmpty() shortcut.
A value can only overflow/underflow if it is not empty.

  • html/MonthInputType.cpp:

(WebCore::MonthInputType::createStepRange):

  • html/NumberInputType.cpp:

(WebCore::NumberInputType::createStepRange):

  • html/RangeInputType.cpp:

(WebCore::RangeInputType::createStepRange):

  • html/StepRange.cpp:

(WebCore::StepRange::StepRange):

  • html/StepRange.h:

(WebCore::StepRange::hasRangeLimitations):

  • html/WeekInputType.cpp:

(WebCore::WeekInputType::createStepRange):

LayoutTests:

  • fast/css/pseudo-in-range-basics-expected.html: Added.
  • fast/css/pseudo-in-range-basics.html: Added.
  • fast/css/pseudo-in-range-out-of-range-trivial-expected.html: Added.
  • fast/css/pseudo-in-range-out-of-range-trivial.html: Added.
  • fast/css/pseudo-out-of-range-basics-expected.html: Added.
  • fast/css/pseudo-out-of-range-basics.html: Added.
3:44 PM Changeset in webkit [202142] by andersca@apple.com
  • 6 edits in trunk/Source

Fix macOS Sierra build
https://bugs.webkit.org/show_bug.cgi?id=158849

Reviewed by Tim Horton.

Source/WebCore:

Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.

Also, add an asLayerContents() getter that will return an id that's suitable for setting
as the contents of a CALayer.

  • platform/graphics/cocoa/IOSurface.h:
  • platform/graphics/cocoa/IOSurface.mm:

Source/WebKit2:

Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class
and adopt IOSurface::asLayerContents().

  • Shared/mac/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::decode):
(WebKit::RemoteLayerBackingStore::bytesPerPixel):
(WebKit::RemoteLayerBackingStore::swapToValidFrontBuffer):
(WebKit::RemoteLayerBackingStore::applyBackingStoreToLayer):
(WebKit::RemoteLayerBackingStore::setBufferVolatility):
(WebKit::RemoteLayerBackingStore::Buffer::discard):

  • UIProcess/mac/ViewSnapshotStore.mm:

(WebKit::ViewSnapshot::create):
(WebKit::ViewSnapshot::ViewSnapshot):
(WebKit::ViewSnapshot::asLayerContents):

3:18 PM Changeset in webkit [202141] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Kraken/stanford-crypto-pbkdf2.js sometimes crashes with an OSR assertion in FTL
https://bugs.webkit.org/show_bug.cgi?id=158850

Reviewed by Keith Miller.

Bytecode liveness was incorrectly claiming that all tail-deleted locals are live! That's
crazy! We never noticed this because extending OSR liveness is usually not a showstopper and
until recently we didn't have a lot of tail-call test cases to play with. Well, we do now,
thanks to the increasing reliance on tail calls in our builtins.

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::localsLiveInBytecode): Fix the bug and add some optional tracing. Also restructure the code so that we don't break to return true, since that's counterintuitive.

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::buildExitArguments): Make this assertion print more useful information.

3:06 PM Changeset in webkit [202140] by beidson@apple.com
  • 5 edits in trunk/Source/WebKit2

When a WebsiteDataStore finds no ProcessPools and creates one from scratch, it should represent the data store's config.
rdar://problem/26586991 and https://bugs.webkit.org/show_bug.cgi?id=158844

Reviewed by Anders Carlsson.

  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithWebsiteDataStoreConfiguration):

  • UIProcess/API/APIProcessPoolConfiguration.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):
(WebKit::WebsiteDataStore::processPools):

  • UIProcess/WebsiteData/WebsiteDataStore.h:
2:47 PM Changeset in webkit [202139] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION(r196217): 3% JSBench regression on iPhone 5.
<https://webkit.org/b/158848>
<rdar://problem/26609622>

Unreviewed rollout.

Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

2:35 PM Changeset in webkit [202138] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r201538): Web Inspector: Border over Allocations Views is too thick
https://bugs.webkit.org/show_bug.cgi?id=158846

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-16
Reviewed by Timothy Hatcher.

  • UserInterface/Views/HeapAllocationsTimelineView.css:

(.timeline-view.heap-allocations > .content-view-container > .content-view): Deleted.

1:41 PM Changeset in webkit [202137] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.37

New tag.

1:39 PM Changeset in webkit [202136] by Chris Dumez
  • 12 edits in trunk

Unreviewed, rolling out r202002 and r202111.

Ryosuke says this was a JSBench regression on iOS

Reverted changesets:

"Make HashMap and HashSet work with Refs"
https://bugs.webkit.org/show_bug.cgi?id=158638
http://trac.webkit.org/changeset/202002

"Improve HashMap and HashSet support for Ref"
https://bugs.webkit.org/show_bug.cgi?id=158789
http://trac.webkit.org/changeset/202111

1:39 PM Changeset in webkit [202135] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

12:50 PM Changeset in webkit [202134] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Unreviewed build fix.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype.createSettings):
"showColumn" -> "setColumnVisible".

12:39 PM Changeset in webkit [202133] by Matt Baker
  • 14 edits in trunk/Source/WebInspectorUI

Web Inspector: DataGrid should manage its own settings
https://bugs.webkit.org/show_bug.cgi?id=158675
<rdar://problem/26761338>

Reviewed by Timothy Hatcher.

Move grid sorting settings (sort order, column identifier) into DataGrid,
removing duplicated code from various views. A new grid method, "createSettings",
takes an identifier which is used as a prefix for naming the grid's settings.

So that the new behavior is easy to use and hard to misuse, default values
for each setting are set to the current value of the associated property.
The result is that:

grid.sortColumnIdentifier = "columnA";
grid.createSettings("myGrid");

will use "columnA" as the default value the first time the setting is created.

  • UserInterface/Views/ApplicationCacheFrameContentView.js:

(WebInspector.ApplicationCacheFrameContentView.prototype._createDataGrid):

  • UserInterface/Views/CookieStorageContentView.js:

(WebInspector.CookieStorageContentView.prototype._rebuildTable):

  • UserInterface/Views/DOMStorageContentView.js:

(WebInspector.DOMStorageContentView):

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype.createSettings):
(WebInspector.DataGrid.prototype.get identifier): Deleted.
(WebInspector.DataGrid.prototype.set identifier): Deleted.
(WebInspector.DataGrid.prototype.set sortOrderSetting): Deleted.
(WebInspector.DataGrid.prototype.set sortColumnIdentifierSetting): Deleted.

  • UserInterface/Views/HeapAllocationsTimelineView.js:

(WebInspector.HeapAllocationsTimelineView):

  • UserInterface/Views/HeapSnapshotContentView.js:

(WebInspector.HeapSnapshotContentView):

  • UserInterface/Views/LayerTreeDetailsSidebarPanel.js:

(WebInspector.LayerTreeDetailsSidebarPanel.prototype._buildDataGridSection):

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):

  • UserInterface/Views/NetworkGridContentView.js:

(WebInspector.NetworkGridContentView):

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):

  • UserInterface/Views/ProfileView.js:

(WebInspector.ProfileView):

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView):

  • UserInterface/Views/ScriptDetailsTimelineView.js:

(WebInspector.ScriptDetailsTimelineView):

11:49 AM Changeset in webkit [202132] by Simon Fraser
  • 14 edits
    6 adds in trunk

[iOS WK2] On iPad, indirect focussing of a text field doesn't always scroll to the correct location
https://bugs.webkit.org/show_bug.cgi?id=158828

Reviewed by Enrica Casucci.

Source/WebKit2:

WebPage::getAssistedNodeInformation() unconditionally set information.selectionRect()
to a 1x1 rect at the last interaction location. This caused -[WKWebView _zoomToFocusRect:...]
to early return under the !forceScroll clause if the last interaction rect was visible, but
the elementRect was not. This would happen, for example, if a click in a <button> focussed
an input on some other portion of the page. This behavior is iPad-only, because forceScroll
is only NO there.

Fix by making getAssistedNodeInformation() only set the selectionRect to the last interaction
location if that is inside of the elementRect (this caters to the case where a tap is inside
an input which is larger than the screen). Otherwise, set it to the empty rect.

Make this testable by allowing a test to opt into the iPad-style scrolling/zooming behavior
in this code path (essentially, making forceScroll NO for testing), via testing SPI on WKWebView,
plumbed through to WKContentView.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView forceIPadStyleZoomOnInputFocus]):
(-[WKWebView setForceIPadStyleZoomOnInputFocus:]):

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _displayFormNodeInputView]):
(-[WKContentView requiresAccessoryView:]):
(-[WKContentView inputAccessoryView]):
(-[WKContentView forceIPadStyleZoomOnInputFocus]):
(-[WKContentView setForceIPadStyleZoomOnInputFocus:]):
(-[WKContentView requiresAccessoryView]): Remove redundant returns, and allow testing to
override the "isIPad" condition.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getAssistedNodeInformation):

Tools:

Expose "forceIPadStyleZoomOnInputFocus" on UIScriptController, which allows iPad-style
zooming behavior on <input> focus in the iPhone simulator, which is used for testing.

  • WebKitTestRunner/UIScriptContext/Bindings/UIScriptController.idl:
  • WebKitTestRunner/UIScriptContext/UIScriptController.cpp:

(WTR::UIScriptController::forceIPadStyleZoomOnInputFocus):
(WTR::UIScriptController::setForceIPadStyleZoomOnInputFocus):

  • WebKitTestRunner/UIScriptContext/UIScriptController.h:
  • WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::platformResetStateToConsistentValues):

  • WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::forceIPadStyleZoomOnInputFocus):
(WTR::UIScriptController::setForceIPadStyleZoomOnInputFocus):

LayoutTests:

Add various tests for focusing form fields. focus-input-via-button-ipad.html tests
the change in the current patch.

  • fast/forms/ios/focus-input-in-fixed-expected.txt: Added.
  • fast/forms/ios/focus-input-in-fixed.html: Added.
  • fast/forms/ios/focus-input-via-button-ipad-expected.txt: Added.
  • fast/forms/ios/focus-input-via-button-ipad.html: Added.
  • fast/forms/ios/focus-long-textarea-expected.txt: Added.
  • fast/forms/ios/focus-long-textarea.html: Added.
  • fast/forms/ios/resources/zooming-test-utils.js:

(testZoomAfterTap):

11:25 AM Changeset in webkit [202131] by mark.lam@apple.com
  • 8 edits in trunk/Source/JavaScriptCore

Add collecting of LLINT slow path stats.
https://bugs.webkit.org/show_bug.cgi?id=158829

Reviewed by Keith Miller.

  • llint/LLIntData.cpp:

(JSC::LLInt::Data::dumpStats):

  • llint/LLIntData.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
11:12 AM Changeset in webkit [202130] by adam.bergkvist@ericsson.com
  • 5 edits
    2 adds in trunk

WebRTC: Check type of this in RTCPeerConnection JS built-in functions
https://bugs.webkit.org/show_bug.cgi?id=151303

Reviewed by Youenn Fablet.

Source/WebCore:

Check type of 'this' in RTCPeerConnection JS built-in functions.

Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html

  • Modules/mediastream/RTCPeerConnection.js:

(createOffer):
(createAnswer):
(setLocalDescription):
(setRemoteDescription):
(addIceCandidate):
(getStats):
Reject if 'this' isn't of type RTCPeerConnection.

  • Modules/mediastream/RTCPeerConnectionInternals.js:

(isRTCPeerConnection):
Add helper function to perform type check. Needs further robustifying.

LayoutTests:

Verify that the RTCPeerConnection JS built-in methods checks 'this'. The test has expected
failures (bug: http://webkit.org/b/158831).

  • fast/mediastream/RTCPeerConnection-js-built-ins-check-this-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html: Added.
  • platform/mac/TestExpectations:

The mac port does not build with WEB_RTC enabled yet.

10:54 AM Changeset in webkit [202129] by weinig@apple.com
  • 15 edits
    1 add in trunk

Forward/Back keyboard shortcuts need to flip for RTL
https://bugs.webkit.org/show_bug.cgi?id=158823
<rdar://problem/25975359>

Reviewed by Darin Adler.

Source/WebKit2:

Pipe the UserInterfaceLayoutDirection down to the WebContentProcess on initialization
and when it changes, and use it to flip the behavior of command-left and command-right
when in RTL mode.

Tests:

WebKit2_CommandBackForwardTestWKView.LTR
WebKit2_CommandBackForwardTestWKView.RTL
WebKit2_CommandBackForwardTestWKWebView.LTR
WebKit2_CommandBackForwardTestWKWebView.RTL

  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _webViewPrintFormatter]):
(-[WKWebView setSemanticContentAttribute:]):
(-[WKWebView _printOperationWithPrintInfo:forFrame:]):
(-[WKWebView setUserInterfaceLayoutDirection:]):

  • UIProcess/API/mac/WKView.mm:

(-[WKView setUserInterfaceLayoutDirection:]):

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::windowIsFrontWindowUnderMouse):
(WebKit::toUserInterfaceLayoutDirection):
(WebKit::WebViewImpl::userInterfaceLayoutDirection):
(WebKit::WebViewImpl::setUserInterfaceLayoutDirection):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::userInterfaceLayoutDirection):
(WebKit::WebPageProxy::setUserInterfaceLayoutDirection):

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::hasHadSelectionChangesFromUserInteraction):

  • UIProcess/ios/WKContentView.mm:

(-[WKContentView _commonInitializationWithProcessPool:configuration:]):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::m_userInterfaceLayoutDirection):
(WebKit::WebPage::setResourceCachingDisabled):
(WebKit::WebPage::setUserInterfaceLayoutDirection):
(WebKit::m_shouldDispatchFakeMouseMoveEvents): Deleted.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performNonEditingBehaviorForSelector):

Tools:

Add tests for flipping the behavior of command-left and command-right
under RTL mode.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/CommandBackForward.mm: Added.

(-[CommandBackForwardOffscreenWindow isKeyWindow]):
(-[CommandBackForwardOffscreenWindow isVisible]):
(simulateCommandArrow):
(WebKit2_CommandBackForwardTest::SetUp):
(WebKit2_CommandBackForwardTestWKView::didFinishLoadForFrame):
(WebKit2_CommandBackForwardTestWKView::SetUp):
(WebKit2_CommandBackForwardTestWKView::loadFiles):
(-[CommandBackForwardNavigationDelegate webView:didFinishNavigation:]):
(WebKit2_CommandBackForwardTestWKWebView::SetUp):
(WebKit2_CommandBackForwardTestWKWebView::loadFiles):

10:43 AM Changeset in webkit [202128] by dino@apple.com
  • 2 edits in trunk/LayoutTests

[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158816

Another attempt to deflake this test. Or is it unflake? I don't know.

  • transforms/undecomposable.html:
10:10 AM Changeset in webkit [202127] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
https://bugs.webkit.org/show_bug.cgi?id=158297

Reviewed by Darin Adler.

Source/WebCore:

In an effort to reduce the flash of unstyled content, we force all elements
to have display: none during an external stylesheet load. We do this by
ignoring the CSS cascade and forcing all elements to have a placeholder style
which hardcodes display: none. (This is necessary to make elements created by
script during the stylesheet load not flash.)

This style is exposed to web content via getComputedStyle(), which means it
needs to maintain the invariant that font-families can never be null strings.
We enforce this by forcing the font-family to be the standard font name.

Test: fast/text/placeholder-renderstyle-null-font.html

  • style/StyleTreeResolver.cpp:

(WebCore::Style::ensurePlaceholderStyle):

LayoutTests:

  • fast/text/placeholder-renderstyle-null-font-expected.txt: Added.
  • fast/text/placeholder-renderstyle-null-font.html: Added.
9:32 AM Changeset in webkit [202126] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
https://bugs.webkit.org/show_bug.cgi?id=158827

Reviewed by Darin Adler.

Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
implementation has a fast path which gets the internal characters
of the CFStringRef when possible and constructs a StringView for
it in order to call findHTTPHeaderName(). As a result, we avoid
allocating a temporary String when findHTTPHeaderName() succeeds.

This new HTTPHeaderMap::set() overload is called from both the
CF and Cocoa implementations of ResourceResponse::platformLazyInit().

I have confirmed locally on both Mac and iOS that the fast path
is used ~93% of the time. CFStringGetCStringPtr() returns null in
rare cases, causing the regular code path to be used.

  • platform/network/HTTPHeaderMap.cpp:

(WebCore::HTTPHeaderMap::set):

  • platform/network/HTTPHeaderMap.h:

Jun 15, 2016:

11:01 PM Changeset in webkit [202125] by keith_miller@apple.com
  • 56 edits
    5 adds in trunk

Add support for Symbol.isConcatSpreadable (round 2)
https://bugs.webkit.org/show_bug.cgi?id=158769

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to
do so, it was necessary to move the Array.prototype.concat function
to JS. A number of different optimizations were needed to make
such the move to a builtin performant. First, this patch adds a
new Bytecode intrinsic, isJSArray, that checks if the value is a
JSArray object. Specifically, isJSArray checks that the array
object is a normal instance of JSArray and not a RuntimeArray or
Array.prototype. isJSArray can also be converted into a constant
by the DFG if we are able to prove that the incomming value is
already a JSArray.

In order to further improve the perfomance we also now cover more
indexing types in our fast path memcpy code. Before we would only
memcpy Arrays if they had the same indexing type and did not have
Array storage or were undecided. Now the memcpy code covers the
following additional three cases:

1) One array is undecided and the other does not have array storage

2) One array is Int32 and the other is contiguous (we map this
into a contiguous array).

3) The this value is an array and first argument is a non-array
that does not have Symbol.isConcatSpreadable set.

This patch also adds a new fast path for concat with more than one
array argument by using memcpy to append values onto the result
array. This works roughly the same as the two array fast path
using the same methodology to decide if we can memcpy the other
butterfly into the result butterfly.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/ArrayPrototype.js:

(concatSlowPath):
(concat):

  • bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):

  • bytecode/BytecodeIntrinsicRegistry.h:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitIsJSArray):

  • bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_isJSArray):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::isArray):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_is_jsarray):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_is_jsarray):

  • jit/JITOperations.h:
  • llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/ArrayConstructor.h:

(JSC::isArrayConstructor):

  • runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation):
(JSC::speciesWatchpointsValid):
(JSC::speciesConstructArray):
(JSC::moveElements):
(JSC::concatAppendOne):
(JSC::arrayProtoFuncConcat): Deleted.

  • runtime/ArrayPrototype.h:
  • runtime/CommonIdentifiers.h:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/IndexingType.h:

(JSC::indexingTypeForValue):

  • runtime/JSArray.cpp:

(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.

  • runtime/JSArray.h:

(JSC::JSArray::createStructure):
(JSC::isJSArray):
(JSC::JSArray::fastConcatType): Deleted.

  • runtime/JSArrayInlines.h: Added.

(JSC::JSArray::mergeIndexingTypeForCopying):
(JSC::JSArray::canFastCopy):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSObject.cpp:

(JSC::JSObject::convertUndecidedForValue):

  • runtime/JSType.h:
  • runtime/ObjectConstructor.h:

(JSC::constructObject):

  • tests/es6.yaml:
  • tests/stress/array-concat-spread-object.js: Added.

(arrayEq):

  • tests/stress/array-concat-spread-proxy-exception-check.js: Added.

(arrayEq):

  • tests/stress/array-concat-spread-proxy.js: Added.

(arrayEq):

  • tests/stress/array-concat-with-slow-indexingtypes.js: Added.

(arrayEq):

  • tests/stress/array-species-config-array-constructor.js:

LayoutTests:

Fix tests for Symbol.isConcatSpreadable. Also, add new test that
the array species construction does not use the callees' global
object's Array[Symbol.species] when given an array from another
global object.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/array-species-different-globalobjects.html:
  • js/dom/array-prototype-properties-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
9:41 PM Changeset in webkit [202124] by mark.lam@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Assertion failure when returning incomplete property descriptor from proxy trap.
https://bugs.webkit.org/show_bug.cgi?id=157078

Reviewed by Saam Barati.

If the proxy returns a descriptor that expects a value but does not specify one,
we should use undefined for the value.

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):

  • tests/stress/proxy-returning-incomplete-property-descriptor.js: Added.

(truthiness):
(compare):
(shouldBe):
(test):
(get test):

8:30 PM Changeset in webkit [202123] by Alan Bujtas
  • 6 edits
    2 copies
    2 adds in trunk

Decouple the percent height and positioned descendants maps.
https://bugs.webkit.org/show_bug.cgi?id=158773

Reviewed by David Hyatt and Chris Dumez.

Source/WebCore:

We track renderers with percent height across multiple containers using
HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
We also use the same data structure to track positioned descendants.
However a positioned renderer can have only one containing block so tracking it
with a 1:many type is defective.
It allows multiple inserts for positioned descendants, which could lead to
inconsistent layout state as the rendering logic expects these type of renderers
with only one containing block.
This patch decouples percent height and positioned tracking by introducing
the PositionedDescendantsMap class. This class is responsible for tracking
the positioned descendants inbetween layouts.

No change in functionality.

Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html

fast/block/positioning/change-containing-block-for-fixed-positioned.html

  • rendering/RenderBlock.cpp:

(WebCore::insertIntoTrackedRendererMaps):
(WebCore::removeFromTrackedRendererMaps):
(WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
to the double insert branch when webkit.org/b/158772 gets fixed.
(WebCore::PositionedDescendantsMap::removeDescendant):
(WebCore::PositionedDescendantsMap::removeContainingBlock):
(WebCore::PositionedDescendantsMap::positionedRenderers):
(WebCore::positionedDescendantsMap):
(WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
(WebCore::RenderBlock::~RenderBlock):
(WebCore::RenderBlock::positionedObjects):
(WebCore::RenderBlock::insertPositionedObject):
(WebCore::RenderBlock::removePositionedObject):
(WebCore::RenderBlock::addPercentHeightDescendant):
(WebCore::RenderBlock::removePercentHeightDescendant):
(WebCore::RenderBlock::percentHeightDescendants):
(WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
(WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.

  • rendering/RenderBlock.h:

LayoutTests:

Various dynamic containing block changing tests.

  • fast/block/fixed-position-reparent-when-transition-is-removed.html:
  • fast/block/positioning/change-containing-block-for-absolute-positioned-expected.txt: Added.
  • fast/block/positioning/change-containing-block-for-absolute-positioned.html: Added.
  • fast/block/positioning/change-containing-block-for-fixed-positioned-expected.txt: Added.
  • fast/block/positioning/change-containing-block-for-fixed-positioned.html: Added.
8:22 PM Changeset in webkit [202122] by ddkilzer@apple.com
  • 3 edits
    1 move in trunk/Source/WebCore

Move SoftLinking.h to platform/cococa from platform/mac
<https://webkit.org/b/158825>

Reviewed by Andy Estes.

  • PlatformMac.cmake: Update for new directory.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • platform/cocoa/SoftLinking.h: Renamed from Source/WebCore/platform/mac/SoftLinking.h.
7:59 PM Changeset in webkit [202121] by Chris Dumez
  • 6 edits in trunk/Source

[Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
https://bugs.webkit.org/show_bug.cgi?id=158809

Reviewed by Darin Adler.

Source/WebCore:

Clean up / optimize ResourceResponse::platformLazyInit(InitLevel).

  • platform/network/HTTPParsers.cpp:

(WebCore::extractReasonPhraseFromHTTPStatusLine):

  • platform/network/HTTPParsers.h:

Have extractReasonPhraseFromHTTPStatusLine() return an AtomicString as the
Reason is stored as an AtomicString on ResourceResponse. Have the
implementation use StringView::subString()::toAtomicString().

  • platform/network/cocoa/ResourceResponseCocoa.mm:

(WebCore::stripLeadingAndTrailingDoubleQuote):
Move the stripLeadingAndTrailingDoubleQuote logic from platformLazyInit()
to its own function. Have it use StringView::subString()::toAtomicString()
to avoid unnecessarily atomizing the textEncodingName that has surrounding
double-quotes.

(WebCore::initializeHTTPHeaders):
Move HTTP headers initialization to its own function for clarity.

(WebCore::extractHTTPStatusText):
Move HTTP status Text extraction to its own function for clarity.

(WebCore::ResourceResponse::platformLazyInit):

  • The function is streamlined a bit because most of the logic was moved into separate functions.
  • Drop unnecessary (initLevel >= CommonFieldsOnly) check in the first if case and replace with an assertion. This function is always called with CommonFieldsOnly or above (AllFields).
  • Drop unnecessary (m_initLevel < AllFields) check in the second if case as this is always true. If not, we would have returned early at the beginning of the function when checking m_initLevel >= initLevel.
  • Use AutodrainedPool instead of NSAutoreleasePool for convenience and have only 1 pool instead of 2.
  • Drop unnecessary copyNSURLResponseStatusLine() function and call directly CFHTTPMessageCopyResponseStatusLine() since we already have a CFHTTPMessageRef at the call site.

Source/WTF:

Add toAtomicString() method to StringView to avoid having to call toString()
and then atomizing the String at call sites.

  • wtf/text/StringView.h:

(WTF::StringView::toAtomicString):

7:20 PM Changeset in webkit [202120] by timothy_horton@apple.com
  • 5 edits in trunk

Expose _shouldExpandContentToViewHeightForAutoLayout SPI on WKWebView
https://bugs.webkit.org/show_bug.cgi?id=158824
<rdar://problem/23713857>

Reviewed by Simon Fraser.

Test: TestWebKitAPI/WebKit2.AutoLayoutIntegration

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _shouldExpandContentToViewHeightForAutoLayout]):
(-[WKWebView _setShouldExpandContentToViewHeightForAutoLayout:]):

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:

This property exists on WKView; expose it on WKWebView.

  • TestWebKitAPI/Tests/WebKit2Cocoa/AutoLayoutIntegration.mm:

(-[AutoLayoutWKWebView load:withWidth:expectingContentSize:]):
(-[AutoLayoutWKWebView load:withWidth:expectingContentSize:resettingWidth:]):
(-[AutoLayoutWKWebView layoutAtMinimumWidth:andExpectContentSizeChange:resettingWidth:]):
(TEST):
Add a test for _shouldExpandContentToViewHeightForAutoLayout.

6:28 PM Changeset in webkit [202119] by achristensen@apple.com
  • 3 edits in trunk/Source/WebKit2

Revert part of r196034
https://bugs.webkit.org/show_bug.cgi?id=158805
rdar://problem/26788138

Reviewed by Dan Bernstein.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::~NetworkLoad):
If the WebResourceLoader was destroyed and received a canAuthenticateAgainstProtectionSpace
but did not send a continueCanAuthenticateAgainstProtectionSpace answer because there's no
core loader, then the NetworkLoad will be destroyed. When this happens, we still need to call
the callback for the challenge.

  • WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::canAuthenticateAgainstProtectionSpace):
If there's no core loader, we can't send IPC.

6:22 PM Changeset in webkit [202118] by ap@apple.com
  • 2 edits in trunk/Source/WebKit/mac

+[WebHTMLRepresentation supportedMIMETypes] leaks
https://bugs.webkit.org/show_bug.cgi?id=158683

Reviewed by Darin Adler.

The problem occurred when chaining newArrayByConcatenatingArrays calls.

Also refactored the code to avoid returning NSMutableArrays disguised as NSArrays,
and removed unsafe_unretained modifiers that were added in http://trac.webkit.org/r149453
for no apparent reason.

  • WebView/WebHTMLRepresentation.mm:

(newArrayWithStrings):
(+[WebHTMLRepresentation supportedMIMETypes]):
(+[WebHTMLRepresentation supportedMediaMIMETypes]):
(+[WebHTMLRepresentation supportedNonImageMIMETypes]):
(+[WebHTMLRepresentation supportedImageMIMETypes]):
(+[WebHTMLRepresentation unsupportedTextMIMETypes]):
(newArrayByConcatenatingArrays): Deleted.

6:14 PM Changeset in webkit [202117] by timothy_horton@apple.com
  • 7 edits
    2 adds in trunk

<attachment> elements jump around a lot around when subtitle text changes slightly
https://bugs.webkit.org/show_bug.cgi?id=158818
<rdar://problem/24450270>

Reviewed by Simon Fraser.

Test: fast/attachment/attachment-subtitle-resize.html

  • rendering/RenderAttachment.cpp:

(WebCore::RenderAttachment::layout):

  • rendering/RenderAttachment.h:
  • rendering/RenderThemeMac.mm:

(WebCore::AttachmentLayout::AttachmentLayout):
(WebCore::RenderThemeMac::paintAttachment):
In order to avoid changes to the centered subtitle text causing the whole
attachment to bounce around a lot, make it so that attachment width can only
increase, never decrease, and round the subtitle's width up to the nearest
increment of 10px when determining its affect on the whole element's width.
Also, center the attachment in its element, instead of left-aligning it,
so that the extra width we may have is evenly distributed between the two sides.

  • fast/attachment/attachment-subtitle-resize-expected.txt: Added.
  • fast/attachment/attachment-subtitle-resize.html: Added.
4:44 PM Changeset in webkit [202116] by Simon Fraser
  • 10 edits
    2 adds in trunk

[iOS WK2] Make it possible to test the Next/Previous buttons in the keyboard accessory bar
https://bugs.webkit.org/show_bug.cgi?id=158714

Reviewed by Enrica Casucci.

Add UIScriptController.keyboardAccessoryBar{Next,Previous} and hook it up to the WKContentView
method that gets called from UIKit.

Add a test that exercises it.

Source/WebKit2:

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView keyboardAssistantBarNext]):
(-[WKWebView keyboardAssistantBarPrevious]):

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:

Tools:

  • WebKitTestRunner/UIScriptContext/Bindings/UIScriptController.idl:
  • WebKitTestRunner/UIScriptContext/UIScriptController.cpp:

(WTR::UIScriptController::keyboardAccessoryBarNext):
(WTR::UIScriptController::keyboardAccessoryBarPrevious):

  • WebKitTestRunner/UIScriptContext/UIScriptController.h:
  • WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::keyboardAccessoryBarNext):
(WTR::UIScriptController::keyboardAccessoryBarPrevious):

LayoutTests:

  • TestExpectations:
  • fast/forms/ios/accessory-bar-navigation-expected.txt: Added.
  • fast/forms/ios/accessory-bar-navigation.html: Added.
  • fast/forms/ios/resources/zooming-test-utils.js: Added.

(testZoomAfterTap):
(tableFromJSON):

  • platform/ios-simulator-wk2/TestExpectations:
4:34 PM Changeset in webkit [202115] by dino@apple.com
  • 2 edits in trunk/LayoutTests

[mac] LayoutTest transforms/undecomposable.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=158816

Unflakify this test by putting the script in a place that
will execute it before the load event (by which time the animation
may have started).

  • transforms/undecomposable.html:
4:07 PM Changeset in webkit [202114] by Simon Fraser
  • 2 edits
    11 adds in trunk/LayoutTests

[iOS WK2] Add tests for zooming to text fields on focus
https://bugs.webkit.org/show_bug.cgi?id=158786

Reviewed by Enrica Casucci.

Add tests that focus form controls, and test the resulting scroll position and zoom level.

  • TestExpectations:
  • fast/forms/ios/focus-input-via-button-expected.txt: Added.
  • fast/forms/ios/focus-input-via-button-no-scaling-expected.txt: Added.
  • fast/forms/ios/focus-input-via-button-no-scaling.html: Added.
  • fast/forms/ios/focus-input-via-button.html: Added.
  • fast/forms/ios/resources/zooming-test-utils.js: Added.

(testZoomAfterTap):
(tableFromJSON):

  • fast/forms/ios/zoom-after-input-tap-expected.txt: Added.
  • fast/forms/ios/zoom-after-input-tap-wide-input-expected.txt: Added.
  • fast/forms/ios/zoom-after-input-tap-wide-input.html: Added.
  • fast/forms/ios/zoom-after-input-tap.html: Added.
  • platform/ios-simulator-wk2/TestExpectations:
3:37 PM Changeset in webkit [202113] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Unreviewed, fix typo in test and move tests to the correct files.

  • tests/stress/multi-get-by-offset-proto-or-unset.js:
  • tests/stress/multi-get-by-offset-proto-self-or-unset.js:
3:14 PM Changeset in webkit [202112] by dino@apple.com
  • 4 edits in trunk/Source

RTL <select> forms are misplaced
https://bugs.webkit.org/show_bug.cgi?id=158810
<rdar://problem/24847541>

Reviewed by Eric Carlson.

AppKit made a change in Sierra that causes popup menus
to snap to a different point when the system language is RTL.
We need to be more explicit about what directionality
we want, and override the location of the popup based
on the text direction.

I also made a small tweak to the fudge offsets we use
in order to make button text and menu text to be
more consistent.

Unfortunately since this is just about the location
of the popup menu, it's unable to be tested in our
current infrastructure.

Source/WebKit/mac:

  • WebCoreSupport/PopupMenuMac.mm:

(PopupMenuMac::show):

Source/WebKit2:

  • UIProcess/mac/WebPopupMenuProxyMac.mm:

(WebKit::WebPopupMenuProxyMac::showPopupMenu):

3:07 PM Changeset in webkit [202111] by commit-queue@webkit.org
  • 8 edits in trunk

Improve HashMap and HashSet support for Ref
https://bugs.webkit.org/show_bug.cgi?id=158789

Patch by Sam Weinig <sam@webkit.org> on 2016-06-15
Reviewed by Chris Dumez.

Source/WTF:

Tests: Add more cases to WTF_HashMap.Ref_Key, WTF_HashMap.Ref_Value and WTF_HashSet.Ref

  • wtf/HashMap.h:
  • wtf/HashSet.h:

Add a MappedTakeType typedef and rework the take functions to use it and HashTraits::take(...).

  • wtf/HashTraits.h:

(WTF::GenericHashTraits::assignToEmpty):
Move to GenericHashTraits rather than GenericHashTraitsBase, since it is not different
between integral and non-integral HashTraits.

(WTF::GenericHashTraits::take):
Add a trait function for take that defaults as a forward. This allows us to override take
just like we do with get/peek.

(WTF::HashTraits<Ref<P>>::emptyValue):
Remove unnecessary explicit construction.

(WTF::HashTraits<Ref<P>>::peek):
Fix assertion that could happen if you did a HashMap.get() on an empty Ref value.

(WTF::HashTraits<Ref<P>>::take):
Make the TakeType of a Ref<P> be Optional<Ref<P>>, to avoid having empty
Refs returned from HashMap and HashSet. Implement an explicit take() function to
construct one.

(WTF::HashTraits<Ref<P>>::customDeleteBucket): Deleted.
Remove unnecessary customDeleteBucket implementation. Ref does not assign nullptr to
it's m_ptr in destruction, so there is no dead store to avoid here.

  • wtf/Ref.h:

(WTF::Ref::ptrAllowingHashTableEmptyValue):
Add HashTrait helper to allow getting the value of m_ptr even when it is null. This
allows us to avoid a branch in HashTraits<Ref<P>>::peek().

Tools:

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:
  • TestWebKitAPI/Tests/WTF/HashSet.cpp:

Add more cases to WTF_HashMap.Ref_Key, WTF_HashMap.Ref_Value and WTF_HashSet.Ref

2:56 PM Changeset in webkit [202110] by Ryan Haddad
  • 2 edits in trunk/Source/WebCore

Reset bindings test results after r202105

Unreviewed test gardening.

  • bindings/scripts/test/JS/JSTestObj.cpp:
2:27 PM Changeset in webkit [202109] by adam.bergkvist@ericsson.com
  • 2 edits in trunk/Source/WebCore

WebRTC: (Refactor) Align the structure of RTCPeerConnection.idl with the header file
https://bugs.webkit.org/show_bug.cgi?id=158779

Reviewed by Eric Carlson.

Restructure RTCPeerConnection.idl to make it easer to read and extend in the future.

No change in behavior.

  • Modules/mediastream/RTCPeerConnection.idl:
2:27 PM Changeset in webkit [202108] by adam.bergkvist@ericsson.com
  • 2 edits
    2 adds in trunk/LayoutTests

WebRTC: Add media setup test using the legacy callback APIs
https://bugs.webkit.org/show_bug.cgi?id=158736

Reviewed by Eric Carlson.

Add a test that sets up media using the legacy callback-based createOffer/Answer() and
setLocal/RemoteDescription() methods [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#legacy-interface-extensions

  • fast/mediastream/RTCPeerConnection-media-setup-callbacks-single-dialog-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-media-setup-callbacks-single-dialog.html: Added.
  • platform/mac/TestExpectations:

The mac port is not building with WEB_RTC yet.

2:25 PM Changeset in webkit [202107] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Too much log data generated during layout-tests on iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=158751

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.developer_dir): memoized the property so that it is not called
repeatedly.

2:15 PM Changeset in webkit [202106] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Uncaught Exception: TypeError: undefined is not an object (evaluating 'imageElement.classList')
https://bugs.webkit.org/show_bug.cgi?id=158808
<rdar://problem/26821034>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-15
Reviewed by Brian Burg.

  • UserInterface/Views/HeapAllocationsTimelineOverviewGraph.js:

(WebInspector.HeapAllocationsTimelineOverviewGraph.prototype._updateSnapshotMarkers):
If the record is out of the layout bounds of the overview graph, the overview graph
may not have created an image element yet, so bail. Later, when the image element
is created, it would get the appropriate style if the record is selected.

1:59 PM Changeset in webkit [202105] by Chris Dumez
  • 99 edits in trunk/Source

Drop some unnecessary header includes
https://bugs.webkit.org/show_bug.cgi?id=158788

Reviewed by Alexey Proskuryakov.

Drop some unnecessary header includes in headers to speed up build time.

Source/WebCore:

  • Modules/encryptedmedia/MediaKeySession.cpp:
  • Modules/gamepad/GamepadManager.cpp:
  • Modules/indexeddb/IDBDatabase.cpp:
  • Modules/indexeddb/IDBOpenDBRequest.cpp:
  • Modules/indexeddb/IDBRequest.cpp:
  • Modules/indexeddb/IDBTransaction.cpp:
  • Modules/mediasource/MediaSource.cpp:
  • Modules/mediasource/SourceBuffer.cpp:
  • Modules/mediasource/SourceBufferList.cpp:
  • Modules/mediastream/MediaStream.cpp:
  • Modules/mediastream/MediaStreamTrack.cpp:
  • Modules/speech/SpeechSynthesis.cpp:
  • Modules/webaudio/AudioScheduledSourceNode.cpp:
  • Modules/webaudio/ScriptProcessorNode.cpp:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

  • dom/CharacterData.cpp:
  • dom/ContainerNode.cpp:
  • dom/DOMNamedFlowCollection.cpp:
  • dom/DeviceMotionController.cpp:
  • dom/DeviceOrientationController.cpp:
  • dom/Document.cpp:
  • dom/Document.h:
  • dom/DocumentEventQueue.cpp:
  • dom/DocumentOrderedMap.h:
  • dom/Element.cpp:
  • dom/Event.cpp:
  • dom/EventDispatcher.cpp:
  • dom/EventTarget.cpp:
  • dom/EventTarget.h:
  • dom/KeyboardEvent.cpp:
  • dom/MessageEvent.cpp:
  • dom/MessagePort.cpp:
  • dom/ScriptElement.cpp:
  • dom/ScriptExecutionContext.cpp:
  • dom/ScriptExecutionContext.h:
  • dom/SecurityContext.h:
  • dom/SimulatedClick.cpp:
  • dom/TextEvent.cpp:
  • dom/WebKitNamedFlow.cpp:
  • editing/FrameSelection.cpp:
  • fileapi/FileReader.cpp:
  • html/HTMLLinkElement.cpp:
  • html/HTMLPlugInImageElement.cpp:
  • html/HTMLStyleElement.cpp:
  • html/HTMLSummaryElement.cpp:
  • html/HTMLTrackElement.cpp:
  • html/HTMLVideoElement.cpp:
  • html/InputType.cpp:
  • html/MediaController.cpp:
  • html/TextFieldInputType.cpp:
  • html/canvas/WebGLRenderingContextBase.cpp:
  • html/parser/HTMLScriptRunner.cpp:
  • html/shadow/MediaControlElementTypes.cpp:
  • html/shadow/MediaControls.cpp:
  • html/shadow/MediaControlsApple.cpp:
  • html/shadow/SliderThumbElement.cpp:
  • html/shadow/mac/ImageControlsButtonElementMac.cpp:
  • inspector/InspectorIndexedDBAgent.cpp:
  • loader/DocumentLoader.cpp:
  • loader/ImageLoader.cpp:
  • loader/PolicyChecker.cpp:
  • mathml/MathMLSelectElement.cpp:
  • page/DOMWindow.h:
  • page/EventSource.cpp:
  • page/FrameView.cpp:
  • page/Performance.cpp:
  • page/csp/ContentSecurityPolicy.cpp:
  • platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
  • platform/network/HTTPHeaderMap.h:
  • platform/network/ResourceHandle.cpp:
  • rendering/RenderEmbeddedObject.cpp:
  • rendering/RenderSnapshottedPlugIn.cpp:
  • svg/SVGSVGElement.cpp:
  • svg/SVGUseElement.cpp:
  • svg/animation/SVGSMILElement.cpp:
  • workers/WorkerGlobalScope.h:
  • xml/XMLHttpRequest.cpp:
  • xml/XMLHttpRequestProgressEventThrottle.cpp:
  • xml/XMLHttpRequestUpload.cpp:

Source/WebKit/mac:

  • WebCoreSupport/WebFrameLoaderClient.mm:

Source/WebKit/win:

  • Plugins/PluginView.cpp:

Source/WebKit2:

  • WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:
  • WebProcess/Plugins/PDF/PDFPluginAnnotation.mm:
  • WebProcess/Plugins/PDF/PDFPluginPasswordField.mm:
  • WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:
  • WebProcess/Plugins/PluginView.cpp:
  • WebProcess/WebPage/WebPage.cpp:
1:52 PM Changeset in webkit [202104] by Antti Koivisto
  • 7 edits in trunk

GoogleMaps transit schedule explorer comes up blank initially
https://bugs.webkit.org/show_bug.cgi?id=158803
rdar://problem/25818080

Source/WebCore:

Reviewed by Andreas Kling.

In case we had something like

.foo bar { ... }

and later a new stylesheet was added dynamically that contained

.foo baz { ... }

we would fail to add the new rules to the descendant invalidation rule sets for ".foo". This could
cause some style invalidations to be missed.

  • css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::collectFeatures):

Reset the ancestorClassRules and ancestorAttributeRulesForHTML rule set caches when new style sheets
are added (==collectFeatures is called).

LayoutTests:

Reviewed by Andreas Kling

Expand the tests to cover this case.

  • fast/css/style-invalidation-attribute-change-descendants-expected.txt:
  • fast/css/style-invalidation-attribute-change-descendants.html:
  • fast/css/style-invalidation-class-change-descendants-expected.txt:
  • fast/css/style-invalidation-class-change-descendants.html:
1:48 PM Changeset in webkit [202103] by jfernandez@igalia.com
  • 3 edits
    2 adds in trunk

[css-sizing] Item borders are missing with 'min-width:-webkit-fill-available' and zero available width
https://bugs.webkit.org/show_bug.cgi?id=158258

Source/WebCore:

Reviewed by Darin Adler.

The "fill-available" size is defined as the containing block's size less
the box's border and padding size. However, when used for min-width we
should ensure we don't get negative values as result of logical width
computation.

http://www.w3.org/TR/css-sizing-3/#fill-available-sizing

This patch ensure fill-available value computed value will be always
greater than box's boder and padding width.

Test: fast/css-intrinsic-dimensions/fill-available-with-zero-width.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeIntrinsicLogicalWidthUsing):

LayoutTests:

Tests to verify that fill-available size works as expected when contaner's width is zero.

Reviewed by Darin Adler.

  • fast/css-intrinsic-dimensions/fill-available-with-zero-width-expected.html: Added.
  • fast/css-intrinsic-dimensions/fill-available-with-zero-width.html: Added.
12:41 PM Changeset in webkit [202102] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

Fix 2d canvas transform after r192900
https://bugs.webkit.org/show_bug.cgi?id=158725
Source/WebCore:

rdar://problem/26774230

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-15
Reviewed by Dean Jackson.

Test: fast/canvas/canvas-transform-inverse.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::transform):
r192900 was intended to have no change in behavior, but I made a typo.
We need to apply the inverse of the original transform to the path to be correct.
This affects transforms applied to the canvas during the creation of a path.

LayoutTests:

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-15
Reviewed by Dean Jackson.

  • fast/canvas/canvas-transform-inverse-expected.html: Added.
  • fast/canvas/canvas-transform-inverse.html: Added.
12:40 PM Changeset in webkit [202101] by keith_miller@apple.com
  • 3 edits
    3 adds in trunk/Source/JavaScriptCore

DFGByteCodeParser should be able to infer the value of unset properties in MultiGetByOffset
https://bugs.webkit.org/show_bug.cgi?id=158802

Reviewed by Filip Pizlo.

This patch adds support for unset properties in MultiGetByOffset. Since MultiGetByOffset
already supports constant values this patch just adds a constant case where the fetched
value is undefined. Fortunately (or unfortunately) we don't support object allocation
sinking for constant cases of MultiGetByOffset, which means we don't need to adjust any
in that phase.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::planLoad):
(JSC::DFG::ByteCodeParser::handleGetById):

  • dfg/DFGMultiGetByOffsetData.h:
  • tests/stress/multi-get-by-offset-proto-or-unset.js: Added.

(foo):

  • tests/stress/multi-get-by-offset-proto-self-or-unset.js: Added.

(foo):

  • tests/stress/multi-get-by-offset-self-or-unset.js: Added.

(foo):

12:32 PM Changeset in webkit [202100] by eric.carlson@apple.com
  • 8 edits
    4 adds in trunk

[iOS] Make HTMLMediaElement.muted mutable
https://bugs.webkit.org/show_bug.cgi?id=158787
<rdar://problem/24452567>

Reviewed by Dean Jackson.

Source/WebCore:

Tests: media/audio-playback-restriction-removed-muted.html

media/audio-playback-restriction-removed-track-enabled.html

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::audioTrackEnabledChanged): Remove most behavior restrictions if

the track state was changed as a result of a user gesture.

(WebCore::HTMLMediaElement::setMuted): Ditto.
(WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Add mask

parameter so caller can choose which restrictions are removed.

  • html/HTMLMediaElement.h:
  • html/MediaElementSession.cpp:

(WebCore::restrictionName): Drive-by fix: remove duplicate label.

  • html/MediaElementSession.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Set muted on AVPlayer if setMuted

was called before the player was created.

(WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Drive-by fix: return early if there

is no AVPlayer, not if we won't have metadata yet.

(WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted): New.

LayoutTests:

  • media/audio-playback-restriction-removed-muted-expected.txt: Added.
  • media/audio-playback-restriction-removed-muted.html: Added.
  • media/audio-playback-restriction-removed-track-enabled-expected.txt: Added.
  • media/audio-playback-restriction-removed-track-enabled.html: Added.
12:30 PM Changeset in webkit [202099] by Chris Dumez
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed GCC build fix after r202098.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::thresholdForJIT):

12:20 PM Changeset in webkit [202098] by ggaren@apple.com
  • 6 edits in trunk/Source/JavaScriptCore

compilation policy should adapt to past behavior
https://bugs.webkit.org/show_bug.cgi?id=158759

Reviewed by Saam Barati.

This looks like a ~9% speedup on JSBench.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::~CodeBlock): Record when a CodeBlock dies without ever
making it to DFG.

(JSC::CodeBlock::thresholdForJIT): CodeBlocks that make it to DFG should
compile sooner; CodeBlocks that don't should compile later. The goal is
to use past behavior, in addition to execution counts, to determine
whether compilation is profitable.

(JSC::CodeBlock::jitAfterWarmUp):
(JSC::CodeBlock::jitSoon): Apply the thresholdForJIT rule.

  • bytecode/CodeBlock.h: Moved some code into the .cpp file so I could

change stuff without recompiling.
(JSC::CodeBlock::jitAfterWarmUp): Deleted.
(JSC::CodeBlock::jitSoon): Deleted.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::didOptimize):
(JSC::UnlinkedCodeBlock::setDidOptimize): Added a piece of data to track
whether we made it to DFG.

  • jit/JITOperations.cpp: Record when we make it to DFG.
12:17 PM Changeset in webkit [202097] by Simon Fraser
  • 2 edits in trunk/LayoutTests

fast/events/ios tests are marked as flakey, but really just fail in OpenSource and WK1
https://bugs.webkit.org/show_bug.cgi?id=158804

Test gardening.

fast/events/ios is skipped globally. Ideally it would be re-enabled in /ios-simulator-wk2/TestExpectations, but relies on unreleased
software, so leave disabled for now.

  • platform/ios-simulator/TestExpectations:
12:04 PM Changeset in webkit [202096] by Konstantin Tokarev
  • 4 edits in trunk/Source

Source/JavaScriptCore:
Only Mac port needs ObjC API for JSC.
https://bugs.webkit.org/show_bug.cgi?id=158780

Reviewed by Philippe Normand.

  • API/JSBase.h: Removed !defined(BUILDING_GTK)

Source/WTF:
Only Mac port needs ObjC API for JSC
https://bugs.webkit.org/show_bug.cgi?id=158780

Reviewed by Philippe Normand.

  • wtf/FeatureDefines.h:
11:40 AM WebKit2 edited by clopez@igalia.com
(diff)
10:08 AM Changeset in webkit [202095] by pvollan@apple.com
  • 3 edits in trunk/Tools

[Win][CMake] Changes in WebKit options are not reflected in incremental builds.
https://bugs.webkit.org/show_bug.cgi?id=158727

Reviewed by Alex Christensen.

Delete CMake cache file if WebKit options have been modified.

  • Scripts/build-webkit:
  • Scripts/webkitdirs.pm:

(shouldRemoveCMakeCache):

9:45 AM Changeset in webkit [202094] by Yusuke Suzuki
  • 2 edits in trunk/Source/WTF

Unreviewed, follow up patch for r202092
https://bugs.webkit.org/show_bug.cgi?id=158661

During checking Windows port on EWS, accidentally introduce the regression.

  • wtf/Platform.h:
9:39 AM Changeset in webkit [202093] by keith_miller@apple.com
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

DFGByteCodeParser should be able to infer a property is unset from the Baseline inline cache.
https://bugs.webkit.org/show_bug.cgi?id=158774

Reviewed by Filip Pizlo.

This patch allows the DFGByteCodeParser to speculatively convert a property access into a
constant if that access was always a miss in the Baseline inline cache. This patch does
not add support for MultiGetByOffset and unset properties. That functionality will come
a future patch.

  • bytecode/ComplexGetStatus.cpp:

(JSC::ComplexGetStatus::computeFor):

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

  • bytecode/GetByIdVariant.h:

(JSC::GetByIdVariant::isPropertyUnset):

  • bytecode/PutByIdVariant.h:

(JSC::PutByIdVariant::isPropertyUnset):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::handleGetById):

  • tests/stress/undefined-access-then-self-change.js: Added.

(foo):

9:30 AM Changeset in webkit [202092] by Yusuke Suzuki
  • 6 edits in trunk/Source

[JSC] Move calling convention flags to WTF
https://bugs.webkit.org/show_bug.cgi?id=158661

Reviewed by Keith Miller.

Source/JavaScriptCore:

Due to some calling convention flags and JIT_OPERATION flags, MathCommon.h includes MacroAssemblerCodeRef and JITOperations.h.
But MacroAssembler and JIT part should not be necessary for the MathCommon component.
As with other calling convention flags like JSC_HOST_CALL, these flags should be in WTF.

  • assembler/MacroAssemblerCodeRef.h:
  • jit/JITOperations.h:

Add wtf/Platform.h inclusion driven by the Windows port build failure.

  • runtime/MathCommon.h:

Source/WTF:

  • wtf/Platform.h:
8:22 AM Changeset in webkit [202091] by commit-queue@webkit.org
  • 69 edits in trunk

Enabling Shadow DOM for all platforms
https://bugs.webkit.org/show_bug.cgi?id=158738

Patch by Romain Bellessort <romain.bellessort@crf.canon.fr> on 2016-06-15
Reviewed by Ryosuke Niwa.

.:

Removed Shadow DOM from options (enabled by default)

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/OptionsWin.cmake:
  • Source/cmake/WebKitFeatures.cmake:
  • Source/cmake/tools/vsprops/FeatureDefines.props:
  • Source/cmake/tools/vsprops/FeatureDefinesCairo.props:

Source/JavaScriptCore:

Removed Shadow DOM from options (enabled by default)

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:

No new tests (no new behavior to be tested).

Removed Shadow DOM from options (enabled by default)
(comprises removal of corresponding preprocessor directives)

  • Configurations/FeatureDefines.xcconfig:
  • DerivedSources.make:
  • bindings/generic/RuntimeEnabledFeatures.h:
  • bindings/js/JSDocumentFragmentCustom.cpp:
  • bindings/js/JSNodeCustom.cpp:
  • css/CSSGrammar.y.in:
  • css/CSSParser.cpp:
  • css/CSSParserValues.cpp:
  • css/CSSParserValues.h:
  • css/CSSSelector.cpp:
  • css/CSSSelector.h:
  • css/ElementRuleCollector.cpp:
  • css/ElementRuleCollector.h:
  • css/RuleSet.cpp:
  • css/RuleSet.h:
  • css/SelectorChecker.cpp:
  • css/SelectorChecker.h:
  • css/SelectorPseudoClassAndCompatibilityElementMap.in:
  • css/StyleResolver.cpp:
  • cssjit/SelectorCompiler.cpp:
  • dom/ComposedTreeAncestorIterator.h:
  • dom/ComposedTreeIterator.cpp:
  • dom/ComposedTreeIterator.h:
  • dom/ContainerNode.cpp:
  • dom/Document.cpp:
  • dom/Document.h:
  • dom/Element.cpp:
  • dom/Element.h:
  • dom/Element.idl:
  • dom/Event.idl:
  • dom/EventPath.cpp:
  • dom/Node.cpp:
  • dom/Node.h:
  • dom/NonDocumentTypeChildNode.idl:
  • dom/ShadowRoot.cpp:
  • dom/ShadowRoot.h:
  • dom/ShadowRoot.idl:
  • dom/SlotAssignment.cpp:
  • dom/SlotAssignment.h:
  • html/HTMLSlotElement.cpp:
  • html/HTMLSlotElement.h:
  • html/HTMLSlotElement.idl:
  • html/HTMLTagNames.in:
  • page/FocusController.cpp:
  • style/StyleSharingResolver.cpp:
  • style/StyleTreeResolver.cpp:

Source/WebKit/mac:

Removed Shadow DOM from options (enabled by default)

  • Configurations/FeatureDefines.xcconfig:
  • WebView/WebPreferences.mm:
  • WebView/WebView.mm:

Source/WebKit/win:

Removed Shadow DOM from options (enabled by default)
(comprises removal of corresponding preprocessor directives)

  • WebView.cpp:

Source/WebKit2:

Removed Shadow DOM from options (enabled by default)
(comprises removal of corresponding preprocessor directives)

  • Configurations/FeatureDefines.xcconfig:
  • WebProcess/InjectedBundle/InjectedBundle.cpp:
  • WebProcess/WebPage/WebPage.cpp:

Tools:

Removed Shadow DOM from options (enabled by default)

  • Scripts/webkitperl/FeatureList.pm:
  • TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
8:13 AM Changeset in webkit [202090] by akling@apple.com
  • 4 edits in trunk/Source/WebCore

[Cocoa] Add two notify listeners for poking the garbage collector.
<https://webkit.org/b/158783>

Reviewed by Antti Koivisto.

Add two new notify listeners:

  • com.apple.WebKit.fullGC

Trigger a full garbage collection in the main WebCore VM immediately.

  • com.apple.WebKit.deleteAllCode

Throw away all of JSC's linked and unlinked code, and do a full GC.

These will make it easier to diagnose memory growth issues by having a lever that
eliminates many of the large object graphs without going after behavior-changing things
like the memory cache.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::platformInitialize):

  • platform/MemoryPressureHandler.h:
  • platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::platformInitialize):

7:12 AM Changeset in webkit [202089] by Antti Koivisto
  • 18 edits in trunk

Vary:Cookie validation doesn't work in private browsing
https://bugs.webkit.org/show_bug.cgi?id=158616
Source/WebCore:

<rdar://problem/26755067>

Reviewed by Andreas Kling.

There wasn't a way to get cookie based on SessionID from WebCore.

  • platform/CookiesStrategy.h:

Add a cookie retrival function that takes SessionID instead of NetworkStorageSession.

  • platform/network/CacheValidation.cpp:

(WebCore::headerValueForVary):

Use it.

(WebCore::verifyVaryingRequestHeaders):

Source/WebKit/mac:

<rdar://problem/26755067>

Reviewed by Andreas Kling.

  • WebCoreSupport/WebFrameNetworkingContext.h:

(WebFrameNetworkingContext::create):

  • WebCoreSupport/WebFrameNetworkingContext.mm:

(privateSession):
(WebFrameNetworkingContext::ensurePrivateBrowsingSession):

Expose the private browsing session.

(WebFrameNetworkingContext::destroyPrivateBrowsingSession):

  • WebCoreSupport/WebPlatformStrategies.h:
  • WebCoreSupport/WebPlatformStrategies.mm:

(WebPlatformStrategies::cookieRequestHeaderFieldValue):

Implement SessionID version of the function.

(WebPlatformStrategies::getRawCookies):

Source/WebKit2:

<rdar://problem/26755067>

Reviewed by Andreas Kling.

  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::cookieRequestHeaderFieldValue):

Implement SessionID version of the function.

  • WebProcess/WebCoreSupport/WebPlatformStrategies.h:

LayoutTests:

Reviewed by Darin Adler.

  • http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt:
  • http/tests/cache/disk-cache/disk-cache-vary-cookie.html:

Exapand the existing test to cover memory cache and private browsing.

2:55 AM Changeset in webkit [202088] by pvollan@apple.com
  • 4 edits in trunk

[Win] The test accessibility/selected-text-range-aria-elements.html is failing.
https://bugs.webkit.org/show_bug.cgi?id=158732

Reviewed by Brent Fulgham.

Source/WebCore:

Implement support for getting selected text range.

  • accessibility/win/AccessibilityObjectWrapperWin.cpp:

(WebCore::AccessibilityObjectWrapper::accessibilityAttributeValue):

Tools:

Implement selectedTextRange() method.

  • DumpRenderTree/win/AccessibilityUIElementWin.cpp:

(AccessibilityUIElement::selectedTextRange):

2:36 AM Changeset in webkit [202087] by pvollan@apple.com
  • 2 edits in trunk/Tools

[Win] MiniBrowser is not DPI aware.
https://bugs.webkit.org/show_bug.cgi?id=158733

Reviewed by Brent Fulgham.

Call Win32 api function to let Windows know that we will scale the contents ourselves.

  • MiniBrowser/win/WinMain.cpp:

(wWinMain):

2:26 AM Changeset in webkit [202086] by pvollan@apple.com
  • 2 edits in trunk/Tools

Unreviewed: add new email address to contributors.json.

  • Scripts/webkitpy/common/config/contributors.json:

Jun 14, 2016:

11:36 PM Changeset in webkit [202085] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

Addressing post-review comments after r201971
https://bugs.webkit.org/show_bug.cgi?id=158450

Unreviewed.

  • css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::add):
(WebCore::CSSFontFaceSet::remove):

10:04 PM Changeset in webkit [202084] by keith_miller@apple.com
  • 2 edits in trunk/Tools

JSBench should use geometric mean
https://bugs.webkit.org/show_bug.cgi?id=158775

Reviewed by Mark Lam.

For some reason JSBench was using algebraic mean. Since each test
is pretty substantially different it should use geometric mean
instead.

  • Scripts/run-jsc-benchmarks:
9:44 PM Changeset in webkit [202083] by mmaxfield@apple.com
  • 6 edits
    2 adds in trunk

Honor bidi unicode codepoints
https://bugs.webkit.org/show_bug.cgi?id=149170
<rdar://problem/26527378>

Reviewed by Simon Fraser.

Source/WebCore:

BidiResolver doesn't have any concept of isolate Unicode code points, so produces
unexpected output when they are present. Fix by considering such code points as
whitespace in the bidi algorithm. This is a stop-gap measure until we can support
the codepoints fully in our Bidi algorithm.

Test: fast/text/isolate-ignore.html

  • platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

  • platform/text/BidiResolver.h:

(WebCore::Subclass>::createBidiRunsForLine):

Source/WTF:

  • wtf/unicode/CharacterNames.h:

LayoutTests:

  • fast/text/isolate-ignore-expected.html: Added.
  • fast/text/isolate-ignore.html: Added.
7:52 PM Changeset in webkit [202082] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Rename DataGrid.showColumn to setColumnVisible
https://bugs.webkit.org/show_bug.cgi?id=158764
<rdar://problem/26801448>

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid):
Drive-by update to initialize "this._columnChooserEnabled".

(WebInspector.DataGrid.prototype.set identifier):
(WebInspector.DataGrid.prototype.insertColumn):
(WebInspector.DataGrid.prototype._collapseColumnGroupWithCell):
Use new method name.

(WebInspector.DataGrid.prototype._contextMenuInHeader):
Drive-by style update.

7:52 PM Changeset in webkit [202081] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Storage tab should allow hiding columns in the cookies grid
https://bugs.webkit.org/show_bug.cgi?id=158767
<rdar://problem/26803568>

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/CookieStorageContentView.js:

(WebInspector.CookieStorageContentView.prototype._rebuildTable):
Enable column chooser, exclude Name and Value columns.

7:18 PM Changeset in webkit [202080] by Chris Dumez
  • 3 edits in trunk/Source/WebKit2

Avoid constructing a AuthenticationChallenge unnecessarily in the NetworkLoad constructor
https://bugs.webkit.org/show_bug.cgi?id=158746

Reviewed by Darin Adler.

Avoid constructing a AuthenticationChallenge unnecessarily in the
NetworkLoad constructor by using WTF::Optional<> for this data
member.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):

  • NetworkProcess/NetworkLoad.h:
7:07 PM Changeset in webkit [202079] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[iOS] Play glyph is pixelated when the page zoom is large
https://bugs.webkit.org/show_bug.cgi?id=158770
<rdar://problem/26092124>

Patch by Antoine Quint <Antoine Quint> on 2016-06-14
Reviewed by Dean Jackson.

Use the same technique that we use to scale the video controls by using a combination
of CSS "zoom" and "transform" properties to have the video play glyph scaled at its
native size regardless of page zoom.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.set pageScaleFactor):

6:45 PM Changeset in webkit [202078] by ap@apple.com
  • 2 edits in trunk/Tools

Debug crash logs are not fully symbolicated on Yosemite
https://bugs.webkit.org/show_bug.cgi?id=158760

Reviewed by Darin Adler.

  • BuildSlaveSupport/build.webkit.org-config/master.cfg: Don't enable dSYM generation

for debug builds on Yosemite.

6:31 PM Changeset in webkit [202077] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

Add missing WTFMove() in NetworkResourceLoader::didReceiveResponse()
https://bugs.webkit.org/show_bug.cgi?id=158745

Reviewed by Darin Adler.

Add missing WTFMove() in NetworkResourceLoader::didReceiveResponse()
to avoid copying the ResourceResponse.

  • NetworkProcess/NetworkResourceLoader.cpp:
6:25 PM Changeset in webkit [202076] by Chris Dumez
  • 5 edits in trunk/Source/WebCore

Regression(r201534): Compile time greatly regressed
https://bugs.webkit.org/show_bug.cgi?id=158765
<rdar://problem/26587342>

Reviewed by Darin Adler.

Compile time greatly regressed by r201534 due to Document.h now including
TextAutoSizing.h. Move the TextAutoSizingTraits back to Document.h to
restore pre-r201534 behavior.

  • WebCore.xcodeproj/project.pbxproj:
  • dom/Document.cpp:

(WebCore::TextAutoSizingTraits::constructDeletedValue):
(WebCore::TextAutoSizingTraits::isDeletedValue):

  • dom/Document.h:
  • rendering/TextAutoSizing.h:

(WebCore::TextAutoSizingTraits::constructDeletedValue): Deleted.
(WebCore::TextAutoSizingTraits::isDeletedValue): Deleted.

6:03 PM Changeset in webkit [202075] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Inline media controls cut off PiP and fullscreen buttons on cnn.com
https://bugs.webkit.org/show_bug.cgi?id=158766
<rdar://problem/24175161>

Patch by Antoine Quint <Antoine Quint> on 2016-06-14
Reviewed by Dean Jackson.

The display of the picture-in-picture and fullscreen buttons are dependent on the availability
of video tracks through a call to hasVideo(). We need to ensure that the display properties of
both those buttons are updated when the number of video tracks has changed since the controls
may be populated prior to the availability of video tracks.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.updateHasVideo):

5:45 PM Changeset in webkit [202074] by commit-queue@webkit.org
  • 5 edits in trunk

The parser doesn't properly parse "super" when default parameter is an
arrow function.
https://bugs.webkit.org/show_bug.cgi?id=157872.

Patch by Caio Lima <Caio Lima> on 2016-06-14
Reviewed by Saam Barati.

The "super" member or "super()" could not be used when default parameter is an
arrow function, resuling in sytax error. It happened because the
"closestOrdinaryFunctionScope" was not being initialized properly
before "parseFunctionParameters" step and the condition
"functionSuperBinding == SuperBinding::NotNeeded" or
"functionConstructorKind != ConstructorKind::Derived" on
"Parser<LexerType>::parseMemberExpression" step were being true
resulting in SyntaxError.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo): setting
"functionScope->setExpectedSuperBinding(expectedSuperBinding)" and
"functionScope->setConstructorKind(constructorKind)" before
"parseFunctionParameters" step.

5:43 PM Changeset in webkit [202073] by Nikita Vasilyev
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Visual Sidebar: Remove "Text -> Content" subsection
https://bugs.webkit.org/show_bug.cgi?id=158758
<rdar://problem/26799628>

Reviewed by Timothy Hatcher.

"content" CSS property only works with pseudo elements ::before and ::after.
It doesn't do anything for regular (non pseudo) elements. Remove it to
reduce UI clutter.

  • UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype.initialLayout):
(WebInspector.VisualStyleDetailsPanel.prototype._populateContentSection): Deleted.

  • UserInterface/Views/VisualStylePropertyEditor.css:

(.visual-style-property-container > *:first-child:matches(.visual-style-property-value-container)): Deleted.

5:42 PM Changeset in webkit [202072] by commit-queue@webkit.org
  • 8 edits
    2 moves in trunk

Web Inspector: Rename Timeline.setAutoCaptureInstruments to Timeline.setInstruments
https://bugs.webkit.org/show_bug.cgi?id=158762

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-14
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Rename the protocol methods since the backend may use the instruments
for purposes other then auto-capture, such as programmatic capture
via console.profile.

  • inspector/protocol/Timeline.json:

Source/WebCore:

Test: inspector/timeline/setInstruments-errors.html

  • inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorTimelineAgent::setInstruments):
(WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
(WebCore::InspectorTimelineAgent::setAutoCaptureInstruments): Deleted.

  • inspector/InspectorTimelineAgent.h:

Source/WebInspectorUI:

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype._updateAutoCaptureInstruments):
(WebInspector.TimelineManager):

LayoutTests:

  • inspector/timeline/setInstruments-errors-expected.txt: Renamed from LayoutTests/inspector/timeline/setAutoCaptureInstruments-errors-expected.txt.
  • inspector/timeline/setInstruments-errors.html: Renamed from LayoutTests/inspector/timeline/setAutoCaptureInstruments-errors.html.
4:38 PM Changeset in webkit [202071] by ap@apple.com
  • 3 edits in trunk/Tools

Tests don't work in iOS Simulator when ASan is enabled
https://bugs.webkit.org/show_bug.cgi?id=158726

Reviewed by David Kilzer.

  • Scripts/webkitpy/port/driver.py:

(Driver._setup_environ_for_driver): Added a FIXME.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_environ_for_server): Don't try to insert a dylib built for
simulator into LayoutTestRelay, which is a macOS tool.

4:28 PM Changeset in webkit [202070] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Continuous "Reentrancy avoided" error messages in run-webkit-tests if Simulator quits unexpectedly
https://bugs.webkit.org/show_bug.cgi?id=158756

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/xcode/simulator.py:

(Simulator.wait_until_device_is_booted): If checking Simulator boot state fails, verify if
the "simulator device" is still in booted state. Since we ensured that simulator device
was in booted state earlier in this method, this indicates that simulator device has shut down
unexpectedly.

3:56 PM Changeset in webkit [202069] by ddkilzer@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Document the native format of JSChar type
<http://webkit.org/b/156137>

Reviewed by Darin Adler.

  • API/JSStringRef.h:

(typedef JSChar): Update documentation.

3:47 PM Changeset in webkit [202068] by dino@apple.com
  • 6 edits
    2 adds in trunk

decompose4 return value is unchecked, leading to potentially uninitialized data.
https://bugs.webkit.org/show_bug.cgi?id=158761
<rdar://problem/17526268>

Reviewed by Simon Fraser.

Source/WebCore:

WebCore::decompose4 could return early without initializing data.
I now initialize it, but I also started checking the return
value at all the call sites to make sure everything is sensible.

Test: transforms/undecomposable.html

  • platform/graphics/transforms/PerspectiveTransformOperation.cpp:

(WebCore::PerspectiveTransformOperation::blend):

  • platform/graphics/transforms/RotateTransformOperation.cpp:

(WebCore::RotateTransformOperation::blend):

  • platform/graphics/transforms/TransformationMatrix.cpp:

(WebCore::decompose4):
(WebCore::TransformationMatrix::blend4):

  • platform/graphics/transforms/TransformationMatrix.h:

LayoutTests:

  • transforms/undecomposable-expected.txt: Added.
  • transforms/undecomposable.html: Added.
3:34 PM Changeset in webkit [202067] by keith_miller@apple.com
  • 6 edits
    4 adds in trunk

The Array species constructor watchpoints should be created the first time they are needed rather than on creation
https://bugs.webkit.org/show_bug.cgi?id=158754

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

We use adaptive watchpoints for some Array prototype functions to
ensure that the user has not overridden the value of the
Array.prototype.constructor or Array[Symbol.species]. This patch
changes when the Array species constructor watchpoints are
initialized. Before, those watchpoints would be created when the
global object is initialized. This had the advantage that it did
not require validating the constructor and Symbol.species
properties. On the other hand, it also meant that if the user were
to reconfigure properties Array.prototype, which would cause the
structure of the property to become an uncachable dictionary,
prior to running code that the watchpoints would be
invalidated. It turns out that JSBench amazon, for instance, does
reconfigure some of Array.prototype's properties. This patch
initializes the watchpoints the first time they are needed. Since
we only initialize once we also flatten the structure of Array and
Array.prototype.

  • runtime/ArrayPrototype.cpp:

(JSC::speciesConstructArray):
(JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint):
(JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
(JSC::ArrayPrototype::setConstructor): Deleted.

  • runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::speciesWatchpointStatus):
(JSC::ArrayPrototype::didChangeConstructorOrSpeciesProperties): Deleted.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::speciesGetterSetter):
(JSC::JSGlobalObject::arrayConstructor):

  • tests/stress/array-symbol-species-lazy-watchpoints.js: Added.

(test):
(arrayEq):
(A):

LayoutTests:

Add new micro-benchmark that tests the impact of lazily
initializing the array species watchpoints.

  • js/regress/lazy-array-species-watchpoints-expected.txt: Added.
  • js/regress/lazy-array-species-watchpoints.html: Added.
  • js/regress/script-tests/lazy-array-species-watchpoints.js: Added.

(test):

3:09 PM Changeset in webkit [202066] by commit-queue@webkit.org
  • 35 edits
    2 adds in trunk

Add the unprefixed version of the pseudo element ::placeholder
https://bugs.webkit.org/show_bug.cgi?id=158653

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-06-14
Reviewed by Dean Jackson.

Source/WebCore:

Test: fast/forms/placeholder-pseudo-element-with-webkit-prefix.html

The pseudo element ::-webkit-input-placeholder is stupidly popular
which forces other engines to support this exact name.

The pseudo-element spec provides a new standard name we can adopt
to drop the prefix: https://drafts.csswg.org/css-pseudo-4/#placeholder-pseudo

This patch does just that, make ::placeholder the standard name to select
the placeholder element in the shadow dom of input elements.

Unlike pseudo classes, we did not have any support for prefixes and aliasing.
I want to keep the absurdly efficient matching we currently use for styling
because style updates are more common than stylesheet updates.
With that constraint in mind, the value of CSSSelector has to be the unprefixed
version for both forms of input.

This leaves us with the problem of displaying the CSSSelector for CSSOM.
To differentiate the legacy form from the standard form, I added
a new type of PseudoElement: PseudoElementWebKitCustomLegacyPrefixed.
When parsing, PseudoElementWebKitCustomLegacyPrefixed let us replace
the original value "-webkit-input-placeholder" by the standard value.
When creating the selectorText for CSSOM, PseudoElementWebKitCustomLegacyPrefixed
let us replace the standard for by the legacy form.

  • css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoElementSelector):

  • css/CSSSelector.cpp:

(WebCore::CSSSelector::pseudoId):
(WebCore::CSSSelector::selectorText):

  • css/CSSSelector.h:

(WebCore::CSSSelector::isCustomPseudoElement):
(WebCore::CSSSelector::isWebKitCustomPseudoElement):

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

  • css/SelectorPseudoElementTypeMap.in:
  • css/html.css:

(::placeholder):
(input::placeholder, isindex::placeholder):
(textarea::placeholder):
(::-webkit-input-placeholder): Deleted.
(input::-webkit-input-placeholder, isindex::-webkit-input-placeholder): Deleted.
(textarea::-webkit-input-placeholder): Deleted.

  • features.json:
  • html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):

Source/WebInspectorUI:

  • UserInterface/Views/FilterBar.css:

(.filter-bar > input[type="search"]::placeholder):
(.filter-bar > input[type="search"]::-webkit-input-placeholder): Deleted.

  • UserInterface/Views/FindBanner.css:

(.find-banner.console-find-banner > input[type="search"]::placeholder):
(.find-banner.console-find-banner > input[type="search"]::-webkit-input-placeholder): Deleted.

  • UserInterface/Views/GoToLineDialog.css:

(.go-to-line-dialog > div > input::placeholder):
(.go-to-line-dialog > div > input::-webkit-input-placeholder): Deleted.

  • UserInterface/Views/OpenResourceDialog.css:

(.open-resource-dialog > .field > input::placeholder):
(.open-resource-dialog > .field > input::-webkit-input-placeholder): Deleted.

  • UserInterface/Views/SearchBar.css:

(.search-bar > input[type="search"]::placeholder):
(.search-bar > input[type="search"]::-webkit-input-placeholder): Deleted.

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:

LayoutTests:

  • fast/css/css-selector-text-expected.txt:
  • fast/css/css-selector-text.html:
  • fast/css/css-set-selector-text-expected.txt:
  • fast/css/css-set-selector-text.html:

This covers CSSOM for the prefixed version.

  • fast/forms/placeholder-pseudo-element-with-webkit-prefix-expected.html: Added.
  • fast/forms/placeholder-pseudo-element-with-webkit-prefix.html: Added.

This verifies both version of the pseudo elements are equivalent.

  • fast/css/pseudo-cache-stale-expected.html:
  • fast/css/pseudo-cache-stale.html:
  • fast/forms/input-placeholder-paint-order-2-expected.html:
  • fast/forms/input-placeholder-paint-order-2.html:
  • fast/forms/input-placeholder-paint-order.html:
  • fast/forms/input-placeholder-text-indent.html:
  • fast/forms/input-user-modify.html:
  • fast/forms/isindex-placeholder.html:
  • fast/forms/placeholder-position.html:
  • fast/forms/placeholder-pseudo-style.html:
  • fast/forms/textarea-placeholder-pseudo-style.html:
  • fast/forms/textarea/textarea-placeholder-paint-order-2-expected.html:
  • fast/forms/textarea/textarea-placeholder-paint-order-2.html:
  • fast/forms/textarea/textarea-placeholder-paint-order.html:
3:02 PM Changeset in webkit [202065] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

Follow-up fix #2: REGRESSION (r202020): El Capitan CMake Debug build broken
<https://webkit.org/b/158743>

Unreviewed build fix.

  • DumpRenderTree/PlatformMac.cmake: Fix silly typo.
2:42 PM Changeset in webkit [202064] by Nikita Vasilyev
  • 13 edits in trunk/Source/WebInspectorUI

Web Inspector: Introduce --navigation-bar-height CSS variable
https://bugs.webkit.org/show_bug.cgi?id=158752

Reviewed by Timothy Hatcher.

Abstract a commonly repeated height value (29px) into a variable.

  • UserInterface/Views/CSSStyleDetailsSidebarPanel.css:

(.sidebar > .panel.details.css-style > .content.has-filter-bar):

  • UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger > :matches(.content, .empty-content-placeholder)):

  • UserInterface/Views/FilterBar.css:

(.filter-bar):

  • UserInterface/Views/NavigationBar.css:

(.navigation-bar):

  • UserInterface/Views/NavigationSidebarPanel.css:

(.sidebar > .panel.navigation > .content):
(.sidebar > .panel.navigation > .overflow-shadow.top):

  • UserInterface/Views/NetworkSidebarPanel.css:

(.sidebar > .panel.navigation.network > .title-bar):

  • UserInterface/Views/ResourceSidebarPanel.css:

(.sidebar > .panel.navigation.resource > :matches(.content, .empty-content-placeholder)):

  • UserInterface/Views/SearchSidebarPanel.css:

(.sidebar > .panel.navigation.search > :matches(.content, .empty-content-placeholder)):
(.sidebar > .panel.navigation.search > .search-bar):

  • UserInterface/Views/Sidebar.css:

(.sidebar.has-navigation-bar > .panel):

  • UserInterface/Views/StorageSidebarPanel.css:

(.sidebar > .panel.navigation.storage > :matches(.content, .empty-content-placeholder)):

  • UserInterface/Views/TimelineRecordingContentView.css:

(.content-view.timeline-recording > .content-browser .recording-progress):

  • UserInterface/Views/Variables.css:

(:root):

2:28 PM Changeset in webkit [202063] by d_russell@apple.com
  • 13 edits
    10 adds in trunk

AX: Form label text should be exposed as static text if it contains only static text
https://bugs.webkit.org/show_bug.cgi?id=158634

Reviewed by Chris Fleizach.

Use AccessibilityLabel to represent HTMLLabelElement to assistive technology.
AccessibilityLabel::containsOnlyStaticText() searches label subtree to evaluate
if all children are static text.
AccessibilityLabel::stringValue() consults containsOnlyStaticText() and returns
textUnderElement() if true.
WebAccessibilityObjectWrapperMac consults containsOnlyStaticText() and substitutes
StaticTextRole for LabelRole if true.
Cache containsOnlyStaticText() in the common case when updating children.

Source/WebCore:

Tests: accessibility/mac/label-element-all-text-string-value.html

accessibility/mac/label-element-with-link-string-value.html

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • accessibility/AXObjectCache.cpp:

(WebCore::createFromRenderer):

  • accessibility/AccessibilityAllInOne.cpp:
  • accessibility/AccessibilityLabel.cpp: Added.

(WebCore::AccessibilityLabel::AccessibilityLabel):
(WebCore::AccessibilityLabel::~AccessibilityLabel):
(WebCore::AccessibilityLabel::create):
(WebCore::AccessibilityLabel::computeAccessibilityIsIgnored):
(WebCore::AccessibilityLabel::stringValue):
(WebCore::childrenContainOnlyStaticText):
(WebCore::AccessibilityLabel::containsOnlyStaticText):
(WebCore::AccessibilityLabel::updateChildrenIfNecessary):
(WebCore::AccessibilityLabel::clearChildren):
(WebCore::AccessibilityLabel::insertChild):

  • accessibility/AccessibilityLabel.h: Added.
  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isLabel):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper role]):

LayoutTests:

  • accessibility/aria-labelledby-overrides-label-expected.txt:
  • accessibility/mac/label-element-all-text-string-value-expected.txt: Added.
  • accessibility/mac/label-element-all-text-string-value.html: Added.
  • accessibility/mac/label-element-with-hidden-control-expected.txt:
  • accessibility/mac/label-element-with-hidden-control.html:
  • accessibility/mac/label-element-with-link-string-value-expected.txt: Added.
  • accessibility/mac/label-element-with-link-string-value.html: Added.
  • accessibility/mac/slider-allows-title-ui-element-expected.txt:
  • accessibility/mac/slider-allows-title-ui-element.html:
2:27 PM Changeset in webkit [202062] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Too much log data generated during layout-tests on iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=158751

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort._quit_ios_simulator): Do not use -v flag.
(IOSSimulatorPort.clean_up_test_run): Ditto.
(IOSSimulatorPort._createSimulatorApp): Ditto.

1:35 PM Changeset in webkit [202061] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Increase timeouts for userscripts/window-onerror-for-isolated-world-3.html to fix flakiness.
https://bugs.webkit.org/show_bug.cgi?id=158750

Reviewed by Joseph Pecoraro.

  • userscripts/window-onerror-for-isolated-world-3.html:
1:17 PM Changeset in webkit [202060] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

Follow-up fix: REGRESSION (r202020): El Capitan CMake Debug build broken
<https://webkit.org/b/158743>

Unreviewed build fix.

The fix in r202056 clobbered DumpRenderTree_SOURCES and
TestNetscapePlugin_SOURCES from DumpRenderTree/CMakeLists.txt,
so the build failure is now that we're not building the common
sources.

Fix that by saving the common sources (which are all C++ source
files) into *_Cpp_SOURCES lists first, then setting the compiler
flags, then creating the final *_SOURCES lists.

  • DumpRenderTree/PlatformMac.cmake: Add

${TestNetscapePlugin_Cpp_SOURCES} to list that needs
"-std=c++14" compiler switch.
(TestNetscapePlugin_Cpp_SOURCES): Add new list for C++ source
files for TestNetscapePlugin. Seeded with
${TestNetscapePlugin_SOURCES} from CMakeLists.txt.
(TestNetscapePlugin_SOURCES): Add
${TestNetscapePlugin_Cpp_SOURCES} to the list of files.
(DumpRenderTree_Cpp_SOURCES): Seed list for C++ source files
with ${DumpRenderTree_SOURCES} from CMakeLists.txt.
(DumpRenderTree_SOURCES): Reformat and sort source lists.

1:15 PM Changeset in webkit [202059] by Ryan Haddad
  • 6 edits
    2 deletes in trunk

Unreviewed, rolling out r202057.
https://bugs.webkit.org/show_bug.cgi?id=158749

This change broke the Windows build. (Requested by ryanhaddad
on #webkit).

Reverted changeset:

"Honor bidi unicode codepoints"
https://bugs.webkit.org/show_bug.cgi?id=149170
http://trac.webkit.org/changeset/202057

Patch by Commit Queue <commit-queue@webkit.org> on 2016-06-14

12:01 PM Changeset in webkit [202058] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(202002-202014): 845 32-bit JSC Stress Test failures
https://bugs.webkit.org/show_bug.cgi?id=158737

Reviewed by Filip Pizlo.

When the this child and arguments child for the varargs nodes was switched I missed one
case in the 32-bit build.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

11:59 AM Changeset in webkit [202057] by mmaxfield@apple.com
  • 6 edits
    2 adds in trunk

Honor bidi unicode codepoints
https://bugs.webkit.org/show_bug.cgi?id=149170
<rdar://problem/26527378>

Reviewed by Simon Fraser.

Source/WebCore:

BidiResolver doesn't have any concept of isolate Unicode code points, so produces
unexpected output when they are present. Fix by considering such code points as
whitespace in the bidi algorithm. This is a stop-gap measure until we can support
the codepoints fully in our Bidi algorithm.

Test: fast/text/isolate-ignore.html

  • platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

  • platform/text/BidiResolver.h:

(WebCore::Subclass>::createBidiRunsForLine):

Source/WTF:

  • wtf/unicode/CharacterNames.h:

LayoutTests:

  • fast/text/isolate-ignore-expected.html: Added.
  • fast/text/isolate-ignore.html: Added.
11:51 AM Changeset in webkit [202056] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

REGRESSION (r202020): El Capitan CMake Debug build broken
<https://webkit.org/b/158743>

Reviewed by Alex Christensen.

The bug was that pure C++ source files (and Objective-C source
files) were being compiled as Objective-C++ source files. This
is obviously incorrect, so the fix was to split out the list of
source files by language, then define compiler switches based on
each file type.

  • DumpRenderTree/PlatformMac.cmake: Replace add_definitions()

with separate foreach loops that set compiler flags based on
each source file's type.
(TestNetscapePlugin_ObjCpp_SOURCES): Rename from
TestNetscapePlugin_SOURCES.
(TestNetscapePlugin_SOURCES): Create based on
${TestNetscapePlugin_ObjCpp_SOURCES}.
(DumpRenderTree_ObjC_SOURCES): Split from DumpRenderTree_SOURCES.
(DumpRenderTree_Cpp_SOURCES): Ditto.
(DumpRenderTree_ObjCpp_SOURCES): Ditto.
(DumpRenderTree_SOURCES): Create from above three lists.

11:42 AM Changeset in webkit [202055] by sbarati@apple.com
  • 2 edits in trunk/Source/WebInspectorUI

Follow up to: Web Inspector: Call Trees view should have a 'Top Functions'-like mode
https://bugs.webkit.org/show_bug.cgi?id=158555
<rdar://problem/26712544>

Unreviewed follow up patch.

  • Move a long if-else sequence to a switch statement.
  • Fix a copy-paste typo in a Symbol(.) enum.
  • UserInterface/Models/CallingContextTree.js:

(WebInspector.CallingContextTree.prototype.updateTreeWithStackTrace):

11:37 AM Changeset in webkit [202054] by Chris Dumez
  • 8 edits in trunk/Source/WebKit2

Reduce copying of NetworkLoadParameters
https://bugs.webkit.org/show_bug.cgi?id=158744

Reviewed by Alex Christensen.

Reduce copying of NetworkLoadParameters by moving it around instead.

  • NetworkProcess/Downloads/DownloadManager.cpp:

(WebKit::DownloadManager::startDownload):

  • NetworkProcess/Downloads/PendingDownload.cpp:

(WebKit::PendingDownload::PendingDownload):

  • NetworkProcess/Downloads/PendingDownload.h:
  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad):

  • NetworkProcess/NetworkLoad.h:
  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::startNetworkLoad):

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::SpeculativeLoad):

11:09 AM Changeset in webkit [202053] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Removing duplicated TestExpectation and sorting others alphabetically

Unreviewed test gardening.

  • platform/mac/TestExpectations:
11:03 AM Changeset in webkit [202052] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking inspector/debugger/break-in-constructor-before-super.html as flaky on mac debug.
https://bugs.webkit.org/show_bug.cgi?id=158742

Unreviewed test gardening.

  • platform/mac/TestExpectations:
10:55 AM Changeset in webkit [202051] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Moving flaky expectation for inspector/heap/garbageCollected.html from mac-wk1 to mac
https://bugs.webkit.org/show_bug.cgi?id=153039

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
9:54 AM Changeset in webkit [202050] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Unreviewed, rolling out r200455.
https://bugs.webkit.org/show_bug.cgi?id=158740

hangs twitter/facebook (Requested by mcatanzaro on #webkit).

Reverted changeset:

"[GStreamer] Adaptive streaming issues"
https://bugs.webkit.org/show_bug.cgi?id=144040
http://trac.webkit.org/changeset/200455

9:46 AM Changeset in webkit [202049] by nael.ouedraogo@crf.canon.fr
  • 4 edits in trunk

WebRTC: RTCPeerConnection::addTrack() should throw InvalidAccessError instead of InvalidModificationError.
https://bugs.webkit.org/show_bug.cgi?id=158735

Reviewed by Eric Carlson.

Source/WebCore:

Throw InvalidAccessError instead of InvalidModificationError when track already exists in connection's
set of senders as per specification (https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-addtrack).

Updated existing test results: fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt

  • Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::addTrack):

LayoutTests:

Check that an InvalidAccessError exception is thrown when the track already exists in set of senders.

  • fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt:
9:41 AM Changeset in webkit [202048] by adam.bergkvist@ericsson.com
  • 8 edits
    2 adds in trunk

WebRTC: Imlement MediaEndpointPeerConnection::addIceCandidate()
https://bugs.webkit.org/show_bug.cgi?id=158690

Reviewed by Eric Carlson.

Source/WebCore:

Implement MediaEndpointPeerConnection::addIceCandidate() that is the MediaEndpoint
implementation of RTCPeerConnection.addIceCandidate() [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-peerconnection-addicecandidate

Test: fast/mediastream/RTCPeerConnection-addIceCandidate.html

  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::addIceCandidate):
(WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
Implemented.

  • Modules/mediastream/MediaEndpointPeerConnection.h:
  • platform/mediastream/MediaEndpoint.h:

Use mid instead of mdescIndex to identify the target media description in the backend.

  • platform/mock/MockMediaEndpoint.cpp:

Update mock method signature accordingly.
(WebCore::MockMediaEndpoint::addRemoteCandidate):

  • platform/mock/MockMediaEndpoint.h:

LayoutTests:

Add test for RTCPeerConnection.addIceCandidate() that verifies:

  • Candidate line parsing
  • That a underlying media description can be identified using either sdpMid or sdpMLineIndex
  • That sdpMid takes precedence over sdpMLineIndex
  • fast/mediastream/RTCPeerConnection-addIceCandidate-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-addIceCandidate.html: Added.
  • platform/mac/TestExpectations:

The mac port is not building with WEB_RTC yet.

9:40 AM Changeset in webkit [202047] by Lucas Forschler
  • 2 edits in trunk/Tools

<rdar://problem/26685782>
Teach the copy-webkitlibraries-to-product-directory script about WebKitSystemInterfaceOSX10.12

Rubber-stamped by Jessie Berlin.

  • Scripts/copy-webkitlibraries-to-product-directory:
9:32 AM Changeset in webkit [202046] by youenn.fablet@crf.canon.fr
  • 2 edits in trunk/Tools

Activate CMake export compile commands option
https://bugs.webkit.org/show_bug.cgi?id=158734

Reviewed by Alex Christensen.

  • Scripts/webkitdirs.pm:

(generateBuildSystemFromCMakeProject): Activating this option for all CMake builds.
This allows using ymcd for WebKit hacking.

9:32 AM Changeset in webkit [202045] by Lucas Forschler
  • 5 edits
    1 add in trunk/WebKitLibraries

Update existing WebKitSystemInterface Libraries.
Add macOS Sierra WebKitSystemInterface.

Rubber-stamped by Alexey Proskuryakov.

  • libWebKitSystemInterfaceElCapitan.a:
  • libWebKitSystemInterfaceIOSDevice9.2.a:
  • libWebKitSystemInterfaceIOSSimulator9.2.a:
  • libWebKitSystemInterfaceOSX10.12.a: Added.
  • libWebKitSystemInterfaceYosemite.a:
9:07 AM Changeset in webkit [202044] by Alan Bujtas
  • 3 edits in trunk/Source/WebCore

Make RenderBlock::insertInto/RemoveFromTrackedRendererMaps functions static.
https://bugs.webkit.org/show_bug.cgi?id=158722

Reviewed by Simon Fraser.

These functions manipulate static tracker hashmaps. They don't need to be on RenderBlock.
This is also in preparation for decoupling positioned descendant tracking from descendent percentage height handling.
(gPositionedDescendantsMap and gPercentHeightDescendantsMap)

No change in functionality.

  • rendering/RenderBlock.cpp:

(WebCore::insertIntoTrackedRendererMaps):
(WebCore::removeFromTrackedRendererMaps):
(WebCore::removeBlockFromDescendantAndContainerMaps):
(WebCore::RenderBlock::insertPositionedObject):
(WebCore::RenderBlock::addPercentHeightDescendant):
(WebCore::RenderBlock::insertIntoTrackedRendererMaps): Deleted.
(WebCore::RenderBlock::removeFromTrackedRendererMaps): Deleted.

  • rendering/RenderBlock.h:
8:13 AM Changeset in webkit [202043] by adam.bergkvist@ericsson.com
  • 4 edits
    2 adds in trunk

WebRTC: Add media setup test where media is set up in one direction at a time
https://bugs.webkit.org/show_bug.cgi?id=158691

Reviewed by Eric Carlson.

Source/WebCore:

Add test for setting up media in one direction at a time. This requires a change in sdp.js
to allow an SDP that doesn't contain a stream id or track id (representing
a track being sent). In this test, the first answer doesn't contain any sending media.

Test: fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html

  • Modules/mediastream/sdp.js:

LayoutTests:

Test setting up media in one direction at a time. This is achieved by first negotiating
media in one direction. In a second step, an updated offer is sent to add bi-directional
media.

  • fast/mediastream/RTCPeerConnection-media-setup-two-dialogs-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html: Added.
  • platform/mac/TestExpectations:

The mac port is not building with WEB_RTC yet.

7:31 AM Changeset in webkit [202042] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

[Cocoa] Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit()
https://bugs.webkit.org/show_bug.cgi?id=158717

Reviewed by Alex Christensen.

Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit() by
calling CFHTTPMessageCopyAllHeaderFields() instead of [NSURLResponse allHeaderFields].

CFHTTPMessageCopyAllHeaderFields() creates only 1 copy while
[NSURLResponse allHeaderFields] creates 2 (see <rdar://problem/26778863>).

  • platform/network/cocoa/ResourceResponseCocoa.mm:

(WebCore::addToHTTPHeaderMap):
(WebCore::ResourceResponse::platformLazyInit):

6:10 AM Changeset in webkit [202041] by ddkilzer@apple.com
  • 3 edits in trunk/Source/WebCore

REGRESSION (r151608): Leak of QTMovieLayer or AVPlayerLayer in -[WebVideoFullscreenController setVideoElement:]
<https://webkit.org/b/158729>

Reviewed by Eric Carlson.

  • platform/mac/WebVideoFullscreenController.mm:

(-[WebVideoFullscreenController setVideoElement:]): Use
RetainPtr<> to prevent leaks.

  • platform/mac/WebVideoFullscreenHUDWindowController.mm:

Drive-by fix to remove unused <wtf/RetainPtr.h> import.

3:00 AM WebKitGTK/2.12.x edited by Carlos Garcia Campos
(diff)
2:58 AM Changeset in webkit [202040] by Carlos Garcia Campos
  • 6 edits in trunk/Source/WebKit2

[ThreadedCompositor] Opening the inspector in a window causes a crash.
https://bugs.webkit.org/show_bug.cgi?id=154444

Reviewed by Žan Doberšek.

The threaded compositor doesn't handle the case of changing or removing the native surface handle. When the web
view is reparented, the current native surface handle is destroyed when the view is removed from the parent, and
a new one is created when added to the new parent. We need to handle this case in the threaded compositor.

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:

(WebKit::CompositingRunLoop::stopUpdateTimer): Allow users to stop the update timer.

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.h:
  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::setNativeSurfaceHandleForCompositing): Use performTaskSync because this is called
from a synchronous IPC message and right after it returns, the current native surface is destroyed by the UI
process. So we need to ensure we finish all pending operations for the current native surface in the compositing
thread before it's destroyed. Then we enable or disable the scene depending on whether the native surface has
been created or destroyed and destroy the current context in case the new handle is 0.
(WebKit::ThreadedCompositor::tryEnsureGLContext): Just renamed to make it clear that it can fail.
(WebKit::ThreadedCompositor::glContext):
(WebKit::ThreadedCompositor::renderLayerTree): Return early if scene is not active.

  • WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp:

(WebKit::ThreadedCoordinatedLayerTreeHost::setNativeSurfaceHandleForCompositing): Schedule a new layer flush
after the native surface handle changed.

1:08 AM Changeset in webkit [202039] by nael.ouedraogo@crf.canon.fr
  • 3 edits in trunk/Source/WebCore

The vector of mediastreams should be passed via a reference to RTCPeerConnection::addTrack()
https://bugs.webkit.org/show_bug.cgi?id=158701

Pass vector of mediastreams by reference.

Reviewed by Youenn Fablet.

  • Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::addTrack):

  • Modules/mediastream/RTCPeerConnection.h:
12:52 AM Changeset in webkit [202038] by Carlos Garcia Campos
  • 5 edits in trunk/Source/WebKit2

[Threaded Compositor] Modernize and simplify threaded compositor code
https://bugs.webkit.org/show_bug.cgi?id=158615

Reviewed by Žan Doberšek.

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:

(WebKit::CompositingRunLoop::performTask): Use NoncopyableFunction.
(WebKit::CompositingRunLoop::performTaskSync): Ditto.
(WebKit::CompositingRunLoop::startUpdateTimer): Just renamed to start instead of set.
(WebKit::CompositingRunLoop::run): Expose run/stop methods instead of the internal RunLoop object.
(WebKit::CompositingRunLoop::stop): Also stop the update timer instead of relying on the caller to do it.
(WebKit::CompositingRunLoop::setUpdateTimer): Deleted.
(WebKit::CompositingRunLoop::stopUpdateTimer): Deleted.

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.h:
  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::setNativeSurfaceHandleForCompositing): Protects this directly in lambda capture.
(WebKit::ThreadedCompositor::setDeviceScaleFactor): Ditto.
(WebKit::ThreadedCompositor::didChangeViewportSize): Ditto.
(WebKit::ThreadedCompositor::didChangeViewportAttribute): Ditto.
(WebKit::ThreadedCompositor::didChangeContentsSize): Ditto.
(WebKit::ThreadedCompositor::scrollTo): Ditto.
(WebKit::ThreadedCompositor::scrollBy): Ditto.
(WebKit::ThreadedCompositor::updateViewport): Use startUpdateTimer().
(WebKit::ThreadedCompositor::scheduleDisplayImmediately): Ditto.
(WebKit::ThreadedCompositor::didChangeVisibleRect): Improve lambda captures.
(WebKit::ThreadedCompositor::renderLayerTree): Use m_viewportController directly.
(WebKit::ThreadedCompositor::createCompositingThread): Use createThread() version that receives a function.
(WebKit::ThreadedCompositor::runCompositingThread): Use run method and don't stop the update timer when the run
loop finishes.
(WebKit::ThreadedCompositor::terminateCompositingThread): Use stop method.
(WebKit::ThreadedCompositor::ThreadedCompositor): Deleted.
(WebKit::ThreadedCompositor::compositingThreadEntry): Deleted.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h:

(WebKit::ThreadedCompositor::viewportController): Deleted.

12:48 AM Changeset in webkit [202037] by Carlos Garcia Campos
  • 4 edits in trunk/Source/WebKit2

[Threaded Compositor] Flickering and rendering artifacts when resizing the web view
https://bugs.webkit.org/show_bug.cgi?id=154070

Reviewed by Žan Doberšek.

Resizing the web view is expected to be a sync operation, the UI process creates a new backing store state ID,
sends UpdateBackingStoreState message with the flag RespondImmediately to the web process and waits up to 500ms
for the reply (DidUpdateBackingStoreState message). When using the threaded compositor, we schedule a task in
the compositing thread to update the viewport size, and return immediately, so that we reply to the UI process
before the compositing thread has actually updated its size. There's a moment in which sizes are out of sync
causing the flickering and rendering artifacts, the UI process continues rendering at the new size, while the
web process is still rendering at the previous size. We can prevent this from happening just by making the
resize task synchronous in the threaded compositor.

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:

(WebKit::CompositingRunLoop::performTaskSync): Add sync version of performTask().

  • Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.h:
  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::didChangeViewportSize): Use performTaskSync().

12:43 AM Changeset in webkit [202036] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Fix Soup downloads after r201943.

This is a follow up of r201943. The DownloadClient used in DownloadSoup was not updated to the new API of the
ResourceHandleClient because it was not using override on the virtual methods, so it was unnoticed. That broke
the downloads soup implementation, because didReceiveResponse is no longer used in the DownloadClient. This
patch updates the DownloadClient to the new ResourceHandleClient API adding also override to all the virtual
methods to prevent this from happening in the future.

  • NetworkProcess/Downloads/soup/DownloadSoup.cpp:

(WebKit::Download::start):
(WebKit::Download::startWithHandle):
(WebKit::DownloadClient::DownloadClient):
(WebKit::DownloadClient::downloadFailed):
(WebKit::DownloadClient::didReceiveResponse):
(WebKit::DownloadClient::didReceiveData):
(WebKit::DownloadClient::didFinishLoading):
(WebKit::DownloadClient::didFail):
(WebKit::DownloadClient::wasBlocked): Deleted.
(WebKit::DownloadClient::cannotShowURL): Deleted.
(WebKit::DownloadClient::cancel):
(WebKit::DownloadClient::handleResponse):

12:35 AM Changeset in webkit [202035] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
https://bugs.webkit.org/show_bug.cgi?id=158724

Reviewed by Alex Christensen.

Added null checks for document and document element since they could be nullptr here.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::checkLoadCompleteForThisFrame):

12:10 AM Changeset in webkit [202034] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

Modernize DumpRenderTreeMac.h
<https://webkit.org/b/158721>

Reviewed by Andy Estes.

  • DumpRenderTree/mac/DumpRenderTreeMac.h:
  • Update copyright.
  • Update license.
  • Use #pragma once.
  • Use OBJC_CLASS macro.

Jun 13, 2016:

11:57 PM Changeset in webkit [202033] by barraclough@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

setUpStaticFunctionSlot does not handle Builtin|Accessor properties
https://bugs.webkit.org/show_bug.cgi?id=158637

Reviewed by Geoff Garen.

setUpStaticFunctionSlot contains a duplicate copy of the body of the function reifyStaticProperty

  • however it is missing handling for Accessor type under Builtin functions.

Fix the bug by de-duplicating - setUpStaticFunctionSlot should just call reifyStaticProperty.

  • runtime/Lookup.cpp:

(JSC::setUpStaticFunctionSlot):

  • should just call reifyStaticProperty.
  • runtime/Lookup.h:

(JSC::lookupPut):
(JSC::reifyStaticProperty):

  • changed reifyStaticProperty to take PropertyName.
11:36 PM Changeset in webkit [202032] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
https://bugs.webkit.org/show_bug.cgi?id=158431

Unreviewed build fix.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate):

11:18 PM Changeset in webkit [202031] by barraclough@apple.com
  • 3 edits in trunk/Source/WebCore

Remove hasStaticPropertyTable (part 4: JSHTMLDocument & JSStorage)
https://bugs.webkit.org/show_bug.cgi?id=158431

Reviewed by Chris Dumez.

All uses of hasStaticPropertyTable flag generated by bindings are wrong.

JSHTMLDocument & JSStorage contain a number of static_asserts claiming that
various methods do not support static properties. These asserts were likely
correct at the time they were added, as JSObject::getOwnPropertySlot and
JSObject::deleteProperty did not support getting / deleting static value.
This is no longer the case, and these asserts are now incorrect.

  • bindings/js/JSHTMLDocumentCustom.cpp:

(WebCore::JSHTMLDocument::getOwnPropertySlot):

  • bindings/js/JSStorageCustom.cpp:

(WebCore::JSStorage::deleteProperty):
(WebCore::JSStorage::deletePropertyByIndex):
(WebCore::JSStorage::putDelegate):

  • remove incorrect static_asserts.
11:17 PM Changeset in webkit [202030] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
https://bugs.webkit.org/show_bug.cgi?id=158431

Reviewed by Geoff Garen.

All uses of hasStaticPropertyTable flag generated by bindings are wrong.

JSLocation::putDelegate checks the static property table redundantly.

In the case of same origin access, if the property is not in the static
table the method will call JSObject::put and return true (indicating the
delegate handled the put). If the property is in the static table, the
method will return false (indicating the the delegate did not handle the
access) - in which case the calling function will call JSObject::put.
Checking for the property in the static table is redundant - same origin
access does not require any special handling, and should just always
return false & let the caller handle the put.

In the case of cross origin access, if the property is not in the static
table we return true (indicating the access was handled, and silently
blocking it). If it is a static property, we check the name, and if the
name is not 'href' we also return true, silently blocking. In the case
that the name is 'href' we'll return false, indicating to the caller
that the access was not handled by the delegate, resulting in it taking
place. The additional check of the static table is redundant, since we
only have special behaviour in the case of 'href'. (Moreover it is
unnecesszarily fragile, since if we made a change such that 'href' was no
longer implemented as a static property with would fail.)

  • for same origin, always return false.
  • for cross origin, return false for 'href', otherwise return true.
  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate):

  • restructure & remove static table check.
11:09 PM Changeset in webkit [202029] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Remove hasStaticPropertyTable (part 2: JSPluginElement)
https://bugs.webkit.org/show_bug.cgi?id=158431

Reviewed by Chris Dumez.

All uses of hasStaticPropertyTable flag generated by bindings are wrong.

The check in pluginElementCustomGetOwnPropertySlot was somewhat dubious in the
first place (for types with static properties it would give precedence to both
static and also property storage properties; for types without static properties
it would check neither - an odd asymetry in the case of values in the storage
array, and was depending on an implementation detail that could change).

This is all now redundant anyway. None of these types have static properties.
All properties are now corretcly on the prototype (which is handled appropriately
below). This is just dead code.

  • bindings/js/JSPluginElementFunctions.h:

(WebCore::pluginElementCustomGetOwnPropertySlot):

  • remove dead code.
11:08 PM Changeset in webkit [202028] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Remove hasStaticPropertyTable (part 1: DOM bindings)
https://bugs.webkit.org/show_bug.cgi?id=158431

Reviewed by Chris Dumez.

All uses of hasStaticPropertyTable flag generated by bindings are wrong.

  • bindings/js/JSDOMBinding.h:

(WebCore::getStaticValueSlotEntryWithoutCaching): Deleted.
(WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>): Deleted.

  • this method is not used anywhere.
11:04 PM Changeset in webkit [202027] by barraclough@apple.com
  • 10 edits
    2 moves in trunk/Source/JavaScriptCore

JSBoundSlotBaseFunction no longer binds slot base
https://bugs.webkit.org/show_bug.cgi?id=157978

Reviewed by Geoff Garen.

This class is basically currently named after a bug. We should never have
been binding function to slot bases - this was not ever correct behavior.
This was fixed earlier in the year, but there is still some cruft including
the class name to clean up.

  • renamed JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction
  • removed m_boundSlotBase - don't retain the original slot base (we were not really using it anyway).
  • ASSERT customGetterSetter->getter/setter are non-null, rather than checking.
  • Store the PropertyName such that we can pass this to the getter (we're currently reperforming the String->Identifier conversion every time).
  • Removed JSFunction::lookUpOrCreateNativeExecutable - this is just overhead, and not used consistently.
  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • runtime/JSBoundSlotBaseFunction.cpp: Removed.
  • runtime/JSBoundSlotBaseFunction.h: Removed.
    • JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction
  • runtime/JSCustomGetterSetterFunction.cpp: Copied from Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp.

(JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):

  • made a static function on JSCustomGetterSetterFunction such that accessor to member properties could be made private. Call variant of callCustomSetter that does not require slotBase, ASSERT getter/setter present, pass stored PropertyName to getter.

(JSC::JSCustomGetterSetterFunction::JSCustomGetterSetterFunction):

  • renamed, store propertyName.

(JSC::JSCustomGetterSetterFunction::create):

  • use same function name to Executable as is being passed to Function::finishCreation.

(JSC::JSCustomGetterSetterFunction::visitChildren):
(JSC::JSCustomGetterSetterFunction::finishCreation):

  • removed m_boundSlotBase.
  • runtime/JSCustomGetterSetterFunction.h: Copied from Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h.

(JSC::JSCustomGetterSetterFunction::customGetterSetter):
(JSC::JSCustomGetterSetterFunction::isSetter):

  • made private.

(JSC::JSCustomGetterSetterFunction::propertyName):

  • new accessor.

(JSC::JSBoundSlotBaseFunction::boundSlotBase): Deleted.

  • removed.
  • runtime/JSFunction.cpp:

(JSC::JSFunction::create):
(JSC::JSFunction::lookUpOrCreateNativeExecutable): Deleted.

  • removed lookUpOrCreateNativeExecutable. This inconsistently used wrapper was providing no value, only bloat.
  • runtime/JSFunction.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • renamed JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction, etc.
  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::customGetterSetterFunctionStructure):
(JSC::JSGlobalObject::boundSlotBaseFunctionStructure): Deleted.

  • renamed JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction, etc.
  • runtime/JSNativeStdFunction.cpp:

(JSC::JSNativeStdFunction::create):

  • removed lookUpOrCreateNativeExecutable.
  • runtime/JSObject.cpp:

(JSC::getCustomGetterSetterFunctionForGetterSetter):
(JSC::JSObject::getOwnPropertyDescriptor):
(JSC::getBoundSlotBaseFunctionForGetterSetter): Deleted.

  • renamed JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction, etc.
  • runtime/VM.h:
    • renamed JSBoundSlotBaseFunction -> JSCustomGetterSetterFunction, etc.
11:04 PM Changeset in webkit [202026] by adam.bergkvist@ericsson.com
  • 15 edits in trunk

WebRTC: Imlement MediaEndpointPeerConnection::replaceTrack()
https://bugs.webkit.org/show_bug.cgi?id=158688

Reviewed by Eric Carlson.

Source/WebCore:

Implement MediaEndpointPeerConnection::replaceTrack() that is the MediaEndpoint implementation
of RTCRtpSender.replaceTrack() [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcrtpsender-replacetrack

Updated fast/mediastream/RTCRtpSender-replaceTrack.html

  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::replaceTrack):
(WebCore::MediaEndpointPeerConnection::replaceTrackTask):
Implemented.

  • Modules/mediastream/MediaEndpointPeerConnection.h:
  • Modules/mediastream/PeerConnectionBackend.h:
  • Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::replaceTrack):

  • Modules/mediastream/RTCPeerConnection.h:

Move the MediaStreamTrack instance of sending a reference to it. This change is the main
reason many files are touched by this change.

  • Modules/mediastream/RTCRtpSender.h:
  • Modules/mediastream/RTCRtpSender.idl:
  • platform/mediastream/MediaEndpoint.h:

Use mid instead of mdescIndex to identify the media description in the backend.

  • platform/mock/MockMediaEndpoint.cpp:

(WebCore::MockMediaEndpoint::replaceSendSource):

  • platform/mock/MockMediaEndpoint.h:

LayoutTests:

Update existing test for RTCRtpSender.replaceTrack.

  • fast/mediastream/RTCRtpSender-replaceTrack-expected.txt:
  • fast/mediastream/RTCRtpSender-replaceTrack.html:

Add test cases where a "not yet negotiated track" is directly replaced. Also check that the
old track id is used in later offers.

  • fast/mediastream/resources/promise-utils.js:

(promiseShouldResolve):
Added utility method to test promise expressions that are expected to resolve.

9:33 PM Changeset in webkit [202025] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Show Exception Stack in UncaughtExceptionReporter view
https://bugs.webkit.org/show_bug.cgi?id=158657
<rdar://problem/26754441>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-13
Reviewed by Darin Adler.

  • UserInterface/Debug/UncaughtExceptionReporter.css:

(.uncaught-exception-sheet li):
Make newlines significant.

  • UserInterface/Debug/UncaughtExceptionReporter.js:

(unblockEventHandlers):
(handleError):
(handleLinkClick):
(formattedEntry):
Format the exception and a possible stack with a bit of sanitizing.

9:10 PM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
9:03 PM Changeset in webkit [202024] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

[Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
https://bugs.webkit.org/show_bug.cgi?id=156668
<rdar://problem/26714558>

Reviewed by Anders Carlsson.

  • Configurations/WebContentService.xcconfig: Enable library validation when the Web Content service is given the XPC domain extension entitlement when targeting macOS Sierra or later.
8:28 PM Changeset in webkit [202023] by commit-queue@webkit.org
  • 81 edits
    3 copies
    11 adds in trunk

window.onerror should pass the ErrorEvent's 'error' property as the 5th argument to the event handler
https://bugs.webkit.org/show_bug.cgi?id=55092
<rdar://problem/25731279>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-06-13
Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

This includes the actual Error in window.error / ErrorEvent:
https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface

This is useful for scripts to be able to get an error stack
from uncaught exceptions, by checking the error itself.

Tests: fast/events/window-onerror17.html

http/tests/security/cross-origin-script-error-event-redirected.html
http/tests/security/cross-origin-script-error-event.html
http/tests/security/script-crossorigin-error-event-information.html
http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html
userscripts/window-onerror-for-isolated-world-3.html

  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSBindingsAllInOne.cpp:

Add new custom error event file.

  • bindings/js/JSDOMBinding.cpp:

(WebCore::reportException):
Include the JSC::Exception when reporting exceptions, so the error value is available.

  • bindings/js/JSErrorEventCustom.cpp:

(WebCore::JSErrorEvent::error):
Sanitized access to the ErrorEvent's error property to prevent leaking objects
across isolated world boundaries. This is like CustomEvent's data property.

  • bindings/js/JSErrorHandler.cpp:

(WebCore::JSErrorHandler::handleEvent):

  • bindings/js/JSErrorHandler.h:

Include the error object as the 4th argument to the window.onerror event handler.

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::sanitizeScriptError):
(WebCore::ScriptExecutionContext::reportException):
(WebCore::ScriptExecutionContext::dispatchErrorEvent):

  • dom/ScriptExecutionContext.h:

Include the error object in the ErrorEvent constructed when dispatching error events.

  • dom/ErrorEvent.cpp:

(WebCore::ErrorEvent::ErrorEvent):
(WebCore::ErrorEvent::sanitizedErrorValue):
(WebCore::ErrorEvent::trySerializeError):

  • dom/ErrorEvent.h:
  • dom/ErrorEvent.idl:

Include an any "error" property on the ErrorEvent, and allow it in initialization.

  • bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::evaluate):

  • workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
Within the Worker world, the error is included in the event.
When re-dispatching the error on the world object in the world that spawned the
Worker the event does not include an error object. This matches other browsers
right now, but could be improved to have the same cross world serialization
as isolated worlds have with the error data.

  • dom/CustomEvent.h:

Remove unimplemented stale method.

LayoutTests:

  • platform/wk2/TestExpectations:

Skip new userscript test on WebKit2 like others.

  • fast/events/constructors/error-event-constructor-expected.txt:
  • fast/events/constructors/error-event-constructor.html:

Test for the new any "error" initialization property.

  • fast/events/event-leak-objects-expected.txt:
  • fast/events/event-leak-objects.html:
  • fast/events/event-properties-gc-expected.txt:
  • fast/events/event-properties-gc.html:

Like CustomEvent.details, ErrorEvent.error should not leak
objects across isolated worlds.

  • fast/events/window-onerror-exception-in-attr-expected.txt:
  • fast/events/window-onerror-exception-in-attr.html:
  • fast/events/window-onerror-syntax-error-in-attr-expected.txt:
  • fast/events/window-onerror-syntax-error-in-attr.html:
  • fast/events/window-onerror1-expected.txt:
  • fast/events/window-onerror1.html:
  • fast/events/window-onerror10-expected.txt:
  • fast/events/window-onerror10.html:
  • fast/events/window-onerror11-expected.txt:
  • fast/events/window-onerror11.html:
  • fast/events/window-onerror12-expected.txt:
  • fast/events/window-onerror12.html:
  • fast/events/window-onerror13.html:
  • fast/events/window-onerror14.html:
  • fast/events/window-onerror16.html:
  • fast/events/window-onerror17-expected.txt: Added.
  • fast/events/window-onerror17.html: Copied from LayoutTests/fast/events/window-onerror12.html.
  • fast/events/window-onerror2-expected.txt:
  • fast/events/window-onerror2.html:
  • fast/events/window-onerror3-expected.txt:
  • fast/events/window-onerror3.html:
  • fast/events/window-onerror4-expected.txt:
  • fast/events/window-onerror4.html:
  • fast/events/window-onerror5-expected.txt:
  • fast/events/window-onerror5.html:
  • fast/events/window-onerror6-expected.txt:
  • fast/events/window-onerror6.html:
  • fast/events/window-onerror7-expected.txt:
  • fast/events/window-onerror7.html:
  • fast/events/window-onerror8-expected.txt:
  • fast/events/window-onerror8.html:
  • fast/events/window-onerror9-expected.txt:
  • fast/events/window-onerror9.html:

Include output for the column number and error object where possible.

  • fast/files/resources/setup-for-read-common.js:
  • fast/files/workers/worker-apply-blob-url-to-xhr.html:
  • fast/workers/resources/worker-error-in-handling-script-error.js:
  • fast/workers/resources/worker-script-error-bubbled.js:
  • fast/workers/resources/worker-script-error-handled.js:
  • fast/workers/resources/worker-script-error.js:
  • fast/workers/worker-script-error-expected.txt:

Test "onerror" within Workers, and the "error" event on
the Worker from the spawning context.

  • http/tests/security/cross-origin-script-error-event-expected.txt: Added.
  • http/tests/security/cross-origin-script-error-event-redirected-expected.txt: Added.
  • http/tests/security/cross-origin-script-error-event-redirected.html: Added.
  • http/tests/security/cross-origin-script-error-event.html: Added.
  • http/tests/security/cross-origin-script-window-onerror-expected.txt:
  • http/tests/security/cross-origin-script-window-onerror-redirected-expected.txt:
  • http/tests/security/cross-origin-script-window-onerror-redirected.html:
  • http/tests/security/cross-origin-script-window-onerror.html:
  • http/tests/security/script-crossorigin-error-event-information-expected.txt: Added.
  • http/tests/security/script-crossorigin-error-event-information.html: Added.
  • http/tests/security/script-crossorigin-onerror-information-expected.txt:
  • http/tests/security/script-crossorigin-onerror-information.html:
  • http/tests/security/script-no-crossorigin-error-event-should-be-sanitized-expected.txt: Added.
  • http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html: Copied from LayoutTests/http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html.
  • http/tests/security/script-no-crossorigin-onerror-should-be-sanitized-expected.txt:
  • http/tests/security/script-no-crossorigin-onerror-should-be-sanitized.html:
  • http/tests/security/window-onerror-exception-in-iframe-expected.txt:
  • http/tests/security/window-onerror-exception-in-iframe.html:
  • http/tests/workers/worker-importScriptsOnError-expected.txt:
  • js/dom/exception-line-number-expected.txt:
  • js/dom/script-tests/exception-line-number.js:

(window.onerror):

  • userscripts/window-onerror-for-isolated-world-1-expected.txt:
  • userscripts/window-onerror-for-isolated-world-1.html:
  • userscripts/window-onerror-for-isolated-world-2-expected.txt:
  • userscripts/window-onerror-for-isolated-world-2.html:
  • userscripts/window-onerror-for-isolated-world-3-expected.txt: Added.
  • userscripts/window-onerror-for-isolated-world-3.html: Added.

Add an explicit test for error objects crossing isolated world boundaries.
In the Isolated World case, serializable values are cloned, but unserializable
values cause the error object to return to null to avoid leaking across worlds.

8:05 PM Changeset in webkit [202022] by dino@apple.com
  • 3 edits
    2 adds in trunk

SVG elements don't blend correctly into HTML
https://bugs.webkit.org/show_bug.cgi?id=158718
<rdar://problem/26782004>

Reviewed by Antoine Quint.

Source/WebCore:

We were not creating any transparency layers for the root SVG nodes.
This is ok if the SVG is the root document, because it is the backdrop.
However, if it is inline SVG, it needs to apply the operation in
order to composite into the document.

Test: svg/css/mix-blend-mode-with-inline-svg.html

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::beginTransparencyLayers):

LayoutTests:

  • svg/css/mix-blend-mode-with-inline-svg-expected.html: Added.
  • svg/css/mix-blend-mode-with-inline-svg.html: Added.
7:29 PM Changeset in webkit [202021] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

The sampling profiler should further protect itself against certain forms of sampling bias that arise due to the sampling interval being in sync with some other system process
https://bugs.webkit.org/show_bug.cgi?id=158678

Reviewed by Benjamin Poulain.

I first became aware of this problem when I read this paper:
http://plv.colorado.edu/papers/mytkowicz-pldi10.pdf

To provide background for this change, I'll quote a paragraph
from section 6.2:
"One statically sound method for collecting random samples is to collect a
sample at every t + r milliseconds, where t is the desired sampling interval
and r is a random number between −t and t. One might think that sampling every
t seconds is enough (i.e., drop the r component) but it is not: specifically,
if a profiler samples every t seconds, the sampling rate would be synchronized
with any program or system activity that occurs at regular time intervals [17].
For example, if the thread scheduler switches between threads every 10ms and our
sampling interval was also 10ms, then we may always take samples immediately after
a thread switch. Because performance is often different immediately after a thread
switch than at other points (e.g., due to cache and TLB warm-up effects) we would
get biased data. The random component, r, guards against such situations."

  • runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::timerLoop):

7:27 PM Changeset in webkit [202020] by ddkilzer@apple.com
  • 3 edits in trunk/Tools

False-positive over-release of WebView in destroyWebViewAndOffscreenWindow() in DumpRenderTree.mm
<https://webkit.org/b/158716>

Reviewed by Andy Estes.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(destroyWebViewAndOffscreenWindow): Change this function to take
a WebView, and assert that it's the same as [mainFrame webView].
(dumpRenderTree): Pass 'webView' into
destroyWebViewAndOffscreenWindow().

  • DumpRenderTree/mac/DumpRenderTreeMac.h:

(createWebViewAndOffscreenWindow): Add NS_RETURNS_RETAINED since
this function returns a +1 WebView. Declare this method only for
Objective-C[++] source.

5:34 PM Changeset in webkit [202019] by beidson@apple.com
  • 6 edits in trunk

storage/indexeddb/modern/leaks-1.html leaks the database connection handle.
https://bugs.webkit.org/show_bug.cgi?id=158643

Reviewed by Alex Christensen.

Source/WebCore:

Tested by changes to existing test.

  • Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::hasPendingActivity):

  • dom/EventTarget.h:

(WebCore::EventTarget::eventTargetData):
(WebCore::EventTarget::hasEventListeners):

LayoutTests:

  • storage/indexeddb/modern/leak-1-expected.txt:
  • storage/indexeddb/modern/resources/leak-1.js:
5:17 PM Changeset in webkit [202018] by enrica@apple.com
  • 3 edits in trunk/Source/WebCore

REGRESSION(r201956): Failure to initialize new internal settings produced random test failures in release.
https://bugs.webkit.org/show_bug.cgi?id=158713
rdar://26769957

Reviewed by Simon Fraser.

Failed to initialize the new member variable in both Settings and InternalSettings classes.

  • page/Settings.cpp:

(WebCore::Settings::Settings):

  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::Backup::Backup):

5:11 PM Changeset in webkit [202017] by Chris Dumez
  • 4 edits in trunk/Source/WebCore

Drop HipChat hack introduced in r197548
https://bugs.webkit.org/show_bug.cgi?id=158711

Reviewed by Geoffrey Garen.

Drop HipChat hack introduced in r197548. This hack is no longer needed
as the bug was fixed in HipChat since then:
https://support.atlassian.com/servicedesk/customer/portal/32/HCP-7532

I have confirmed locally that the latest version (4.0.12.665) is able
to connect without the hack.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate): Deleted.

  • platform/RuntimeApplicationChecks.h:
  • platform/RuntimeApplicationChecks.mm:

(WebCore::MacApplication::isHipChat): Deleted.

4:52 PM Changeset in webkit [202016] by Jon Davis
  • 2 edits in trunk/Websites/webkit.org

Minor style updates for figcaptions and post forewords.

  • wp-content/themes/webkit/style.css:

(article .foreword):
(figure.aligncenter figcaption):
(figure.aligncenter figcaption::before):

4:17 PM Changeset in webkit [202015] by oliver@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

DFG Validation fails when performing a concatenation with only a single entry
https://bugs.webkit.org/show_bug.cgi?id=158699

Reviewed by Saam Barati.

Fairly simple short circuiting of a single replacement template string
without any padding to be planted as a simple to string rather than
op_strcat.

  • bytecompiler/NodesCodegen.cpp:

(JSC::TemplateLiteralNode::emitBytecode):

  • tests/stress/template-literal.js:

(testSingleNode):

4:05 PM Changeset in webkit [202014] by Chris Fleizach
  • 2 edits in trunk/Source/WebCore

AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227
https://bugs.webkit.org/show_bug.cgi?id=158685

Reviewed by David Kilzer.

Crash reports show a null access at a line that tries to dereference a pointer.
I still don't have a way to layout test this, as it seems tied to tear down of the main document.

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::remoteSVGRootElement):

3:57 PM Changeset in webkit [202013] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Use two video layer solution only on mac.
https://bugs.webkit.org/show_bug.cgi?id=158705
rdar://problem/26776360

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-06-13
Reviewed by Jer Noble.

Two video layer solution is only useful on the mac to prevent flicker, so don't do it elsewhere.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):

3:53 PM Changeset in webkit [202012] by Jon Davis
  • 3 edits in trunk/Websites/webkit.org

Adds support for foreword custom meta and display styles on blog posts.
https://bugs.webkit.org/show_bug.cgi?id=158707.

Reviewed by Timothy Hatcher.

  • wp-content/themes/webkit/functions.php:
  • wp-content/themes/webkit/style.css:

(article .foreword):

3:44 PM Changeset in webkit [202011] by Matt Baker
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Filter Records not applying to new records
https://bugs.webkit.org/show_bug.cgi?id=158213
<rdar://problem/26543912>

Reviewed by Timothy Hatcher.

This patch makes the following improvements to timeline grid filtering:

  • Records are filtered as they are added to the grid.
  • Timeline view no longer triggers a filter refresh while the current time changes while recording.
  • Filters are refreshed whenever the current timeline view changes.
  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype.hasFilters):
Helper function to check for custom and text filters.

(WebInspector.DataGrid.prototype._applyFiltersToNodeAndDispatchEvent):
Encapsulate node state change and event dispatch, which was previously
done in multiple places.

(WebInspector.DataGrid.prototype.insertChild):
Filter incoming node if needed.

(WebInspector.DataGrid.prototype._updateFilter.createIteratorForNodesToBeFiltered):
(WebInspector.DataGrid.prototype._updateFilter):
(WebInspector.DataGrid.prototype.yieldableTaskWillProcessItem):
Use new convenience functions.

(WebInspector.DataGrid.prototype.hasCustomFilters): Deleted.
Renamed hasFilters.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._currentContentViewDidChange):
Refresh grid filters on view change.

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView.prototype.set startTime):
(WebInspector.TimelineView.prototype.set endTime):
Schedule filter change notification when selection bounds changes.

(WebInspector.TimelineView.prototype._timesDidChange):
(WebInspector.TimelineView.prototype._scheduleFilterDidChange):
(WebInspector.TimelineView):

3:43 PM Changeset in webkit [202010] by sbarati@apple.com
  • 7 edits
    2 adds in trunk/Source/WebInspectorUI

Web Inspector: Call Trees view should have a 'Top Functions'-like mode
https://bugs.webkit.org/show_bug.cgi?id=158555
<rdar://problem/26712544>

Reviewed by Timothy Hatcher.

This patch adds a Top Functions view that is similar to Instruments'
Top Functions view. I really wanted to add this view because I've
been doing a lot of performance debugging and I've exclusively
used the Top Functions view and I want the Inspector to also have
this view. I like to think of it as a more sophisticated version of the bottom-up view.

Top Functions works by treating every frame as a root in the tree.
Top functions view then presents a list of "roots". This is the same
as all other views, which also present a list of roots, but in this case,
every frame is a root. Bottom Up is great for nailing in specific performance
problems in exactly one frame. But Bottom Up doesn't give you good context about where
a specific frame is in the call tree and how frames are related by having
a caller or some path of shared callers. For example, consider this call tree:

(program)
/ \

/ \

(many nodes...)

/

/

(parent)
/ \

/ \

(leaf1) (leaf2)

Suppose that 'leaf1' is super hot, and 'leaf2' is moderately hot.
If we look at this through Bottom Up view, we will see 'leaf1'
is super hot, but it will take more scrolling to see that 'leaf2'
is moderately hot. Lets say that 'parent' is also moderately hot,
but that the majority of its time isn't self time. With Bottom Up view,
there is no good way to see that 'leaf1' and 'leaf2' are both nodes under 'parent'.
With Top Down, you can find this information, but it requires a ton of drilling down into
the tree (i.e, you must expand past the 'many nodes...' I drew above). It's inconvenient to
use Top Down here for indentation alone. Bottom up will tell you that 'leaf1' is super hot,
and that 'leaf2' and 'parent' are moderately hot, but it doesn't show how they're related
in the original tree. It's important to see that 'parent's total time is very high
because it itself is moderately hot, and it has a child node that is super hot, and
another child that's moderately 'hot'. For the sake of this example, let's pretend
that 85% of the program's time is spent inside 'parent'. Seeing this information through
'Top Functions' is easy because this information filters to the top of the list. Specifically,
when using 'Top Functions' sorted by Total Time. Because every node is a root, there will be
a top-level entry for every frame in the program. Specifically, there will be a top-level node
for 'parent' in my above example. Because I've sorted this view by Total Time, I will see '(program)'
first. That's because 100% of execution time is under the '(program)' frame. Then, I might see
a few other nodes that also run the entire time because '(program)' calls them, and they eventually
call into other things that never leave the stack. These will also have time ranges near 100%.
But, only a few nodes after that, I'll see 'parent' in the list because it accounts for 85% of
execution time. Immediately, I will see that it has some self time, and that it has two child
nodes that have self time. This is really helpful.

Let's consider another example where it's not easy in Top Down to get the full picture of 'parent':

(program)

/ | \

(... many nodes...)

/ \

(many nodes...) (many nodes...)

/ \

parent parent

| |

leaf1 leaf2

If we viewed this program in Top Down, we don't get a full picture of 'parent'
because it has its time distributed in two different subsections of the tree.
Specifically, lets say it has 70% of time in the leaf1 path, and 30% of the
time in the leaf2 path. We want a way to see these things together. It's impossible
to do this in Top Down or Bottom Up. But, in Top Functions view, we get the view that
we want to see because we treat 'parent' as a root of the tree. Because we do this,
we will create the following sub tree in the Top Functions view:

parent

/ \

leaf1 leaf2

This happens naturally because when 'parent' is a root, we add all its children
to its subtree.

Constructing this tree is really easy. What we do is take any arbitrary stack
trace of length n, and treat is as n separate stack traces. Specifically, we
perform the following operation for any stack trace S.

S = [A, B, C, D]
(A is the entry frame, and D is the top of the stack).
We will transform this into a list of stack traces S' like so:
S' = A, B, C, D], [B, C, D], [C, D], [D

If we then run the normal top down tree algorithm on this set of stack
traces, all nodes get treated as roots, and voila, we get the Top Functions view.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Controllers/TimelineManager.js:
  • UserInterface/Main.html:
  • UserInterface/Models/CallingContextTree.js:
  • UserInterface/Models/TimelineRecording.js:
  • UserInterface/Views/ScriptProfileTimelineView.js:
  • UserInterface/Views/TextToggleButtonNavigationItem.css: Added.
  • UserInterface/Views/TextToggleButtonNavigationItem.js: Added.
3:41 PM Changeset in webkit [202009] by Matt Baker
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: Add ability to show/hide DataGird columns
https://bugs.webkit.org/show_bug.cgi?id=158676
<rdar://problem/26761573>

Reviewed by Timothy Hatcher.

Make it possible to show/hide grid columns using the grid header
context menu. This patch enables the new behavior for most of the
timeline grids.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype.get identifier):
(WebInspector.DataGrid.prototype.set identifier):
An identifier for the grid instance, for managing per-grid settings.
Setting the id causes settings to be created, and their values to be
applied to the grid.

(WebInspector.DataGrid.prototype.get columnChooserEnabled):
(WebInspector.DataGrid.prototype.set columnChooserEnabled):
Enable showing/hiding columns via the grid header.

(WebInspector.DataGrid.prototype.insertColumn):
(WebInspector.DataGrid.prototype.showColumn):
Set column visibility and hidden column setting, then perform layout.

(WebInspector.DataGrid.prototype._collapseColumnGroupWithCell):
(WebInspector.DataGrid.prototype._contextMenuInHeader):
Create column chooser menu items if necessary.

(WebInspector.DataGrid.prototype._showColumn): Deleted.
(WebInspector.DataGrid.prototype._hideColumn): Deleted.
Replaced by showColumn.

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):
Always show "type" and "name" columns.

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView):

  • UserInterface/Views/ScriptDetailsTimelineView.js:

(WebInspector.ScriptDetailsTimelineView):
Always show "name" column.

  • UserInterface/Views/TimelineDataGrid.js:

(WebInspector.TimelineDataGrid):
Enable column chooser.

3:25 PM Changeset in webkit [202008] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Build fix. Strip out "use strict" everywhere so that the perf dashboard works on the shipping Safari.

  • tools/bundle-v3-scripts.py:

(main):

3:17 PM Changeset in webkit [202007] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

FTL::Output methods should be out-of-line whenever possible
https://bugs.webkit.org/show_bug.cgi?id=158704

Reviewed by Benjamin Poulain.

These methods turn into a non-trivial amount of code because of the template-based B3 API.
Inlining them didn't achieve any performance advantages for the FTL, but it did make the
code larger. This outlines most methods in FTL::Output. It makes FTL::LowerDFGToB3 smaller
and it doesn't change performance.

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::appendTo):
(JSC::FTL::Output::framePointer):
(JSC::FTL::Output::lockedStackSlot):
(JSC::FTL::Output::constBool):
(JSC::FTL::Output::constInt32):
(JSC::FTL::Output::constInt64):
(JSC::FTL::Output::constDouble):
(JSC::FTL::Output::phi):
(JSC::FTL::Output::add):
(JSC::FTL::Output::sub):
(JSC::FTL::Output::mul):
(JSC::FTL::Output::div):
(JSC::FTL::Output::chillDiv):
(JSC::FTL::Output::mod):
(JSC::FTL::Output::chillMod):
(JSC::FTL::Output::neg):
(JSC::FTL::Output::doubleAdd):
(JSC::FTL::Output::doubleSub):
(JSC::FTL::Output::doubleMul):
(JSC::FTL::Output::doubleDiv):
(JSC::FTL::Output::doubleMod):
(JSC::FTL::Output::bitAnd):
(JSC::FTL::Output::bitOr):
(JSC::FTL::Output::bitXor):
(JSC::FTL::Output::shl):
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::bitNot):
(JSC::FTL::Output::logicalNot):
(JSC::FTL::Output::ctlz32):
(JSC::FTL::Output::doubleAbs):
(JSC::FTL::Output::doubleCeil):
(JSC::FTL::Output::doubleFloor):
(JSC::FTL::Output::doubleTrunc):
(JSC::FTL::Output::doubleSin):
(JSC::FTL::Output::doubleCos):
(JSC::FTL::Output::doublePow):
(JSC::FTL::Output::doublePowi):
(JSC::FTL::Output::doubleSqrt):
(JSC::FTL::Output::doubleLog):
(JSC::FTL::Output::hasSensibleDoubleToInt):
(JSC::FTL::Output::doubleToUInt):
(JSC::FTL::Output::signExt32To64):
(JSC::FTL::Output::zeroExt):
(JSC::FTL::Output::intToDouble):
(JSC::FTL::Output::unsignedToDouble):
(JSC::FTL::Output::castToInt32):
(JSC::FTL::Output::doubleToFloat):
(JSC::FTL::Output::floatToDouble):
(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::baseIndex):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
(JSC::FTL::Output::above):
(JSC::FTL::Output::aboveOrEqual):
(JSC::FTL::Output::below):
(JSC::FTL::Output::belowOrEqual):
(JSC::FTL::Output::greaterThan):
(JSC::FTL::Output::greaterThanOrEqual):
(JSC::FTL::Output::lessThan):
(JSC::FTL::Output::lessThanOrEqual):
(JSC::FTL::Output::doubleEqual):
(JSC::FTL::Output::doubleEqualOrUnordered):
(JSC::FTL::Output::doubleNotEqualOrUnordered):
(JSC::FTL::Output::doubleLessThan):
(JSC::FTL::Output::doubleLessThanOrEqual):
(JSC::FTL::Output::doubleGreaterThan):
(JSC::FTL::Output::doubleGreaterThanOrEqual):
(JSC::FTL::Output::doubleNotEqualAndOrdered):
(JSC::FTL::Output::doubleLessThanOrUnordered):
(JSC::FTL::Output::doubleLessThanOrEqualOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrEqualOrUnordered):
(JSC::FTL::Output::isZero32):
(JSC::FTL::Output::notZero32):
(JSC::FTL::Output::isZero64):
(JSC::FTL::Output::notZero64):
(JSC::FTL::Output::select):
(JSC::FTL::Output::jump):
(JSC::FTL::Output::branch):
(JSC::FTL::Output::check):
(JSC::FTL::Output::ret):
(JSC::FTL::Output::unreachable):
(JSC::FTL::Output::speculate):
(JSC::FTL::Output::speculateAdd):
(JSC::FTL::Output::speculateSub):
(JSC::FTL::Output::speculateMul):
(JSC::FTL::Output::patchpoint):
(JSC::FTL::Output::trap):
(JSC::FTL::Output::anchor):
(JSC::FTL::Output::bitCast):
(JSC::FTL::Output::fround):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::setOrigin):
(JSC::FTL::Output::origin):
(JSC::FTL::Output::constIntPtr):
(JSC::FTL::Output::doubleNeg):
(JSC::FTL::Output::zeroExtPtr):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::isNull):
(JSC::FTL::Output::notNull):
(JSC::FTL::Output::testIsZeroPtr):
(JSC::FTL::Output::testNonZeroPtr):
(JSC::FTL::Output::call):
(JSC::FTL::Output::operation):
(JSC::FTL::Output::branch):
(JSC::FTL::Output::switchInstruction):
(JSC::FTL::Output::addIncomingToPhi):
(JSC::FTL::Output::framePointer): Deleted.
(JSC::FTL::Output::constBool): Deleted.
(JSC::FTL::Output::constInt32): Deleted.
(JSC::FTL::Output::constInt64): Deleted.
(JSC::FTL::Output::constDouble): Deleted.
(JSC::FTL::Output::phi): Deleted.
(JSC::FTL::Output::add): Deleted.
(JSC::FTL::Output::sub): Deleted.
(JSC::FTL::Output::mul): Deleted.
(JSC::FTL::Output::div): Deleted.
(JSC::FTL::Output::chillDiv): Deleted.
(JSC::FTL::Output::mod): Deleted.
(JSC::FTL::Output::chillMod): Deleted.
(JSC::FTL::Output::doubleAdd): Deleted.
(JSC::FTL::Output::doubleSub): Deleted.
(JSC::FTL::Output::doubleMul): Deleted.
(JSC::FTL::Output::doubleDiv): Deleted.
(JSC::FTL::Output::doubleMod): Deleted.
(JSC::FTL::Output::bitAnd): Deleted.
(JSC::FTL::Output::bitOr): Deleted.
(JSC::FTL::Output::bitXor): Deleted.
(JSC::FTL::Output::shl): Deleted.
(JSC::FTL::Output::aShr): Deleted.
(JSC::FTL::Output::lShr): Deleted.
(JSC::FTL::Output::ctlz32): Deleted.
(JSC::FTL::Output::addWithOverflow32): Deleted.
(JSC::FTL::Output::subWithOverflow32): Deleted.
(JSC::FTL::Output::mulWithOverflow32): Deleted.
(JSC::FTL::Output::addWithOverflow64): Deleted.
(JSC::FTL::Output::subWithOverflow64): Deleted.
(JSC::FTL::Output::mulWithOverflow64): Deleted.
(JSC::FTL::Output::doubleAbs): Deleted.
(JSC::FTL::Output::doubleCeil): Deleted.
(JSC::FTL::Output::doubleFloor): Deleted.
(JSC::FTL::Output::doubleSin): Deleted.
(JSC::FTL::Output::doubleCos): Deleted.
(JSC::FTL::Output::doublePow): Deleted.
(JSC::FTL::Output::doubleSqrt): Deleted.
(JSC::FTL::Output::doubleLog): Deleted.
(JSC::FTL::Output::signExt32To64): Deleted.
(JSC::FTL::Output::zeroExt): Deleted.
(JSC::FTL::Output::intToDouble): Deleted.
(JSC::FTL::Output::castToInt32): Deleted.
(JSC::FTL::Output::doubleToFloat): Deleted.
(JSC::FTL::Output::floatToDouble): Deleted.
(JSC::FTL::Output::equal): Deleted.
(JSC::FTL::Output::notEqual): Deleted.
(JSC::FTL::Output::above): Deleted.
(JSC::FTL::Output::aboveOrEqual): Deleted.
(JSC::FTL::Output::below): Deleted.
(JSC::FTL::Output::belowOrEqual): Deleted.
(JSC::FTL::Output::greaterThan): Deleted.
(JSC::FTL::Output::greaterThanOrEqual): Deleted.
(JSC::FTL::Output::lessThan): Deleted.
(JSC::FTL::Output::lessThanOrEqual): Deleted.
(JSC::FTL::Output::doubleEqual): Deleted.
(JSC::FTL::Output::doubleEqualOrUnordered): Deleted.
(JSC::FTL::Output::doubleNotEqualOrUnordered): Deleted.
(JSC::FTL::Output::doubleLessThan): Deleted.
(JSC::FTL::Output::doubleLessThanOrEqual): Deleted.
(JSC::FTL::Output::doubleGreaterThan): Deleted.
(JSC::FTL::Output::doubleGreaterThanOrEqual): Deleted.
(JSC::FTL::Output::doubleNotEqualAndOrdered): Deleted.
(JSC::FTL::Output::doubleLessThanOrUnordered): Deleted.
(JSC::FTL::Output::doubleLessThanOrEqualOrUnordered): Deleted.
(JSC::FTL::Output::doubleGreaterThanOrUnordered): Deleted.
(JSC::FTL::Output::doubleGreaterThanOrEqualOrUnordered): Deleted.
(JSC::FTL::Output::isZero32): Deleted.
(JSC::FTL::Output::notZero32): Deleted.
(JSC::FTL::Output::isZero64): Deleted.
(JSC::FTL::Output::notZero64): Deleted.
(JSC::FTL::Output::select): Deleted.
(JSC::FTL::Output::extractValue): Deleted.
(JSC::FTL::Output::jump): Deleted.
(JSC::FTL::Output::ret): Deleted.
(JSC::FTL::Output::unreachable): Deleted.
(JSC::FTL::Output::speculate): Deleted.
(JSC::FTL::Output::speculateAdd): Deleted.
(JSC::FTL::Output::speculateSub): Deleted.
(JSC::FTL::Output::speculateMul): Deleted.
(JSC::FTL::Output::patchpoint): Deleted.
(JSC::FTL::Output::trap): Deleted.
(JSC::FTL::Output::anchor): Deleted.
(JSC::FTL::Output::bitCast): Deleted.
(JSC::FTL::Output::fround): Deleted.

3:00 PM Changeset in webkit [202006] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Decrease PiP flicker by not removing window prematurely.
https://bugs.webkit.org/show_bug.cgi?id=158436
<rdar://problem/19052639>

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-06-13
Reviewed by Darin Adler.

UIWindow shouldn't be removed until cleanupFullscreen, so the video layer has a chance
to be reparented in the DOM first.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):

2:58 PM Changeset in webkit [202005] by achristensen@apple.com
  • 44 edits
    4 adds in trunk/Source

Add WebSocketProvider stub
https://bugs.webkit.org/show_bug.cgi?id=158702

Reviewed by Brady Eidson.

Source/WebCore:

No new tests. No change in behavior.

  • WebCore.xcodeproj/project.pbxproj:
  • dom/DocumentMarkerController.cpp:
  • dom/ScriptedAnimationController.cpp:
  • html/HTMLMediaElement.cpp:
  • html/MediaDocument.cpp:
  • html/shadow/MediaControlElements.cpp:
  • html/shadow/MediaControls.cpp:
  • html/shadow/MediaControls.h:
  • html/shadow/MediaControlsApple.cpp:
  • inspector/InspectorInstrumentation.cpp:
  • inspector/InspectorInstrumentation.h:
  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::overlayPage):

  • loader/EmptyClients.h:
  • loader/FrameLoader.cpp:
  • loader/FrameLoader.h:
  • loader/appcache/ApplicationCacheHost.cpp:
  • loader/cache/CachedResource.cpp:
  • page/FrameView.cpp:
  • page/Page.cpp:

(WebCore::Page::Page):

  • page/Page.h:

(WebCore::Page::applicationCacheStorage):
(WebCore::Page::databaseProvider):
(WebCore::Page::socketProvider):
(WebCore::Page::storageNamespaceProvider):

  • page/PageConfiguration.cpp:

(WebCore::PageConfiguration::PageConfiguration):

  • page/PageConfiguration.h:
  • page/ResourceUsageOverlay.cpp:
  • page/SocketProvider.h: Added.

(WebCore::SocketProvider::~SocketProvider):

  • page/cocoa/ResourceUsageOverlayCocoa.mm:
  • rendering/RenderElement.cpp:
  • rendering/RenderLayerBacking.cpp:
  • style/StyleResolveForDocument.cpp:
  • style/StyleTreeResolver.cpp:
  • svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::dataChanged):

  • testing/MockPageOverlayClient.cpp:

Source/WebKit:

  • WebKit.xcodeproj/project.pbxproj:

Source/WebKit/mac:

  • Misc/WebSocketProvider.h: Added.
  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):

Source/WebKit/win:

  • WebSocketProvider.h: Added.
  • WebView.cpp:

(WebView::initWithFrame):

Source/WebKit2:

  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/Network/WebSocketProvider.h: Added.
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::m_shouldDispatchFakeMouseMoveEvents):

Source/WTF:

  • wtf/UniqueRef.h:

(WTF::UniqueRef::operator->):
(WTF::UniqueRef::operator T&):
(WTF::UniqueRef::operator const T&):
Added operator T& to avoid unneeded .get() calls.

2:55 PM Changeset in webkit [202004] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, Cloop build fix.

  • bytecode/BytecodeList.json:
2:05 PM Changeset in webkit [202003] by keith_miller@apple.com
  • 32 edits
    1 add in trunk/Source/JavaScriptCore

Add new builtin opcode tailCallForwardArguments
https://bugs.webkit.org/show_bug.cgi?id=158666

Reviewed by Filip Pizlo.

We should support the ability to have a builtin forward its
arguments to a helper without allocating an arguments object. This
patch adds a new bytecode intrinsic @tailCallForwardArguments that
takes two values. The first is the target of the call and the
second is the new this value. This opcode will tail call to the
passed function without triggering an allocation of an arguments
object for the caller function.

In the LLInt and Baseline this function acts the same way a normal
tail call does. The bytecode will allocate a new stack frame
copying all the arguments of the caller function into the new
frame, along with the new this. Then when the actual call happens
the new frame is copied over the caller frame. While this is not
necessary, it allows the target function to have more arguments
than the caller function via arity fixup.

Once we get to the DFG we reuse existing DFG Nodes for forwarding
arguments, although there were some minor changes. This patch
swaps the meaning of the second and third children for each DFG
varargs node, exchanging the argmuments and this child,
respectively. It also makes the arguments child for each varargs
node, as well as the ForwardVarargs node optional. If the optional
child is missing, then forwarding node assumes that the arguments
for the node's inlineCallFrame should be used instead. Finally,
when inlining the target of an inlined
op_tail_call_forward_arguments we make sure the arguments of the
forwarding function are marked as non-unboxable since this would
normally be done by the caller's create arguments object node,
which does not exist in this case.

  • bytecode/BytecodeIntrinsicRegistry.h:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
(JSC::BytecodeGenerator::emitCallVarargs):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::BytecodeIntrinsicNode::emit_intrinsic_tailCallForwardArguments):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById):

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasArgumentsChild):
(JSC::DFG::Node::argumentsChild):

  • dfg/DFGPreciseLocalClobberize.h:

(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileForwardVarargs):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

  • dfg/DFGVarargsForwardingPhase.cpp:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):

  • interpreter/Interpreter.cpp:

(JSC::sizeFrameForForwardArguments):
(JSC::setupForwardArgumentsFrame):
(JSC::setupForwardArgumentsFrameAndSetThis):

  • interpreter/Interpreter.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileSetupVarargsFrame):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_tail_call_forward_arguments):
(JSC::JIT::emitSlow_op_tail_call_forward_arguments):

  • jit/JITCall32_64.cpp:

(JSC::JIT::emitSlow_op_tail_call_forward_arguments):
(JSC::JIT::emit_op_tail_call_forward_arguments):
(JSC::JIT::compileSetupVarargsFrame):
(JSC::JIT::compileOpCall):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::varargsSetup):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • tests/stress/tailCallForwardArguments.js: Added.

(putFuncToPrivateName.createBuiltin):
(putFuncToPrivateName):
(createTailCallForwardingFuncWith):
(baz):
(baz2):
(baz3):
(let.bodyText):
(baz4):
(baz5):
(arrayEq):

1:06 PM Changeset in webkit [202002] by commit-queue@webkit.org
  • 12 edits in trunk

Make HashMap and HashSet work with Refs
https://bugs.webkit.org/show_bug.cgi?id=158638

Patch by Sam Weinig <sam@webkit.org> on 2016-06-13
Reviewed by Darin Adler.

Source/WTF:

  • wtf/GetPtr.h:

Move HashTableDeletedValueType and HashTableEmptyValueType here, as they are now shared
by more than one smart pointer. This file should probably be renamed to something else
at some point to indicate that it contains helpers for pointer and ref related functionality.

  • wtf/HashFunctions.h:

Add a DefaultHash for Refs. Customize the PtrHash to indicate that it is not safe to compare
to empty or deleted Refs.

  • wtf/HashMap.h:

(WTF::HashMapTranslator::equal):
(WTF::HashMapTranslator::translate):
(WTF::HashMapEnsureTranslator::equal):
(WTF::HashMapEnsureTranslator::translate):

  • wtf/HashSet.h:

(WTF::IdentityExtractor::extract):
(WTF::HashSetTranslator::hash):
(WTF::HashSetTranslator::equal):
(WTF::HashSetTranslator::translate):

  • wtf/HashTable.h:

(WTF::IdentityHashTranslator::hash):
(WTF::IdentityHashTranslator::equal):
(WTF::IdentityHashTranslator::translate):
Use the new assignToEmpty trait function to allow uninitialized Ref's to be safely assigned to.

  • wtf/HashTraits.h:

(WTF::HashTraits<Ref<P>>::emptyValue):
(WTF::HashTraits<Ref<P>>::isEmptyValue):
(WTF::HashTraits<Ref<P>>::assignToEmpty):
(WTF::HashTraits<Ref<P>>::peek):
(WTF::HashTraits<Ref<P>>::customDeleteBucket):
Add custom HashTraits for Ref. Also, introduce a new trait function, assignToEmpty, for use
in translation assignments. This is necessary since the default assignment operator for Ref
will not allow assignment to the empty Ref, which we need to do here.

  • wtf/Ref.h:

(WTF::Ref::operator=):
(WTF::Ref::Ref):
(WTF::Ref::isHashTableDeletedValue):
(WTF::Ref::hashTableDeletedValue):
(WTF::Ref::isHashTableEmptyValue):
(WTF::Ref::hashTableEmptyValue):
Add explicit constructors/predicates for making deleted/empty Refs.

(WTF::Ref::assignToHashTableEmptyValue):
Add a special function that allows assignment to an empty Ref, which the
assignment operator does not.

(WTF::IsSmartPtr):
Add an IsSmartPtr override to indicate that Ref is a smart pointer.

  • wtf/RefPtr.h:

Move HashTableDeletedValueType to GetPtr.h.

Tools:

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WTF/HashSet.cpp:

(TestWebKitAPI::TEST):
Add tests for using Refs in HashMaps (both as key and value) and HashSets.

12:47 PM Changeset in webkit [202001] by rniwa@webkit.org
  • 9 edits
    3 adds in trunk/Websites/perf.webkit.org

Invalid token error when trying to create an A/B analysis for a range
https://bugs.webkit.org/show_bug.cgi?id=158679

Reviewed by Chris Dumez.

The problem in this particular case was due to another website overriding cookies for our subdomain.
Make PrivilegedAPI robust against its token becoming invalid in general to fix the bug since the cookie
is only available under /privileged-api/ and the v3 UI can't access it for security reasons.

This patch factors out PrivilegedAPI out of remote.js so that it can be tested separately in server tests
as well as unit tests even though RemoteAPI itself is implemented differently in each case.

  • init-database.sql: Added a forgotten default value "false" to run_marked_outlier.
  • public/v3/index.html:
  • public/v3/privileged-api.js: Added. Extracted out of public/v3/remote.js.

(PrivilegedAPI.sendRequest): Fixed the bug. When the initial request fails with "InvalidToken" error,
re-generate the token and re-issue the request.
(PrivilegedAPI.requestCSRFToken):

  • public/v3/remote.js:

(RemoteAPI.postJSON): Added to match tools/js/remote.js.
(RemoteAPI.postJSONWithStatus): Ditto.
(PrivilegedAPI): Moved to privileged-api.js.

  • server-tests/api-measurement-set-tests.js: Removed the unused require for crypto.
  • server-tests/privileged-api-upate-run-status.js: Added tests for /privileged-api/update-run-status.
  • server-tests/resources/test-server.js:

(TestServer.prototype.inject): Clear the cookies as well as tokens in PrivilegedAPI.

  • tools/js/remote.js:

(RemoteAPI): Added the support for PrivilegedAPI by making cookie set by the server persist.
(RemoteAPI.prototype.clearCookies): Added for tests.
(RemoteAPI.prototype.postJSON): Make sure sendHttpRequest always sends a valid JSON.
(RemoteAPI.prototype.postJSONWithStatus): Added since this API is used PrivilegedAPI.
(RemoteAPI.prototype.sendHttpRequest): Retain the cookie set by the server and send it back in each request.

  • tools/js/v3-models.js:
  • unit-tests/privileged-api-tests.js: Added unit tests for PrivilegedAPI.
  • unit-tests/resources/mock-remote-api.js:

(MockRemoteAPI.postJSON): Added for unit testing.
(MockRemoteAPI.postJSONWithStatus): Ditto.

12:40 PM Changeset in webkit [202000] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

/admin/tests is very slow
https://bugs.webkit.org/show_bug.cgi?id=158682

Reviewed by Chris Dumez.

The slowness came from TestNameResolver::construct, which was fetching the entire table of test_configurations,
which at this point contains more than 32,000 rows. Don't fetch the entire table in the constructor. Instead,
fetch a subset of rows as needed in configurations_for_metric_and_platform. Even though this results in many SQL
queries being issued, that's a lot more efficient in practice because we only fetch a few dozen rows in practice.

Also removed a whole bunch of features from /admin/tests to simplify the page. In particular, the ability to update
the list of triggerables has been removed now that sync-buildbot.js automatically updates that for us. This removed
the last use of test_exists_on_platform, which was also dependent on fetching test_configurations upfront.

  • public/admin/tests.php:
  • public/include/test-name-resolver.php:

(TestNameResolver::construct): Don't fetch the entire table of test_configurations.
(TestNameResolver::configurations_for_metric_and_platform): Just issue a SQL query for the specified platform and metric.
(TestNameResolver::test_exists_on_platform): Removed.

12:39 PM Changeset in webkit [201999] by adam.bergkvist@ericsson.com
  • 2 edits
    2 adds in trunk/LayoutTests

WebRTC: Add test that verifies that RTCPeerConnection.addTrack can reuse an existing RTCRtpSender
https://bugs.webkit.org/show_bug.cgi?id=158621

Reviewed by Eric Carlson.

Add test to verify that RTCPeerConnection.addTrack reuses an existing RTCRtpSender
under the right circumstances.

  • fast/mediastream/RTCPeerConnection-addTrack-reuse-sender-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-addTrack-reuse-sender.html: Added.
  • platform/mac/TestExpectations:

The mac port is not building with WEB_RTC yet.

12:38 PM Changeset in webkit [201998] by adam.bergkvist@ericsson.com
  • 2 edits
    2 adds in trunk/LayoutTests

WebRTC: Add media setup test with complete offer/answer dialog
https://bugs.webkit.org/show_bug.cgi?id=158620

Reviewed by Eric Carlson.

Test a complete SDP offer/answer dialog between two RTCPeerConnection instances in the same
page. Media is set up in both direction with a single dialog. Check the local- and
remoteDescription attributes and the RTCPeerConnection states.

  • fast/mediastream/RTCPeerConnection-media-setup-single-dialog-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-media-setup-single-dialog.html: Added.
  • platform/mac/TestExpectations:

The mac port is not building with WEB_RTC yet.

11:56 AM Changeset in webkit [201997] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask.
<rdar://problem/26768449> and https://bugs.webkit.org/show_bug.cgi?id=158696

Reviewed by David Kilzer.

No new tests (Covered by all existing tests in Gmalloc/ASAN configs).

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
(WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):

11:08 AM Changeset in webkit [201996] by fpizlo@apple.com
  • 2 edits in trunk/PerformanceTests

Fix round-down goof in Air.js's ShuffleCustom.forEachArg
https://bugs.webkit.org/show_bug.cgi?id=158674

Reviewed by Michael Saboff.

x / 3 * 3 is not how you round down to multiples of 3 in JavaScript. You need to do
Math.floor(x / 3) * 3 instead.

This is a benign change, because having extra arguments to a Shuffle is not something we
actually take advantage of yet. But I think it's best to match the original C++ code's
intent.

  • Air.js/custom.js:

(const.ShuffleCustom.forEachArg):

10:32 AM Changeset in webkit [201995] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Modern IDB: IDBOpenDBRequest objects leak.
https://bugs.webkit.org/show_bug.cgi?id=158694

Reviewed by Alex Christensen.

No new tests (Currently have no testing strategy for guaranteeing lifetime of WebCore DOM objects)

  • Modules/indexeddb/client/IDBConnectionProxy.cpp:

(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): At this point we never need the

request again, so remove it from the map.

10:28 AM Changeset in webkit [201994] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

Make sure HTTPHeaderMap gets a move constructor / assignment operator
https://bugs.webkit.org/show_bug.cgi?id=158695
<rdar://problem/26729511>

Reviewed by Alex Christensen.

Make sure HTTPHeaderMap gets a move constructor / assignment operator.
It was not getting an implicit one because of its user-declared
destructor. This patch drops the user-declared destructor so that
HTTPHeaderMap now gets an implicit move constructor / assignment
operator.

Not having a move constructor / assignment operator is an issue because
we rely on HTTPHeaderMap::isolatedCopy() / WTFMove() since r201623 to
pass HTTPHeaderMap across thread.

  • platform/network/HTTPHeaderMap.cpp:

(WebCore::HTTPHeaderMap::~HTTPHeaderMap): Deleted.

  • platform/network/HTTPHeaderMap.h:
9:52 AM Changeset in webkit [201993] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, follow up patch for r201964
https://bugs.webkit.org/show_bug.cgi?id=158619

Fix typo in the comment.

  • runtime/MathCommon.h:

(JSC::toInt32):

9:46 AM Changeset in webkit [201992] by nael.ouedraogo@crf.canon.fr
  • 2 edits in trunk/Source/WebCore

Remove useless parameter from GenerateParametersCheck signature
https://bugs.webkit.org/show_bug.cgi?id=158692

Reviewed by Chris Dumez.

Remove one parameter which is passed to GenerateParametersCheck
but never used in the caller code.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):
(GenerateParametersCheck):
(GenerateConstructorDefinition):

9:27 AM Changeset in webkit [201991] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WTF

Stack overflow at RefPtr::release on Windows port since r201782
https://bugs.webkit.org/show_bug.cgi?id=158687

Patch by Fujii Hironori <Fujii Hironori> on 2016-06-13
Reviewed by Chris Dumez.

RefPtr::release calls RefPtr::RefPtr, and RefPtr::RefPtr calls
RefPtr::release.

RefPtr::RefPtr does not need to call RefPtr::release.

  • wtf/RefPtr.h:

(WTF::RefPtr::RefPtr): Do not call RefPtr::release.

8:53 AM Changeset in webkit [201990] by mark.lam@apple.com
  • 14 edits in trunk

Add a mechanism for collecting LLINT stats.
https://bugs.webkit.org/show_bug.cgi?id=158668

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch will add a mechanism for collecting the stats on LLINT opcode
execution counts. The changes made to enable this are:

  1. Refactored how Options availability work so that we can add a new category: Configurable (in addition to the pre-existing Normal and Restricted availability).

Normal options - always available.
Restricted options - only available on debug builds.
Configurable options - depends on #define flag options.

This change is necessary so that:

  1. we won't have to rebuild the world when we want to enable that #define flag to make that Configurable option available.
  2. when the #define flag is disabled, the option will be invisible to the user.

With this, we add our first configurable option, JSC_reportLLIntStats, which
is dependent on the ENABLE_LLINT_STATS flag. See next.

  1. Added the ENABLE_LLINT_STATS flag in LLIntCommon.h. To enable LLINT stats collection, we'll need to set this flag to a non-zero value, and rebuilding the project. By design, this will only require a minimal set of files to be rebuilt.

ENABLE_LLINT_STATS is 0 (i.e. disabled) by default.

  1. Added a slow path callback to the LLINT's traceExecution() macro, to call _llint_count_opcode(), which in turns counts the opcode. This callback will only be built into the LLINT if ENABLE_LLINT_STATS is non-zero.
  1. Added s_opcodeStatsArray to LLInt::Data. This is where the stats are recorded and stored.
  1. Added calls to LLInt::Data::dumpStats() in jsc.cpp and DumpRenderTree.mm to dump the LLINT stats if enabled. If enabled, the LLINT stats will be sorted and dumped (via dataLog) before the programs terminate.
  • interpreter/Interpreter.h:
  • jsc.cpp:

(main):

  • llint/LLIntCommon.h:
  • llint/LLIntData.cpp:

(JSC::LLInt::initialize):
(JSC::LLInt::Data::dumpStats):

  • llint/LLIntData.h:

(JSC::LLInt::Data::opcodeStats):

  • llint/LLIntOfflineAsmConfig.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_crash):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • runtime/Options.cpp:

(JSC::parse):
(JSC::Options::isAvailable):
(JSC::overrideOptionWithHeuristic):
(JSC::scaleJITPolicy):
(JSC::Options::initialize):
(JSC::Options::setOptionWithoutAlias):
(JSC::Options::dumpAllOptions):
(JSC::Options::dumpOption):

  • runtime/Options.h:

(JSC::Option::Option):
(JSC::Option::operator!=):
(JSC::Option::id):

Tools:

  • DumpRenderTree/mac/DumpRenderTree.mm:

(DumpRenderTreeMain):

7:10 AM Changeset in webkit [201989] by commit-queue@webkit.org
  • 6 edits in trunk

[GTK] Enabling Shadow DOM by default
https://bugs.webkit.org/show_bug.cgi?id=158686

Patch by Romain Bellessort <romain.bellessort@crf.canon.fr> on 2016-06-13
Reviewed by Carlos Garcia Campos.

.:

Added support for enabling Shadow DOM by default for GTK.

  • Source/cmake/OptionsGTK.cmake:

Tools:

Added support for enabling Shadow DOM by default for GTK.
Changed GTK test expectations for fast/shadow-dom tests (most tests
pass).

  • Scripts/webkitperl/FeatureList.pm:

LayoutTests:

Changed GTK test expectations for fast/shadow-dom tests (most tests
pass).

  • platform/gtk/TestExpectations:
6:40 AM Changeset in webkit [201988] by nael.ouedraogo@crf.canon.fr
  • 9 edits in trunk/Source/WebCore

Improve code generator for functions with variadic parameters
https://bugs.webkit.org/show_bug.cgi?id=158529

Reviewed by Darin Adler.

JS bindings code of functions with variadic parameters is improved.

Functions with variadic parameters are skipped for ObjC and GObject code generators.

  • bindings/scripts/CodeGeneratorGObject.pm:

(SkipFunction): Skip functions with variadic parameters.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck):

  • bindings/scripts/CodeGeneratorObjC.pm:

(SkipFunction): Skip functions with variadic parameters.

  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

(webkit_dom_test_obj_any): Deleted.
(webkit_dom_test_obj_attach_shadow_root): Deleted.
(webkit_dom_test_obj_get_read_only_long_attr): Deleted.
(webkit_dom_test_obj_get_read_only_string_attr): Deleted.

  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
(WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
(WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):

  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:
2:06 AM Changeset in webkit [201987] by peavo@outlook.com
  • 2 edits in trunk/LayoutTests

Unreviewed test gardening.

Unskip passing fast/workers tests.

  • platform/win/TestExpectations:
Note: See TracTimeline for information about the timeline view.