Timeline



Jul 18, 2016:

11:50 PM Changeset in webkit [203399] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

All-in-one buildfix after r202439
https://bugs.webkit.org/show_bug.cgi?id=159877

Reviewed by Chris Dumez.

  • Modules/webaudio/AudioDestinationNode.h:

(WebCore::AudioDestinationNode::resume):
(WebCore::AudioDestinationNode::suspend):
(WebCore::AudioDestinationNode::close):

11:50 PM Changeset in webkit [203398] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

Fix the --minimal build fail in InjectedBundle.cpp
https://bugs.webkit.org/show_bug.cgi?id=159770

Reviewed by Benjamin Poulain.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:
10:55 PM Changeset in webkit [203397] by bshafiei@apple.com
  • 5 edits in branches/safari-602-branch/Source

Versioning.

10:42 PM Changeset in webkit [203396] by fred.wang@free.fr
  • 8 edits
    1 copy
    1 add in trunk/Source/WebCore

Move parsing of subscriptshift and superscriptshift from rendering to element classes
https://bugs.webkit.org/show_bug.cgi?id=159622

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-18
Reviewed by Darin Adler.

We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
attribute parsing to the DOM (bug 156536).

No new tests, rendering is unchanged.

  • CMakeLists.txt: Add MathMLScriptsElement files.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • mathml/MathMLAllInOne.cpp: Ditto.
  • mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.

(WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.

  • mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting

parsing for the subscriptshift and superscriptshift MathML lengths.
(WebCore::MathMLScriptsElement::MathMLScriptsElement):
(WebCore::MathMLScriptsElement::create):
(WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
parsing the attribute again if necessary.
(WebCore::MathMLScriptsElement::superscriptShift): Ditto.
(WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
(WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.

  • mathml/MathMLScriptsElement.h: Ditto.
  • mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
  • rendering/mathml/RenderMathMLScripts.cpp:

(WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
MathMLScriptsElement.
(WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
using the functions from the MathMLScriptsElement class.

  • rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
10:36 PM Changeset in webkit [203395] by fred.wang@free.fr
  • 3 edits in trunk/Source/WebCore

Do not store gap and shift parameters on RenderMathMLFraction
https://bugs.webkit.org/show_bug.cgi?id=159876

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-18
Reviewed by Darin Adler.

After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
do not need to store them on the class. We remove them and split updateLayoutParameters into
three functions: one to update the linethickness and two others to retrieve the fraction and
stack respectively.

No new tests, rendering is unchanged.

  • rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
(WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
(WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
(WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
for fraction and stack parameters.
(WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.

  • rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members

for stack and fraction parameters.

10:22 PM MathML/Fonts edited by fred.wang@free.fr
(diff)
9:45 PM Changeset in webkit [203394] by Chris Dumez
  • 11 edits
    4 adds in trunk

input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
https://bugs.webkit.org/show_bug.cgi?id=159908

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

input.formEnctype / formMethod and button.formEnctype / formMethod / type
should treat null as "null" String:

In WebKit, we would treat null as a null String which would end up
removing the corresponding attribute. This does not match the
specification. Firefox and Chrome match the specification here.

Tests:

  • fast/dom/HTMLButtonElement/null-handling.html
  • fast/dom/HTMLInputElement/null-handling.html
  • html/HTMLButtonElement.idl:
  • html/HTMLInputElement.idl:

LayoutTests:

Add layout test coverage.

  • fast/dom/HTMLButtonElement/change-type-expected.txt:
  • fast/dom/HTMLButtonElement/change-type.html:
  • fast/dom/HTMLButtonElement/null-handling-expected.txt: Added.
  • fast/dom/HTMLButtonElement/null-handling.html: Added.
  • fast/dom/HTMLInputElement/null-handling-expected.txt: Added.
  • fast/dom/HTMLInputElement/null-handling.html: Added.
  • fast/forms/submit-form-attributes-expected.txt:
  • fast/forms/submit-form-attributes.html:
7:45 PM Changeset in webkit [203393] by commit-queue@webkit.org
  • 25 edits in trunk

Make builtin TypeErrors consistent
https://bugs.webkit.org/show_bug.cgi?id=159899

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-07-18
Reviewed by Keith Miller.

Source/JavaScriptCore:

Converge on the single TypeError for non-coercible this objects in builtins.
Also update some other style to be more consistent with-in builtins.

  • builtins/ArrayIteratorPrototype.js:

(next):

  • builtins/ArrayPrototype.js:

(values):
(keys):
(entries):
(reduce):
(reduceRight):
(every):
(forEach):
(filter):
(map):
(some):
(fill):
(find):
(findIndex):
(includes):
(sort):
(concatSlowPath):
(copyWithin):

  • builtins/StringPrototype.js:

(match):
(repeat):
(padStart):
(padEnd):
(intrinsic.StringPrototypeReplaceIntrinsic.replace):
(localeCompare):
(search):
(split):

  • tests/es6/String.prototype_methods_String.prototype.padEnd.js:
  • tests/es6/String.prototype_methods_String.prototype.padStart.js:
  • tests/stress/array-iterators-next-error-messages.js:

(catch):

  • tests/stress/array-iterators-next-with-call.js:
  • tests/stress/regexp-match.js:

(shouldThrow):

  • tests/stress/regexp-search.js:

(shouldThrow):

LayoutTests:

  • js/array-find-expected.txt:
  • js/array-findIndex-expected.txt:
  • js/array-includes-expected.txt:
  • js/dom/array-prototype-properties-expected.txt:
  • js/dom/script-tests/string-prototype-properties.js:
  • js/dom/string-prototype-properties-expected.txt:
  • js/script-tests/array-find.js:
  • js/script-tests/array-findIndex.js:
  • js/script-tests/string-localeCompare.js:
  • js/string-localeCompare-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
7:02 PM Changeset in webkit [203392] by achristensen@apple.com
  • 5 edits in trunk/Source

webbookmarksd needs to use the same AppCache directory as MobileSafari
https://bugs.webkit.org/show_bug.cgi?id=159912
Source/WebCore:

Reviewed by Alexey Proskuryakov.

No new tests. This only changes behavior for webbookmarksd.

  • platform/RuntimeApplicationChecks.h:
  • platform/RuntimeApplicationChecks.mm:

(WebCore::IOSApplication::isWebBookmarksD): Added.

Source/WebKit2:

<rdar://problem/27056844>

Reviewed by Alexey Proskuryakov.

  • UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultApplicationCacheDirectory):
Make webbookmarksd match MobileSafari by adding a matching runtime exception.

6:18 PM Changeset in webkit [203391] by Chris Dumez
  • 11 edits in trunk

EventTarget.dispatchEvent() parameter should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=159897

Reviewed by Benjamin Poulain.

Source/WebCore:

EventTarget.dispatchEvent() parameter should not be nullable:

Even though the parameter was marked as nullable in our IDL, our
implementation does a null check and we already throw a TypeError
when calling dispatchEvent(null).

Update our IDL so that it matches the specification and so that
the null check is generated in the bindings instead.

No new tests, rebaseline existing tests.

  • dom/EventTarget.cpp:

(WebCore::EventTarget::dispatchEventForBindings):

  • dom/EventTarget.h:
  • dom/EventTarget.idl:

LayoutTests:

Update layout tests as the message of the TypeError exception being
thrown when calling dispatchEvent(null) is now more helpful.

  • fast/dom/Window/dispatchEvent-expected.txt:
  • fast/events/dispatchEvent-crash-expected.txt:
6:16 PM Changeset in webkit [203390] by fpizlo@apple.com
  • 52 edits
    6 adds
    2 deletes in trunk

Implement table-based switches in B3/Air
https://bugs.webkit.org/show_bug.cgi?id=151141

Reviewed by Benjamin Poulain.
Source/JavaScriptCore:

If a switch statement gets large, it's better to express it as an indirect jump rather than
using a binary switch (divide-and-conquer tree of comparisons leading to O(log n) branches to
get to the switch case). When dealing with integer switches, FTL will already use the B3
Switch and expect this to get lowered as efficiently as possible; it's a bug that B3 will
always use a binary switch rather than indirect jumps. When dealing with switches over some
more sophisticated types, we'd want FTL to build an indirect jump table itself and use
something like a hashtable to feed it. In that case, there will be no B3 Switch; we'll want
some way for the FTL to directly express an indirection jump when emitting B3.

This implies that we want B3 to have the ability to lower Switch to indirect jumps and to
expose those indirect jumps in IR so that the FTL could do its own indirect jumps for
switches over more complicated things like strings. But indirect jumps are tough to express
in IR. For example, the LLVM approach ("indirectbr" and "blockaddress", see
http://blog.llvm.org/2010/01/address-of-label-and-indirect-branches.html) means that some
control flow edges cannot be split. Indirectbr takes an address as input and jumps to it, and
blockaddress lets you build jump tables out of basic block addresses. This means that the
compiler can never change any successor of an indirectbr, since the client will have already
arranged for that indirectbr to jump to exactly those successors. We don't want such
restrictions in B3, since B3 relies on being able to break critical edges for SSA conversion.
Also, indirectbr is not cloneable, which would break any hope of doing specialization-based
transformations like we want to do for multiple entrypoints (bug 159391). The goal of this
change is to let clients do indirect jumps without placing any restrictions on IR.

The trick is to allow Patchpoints to be used as block terminals. Patchpoints already allow
clients of B3 to emit whatever code they like. Patchpoints are friendly to B3's other
transformations because the client of the patchpoint has to play along with whatever
decisions B3 had made around the patchpoint: what registers got used, what the control flow
looks like, etc. Patchpoints can even be cloned by B3, and the client has to accommodate this
in their patchpoint generator. It turns out that using Patchpoints as terminals is quite
natural. We accomplish this by moving the successor edges out of ControlValue and into
BasicBlock, and removing ControlValue entirely. This way, any Value subclass can be a
terminal. It was already true that a Value is a terminal if value->effects().terminal, which
works great with Patchpoints since they control their effects via PatchpointValue::effects.
You can make your Patchpoint into a terminal by placing it at the end of a block and doing:

patchpoint->effects.terminal = true;

A Patchpoints in terminal position gets access to additional API in StackmapGenerationParams.
The generator can get a Box<Label> for each successor to its owning block. For example, to
implement a jump-table-based switch, you would make your patchpoint take the table index as
its sole input. Inside the generator, you allocate the jump table and emit a BaseIndex jump
that uses the jump table pointer (which will be a constant known to the generator since it
just allocated it) as the base and the patchpoint input as an index. The jump table can be
populated by MacroAssemblerCodePtr's computed by installing a link task to resolve the labels
to concrete locations. This change makes LowerMacros do such a lowering for Switches that can
benefit from jump tables. This happens recursively: if the original Switch is too sparse, we
will divide-and-conquer as before. If at any recursion step we find that the remaining cases
are dense and large enough to profit from a jump table, then those cases will be lowered to a
Patchpoint that does the table jump. This is a fun way to do stepwise lowering: LowerMacros
is essentially pre-lowering the Switch directly to machine code, and wrapping that machine
code in a Patchpoint so that the rest of the compiler doesn't have to know anything about
what happened. I suspect that in the future we will want to do other pre-lowerings this way,
whenever the B3 IR phases have some special knowledge about what machine code should be
emitted and it would be annoying to drag that knowledge through the rest of the compiler.

One downside of this change is that we used ControlValue in so many places. Most of this
patch involves removing references to ControlValue. It would be less than 100kb if it wasn't
for that. To make this a bit easier, I added "appendNewControlValue" methods to BasicBlock,
which allocate a Value and set the successors as if you had done "appendNew<ControlValue>".
This made for an easy search-and-replace in testb3 and FTLOutput. I filed bug 159440 to
remove this ugly stopgap method.

I think that we will also end up using this facility to extend our use of snippets. We
already use shared snippet generators for the generic forms of arithmetic. We will probably
also want to do this for generic forms of branches. This wouldn't have been possible prior to
this change, since there would have been no way to emit a control snippet in FTL. Now we can
emit control snippets using terminal patchpoints.

This is a ~30% speed-up on microbenchmarks that have big switch statements (~60 cases). It's
not a speed-up on mainstream benchmarks.

This also adds a new test to testb3 for terminal Patchpoints, Get, and Set. The FTL does not
currently use terminal Patchpoints directly, but we want this to be possible. It also doesn't
use Get/Set directly even though we want this to be possible. It's important to test these
since opcodes that result from lowering don't affect early phases, so we could have
regressions in early phases related to these opcodes that wouldn't be caught by any JS test.
So, this adds a very basic threaded interpreter to testb3 for a Brainfuck-style language, and
tests it by having it run a program that prints the numbers 1..100 in a loop. Unlike a real
threaded interpreter, it uses a common dispatch block rather than having dispatch at the
terminus of each opcode. That's necessary because PolyJump is not cloneable. The state of the
interpreter is represented using Variables that we Get and Set, so it tests Get/Set as well.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::jump):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::jump):

  • assembler/X86Assembler.h:

(JSC::X86Assembler::jmp_m):

  • b3/B3BasicBlock.cpp:

(JSC::B3::BasicBlock::append):
(JSC::B3::BasicBlock::appendNonTerminal):
(JSC::B3::BasicBlock::removeLast):
(JSC::B3::BasicBlock::appendIntConstant):
(JSC::B3::BasicBlock::clearSuccessors):
(JSC::B3::BasicBlock::appendSuccessor):
(JSC::B3::BasicBlock::setSuccessors):
(JSC::B3::BasicBlock::replaceSuccessor):
(JSC::B3::BasicBlock::addPredecessor):
(JSC::B3::BasicBlock::deepDump):
(JSC::B3::BasicBlock::appendNewControlValue):

  • b3/B3BasicBlock.h:

(JSC::B3::BasicBlock::numSuccessors):
(JSC::B3::BasicBlock::successor):
(JSC::B3::BasicBlock::successors):
(JSC::B3::BasicBlock::successorBlock):
(JSC::B3::BasicBlock::successorBlocks):
(JSC::B3::BasicBlock::numPredecessors):
(JSC::B3::BasicBlock::predecessor):
(JSC::B3::BasicBlock::frequency):

  • b3/B3BasicBlockInlines.h:

(JSC::B3::BasicBlock::replaceLastWithNew):
(JSC::B3::BasicBlock::taken):
(JSC::B3::BasicBlock::notTaken):
(JSC::B3::BasicBlock::fallThrough):
(JSC::B3::BasicBlock::numSuccessors): Deleted.
(JSC::B3::BasicBlock::successor): Deleted.
(JSC::B3::BasicBlock::successors): Deleted.
(JSC::B3::BasicBlock::successorBlock): Deleted.
(JSC::B3::BasicBlock::successorBlocks): Deleted.

  • b3/B3BlockInsertionSet.cpp:

(JSC::B3::BlockInsertionSet::splitForward):

  • b3/B3BreakCriticalEdges.cpp:

(JSC::B3::breakCriticalEdges):

  • b3/B3CaseCollection.cpp: Added.

(JSC::B3::CaseCollection::dump):

  • b3/B3CaseCollection.h: Added.

(JSC::B3::CaseCollection::CaseCollection):
(JSC::B3::CaseCollection::operator[]):
(JSC::B3::CaseCollection::iterator::iterator):
(JSC::B3::CaseCollection::iterator::operator*):
(JSC::B3::CaseCollection::iterator::operator++):
(JSC::B3::CaseCollection::iterator::operator==):
(JSC::B3::CaseCollection::iterator::operator!=):
(JSC::B3::CaseCollection::begin):
(JSC::B3::CaseCollection::end):

  • b3/B3CaseCollectionInlines.h: Added.

(JSC::B3::CaseCollection::fallThrough):
(JSC::B3::CaseCollection::size):
(JSC::B3::CaseCollection::at):

  • b3/B3CheckSpecial.cpp:

(JSC::B3::CheckSpecial::CheckSpecial):
(JSC::B3::CheckSpecial::hiddenBranch):

  • b3/B3Common.h:

(JSC::B3::is64Bit):

  • b3/B3ControlValue.cpp: Removed.
  • b3/B3ControlValue.h: Removed.
  • b3/B3DataSection.cpp:

(JSC::B3::DataSection::DataSection):

  • b3/B3DuplicateTails.cpp:
  • b3/B3FixSSA.cpp:
  • b3/B3FoldPathConstants.cpp:
  • b3/B3LowerMacros.cpp:
  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::run):
(JSC::B3::Air::LowerToAir::lower):

  • b3/B3MathExtras.cpp:

(JSC::B3::powDoubleInt32):

  • b3/B3Opcode.h:

(JSC::B3::isConstant):
(JSC::B3::isDefinitelyTerminal):

  • b3/B3PatchpointSpecial.cpp:

(JSC::B3::PatchpointSpecial::generate):
(JSC::B3::PatchpointSpecial::isTerminal):
(JSC::B3::PatchpointSpecial::dumpImpl):

  • b3/B3PatchpointSpecial.h:
  • b3/B3Procedure.cpp:

(JSC::B3::Procedure::resetReachability):

  • b3/B3Procedure.h:

(JSC::B3::Procedure::lastPhaseName):
(JSC::B3::Procedure::byproducts):

  • b3/B3ReduceStrength.cpp:
  • b3/B3StackmapGenerationParams.cpp:

(JSC::B3::StackmapGenerationParams::unavailableRegisters):
(JSC::B3::StackmapGenerationParams::successorLabels):
(JSC::B3::StackmapGenerationParams::fallsThroughToSuccessor):
(JSC::B3::StackmapGenerationParams::proc):

  • b3/B3StackmapGenerationParams.h:

(JSC::B3::StackmapGenerationParams::gpScratch):
(JSC::B3::StackmapGenerationParams::fpScratch):

  • b3/B3SwitchValue.cpp:

(JSC::B3::SwitchValue::~SwitchValue):
(JSC::B3::SwitchValue::removeCase):
(JSC::B3::SwitchValue::hasFallThrough):
(JSC::B3::SwitchValue::setFallThrough):
(JSC::B3::SwitchValue::appendCase):
(JSC::B3::SwitchValue::dumpSuccessors):
(JSC::B3::SwitchValue::dumpMeta):
(JSC::B3::SwitchValue::cloneImpl):
(JSC::B3::SwitchValue::SwitchValue):

  • b3/B3SwitchValue.h:

(JSC::B3::SwitchValue::accepts):
(JSC::B3::SwitchValue::caseValues):
(JSC::B3::SwitchValue::cases):
(JSC::B3::SwitchValue::fallThrough): Deleted.
(JSC::B3::SwitchValue::size): Deleted.
(JSC::B3::SwitchValue::at): Deleted.
(JSC::B3::SwitchValue::operator[]): Deleted.
(JSC::B3::SwitchValue::iterator::iterator): Deleted.
(JSC::B3::SwitchValue::iterator::operator*): Deleted.
(JSC::B3::SwitchValue::iterator::operator++): Deleted.
(JSC::B3::SwitchValue::iterator::operator==): Deleted.
(JSC::B3::SwitchValue::iterator::operator!=): Deleted.
(JSC::B3::SwitchValue::begin): Deleted.
(JSC::B3::SwitchValue::end): Deleted.

  • b3/B3Validate.cpp:
  • b3/B3Value.cpp:

(JSC::B3::Value::replaceWithPhi):
(JSC::B3::Value::replaceWithJump):
(JSC::B3::Value::replaceWithOops):
(JSC::B3::Value::dump):
(JSC::B3::Value::deepDump):
(JSC::B3::Value::dumpSuccessors):
(JSC::B3::Value::negConstant):
(JSC::B3::Value::typeFor):

  • b3/B3Value.h:
  • b3/air/AirCode.cpp:

(JSC::B3::Air::Code::addFastTmp):
(JSC::B3::Air::Code::addDataSection):
(JSC::B3::Air::Code::jsHash):

  • b3/air/AirCode.h:

(JSC::B3::Air::Code::isFastTmp):
(JSC::B3::Air::Code::setLastPhaseName):

  • b3/air/AirCustom.h:

(JSC::B3::Air::PatchCustom::shouldTryAliasingDef):
(JSC::B3::Air::PatchCustom::isTerminal):
(JSC::B3::Air::PatchCustom::hasNonArgNonControlEffects):
(JSC::B3::Air::PatchCustom::generate):
(JSC::B3::Air::CCallCustom::admitsStack):
(JSC::B3::Air::CCallCustom::isTerminal):
(JSC::B3::Air::CCallCustom::hasNonArgNonControlEffects):
(JSC::B3::Air::ShuffleCustom::admitsStack):
(JSC::B3::Air::ShuffleCustom::isTerminal):
(JSC::B3::Air::ShuffleCustom::hasNonArgNonControlEffects):

  • b3/air/AirGenerate.cpp:

(JSC::B3::Air::generate):

  • b3/air/AirGenerationContext.h:
  • b3/air/AirInst.h:

(JSC::B3::Air::Inst::hasNonControlEffects):

  • b3/air/AirSimplifyCFG.cpp:

(JSC::B3::Air::simplifyCFG):

  • b3/air/AirSpecial.cpp:

(JSC::B3::Air::Special::shouldTryAliasingDef):
(JSC::B3::Air::Special::isTerminal):
(JSC::B3::Air::Special::hasNonArgNonControlEffects):

  • b3/air/AirSpecial.h:
  • b3/air/AirValidate.cpp:
  • b3/air/opcode_generator.rb:
  • b3/testb3.cpp:
  • ftl/FTLLowerDFGToB3.cpp:
  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::jump):
(JSC::FTL::Output::branch):
(JSC::FTL::Output::ret):
(JSC::FTL::Output::unreachable):
(JSC::FTL::Output::speculate):
(JSC::FTL::Output::trap):
(JSC::FTL::Output::anchor):
(JSC::FTL::Output::decrementSuperSamplerCount):
(JSC::FTL::Output::addIncomingToPhi):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::constIntPtr):
(JSC::FTL::Output::callWithoutSideEffects):
(JSC::FTL::Output::switchInstruction):
(JSC::FTL::Output::phi):
(JSC::FTL::Output::addIncomingToPhi):

Websites/webkit.org:


Update documentation to reflect Patchpoint's new powers.

  • docs/b3/intermediate-representation.html:

LayoutTests:

  • js/regress/bigswitch-expected.txt: Added.
  • js/regress/bigswitch.html: Added.
  • js/regress/script-tests/bigswitch.js: Added.

(foo):

5:57 PM Changeset in webkit [203389] by Chris Dumez
  • 6 edits
    2 adds in trunk

DocType's publicId / systemId should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=159901

Reviewed by Benjamin Poulain.

LayoutTests/imported/w3c:

Rebaseline now that more checks regarding DocumentType serialization
are passing.

  • web-platform-tests/domparsing/xml-serialization-expected.txt:

Source/WebCore:

DocType's publicId / systemId should not be nullable. While they were
not marked as nullable in our IDL, they could be stored as null Strings
in our implementation depending on how the Node was constructed. This
led to subtle bugs where String() != emptyString().

In particular, Node.isEqualNode() would return false when DocumentType
nodes would mismatch because of their publicId / systemId being null
instead of the emptyString.

Serialization would DocumentType nodes would also be wrong when
publicId / systemId were empty Strings instead of null strings. The
new behavior now matches:

To address these issues, we now always store publicId / systemId as
non-null Strings inside the DocumentType class.

Test: fast/dom/DocumentType/isEqualNode.html

  • dom/DocumentType.cpp:

(WebCore::DocumentType::DocumentType):

  • editing/MarkupAccumulator.cpp:

(WebCore::MarkupAccumulator::appendDocumentType):

LayoutTests:

Add test coverage for comparison of DocumentType nodes
using isEqualNode(). This tests used to fail and now passes.
The test passes in Firefox and Chrome as well.

  • fast/dom/DocumentType/isEqualNode-expected.txt: Added.
  • fast/dom/DocumentType/isEqualNode.html: Added.
5:47 PM Changeset in webkit [203388] by commit-queue@webkit.org
  • 6 edits
    2 adds in trunk

If previous media session interruptions were prevented, still allow subsequent interruptions to try.
https://bugs.webkit.org/show_bug.cgi?id=157553
rdar://problem/25740804

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-07-18
Reviewed by Eric Carlson.

Source/WebCore:

Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html

When suspending under lock on iOS, there is first a resign active event, then a
suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
suspend under lock to interrupt playback.

Currently if there are nested interruptions only the first one is acted upon.

This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
previous interruptions were ignored.

This test is for iPad only, so it must be run manually.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):

  • platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::beginInterruption):

  • testing/Internals.cpp:

(WebCore::Internals::beginMediaSessionInterruption):

LayoutTests:

When suspending under lock on iOS, there is first a resign active event, then a
suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
suspend under lock to interrupt playback.

Currently if there are nested interruptions only the first one is acted upon.

This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
previous interruptions were ignored.

This test is for iPad only, so it must be run manually.

  • platform/ios-simulator/TestExpectations:
  • platform/ios-simulator/media/video-interruption-suspendunderlock-expcted.txt: Added.
  • platform/ios-simulator/media/video-interruption-suspendunderlock.html: Added.
5:38 PM Changeset in webkit [203387] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Don't null out the IPC::Connection's XPC connection
https://bugs.webkit.org/show_bug.cgi?id=159911
rdar://problem/27018065

Reviewed by Alex Christensen.

The function that nulls out the XPC connection, platformInvalidate(), is called from the connection queue,
whereas the XPC connection is normally accessed from the main thread leading to inconsistencies when the
connection is being invalidated while the main thread is trying to access it.

Fix this by simply never nulling out the XPC connection. It will be released when the IPC::Connection is destroyed anyway.

  • Platform/IPC/mac/ConnectionMac.mm:

(IPC::Connection::platformInvalidate):

5:24 PM Changeset in webkit [203386] by aakash_jain@apple.com
  • 5 edits in trunk/Tools

EWS console logs doesn't go to log file
https://bugs.webkit.org/show_bug.cgi?id=159539
<rdar://problem/24464570>

Reviewed by David Kilzer.

  • Scripts/webkitpy/common/system/logutils.py:

(configure_logger_to_log_to_file): Added method to configure the logger to log to file.
(FileSystemHandler): Added class which uses logging.FileHandler as base class and supports writing
to filesystem. It also supports passing MockFilesystem.
(FileSystemHandler.init): Initialize the class and calls base class init.
(FileSystemHandler._open): Overrides the base class _open method to use filesystem object.

  • Scripts/webkitpy/tool/commands/earlywarningsystem_unittest.py:

(AbstractEarlyWarningSystemTest.test_failing_tests_message): Added MockHost() parameter.
(_test_ews): Same.

  • Scripts/webkitpy/tool/commands/queues.py:

(AbstractQueue.begin_work_queue): Configure the logger to log to file.
(AbstractQueue._log_directory): Using filesystem object instead of os.
(AbstractQueue.queue_log_path): Same.
(AbstractQueue.init): Passed host parameter.
(PatchProcessingQueue.init): Same.
(CommitQueue.init): Same.
(AbstractReviewQueue.init): Same.
(StyleQueue.init): Same.

  • Scripts/webkitpy/tool/commands/queues_unittest.py:

(TestCommitQueue): Passed MockHost() as host.
(TestCommitQueue.init): Same.
(TestQueue.init): Same.
(TestReviewQueue.init): Same.
(TestFeederQueue.init): Same.
(AbstractPatchQueueTest.test_next_patch): Same.
(PatchProcessingQueueTest.test_upload_results_archive_for_patch): Same.
(test_commit_queue_failure): Same.
(MockCommitQueueTask.results_from_patch_test_run): Same.
(test_rollout_lands): Same.
(test_non_valid_patch): Same.
(test_auto_retry): Same.
(test_style_queue_with_watch_list_exception): Same.

5:24 PM Changeset in webkit [203385] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Tapping on an apple.com tab in tab overview stutters when switching to it
https://bugs.webkit.org/show_bug.cgi?id=159904
<rdar://problem/27192350>

Reviewed by Simon Fraser.

  • UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateViewState):
In any case where we get to waitForDidUpdateViewState (usually a tab switch),
if we have an outstanding didUpdate message, the Web process will not commit
a new layer tree until it receives the didUpdate message. However, since
waitForDidUpdateViewState synchronously blocks the UI process, we also
won't *send* the didUpdate message, so we block for the full timeout duration.

Instead, if we get to waitForDidUpdateViewState, just send the didUpdate without
waiting for the DisplayLink or anything else, because calling rAF slightly too
quickly, once, is certainly better than blocking the UI process for a whole second.

5:20 PM Changeset in webkit [203384] by clopez@igalia.com
  • 2 edits in trunk/Source/WebKit2

[GTK] ENABLE_OPENGL=OFF build broken since r201802
https://bugs.webkit.org/show_bug.cgi?id=159909

Reviewed by Antonio Gomes.

  • WebProcess/WebPage/LayerTreeHost.h: Add missing include.
5:13 PM Changeset in webkit [203383] by Brent Fulgham
  • 5 edits
    4 adds in trunk

Don't associate form-associated elements with forms in other trees.
https://bugs.webkit.org/show_bug.cgi?id=119451
<rdar://problem/27382946>

Change is based on the Blink change (patch by <adamk@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

Reviewed by Chris Dumez.

Source/WebCore:

Prevent elements from being associated with forms that are not part of the same home subtree.
This brings us in line with the WhatWG HTML specification as of September, 2013.

Tests: fast/forms/image-disconnected-during-parse.html

fast/forms/input-disconnected-during-parse.html

  • dom/Element.h:

(WebCore::Node::rootElement): Added.

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
is not part of the same tree, remove the association.

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::insertedInto): Ditto.

LayoutTests:

  • fast/forms/image-disconnected-during-parse-expected.txt: Added.
  • fast/forms/image-disconnected-during-parse.html: Added.
  • fast/forms/input-disconnected-during-parse-expected.txt: Added.
  • fast/forms/input-disconnected-during-parse.html: Added.
4:56 PM Changeset in webkit [203382] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.42

New tag.

4:54 PM Changeset in webkit [203381] by andersca@apple.com
  • 14 edits
    5 adds in trunk/Source

WebKit nightly fails to build on macOS Sierra
https://bugs.webkit.org/show_bug.cgi?id=159902
rdar://problem/27365672

Reviewed by Tim Horton.

Source/JavaScriptCore:

  • icu/unicode/ucurr.h: Added.

Add ucurr.h from ICU.

Source/WebCore:

  • Modules/applepay/cocoa/PaymentCocoa.mm:
  • Modules/applepay/cocoa/PaymentContactCocoa.mm:
  • Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
  • Modules/applepay/cocoa/PaymentMethodCocoa.mm:

Use new PassKitSPI header.

  • WebCore.xcodeproj/project.pbxproj:

Add new PassKitSPI header.

  • icu/unicode/ucurr.h: Added.

Add ucurr.h from ICU.

  • platform/spi/cocoa/PassKitSPI.h: Added.

Add new PassKitSPI header.

Source/WebKit/mac:

  • icu/unicode/ucurr.h: Added.

Add ucurr.h from ICU.

Source/WebKit2:

  • Shared/Cocoa/WebCoreArgumentCodersCocoa.mm:
  • UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.h:
  • UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:
  • UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm:

Use new PassKitSPI header.

Source/WTF:

  • icu/unicode/ucurr.h: Added.

Add ucurr.h from ICU.

4:39 PM Changeset in webkit [203380] by dino@apple.com
  • 15 edits in trunk

REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
https://bugs.webkit.org/show_bug.cgi?id=159906
<rdar://problem/27391725>

Reviewed by Simon Fraser.

The fix for webkit.org/b/157569 in r200769 broke AMP pages.
The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.

Revert them both until we have better testing.

Source/WebCore:

  • css/CSSParser.cpp:

(WebCore::CSSParser::addPropertyWithPrefixingVariant):
(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parseAnimationShorthand):
(WebCore::CSSParser::parseTransitionShorthand): Deleted.

  • css/CSSPropertyNames.in:
  • css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):

  • css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::removeShorthandProperty):
(WebCore::MutableStyleProperties::removeProperty):
(WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
(WebCore::MutableStyleProperties::setProperty):
(WebCore::getIndexInShorthandVectorForPrefixingVariant):
(WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
(WebCore::MutableStyleProperties::setPrefixingVariantProperty):
(WebCore::StyleProperties::asText): Deleted.

  • css/StyleProperties.h:

LayoutTests:

  • animations/fill-mode-forwards-zero-duration.html:
  • animations/play-state-start-paused.html:
  • animations/script-tests/spring-parsing.js:

(testSpring):

  • animations/spring-parsing-expected.txt:
  • animations/unprefixed-properties-expected.txt:
  • animations/unprefixed-properties.html:
  • fast/css/prefixed-unprefixed-variant-style-declaration-expected.txt:
  • fast/css/shorthand-omitted-initial-value-overrides-shorthand-expected.txt:
4:16 PM Changeset in webkit [203379] by akling@apple.com
  • 8 edits
    3 adds in trunk

There should be a way to simulate memory pressure in layout tests
<https://webkit.org/b/159743>

Reviewed by Simon Fraser.

Source/WebCore:

Add three window.internal APIs:

  • boolean isUnderMemoryPressure (readonly attribute)
  • void beginSimulatedMemoryPressure()
  • void endSimulatedMemoryPressure()

These make it possible to write tests that exercise behaviors that only
occur during memory pressure situations.

I also implemented the "org.WebKit.lowMemory" notification handler using the new API.

Test: memory/memory-pressure-simulation.html

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
(WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):

  • platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::isUnderMemoryPressure):

  • platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::platformReleaseMemory):
(WebCore::MemoryPressureHandler::install):

  • testing/Internals.cpp:

(WebCore::Internals::isUnderMemoryPressure):
(WebCore::Internals::beginSimulatedMemoryPressure):
(WebCore::Internals::endSimulatedMemoryPressure):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

Add a basic test for the new APIs.

  • memory/memory-pressure-simulation-expected.txt: Added.
  • memory/memory-pressure-simulation.html: Added.
3:46 PM Changeset in webkit [203378] by commit-queue@webkit.org
  • 10 edits
    2 adds in trunk

[iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
https://bugs.webkit.org/show_bug.cgi?id=158715

Source/WebCore:

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-07-18
Reviewed by Dean Jackson.

Test: fast/images/displaced-non-cached-pdf.html

For iOS, we need to ensure the size of the cached PDF images will not
exceed some limit. Also we should be caching only a sub image of the PDF
if caching the whole image will exceed the memory limit.

  • page/Settings.cpp:

(WebCore::Settings::Settings):
(WebCore::Settings::setCachedPDFImageEnabled):

  • page/Settings.h:

(WebCore::Settings::isCachedPDFImageEnabled):

Add an option to disable caching the PDF images.

  • platform/graphics/cg/PDFDocumentImage.cpp:

(WebCore::PDFDocumentImage::setCachedPDFImageEnabled):

Allow the caller of draw() to disable caching the PDF images.

(WebCore::PDFDocumentImage::cacheParametersMatch):

Match the context dirty rectangle with the cached image rectangle.

(WebCore::transformContextForPainting):

When preparing the context for drawing the PDF, take the location
of the destination rectangle into account. We do not need to scale
the location of the source rectangle because we scale the size of
the rectangle but we don't scale the whole coordinate system.

(WebCore::cachedImageRect):

Calculate the rectangle of the cached image such that it does not
exceed the limit. Start from the center of the dirty rectangle and
then expand around it.

(WebCore::PDFDocumentImage::decodedSizeChanged):

In addition to notifying the ImageObserver, it keeps track of the size
of all the cached PDF images.

(WebCore::PDFDocumentImage::updateCachedImageIfNeeded):

Ensure the size of all the cached images does not exceed the limit

(WebCore::PDFDocumentImage::destroyDecodedData):

  • platform/graphics/cg/PDFDocumentImage.h:
  • rendering/RenderImage.cpp:

(WebCore::RenderImage::paintIntoRect):

Pass the option to disable caching the PDF images to PDFDocumentImage.

  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setCachedPDFImageEnabled):

  • testing/InternalSettings.h:
  • testing/InternalSettings.idl:

Add an internal option to disable caching the PDF images.

LayoutTests:

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-07-18
Reviewed by Dean Jackson.

Make sure the PDF image will be displayed at the correct position if caching
the PDF image is disabled.

  • fast/images/displaced-non-cached-pdf-expected.html: Added.
  • fast/images/displaced-non-cached-pdf.html: Added.
3:33 PM Changeset in webkit [203377] by Chris Dumez
  • 9 edits
    2 adds
    6 deletes in trunk

The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
https://bugs.webkit.org/show_bug.cgi?id=158008

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

  • web-platform-tests/XMLHttpRequest/interfaces-expected.txt:
  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

The 2 first parameters to addEventListener() / removeEventListener() should be
mandatory:

Firefox 46 and Chrome 50 both match the specification and throw an exception when those
parameters are omitted. However, those parameters were marked as optional in WebKit and
the calls were no-ops if those parameters were omitted. This patch aligns our behavior
with the specification and other browsers.

Test: fast/dom/eventtarget-api-parameters.html

  • bindings/scripts/CodeGeneratorJS.pm:

(GetFunctionLength): Deleted.

  • dom/EventTarget.idl:

LayoutTests:

  • fast/dom/Window/window-legacy-event-listener-expected.txt: Removed.
  • fast/dom/Window/window-legacy-event-listener.html: Removed.
  • fast/dom/XMLHttpRequest-legacy-event-listener-expected.txt: Removed.
  • fast/dom/XMLHttpRequest-legacy-event-listener.html: Removed.
  • fast/dom/node-legacy-event-listener-expected.txt: Removed.
  • fast/dom/node-legacy-event-listener.html: Removed.

Drop legacy tests that expect the addEventListener() / removeEventListener()
parameters to be optional.

  • fast/dom/eventtarget-api-parameters-expected.txt: Added.
  • fast/dom/eventtarget-api-parameters.html: Added.

Add layout test to check that the 2 first parameters of addEventListener()
and removeEventListener() are now mandatory. It also checks that the
second parameter is nullable.

  • media/video-remote-control-playpause.html:

Drop useless call to addEventListener() without a listener as it now throws.

3:20 PM Changeset in webkit [203376] by msaboff@apple.com
  • 3 edits
    1 add in trunk/Source
ASSERTION FAILED: : (year >= 1970 && yearday >= 0)
(year < 1970 && yearday < 0) -- WTF/wtf/DateMath.cpp

https://bugs.webkit.org/show_bug.cgi?id=159883

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

New test.

  • tests/stress/regress-159883.js: Added.

Source/WTF:

The function daysFrom1970ToYear() takes an integer year and returns a double result.
The calculation uses 1970 as a baseline year and subtracts 1970 from the argument year.
It does that subtraction using integer arithmetic, which given negative years close to
INT_MIN can underflow as a result of subtracting 1970. Since we want a double result,
the fix is to cast year as a double before the subtraction, which eliminates the underflow.

  • wtf/DateMath.cpp:

(WTF::daysFrom1970ToYear):

2:33 PM Changeset in webkit [203375] by fpizlo@apple.com
  • 21 edits
    2 adds in trunk/Source/JavaScriptCore

MarkedBlocks should know that they can be used for more than JSCells
https://bugs.webkit.org/show_bug.cgi?id=159643

Reviewed by Geoffrey Garen.

This teaches the Heap that a MarkedBlock may hold either JSCells, or Auxiliary, which is
not a JSCell. It teaches the heap and all of the things that walk the heap to ignore
non-JSCells whenever they are looking for global objects, JSObjects, and things to trace
for debugging or profiling. The idea is that we will be able to allocate butterflies and
typed array backing stores as Auxiliary in MarkedSpace rather than allocating those things
in CopiedSpace. That's what bug 159658 is all about.

This gives us a new type, called HeapCell, which is just meant to be a class distinct from
JSCell or any type we would use for Auxiliary. For convenience, JSCell is a subclass of
HeapCell. HeapCell has an enum called HeapCell::Kind, which is either HeapCell::JSCell or
HeapCell::Auxiliary. MarkedSpace no longer speaks of JSCells directly except when dealing
with destruction.

This change required doing a lot of stuff to all of those functor callbacks, since they
now take HeapCell* instead of JSCell* and they take an extra HeapCell::Kind argument to
tell them if they are dealing with JSCells or Auxiliary. I figured that this would be as
good a time as any to convert those functors to being lambda-compatible. This means that
operator() must be const. In some cases, converting the operator() to be const would have
taken more work than just turning the whole thing into a lambda. Whenever this was the
case, I converted the code to use lambdas. I left a lot of functors alone. In cases where
the functor would benefit from being a lambda, for example because it would get rid of
const_casts or mutables, I put in a FIXME referencing bug 159644.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • debugger/Debugger.cpp:

(JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
(JSC::Debugger::SetSteppingModeFunctor::operator()):
(JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
(JSC::Debugger::ToggleBreakpointFunctor::operator()):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
(JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
(JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):

  • heap/CodeBlockSet.h:

(JSC::CodeBlockSet::iterate):

  • heap/HandleSet.h:

(JSC::HandleNode::next):
(JSC::HandleSet::forEachStrongHandle):

  • heap/Heap.cpp:

(JSC::GatherHeapSnapshotData::GatherHeapSnapshotData):
(JSC::GatherHeapSnapshotData::operator()):
(JSC::RemoveDeadHeapSnapshotNodes::RemoveDeadHeapSnapshotNodes):
(JSC::RemoveDeadHeapSnapshotNodes::operator()):
(JSC::Heap::protectedGlobalObjectCount):
(JSC::Heap::globalObjectCount):
(JSC::Heap::protectedObjectCount):
(JSC::Heap::protectedObjectTypeCounts):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::deleteAllCodeBlocks):
(JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
(JSC::MarkedBlockSnapshotFunctor::operator()):
(JSC::Zombify::visit):
(JSC::Zombify::operator()):
(JSC::Heap::zombifyDeadObjects):
(JSC::Heap::flushWriteBarrierBuffer):

  • heap/Heap.h:

(JSC::Heap::handleSet):
(JSC::Heap::handleStack):

  • heap/HeapCell.cpp: Added.

(WTF::printInternal):

  • heap/HeapCell.h: Added.

(JSC::HeapCell::HeapCell):
(JSC::HeapCell::zap):
(JSC::HeapCell::isZapped):

  • heap/HeapInlines.h:

(JSC::Heap::deprecatedReportExtraMemory):
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::forEachProtectedCell):
(JSC::Heap::allocateWithDestructor):

  • heap/HeapStatistics.cpp:

(JSC::StorageStatistics::visit):
(JSC::StorageStatistics::operator()):

  • heap/HeapVerifier.cpp:

(JSC::GatherLiveObjFunctor::visit):
(JSC::GatherLiveObjFunctor::operator()):

  • heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateBlock):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::reset):
(JSC::MarkedAllocator::lastChanceToFinalize):
(JSC::LastChanceToFinalize::operator()): Deleted.

  • heap/MarkedAllocator.h:

(JSC::MarkedAllocator::takeLastActiveBlock):
(JSC::MarkedAllocator::resumeAllocating):
(JSC::MarkedAllocator::forEachBlock):

  • heap/MarkedBlock.cpp:

(JSC::MarkedBlock::create):
(JSC::MarkedBlock::destroy):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::callDestructor):
(JSC::MarkedBlock::specializedSweep):
(JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
(JSC::SetNewlyAllocatedFunctor::operator()):
(JSC::MarkedBlock::stopAllocating):
(JSC::MarkedBlock::didRetireBlock):

  • heap/MarkedBlock.h:

(JSC::MarkedBlock::CountFunctor::CountFunctor):
(JSC::MarkedBlock::CountFunctor::count):
(JSC::MarkedBlock::CountFunctor::returnValue):
(JSC::MarkedBlock::needsDestruction):
(JSC::MarkedBlock::cellKind):
(JSC::MarkedBlock::size):
(JSC::MarkedBlock::clearNewlyAllocated):
(JSC::MarkedBlock::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::isLive):
(JSC::MarkedBlock::isLiveCell):
(JSC::MarkedBlock::forEachCell):
(JSC::MarkedBlock::forEachLiveCell):
(JSC::MarkedBlock::forEachDeadCell):

  • heap/MarkedSpace.cpp:

(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::zombifySweep):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::MarkedSpace::forEachAllocator):
(JSC::MarkedSpace::stopAllocating):
(JSC::MarkedSpace::resumeAllocating):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::shrink):
(JSC::clearNewlyAllocatedInBlock):
(JSC::MarkedSpace::clearNewlyAllocated):
(JSC::MarkedSpace::clearMarks):
(JSC::Free::Free): Deleted.
(JSC::Free::operator()): Deleted.
(JSC::FreeOrShrink::FreeOrShrink): Deleted.
(JSC::FreeOrShrink::operator()): Deleted.
(JSC::VisitWeakSet::VisitWeakSet): Deleted.
(JSC::VisitWeakSet::operator()): Deleted.
(JSC::ReapWeakSet::operator()): Deleted.
(JSC::LastChanceToFinalize::operator()): Deleted.
(JSC::StopAllocatingFunctor::operator()): Deleted.
(JSC::ResumeAllocatingFunctor::operator()): Deleted.
(JSC::ClearNewlyAllocated::operator()): Deleted.
(JSC::VerifyNewlyAllocated::operator()): Deleted.

  • heap/MarkedSpace.h:

(JSC::MarkedSpace::forEachLiveCell):
(JSC::MarkedSpace::forEachDeadCell):
(JSC::MarkedSpace::allocatorFor):
(JSC::MarkedSpace::allocateWithDestructor):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::didAddBlock):
(JSC::MarkedSpace::objectCount):
(JSC::MarkedSpace::size):
(JSC::MarkedSpace::capacity):
(JSC::ClearMarks::operator()): Deleted.
(JSC::Sweep::operator()): Deleted.
(JSC::ZombifySweep::operator()): Deleted.
(JSC::MarkCount::operator()): Deleted.
(JSC::Size::operator()): Deleted.

  • runtime/JSCell.h:

(JSC::JSCell::zap): Deleted.
(JSC::JSCell::isZapped): Deleted.

  • runtime/JSCellInlines.h:

(JSC::allocateCell):
(JSC::JSCell::isObject):
(JSC::isZapped): Deleted.

  • runtime/JSGlobalObject.cpp:
  • tools/JSDollarVMPrototype.cpp:

(JSC::CellAddressCheckFunctor::CellAddressCheckFunctor):
(JSC::CellAddressCheckFunctor::operator()):

2:15 PM Changeset in webkit [203374] by Brent Fulgham
  • 5 edits
    4 deletes in trunk

Unreviewed, rolling out r203373.

Unaddressed

Reverted changeset:

"Don't associate form-associated elements with forms in other
trees."
https://bugs.webkit.org/show_bug.cgi?id=119451
http://trac.webkit.org/changeset/203373

2:12 PM Changeset in webkit [203373] by Brent Fulgham
  • 5 edits
    4 adds in trunk

Don't associate form-associated elements with forms in other trees.
https://bugs.webkit.org/show_bug.cgi?id=119451
<rdar://problem/27382946>

Change is based on the Blink change (patch by <adamk@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

Reviewed by Zalan Bujtas.

Source/WebCore:

Prevent elements from being associated with forms that are not part of the same home subtree.
This brings us in line with the WhatWG HTML specification as of September, 2013.

Tests: fast/forms/image-disconnected-during-parse.html

fast/forms/input-disconnected-during-parse.html

  • dom/NodeTraversal.h:

(WebCore::NodeTraversal::highestAncestorOrSelf): Added.

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
is not part of the same tree, remove the association.

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::insertedInto): Ditto.

LayoutTests:

  • fast/forms/image-disconnected-during-parse-expected.txt: Added.
  • fast/forms/image-disconnected-during-parse.html: Added.
  • fast/forms/input-disconnected-during-parse-expected.txt: Added.
  • fast/forms/input-disconnected-during-parse.html: Added.
1:59 PM Changeset in webkit [203372] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Marking storage/indexeddb/modern/handle-user-delete.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=159896

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
  • platform/mac/TestExpectations:
1:41 PM Changeset in webkit [203371] by timothy_horton@apple.com
  • 5 edits in trunk/Source/WebKit2

Mail contents are temporarily obscured by black rectangles when returning from suspend and in app switcher
https://bugs.webkit.org/show_bug.cgi?id=159894
<rdar://problem/26973202>

Reviewed by Simon Fraser.

  • UIProcess/ApplicationStateTracker.h:
  • UIProcess/ApplicationStateTracker.mm:

(WebKit::ApplicationStateTracker::ApplicationStateTracker):
(WebKit::ApplicationStateTracker::~ApplicationStateTracker):
(WebKit::ApplicationStateTracker::applicationDidCreateWindowContext):

  • UIProcess/ios/WKContentView.mm:

(-[WKContentView didMoveToWindow]):
(-[WKContentView _applicationDidCreateWindowContext]):
(-[WKContentView _applicationWillEnterForeground]): Deleted.

  • UIProcess/ios/WKPDFView.mm:

(-[WKPDFView didMoveToWindow]):
(-[WKPDFView _applicationDidCreateWindowContext]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::applicationDidFinishSnapshottingAfterEnteringBackground):
Hide content at window context creation time, instead of when the application
becomes foregrounded. Otherwise, background snapshots (which create/destroy
window contexts, but do not bring the app into the foreground) can have
parented layers that have volatile surfaces in them. In the normal case,
we will subsequently get foregrounded and re-build the layer tree; in the
background snapshot case, we will just have an empty layer tree.

In the future, we should consider making ApplicationStateTracker use
window context creation/destruction to drive web process lifetime, so
that we can actually paint correctly for background snapshots.

1:31 PM Changeset in webkit [203370] by fpizlo@apple.com
  • 8 edits
    38 adds in trunk

Source/JavaScriptCore:
Repeatedly creating and destroying workers that enqueue DFG plans can outpace the DFG worklist, which then causes VM shutdown to stall, which then causes memory growth
https://bugs.webkit.org/show_bug.cgi?id=159754

Reviewed by Geoffrey Garen.

If you create and destroy workers at a high rate and those workers enqueue some DFG plans
that are still not compiled at the time that the worker is closed, then the closed workers
end up stalling in VM::~VM waiting for the DFG worklist thread to finish those plans. Since
we don't actually cancel the plans, it's easy to create a situation where the workers
outpace the DFG worklist, especially if you create many workers at a time and each one
finishes just after enqueueing those plans.

The solution is to allow VM::~VM to remove plans from the DFG worklist that are related to
that VM but aren't currently being worked on. That turns out to be an easy change.

I have a test that repros this, but it's quite long-running. I call it workers/bomb.html. We
may want to exclude it from test runs because of how long it takes.

  • dfg/DFGWorklist.cpp:

(JSC::DFG::Worklist::removeDeadPlans):
(JSC::DFG::Worklist::removeNonCompilingPlansForVM):
(JSC::DFG::Worklist::queueLength):
(JSC::DFG::Worklist::runThread):

  • dfg/DFGWorklist.h:
  • runtime/VM.cpp:

(JSC::VM::~VM):

LayoutTests:
Repeatedly creating and destroying workers that enqueue DFG plans can outpace the DFG worklist, which then causes VM shutdown to stall, which then causes a memory growth
https://bugs.webkit.org/show_bug.cgi?id=159754

Reviewed by Geoffrey Garen.

Adds two tests that create a lot of workers that do sophisticated things. These are
long-running tests so we may want to skip them. It's OK if we end up only running them
manually occasionally.

  • workers: Added.
  • workers/bomb.html: Added.
  • workers/bomb-expected.txt: Added.
  • workers/bomb-with-v8.html: Added.
  • workers/tests: Added.
  • workers/tests/3d-cube.js: Added.
  • workers/tests/3d-morph.js: Added.
  • workers/tests/3d-raytrace.js: Added.
  • workers/tests/access-binary-trees.js: Added.
  • workers/tests/access-fannkuch.js: Added.
  • workers/tests/access-nbody.js: Added.
  • workers/tests/access-nsieve.js: Added.
  • workers/tests/bitops-3bit-bits-in-byte.js: Added.
  • workers/tests/bitops-bits-in-byte.js: Added.
  • workers/tests/bitops-bitwise-and.js: Added.
  • workers/tests/bitops-nsieve-bits.js: Added.
  • workers/tests/controlflow-recursive.js: Added.
  • workers/tests/crypto-aes.js: Added.
  • workers/tests/crypto-md5.js: Added.
  • workers/tests/crypto-sha1.js: Added.
  • workers/tests/date-format-tofte.js: Added.
  • workers/tests/date-format-xparb.js: Added.
  • workers/tests/math-cordic.js: Added.
  • workers/tests/math-partial-sums.js: Added.
  • workers/tests/math-spectral-norm.js: Added.
  • workers/tests/regexp-dna.js: Added.
  • workers/tests/string-base64.js: Added.
  • workers/tests/string-fasta.js: Added.
  • workers/tests/string-tagcloud.js: Added.
  • workers/tests/string-unpack-code.js: Added.
  • workers/tests/string-validate-input.js: Added.
  • workers/tests/v8-crypto.js: Added.
  • workers/tests/v8-deltablue.js: Added.
  • workers/tests/v8-earley-boyer.js: Added.
  • workers/tests/v8-raytrace.js: Added.
  • workers/tests/v8-regexp.js: Added.
  • workers/tests/v8-richards.js: Added.
  • workers/tests/v8-splay.js: Added.
1:16 PM Changeset in webkit [203369] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/indexeddb/modern/abort-requests-cancelled.html as flaky on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=156070

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
1:12 PM Changeset in webkit [203368] by fpizlo@apple.com
  • 6 edits
    9 adds in trunk

Object.preventExtensions/seal/freeze makes code much slower
https://bugs.webkit.org/show_bug.cgi?id=143247

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This has been a huge pet peeve of mine for a long time, but I was always afraid of fixing
it because I thought that it would be hard. Well, it looks like it's not hard at all.

The problem is that you cannot mutate a structure that participates in transition caching.
You can only clone the structure and mutate that one. But if you do this, you have to make
a hard choice:

1) Clone the structure without caching the transition. This is what the code did before

this change. It's the most obvious choice, but it introduces an uncacheable transition
that leads to an explosion of structures, which then breaks all inline caches.


2) Perform one of the existing cacheable transitions. Cacheable transitions can either add

properties or they can do one of the NonPropertyTransitions, which until now have been
restricted to just IndexingType transitions. So, only adding transitions or making
certain prescribed changes to the indexing type count as cacheable transitions.


This change decouples NonPropertyTransition from IndexingType and adds three new kinds of
transitions: PreventExtensions, Seal, and Freeze. We have to give any cacheable transition
a name that fully disambiguates this transition from any other, so that the transition can
be cached. Since we're already giving them names in an enum, I figured that the most
pragmatic way to implement them is to have Structure::nonPropertyTransition() case on the
NonPropertyTransition and implement all of the mutations associated with that transition.
The alternative would have been to allow callers of nonPropertyTransition() to supply
something like a lambda that describes the mutation, but this seemed awkward since each
set of mutations has to anyway be tied to one of the NonPropertyTransition members.

This is an enormous speed-up on microbenchmarks that use Object.preventExtensions(),
Object.seal(), or Object.freeze(). I don't know if "real" benchmarks use these features
and I don't really care. This should be fast.

  • runtime/JSObject.cpp:

(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::switchToSlowPutArrayStorage):

  • runtime/Structure.cpp:

(JSC::Structure::suggestedArrayStorageTransition):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::toUncacheableDictionaryTransition):
(JSC::Structure::sealTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::pin):
(JSC::Structure::pinForCaching):
(JSC::Structure::allocateRareData):

  • runtime/Structure.h:
  • runtime/StructureTransitionTable.h:

(JSC::toAttributes):
(JSC::changesIndexingType):
(JSC::newIndexingType):
(JSC::preventsExtensions):
(JSC::setsDontDeleteOnAllProperties):
(JSC::setsReadOnlyOnAllProperties):

LayoutTests:

These tests now run ~25x faster.

  • js/regress/freeze-and-do-work-expected.txt: Added.
  • js/regress/freeze-and-do-work.html: Added.
  • js/regress/prevent-extensions-and-do-work-expected.txt: Added.
  • js/regress/prevent-extensions-and-do-work.html: Added.
  • js/regress/script-tests/freeze-and-do-work.js: Added.

(Foo):

  • js/regress/script-tests/prevent-extensions-and-do-work.js: Added.

(Foo):

  • js/regress/script-tests/seal-and-do-work.js: Added.

(Foo):

  • js/regress/seal-and-do-work-expected.txt: Added.
  • js/regress/seal-and-do-work.html: Added.
1:12 PM Changeset in webkit [203367] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking imported/w3c/web-platform-tests/XMLHttpRequest/event-readystatechange-loaded.htm as flaky on mac-debug WK1
https://bugs.webkit.org/show_bug.cgi?id=159893

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
1:03 PM Changeset in webkit [203366] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking media/video-load-preload-metadata.html as flaky on Mac.
https://bugs.webkit.org/show_bug.cgi?id=128312

Unreviewed test gardening.

  • platform/mac/TestExpectations:
12:51 PM Changeset in webkit [203365] by fpizlo@apple.com
  • 10 edits in trunk/Source

RegisterSet should use a Bitmap instead of a BitVector so that it never allocates memory and is trivial to copy
https://bugs.webkit.org/show_bug.cgi?id=159863

Reviewed by Saam Barati.

Source/JavaScriptCore:

Switch RegisterSet set to Bitmap because Bitmap doesn't ever allocate memory and can be
assigned by memcpy. This should be a performance improvement for compiler code that does a
lot of things with RegisterSet. For example, it's one of the fundamental data structures in
Air. The previous use of BitVector meant that almost every operation on RegisterSet would
have a slow path call. On ARM64, it would mean memory allocation for any RegisterSet that
used all available registers.

This meant adding even more GPR/FPR reflection to the MacroAssembler API: we now have consts
called numGPRs and numFPRs. This is necessary to statically size the Bitmap in RegisterSet.

Here's the breakdown of sizes of RegisterSet on different CPUs:

x86-32: 8 bits (GPRs) + 8 bits (FPRs) + 1 bit (is deleted) = 1x uint32_t.
x86-64: 16 bits + 16 bits + 1 bit = 2x uint32_t.
ARMv7: 16 bits + 16 bits + 1 bit = 2x uint32_t.
ARM64: 32 bits + 32 bits + 1 bit = 3x uint32_t.

  • assembler/MacroAssemblerARM.h:
  • assembler/MacroAssemblerARM64.h:
  • assembler/MacroAssemblerARMv7.h:
  • assembler/MacroAssemblerX86.h:
  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::scratchRegister):

  • assembler/MacroAssemblerX86_64.h:
  • jit/RegisterSet.h:

(JSC::RegisterSet::set):
(JSC::RegisterSet::get):
(JSC::RegisterSet::setAll):
(JSC::RegisterSet::merge):
(JSC::RegisterSet::filter):
(JSC::RegisterSet::exclude):
(JSC::RegisterSet::numberOfSetRegisters):
(JSC::RegisterSet::RegisterSet):
(JSC::RegisterSet::isEmptyValue):
(JSC::RegisterSet::isDeletedValue):
(JSC::RegisterSet::operator==):
(JSC::RegisterSet::operator!=):
(JSC::RegisterSet::hash):
(JSC::RegisterSet::forEach):
(JSC::RegisterSet::setMany):

Source/WTF:

Give Bitmap all of the power of BitVector (except for automatic resizing). This means a
variant of set() that takes a bool, and a bunch of helper methods (merge, filter, exclude,
forEachSetBit, ==, !=, and hash).

  • wtf/Bitmap.h:

(WTF::WordType>::set):
(WTF::WordType>::testAndSet):
(WTF::WordType>::isFull):
(WTF::WordType>::merge):
(WTF::WordType>::filter):
(WTF::WordType>::exclude):
(WTF::WordType>::forEachSetBit):
(WTF::=):
(WTF::WordType>::hash):

12:32 PM Changeset in webkit [203364] by fpizlo@apple.com
  • 31 edits
    12 adds in trunk

DFG and FTL should support op_call_eval
https://bugs.webkit.org/show_bug.cgi?id=159786

Reviewed by Saam Barati.
Source/JavaScriptCore:


This adds support for op_call_eval in DFG and FTL by brute force:

  • There is now a CallEval() node type, which compiles exactly the same way that we do in baseline.


  • We teach the DFG and bytecode liveness that the scope register and 'this' are read by CallEval()/op_call_eval.


We can compile eval quite well, except that right now we cannot inline functions that use
eval. It would be nice to do that, but the payoff is probably smaller. "Don't inline users
of eval" may even be an OK inlining heuristic. Not inlining users of eval allows me to
reuse the baseline implementation, which is really great. Otherwise, I'd have to get rid
of things like the rogue reads of scope register and 'this'.

The goal here is to produce speed-ups for code that has functions that do both eval and
some computational stuff. Obviously, we're not producing any benefit for the eval itself.
But now the other stuff in a function that uses eval will get to participate in
optimization.

This is a huge speed-up on microbenchmarks.

  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::dumpBytecode):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::needsScopeRegister):
(JSC::DFG::Graph::needsFlushedThis):

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGMayExit.cpp:
  • dfg/DFGNode.h:

(JSC::DFG::Node::hasHeapPrediction):

  • dfg/DFGNodeType.h:
  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

  • dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::WatchpointCollectionPhase::handle):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLCompile.cpp:

(JSC::FTL::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
(JSC::FTL::DFG::LowerDFGToB3::compileLoadVarargs):

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitDumbVirtualCall):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitTypeOf):

  • jit/JITCall.cpp:

(JSC::JIT::compileCallEvalSlowCase):

  • jit/JITCall32_64.cpp:

(JSC::JIT::compileCallEvalSlowCase):

  • jit/JITOperations.cpp:
  • tests/stress/exit-then-eval.js: Added.

(foo):

  • tests/stress/force-exit-then-eval-dfg.js: Added.

(foo):

  • tests/stress/force-exit-then-eval.js: Added.

(foo):

LayoutTests:

  • js/regress/eval-compute-expected.txt: Added.
  • js/regress/eval-compute.html: Added.
  • js/regress/eval-not-eval-compute-args-expected.txt: Added.
  • js/regress/eval-not-eval-compute-args.html: Added.
  • js/regress/eval-not-eval-compute-expected.txt: Added.
  • js/regress/eval-not-eval-compute.html: Added.
  • js/regress/script-tests/eval-compute.js: Added.

(foo):

  • js/regress/script-tests/eval-not-eval-compute-args.js: Added.

(foo):
(i.result.foo):

  • js/regress/script-tests/eval-not-eval-compute.js: Added.

(foo):
(i.result.foo):

12:23 PM Changeset in webkit [203363] by commit-queue@webkit.org
  • 5 edits
    2 adds in trunk/Source/WebCore

Move MediaSampleAVFObjC into its own file
https://bugs.webkit.org/show_bug.cgi?id=159796
<rdar://problem/27362488>

In preparation for a feature that uses MediaSampleAVFObjC, but does
not need SourceBufferPrivateAVFObjC, it is beneficial to move
MediaSampleAVFObjC to its own file.

Patch by George Ruan <gruan@apple.com> on 2016-07-18
Reviewed by Eric Carlson.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/MediaSample.h: Allow setting trackID to associate

MediaSample id with MediaStreamTrackPrivate id.

  • platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
  • platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved

from MediaSampleAVFObjC
(WebCore::MediaSampleAVFObjC::presentationTime):
(WebCore::MediaSampleAVFObjC::decodeTime):
(WebCore::MediaSampleAVFObjC::duration):
(WebCore::MediaSampleAVFObjC::sizeInBytes):
(WebCore::MediaSampleAVFObjC::platformSample):
(WebCore::CMSampleBufferIsRandomAccess):
(WebCore::MediaSampleAVFObjC::flags):
(WebCore::MediaSampleAVFObjC::presentationSize):
(WebCore::MediaSampleAVFObjC::dump):
(WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
(WebCore::MediaSampleAVFObjC::setTimestamps):

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

Moved MediaSampleAVFObjC to its own file.
(WebCore::MediaSampleAVFObjC::platformSample): Deleted.
(WebCore::CMSampleBufferIsRandomAccess): Deleted.
(WebCore::MediaSampleAVFObjC::flags): Deleted.
(WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
(WebCore::MediaSampleAVFObjC::dump): Deleted.
(WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
(WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.

  • platform/mock/mediasource/MockSourceBufferPrivate.cpp:
12:18 PM Changeset in webkit [203362] by eric.carlson@apple.com
  • 3 edits in trunk/Source/WebCore

[MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
https://bugs.webkit.org/show_bug.cgi?id=159812
<rdar://problem/27371624>

Reviewed by Jon Lee.

No new tests, it isn't possible to test this with our current testing infrastructure.

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
been an HDCP error.
(WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.

12:12 PM Changeset in webkit [203361] by fpizlo@apple.com
  • 25 edits
    6 adds in trunk

DFG should really support jneq_ptr
https://bugs.webkit.org/show_bug.cgi?id=159700

Reviewed by Keith Miller.

Source/JavaScriptCore:

Prior to this change, DFG statically speculated that jneq_ptr would always fall through. This
meant that programs that called o.apply() or o.call() where apply or call weren't the
expected ones (i.e. the function.prototype.apply/call) would rage-recompile forever.

This adds profiling to jneq_ptr. We now know if it always falls through or sometimes doesn't.
If it sometimes doesn't, we now emit an actual control flow diamond. I decided to add a new
NodeType for "equal pointer", since none of the existing ones really captured that. For
example, there was no way to express "equal pointer" for strings or symbols. We don't use it
for that right now, but we might, and if we did, then it would be hugely surprising that the
DFG interpreted this as value equality. So, the DFG now has CompareEqPtr, which means exactly
what jneq_ptr means by "equal pointer".

This is an enormous speed-up on microbenchmarks. I would assume that it's a speed-up on some
real things, too, but I don't know that for a fact.

  • bytecode/BytecodeList.json:
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
(JSC::BytecodeGenerator::emitExpectedFunctionSnippet):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasCellOperand):

  • dfg/DFGNodeType.h:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileRecordRegExpCachedResult):
(JSC::DFG::SpeculativeJIT::compileCompareEqPtr):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGValidate.cpp:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareEqPtr):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareLess):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEqConstant): Deleted.

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_eq):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_eq):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:

LayoutTests:

These tests now run super fast.

  • js/regress/apply-not-apply-expected.txt: Added.
  • js/regress/apply-not-apply.html: Added.
  • js/regress/call-or-not-call-expected.txt: Added.
  • js/regress/call-or-not-call.html: Added.
  • js/regress/script-tests/apply-not-apply.js: Added.

(let.o.apply):
(foo):

  • js/regress/script-tests/call-or-not-call.js: Added.

(let.o.call):
(foo):

12:12 PM Changeset in webkit [203360] by bshafiei@apple.com
  • 3 edits in branches/safari-602-branch/Source/JavaScriptCore

Merged r203351. rdar://problem/27327111

12:07 PM Changeset in webkit [203359] by bshafiei@apple.com
  • 12 edits in branches/safari-602-branch/Source

Merge patch for rdar://problem/27360961.

11:57 AM Changeset in webkit [203358] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking fast/shapes/shape-outside-floats/shape-outside-big-box-border-radius-002.html as flaky on ios-sim
https://bugs.webkit.org/show_bug.cgi?id=159881

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
11:57 AM Changeset in webkit [203357] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Marking http/tests/loading/basic-auth-resend-wrong-credentials.html as flaky on Mac and iOS WK2
https://bugs.webkit.org/show_bug.cgi?id=159884

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
  • platform/mac-wk2/TestExpectations:
11:55 AM Changeset in webkit [203356] by fpizlo@apple.com
  • 7 edits
    3 adds in trunk

OSR entry into DFG has problems with lexical scoping
https://bugs.webkit.org/show_bug.cgi?id=159687

Reviewed by Saam Barati.
Source/JavaScriptCore:


What a fun bug! It turns out that uses of lexical scoping, like "let", may sometimes cause us
to not be able to OSR enter into a loop from baseline to DFG. The bug is in a mitigation for
a different bug, which in turn had a mitigation for yet another bug, so the story here is a
long one.

DFG OSR entry has long had a mitigation for the following bug: the DFG bytecode parser may
choose to make us always OSR exit at some instruction if it thinks that it doesn't have
enough profiling for that instruction. We will do this if some kinds of put_by_id only
execute once, for example. This causes problems for loopy benchmarks like this:

put_by_id(something crazy);
for (var i = 0; i < bigNumber; ++i) simpleMath;


In this case, the put_by_id will have only executed once, and since it did something crazy
that one time, the bytecode parser will replace it with ForceOSRExit.

This creates an OSR entry bug: DFG CFA will then prove that the loop is unreachable, and will
tell OSR entry that it's impossible to enter into that loop.

We mitigated this bug a long time ago by recording mustHandleValues for loops at which we
want to enter. We inject these values into DFG CFA and we force CFA to recognize that the
loop is reachable even if CFA wanted to prove that it wasn't.

But this leads to another bug: we need to scrape the values from the stack inside
operationOptimize() and then we need to reason about them in the compiler. Some of those
values may be garbage, which would cause pandemonium inside the compiler. We also mitigated
this bug, by only recording the "vars", since those are guaranteed to be reset by op_enter.

And that's where the lexical scoping bug happens: "let" bound variables aren't part of the
"vars". DFG will see that they are live, but mustHandleValues will not have anything for
those variables, so CFA will prove that the values are Bottom. Then OSR entry will always
fail because no value is ever a subset of Bottom.

The first part of the fix is to ensure that mustHandleValues record all of the values on the
stack (i.e. within m_numCalleeLocals, rather than just m_numVars). But this creates a second
problem: we may record garbage. This patch includes a better fix for the garbage: before
touching mustHandleValues we run the bytecode liveness analysis and clear any values that are
not live. This ensures that we clear the garbage.

This is an enormous speed-up on microbenchmarks that use lexical scoping and have some crazy
put_by_id in the lead-up to the hot loop.

  • dfg/DFGCFAPhase.cpp:

(JSC::DFG::CFAPhase::run):

  • dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::checkLivenessAndVisitChildren):
(JSC::DFG::Plan::cancel):
(JSC::DFG::Plan::cleanMustHandleValuesIfNecessary):

  • dfg/DFGPlan.h:

(JSC::DFG::Plan::canTierUpAndOSREnter):

  • jit/JITOperations.cpp:

LayoutTests:

  • js/regress/script-tests/strict-osr-entry.js: Added.

(let.o.apply_):

  • js/regress/strict-osr-entry-expected.txt: Added.
  • js/regress/strict-osr-entry.html: Added.
11:51 AM Changeset in webkit [203355] by bshafiei@apple.com
  • 7 edits in branches/safari-602-branch/Source/JavaScriptCore

Merged r203353. rdar://problem/27405849

11:48 AM Changeset in webkit [203354] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

11:47 AM Changeset in webkit [203353] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

REGRESSION(r202975): --minimal build is broken
https://bugs.webkit.org/show_bug.cgi?id=159765

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-18
Reviewed by Chris Dumez.

Covered partially by builtin generated test code.

Updating generator to add a global compilation guard around the code that generates all global internal properties.
Split the generate_methods function in two, one dedicated to the visit method and the second one dedicated to
the initialize method.

  • Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:

(BuiltinsInternalsWrapperImplementationGenerator.generate_section_for_object): Use splitted generation functions.
(BuiltinsInternalsWrapperImplementationGenerator.generate_visit_method): Response to generate the visit method.
(BuiltinsInternalsWrapperImplementationGenerator._generate_initialize_static_globals): Responsible to generate
the code to initialize the internal globals. This code is put in a global compilation guard in case all
internals are compiled out by specific builds.
(BuiltinsInternalsWrapperImplementationGenerator):
(BuiltinsInternalsWrapperImplementationGenerator.generate_initialize_method): Responsible to generate the
initialize method.
(BuiltinsInternalsWrapperImplementationGenerator.generate_methods): Deleted.

  • Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Copyright change.
  • Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result: Ditto.
  • Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result: Ditto.
  • Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result: Ditto.
  • Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result: Reflects partially the built-in

generator change.

11:46 AM Changeset in webkit [203352] by bshafiei@apple.com
  • 1 copy in branches/safari-602-branch

New Branch.

11:38 AM Changeset in webkit [203351] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Fix bad assertions in genericTypedArrayViewPrivateFuncSubarrayCreate
https://bugs.webkit.org/show_bug.cgi?id=159882
<rdar://problem/27327111>

Reviewed by Mark Lam.

According the spec toInteger can return values we don't consider ints.
Such as, -0 and +/-Infinity. This broke some assertions in
genericTypedArrayViewPrivateFuncSubarrayCreate.

  • runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):

  • tests/stress/typedarray-subarray.js:
11:32 AM Changeset in webkit [203350] by fpizlo@apple.com
  • 10 edits in trunk

WTF::Lock should be fair eventually
https://bugs.webkit.org/show_bug.cgi?id=159384

Reviewed by Geoffrey Garen.
Source/WTF:


In https://webkit.org/blog/6161/locking-in-webkit/ we showed how relaxing the fairness of
locks makes them fast. That post presented lock fairness as a trade-off between two
extremes:

  • Barging. A barging lock, like WTF::Lock, releases the lock in unlock() even if there was a thread on the queue. If there was a thread on the queue, the lock is released and that thread is made runnable. That thread may then grab the lock, or some other thread may grab the lock first (it may barge). Usually, the barging thread is the thread that released the lock in the first place. This maximizes throughput but hurts fairness. There is no good theoretical bound on how unfair the lock may become, but empirical data suggests that it's fair enough for the cases we previously measured.


  • FIFO. A FIFO lock, like HandoffLock in ToyLocks.h, does not release the lock in unlock() if there is a thread waiting. If there is a thread waiting, unlock() will make that thread runnable and inform it that it now holds the lock. This ensures perfect round-robin fairness and allows us to reason theoretically about how long it may take for a thread to grab the lock. For example, if we know that only N threads are running and each one may contend on a critical section, and each one may hold the lock for at most S seconds, then the time it takes to grab the lock is N * S. Unfortunately, FIFO locks perform very badly in most cases. This is because for the common case of short critical sections, they force a context switch after each critical section if the lock is contended.


This change makes WTF::Lock almost as fair as FIFO while still being as fast as barging.
Thanks to this new algorithm, you can now have both of these things at the same time.

This change makes WTF::Lock eventually fair. We can almost (more on the caveats below)
guarantee that the time it takes to grab a lock is N * max(1ms, S). In other words, critical
sections that are longer than 1ms are always fair. For shorter critical sections, the amount
of time that any thread waits is 1ms times the number of threads. There are some caveats
that arise from our use of randomness, but even then, in the limit as the critical section
length goes to infinity, the lock becomes fair. The corner cases are unlikely to happen; our
experiments show that the lock becomes exactly as fair as a FIFO lock for any critical
section that is 1ms or longer.

The fairness mechanism is broken into two parts. WTF::Lock can now choose to unlock a lock
fairly or unfairly thanks to the new ParkingLot token mechanism. WTF::Lock knows when to use
fair unlocking based on a timeout mechanism in ParkingLot called timeToBeFair.

ParkingLot::unparkOne() and ParkingLot::parkConditionally() can now communicate with each
other via a token. unparkOne() can pass a token, which parkConditionally() will return. This
change also makes parkConditionally() a lot more precise about when it was unparked due to a
call to unparkOne(). If unparkOne() is told that a thread was unparked then this thread is
guaranteed to report that it was unparked rather than timing out, and that thread is
guaranteed to get the token that unparkOne() passed. The token is an intptr_t. We use it as
a boolean variable in WTF::Lock, but you could use it to pass arbitrary data structures. By
default, the token is zero. WTF::Lock's unlock() will pass 1 as the token if it is doing
fair unlocking. In that case, unlock() will not release the lock, and lock() will know that
it holds the lock as soon as parkConditionally() returns. Note that this algorithm relies
on unparkOne() invoking WTF::Lock's callback while the queue lock is held, so that WTF::Lock
can make a decision about unlock strategy and inject a token while it has complete knowledge
over the state of the queue. As such, it's not immediately obvious how to implement this
algorithm on top of futexes. You really need ParkingLot!

WTF::Lock does not use fair unlocking every time. We expose a new API, Lock::unlockFairly(),
which forces the fair unlocking behavior. Additionally, ParkingLot now maintains a
per-bucket stochastic fairness timeout. When the timeout fires, the unparkOne() callback
sees UnparkResult::timeToBeFair = true. This timeout is set to be anywhere from 0ms to 1ms
at random. When a dequeue happens and there are threads that actually get dequeued, we check
if the time since the last unfair unlock (the last time timeToBeFair was set to true) is
more than the timeout amount. If so, then we set timeToBeFair to true and reset the timeout.
This means that in the absence of ParkingLot collisions, unfair unlocking is guaranteed to
happen at least once per millisecond. It will happen at 2 KHz on average. If there are
collisions, then each collision adds one millisecond to the worst case (and 0.5 ms to the
average case). The reason why we don't just use a fixed 1ms timeout is that we want to avoid
resonance. Imagine a program in which some thread acquires a lock at 1 KHz in-phase with the
timeToBeFair timeout. Then this thread would be the benefactor of fairness to the detriment
of everyone else. Randomness ensures that we aren't too fair to any one thread.

Empirically, this is neutral on our major benchmarks like JetStream but it's an enormous
improvement in LockFairnessTest. It's common for an unfair lock (either our BargingLock, the
old WTF::Lock, any of the other futex-based locks that barge, or new os_unfair_lock) to
allow only one thread to hold the lock during a whole second in which each thread is holding
the lock for 1ms at a time. This is because in a barging lock, releasing a lock after
holding it for 1ms and then reacquiring it immediately virtually ensures that none of the
other threads can wake up in time to grab it before it's relocked. But the new WTF::Lock
handles this case like a champ: each thread gets equal turns.

Here's some data. If we launch 10 threads and have each of them run for 1 second while
repeatedly holding a critical section for 1ms, then here's how many times each thread gets
to hold the lock using the old WTF::Lock algorithm:

799, 6, 1, 1, 1, 1, 1, 1, 1, 1

One thread hogged the lock for almost the whole time! With the new WTF::Lock, the lock
becomes totally fair:

80, 79, 79, 79, 79, 79, 79, 80, 80, 79

I don't know of anyone creating such an automatically-fair adaptive lock before, so I think
that this is a pretty awesome advancement to the state of the art!

This change is good for three reasons:

  • We do have long critical sections in WebKit and we don't want to have to worry about starvation. This reduces the likelihood that we will see starvation due to our lock strategy.


  • I was talking to ggaren about bmalloc's locking needs, and he wanted unlockFairly() or lockFairly() or some moral equivalent for the scavenger thread.


  • If we use a WTF::Lock to manage heap access in a multithreaded GC, we'll need the ability to unlock and relock without barging.
  • benchmarks/LockFairnessTest.cpp:

(main):

  • benchmarks/ToyLocks.h:
  • wtf/Condition.h:

(WTF::ConditionBase::waitUntil):
(WTF::ConditionBase::notifyOne):

  • wtf/Lock.cpp:

(WTF::LockBase::lockSlow):
(WTF::LockBase::unlockSlow):
(WTF::LockBase::unlockFairlySlow):
(WTF::LockBase::unlockSlowImpl):

  • wtf/Lock.h:

(WTF::LockBase::try_lock):
(WTF::LockBase::unlock):
(WTF::LockBase::unlockFairly):
(WTF::LockBase::isHeld):
(WTF::LockBase::isFullyReset):

  • wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionallyImpl):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):
(WTF::ParkingLot::unparkAll):

  • wtf/ParkingLot.h:

(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::compareAndPark):
(WTF::ParkingLot::unparkOne):

Tools:

  • TestWebKitAPI/Tests/WTF/ParkingLot.cpp:
10:43 AM Changeset in webkit [203349] by yoav@yoav.ws
  • 2 edits in trunk/Source/WebCore

Add preload to features.json
https://bugs.webkit.org/show_bug.cgi?id=159872

Reviewed by Darin Adler.

No new tests but no functional change.

  • features.json:
9:17 AM Changeset in webkit [203348] by ap@apple.com
  • 2 edits in trunk

"make ARCHS=x86_64" fails to build
https://bugs.webkit.org/show_bug.cgi?id=159867

Reviewed by Dan Bernstein.

  • Makefile.shared: Override VALID_ARCHS when ARCHS is set, so that even projects

that normally customize VALID_ARCHS wouldn't fail to build.

6:41 AM Changeset in webkit [203347] by commit-queue@webkit.org
  • 6 edits in trunk

[Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
https://bugs.webkit.org/show_bug.cgi?id=159870

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-18
Reviewed by Xabier Rodriguez-Calvar.

LayoutTests/imported/w3c:

  • web-platform-tests/streams/readable-streams/bad-strategies.https-expected.txt:

Source/WebCore:

Covered by rebased test.

  • Modules/streams/StreamInternals.js:

(validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.

LayoutTests:

  • streams/reference-implementation/bad-strategies.html: Reflecting isNaN change in WritableStream test.
6:24 AM MathML/Fonts edited by fred.wang@free.fr
Update supported MATH constants (diff)
5:41 AM Changeset in webkit [203346] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

Windows buildfix after r203338
https://bugs.webkit.org/show_bug.cgi?id=159875

Unreviewed buildfix.

  • dom/UserGestureIndicator.h:

(WebCore::UserGestureToken::addDestructionObserver):

3:39 AM Changeset in webkit [203345] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.13.3

WebKitGTK+ 2.13.3

3:35 AM Changeset in webkit [203344] by Carlos Garcia Campos
  • 4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.13.3 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.13.3.
2:24 AM Changeset in webkit [203343] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

[Mac][cmake] Unreviewed buildfix after r203338. Just for fun.

  • PlatformMac.cmake:
2:04 AM Changeset in webkit [203342] by Carlos Garcia Campos
  • 18 edits
    1 copy
    2 adds in trunk/Source

MemoryPressureHandler doesn't work if cgroups aren't present in Linux
https://bugs.webkit.org/show_bug.cgi?id=155255

Reviewed by Sergio Villar Senin.

Source/WebCore:

Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
available.

  • platform/MemoryPressureHandler.h:
  • platform/linux/MemoryPressureHandlerLinux.cpp:

Source/WebKit2:

There's no way to get notifications about memory pressure in Linux without using cgroups that doesn't require a
manual polling. We can get that information from /proc/meminfo, but that's not pollable so it requires to
manually check its contents in a loop sleeping for a while between checks. This means we would be waking up the
process on every poll iteration, most of the times for nothing. That's specially problematic on devices running
on battery. And taking into account that there's a memory pressure handler in every secondary process (Web,
Network and Plugin), we would be waking up all those process all the time. However, not having a memory pressure
handler is even more problematic than the manual polling.
This patch adds a class MemoryPressureMonitor to the manual polling of /proc/meminfo, but runs in the UI
process, to avoid the weakups in all other secondary processes, and uses an eventFD to notify all other
processes. It's only used in case cgroups is not available. The eventFD descriptor is sent to all other
processes at startup, and passed to the MemoryPressureHandler before install() is called for the first
time. To minimize the wakeups even in the UI process, the poll interval is calculated from 1 to 5 seconds
depending on the current memory used, so in case of low memory level we sleep for a longer time.
It's also important to make the memory calculations as accurate as possible to avoid cleaning resources in the
secondary processes unnecessarily.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::initializeNetworkProcess): Pass the memory pressure monitor file descriptor to the MemoryPressureHandler.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode): Encode memory pressure monitor handle.
(WebKit::NetworkProcessCreationParameters::decode): Decode memory pressure monitor handle.

  • NetworkProcess/NetworkProcessCreationParameters.h:
  • PlatformEfl.cmake: Add new file to compilation, and update include dirs.
  • PlatformGTK.cmake: Ditto.
  • PluginProcess/PluginProcess.cpp:

(WebKit::PluginProcess::initializePluginProcess): Pass the memory pressure monitor file descriptor to the MemoryPressureHandler.

  • Shared/Plugins/PluginProcessCreationParameters.cpp:

(WebKit::PluginProcessCreationParameters::encode): Encode memory pressure monitor handle.
(WebKit::PluginProcessCreationParameters::decode): Decode memory pressure monitor handle.

  • Shared/Plugins/PluginProcessCreationParameters.h:
  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Encode memory pressure monitor handle.
(WebKit::WebProcessCreationParameters::decode): Decode memory pressure monitor handle.

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::didFinishLaunching): Create the memory pressure monitor handle for the plugin
process if needed.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess): Create the memory pressure monitor handle for the network
process if needed.
(WebKit::WebProcessPool::createNewWebProcess): Create the memory pressure monitor handle for the web process if
needed.

  • UIProcess/linux/MemoryPressureMonitor.cpp: Added.

(WebKit::lowWatermarkPages):
(WebKit::systemPageSize):
(WebKit::calculateMemoryAvailable):
(WebKit::systemMemoryUsedAsPercentage):
(WebKit::pollIntervalForUsedMemoryPercentage):
(WebKit::isSystemdMemoryPressureMonitorAvailable):
(WebKit::MemoryPressureMonitor::isEnabled):
(WebKit::MemoryPressureMonitor::singleton):
(WebKit::MemoryPressureMonitor::MemoryPressureMonitor):
(WebKit::MemoryPressureMonitor::createHandle):

  • UIProcess/linux/MemoryPressureMonitor.h:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Pass the memory pressure monitor file descriptor to the MemoryPressureHandler.

Jul 17, 2016:

11:53 PM Changeset in webkit [203341] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebKit2

REGRESSION(r202855): [GTK] ASSERTION FAILED: m_webPage.bounds().contains(bounds)
https://bugs.webkit.org/show_bug.cgi?id=159806

Reviewed by Žan Doberšek.

The problem is that since r202855, in case of non accelerated mode, the dirty region is updated too late when
updating backing store state.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::updateBackingStoreState): Update the dirty region to the new size when not in
accelerated compositing mode.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::setSize): Update the WebPage size before resizing the frame and calling setNeedsDisplay() to
ensure that any call to setNeedsDisplay() uses the new web page bounds. This is actually a regression introduced
in r143472, where setNeedsDisplay was changed to use the web page bounds as directy rectangle. Before r143472
the dirty rectangle was passed to setNeedsDisplay and it passed the right one.

11:13 PM Changeset in webkit [203340] by Gyuyoung Kim
  • 21 edits in trunk/Source/WebCore

Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
https://bugs.webkit.org/show_bug.cgi?id=159701

Reviewed by Alex Christensen.

No new tests, no behavior changes.

  • Modules/encryptedmedia/CDM.h:
  • Modules/encryptedmedia/MediaKeySession.h:
  • Modules/encryptedmedia/MediaKeys.h:
  • Modules/quota/DOMWindowQuota.cpp:
  • Modules/quota/StorageErrorCallback.cpp:

(WebCore::StorageErrorCallback::CallbackTask::CallbackTask):

  • Modules/quota/StorageErrorCallback.h:
  • Modules/quota/StorageInfo.h:
  • Modules/quota/StorageQuota.h:
  • Modules/speech/DOMWindowSpeechSynthesis.cpp:
  • Modules/speech/SpeechSynthesis.cpp:

(WebCore::SpeechSynthesis::getVoices):
(WebCore::SpeechSynthesis::startSpeakingImmediately):
(WebCore::SpeechSynthesis::speak):
(WebCore::SpeechSynthesis::cancel):
(WebCore::SpeechSynthesis::handleSpeakingCompleted):
(WebCore::SpeechSynthesis::boundaryEventOccurred):
(WebCore::SpeechSynthesis::didStartSpeaking):
(WebCore::SpeechSynthesis::didPauseSpeaking):
(WebCore::SpeechSynthesis::didResumeSpeaking):
(WebCore::SpeechSynthesis::didFinishSpeaking):
(WebCore::SpeechSynthesis::speakingErrorOccurred):

  • Modules/speech/SpeechSynthesis.h:
  • Modules/speech/SpeechSynthesisEvent.h:
  • Modules/speech/SpeechSynthesisUtterance.h:
  • Modules/speech/SpeechSynthesisVoice.cpp:

(WebCore::SpeechSynthesisVoice::create):
(WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):

  • Modules/speech/SpeechSynthesisVoice.h:
  • platform/PlatformSpeechSynthesizer.h:
  • platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:

(WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):

  • platform/mock/PlatformSpeechSynthesizerMock.cpp:

(WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
(WebCore::PlatformSpeechSynthesizerMock::speak):
(WebCore::PlatformSpeechSynthesizerMock::cancel):
(WebCore::PlatformSpeechSynthesizerMock::pause):
(WebCore::PlatformSpeechSynthesizerMock::resume):

11:08 PM Changeset in webkit [203339] by fred.wang@free.fr
  • 6 edits in trunk/LayoutTests

Rebaseline Windows and EFL MathML pixel tests after r203289.
https://bugs.webkit.org/show_bug.cgi?id=158866

Unreviewed test gardening.

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-17

  • platform/efl/mathml/opentype/vertical-expected.txt:
  • platform/efl/mathml/presentation/mo-stretch-expected.txt:
  • platform/win/mathml/opentype/opentype-stretchy-expected.txt:
  • platform/win/mathml/opentype/vertical-expected.txt:
  • platform/win/mathml/presentation/mo-stretch-expected.txt:
6:07 PM Changeset in webkit [203338] by weinig@apple.com
  • 51 edits
    6 adds in trunk

[WebKit API] Add SPI to track multiple navigations caused by a single user gesture
<rdar://problem/26554137>
https://bugs.webkit.org/show_bug.cgi?id=159856

Reviewed by Dan Bernstein.

Source/WebCore:

  • Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
  • Makes UserGestureIndicator track UserGestureToken.
  • Refines UserGestureIndicator's interface to use Optional and a smaller enum set to represent the different initial states.
  • Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, postMessage, and ScheduledNavigation) rather than just a boolean.
  • accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::increment):
(WebCore::AccessibilityNodeObject::decrement):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::press):

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeScriptInWorld):
(WebCore::ScriptController::executeScript):
Update for new UserGestureIndicator interface.

  • dom/UserGestureIndicator.cpp:

(WebCore::currentToken):
(WebCore::UserGestureToken::~UserGestureToken):
(WebCore::UserGestureIndicator::UserGestureIndicator):
(WebCore::UserGestureIndicator::~UserGestureIndicator):
(WebCore::UserGestureIndicator::currentUserGesture):
(WebCore::UserGestureIndicator::processingUserGesture):
(WebCore::UserGestureIndicator::processingUserGestureForMedia):
(WebCore::isDefinite): Deleted.

  • dom/UserGestureIndicator.h:

(WebCore::UserGestureToken::create):
(WebCore::UserGestureToken::state):
(WebCore::UserGestureToken::processingUserGesture):
(WebCore::UserGestureToken::processingUserGestureForMedia):
(WebCore::UserGestureToken::addDestructionObserver):
(WebCore::UserGestureToken::UserGestureToken):
Add UserGestureToken and track the current one explicitly.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):

  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::openInNewTab):

  • inspector/InspectorFrontendHost.cpp:
  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::navigate):
Update for new UserGestureIndicator interface.

  • loader/NavigationAction.cpp:

(WebCore::NavigationAction::NavigationAction):

  • loader/NavigationAction.h:

(WebCore::NavigationAction::userGestureToken):
(WebCore::NavigationAction::processingUserGesture):

  • loader/NavigationScheduler.cpp:

(WebCore::ScheduledNavigation::ScheduledNavigation):
(WebCore::ScheduledNavigation::~ScheduledNavigation):
(WebCore::ScheduledNavigation::lockBackForwardList):
(WebCore::ScheduledNavigation::wasDuringLoad):
(WebCore::ScheduledNavigation::isLocationChange):
(WebCore::ScheduledNavigation::userGestureToForward):
(WebCore::ScheduledNavigation::clearUserGesture):
(WebCore::NavigationScheduler::mustLockBackForwardList):
(WebCore::NavigationScheduler::scheduleFormSubmission):
(WebCore::ScheduledNavigation::wasUserGesture): Deleted.

  • page/DOMTimer.cpp:

(WebCore::shouldForwardUserGesture):
(WebCore::userGestureTokenToForward):
(WebCore::DOMTimer::DOMTimer):
(WebCore::DOMTimer::fired):

  • page/DOMTimer.h:
  • page/DOMWindow.cpp:

(WebCore::PostMessageTimer::PostMessageTimer):
Store the active UserGestureToken rather than just a bit.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEvent):
(WebCore::EventHandler::handleMouseDoubleClickEvent):
(WebCore::EventHandler::handleMouseReleaseEvent):
(WebCore::EventHandler::keyEvent):
(WebCore::EventHandler::handleTouchEvent):

  • rendering/HitTestResult.cpp:

(WebCore::HitTestResult::toggleMediaFullscreenState):
(WebCore::HitTestResult::enterFullscreenForVideo):
(WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
Update for new UserGestureIndicator interface.

Source/WebKit/mac:

  • Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::evaluate):

  • Plugins/WebNetscapePluginView.mm:

(-[WebNetscapePluginView sendEvent:isDrawRect:]):
Update for new UserGestureIndicator interface.

Source/WebKit/win:

  • Plugins/PluginView.cpp:

(WebCore::PluginView::performRequest):

  • WebCoreSupport/WebContextMenuClient.cpp:

(WebContextMenuClient::searchWithGoogle):
Update for new UserGestureIndicator interface.

Source/WebKit2:

  • Shared/API/APIObject.h:
  • Shared/Cocoa/APIObject.mm:

(API::Object::newObject):

  • UIProcess/API/APIUserInitiatedAction.h: Added.

Add new APIObject type, UserInitiatedAction.

  • UIProcess/API/Cocoa/WKNavigationAction.mm:
  • UIProcess/API/Cocoa/WKNavigationActionPrivate.h:

Expose a _WKUserInitiatedAction on the WKNavigationAction.

  • UIProcess/API/Cocoa/_WKUserInitiatedAction.h: Added.
  • UIProcess/API/Cocoa/_WKUserInitiatedAction.mm: Added.

(-[_WKUserInitiatedAction consume]):
(-[_WKUserInitiatedAction isConsumed]):
(-[_WKUserInitiatedAction _apiObject]):

  • UIProcess/API/Cocoa/_WKUserInitiatedActionInternal.h: Added.

Add new _WKUserInitiatedAction type wrapping API::UserInitiatedAction.

  • Shared/NavigationActionData.cpp:

(WebKit::NavigationActionData::encode):
(WebKit::NavigationActionData::decode):

  • Shared/NavigationActionData.h:

Store the userGestureTokenIdentifier (as determined from the WebProcess's map) rather
than just a single bit. This allows us to track if a user gesture is used for multiple navigations.

  • UIProcess/API/APINavigationAction.h:

Add UserInitiatedAction member and re-implement isProcessingUserGesture in terms of it.

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageUIClient):

  • UIProcess/Cocoa/UIDelegate.mm:

(WebKit::UIDelegate::UIClient::createNewPage):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
Get the API::UserInitiatedAction from the WebProcessProxy (if it exists), and pass
it along to the API::NavigationAction.

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::userInitiatedActivity):
(WebKit::WebProcessProxy::didDestroyUserGestureToken):

  • UIProcess/WebProcessProxy.h:

Keep a map of active userInitiatedActivity objects.

  • UIProcess/WebProcessProxy.messages.in:

Add DidDestroyUserGestureToken message to manager API::UserInitiatedActivity lifetimes.

  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • WebProcess/Notifications/WebNotificationManager.cpp:

(WebKit::WebNotificationManager::didClickNotification):

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::performFrameLoadURLRequest):
(WebKit::PluginView::evaluate):

  • WebProcess/WebCoreSupport/WebContextMenuClient.cpp:

(WebKit::WebContextMenuClient::searchWithGoogle):

  • WebProcess/cocoa/WebPlaybackSessionManager.mm:

(WebKit::WebPlaybackSessionManager::play):
(WebKit::WebPlaybackSessionManager::pause):
(WebKit::WebPlaybackSessionManager::togglePlayState):
(WebKit::WebPlaybackSessionManager::beginScrubbing):
(WebKit::WebPlaybackSessionManager::endScrubbing):
(WebKit::WebPlaybackSessionManager::seekToTime):
(WebKit::WebPlaybackSessionManager::fastSeek):
(WebKit::WebPlaybackSessionManager::beginScanningForward):
(WebKit::WebPlaybackSessionManager::beginScanningBackward):
(WebKit::WebPlaybackSessionManager::endScanning):
(WebKit::WebPlaybackSessionManager::selectAudioMediaOption):
(WebKit::WebPlaybackSessionManager::selectLegibleMediaOption):
Update for new UserGestureIndicator interface.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::createWindow):

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
Get an identifier for the UserGestureToken from the WebProcess singleton
to pass to the WebProcess.

  • WebProcess/WebProcess.cpp:

(WebKit::nextUserGestureTokenIdentifier):
(WebKit::WebProcess::userGestureTokenIdentifier):
(WebKit::WebProcess::userGestureTokenDestroyed):

  • WebProcess/WebProcess.h:

Track UserGestureToken lifetimes utilizing the destructionObserver mechanism
off the tokens to indicate destruction. When destroyed, notify the UIProcess
to avoid leaks.

Tools:

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:]):
Add basic window.open implementation.

(-[WK2BrowserWindowController webView:decidePolicyForNavigationAction:decisionHandler:]):
Add basic navigation policy implementation which implements a rule where a user gesture is only allowed
to open a single non-web URL, all others are dropped.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/UserInitiatedActionInNavigationAction.mm: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/open-multiple-external-url.html: Added.

Add API for the new SPI.

5:39 PM Changeset in webkit [203337] by rniwa@webkit.org
  • 54 edits in trunk/Source

Rename fastHasAttribute to hasAttributeWithoutSynchronization
https://bugs.webkit.org/show_bug.cgi?id=159864

Reviewed by Chris Dumez.

Source/WebCore:

Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.

  • accessibility/AccessibilityListBoxOption.cpp:

(WebCore::AccessibilityListBoxOption::isEnabled):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::hasAttribute):
(WebCore::AccessibilityObject::getAttribute):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::determineAccessibilityRole):

  • bindings/scripts/CodeGenerator.pm:

(GetterExpression):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjReflectedBooleanAttr):
(WebCore::jsTestObjReflectedCustomBooleanAttr):

  • bindings/scripts/test/ObjC/DOMTestObj.mm:

(-[DOMTestObj reflectedBooleanAttr]):
(-[DOMTestObj setReflectedBooleanAttr:]):
(-[DOMTestObj reflectedCustomBooleanAttr]):
(-[DOMTestObj setReflectedCustomBooleanAttr:]):

  • dom/Document.cpp:

(WebCore::Document::hasManifest):
(WebCore::Document::doctype):

  • dom/Element.h:

(WebCore::Node::parentElement):
(WebCore::Element::hasAttributeWithoutSynchronization):
(WebCore::Element::fastHasAttribute): Deleted.

  • editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):

  • editing/DeleteSelectionCommand.cpp:

(WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):

  • editing/markup.cpp:

(WebCore::createMarkupInternal):

  • html/ColorInputType.cpp:

(WebCore::ColorInputType::shouldShowSuggestions):

  • html/FileInputType.cpp:

(WebCore::FileInputType::handleDOMActivateEvent):
(WebCore::FileInputType::receiveDroppedFiles):

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::didMoveToNewDocument):
(WebCore::FormAssociatedElement::insertedInto):
(WebCore::FormAssociatedElement::removedFrom):
(WebCore::FormAssociatedElement::formAttributeChanged):

  • html/FormController.cpp:

(WebCore::ownerFormForState):

  • html/GenericCachedHTMLCollection.cpp:

(WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::draggable):
(WebCore::HTMLAnchorElement::href):
(WebCore::HTMLAnchorElement::sendPings):

  • html/HTMLAppletElement.cpp:

(WebCore::HTMLAppletElement::rendererIsNeeded):

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::collectStyleForPresentationAttribute):
(WebCore::elementAffectsDirectionality):
(WebCore::setHasDirAutoFlagRecursively):

  • html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::rendererIsNeeded):

  • html/HTMLFieldSetElement.cpp:

(WebCore::updateFromControlElementsAncestorDisabledStateUnder):
(WebCore::HTMLFieldSetElement::disabledAttributeChanged):
(WebCore::HTMLFieldSetElement::disabledStateChanged):
(WebCore::HTMLFieldSetElement::childrenChanged):

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::formNoValidate):
(WebCore::HTMLFormControlElement::formAction):
(WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
(WebCore::shouldAutofocus):

  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::formElementIndex):
(WebCore::HTMLFormElement::noValidate):

  • html/HTMLFrameElement.cpp:

(WebCore::HTMLFrameElement::noResize):
(WebCore::HTMLFrameElement::didAttachRenderers):

  • html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::parseAttribute):
(WebCore::HTMLFrameElementBase::location):

  • html/HTMLHRElement.cpp:

(WebCore::HTMLHRElement::collectStyleForPresentationAttribute):

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::isServerMap):

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::finishParsingChildren):
(WebCore::HTMLInputElement::matchesDefaultPseudoClass):
(WebCore::HTMLInputElement::isActivatedSubmit):
(WebCore::HTMLInputElement::reset):
(WebCore::HTMLInputElement::multiple):
(WebCore::HTMLInputElement::setSize):
(WebCore::HTMLInputElement::shouldUseMediaCapture):

  • html/HTMLMarqueeElement.cpp:

(WebCore::HTMLMarqueeElement::minimumDelay):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::insertedInto):
(WebCore::HTMLMediaElement::selectMediaResource):
(WebCore::HTMLMediaElement::loadResource):
(WebCore::HTMLMediaElement::autoplay):
(WebCore::HTMLMediaElement::preload):
(WebCore::HTMLMediaElement::loop):
(WebCore::HTMLMediaElement::setLoop):
(WebCore::HTMLMediaElement::controls):
(WebCore::HTMLMediaElement::setControls):
(WebCore::HTMLMediaElement::muted):
(WebCore::HTMLMediaElement::setMuted):
(WebCore::HTMLMediaElement::selectNextSourceChild):
(WebCore::HTMLMediaElement::sourceWasAdded):
(WebCore::HTMLMediaElement::mediaSessionTitle):

  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::parseAttribute):

  • html/HTMLOptGroupElement.cpp:

(WebCore::HTMLOptGroupElement::isDisabledFormControl):
(WebCore::HTMLOptGroupElement::isFocusable):

  • html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
(WebCore::HTMLOptionElement::text):

  • html/HTMLProgressElement.cpp:

(WebCore::HTMLProgressElement::isDeterminate):
(WebCore::HTMLProgressElement::didElementStateChange):

  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::async):
(WebCore::HTMLScriptElement::setCrossOrigin):
(WebCore::HTMLScriptElement::asyncAttributeValue):
(WebCore::HTMLScriptElement::deferAttributeValue):
(WebCore::HTMLScriptElement::hasSourceAttribute):
(WebCore::HTMLScriptElement::dispatchLoadEvent):

  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::reset):

  • html/HTMLTrackElement.cpp:

(WebCore::HTMLTrackElement::isDefault):
(WebCore::HTMLTrackElement::ensureTrack):
(WebCore::HTMLTrackElement::loadTimerFired):

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
(WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
(WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):

  • html/SearchInputType.cpp:

(WebCore::SearchInputType::searchEventsShouldBeDispatched):
(WebCore::SearchInputType::didSetValueByUserEdit):

  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForNode):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
(WebCore::FrameLoader::findFrameForNavigation):

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::notifyFinished):

  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::getSelectedSemanticsChild):

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::computePreferredLogicalWidths):

  • rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::adjustMenuListButtonStyle):

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForWithReason):

  • rendering/svg/RenderSVGResourceClipper.cpp:

(WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):

  • svg/SVGAnimateMotionElement.cpp:

(WebCore::SVGAnimateMotionElement::updateAnimationPath):

  • svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::startedActiveInterval):
(WebCore::SVGAnimationElement::updateAnimation):

  • svg/animation/SVGSMILElement.cpp:

(WebCore::SVGSMILElement::insertedInto):

Source/WebKit2:

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getAssistedNodeInformation):

3:00 PM Changeset in webkit [203336] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

DFG CSE is broken for MultiGetByOffset
https://bugs.webkit.org/show_bug.cgi?id=159858

Reviewed by Saam Barati.

This disabled CSE for MultiGetByOffset. I opened bug 159859 for the long-term fix, which
would teach CSE (and other passes also) how to decay a removed MultiGetByOffset to a
CheckStructure. Since we currently just decay MultiGetByOffset to Check, we forget the
structure checks. So, if we CSE a MultiGetByOffset that checks for one set of structures with
a heap access on the same property and base that checks for different structures, then we
will forget some structure checks that we had previously. It's unsound to forget checks in
DFG IR.

This bug mostly manifested as a high-volume crash at Unreachable in FTL, because we'd prove
that the code after the MultiGetByOffset was unreachable due to the structure checks and then
CSE would remove everything but the Unreachable.

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize): Remove the def() for MultiGetByOffset to disable CSE for this node for now.

  • tests/stress/cse-multi-get-by-offset-remove-checks.js: Added. This used to fail with FTL eanbled.

(Cons1):
(Cons2):
(Cons3):
(foo):
(bar):

1:35 PM Changeset in webkit [203335] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

REGRESSION (r191907): Maxthon Browser -After exit full screen video playback the browser window is blank with audio running
https://bugs.webkit.org/show_bug.cgi?id=159731
<rdar://problem/26674003>

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-07-17
Reviewed by Tim Horton.

Primarily written by Jer Noble <jer.noble@apple.com>.

When a view is removed from it's superview, and that superview's constraints property references
the removed superview, those constraints are removed as well. Make sure to save off a copy of
the superview's constraints before swapping in the placeholder view, and reapply those constraints
when swapping the web view back into its original superview.

  • UIProcess/mac/WKFullScreenWindowController.h:
  • UIProcess/mac/WKFullScreenWindowController.mm:

(-[WKFullScreenWindowController setSavedConstraints:]):
(-[WKFullScreenWindowController savedConstraints]):
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController finishedEnterFullScreenAnimation:]):
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):

12:12 PM Changeset in webkit [203334] by beidson@apple.com
  • 7 edits in trunk/Source/WebCore

Exceptions logged to the JS console should use toString().
https://bugs.webkit.org/show_bug.cgi?id=159855

Reviewed by Darin Adler.

No new tests (No change in behavior).

  • bindings/js/JSDOMBinding.cpp:

(WebCore::reportException):

  • dom/DOMCoreException.h:

(WebCore::DOMCoreException::DOMCoreException):

  • dom/ExceptionBase.cpp:

(WebCore::ExceptionBase::ExceptionBase):
(WebCore::ExceptionBase::toString):
(WebCore::ExceptionBase::consoleErrorMessage): Deleted.

  • dom/ExceptionBase.h:

(WebCore::ExceptionBase::description): Deleted.

  • svg/SVGException.h:
  • xml/XPathException.h:

(WebCore::XPathException::XPathException):

9:47 AM Changeset in webkit [203333] by beidson@apple.com
  • 477 edits in trunk

Update DOMCoreException to use the description in toString().
https://bugs.webkit.org/show_bug.cgi?id=159857

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-and-arguments-expected.txt:
  • web-platform-tests/XMLHttpRequest/send-non-same-origin.sub-expected.txt:
  • web-platform-tests/XMLHttpRequest/setrequestheader-bogus-name-expected.txt:
  • web-platform-tests/XMLHttpRequest/setrequestheader-bogus-value-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-defer-scripts-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-scripts-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-not-hang-scriptloader-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-timeout-worker-synconworker-expected.txt:
  • web-platform-tests/dom/events/ProgressEvent-expected.txt:
  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:
  • web-platform-tests/dom/nodes/Document-createEvent-expected.txt:
  • web-platform-tests/dom/nodes/Element-closest-expected.txt:
  • web-platform-tests/dom/nodes/Element-matches-expected.txt:
  • web-platform-tests/dom/nodes/ParentNode-querySelector-All-expected.txt:
  • web-platform-tests/dom/nodes/ParentNode-querySelector-All-xht-expected.txt:
  • web-platform-tests/dom/nodes/insert-adjacent-expected.txt:
  • web-platform-tests/domparsing/createContextualFragment-expected.txt:
  • web-platform-tests/html/dom/interfaces-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/volume_nonfinite-expected.txt:
  • web-platform-tests/html/semantics/forms/the-input-element/month-expected.txt:
  • web-platform-tests/html/semantics/forms/the-input-element/range-expected.txt:
  • web-platform-tests/html/semantics/forms/the-input-element/time-expected.txt:
  • web-platform-tests/html/semantics/forms/the-meter-element/meter-expected.txt:

Source/WebCore:

No new tests (Covered by changes to existing tests).

  • bindings/js/JSDOMBinding.cpp:

(WebCore::createDOMException):

  • dom/DOMCoreException.h:

(WebCore::DOMCoreException::DOMCoreException):
(WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.

LayoutTests:

  • canvas/philip/tests/2d.missingargs.html:
  • crypto/crypto-random-values-limits-expected.txt:
  • crypto/crypto-random-values-types-expected.txt:
  • crypto/subtle/aes-cbc-wrong-key-class-expected.txt:
  • crypto/subtle/aes-kw-key-manipulation-expected.txt:
  • crypto/subtle/argument-conversion-expected.txt:
  • crypto/subtle/hmac-check-algorithm-expected.txt:
  • crypto/subtle/hmac-generate-key-expected.txt:
  • crypto/subtle/rsa-oaep-key-manipulation-expected.txt:
  • crypto/subtle/sha-1-expected.txt:
  • crypto/subtle/unwrapKey-check-usage-expected.txt:
  • crypto/subtle/wrapKey-check-usage-expected.txt:
  • css3/supports-cssom-expected.txt:
  • editing/pasteboard/data-transfer-items-expected.txt:
  • editing/selection/extend-expected.txt:
  • fast/canvas/canvas-createImageData-expected.txt:
  • fast/canvas/canvas-ellipse-negative-radius-expected.txt:
  • fast/canvas/canvas-getImageData-invalid-expected.txt:
  • fast/canvas/canvas-getImageData-invalid-result-buffer-crash-expected.txt:
  • fast/canvas/canvas-gradient-addStop-error-expected.txt:
  • fast/canvas/canvas-imageData-expected.txt:
  • fast/canvas/canvas-overloads-drawImage-expected.txt:
  • fast/canvas/canvas-pattern-behaviour-expected.txt:
  • fast/canvas/gradient-addColorStop-with-invalid-color-expected.txt:
  • fast/canvas/script-tests/canvas-createImageData.js:
  • fast/canvas/script-tests/canvas-getImageData-invalid.js:
  • fast/canvas/script-tests/canvas-imageData.js:
  • fast/canvas/script-tests/canvas-overloads-drawImage.js:
  • fast/canvas/script-tests/gradient-addColorStop-with-invalid-color.js:
  • fast/css/CSSPrimitiveValue-exceptions-expected.txt:
  • fast/css/css3-nth-tokens-script-expected.txt:
  • fast/css/css3-nth-tokens-script.html:
  • fast/css/getFloatValueForUnit-expected.txt:
  • fast/css/getFloatValueForUnit.html:
  • fast/css/insert-rule-overflow-rule-data-expected.txt:
  • fast/css/parsing-css-attribute-case-insensitive-value-1-expected.txt:
  • fast/css/parsing-css-attribute-case-insensitive-value-2-expected.txt:
  • fast/css/parsing-css-attribute-case-insensitive-value-3-expected.txt:
  • fast/css/parsing-css-attribute-case-insensitive-value-3.html:
  • fast/css/parsing-css-descendant-combinator-doubled-child-syntax-expected.txt:
  • fast/css/parsing-css-descendant-combinator-doubled-child-syntax.html:
  • fast/css/parsing-css-matches-5-expected.txt:
  • fast/css/parsing-css-matches-5.html:
  • fast/css/parsing-css-matches-6-expected.txt:
  • fast/css/parsing-css-matches-6.html:
  • fast/css/parsing-css-matches-7-expected.txt:
  • fast/css/parsing-css-matches-7.html:
  • fast/css/parsing-css-matches-8-expected.txt:
  • fast/css/parsing-css-matches-8.html:
  • fast/css/parsing-css-not-5-expected.txt:
  • fast/css/parsing-css-not-5.html:
  • fast/css/parsing-css-not-6-expected.txt:
  • fast/css/parsing-css-not-6.html:
  • fast/css/parsing-css-not-7-expected.txt:
  • fast/css/parsing-css-not-7.html:
  • fast/css/parsing-css-not-8-expected.txt:
  • fast/css/parsing-css-not-8.html:
  • fast/css/parsing-css-not-9-expected.txt:
  • fast/css/parsing-css-not-9.html:
  • fast/css/parsing-css-nth-child-of-3-expected.txt:
  • fast/css/parsing-css-nth-child-of-3.html:
  • fast/css/parsing-css-nth-child-of-4-expected.txt:
  • fast/css/parsing-css-nth-child-of-4.html:
  • fast/css/parsing-css-nth-last-child-of-3-expected.txt:
  • fast/css/parsing-css-nth-last-child-of-3.html:
  • fast/css/parsing-css-nth-last-child-of-4-expected.txt:
  • fast/css/parsing-css-nth-last-child-of-4.html:
  • fast/css/resources/CSSPrimitiveValue-exceptions.js:
  • fast/dom/DOMException/prototype-object-expected.txt:
  • fast/dom/DOMException/prototype-object.html:
  • fast/dom/DOMException/stack-trace-expected.txt:
  • fast/dom/DOMException/stack-trace.html:
  • fast/dom/Document/createElement-invalid-names-expected.txt:
  • fast/dom/Document/createElement-invalid-names.html:
  • fast/dom/Document/invalid-domain-change-throws-exception-expected.txt:
  • fast/dom/Document/replace-child-expected.txt:
  • fast/dom/Document/script-tests/invalid-domain-change-throws-exception.js:
  • fast/dom/Element/class-list-toggle-expected.txt:
  • fast/dom/Element/class-list-toggle.html:
  • fast/dom/Element/prefix-setter-exception-expected.txt:
  • fast/dom/Geolocation/argument-types-expected.txt:
  • fast/dom/Geolocation/not-enough-arguments-expected.txt:
  • fast/dom/Geolocation/script-tests/argument-types.js:

(test):

  • fast/dom/HTMLElement/insertAdjacentHTML-errors-expected.txt:
  • fast/dom/HTMLElement/script-tests/insertAdjacentHTML-errors.js:
  • fast/dom/HTMLElement/set-invalid-value-expected.txt:
  • fast/dom/HTMLElement/set-invalid-value.html:
  • fast/dom/HTMLInputElement/input-size-attribute-expected.txt:
  • fast/dom/HTMLInputElement/input-size-attribute.html:
  • fast/dom/HTMLMeterElement/script-tests/set-meter-properties.js:
  • fast/dom/HTMLMeterElement/set-meter-properties-expected.txt:
  • fast/dom/HTMLProgressElement/script-tests/set-progress-properties.js:
  • fast/dom/HTMLProgressElement/set-progress-properties-expected.txt:
  • fast/dom/HTMLSelectElement/options-collection-add-expected.txt:
  • fast/dom/HTMLSelectElement/select-add-optgroup-expected.txt:
  • fast/dom/HTMLSelectElement/select-selectedIndex-expected.txt:
  • fast/dom/HTMLSelectElement/select-selectedIndex-multiple-expected.txt:
  • fast/dom/HTMLTableElement/nullable-attributes-expected.txt:
  • fast/dom/HTMLTableElement/nullable-attributes.html:
  • fast/dom/HTMLTemplateElement/cycles-expected.txt:
  • fast/dom/HTMLTemplateElement/cycles-in-shadow-expected.txt:
  • fast/dom/Node/initial-values-expected.txt:
  • fast/dom/ParentNode-append-expected.txt:
  • fast/dom/ParentNode-prepend-expected.txt:
  • fast/dom/Range/31684-expected.txt:
  • fast/dom/Range/clone-contents-document-type-expected.txt:
  • fast/dom/Range/clone-contents-document-type.html:
  • fast/dom/Range/compareBoundaryPoints-1.html:
  • fast/dom/Range/compareBoundaryPoints-compareHow-exception-expected.txt:
  • fast/dom/Range/compareBoundaryPoints-compareHow-exception.html:
  • fast/dom/Range/extract-contents-document-type-expected.txt:
  • fast/dom/Range/extract-contents-document-type.html:
  • fast/dom/Range/range-comparePoint-detached-nodes-expected.txt:
  • fast/dom/Range/range-comparePoint-detached-nodes.html:
  • fast/dom/Range/range-exceptions-expected.txt:
  • fast/dom/Range/range-intersectsNode-expected.txt:
  • fast/dom/Range/script-tests/31684.js:
  • fast/dom/Range/script-tests/range-exceptions.js:
  • fast/dom/Range/surroundContents-1.html:
  • fast/dom/Selection/collapseToX-empty-selection-expected.txt:
  • fast/dom/Selection/script-tests/collapseToX-empty-selection.js:
  • fast/dom/SelectorAPI/dumpNodeList-almost-strict-expected.txt:
  • fast/dom/SelectorAPI/dumpNodeList-expected.txt:
  • fast/dom/SelectorAPI/not-supported-namespace-in-selector-expected.txt:
  • fast/dom/Text/splitText-expected.txt:
  • fast/dom/Text/splitText.html:
  • fast/dom/Window/anonymous-slot-with-changes-expected.txt:
  • fast/dom/Window/atob-btoa-expected.txt:
  • fast/dom/Window/custom-constructors-expected.txt:
  • fast/dom/Window/dispatchEvent-expected.txt:
  • fast/dom/Window/invalid-protocol-expected.txt:
  • fast/dom/Window/window-postmessage-clone-expected.txt:
  • fast/dom/computed-style-set-property-expected.txt:
  • fast/dom/createElementNS-namespace-errors-expected.txt:
  • fast/dom/createElementNS-namespace-errors.html:
  • fast/dom/css-mediarule-functions-expected.txt:
  • fast/dom/css-mediarule-functions.html:
  • fast/dom/custom/document-register-basic-expected.txt:
  • fast/dom/custom/document-register-basic.html:
  • fast/dom/custom/document-register-type-extensions-expected.txt:
  • fast/dom/custom/document-register-type-extensions.html:
  • fast/dom/dataset-expected.txt:
  • fast/dom/dataset-xhtml-expected.txt:
  • fast/dom/document-set-body-null-expected.txt:
  • fast/dom/document-set-body-null.html:
  • fast/dom/element-attribute-js-null-expected.txt:
  • fast/dom/insertAdjacentHTML-DocumentFragment-crash-expected.txt:
  • fast/dom/node-prefix-setter-namespace-exception-expected.txt:
  • fast/dom/outerText-no-element-expected.txt:
  • fast/dom/processing-instruction-appendChild-exceptions-expected.txt:
  • fast/dom/processing-instruction-appendChild-exceptions.xhtml:
  • fast/dom/rel-list-expected.txt:
  • fast/dom/script-tests/dataset-xhtml.js:
  • fast/dom/script-tests/dataset.js:
  • fast/dom/setAttributeNS-namespace-errors-expected.txt:
  • fast/dom/setAttributeNS-namespace-errors.html:
  • fast/dom/setPrimitiveValue-exceptions-expected.txt:
  • fast/dom/setPrimitiveValue-expected.txt:
  • fast/dynamic/insertAdjacentElement-expected.txt:
  • fast/dynamic/insertAdjacentHTML-expected.txt:
  • fast/dynamic/insertAdjacentText-expected.txt:
  • fast/dynamic/outerHTML-no-element-expected.txt:
  • fast/events/dispatch-event-being-dispatched-expected.txt:
  • fast/events/dispatch-event-being-dispatched.html:
  • fast/events/message-port-clone-expected.txt:
  • fast/events/message-port-multi-expected.txt:
  • fast/events/mutation-during-append-child-expected.txt:
  • fast/events/mutation-during-append-child.html:
  • fast/events/mutation-during-insert-before-expected.txt:
  • fast/events/mutation-during-insert-before.html:
  • fast/events/mutation-during-replace-child-2-expected.txt:
  • fast/events/mutation-during-replace-child-2.html:
  • fast/events/mutation-during-replace-child-expected.txt:
  • fast/events/mutation-during-replace-child.html:
  • fast/eventsource/eventsource-constructor-expected.txt:
  • fast/forms/color/color-setrangetext-expected.txt:
  • fast/forms/date/date-setrangetext-expected.txt:
  • fast/forms/date/date-stepup-stepdown-expected.txt:
  • fast/forms/date/date-stepup-stepdown.html:
  • fast/forms/date/input-valueasnumber-date-expected.txt:
  • fast/forms/date/input-valueasnumber-date.html:
  • fast/forms/datetime/datetime-setrangetext-expected.txt:
  • fast/forms/datetime/datetime-stepup-stepdown-expected.txt:
  • fast/forms/datetime/datetime-stepup-stepdown.html:
  • fast/forms/datetime/input-valueasnumber-datetime-expected.txt:
  • fast/forms/datetime/input-valueasnumber-datetime.html:
  • fast/forms/datetimelocal/datetimelocal-setrangetext-expected.txt:
  • fast/forms/datetimelocal/datetimelocal-stepup-stepdown-expected.txt:
  • fast/forms/datetimelocal/datetimelocal-stepup-stepdown.html:
  • fast/forms/datetimelocal/input-valueasnumber-datetimelocal-expected.txt:
  • fast/forms/datetimelocal/input-valueasnumber-datetimelocal.html:
  • fast/forms/file/file-setrangetext-expected.txt:
  • fast/forms/file/input-file-value-expected.txt:
  • fast/forms/hidden/hidden-setrangetext-expected.txt:
  • fast/forms/image/image-setrangetext-expected.txt:
  • fast/forms/input-maxlength-expected.txt:
  • fast/forms/input-maxlength.html:
  • fast/forms/input-stepup-stepdown-expected.txt:
  • fast/forms/input-stepup-stepdown.html:
  • fast/forms/input-valueasnumber-unsupported-expected.txt:
  • fast/forms/input-valueasnumber-unsupported.html:
  • fast/forms/month/input-valueasdate-expected.txt:
  • fast/forms/month/input-valueasdate.html:
  • fast/forms/month/input-valueasnumber-month-expected.txt:
  • fast/forms/month/input-valueasnumber-month.html:
  • fast/forms/month/month-setrangetext-expected.txt:
  • fast/forms/month/month-stepup-stepdown-expected.txt:
  • fast/forms/month/month-stepup-stepdown.html:
  • fast/forms/number/number-setrangetext-expected.txt:
  • fast/forms/number/number-size-expected.txt:
  • fast/forms/number/number-size.html:
  • fast/forms/number/number-stepup-stepdown-expected.txt:
  • fast/forms/number/number-stepup-stepdown-from-renderer.html:
  • fast/forms/number/number-stepup-stepdown.html:
  • fast/forms/number/number-valueasnumber-expected.txt:
  • fast/forms/number/number-valueasnumber.html:
  • fast/forms/range/input-valueasnumber-range-expected.txt:
  • fast/forms/range/input-valueasnumber-range.html:
  • fast/forms/range/range-setrangetext-expected.txt:
  • fast/forms/range/range-stepup-stepdown-expected.txt:
  • fast/forms/range/range-stepup-stepdown-from-renderer.html:
  • fast/forms/range/range-stepup-stepdown.html:
  • fast/forms/search/search-setrangetext-expected.txt:
  • fast/forms/setrangetext-expected.txt:
  • fast/forms/textarea-maxlength-expected.txt:
  • fast/forms/textarea-maxlength.html:
  • fast/forms/textarea/textarea-setrangetext-expected.txt:
  • fast/forms/time/time-setrangetext-expected.txt:
  • fast/forms/time/time-stepup-stepdown-expected.txt:
  • fast/forms/time/time-stepup-stepdown.html:
  • fast/forms/time/time-valueasnumber-expected.txt:
  • fast/forms/time/time-valueasnumber.html:
  • fast/forms/week/input-valueasnumber-week-expected.txt:
  • fast/forms/week/input-valueasnumber-week.html:
  • fast/forms/week/week-setrangetext-expected.txt:
  • fast/forms/week/week-stepup-stepdown-expected.txt:
  • fast/forms/week/week-stepup-stepdown.html:
  • fast/frames/adopt-iframe-into-itself-expected.txt:
  • fast/frames/adopt-object-into-itself-expected.txt:
  • fast/frames/resources/sandboxed-iframe-storage-disallowed.html:
  • fast/frames/sandboxed-iframe-storage-expected.txt:
  • fast/html/marquee-element-expected.txt:
  • fast/innerHTML/innerHTML-changing-document-properties-expected.txt:
  • fast/inspector-support/uncaught-dom1-exception-expected.txt:
  • fast/inspector-support/uncaught-dom3-exception-expected.txt:
  • fast/inspector-support/uncaught-dom8-exception-expected.txt:
  • fast/loader/stateobjects/pushstate-frequency-expected.txt:
  • fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt:
  • fast/loader/stateobjects/replacestate-frequency-expected.txt:
  • fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt:
  • fast/media/mq-js-media-except-01-expected.html:
  • fast/media/mq-js-media-except-02-expected.html:
  • fast/media/mq-js-media-except-03-expected.html:
  • fast/mediastream/MediaDevices-getUserMedia-expected.txt:
  • fast/mediastream/RTCPeerConnection-addIceCandidate-expected.txt:
  • fast/mediastream/RTCPeerConnection-closed-state-expected.txt:
  • fast/mediastream/RTCPeerConnection-createAnswer-expected.txt:
  • fast/mediastream/RTCPeerConnection-createOffer-expected.txt:
  • fast/mediastream/RTCPeerConnection-datachannel-expected.txt:
  • fast/mediastream/RTCPeerConnection-dtmf-expected.txt:
  • fast/mediastream/RTCPeerConnection-have-local-offer-expected.txt:
  • fast/mediastream/RTCPeerConnection-have-remote-offer-expected.txt:
  • fast/mediastream/RTCPeerConnection-setLocalDescription-offer-expected.txt:
  • fast/mediastream/RTCPeerConnection-setRemoteDescription-offer-expected.txt:
  • fast/mediastream/RTCPeerConnection-stable-expected.txt:
  • fast/mediastream/RTCRtpSender-replaceTrack-expected.txt:
  • fast/notifications/notifications-document-close-crash-expected.txt:
  • fast/regions/selection/crash-deselect-expected.txt:
  • fast/selectors/closest-general-expected.txt:
  • fast/selectors/invalid-functional-pseudo-class-expected.txt:
  • fast/selectors/lang-empty-expected.txt:
  • fast/selectors/lang-extended-filtering-expected.txt:
  • fast/selectors/lang-extended-filtering-with-string-arguments-expected.txt:
  • fast/selectors/lang-invalid-expected.txt:
  • fast/selectors/lang-multiple-expected.txt:
  • fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not-expected.txt:
  • fast/text/font-face-empty-string-expected.txt:
  • fast/text/font-face-javascript-expected.txt:
  • fast/text/font-face-set-javascript-expected.txt:
  • fast/text/text-combine-crash-expected.txt:
  • fast/workers/atob-btoa-expected.txt:
  • fast/workers/worker-constructor-expected.txt:
  • fast/workers/worker-context-multi-port-expected.txt:
  • fast/workers/worker-multi-port-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responseXML-xml-text-responsetype-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-arraybuffer-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-before-open-sync-request-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-document-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-set-at-headers-received-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-sync-request-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-responsetype-text-expected.txt:
  • fast/xmlhttprequest/xmlhttprequest-sync-disabled-expected.txt:
  • fast/xpath/attr-namespace-expected.txt:
  • fast/xpath/detached-subtree-invalidate-iterator-expected.txt:
  • fast/xpath/py-dom-xpath/nodetests-expected.txt:
  • http/tests/contentextensions/sync-xhr-blocked-expected.txt:
  • http/tests/loading/state-object-security-exception-expected.txt:
  • http/tests/local/fileapi/send-sliced-dragged-file-expected.txt:
  • http/tests/notifications/legacy/show-expected.txt:
  • http/tests/security/canvas-remote-read-data-url-image-redirect-expected.txt:
  • http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt:
  • http/tests/security/canvas-remote-read-remote-image-expected.txt:
  • http/tests/security/canvas-remote-read-remote-image-redirect-expected.txt:
  • http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin-expected.txt:
  • http/tests/security/canvas-remote-read-remote-video-localhost-expected.txt:
  • http/tests/security/canvas-remote-read-remote-video-redirect-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html:
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt:
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt:
  • http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt:
  • http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html:
  • http/tests/security/history-username-password-expected.txt:
  • http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt:
  • http/tests/security/postMessage/target-origin-expected.txt:
  • http/tests/security/resources/canvas-video-crossorigin.js:

(testDataRetrievalAllowed):
(testDataRetrievalForbidden):

  • http/tests/security/setDomainRelaxationForbiddenForURLScheme-expected.txt:
  • http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin-expected.txt:
  • http/tests/websocket/tests/hybi/bad-sub-protocol-control-chars-expected.txt:
  • http/tests/websocket/tests/hybi/bad-sub-protocol-empty-expected.txt:
  • http/tests/websocket/tests/hybi/bad-sub-protocol-non-ascii-expected.txt:
  • http/tests/websocket/tests/hybi/binary-type-expected.txt:
  • http/tests/websocket/tests/hybi/binary-type.html:
  • http/tests/websocket/tests/hybi/invalid-subprotocol-characters-expected.txt:
  • http/tests/websocket/tests/hybi/invalid-subprotocol-characters.html:
  • http/tests/websocket/tests/hybi/invalid-subprotocols-expected.txt:
  • http/tests/websocket/tests/hybi/invalid-subprotocols.html:
  • http/tests/websocket/tests/hybi/url-parsing-expected.txt:
  • http/tests/workers/worker-importScripts-expected.txt:
  • http/tests/workers/worker-redirect-expected.txt:
  • http/tests/xmlhttprequest/XMLHttpRequestException-expected.txt:
  • http/tests/xmlhttprequest/XMLHttpRequestException.html:
  • http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
  • http/tests/xmlhttprequest/access-control-basic-denied-expected.txt:
  • http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt:
  • http/tests/xmlhttprequest/access-control-basic-non-simple-deny-cached-expected.txt:
  • http/tests/xmlhttprequest/access-control-basic-post-fail-non-simple-content-type-expected.txt:
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt:
  • http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt:
  • http/tests/xmlhttprequest/connection-error-sync-expected.txt:
  • http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt:
  • http/tests/xmlhttprequest/exceptions-expected.txt:
  • http/tests/xmlhttprequest/inject-header-expected.txt:
  • http/tests/xmlhttprequest/origin-exact-matching-expected.txt:
  • http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt:
  • http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt:
  • http/tests/xmlhttprequest/origin-whitelisting-removal-expected.txt:
  • http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt:
  • http/tests/xmlhttprequest/xmlhttprequest-open-empty-method-expected.txt:
  • http/tests/xmlhttprequest/xmlhttprequest-overridemimetype-invalidstaterror-expected.txt:
  • http/tests/xmlhttprequest/xmlhttprequest-setrequestheader-no-name-expected.txt:
  • http/tests/xmlhttprequest/xmlhttprequest-sync-no-progress-events-expected.txt:
  • http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt:
  • inspector/debugger/command-line-api-exception-expected.txt:
  • inspector/debugger/regress-133182-expected.txt:
  • inspector/debugger/resources/exceptions.js:

(triggerUncaughtDOMException):

  • inspector/debugger/setPauseOnExceptions-all-expected.txt:
  • inspector/debugger/setPauseOnExceptions-none-expected.txt:
  • inspector/debugger/setPauseOnExceptions-uncaught-expected.txt:
  • inspector/model/remote-object-expected.txt:
  • js/dom/dfg-custom-getter-throw-expected.txt:
  • js/dom/reflect-set-onto-dom-expected.txt:
  • js/dom/script-tests/dfg-custom-getter-throw-inlined.js:

(i.dfgIncrement):

  • js/dom/script-tests/dfg-custom-getter-throw.js:
  • loader/stateobjects/pushstate-size-expected.txt:
  • loader/stateobjects/pushstate-size-iframe-expected.txt:
  • loader/stateobjects/replacestate-size-expected.txt:
  • loader/stateobjects/replacestate-size-iframe-expected.txt:
  • media/track/regions-webvtt/vtt-region-constructor-expected.txt:
  • media/track/regions-webvtt/vtt-region-list-expected.txt:
  • platform/efl/fast/dynamic/015-expected.txt:
  • platform/gtk/fast/dynamic/015-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-ltr-2-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-ltr-2-left-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-ltr-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-ltr-right-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-rtl-2-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-rtl-2-left-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-rtl-expected.txt:
  • platform/ios-simulator-wk2/editing/selection/caret-rtl-right-expected.txt:
  • platform/ios-simulator/fast/attachment/attachment-select-on-click-expected.txt:
  • platform/ios-simulator/fast/dynamic/015-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/time-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/interfaces-expected.txt:
  • platform/ios-simulator/webaudio/analyser-exception-expected.txt:
  • platform/ios-simulator/webaudio/audiobuffersource-exception-expected.txt:
  • platform/ios-simulator/webaudio/delaynode-maxdelaylimit-expected.txt:
  • platform/mac/TestExpectations:
  • platform/mac/canvas/philip/tests/2d.missingargs-expected.txt:
  • platform/mac/fast/dynamic/015-expected.txt:
  • platform/mac/inspector/model/remote-object-expected.txt:
  • platform/win/fast/dynamic/015-expected.txt:
  • security/contentSecurityPolicy/worker-inherits-blocks-xhr-expected.txt:
  • storage/domstorage/localstorage/blocked-file-access-expected.txt:
  • storage/domstorage/localstorage/private-browsing-affects-storage-expected.txt:
  • storage/domstorage/sessionstorage/private-browsing-affects-storage-expected.txt:
  • storage/indexeddb/removed-expected.txt:
  • storage/indexeddb/removed-private-expected.txt:
  • storage/websql/open-database-set-empty-version-expected.txt:
  • svg/animations/animate-gradient-transform-expected.txt:
  • svg/as-image/svg-canvas-pattern-with-link-tainted-expected.txt:
  • svg/as-image/svg-canvas-svg-with-feimage-with-link-tainted-expected.txt:
  • svg/as-image/svg-canvas-svg-with-image-with-link-tainted-expected.txt:
  • svg/as-image/svg-canvas-xhtml-tainted-expected.txt:
  • svg/custom/acid3-test-77-expected.txt:
  • svg/custom/baseval-animval-equality-expected.txt:
  • svg/custom/getSubStringLength-expected.txt:
  • svg/custom/selectSubString-expected.txt:
  • svg/dom/SVGAngle-expected.txt:
  • svg/dom/SVGColor-expected.txt:
  • svg/dom/SVGLength-expected.txt:
  • svg/dom/SVGLength-px-expected.txt:
  • svg/dom/SVGLengthList-appendItem-expected.txt:
  • svg/dom/SVGLengthList-basics-expected.txt:
  • svg/dom/SVGLengthList-getItem-expected.txt:
  • svg/dom/SVGLengthList-initialize-expected.txt:
  • svg/dom/SVGLengthList-insertItemBefore-expected.txt:
  • svg/dom/SVGLengthList-removeItem-expected.txt:
  • svg/dom/SVGLengthList-replaceItem-expected.txt:
  • svg/dom/SVGNumberList-basics-expected.txt:
  • svg/dom/SVGPaint-expected.txt:
  • svg/dom/SVGPathSegList-clear-and-initialize-expected.txt:
  • svg/dom/SVGPointList-basics-expected.txt:
  • svg/dom/SVGPreserveAspectRatio-expected.txt:
  • svg/dom/SVGStringList-basics-expected.txt:
  • svg/dom/SVGTransformList-basics-expected.txt:
  • svg/dom/SVGTransformList-expected.txt:
  • svg/dom/SVGViewSpec-defaults-expected.txt:
  • svg/dom/altGlyph-dom-expected.txt:
  • svg/dom/svglist-exception-on-out-bounds-error-expected.txt:
  • transforms/cssmatrix-2d-interface-expected.txt:
  • transforms/cssmatrix-3d-interface-expected.txt:
  • webaudio/analyser-exception-expected.txt:
  • webaudio/analyser-exception.html:
  • webaudio/audiobuffersource-channels-expected.txt:
  • webaudio/audiobuffersource-exception-expected.txt:
  • webaudio/audiobuffersource-exception.html:
  • webaudio/convolver-channels-expected.txt:
  • webaudio/convolver-channels.html:
  • webaudio/convolver-setBuffer-different-samplerate-expected.txt:
  • webaudio/convolver-setBuffer-different-samplerate.html:
  • webaudio/delaynode-maxdelaylimit-expected.txt:
  • webaudio/offlineaudiocontext-constructor-expected.txt:
7:39 AM Changeset in webkit [203332] by Yusuke Suzuki
  • 5 edits in trunk

[JSC] Enable test262 module tests
https://bugs.webkit.org/show_bug.cgi?id=159854

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch enables test262 module tests. Before this patch, the modules tests in test262 do not work fine.
This patch fixes the following 2 things.

  1. Test harness

Before this patch, there is only one global switch "-m" in jsc shell. So we cannot load the test262 test harness before evaluating the module tests.
This patch adds a new option, "--module-file=". It is similar to "--strict-file=". When we specify the file with "--module-file=", it is evaluated as
a module, while the other files are evaluated by following the JSC's default manner. This option allows us to load the test harness files into the
global context before loading the module tests.

  1. Module's asynchronous errors

Before this patch, the errors caused in the module evaluation are not handled as the same to the usual sync files. In synchronous execution, we have
"--exception=" option to pass the expected exception to the JSC shell. But this option does not work in the module evaluation.
This patch correctly handles this expected exception in the module evaluation promise's fulfill and reject handlers.

And we fix the YAML file. Now the recorded :fail and :normal are the correct test results for the module tests.

  • jsc.cpp:

(Script::Script):
(checkUncaughtException):
(runWithScripts):
(printUsageStatement):
(CommandLine::parseArguments):
(dumpException): Deleted.

  • tests/test262.yaml:

Tools:

Use --module-file instead.

  • Scripts/run-jsc-stress-tests:
7:33 AM Changeset in webkit [203331] by Yusuke Suzuki
  • 10 edits in trunk/Source/JavaScriptCore

[JSC] Mask TrustedImm32 to 8bit in MacroAssembler for 8bit operations
https://bugs.webkit.org/show_bug.cgi?id=159334

Reviewed by Filip Pizlo.

Previously, in 8bit operations (like add8, compare8, test8, branch8, branchTest8 etc.),
we require that the given TrustedImm32 is in range of 8bit. While achieving this in
the manual MacroAssembler calling is easy, in Air, we don't guarantee that the higher bit
of the 8bit argument is cleared. So the current assertions are invalid.

This patch relaxes the above restriction. By removing this assertion,
8bit operations can take arbitrary 32bit imms. And only lower 8bit are effective when
emitting the code in these methods.

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::branchTest8):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::store8):
(JSC::MacroAssemblerARM::branch8):
(JSC::MacroAssemblerARM::branchTest8):
(JSC::MacroAssemblerARM::compare8):
(JSC::MacroAssemblerARM::test8):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branch8):
(JSC::MacroAssemblerARM64::branchTest8):
(JSC::MacroAssemblerARM64::compare8):
(JSC::MacroAssemblerARM64::test8):

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::compare8):
(JSC::MacroAssemblerARMv7::test8):

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::store8):
(JSC::MacroAssemblerMIPS::branch8):
(JSC::MacroAssemblerMIPS::compare8):
(JSC::MacroAssemblerMIPS::branchTest8):
(JSC::MacroAssemblerMIPS::test8):

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::store8):
(JSC::MacroAssemblerSH4::branchTest8):
(JSC::MacroAssemblerSH4::branch8):
(JSC::MacroAssemblerSH4::compare8):
(JSC::MacroAssemblerSH4::test8):

  • assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::store8):
(JSC::MacroAssemblerX86::branch8):
(JSC::MacroAssemblerX86::branchTest8):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::add8):
(JSC::MacroAssemblerX86Common::store8):
(JSC::MacroAssemblerX86Common::branch8):
(JSC::MacroAssemblerX86Common::branchTest8):
(JSC::MacroAssemblerX86Common::compare8):
(JSC::MacroAssemblerX86Common::test8):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::store8):
(JSC::MacroAssemblerX86_64::branch8):
(JSC::MacroAssemblerX86_64::branchTest8):

12:16 AM Changeset in webkit [203330] by mmaxfield@apple.com
  • 9 edits
    52 adds in trunk

Support new emoji group candidates
https://bugs.webkit.org/show_bug.cgi?id=159755
<rdar://problem/27325521>

Reviewed by Dean Jackson.

Source/WebCore:

There are a few code points which should be able to be joined (with ZWJ) to
either U+2640 or U+2642 to change the gender of the emoji. These patterns
should also work with an additional 0xFE0F variation selector. This patch
adds these new patterns to our existing emoji group candidate infrastructure.

Tests: fast/text/emoji-gender-2-3.html

fast/text/emoji-gender-2-4.html
fast/text/emoji-gender-2-5.html
fast/text/emoji-gender-2-6.html
fast/text/emoji-gender-2-7.html
fast/text/emoji-gender-2-8.html
fast/text/emoji-gender-2-9.html
fast/text/emoji-gender-2.html
fast/text/emoji-gender-3.html
fast/text/emoji-gender-4.html
fast/text/emoji-gender-5.html
fast/text/emoji-gender-6.html
fast/text/emoji-gender-7.html
fast/text/emoji-gender-8.html
fast/text/emoji-gender-9.html
fast/text/emoji-gender-fe0f-3.html
fast/text/emoji-gender-fe0f-4.html
fast/text/emoji-gender-fe0f-5.html
fast/text/emoji-gender-fe0f-6.html
fast/text/emoji-gender-fe0f-7.html
fast/text/emoji-gender-fe0f-8.html
fast/text/emoji-gender-fe0f-9.html
fast/text/emoji-gender.html
fast/text/emoji-num-glyphs.html
fast/text/emoji-single-parent-family-2.html
fast/text/emoji-single-parent-family.html

  • platform/graphics/mac/ComplexTextControllerCoreText.mm:

(WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.

  • platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::characterRangeCodePath):

  • platform/text/CharacterProperties.h:

(WebCore::isEmojiGroupCandidate):

Source/WTF:

This patch doesn't update the rules for our cursor movement iterator, because
I don't know the language used for implementing these rules. These rules will
be updated in the near future. When they do,
editing/deleting/delete-emoji-expected.txt will need to be updated.

  • wtf/text/TextBreakIterator.cpp:

(WTF::cursorMovementIterator):

LayoutTests:

Because this patch doesn't update the rules for our cursor movement
iterator, the new expected result for editing/deleting/delete-emoji.html
expects incorrect results. In the patch where we update these rules,
the expected result should also be updated.

Because these new emoji require system support, TestExpectations has
been updated to mark the tests as failing until the system support has
been added.

  • TestExpectations:
  • editing/deleting/delete-emoji-expected.txt:
  • fast/text/emoji-gender-2-3-expected.html: Added.
  • fast/text/emoji-gender-2-3.html: Added.
  • fast/text/emoji-gender-2-4-expected.html: Added.
  • fast/text/emoji-gender-2-4.html: Added.
  • fast/text/emoji-gender-2-5-expected.html: Added.
  • fast/text/emoji-gender-2-5.html: Added.
  • fast/text/emoji-gender-2-6-expected.html: Added.
  • fast/text/emoji-gender-2-6.html: Added.
  • fast/text/emoji-gender-2-7-expected.html: Added.
  • fast/text/emoji-gender-2-7.html: Added.
  • fast/text/emoji-gender-2-8-expected.html: Added.
  • fast/text/emoji-gender-2-8.html: Added.
  • fast/text/emoji-gender-2-9-expected.html: Added.
  • fast/text/emoji-gender-2-9.html: Added.
  • fast/text/emoji-gender-2-expected-mismatch.html: Added.
  • fast/text/emoji-gender-2.html: Added.
  • fast/text/emoji-gender-3-expected.html: Added.
  • fast/text/emoji-gender-3.html: Added.
  • fast/text/emoji-gender-4-expected.html: Added.
  • fast/text/emoji-gender-4.html: Added.
  • fast/text/emoji-gender-5-expected.html: Added.
  • fast/text/emoji-gender-5.html: Added.
  • fast/text/emoji-gender-6-expected.html: Added.
  • fast/text/emoji-gender-6.html: Added.
  • fast/text/emoji-gender-7-expected.html: Added.
  • fast/text/emoji-gender-7.html: Added.
  • fast/text/emoji-gender-8-expected.html: Added.
  • fast/text/emoji-gender-8.html: Added.
  • fast/text/emoji-gender-9-expected.html: Added.
  • fast/text/emoji-gender-9.html: Added.
  • fast/text/emoji-gender-expected-mismatch.html: Added.
  • fast/text/emoji-gender-fe0f-3-expected.html: Added.
  • fast/text/emoji-gender-fe0f-3.html: Added.
  • fast/text/emoji-gender-fe0f-4-expected.html: Added.
  • fast/text/emoji-gender-fe0f-4.html: Added.
  • fast/text/emoji-gender-fe0f-5-expected.html: Added.
  • fast/text/emoji-gender-fe0f-5.html: Added.
  • fast/text/emoji-gender-fe0f-6-expected.html: Added.
  • fast/text/emoji-gender-fe0f-6.html: Added.
  • fast/text/emoji-gender-fe0f-7-expected.html: Added.
  • fast/text/emoji-gender-fe0f-7.html: Added.
  • fast/text/emoji-gender-fe0f-8-expected.html: Added.
  • fast/text/emoji-gender-fe0f-8.html: Added.
  • fast/text/emoji-gender-fe0f-9-expected.html: Added.
  • fast/text/emoji-gender-fe0f-9.html: Added.
  • fast/text/emoji-gender.html: Added.
  • fast/text/emoji-num-glyphs-expected.txt: Added.
  • fast/text/emoji-num-glyphs.html: Added.
  • fast/text/emoji-single-parent-family-2-expected-mismatch.html: Added.
  • fast/text/emoji-single-parent-family-2.html: Added.
  • fast/text/emoji-single-parent-family-expected-mismatch.html: Added.
  • fast/text/emoji-single-parent-family.html: Added.

Jul 16, 2016:

5:19 PM Changeset in webkit [203329] by Chris Dumez
  • 5 edits in trunk

Unreviewed, rolling out r203318.

Regressed most JS Benchmarks on MacBook Air by ~2% (7% on
SunSpider)

Reverted changeset:

"[JSC] Change some parameters based on a random search"
https://bugs.webkit.org/show_bug.cgi?id=158514
http://trac.webkit.org/changeset/203318

2:33 PM Changeset in webkit [203328] by beidson@apple.com
  • 36 edits in trunk

Update SVGException to use the description in toString().
https://bugs.webkit.org/show_bug.cgi?id=159847

Reviewed by Darin Adler.

Source/WebCore:

No new tests (Covered by changes to existing tests).

  • bindings/js/JSDOMBinding.cpp:

(WebCore::reportException): use consoleErrorMessage for now.

  • dom/ExceptionBase.cpp:

(WebCore::ExceptionBase::consoleErrorMessage):

  • dom/ExceptionBase.h:
  • svg/SVGException.h:

LayoutTests:

  • svg/animations/animate-marker-orient-from-angle-to-autostartreverse-expected.txt:
  • svg/custom/SVGException-expected.txt:
  • svg/custom/polyline-points-crash-expected.txt:
  • svg/custom/script-tests/SVGException.js:
  • svg/dom/SVGAnimatedEnumeration-SVGClipPathElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGComponentTransferFunctionElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFEBlendElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFEColorMatrixElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFECompositeElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFEConvolveMatrixElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFEDisplacementMapElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFEMorphologyElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFETurbulenceElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGFilterElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGGradientElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGMarkerElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGMaskElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGPatternElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGTextContentElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGTextPathElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-expected.txt:
  • svg/dom/SVGLengthList-basics-expected.txt:
  • svg/dom/SVGMatrix-interface-expected.txt:
  • svg/dom/SVGNumberList-basics-expected.txt:
  • svg/dom/SVGPointList-basics-expected.txt:
  • svg/dom/SVGTransformList-basics-expected.txt:
  • svg/dom/svglist-exception-on-out-bounds-error-expected.txt:
  • svg/filters/feBlend-invalid-mode-expected.txt:
  • svg/filters/feComponentTransfer-style-crash-expected.txt:
  • svg/filters/feDisplacementMap-crash-test-expected.txt:
11:31 AM Changeset in webkit [203327] by ddkilzer@apple.com
  • 2 edits in trunk/Websites/bugs.webkit.org

Use secure (https) links on enter_bug.cgi
<https://webkit.org/b/159853>

Reviewed by Alexey Proskuryakov.

  • template/en/default/global/choose-product.html.tmpl:

Use https instead of http for links to webkit.org.

10:21 AM Changeset in webkit [203326] by Chris Dumez
  • 7 edits in trunk/Source/WebCore

Use fastHasAttribute() when possible
https://bugs.webkit.org/show_bug.cgi?id=159838

Reviewed by Ryosuke Niwa.

Use fastHasAttribute() when possible, for performance.

  • editing/DeleteSelectionCommand.cpp:

(WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):

  • editing/markup.cpp:

(WebCore::createMarkupInternal):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::draggable):

  • html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::parseAttribute):

  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::getSelectedSemanticsChild):

  • rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::adjustMenuListButtonStyle):

9:33 AM Changeset in webkit [203325] by Chris Dumez
  • 4 edits in trunk

Add move constructor / assignment operator to ListHashSet
https://bugs.webkit.org/show_bug.cgi?id=159837

Reviewed by Darin Adler.

Source/WTF:

Add move constructor / assignment operator to ListHashSet.

  • wtf/ListHashSet.h:

(WTF::ListHashSetConstIterator::operator++):
(WTF::U>::ListHashSet):
(WTF::=):
(WTF::U>::clear):
(WTF::U>::appendNode):
(WTF::U>::prependNode):
(WTF::U>::deleteAllNodes):
(WTF::ListHashSetNode::ListHashSetNode): Deleted.

Tools:

Add API tests.

  • TestWebKitAPI/Tests/WTF/ListHashSet.cpp:

(TestWebKitAPI::TEST):

8:21 AM Changeset in webkit [203324] by rniwa@webkit.org
  • 133 edits in trunk/Source

Rename fastGetAttribute to attributeWithoutSynchronization
https://bugs.webkit.org/show_bug.cgi?id=159852

Reviewed by Darin Adler.

Source/WebCore:

Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::findAriaModalNodes):
(WebCore::nodeHasRole):
(WebCore::AXObjectCache::handleLiveRegionCreated):
(WebCore::AXObjectCache::handleMenuItemSelected):
(WebCore::AXObjectCache::handleAriaModalChange):
(WebCore::isNodeAriaVisible):

  • accessibility/AccessibilityNodeObject.cpp:

(WebCore::siblingWithAriaRole):
(WebCore::AccessibilityNodeObject::titleElementText):
(WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
(WebCore::AccessibilityNodeObject::hierarchicalLevel):
(WebCore::AccessibilityNodeObject::stringValue):
(WebCore::accessibleNameForNode):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
(WebCore::AccessibilityObject::getAttribute):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::stringValue):
(WebCore::AccessibilityRenderObject::exposesTitleUIElement):

  • accessibility/AccessibilitySVGElement.cpp:

(WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
(WebCore::AccessibilitySVGElement::accessibilityDescription):

  • bindings/objc/DOM.mm:

(-[DOMHTMLLinkElement _mediaQueryMatches]):

  • bindings/scripts/CodeGenerator.pm:

(GetterExpression):

  • bindings/scripts/CodeGeneratorObjC.pm:

(GenerateImplementation):

  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjReflectedStringAttr):

  • dom/AuthorStyleSheets.cpp:

(WebCore::AuthorStyleSheets::collectActiveStyleSheets):

  • dom/Document.cpp:

(WebCore::Document::buildAccessKeyMap):
(WebCore::Document::processBaseElement):

  • dom/DocumentOrderedMap.cpp:

(WebCore::DocumentOrderedMap::getElementByLabelForAttribute):

  • dom/Element.cpp:

(WebCore::Element::imageSourceURL):
(WebCore::Element::rendererIsNeeded):
(WebCore::Element::insertedInto):
(WebCore::Element::removedFrom):
(WebCore::Element::pseudo):
(WebCore::Element::setPseudo):
(WebCore::Element::spellcheckAttributeState):
(WebCore::Element::canContainRangeEndPoint):
(WebCore::Element::completeURLsInAttributeValue):

  • dom/Element.h:

(WebCore::Element::fastHasAttribute):
(WebCore::Element::attributeWithoutSynchronization):
(WebCore::Element::fastGetAttribute): Deleted.

  • dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::createSheet):

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestScript):
(WebCore::ScriptElement::executeScript):

  • dom/SlotAssignment.cpp:

(WebCore::slotNameFromSlotAttribute):
(WebCore::SlotAssignment::SlotAssignment):
(WebCore::recursivelyFireSlotChangeEvent):
(WebCore::SlotAssignment::didChangeSlot):
(WebCore::SlotAssignment::hostChildElementDidChange):
(WebCore::SlotAssignment::assignedNodesForSlot):
(WebCore::SlotAssignment::resolveAllSlotElements):

  • dom/TreeScope.cpp:

(WebCore::TreeScope::labelElementForId):

  • dom/VisitedLinkState.cpp:

(WebCore::linkAttribute):

  • editing/ApplyStyleCommand.cpp:

(WebCore::isLegacyAppleStyleSpan):
(WebCore::hasNoAttributeOrOnlyStyleAttribute):

  • editing/EditingStyle.cpp:

(WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::isInterchangeNewlineNode):
(WebCore::isInterchangeConvertedSpaceSpan):
(WebCore::positionAvoidingPrecedingNodes):
(WebCore::isMailPasteAsQuotationNode):
(WebCore::isHeaderElement):
(WebCore::isInlineNodeWithStyle):

  • editing/TextIterator.cpp:

(WebCore::isRendererReplacedElement):

  • editing/cocoa/DataDetection.mm:

(WebCore::DataDetection::isDataDetectorLink):
(WebCore::DataDetection::requiresExtendedContext):
(WebCore::DataDetection::dataDetectorIdentifier):
(WebCore::DataDetection::shouldCancelDefaultAction):
(WebCore::removeResultLinksFromAnchor):
(WebCore::searchForLinkRemovingExistingDDLinks):

  • editing/gtk/EditorGtk.cpp:

(WebCore::elementURL):

  • editing/htmlediting.cpp:

(WebCore::isTabSpanNode):
(WebCore::isTabSpanTextNode):
(WebCore::isMailBlockquote):
(WebCore::caretMinOffset):

  • editing/markup.cpp:

(WebCore::createFragmentFromMarkup):

  • html/Autofill.cpp:

(WebCore::AutofillData::createFromHTMLFormControlElement):

  • html/BaseTextInputType.cpp:

(WebCore::BaseTextInputType::patternMismatch):

  • html/DateInputType.cpp:

(WebCore::DateInputType::createStepRange):

  • html/DateTimeInputType.cpp:

(WebCore::DateTimeInputType::createStepRange):

  • html/DateTimeLocalInputType.cpp:

(WebCore::DateTimeLocalInputType::createStepRange):

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::findAssociatedForm):
(WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
(WebCore::FormAssociatedElement::formAttributeTargetChanged):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::draggable):
(WebCore::HTMLAnchorElement::href):
(WebCore::HTMLAnchorElement::setHref):
(WebCore::HTMLAnchorElement::target):
(WebCore::HTMLAnchorElement::origin):
(WebCore::HTMLAnchorElement::sendPings):
(WebCore::HTMLAnchorElement::handleClick):

  • html/HTMLAnchorElement.h:

(WebCore::HTMLAnchorElement::visitedLinkHash):

  • html/HTMLAppletElement.cpp:

(WebCore::HTMLAppletElement::updateWidget):

  • html/HTMLAreaElement.cpp:

(WebCore::HTMLAreaElement::target):

  • html/HTMLAttachmentElement.cpp:

(WebCore::HTMLAttachmentElement::attachmentTitle):
(WebCore::HTMLAttachmentElement::attachmentType):

  • html/HTMLBaseElement.cpp:

(WebCore::HTMLBaseElement::target):
(WebCore::HTMLBaseElement::href):

  • html/HTMLBodyElement.cpp:

(WebCore::HTMLBodyElement::addSubresourceAttributeURLs):

  • html/HTMLButtonElement.cpp:

(WebCore::HTMLButtonElement::value):
(WebCore::HTMLButtonElement::computeWillValidate):

  • html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::reset):

  • html/HTMLDocument.cpp:

(WebCore::HTMLDocument::bgColor):
(WebCore::HTMLDocument::setBgColor):
(WebCore::HTMLDocument::fgColor):
(WebCore::HTMLDocument::setFgColor):
(WebCore::HTMLDocument::alinkColor):
(WebCore::HTMLDocument::setAlinkColor):
(WebCore::HTMLDocument::linkColor):
(WebCore::HTMLDocument::setLinkColor):
(WebCore::HTMLDocument::vlinkColor):
(WebCore::HTMLDocument::setVlinkColor):

  • html/HTMLElement.cpp:

(WebCore::contentEditableType):
(WebCore::HTMLElement::collectStyleForPresentationAttribute):
(WebCore::HTMLElement::dir):
(WebCore::HTMLElement::setDir):
(WebCore::HTMLElement::draggable):
(WebCore::HTMLElement::setDraggable):
(WebCore::HTMLElement::title):
(WebCore::HTMLElement::tabIndex):
(WebCore::HTMLElement::translateAttributeMode):
(WebCore::HTMLElement::hasDirectionAuto):
(WebCore::HTMLElement::directionality):

  • html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::imageSourceURL):
(WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::formEnctype):
(WebCore::HTMLFormControlElement::formMethod):
(WebCore::HTMLFormControlElement::formAction):
(WebCore::HTMLFormControlElement::autocorrect):
(WebCore::HTMLFormControlElement::autocapitalizeType):

  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::autocorrect):
(WebCore::HTMLFormElement::autocapitalizeType):
(WebCore::HTMLFormElement::autocapitalize):
(WebCore::HTMLFormElement::action):
(WebCore::HTMLFormElement::setAction):
(WebCore::HTMLFormElement::target):
(WebCore::HTMLFormElement::wasUserSubmitted):
(WebCore::HTMLFormElement::shouldAutocomplete):
(WebCore::HTMLFormElement::finishParsingChildren):
(WebCore::HTMLFormElement::autocomplete):

  • html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::location):
(WebCore::HTMLFrameElementBase::setLocation):

  • html/HTMLHtmlElement.cpp:

(WebCore::HTMLHtmlElement::insertedByParser):

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::imageSourceURL):
(WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
(WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
(WebCore::HTMLImageElement::selectImageSource):
(WebCore::HTMLImageElement::altText):
(WebCore::HTMLImageElement::createElementRenderer):
(WebCore::HTMLImageElement::width):
(WebCore::HTMLImageElement::height):
(WebCore::HTMLImageElement::alt):
(WebCore::HTMLImageElement::draggable):
(WebCore::HTMLImageElement::setHeight):
(WebCore::HTMLImageElement::src):
(WebCore::HTMLImageElement::setSrc):
(WebCore::HTMLImageElement::addSubresourceAttributeURLs):
(WebCore::HTMLImageElement::didMoveToNewDocument):
(WebCore::HTMLImageElement::isServerMap):
(WebCore::HTMLImageElement::crossOrigin):

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::updateType):
(WebCore::HTMLInputElement::initializeInputType):
(WebCore::HTMLInputElement::altText):
(WebCore::HTMLInputElement::value):
(WebCore::HTMLInputElement::defaultValue):
(WebCore::HTMLInputElement::setDefaultValue):
(WebCore::HTMLInputElement::acceptMIMETypes):
(WebCore::HTMLInputElement::acceptFileExtensions):
(WebCore::HTMLInputElement::accept):
(WebCore::HTMLInputElement::alt):
(WebCore::HTMLInputElement::effectiveMaxLength):
(WebCore::HTMLInputElement::src):
(WebCore::HTMLInputElement::setAutoFilled):
(WebCore::HTMLInputElement::dataList):
(WebCore::HTMLInputElement::resetListAttributeTargetObserver):

  • html/HTMLKeygenElement.cpp:

(WebCore::HTMLKeygenElement::isKeytypeRSA):
(WebCore::HTMLKeygenElement::appendFormData):

  • html/HTMLLIElement.cpp:

(WebCore::HTMLLIElement::didAttachRenderers):
(WebCore::HTMLLIElement::parseValue):

  • html/HTMLLabelElement.cpp:

(WebCore::HTMLLabelElement::control):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::crossOrigin):
(WebCore::HTMLLinkElement::process):
(WebCore::HTMLLinkElement::href):
(WebCore::HTMLLinkElement::rel):
(WebCore::HTMLLinkElement::target):
(WebCore::HTMLLinkElement::type):
(WebCore::HTMLLinkElement::iconType):

  • html/HTMLMarqueeElement.cpp:

(WebCore::HTMLMarqueeElement::scrollAmount):
(WebCore::HTMLMarqueeElement::setScrollAmount):
(WebCore::HTMLMarqueeElement::scrollDelay):
(WebCore::HTMLMarqueeElement::setScrollDelay):
(WebCore::HTMLMarqueeElement::loop):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::insertedInto):
(WebCore::HTMLMediaElement::crossOrigin):
(WebCore::HTMLMediaElement::networkState):
(WebCore::HTMLMediaElement::mediaSessionTitle):
(WebCore::HTMLMediaElement::doesHaveAttribute):

  • html/HTMLMetaElement.cpp:

(WebCore::HTMLMetaElement::process):
(WebCore::HTMLMetaElement::content):
(WebCore::HTMLMetaElement::httpEquiv):
(WebCore::HTMLMetaElement::name):

  • html/HTMLMeterElement.cpp:

(WebCore::HTMLMeterElement::min):
(WebCore::HTMLMeterElement::setMin):
(WebCore::HTMLMeterElement::max):
(WebCore::HTMLMeterElement::setMax):
(WebCore::HTMLMeterElement::value):
(WebCore::HTMLMeterElement::low):
(WebCore::HTMLMeterElement::high):
(WebCore::HTMLMeterElement::optimum):

  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
(WebCore::HTMLObjectElement::hasValidClassId):
(WebCore::HTMLObjectElement::imageSourceURL):
(WebCore::HTMLObjectElement::renderFallbackContent):
(WebCore::HTMLObjectElement::containsJavaApplet):
(WebCore::HTMLObjectElement::addSubresourceAttributeURLs):

  • html/HTMLOptGroupElement.cpp:

(WebCore::HTMLOptGroupElement::groupLabelText):

  • html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::value):
(WebCore::HTMLOptionElement::label):

  • html/HTMLParamElement.cpp:

(WebCore::HTMLParamElement::value):
(WebCore::HTMLParamElement::isURLParameter):

  • html/HTMLProgressElement.cpp:

(WebCore::HTMLProgressElement::value):
(WebCore::HTMLProgressElement::max):

  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::crossOrigin):
(WebCore::HTMLScriptElement::src):
(WebCore::HTMLScriptElement::sourceAttributeValue):
(WebCore::HTMLScriptElement::charsetAttributeValue):
(WebCore::HTMLScriptElement::typeAttributeValue):
(WebCore::HTMLScriptElement::languageAttributeValue):
(WebCore::HTMLScriptElement::forAttributeValue):
(WebCore::HTMLScriptElement::eventAttributeValue):
(WebCore::HTMLScriptElement::asyncAttributeValue):

  • html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::insertedInto):
(WebCore::HTMLSlotElement::removedFrom):

  • html/HTMLSourceElement.cpp:

(WebCore::HTMLSourceElement::media):
(WebCore::HTMLSourceElement::setMedia):
(WebCore::HTMLSourceElement::type):
(WebCore::HTMLSourceElement::setType):

  • html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::colSpanForBindings):
(WebCore::HTMLTableCellElement::rowSpan):
(WebCore::HTMLTableCellElement::rowSpanForBindings):
(WebCore::HTMLTableCellElement::cellIndex):
(WebCore::HTMLTableCellElement::abbr):
(WebCore::HTMLTableCellElement::axis):
(WebCore::HTMLTableCellElement::setColSpanForBindings):
(WebCore::HTMLTableCellElement::headers):
(WebCore::HTMLTableCellElement::setRowSpanForBindings):
(WebCore::HTMLTableCellElement::scope):
(WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
(WebCore::HTMLTableCellElement::cellAbove):

  • html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::width):

  • html/HTMLTableElement.cpp:

(WebCore::HTMLTableElement::rules):
(WebCore::HTMLTableElement::summary):
(WebCore::HTMLTableElement::addSubresourceAttributeURLs):

  • html/HTMLTableSectionElement.cpp:

(WebCore::HTMLTableSectionElement::align):
(WebCore::HTMLTableSectionElement::setAlign):
(WebCore::HTMLTableSectionElement::ch):
(WebCore::HTMLTableSectionElement::setCh):
(WebCore::HTMLTableSectionElement::chOff):
(WebCore::HTMLTableSectionElement::setChOff):
(WebCore::HTMLTableSectionElement::vAlign):
(WebCore::HTMLTableSectionElement::setVAlign):

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::appendFormData):

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::strippedPlaceholder):
(WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
(WebCore::HTMLTextFormControlElement::directionForFormData):

  • html/HTMLTrackElement.cpp:

(WebCore::HTMLTrackElement::srclang):
(WebCore::HTMLTrackElement::label):
(WebCore::HTMLTrackElement::isDefault):
(WebCore::HTMLTrackElement::ensureTrack):
(WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):

  • html/HTMLVideoElement.cpp:

(WebCore::HTMLVideoElement::parseAttribute):
(WebCore::HTMLVideoElement::imageSourceURL):

  • html/ImageInputType.cpp:

(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):

  • html/InputType.cpp:

(WebCore::InputType::applyStep):

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):

  • html/MonthInputType.cpp:

(WebCore::MonthInputType::createStepRange):

  • html/NumberInputType.cpp:

(WebCore::NumberInputType::createStepRange):
(WebCore::NumberInputType::sizeShouldIncludeDecoration):

  • html/RangeInputType.cpp:

(WebCore::RangeInputType::createStepRange):
(WebCore::RangeInputType::handleKeydownEvent):

  • html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::appendFormData):
(WebCore::TextFieldInputType::updateAutoFillButton):

  • html/TimeInputType.cpp:

(WebCore::TimeInputType::createStepRange):

  • html/ValidationMessage.cpp:

(WebCore::ValidationMessage::updateValidationMessage):

  • html/WeekInputType.cpp:

(WebCore::WeekInputType::createStepRange):

  • html/track/WebVTTElement.cpp:

(WebCore::WebVTTElement::createEquivalentHTMLElement):

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::buildObjectForFrame):

  • loader/FormSubmission.cpp:

(WebCore::FormSubmission::create):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::defaultSubstituteDataForURL):

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):

  • mathml/MathMLElement.cpp:

(WebCore::MathMLElement::colSpan):
(WebCore::MathMLElement::rowSpan):
(WebCore::MathMLElement::childShouldCreateRenderer):
(WebCore::MathMLElement::defaultEventHandler):
(WebCore::MathMLElement::cachedMathMLLength):

  • mathml/MathMLFractionElement.cpp:

(WebCore::MathMLFractionElement::lineThickness):
(WebCore::MathMLFractionElement::cachedFractionAlignment):

  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
(WebCore::MathMLSelectElement::getSelectedActionChild):
(WebCore::MathMLSelectElement::getSelectedSemanticsChild):
(WebCore::MathMLSelectElement::defaultEventHandler):
(WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
(WebCore::MathMLSelectElement::toggle):

  • page/EventHandler.cpp:

(WebCore::findDropZone):

  • page/Frame.cpp:

(WebCore::Frame::matchLabelsAgainstElement):

  • page/PageSerializer.cpp:

(WebCore::PageSerializer::serializeFrame):

  • platform/win/PasteboardWin.cpp:

(WebCore::Pasteboard::writeImageToDataObject):

  • rendering/HitTestResult.cpp:

(WebCore::HitTestResult::altDisplayString):

  • rendering/RenderDetailsMarker.cpp:

(WebCore::RenderDetailsMarker::isOpen):

  • rendering/RenderImage.cpp:

(WebCore::RenderImage::imageMap):
(WebCore::RenderImage::nodeAtPoint):

  • rendering/RenderMenuList.cpp:

(RenderMenuList::itemAccessibilityText):
(RenderMenuList::itemToolTip):

  • rendering/RenderSearchField.cpp:

(WebCore::RenderSearchField::autosaveName):

  • rendering/RenderThemeIOS.mm:

(WebCore::getAttachmentProgress):
(WebCore::AttachmentInfo::AttachmentInfo):

  • rendering/RenderThemeMac.mm:

(WebCore::AttachmentLayout::layOutSubtitle):
(WebCore::RenderThemeMac::paintAttachment):

  • rendering/mathml/MathMLStyle.cpp:

(WebCore::MathMLStyle::resolveMathMLStyle):

  • rendering/mathml/RenderMathMLFenced.cpp:

(WebCore::RenderMathMLFenced::updateFromElement):

  • rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
(WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
(WebCore::RenderMathMLOperator::setOperatorProperties):

  • rendering/mathml/RenderMathMLScripts.cpp:

(WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):

  • rendering/mathml/RenderMathMLUnderOver.cpp:

(WebCore::RenderMathMLUnderOver::hasAccent):

  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::canShareStyleWithElement):
(WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):

  • svg/SVGAElement.cpp:

(WebCore::SVGAElement::title):
(WebCore::SVGAElement::defaultEventHandler):

  • svg/SVGAltGlyphElement.cpp:

(WebCore::SVGAltGlyphElement::glyphRef):
(WebCore::SVGAltGlyphElement::setFormat):
(WebCore::SVGAltGlyphElement::format):
(WebCore::SVGAltGlyphElement::childShouldCreateRenderer):

  • svg/SVGAnimationElement.cpp:

(WebCore::SVGAnimationElement::toValue):
(WebCore::SVGAnimationElement::byValue):
(WebCore::SVGAnimationElement::fromValue):
(WebCore::SVGAnimationElement::isAdditive):
(WebCore::SVGAnimationElement::isAccumulated):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::xmlbase):
(WebCore::SVGElement::setXmlbase):

  • svg/SVGFontFaceElement.cpp:

(WebCore::SVGFontFaceElement::unitsPerEm):
(WebCore::SVGFontFaceElement::xHeight):
(WebCore::SVGFontFaceElement::capHeight):
(WebCore::SVGFontFaceElement::horizontalOriginX):
(WebCore::SVGFontFaceElement::horizontalOriginY):
(WebCore::SVGFontFaceElement::horizontalAdvanceX):
(WebCore::SVGFontFaceElement::verticalOriginX):
(WebCore::SVGFontFaceElement::verticalOriginY):
(WebCore::SVGFontFaceElement::verticalAdvanceY):
(WebCore::SVGFontFaceElement::ascent):
(WebCore::SVGFontFaceElement::descent):

  • svg/SVGFontFaceNameElement.cpp:

(WebCore::SVGFontFaceNameElement::srcValue):

  • svg/SVGFontFaceUriElement.cpp:

(WebCore::SVGFontFaceUriElement::srcValue):

  • svg/SVGGlyphRefElement.cpp:

(WebCore::SVGGlyphRefElement::glyphRef):
(WebCore::SVGGlyphRefElement::setGlyphRef):

  • svg/SVGHKernElement.cpp:

(WebCore::SVGHKernElement::buildHorizontalKerningPair):

  • svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::contentScriptType):
(WebCore::SVGSVGElement::contentStyleType):

  • svg/SVGStyleElement.cpp:

(WebCore::SVGStyleElement::media):
(WebCore::SVGStyleElement::title):
(WebCore::SVGStyleElement::setTitle):

  • svg/SVGToOTFFontConversion.cpp:

(WebCore::SVGToOTFFontConverter::appendOS2Table):
(WebCore::SVGToOTFFontConverter::appendCFFTable):
(WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
(WebCore::SVGToOTFFontConverter::appendVORGTable):
(WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
(WebCore::SVGToOTFFontConverter::processGlyphElement):
(WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
(WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

  • svg/SVGVKernElement.cpp:

(WebCore::SVGVKernElement::buildVerticalKerningPair):

  • svg/animation/SVGSMILElement.cpp:

(WebCore::SVGSMILElement::insertedInto):
(WebCore::SVGSMILElement::parseAttribute):
(WebCore::SVGSMILElement::svgAttributeChanged):
(WebCore::SVGSMILElement::restart):
(WebCore::SVGSMILElement::fill):
(WebCore::SVGSMILElement::dur):
(WebCore::SVGSMILElement::repeatDur):
(WebCore::SVGSMILElement::repeatCount):
(WebCore::SVGSMILElement::maxValue):
(WebCore::SVGSMILElement::minValue):

Source/WebKit/mac:

  • WebView/WebHTMLRepresentation.mm:

(matchLabelsAgainstElement):

Source/WebKit/win:

  • DOMHTMLClasses.cpp:

(DOMHTMLElement::idName):

Source/WebKit2:

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getPositionInformation):
(WebKit::WebPage::performActionOnElement):
(WebKit::WebPage::getAssistedNodeInformation):

4:33 AM Changeset in webkit [203323] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
https://bugs.webkit.org/show_bug.cgi?id=159809

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2016-07-16
Reviewed by Brady Eidson.

In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
deleted in the main thread in case the protector contains the last reference.

Jul 15, 2016:

9:51 PM Changeset in webkit [203322] by Chris Dumez
  • 49 edits in trunk/Source

Use emptyString() / nullAtom when possible
https://bugs.webkit.org/show_bug.cgi?id=159850

Reviewed by Ryosuke Niwa.

Use emptyString() / nullAtom when possible, for performance.

Source/WebCore:

  • Modules/webaudio/AudioNode.cpp:

(WebCore::AudioNode::channelCountMode):
(WebCore::AudioNode::channelInterpretation):

  • Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::tracker):

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::WebSocket):
(WebCore::WebSocket::didConnect):

  • Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::subprotocol):
(WebCore::WebSocketChannel::extensions):

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::supportsPressAction):

  • accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::postTextStateChangePlatformNotification):

  • css/CSSPropertySourceData.cpp:

(WebCore::CSSPropertySourceData::CSSPropertySourceData):

  • css/PageRuleCollector.cpp:

(WebCore::PageRuleCollector::pageName):

  • css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):

  • dom/DocumentMarkerController.cpp:

(WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):

  • dom/Element.cpp:

(WebCore::Element::setPrefix):

  • editing/AlternativeTextController.cpp:

(WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
(WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):

  • editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::removeNodeAttribute):
(WebCore::CompositeEditCommand::moveParagraphs):

  • editing/InsertTextCommand.cpp:

(WebCore::InsertTextCommand::positionInsideTextNode):

  • editing/TextCheckingHelper.cpp:

(WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):

  • editing/TypingCommand.cpp:

(WebCore::TypingCommand::deleteSelection):
(WebCore::TypingCommand::deleteKeyPressed):
(WebCore::TypingCommand::forwardDeleteKeyPressed):
(WebCore::TypingCommand::insertLineBreak):
(WebCore::TypingCommand::insertParagraphSeparator):

  • editing/cocoa/EditorCocoa.mm:

(WebCore::Editor::styleForSelectionStart):

  • editing/mac/EditorMac.mm:

(WebCore::Editor::stringSelectionForPasteboard):
(WebCore::Editor::stringSelectionForPasteboardWithImageAltText):

  • fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::FileReaderLoader):

  • html/FileInputType.cpp:

(WebCore::FileInputType::appendFormData):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

  • html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::HTMLOutputElement):

  • html/SearchInputType.cpp:

(WebCore::SearchInputType::handleKeydownEvent):

  • html/TextFieldInputType.cpp:

(WebCore::autoFillButtonTypeToAccessibilityLabel):

  • html/canvas/WebGLDebugShaders.cpp:

(WebCore::WebGLDebugShaders::getTranslatedShaderSource):

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
(WebCore::WebGLRenderingContextBase::maybeRestoreContext):

  • html/canvas/WebGLShader.cpp:

(WebCore::WebGLShader::WebGLShader):

  • html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlStatusDisplayElement::update):

  • html/track/TextTrack.cpp:

(WebCore::TextTrack::captionMenuOffItem):
(WebCore::TextTrack::captionMenuAutomaticItem):

  • html/track/VTTRegion.cpp:

(WebCore::VTTRegion::scroll):

  • html/track/VTTRegion.h:
  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::toErrorString):
(WebCore::InspectorDOMAgent::resolveNode):
(WebCore::InspectorDOMAgent::documentURLString):
(WebCore::documentBaseURLString):

  • inspector/InspectorDOMDebuggerAgent.cpp:

(WebCore::domTypeName):

  • inspector/InspectorFrontendHost.cpp:

(WebCore::InspectorFrontendHost::localizedStringsURL):

  • inspector/InspectorHistory.cpp:

(WebCore::InspectorHistory::Action::mergeId):

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::reload):
(WebCore::InspectorPageAgent::frameId):
(WebCore::InspectorPageAgent::loaderId):

  • inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyleSheet::ruleSelector):

  • loader/EmptyClients.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::referrer):

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::clearFailedLoadURL):

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveResponse):

  • page/ContextMenuController.cpp:

(WebCore::ContextMenuController::contextMenuItemSelected):

  • page/FrameTree.cpp:

(WebCore::FrameTree::setName):
(WebCore::FrameTree::clearName):

  • page/Location.cpp:

(WebCore::Location::port):

  • platform/network/ProtectionSpaceBase.cpp:

(WebCore::ProtectionSpaceBase::ProtectionSpaceBase):

  • xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::handleElementAttributes):

Source/WTF:

  • wtf/text/AtomicString.cpp:

(WTF::AtomicString::convertASCIICase):

9:17 PM Changeset in webkit [203321] by benjamin@webkit.org
  • 4 edits
    2 deletes in trunk/LayoutTests

[mac] LayoutTest fast/css/ancestor-of-hovered-element-detached.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=159173

Reviewed by Alexey Proskuryakov.

The test ancestor-of-hovered-element-detached.html is not reliably
covering r202324.

In the case of that test, the first style update is done with
the flag TeardownType::KeepHoverAndActive. This keeps the ":hover" state
set despite the subtree losing their renderer.
This looks like a serious issue that should be tested separately.

  • fast/css/ancestor-of-hovered-element-removed.html:

The :hover update timer is actually a zero timer.
It is reasonable to expect a full update after one frame update.

  • fast/css/ancestor-of-hovered-element-detached-expected.txt: Removed.
  • fast/css/ancestor-of-hovered-element-detached.html: Removed.
  • platform/ios-simulator/TestExpectations:
  • platform/mac/TestExpectations:
9:16 PM Changeset in webkit [203320] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

[JSC] Convert the remaining createOutOfMemoryError()+throwException() into throwOutOfMemoryError()
https://bugs.webkit.org/show_bug.cgi?id=159665

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-07-15
Reviewed by Saam Barati.

  • API/JSTypedArray.cpp:

(createTypedArray):

  • runtime/Error.cpp:

(JSC::createOutOfMemoryError):

  • runtime/Error.h:
  • runtime/ExceptionHelpers.cpp:

(JSC::throwOutOfMemoryError):

  • runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):

  • runtime/JSArrayBufferPrototype.cpp:

(JSC::arrayBufferProtoFuncSlice):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::create):
(JSC::JSGenericTypedArrayView<Adaptor>::createUninitialized):

7:50 PM Changeset in webkit [203319] by mmaxfield@apple.com
  • 2 edits in trunk/LayoutTests

Test gardening after r203314
https://bugs.webkit.org/show_bug.cgi?id=159842

Unreviewed.

7:12 PM Changeset in webkit [203318] by commit-queue@webkit.org
  • 5 edits in trunk

[JSC] Change some parameters based on a random search
https://bugs.webkit.org/show_bug.cgi?id=158514

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-07-15
Reviewed by Saam Barati.

Source/JavaScriptCore:

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::optimizationThresholdScalingFactor):

  • runtime/Options.h:

Tools:

  • Scripts/run-jsc-stress-tests:
6:43 PM Changeset in webkit [203317] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
https://bugs.webkit.org/show_bug.cgi?id=159824
rdar://problem/27376305

Reviewed by Brian Burg.

InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
used window.devicePixelRatio which was always 1.

Fix by setting the deviceScaleFactor on the m_overlayPage.

  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::overlayPage):

6:19 PM Changeset in webkit [203316] by timothy@apple.com
  • 3 edits in trunk/Source/WebKit2

Web Automation: Fix element and event coord space issues
https://bugs.webkit.org/show_bug.cgi?id=159851
rdar://problem/27375780

Reviewed by Brian Burg.

  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::performMouseInteraction): Subtract topContentInset() before
it goes back out to WebDriver.

  • WebProcess/Automation/WebAutomationSessionProxy.cpp:

(WebKit::WebAutomationSessionProxy::computeElementLayout): When using useViewportCoordinates,
subtract topContentInset() so it matches expectations.

6:14 PM Changeset in webkit [203315] by mark.lam@apple.com
  • 2 edits
    5 adds in trunk/Source/JavaScriptCore

Assertion failures and crashes with missing TDZ checks for catch-node bindings.
https://bugs.webkit.org/show_bug.cgi?id=158797

Reviewed by Saam Barati.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitPushCatchScope):
(JSC::BytecodeGenerator::emitPopCatchScope):

  • tests/stress/catch-clause-should-be-under-tdz1.js: Added.
  • tests/stress/catch-clause-should-be-under-tdz2.js: Added.
  • tests/stress/catch-clause-should-be-under-tdz3.js: Added.
  • tests/stress/catch-clause-should-be-under-tdz4.js: Added.
  • tests/stress/catch-clause-should-be-under-tdz5.js: Added.
5:55 PM Changeset in webkit [203314] by mmaxfield@apple.com
  • 5 edits in trunk

[macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
https://bugs.webkit.org/show_bug.cgi?id=159842

Reviewed by Jon Lee.

Source/WebCore:

<rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
<rdar://problem/27325521>.

  • platform/text/mac/TextBoundaries.mm:

(WebCore::findNextWordFromIndex):

LayoutTests:

  • editing/deleting/delete-emoji-expected.txt:
  • editing/deleting/delete-emoji.html:
5:46 PM Changeset in webkit [203313] by beidson@apple.com
  • 9 edits in trunk

Update XPathException to use the description in toString().
https://bugs.webkit.org/show_bug.cgi?id=159848

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by changes to existing tests).

  • bindings/js/JSDOMBinding.cpp:

(WebCore::createDOMException):

  • xml/XPathException.h:

(WebCore::XPathException::XPathException):

LayoutTests:

  • fast/dom/DOMException/XPathException-expected.txt:
  • fast/dom/DOMException/resources/XPathException.js:
  • fast/xpath/4XPath/Core/test_parser-expected.txt:
  • fast/xpath/invalid-functions-expected.txt:
  • fast/xpath/py-dom-xpath/expressions-expected.txt:
5:39 PM Changeset in webkit [203312] by Beth Dakin
  • 15 edits in trunk/Source/WebKit2

Mac UI process needs to know about element focus and blur, much like iOS
https://bugs.webkit.org/show_bug.cgi?id=159843
-and corresponding-
rdar://problem/27229504

Reviewed by Tim Horton.

This patch makes the existing iOS machinery to handle focus and blurring of
elements cross-platform. Instead of using the existing iOS messages for
startAssistingNode/stopAssistingNode, this patch adds a new message that
require only a boolean parameter: setEditableElementIsFocused.

Now that more of this code is shared, this patch teases
m_hasFocusedDueToUserInteraction out into two variables. I realized that it
was being used to mean two slightly different things on Mac and iOS, which
was very confusing. Now we have m_isAssistingNodeDueToUserInteraction to
represent the way iOS was using the variable, and we have
m_hasEverFocusedElementDueToUserInteractionSincePageTransition to represent
how Mac was using the variable. There should not be any behavior changes with
this re-name, just added clarity.

WebViewImpl has a new member variable m_editableElementIsFocused.

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::setEditableElementIsFocused):

Pipe the new setEditableElementIsFocused message to WebViewImpl.

  • UIProcess/PageClient.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setEditableElementIsFocused):

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::setEditableElementIsFocused):

elementDidFocus() and elementDidBlur() are now PLATFORM(COCOA) instead of
PLATFORM(IOS)

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::elementDidFocus):
(WebKit::WebChromeClient::elementDidBlur):

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm:

(WebKit::WebChromeClient::elementDidFocus): Deleted.
(WebKit::WebChromeClient::elementDidBlur): Deleted.

m_hasPendingBlurNotification is no longer iOS-only.

  • WebProcess/WebPage/WebPage.cpp:

Use our two new bools m_isAssistingNodeDueToUserInteraction and
m_hasEverFocusedElementDueToUserInteractionSincePageTransition
(WebKit::WebPage::didStartPageTransition):
(WebKit::WebPage::didChangeSelection):

These functions are all newly cross-platform. The Messages they send are
still platform-specific, but otherwise the logic is the same. We
dispatch_async the blur messages so that the UI process features won’t be
flashy when the user is tapping, tabbing, or clicking through form fields.
(WebKit::WebPage::resetAssistedNodeForFrame):
(WebKit::WebPage::elementDidFocus):
(WebKit::WebPage::elementDidBlur):

resetAssistedNodeForFrame() is no longer iOS-only.
(WebKit::WebPage::didCommitLoad):

Move variables and functions around so that they are defined for the right
platform, and declare the two new bools in place of the old one.

  • WebProcess/WebPage/WebPage.h:

These functions are now defined in WebPage.cpp

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::resetAssistedNodeForFrame): Deleted.
(WebKit::WebPage::elementDidFocus): Deleted.
(WebKit::WebPage::elementDidBlur): Deleted.

5:09 PM Changeset in webkit [203311] by beidson@apple.com
  • 2 edits in trunk

Revert double ChangeLog entries

5:06 PM Changeset in webkit [203310] by beidson@apple.com
  • 2 edits in trunk

Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
https://bugs.webkit.org/show_bug.cgi?id=159839

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

  • IndexedDB-private-browsing/idbindex_get7-expected.txt:
  • IndexedDB-private-browsing/idbindex_getKey7-expected.txt:
  • IndexedDB-private-browsing/idbindex_openCursor2-expected.txt:
  • IndexedDB-private-browsing/idbindex_openKeyCursor3-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_get7-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_getKey7-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_openCursor2-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_openKeyCursor3-expected.txt:

Source/WebCore:

No new tests (Covered by changes to existing tests).

This is the first step towards extended exception messages for all exception types.

  • dom/ExceptionBase.cpp:

(WebCore::ExceptionBase::ExceptionBase):
(WebCore::ExceptionBase::toString):

  • dom/ExceptionBase.h:

LayoutTests:

  • storage/indexeddb/modern/createobjectstore-failures-expected.txt:
  • storage/indexeddb/modern/createobjectstore-failures-private-expected.txt:
  • storage/indexeddb/modern/double-abort-expected.txt:
  • storage/indexeddb/modern/double-abort-private-expected.txt:
  • storage/indexeddb/modern/idbdatabase-deleteobjectstore-failures-expected.txt:
  • storage/indexeddb/modern/idbdatabase-deleteobjectstore-failures-private-expected.txt:
  • storage/indexeddb/modern/idbdatabase-transaction-failures-expected.txt:
  • storage/indexeddb/modern/idbdatabase-transaction-failures-private-expected.txt:
5:04 PM Changeset in webkit [203309] by beidson@apple.com
  • 21 edits in trunk

Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
https://bugs.webkit.org/show_bug.cgi?id=159839

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

  • IndexedDB-private-browsing/idbindex_get7-expected.txt:
  • IndexedDB-private-browsing/idbindex_getKey7-expected.txt:
  • IndexedDB-private-browsing/idbindex_openCursor2-expected.txt:
  • IndexedDB-private-browsing/idbindex_openKeyCursor3-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_get7-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_getKey7-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_openCursor2-expected.txt:
  • web-platform-tests/IndexedDB/idbindex_openKeyCursor3-expected.txt:

Source/WebCore:

No new tests (Covered by changes to existing tests).

This is the first step towards extended exception messages for all exception types.

  • dom/ExceptionBase.cpp:

(WebCore::ExceptionBase::ExceptionBase):
(WebCore::ExceptionBase::toString):

  • dom/ExceptionBase.h:

LayoutTests:

  • storage/indexeddb/modern/createobjectstore-failures-expected.txt:
  • storage/indexeddb/modern/createobjectstore-failures-private-expected.txt:
  • storage/indexeddb/modern/double-abort-expected.txt:
  • storage/indexeddb/modern/double-abort-private-expected.txt:
  • storage/indexeddb/modern/idbdatabase-deleteobjectstore-failures-expected.txt:
  • storage/indexeddb/modern/idbdatabase-deleteobjectstore-failures-private-expected.txt:
  • storage/indexeddb/modern/idbdatabase-transaction-failures-expected.txt:
  • storage/indexeddb/modern/idbdatabase-transaction-failures-private-expected.txt:
4:50 PM Changeset in webkit [203308] by Brent Fulgham
  • 1 edit
    5 adds in trunk/LayoutTests

Merge background parser Blink test case
https://bugs.webkit.org/show_bug.cgi?id=116503

Test case is from the Blink change (patch by <apavlov@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/3044d8c22b6ab5653fe572aad656ae1325725dc9>

  • fast/css/background-parser-crash-expected.txt: Added.
  • fast/css/background-parser-crash.html: Added.
  • inspector/styles: Added.
  • inspector/styles/background-parsing-crash-expected.txt: Added.
  • inspector/styles/background-parsing-crash.html: Added.
4:25 PM Changeset in webkit [203307] by Brent Fulgham
  • 1 edit
    2 adds in trunk/LayoutTests

Merge First-letter Blink test case
https://bugs.webkit.org/show_bug.cgi?id=123961

Test case is from the Blink change (patch by <leviw@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/c8ff8df9fc2ad81580526d53304c281df5d93e97%5E%21/#F1>

  • fast/css-generated-content/empty-first-letter-with-columns-crash-expected.txt: Added.
  • fast/css-generated-content/empty-first-letter-with-columns-crash.html: Added.
3:38 PM Changeset in webkit [203306] by Chris Dumez
  • 2 edits in trunk/Source/WTF

Unreviewed, rolling out r203304.

This is wrong because of Node* entries in the internal HashMap

Reverted changeset:

"Add move constructor / assignment operator to ListHashSet"
https://bugs.webkit.org/show_bug.cgi?id=159837
http://trac.webkit.org/changeset/203304

3:27 PM Changeset in webkit [203305] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking http/tests/cache/disk-cache/disk-cache-request-max-stale.html as a flaky timeout on ios-simulator WK2 Release
https://bugs.webkit.org/show_bug.cgi?id=159840

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
3:25 PM Changeset in webkit [203304] by Chris Dumez
  • 2 edits in trunk/Source/WTF

Add move constructor / assignment operator to ListHashSet
https://bugs.webkit.org/show_bug.cgi?id=159837

Reviewed by Alex Christensen.

Add move constructor / assignment operator to ListHashSet.

  • wtf/ListHashSet.h:
2:51 PM Changeset in webkit [203303] by ggaren@apple.com
  • 38 edits in trunk/Source

Added a makeRef<T> helper
https://bugs.webkit.org/show_bug.cgi?id=159835

Reviewed by Andreas Kling.

Anders told me to!

Source/JavaScriptCore:

  • inspector/InjectedScriptHost.cpp:

(Inspector::InjectedScriptHost::wrapper):

Source/WebCore:

  • Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::putOrAddOnServer):

  • Modules/indexeddb/shared/InProcessIDBServer.cpp:

(WebCore::InProcessIDBServer::deleteDatabase):
(WebCore::InProcessIDBServer::didDeleteDatabase):
(WebCore::InProcessIDBServer::openDatabase):
(WebCore::InProcessIDBServer::didOpenDatabase):
(WebCore::InProcessIDBServer::didAbortTransaction):
(WebCore::InProcessIDBServer::didCommitTransaction):
(WebCore::InProcessIDBServer::didCreateObjectStore):
(WebCore::InProcessIDBServer::didDeleteObjectStore):
(WebCore::InProcessIDBServer::didClearObjectStore):
(WebCore::InProcessIDBServer::didCreateIndex):
(WebCore::InProcessIDBServer::didDeleteIndex):
(WebCore::InProcessIDBServer::didPutOrAdd):
(WebCore::InProcessIDBServer::didGetRecord):
(WebCore::InProcessIDBServer::didGetCount):
(WebCore::InProcessIDBServer::didDeleteRecord):
(WebCore::InProcessIDBServer::didOpenCursor):
(WebCore::InProcessIDBServer::didIterateCursor):
(WebCore::InProcessIDBServer::abortTransaction):
(WebCore::InProcessIDBServer::commitTransaction):
(WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
(WebCore::InProcessIDBServer::createObjectStore):
(WebCore::InProcessIDBServer::deleteObjectStore):
(WebCore::InProcessIDBServer::clearObjectStore):
(WebCore::InProcessIDBServer::createIndex):
(WebCore::InProcessIDBServer::deleteIndex):
(WebCore::InProcessIDBServer::putOrAdd):
(WebCore::InProcessIDBServer::getRecord):
(WebCore::InProcessIDBServer::getCount):
(WebCore::InProcessIDBServer::deleteRecord):
(WebCore::InProcessIDBServer::openCursor):
(WebCore::InProcessIDBServer::iterateCursor):
(WebCore::InProcessIDBServer::establishTransaction):
(WebCore::InProcessIDBServer::fireVersionChangeEvent):
(WebCore::InProcessIDBServer::didStartTransaction):
(WebCore::InProcessIDBServer::didCloseFromServer):
(WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
(WebCore::InProcessIDBServer::databaseConnectionClosed):
(WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
(WebCore::InProcessIDBServer::didFireVersionChangeEvent):
(WebCore::InProcessIDBServer::openDBRequestCancelled):
(WebCore::InProcessIDBServer::confirmDidCloseFromServer):
(WebCore::InProcessIDBServer::getAllDatabaseNames):
(WebCore::InProcessIDBServer::didGetAllDatabaseNames):

  • Modules/mediastream/MediaDevicesRequest.cpp:

(WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):

  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::constraintsValidated):
(WebCore::UserMediaRequest::userMediaAccessGranted):

  • Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::scheduleNodeDeletion):
(WebCore::AudioContext::isPlayingAudioDidChange):
(WebCore::AudioContext::suspend):
(WebCore::AudioContext::resume):
(WebCore::AudioContext::close):
(WebCore::AudioContext::suspendPlayback):
(WebCore::AudioContext::mayResumePlayback):

  • Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:

(WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
(WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
(WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
(WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
(WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
(WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
(WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
(WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect):

  • bindings/js/JSEventListener.h:

(WebCore::JSEventListener::jsFunction):

  • dom/Node.cpp:

(WebCore::Node::setTextContent):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

  • inspector/CommandLineAPIHost.cpp:

(WebCore::CommandLineAPIHost::wrapper):

  • platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:

(WebCore::AudioSourceProviderAVFObjC::prepare):

  • platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:

(WebCore::WebCoreAVCFResourceLoader::invalidate):

  • platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:

(WebCore::WebCoreAVFResourceLoader::invalidate):

  • platform/ios/WebVideoFullscreenControllerAVKit.mm:

(WebVideoFullscreenControllerContext::setExternalPlayback):

  • platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::start):
(WebCore::BlobResourceHandle::notifyFinish):

  • platform/network/SocketStreamHandleBase.cpp:

(WebCore::SocketStreamHandleBase::disconnect):

  • platform/network/curl/CurlDownload.cpp:

(WebCore::CurlDownload::didReceiveHeader):

Source/WebKit2:

  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::writeBlobsToTemporaryFiles):

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):

  • Platform/IPC/Connection.cpp:

(IPC::Connection::addWorkQueueMessageReceiver):
(IPC::Connection::removeWorkQueueMessageReceiver):
(IPC::Connection::invalidate):
(IPC::Connection::sendMessage):
(IPC::Connection::processIncomingMessage):
(IPC::Connection::postConnectionDidCloseOnConnectionWorkQueue):
(IPC::Connection::connectionDidClose):
(IPC::Connection::enqueueIncomingMessage):

  • Platform/IPC/mac/ConnectionMac.mm:

(IPC::Connection::receiveSourceEventHandler):

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::setNativeSurfaceHandleForCompositing):
(WebKit::ThreadedCompositor::setDeviceScaleFactor):
(WebKit::ThreadedCompositor::didChangeViewportSize):
(WebKit::ThreadedCompositor::didChangeViewportAttribute):
(WebKit::ThreadedCompositor::didChangeContentsSize):
(WebKit::ThreadedCompositor::scrollTo):
(WebKit::ThreadedCompositor::scrollBy):
(WebKit::ThreadedCompositor::didChangeVisibleRect):

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::UserContentExtensionStore::lookupContentExtension):
(API::UserContentExtensionStore::compileContentExtension):
(API::UserContentExtensionStore::removeContentExtension):

  • UIProcess/Launcher/ProcessLauncher.cpp:

(WebKit::ProcessLauncher::ProcessLauncher):

  • UIProcess/Storage/LocalStorageDatabaseTracker.cpp:

(WebKit::LocalStorageDatabaseTracker::LocalStorageDatabaseTracker):

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::createSessionStorageNamespace):
(WebKit::StorageManager::destroySessionStorageNamespace):
(WebKit::StorageManager::setAllowedSessionStorageNamespaceConnection):
(WebKit::StorageManager::cloneSessionStorageNamespace):
(WebKit::StorageManager::processDidCloseConnection):
(WebKit::StorageManager::getSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):

  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):

  • WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::pluginThreadAsyncCall):

  • WebProcess/WebPage/EventDispatcher.cpp:

(WebKit::EventDispatcher::wheelEvent):
(WebKit::EventDispatcher::gestureEvent):
(WebKit::EventDispatcher::touchEvent):

  • WebProcess/WebPage/ViewUpdateDispatcher.cpp:

(WebKit::ViewUpdateDispatcher::visibleContentRectUpdate):

Source/WTF:

  • wtf/Ref.h:

(WTF::makeRef): Helper function to do type inference for you.

2:35 PM Changeset in webkit [203302] by Chris Dumez
  • 66 edits in trunk/Source

Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
https://bugs.webkit.org/show_bug.cgi?id=159793

Reviewed by Ryosuke Niwa.

Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.

Source/WebCore:

  • Modules/plugins/YouTubePluginReplacement.cpp:

(WebCore::YouTubePluginReplacement::installReplacement):

  • dom/Element.h:

(WebCore::Element::setIdAttribute):

  • editing/ApplyStyleCommand.cpp:

(WebCore::hasNoAttributeOrOnlyStyleAttribute):
(WebCore::createFontElement):
(WebCore::ApplyStyleCommand::applyInlineStyleChange):

  • editing/EditingStyle.cpp:

(WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):

  • editing/Editor.cpp:

(WebCore::Editor::setBaseWritingDirection):

  • editing/ReplaceSelectionCommand.cpp:

(WebCore::isMailPasteAsQuotationNode):
(WebCore::isInlineNodeWithStyle):

  • editing/cocoa/DataDetection.mm:

(WebCore::DataDetection::detectContentInRange):

  • editing/htmlediting.cpp:

(WebCore::createTabSpanElement):

  • editing/ios/EditorIOS.mm:

(WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
(WebCore::Editor::WebContentReader::readURL):

  • editing/mac/EditorMac.mm:

(WebCore::Editor::WebContentReader::readURL):

  • editing/markup.cpp:

(WebCore::createFragmentFromText):

  • html/BaseButtonInputType.cpp:

(WebCore::BaseButtonInputType::setValue):

  • html/BaseCheckableInputType.cpp:

(WebCore::BaseCheckableInputType::setValue):

  • html/FTPDirectoryDocument.cpp:

(WebCore::FTPDirectoryDocumentParser::appendEntry):
(WebCore::FTPDirectoryDocumentParser::createTDForFilename):
(WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
(WebCore::FTPDirectoryDocumentParser::createBasicDocument):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::href):
(WebCore::HTMLAnchorElement::setHref):
(WebCore::HTMLAnchorElement::target):

  • html/HTMLAreaElement.cpp:

(WebCore::HTMLAreaElement::target):

  • html/HTMLBaseElement.cpp:

(WebCore::HTMLBaseElement::setHref):

  • html/HTMLButtonElement.cpp:

(WebCore::HTMLButtonElement::setType):

  • html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
(WebCore::HTMLDetailsElement::toggleOpen):

  • html/HTMLDocument.cpp:

(WebCore::HTMLDocument::setBgColor):
(WebCore::HTMLDocument::setFgColor):
(WebCore::HTMLDocument::setAlinkColor):
(WebCore::HTMLDocument::setLinkColor):
(WebCore::HTMLDocument::setVlinkColor):

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::setDir):
(WebCore::HTMLElement::setContentEditable):
(WebCore::HTMLElement::setDraggable):
(WebCore::HTMLElement::setSpellcheck):
(WebCore::HTMLElement::setTranslate):

  • html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::setFormEnctype):
(WebCore::HTMLFormControlElement::setFormMethod):
(WebCore::HTMLFormControlElement::setAutocorrect):
(WebCore::HTMLFormControlElement::setAutocapitalize):
(WebCore::HTMLFormControlElement::setAutocomplete):

  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::setAutocorrect):
(WebCore::HTMLFormElement::setAutocapitalize):
(WebCore::HTMLFormElement::setAction):
(WebCore::HTMLFormElement::setEnctype):
(WebCore::HTMLFormElement::setMethod):
(WebCore::HTMLFormElement::target):

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::width):
(WebCore::HTMLImageElement::height):
(WebCore::HTMLImageElement::setSrc):

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::setType):
(WebCore::HTMLInputElement::updateType):
(WebCore::HTMLInputElement::altText):
(WebCore::HTMLInputElement::setDefaultValue):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::href):
(WebCore::HTMLLinkElement::target):
(WebCore::HTMLLinkElement::type):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setSrc):
(WebCore::HTMLMediaElement::setPreload):

  • html/HTMLMeterElement.cpp:

(WebCore::HTMLMeterElement::min):
(WebCore::HTMLMeterElement::setMin):
(WebCore::HTMLMeterElement::max):
(WebCore::HTMLMeterElement::setMax):
(WebCore::HTMLMeterElement::value):
(WebCore::HTMLMeterElement::setValue):
(WebCore::HTMLMeterElement::low):
(WebCore::HTMLMeterElement::setLow):
(WebCore::HTMLMeterElement::high):
(WebCore::HTMLMeterElement::setHigh):
(WebCore::HTMLMeterElement::optimum):
(WebCore::HTMLMeterElement::setOptimum):

  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::containsJavaApplet):

  • html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::createForJSConstructor):
(WebCore::HTMLOptionElement::setValue):
(WebCore::HTMLOptionElement::setLabel):

  • html/HTMLProgressElement.cpp:

(WebCore::HTMLProgressElement::setValue):
(WebCore::HTMLProgressElement::setMax):

  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::typeAttributeValue):

  • html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::setMultiple):

  • html/HTMLSourceElement.cpp:

(WebCore::HTMLSourceElement::setSrc):
(WebCore::HTMLSourceElement::media):
(WebCore::HTMLSourceElement::setMedia):
(WebCore::HTMLSourceElement::type):
(WebCore::HTMLSourceElement::setType):

  • html/HTMLTableSectionElement.cpp:

(WebCore::HTMLTableSectionElement::setAlign):
(WebCore::HTMLTableSectionElement::setCh):
(WebCore::HTMLTableSectionElement::chOff):
(WebCore::HTMLTableSectionElement::setChOff):
(WebCore::HTMLTableSectionElement::setVAlign):

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):

  • html/HTMLVideoElement.cpp:

(WebCore::HTMLVideoElement::imageSourceURL):

  • html/HiddenInputType.cpp:

(WebCore::HiddenInputType::restoreFormControlState):
(WebCore::HiddenInputType::setValue):

  • html/MediaDocument.cpp:

(WebCore::MediaDocumentParser::createDocumentStructure):
(WebCore::MediaDocument::replaceMediaElementTimerFired):

  • html/PluginDocument.cpp:

(WebCore::PluginDocumentParser::createDocumentStructure):

  • html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::createAutoFillButton):
(WebCore::TextFieldInputType::updateAutoFillButton):

  • html/parser/HTMLTreeBuilder.cpp:

(WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):

  • html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlClosedCaptionsContainerElement::create):
(WebCore::MediaControlTimelineElement::create):
(WebCore::MediaControlPanelVolumeSliderElement::create):
(WebCore::MediaControlFullscreenVolumeSliderElement::create):

  • html/shadow/TextControlInnerElements.cpp:

(WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):

  • html/shadow/mac/ImageControlsButtonElementMac.cpp:

(WebCore::ImageControlsButtonElementMac::tryCreate):

  • html/shadow/mac/ImageControlsRootElementMac.cpp:

(WebCore::ImageControlsRootElement::tryCreate):

  • html/track/WebVTTElement.cpp:

(WebCore::WebVTTElement::createEquivalentHTMLElement):

  • html/track/WebVTTParser.cpp:

(WebCore::WebVTTTreeBuilder::constructTreeFromToken):

  • inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::buildObjectForFrame):

  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::toggle):

  • page/PageSerializer.cpp:

(WebCore::PageSerializer::serializeFrame):

  • rendering/RenderDetailsMarker.cpp:

(WebCore::RenderDetailsMarker::isOpen):

  • rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::updateFromElement):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::setXmlbase):

  • svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::setContentScriptType):
(WebCore::SVGSVGElement::setContentStyleType):

  • svg/SVGStyleElement.cpp:

(WebCore::SVGStyleElement::setMedia):
(WebCore::SVGStyleElement::setTitle):

Source/WebKit/mac:

  • WebView/WebHTMLRepresentation.mm:

(matchLabelsAgainstElement):

Source/WebKit/win:

  • DOMHTMLClasses.cpp:

(DOMHTMLElement::idName):

Source/WebKit2:

  • WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::PDFPlugin::PDFPlugin):

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::createPasswordEntryForm):

  • WebProcess/Plugins/PDF/PDFPluginAnnotation.mm:

(WebKit::PDFPluginAnnotation::attach):

  • WebProcess/Plugins/PDF/PDFPluginChoiceAnnotation.mm:

(WebKit::PDFPluginChoiceAnnotation::createAnnotationElement):

2:34 PM Changeset in webkit [203301] by Chris Dumez
  • 9 edits in trunk/Source/WebCore

Modernize StaticNodeList / StaticElementList
https://bugs.webkit.org/show_bug.cgi?id=159831

Reviewed by Ryosuke Niwa.

Modernize StaticNodeList / StaticElementList. Pass vector to adopt
as an rvalue reference instead of a non-const reference.

  • bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::namedItems):

  • dom/ChildListMutationScope.cpp:

(WebCore::ChildListMutationAccumulator::enqueueMutationRecord):

  • dom/MutationRecord.cpp:
  • dom/SelectorQuery.cpp:

(WebCore::SelectorDataList::queryAll):

  • dom/StaticNodeList.h:
  • dom/WebKitNamedFlow.cpp:

(WebCore::WebKitNamedFlow::getRegionsByContent):
(WebCore::WebKitNamedFlow::getRegions):
(WebCore::WebKitNamedFlow::getContent):

  • svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):

  • testing/Internals.cpp:

(WebCore::Internals::nodesFromRect):

2:18 PM Changeset in webkit [203300] by Brent Fulgham
  • 3 edits
    3 adds in trunk

Block insecure script running in a data: frame when the top-level page is HTTPS
https://bugs.webkit.org/show_bug.cgi?id=125806
<rdar://problem/27331825>

Reviewed by Brady Eidson.

Fix based on a Blink change (patch by <tsepez@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>

Source/WebCore:

Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
before allowing insecure scripts to be used.

LayoutTests:

  • http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt: Added.
  • http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html: Added.
  • http/tests/security/mixedContent/resources/frame-with-data-url-frame-with-script.html: Added.
2:17 PM Changeset in webkit [203299] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.
https://bugs.webkit.org/show_bug.cgi?id=159828

Reviewed by Saam Barati.

Otherwise, we'll have a use after free. This issue was caught when running an
ASan debug build of testapi.

  • tools/FunctionOverrides.cpp:

(JSC::parseClause):

2:01 PM Changeset in webkit [203298] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Let the compiler generate QualifiedName copy constructor and assignment operator
https://bugs.webkit.org/show_bug.cgi?id=159826

Reviewed by Alex Christensen.

Let the compiler generate QualifiedName copy constructor and assignment operator
as our custom implementation does nothing special. This also makes QualifiedName
movable as the compiler is now able to generate the move constructor / assignment
operator as well.

  • dom/QualifiedName.h:

(WebCore::QualifiedName::QualifiedName): Deleted.
(WebCore::QualifiedName::operator=): Deleted.

1:58 PM Changeset in webkit [203297] by keith_miller@apple.com
  • 9 edits
    1 add in trunk/Source/JavaScriptCore

%TypedArray%.prototype.indexOf is coercing non-integers or non-floats to numbers wrongly
https://bugs.webkit.org/show_bug.cgi?id=159400

Reviewed by Geoffrey Garen.

This patch fixes coercion of non-numbers in indexOf/lastIndexOf.
Additionally, this patch fixes an issue with includes where it
would not check that the buffer remained non-neutered after
calling the toInteger() function. Lastly, some extra release
asserts have been added in some places to inform us of any issues
in the future.

Additionally, this patch changes bool toNativeFromDouble to
Optional<Type> toNativeFromDoubleWithoutCoercion. This makes it a
little clearer what the function does and also removes the return
argument. The only behavior change is that the function no longer
coerces non-numbers into numbers. That behavior was unused (maybe
unintended), however.

  • runtime/JSGenericTypedArrayView.h:

(JSC::JSGenericTypedArrayView::toAdaptorNativeFromValueWithoutCoercion):
(JSC::JSGenericTypedArrayView::sort):
(JSC::JSGenericTypedArrayView::toAdaptorNativeFromValue): Deleted.

  • runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewProtoFuncCopyWithin):
(JSC::genericTypedArrayViewProtoFuncIncludes):
(JSC::genericTypedArrayViewProtoFuncIndexOf):
(JSC::genericTypedArrayViewProtoFuncLastIndexOf):

  • runtime/ToNativeFromValue.h:

(JSC::toNativeFromValueWithoutCoercion):
(JSC::toNativeFromValue): Deleted.

  • runtime/TypedArrayAdaptors.h:

(JSC::IntegralTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
(JSC::IntegralTypedArrayAdaptor::toNativeFromUint32WithoutCoercion):
(JSC::IntegralTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
(JSC::FloatTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
(JSC::FloatTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
(JSC::Uint8ClampedAdaptor::toNativeFromInt32WithoutCoercion):
(JSC::Uint8ClampedAdaptor::toNativeFromDoubleWithoutCoercion):
(JSC::IntegralTypedArrayAdaptor::toNativeFromInt32): Deleted.
(JSC::IntegralTypedArrayAdaptor::toNativeFromUint32): Deleted.
(JSC::IntegralTypedArrayAdaptor::toNativeFromDouble): Deleted.
(JSC::FloatTypedArrayAdaptor::toNativeFromInt32): Deleted.
(JSC::FloatTypedArrayAdaptor::toNativeFromDouble): Deleted.
(JSC::Uint8ClampedAdaptor::toNativeFromInt32): Deleted.
(JSC::Uint8ClampedAdaptor::toNativeFromDouble): Deleted.

  • tests/stress/resources/typedarray-test-helper-functions.js:
  • tests/stress/typedarray-functions-with-neutered.js:

(callWithArgs):

  • tests/stress/typedarray-includes.js: Added.
  • tests/stress/typedarray-indexOf.js:
  • tests/stress/typedarray-lastIndexOf.js:
1:56 PM Changeset in webkit [203296] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebKit2

Disable custom elements in Safari Tech Preview
https://bugs.webkit.org/show_bug.cgi?id=159829

Reviewed by Chris Dumez.

Disable custom elements API in Safari Technology Preview. Our implementation is so out of sync
with the latest spec that it's actively harmful to have this feature enabled.

  • Shared/WebPreferencesDefinitions.h:
1:42 PM Changeset in webkit [203295] by dino@apple.com
  • 3 edits in trunk/Source/WebKit2

Full screen ePub embedded video is playing on 1/4 screen, cut off
https://bugs.webkit.org/show_bug.cgi?id=159737
<rdar://problem/26259404>

Patch by Jer Noble <jer.noble@apple.com> on 2016-07-15
Reviewed by Tim Horton.

Set the fixedLayoutSize to CGSizeZero when disabling fixed layout due to the
WebView not supporting arbitrary layout modes, and reset to the saved value
when the view does begin supporting arbitrary layout modes.

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::setFixedLayoutSize):
(WebKit::WebViewImpl::updateSupportsArbitraryLayoutModes):

1:19 PM Changeset in webkit [203294] by tonikitoo@webkit.org
  • 3 edits in trunk/Source/WebCore

ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
https://bugs.webkit.org/show_bug.cgi?id=159825

Patch introduces a (private) method to ScrollView
to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.

Patch by Antonio Gomes <tonikitoo@igalia.com> on 2016-07-15
Reviewed by Simon Fraser.

No new tests needed.

  • platform/ScrollView.cpp:

(WebCore::ScrollView::setHasScrollbarInternal):
(WebCore::ScrollView::setHasHorizontalScrollbar):
(WebCore::ScrollView::setHasVerticalScrollbar):

  • platform/ScrollView.h:
1:03 PM Changeset in webkit [203293] by Csaba Osztrogonác
  • 3 edits in trunk/Source/JavaScriptCore

Add new functions to ARMAssembler after r202214
https://bugs.webkit.org/show_bug.cgi?id=159713

Reviewed by Saam Barati.

  • assembler/ARMAssembler.h:

(JSC::ARMAssembler::fillNops):

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::patchableBranch32):
(JSC::MacroAssemblerARM::internalCompare32):

12:38 PM Changeset in webkit [203292] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping test from r203288 on ios-simulator due to reliance upon mouse events.
https://bugs.webkit.org/show_bug.cgi?id=159818

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
12:27 PM Changeset in webkit [203291] by Jon Davis
  • 2 edits in trunk/Websites/webkit.org

Fixed content overflow and missing build information behavior.
https://bugs.webkit.org/show_bug.cgi?id=159820

Reviewed by Timothy Hatcher.

  • wp-content/themes/webkit/nightly-start.php:
12:01 PM Changeset in webkit [203290] by timothy@apple.com
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Make Open Quickly and Goto Line dialogs match Xcode 8
https://bugs.webkit.org/show_bug.cgi?id=159823
rdar://problem/27376501

Reviewed by Brian Burg.

  • UserInterface/Views/GoToLineDialog.css:

(.go-to-line-dialog):
(.go-to-line-dialog > div > input):
(.go-to-line-dialog > div > input::placeholder):
(.go-to-line-dialog > div > img):
(.go-to-line-dialog > div): Deleted.

  • UserInterface/Views/OpenResourceDialog.css:

(.open-resource-dialog):
(.open-resource-dialog > .field):
(.open-resource-dialog > .field > input):
(.open-resource-dialog > .field > input::placeholder):
(.open-resource-dialog > .field > img):
(.open-resource-dialog > .tree-outline .item): Deleted.
(.open-resource-dialog > .tree-outline .item:first-child): Deleted.

11:47 AM Changeset in webkit [203289] by fred.wang@free.fr
  • 17 edits in trunk

MathOperator: Improve alignment for vertical size variant
https://bugs.webkit.org/show_bug.cgi?id=158866

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

Source/WebCore:

The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
In the latter case, the assembly is adjusted to match the stretch ascent and descent
requested by the callers. But in the former case the glyph ascent and descent are used
instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
callers do the vertical alignment they want. This improves the rendering of fences with some
math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.

Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html

  • rendering/mathml/MathOperator.cpp:

(WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
function with only the targetSize as a parameter.

  • rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
(WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
the shift necessary to align the baseline of the MathOperator instance with the one of the
RenderMathMLOperator.
(WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.

  • rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
  • rendering/mathml/RenderMathMLRoot.cpp:

(WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
of the radical with the overbar so we do not need to adjust baseline alignment here.

LayoutTests:

We import the latest version of mo-axis-height-1.html and update the expectation now that we
pass the two cases (size variant and glyph assembly). We also rebaseline some pixel tests.

  • imported/mathml-in-html5/fonts/math/axisheight5000-verticalarrow14000.woff: Updated.
  • imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1-expected.txt: Updated to expect PASS.
  • imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html: Updated to include the two tests.
  • platform/gtk/mathml/opentype/vertical-expected.png: Rebaseline to take into account better alignment of size variant.
  • platform/gtk/mathml/opentype/vertical-expected.txt: Ditto.
  • platform/gtk/mathml/presentation/mo-stretch-expected.png: Ditto.
  • platform/gtk/mathml/presentation/mo-stretch-expected.txt: Ditto.
  • platform/ios-simulator/mathml/opentype/opentype-stretchy-expected.txt: Ditto.
  • platform/ios-simulator/mathml/presentation/mo-stretch-expected.txt: Ditto.
  • platform/mac/mathml/opentype/opentype-stretchy-expected.txt: Ditto.
  • platform/mac/mathml/presentation/mo-stretch-expected.txt: Ditto.
11:39 AM Changeset in webkit [203288] by beidson@apple.com
  • 3 edits
    2 adds in trunk

WebKit should prevent push/replace state with username in URL.
<rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/security/history-username-password.html

  • page/History.cpp:

(WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.

LayoutTests:

  • http/tests/security/history-username-password-expected.txt: Added.
  • http/tests/security/history-username-password.html: Added.
11:33 AM Changeset in webkit [203287] by Ryan Haddad
  • 10 edits
    52 deletes in trunk

Unreviewed, rolling out r203266.

This change caused editing/deleting/delete-emoji.html to time
out on El Capitan, crash under GuardMalloc

Reverted changeset:

"Support new emoji group candidates"
https://bugs.webkit.org/show_bug.cgi?id=159755
http://trac.webkit.org/changeset/203266

11:31 AM Changeset in webkit [203286] by mark.lam@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Stack overflow error for deeply nested classes.
https://bugs.webkit.org/show_bug.cgi?id=157086

Reviewed by Geoffrey Garen.

Changed the StructureStubClearingWatchpoint destructor to iteratively destruct
its chain of next StructureStubClearingWatchpoints instead of recursively doing
so.

The added deep-StructureStubClearingWatchpoint-destructor-recursion.js test
produces a crash before the fix is applied, but takes about 14 minutes to run.
Hence, it is skipped.

  • bytecode/StructureStubClearingWatchpoint.cpp:

(JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):

  • tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js: Added.
11:30 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr
(diff)
11:24 AM Changeset in webkit [203285] by fred.wang@free.fr
  • 11 edits
    2 adds in trunk

Source/WebCore:
Move parsing of mfrac attributes into a MathMLFractionElement class
https://bugs.webkit.org/show_bug.cgi?id=159624

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
the members in updateLayoutParameters are actually only used in layoutBlock and could be
removed in a follow-up patch. We also improve the resolution of negative line thickness value
since the MathML recommendation says it should be rounded up to the nearest valid
value (which is zero) instead of ignoring the attribute and using the line thickness.

No new tests, already covered by existing tests.

  • CMakeLists.txt: Add MathMLFractionElement.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • mathml/MathMLAllInOne.cpp: Ditto.
  • mathml/MathMLFractionElement.cpp: Added.

(WebCore::MathMLFractionElement::MathMLFractionElement):
(WebCore::MathMLFractionElement::create):
(WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
or fallback to the general parseMathMLLength for MathML lengths.
(WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
parsing it again if it is dirty.
(WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
(WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
(WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
(WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.

  • mathml/MathMLFractionElement.h: Added.
  • mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.

(WebCore::MathMLInlineContainerElement::createElementRenderer):

  • mathml/mathtags.in: Use MathMLFractionElement for mfrac.
  • rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
layout parameters, replacing updateFromElement. We no longer parse and store the alignment
values here. We also change the resolution of negative values.
(WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
(WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
updateFromElement. The numerator and denominator alignments are resolved here.
(WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
attribute is now handled in MathMLFractionElement.
(WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
handled in MathMLFractionElement.
(WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.

  • rendering/mathml/RenderMathMLFraction.h: Update declarations.

LayoutTests:
Move parsing of mfrac attributes into a MathMLFractionElementClass
https://bugs.webkit.org/show_bug.cgi?id=159624

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

We update the expectation for negative linethickness. As indicated in the MathML
recommendation, it should be rounded up to the nearest valid value, which is 0.

  • mathml/presentation/mfrac-linethickness2.html: Update the comment to reflect the new behavior.
  • mathml/presentation/mfrac-linethickness2-expected.html: Use 0px as the reference for negative values.
11:06 AM Changeset in webkit [203284] by Jon Davis
  • 2 edits in trunk/Tools

Changed the start page URL for WebKit Nightly builds.
https://bugs.webkit.org/show_bug.cgi?id=159816

Reviewed by Timothy Hatcher.

  • WebKitLauncher/start.html:
10:41 AM Changeset in webkit [203283] by Brent Fulgham
  • 1 edit
    2 adds in trunk/LayoutTests

Merge InlineBidiResolver end-of-line Blink test case
https://bugs.webkit.org/show_bug.cgi?id=126201
<rdar://problem/27331789>

Test case is from the Blink change (patch by <igor.o@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/d34ca9bbbdf71905d61aa45def30063311508a64>

  • fast/text/international/bidi-crash-reached-end-of-line-expected.txt: Added.
  • fast/text/international/bidi-crash-reached-end-of-line.html: Added.
10:35 AM Changeset in webkit [203282] by Brent Fulgham
  • 1 edit
    2 adds in trunk/LayoutTests

Merge Blink test case
https://bugs.webkit.org/show_bug.cgi?id=123870

Patch is from the Blink change (patch by <morritaw@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/2abd63ccea97b1fcf25b337c76f12e6ad1bfc025>

  • fast/dom/mutation-details-focus-expected.txt: Added.
  • fast/dom/mutation-details-focus.html: Added.
10:30 AM Changeset in webkit [203281] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Updating TestExpectations after r203267
https://bugs.webkit.org/show_bug.cgi?id=159817

Unreviewed test gardening.

10:03 AM Changeset in webkit [203280] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
https://bugs.webkit.org/show_bug.cgi?id=159783

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
index is nonzero. This behavior is not expected by the MathML code and we have had crashes
in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.

No new tests, this only makes null pointer checks stronger.

  • rendering/mathml/MathOperator.cpp:

(WebCore::boundsForGlyph):
(WebCore::advanceWidthForGlyph):
(WebCore::MathOperator::getBaseGlyph):
(WebCore::MathOperator::setSizeVariant):
(WebCore::MathOperator::fillWithVerticalExtensionGlyph):
(WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
(WebCore::MathOperator::paintVerticalGlyphAssembly):
(WebCore::MathOperator::paintHorizontalGlyphAssembly):
(WebCore::MathOperator::paint):

  • rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::computePreferredLogicalWidths):

  • rendering/mathml/RenderMathMLToken.cpp:

(WebCore::RenderMathMLToken::computePreferredLogicalWidths):
(WebCore::RenderMathMLToken::firstLineBaseline):
(WebCore::RenderMathMLToken::layoutBlock):
(WebCore::RenderMathMLToken::paint):
(WebCore::RenderMathMLToken::paintChildren):

9:51 AM Changeset in webkit [203279] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Add DejaVu Math TeX Gyre to the list of math fonts.
https://bugs.webkit.org/show_bug.cgi?id=159805

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
list of font-families in mathml.css in order to increase the chance to find a math font.

No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.

  • css/mathml.css:

(math):

9:48 AM Changeset in webkit [203278] by commit-queue@webkit.org
  • 3 edits
    41 adds in trunk/LayoutTests

Import more tests from the MathML in HTML5 test suite
https://bugs.webkit.org/show_bug.cgi?id=159715

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-15
Reviewed by Brent Fulgham.

  • imported/mathml-in-html5/fonts/math/lineheight5000-typolineheight2300.woff: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/scripts/subsup-5-expected.txt: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/scripts/subsup-5.html: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/spaces/space-1-expected.txt: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/spaces/space-1.html: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/spaces/space-2-expected.html: Added.
  • imported/mathml-in-html5/mathml/presentation-markup/spaces/space-2.html: Added.
  • imported/mathml-in-html5/mathml/relations/css-styling/color-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/css-styling/color-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/css-styling/visibility-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/css-styling/visibility-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/class-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/class-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/class-2-expected.txt: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/class-2.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/color-attributes-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/color-attributes-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/display-1-expected.txt: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/display-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/dynamic-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/dynamic-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-2-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-2.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-3-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/integration-point-3.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/namespace-1-expected.txt: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/namespace-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/required-extensions-1-expected.txt: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/required-extensions-1.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/required-extensions-2-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/required-extensions-2.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/unique-identifier-2-expected.txt: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/unique-identifier-2.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/unique-identifier-3-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/html5-tree/unique-identifier-3.html: Added.
  • imported/mathml-in-html5/mathml/relations/text-and-math/use-typo-metrics-1-expected.html: Added.
  • imported/mathml-in-html5/mathml/relations/text-and-math/use-typo-metrics-1.html: Added.
  • platform/ios-simulator/TestExpectations: Mark use-typo-metrics-1.html as failing.
  • platform/mac/TestExpectations: Ditto.
9:42 AM Changeset in webkit [203277] by eric.carlson@apple.com
  • 5 edits in trunk

[MSE] Increase the SourceBuffer "fudge factor"
https://bugs.webkit.org/show_bug.cgi?id=159813
<rdar://problem/27372033>

Reviewed by Jon Lee.
Source/WebCore:

Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
math, and the error accumulation results in small gaps in the media timeline. r202641
increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
out that at least one large provider has a significant amount of content encoded with
up to two 24fps frames.

No new tests, updated media/media-source/media-source-small-gap.html.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.

LayoutTests:

  • media/media-source/media-source-small-gap-expected.txt:
  • media/media-source/media-source-small-gap.html:
9:11 AM MathML edited by fred.wang@free.fr
(diff)
9:06 AM MathML/Fonts edited by fred.wang@free.fr
Add DejaVu font (diff)
7:52 AM Changeset in webkit [203276] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

Fix expectations in test262.yaml
https://bugs.webkit.org/show_bug.cgi?id=159810

Reviewed by Keith Miller.

  • tests/test262.yaml:
5:46 AM Changeset in webkit [203275] by commit-queue@webkit.org
  • 53 edits in trunk/Source/WebCore

Add final keyword to WebCore/svg classes
https://bugs.webkit.org/show_bug.cgi?id=159802

Patch by Rawinder Singh <rawinder.singh-webkit@cisra.canon.com.au> on 2016-07-15
Reviewed by Youenn Fablet.

Updated classes in the WebCore/svg directory to be marked as final where appropriate.

  • svg/SVGException.h:
  • svg/SVGLengthList.h:
  • svg/SVGMatrix.h:
  • svg/SVGNumberList.h:
  • svg/SVGPaint.h:
  • svg/SVGPathBuilder.h:
  • svg/SVGPathByteStreamBuilder.h:
  • svg/SVGPathByteStreamSource.h:
  • svg/SVGPathSegArcAbs.h:
  • svg/SVGPathSegArcRel.h:
  • svg/SVGPathSegClosePath.h:
  • svg/SVGPathSegCurvetoCubicAbs.h:
  • svg/SVGPathSegCurvetoCubicRel.h:
  • svg/SVGPathSegCurvetoCubicSmoothAbs.h:
  • svg/SVGPathSegCurvetoCubicSmoothRel.h:
  • svg/SVGPathSegCurvetoQuadraticAbs.h:
  • svg/SVGPathSegCurvetoQuadraticRel.h:
  • svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
  • svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
  • svg/SVGPathSegLinetoAbs.h:
  • svg/SVGPathSegLinetoHorizontalAbs.h:
  • svg/SVGPathSegLinetoHorizontalRel.h:
  • svg/SVGPathSegLinetoRel.h:
  • svg/SVGPathSegLinetoVerticalAbs.h:
  • svg/SVGPathSegLinetoVerticalRel.h:
  • svg/SVGPathSegListBuilder.h:
  • svg/SVGPathSegListSource.h:
  • svg/SVGPathSegMovetoAbs.h:
  • svg/SVGPathSegMovetoRel.h:
  • svg/SVGPathStringSource.h:
  • svg/SVGPathTraversalStateBuilder.h:
  • svg/SVGPointList.h:
  • svg/SVGRenderingIntent.h:
  • svg/SVGStringList.h:
  • svg/SVGTRefElement.cpp:
  • svg/SVGToOTFFontConversion.cpp:
  • svg/SVGTransformList.h:
  • svg/SVGUnitTypes.h:
  • svg/SVGViewSpec.h:
  • svg/SVGZoomEvent.h:
  • svg/animation/SMILTimeContainer.h:
  • svg/animation/SVGSMILElement.cpp:
  • svg/graphics/filters/SVGFEImage.h:
  • svg/graphics/filters/SVGFilter.h:
  • svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
  • svg/properties/SVGAnimatedPropertyTearOff.h:
  • svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
  • svg/properties/SVGMatrixTearOff.h:
  • svg/properties/SVGPathSegListPropertyTearOff.h:
  • svg/properties/SVGStaticListPropertyTearOff.h:
  • svg/properties/SVGStaticPropertyTearOff.h:
  • svg/properties/SVGTransformListPropertyTearOff.h:
5:38 AM Changeset in webkit [203274] by pvollan@apple.com
  • 5 edits
    1 add in trunk

Uninitialized variable in DIBPixelData can cause a dangerous memory write
https://bugs.webkit.org/show_bug.cgi?id=159414

Reviewed by Brent Fulgham.

Source/WebCore:

Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
fails to do so, because the bitmap handle is invalid.

Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp

  • platform/graphics/win/DIBPixelData.cpp:

(WebCore::DIBPixelData::initialize): Initialize local variable.
(WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.

  • platform/graphics/win/DIBPixelData.h: Link fix.

Tools:

Add test to check that DIBPixelData::setRGBABitmapAlpha does not cause a crash
when the HDC parameter is invalid.

  • TestWebKitAPI/PlatformWin.cmake:
  • TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp: Added.

(TestWebKitAPI::TEST):

3:21 AM Changeset in webkit [203273] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WTF

Revert r202560 to fix the ARMv7 build with ARM instruction set
https://bugs.webkit.org/show_bug.cgi?id=159707

Reviewed by Carlos Garcia Campos.

2:43 AM Changeset in webkit [203272] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

[ARM] Disable Inline Caching on ARMv7 traditional until proper fix
https://bugs.webkit.org/show_bug.cgi?id=159759

Reviewed by Saam Barati.

  • jit/Repatch.cpp:

(JSC::forceICFailure):

2:25 AM Changeset in webkit [203271] by Carlos Garcia Campos
  • 5 edits
    1 copy
    1 add in trunk/Tools

[GTK] Add basic tabs support to MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=159803

Reviewed by Sergio Villar Senin.

It's quite common to have issues with web views loaded in secondary tabs, and we need to use an external browser
like epiphany to debug those issues. It would be a lot easier to work on those bugs if we could use the MiniBrowser.

  • MiniBrowser/gtk/BrowserTab.c: Added.

(titleChanged):
(isLoadingChanged):
(decidePolicy):
(removeChildIfInfoBar):
(loadChanged):
(createInfoBarQuestionMessage):
(tlsErrorsDialogResponse):
(loadFailedWithTLSerrors):
(permissionRequestDialogResponse):
(decidePermissionRequest):
(colorChooserRGBAChanged):
(popoverColorClosed):
(colorChooserRequestFinished):
(runColorChooserCallback):
(inspectorOpenedInWindow):
(inspectorClosed):
(browserTabSetProperty):
(browserTabFinalize):
(browser_tab_init):
(browserTabConstructed):
(browser_tab_class_init):
(getInternalURI):
(browser_tab_new):
(browser_tab_get_web_view):
(browser_tab_load_uri):
(browser_tab_get_title_widget):
(browser_tab_set_status_text):
(browser_tab_toggle_inspector):
(browser_tab_start_search):
(browser_tab_stop_search):
(browser_tab_add_accelerators):
(fullScreenMessageTimeoutCallback):
(browser_tab_enter_fullscreen):
(browser_tab_leave_fullscreen):

  • MiniBrowser/gtk/BrowserTab.h: Added.
  • MiniBrowser/gtk/BrowserWindow.c:

(getExternalURI):
(browserWindowSetStatusText):
(reloadOrStopCallback):
(goBackCallback):
(goForwardCallback):
(settingsCallback):
(webViewURIChanged):
(browserWindowHistoryItemActivated):
(browserWindowUpdateNavigationActions):
(webViewCreate):
(webViewEnterFullScreen):
(webViewLeaveFullScreen):
(webViewDecidePolicy):
(browserWindowCanZoomIn):
(browserWindowCanZoomOut):
(browserWindowZoomIn):
(browserWindowZoomOut):
(scrollEventCallback):
(faviconChanged):
(webViewIsLoadingChanged):
(defaultZoomCallback):
(searchCallback):
(newTabCallback):
(toggleWebInspector):
(reloadPage):
(reloadPageIgnoringCache):
(stopPageLoad):
(loadHomePage):
(editingCommandCallback):
(insertImageCommandCallback):
(insertLinkCommandCallback):
(browserWindowSetupEditorToolbar):
(browserWindowSwitchTab):
(browserWindowTabAddedOrRemoved):
(browser_window_init):
(browserWindowConstructed):
(browserWindowSaveSession):
(browserWindowDeleteEvent):
(browser_window_new):
(browser_window_append_view):
(browser_window_load_uri):
(browser_window_load_session):
(browser_window_set_background_color):
(resetStatusText): Deleted.
(activateUriEntryCallback): Deleted.
(webViewTitleChanged): Deleted.
(resetEntryProgress): Deleted.
(browserWindowCreateBackForwardMenu): Deleted.
(webViewReadyToShow): Deleted.
(webViewLoadFailed): Deleted.
(webViewMouseTargetChanged): Deleted.
(browserWindowUpdateZoomActions): Deleted.
(webViewZoomLevelChanged): Deleted.
(updateUriEntryIcon): Deleted.
(zoomInCallback): Deleted.
(zoomOutCallback): Deleted.
(toggleFullScreen): Deleted.
(browserWindowEditingCommandToggleButtonSetActive): Deleted.
(browserWindowFinalize): Deleted.
(browser_window_class_init): Deleted.

  • MiniBrowser/gtk/BrowserWindow.h:
  • MiniBrowser/gtk/CMakeLists.txt:
  • MiniBrowser/gtk/main.c:

(createBrowserTab):
(aboutURISchemeRequestCallback):
(main):
(parseBackgroundColor): Deleted.

Jul 14, 2016:

11:03 PM Changeset in webkit [203270] by keith_miller@apple.com
  • 1 edit
    24089 adds in trunk/Source/JavaScriptCore

Add Test262 test files and yaml

Rubber Stamped by Benjamin Poulain.

This patch adds all the test262 test files and the yaml that drives
run-jsc-stress-tests.

  • tests/test262.yaml: Added. Yaml file to drive the test262 test suite with our driver.
  • tests/test262/LICENSE: Added. License for the test262 test suite.
  • tests/test262/harness/: Added. Harness directory for the test262 tests.
  • tests/test262/test/: Added. Directory with all the actual test files.
10:49 PM Changeset in webkit [203269] by yoav@yoav.ws
  • 7 edits in trunk

Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
https://bugs.webkit.org/show_bug.cgi?id=159666

Reviewed by Michael Catanzaro.

Source/WebCore:

Tests:

fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html

  • css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
  • css/CSSParser.cpp:

(WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.

  • css/CSSParser.h:

LayoutTests:

Added a test to make sure that an invalid source-size value is skipped, but the next one is properly picked.

  • fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt:
  • fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html:
9:59 PM Changeset in webkit [203268] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Return the correct value from Heap::externalMemorySize
https://bugs.webkit.org/show_bug.cgi?id=159797
<rdar://problem/27362446>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-07-14
Reviewed by Timothy Hatcher.

  • heap/Heap.h:

(JSC::Heap::externalMemorySize):
We should have been returning m_externalMemorySize which is a subset
of m_extraMemorySize. In practice the difference can be small. A major
difference in "extra memory size" may be from deprecated memory size
and array buffer sizes.

8:56 PM Changeset in webkit [203267] by tonikitoo@webkit.org
  • 8 edits
    6 adds in trunk

[RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
https://bugs.webkit.org/show_bug.cgi?id=158252

Patch by Antonio Gomes <tonikitoo@igalia.com> on 2016-07-14
Reviewed by Myles C. Maxfield.

Source/WebCore:

When the 'dir' attribute changes either on body or on the document
element level, the associated FrameView does not trigger an update on
the frame level vertical scrollbar.

Patch adds a 'hook' so that RenderBox::styleDidChange can call in
order to get the document level scrollbar placed properly in the next
layout.

Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html

fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html

  • page/FrameView.cpp:

(WebCore::FrameView::topContentDirectionDidChange):

  • page/FrameView.h:
  • rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

LayoutTests:

  • fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html: Added.
  • fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-expected.txt: Added.
  • fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html: Added.
  • fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2-expected.html: Added.
  • fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html: Added.
  • fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement-expected.txt: Added.
8:11 PM Changeset in webkit [203266] by mmaxfield@apple.com
  • 10 edits
    52 adds in trunk

Support new emoji group candidates
https://bugs.webkit.org/show_bug.cgi?id=159755
<rdar://problem/27325521>

Reviewed by Dean Jackson.

Source/WebCore:

There are a few code points which should be able to be joined (with ZWJ) to
either U+2640 or U+2642 to change the gender of the emoji. These patterns
should also work with an additional 0xFE0F variation selector. This patch
adds these new patterns to our existing emoji group candidate infrastructure.

Tests: fast/text/emoji-gender-2-3.html

fast/text/emoji-gender-2-4.html
fast/text/emoji-gender-2-5.html
fast/text/emoji-gender-2-6.html
fast/text/emoji-gender-2-7.html
fast/text/emoji-gender-2-8.html
fast/text/emoji-gender-2-9.html
fast/text/emoji-gender-2.html
fast/text/emoji-gender-3.html
fast/text/emoji-gender-4.html
fast/text/emoji-gender-5.html
fast/text/emoji-gender-6.html
fast/text/emoji-gender-7.html
fast/text/emoji-gender-8.html
fast/text/emoji-gender-9.html
fast/text/emoji-gender-fe0f-3.html
fast/text/emoji-gender-fe0f-4.html
fast/text/emoji-gender-fe0f-5.html
fast/text/emoji-gender-fe0f-6.html
fast/text/emoji-gender-fe0f-7.html
fast/text/emoji-gender-fe0f-8.html
fast/text/emoji-gender-fe0f-9.html
fast/text/emoji-gender.html
fast/text/emoji-num-glyphs.html
fast/text/emoji-single-parent-family-2.html
fast/text/emoji-single-parent-family.html

  • platform/graphics/mac/ComplexTextControllerCoreText.mm:

(WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.

  • platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::characterRangeCodePath):

  • platform/text/CharacterProperties.h:

(WebCore::isEmojiGroupCandidate):

Source/WTF:

This patch doesn't update the rules for our cursor movement iterator, because
I don't know the language used for implementing these rules. These rules will
be updated in the near future. When they do,
editing/deleting/delete-emoji-expected.txt will need to be updated.

  • wtf/text/TextBreakIterator.cpp:

(WTF::cursorMovementIterator):

LayoutTests:

Because this patch doesn't update the rules for our cursor movement
iterator, the new expected result for editing/deleting/delete-emoji.html
expects incorrect results. In the patch where we update these rules,
the expected result should also be updated.

Because these new emoji require system support, TestExpectations has
been updated to mark the tests as failing until the system support has
been added.

  • TestExpectations:
  • editing/deleting/delete-emoji-expected.txt:
  • editing/deleting/delete-emoji.html:
  • fast/text/emoji-gender-2-3-expected.html: Added.
  • fast/text/emoji-gender-2-3.html: Added.
  • fast/text/emoji-gender-2-4-expected.html: Added.
  • fast/text/emoji-gender-2-4.html: Added.
  • fast/text/emoji-gender-2-5-expected.html: Added.
  • fast/text/emoji-gender-2-5.html: Added.
  • fast/text/emoji-gender-2-6-expected.html: Added.
  • fast/text/emoji-gender-2-6.html: Added.
  • fast/text/emoji-gender-2-7-expected.html: Added.
  • fast/text/emoji-gender-2-7.html: Added.
  • fast/text/emoji-gender-2-8-expected.html: Added.
  • fast/text/emoji-gender-2-8.html: Added.
  • fast/text/emoji-gender-2-9-expected.html: Added.
  • fast/text/emoji-gender-2-9.html: Added.
  • fast/text/emoji-gender-2-expected-mismatch.html: Added.
  • fast/text/emoji-gender-2.html: Added.
  • fast/text/emoji-gender-3-expected.html: Added.
  • fast/text/emoji-gender-3.html: Added.
  • fast/text/emoji-gender-4-expected.html: Added.
  • fast/text/emoji-gender-4.html: Added.
  • fast/text/emoji-gender-5-expected.html: Added.
  • fast/text/emoji-gender-5.html: Added.
  • fast/text/emoji-gender-6-expected.html: Added.
  • fast/text/emoji-gender-6.html: Added.
  • fast/text/emoji-gender-7-expected.html: Added.
  • fast/text/emoji-gender-7.html: Added.
  • fast/text/emoji-gender-8-expected.html: Added.
  • fast/text/emoji-gender-8.html: Added.
  • fast/text/emoji-gender-9-expected.html: Added.
  • fast/text/emoji-gender-9.html: Added.
  • fast/text/emoji-gender-expected-mismatch.html: Added.
  • fast/text/emoji-gender-fe0f-3-expected.html: Added.
  • fast/text/emoji-gender-fe0f-3.html: Added.
  • fast/text/emoji-gender-fe0f-4-expected.html: Added.
  • fast/text/emoji-gender-fe0f-4.html: Added.
  • fast/text/emoji-gender-fe0f-5-expected.html: Added.
  • fast/text/emoji-gender-fe0f-5.html: Added.
  • fast/text/emoji-gender-fe0f-6-expected.html: Added.
  • fast/text/emoji-gender-fe0f-6.html: Added.
  • fast/text/emoji-gender-fe0f-7-expected.html: Added.
  • fast/text/emoji-gender-fe0f-7.html: Added.
  • fast/text/emoji-gender-fe0f-8-expected.html: Added.
  • fast/text/emoji-gender-fe0f-8.html: Added.
  • fast/text/emoji-gender-fe0f-9-expected.html: Added.
  • fast/text/emoji-gender-fe0f-9.html: Added.
  • fast/text/emoji-gender.html: Added.
  • fast/text/emoji-num-glyphs-expected.txt: Added.
  • fast/text/emoji-num-glyphs.html: Added.
  • fast/text/emoji-single-parent-family-2-expected-mismatch.html: Added.
  • fast/text/emoji-single-parent-family-2.html: Added.
  • fast/text/emoji-single-parent-family-expected-mismatch.html: Added.
  • fast/text/emoji-single-parent-family.html: Added.
7:31 PM Changeset in webkit [203265] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
https://bugs.webkit.org/show_bug.cgi?id=159799
<rdar://problem/27346959>

Reviewed by Myles Maxfield.

Speculative fix for this crash, which seems to happen when asking for the Node's
renderer(). From the incoming crash logs, it is triggered by mutations on
a <picture> or <img> element, which would require choosing a new source,
and causing some media queries to evaluate.

The only place in MediaQueryEvaluator that has anything to do with
renderers is when gathering up some style information to pass to the
actual evaluation function. I put a guard against a missing documentElement
in there.

  • css/MediaQueryEvaluator.cpp:

(WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
null.

7:17 PM Changeset in webkit [203264] by commit-queue@webkit.org
  • 55 edits in trunk/Source/WebCore

Update HTML*Element class override methods in final classes
https://bugs.webkit.org/show_bug.cgi?id=159456

Patch by Rawinder Singh <rawinder.singh-webkit@cisra.canon.com.au> on 2016-07-14
Reviewed by Youenn Fablet.

Update HTML*Element classes so that overriden methods in final classes are marked final.
Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.

  • html/HTMLAppletElement.h:
  • html/HTMLAreaElement.h:
  • html/HTMLAttachmentElement.h:
  • html/HTMLAudioElement.h:
  • html/HTMLBRElement.h:
  • html/HTMLBaseElement.h:
  • html/HTMLBodyElement.h:
  • html/HTMLButtonElement.h:
  • html/HTMLCanvasElement.h:
  • html/HTMLDataElement.h:
  • html/HTMLDetailsElement.h:
  • html/HTMLDivElement.h:
  • html/HTMLEmbedElement.h:
  • html/HTMLFieldSetElement.h:
  • html/HTMLFontElement.h:
  • html/HTMLFormElement.h:
  • html/HTMLFrameSetElement.h:
  • html/HTMLHRElement.h:
  • html/HTMLHtmlElement.h:
  • html/HTMLKeygenElement.h:
  • html/HTMLLIElement.h:
  • html/HTMLLabelElement.h:
  • html/HTMLLegendElement.h:
  • html/HTMLLinkElement.h:
  • html/HTMLMapElement.h:
  • html/HTMLMarqueeElement.h:
  • html/HTMLMetaElement.h:
  • html/HTMLMeterElement.h:
  • html/HTMLModElement.h:
  • html/HTMLOListElement.h:
  • html/HTMLObjectElement.h:
  • html/HTMLOptGroupElement.h:
  • html/HTMLOptionElement.h:
  • html/HTMLOutputElement.h:
  • html/HTMLParagraphElement.h:
  • html/HTMLParamElement.h:
  • html/HTMLPreElement.h:
  • html/HTMLProgressElement.h:
  • html/HTMLQuoteElement.h:
  • html/HTMLScriptElement.h:
  • html/HTMLSourceElement.h:
  • html/HTMLStyleElement.h:
  • html/HTMLSummaryElement.h:
  • html/HTMLTableCaptionElement.h:
  • html/HTMLTableColElement.h:
  • html/HTMLTableElement.h:
  • html/HTMLTableSectionElement.h:
  • html/HTMLTemplateElement.h:
  • html/HTMLTextAreaElement.h:
  • html/HTMLTitleElement.h:
  • html/HTMLUListElement.h:
  • html/HTMLUnknownElement.h:
  • html/HTMLVideoElement.h:
  • html/HTMLWBRElement.h:
7:11 PM Changeset in webkit [203263] by sbarati@apple.com
  • 8 edits in trunk

It should be a syntax error to have a 'use strict' directive inside a function that has a non-simple parameter list
https://bugs.webkit.org/show_bug.cgi?id=159790
<rdar://problem/27171636>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Is is a syntax error for a function's parameter list to be non-simple
and for the function to also contain a 'use strict' directive.

See section 14.2.1 of the spec:
https://tc39.github.io/ecma262/#sec-arrow-function-definitions-static-semantics-early-errors

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseSourceElements):
(JSC::Parser<LexerType>::parseFormalParameters):

  • parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::strictMode):
(JSC::Scope::isValidStrictMode):
(JSC::Scope::shadowsArguments):
(JSC::Scope::setHasNonSimpleParameterList):
(JSC::Scope::hasNonSimpleParameterList):
(JSC::Scope::copyCapturedVariablesToVector):

LayoutTests:

  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:
7:07 PM Changeset in webkit [203262] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Modernize GlyphMetricsMap
https://bugs.webkit.org/show_bug.cgi?id=159788

Reviewed by Darin Adler.

Modernize GlyphMetricsMap a bit.

  • platform/graphics/GlyphMetricsMap.h:
  • Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having to having a std::unique_ptr data member.
  • Drop GlyphMetricsMap default constructor and let the compiler generate it instead. This required using inline initialization for m_filledPrimaryPage.

(WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):

  • Make m_metrics data member private as it does not need to be public.
  • Make setMetricsForIndex(unsigned index, const T& metrics) setter private as it does not need to be public.
  • Make GlyphMetricsPage(const T& initialValue) constructor explicit as it takes only 1 parameter.

(WebCore::GlyphMetricsMap<T>::locatePageSlowCase):

  • Use HashMap::ensure() to make the code a bit nicer.
6:46 PM Changeset in webkit [203261] by Simon Fraser
  • 5 edits
    5 adds in trunk

[iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
https://bugs.webkit.org/show_bug.cgi?id=159798
rdar://problem/27362717

Reviewed by Tim Horton.
Source/WebCore:

In out-of-visible tiled layers, we always allocated the top-left tile, wasting
memory and causing ugliness when scrolling that layer into view. This happened
because getTileIndexRangeForRect() had no way to express the fact that no tiles
should be created.

Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
return value.

Test: compositing/tiling/offscreen-tiled-layer.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::dumpAdditionalProperties):

  • platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::setNeedsDisplayInRect):
(WebCore::TileGrid::tilesWouldChangeForCoverageRect):
(WebCore::TileGrid::getTileIndexRangeForRect):
(WebCore::TileGrid::revalidateTiles):
(WebCore::TileGrid::ensureTilesForRect):
(WebCore::TileGrid::extent):

  • platform/graphics/ca/TileGrid.h:

LayoutTests:

Test with an offscreen tiled layer.

  • compositing/tiling/offscreen-tiled-layer-expected.txt: Added.
  • compositing/tiling/offscreen-tiled-layer.html: Added.
  • platform/ios-simulator-wk1/compositing/tiling/offscreen-tiled-layer-expected.txt: Added.
  • platform/ios-simulator-wk2/compositing/tiling/offscreen-tiled-layer-expected.txt: Added.
  • platform/mac-wk1/compositing/tiling/offscreen-tiled-layer-expected.txt: Added.
5:52 PM Changeset in webkit [203260] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping editing/spelling/copy-paste-crash.html on ios-simulator.
https://bugs.webkit.org/show_bug.cgi?id=142969

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
5:39 PM Changeset in webkit [203259] by Brent Fulgham
  • 1 edit
    4 adds in trunk/LayoutTests

Merge Blink test case
https://bugs.webkit.org/show_bug.cgi?id=117422

Patch is from a set of Blink changes (patches by <leviw@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/507e1576555bd2ce6688206f28339c25761893b1>
<https://chromium.googlesource.com/chromium/blink/+/4c95872f52340cf0cf9a2a7078bb63a94f38d302>

  • fast/list/list-style-position-inside-expected.txt: Added.
  • fast/list/list-style-position-inside.html: Added.
  • fast/sub-pixel/float-list-inside-expected.txt: Added.
  • fast/sub-pixel/float-list-inside.html: Added.
5:10 PM Changeset in webkit [203258] by wilander@apple.com
  • 3 edits
    2 adds in trunk

Remove credentials in URL when accessed through location.href
https://bugs.webkit.org/show_bug.cgi?id=139562
<rdar://problem/27331164>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/security/location-href-clears-username-password.html

The reason for this change is to not allow scripts on the page to
exfiltrate username and password from the URL.

  • page/Location.cpp:

(WebCore::Location::href):

Now checks if there is a username or password in the URL. If so,
it copies the URL and removes the username and password.

LayoutTests:

The reason for this change is to not allow scripts on the page to
exfiltrate username and password from the URL.

  • http/tests/security/location-href-clears-username-password-expected.txt: Added.
  • http/tests/security/location-href-clears-username-password.html: Added.

Test case adapted from https://src.chromium.org/viewvc/blink?revision=189367&view=revision.

5:00 PM Changeset in webkit [203257] by commit-queue@webkit.org
  • 4 edits in trunk

Allow RefPtrs of const RefCounted types
https://bugs.webkit.org/show_bug.cgi?id=158269

Patch by Alex Christensen <achristensen@webkit.org> on 2016-07-14
Reviewed by Anders Carlsson.

Source/WTF:

  • wtf/RefCounted.h:

(WTF::RefCountedBase::ref):
(WTF::RefCountedBase::~RefCountedBase):
(WTF::RefCountedBase::derefBase):
(WTF::RefCounted::deref):
Creating references to a const object does not really modify the object,
so everything in RefCounted is now mutable, and ref and deref are const.

Tools:

  • TestWebKitAPI/Tests/WTF/RefPtr.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI::ConstRefCounted::create):
(TestWebKitAPI::returnConstRefCountedRef):
(TestWebKitAPI::returnRefCountedRef):

4:46 PM Changeset in webkit [203256] by Jon Davis
  • 4 edits in trunk/Websites/webkit.org

Improved WebKit Nightly start page design.
https://bugs.webkit.org/show_bug.cgi?id=159780

Reviewed by Timothy Hatcher.

Added better 404 handling, improved presentation of the
start page and new Apache rewrites for the P1 bug list.

  • .htaccess:
  • wp-content/themes/webkit/functions.php:
  • wp-content/themes/webkit/nightly-start.php:
4:45 PM Changeset in webkit [203255] by Brent Fulgham
  • 1 edit
    2 adds in trunk/LayoutTests

Merge Blink test case
https://bugs.webkit.org/show_bug.cgi?id=116507

Patch is from a Blink change (patch by <ojan@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/6598fc75a7260643ecfc42856ef24bcf96380443>

  • compositing/iframes/crash-mouse-event-expected.txt: Added.
  • compositing/iframes/crash-mouse-event.html: Added.
4:38 PM Changeset in webkit [203254] by commit-queue@webkit.org
  • 7 edits
    1 copy in trunk/Source/WebInspectorUI

Web Inspector: Rename CCTNode to CallingContextTreeNode
https://bugs.webkit.org/show_bug.cgi?id=159782

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-07-14
Reviewed by Timothy Hatcher.

  • UserInterface/Models/CallingContextTree.js:
  • UserInterface/Models/CallingContextTreeNode.js:

Extra to its own file and rename.

  • UserInterface/Main.html:
  • UserInterface/Test.html:
  • UserInterface/TestStub.html:

Include the new file.

  • UserInterface/Views/ProfileDataGridNode.js:

(WebInspector.ProfileDataGridNode):

  • UserInterface/Views/ProfileDataGridTree.js:

(WebInspector.ProfileDataGridTree.prototype._updateCurrentFocusDetails):
Rename shorthand "cctnode".

4:37 PM Changeset in webkit [203253] by Matt Baker
  • 9 edits in trunk/Source/WebInspectorUI

Web Inspector: SidebarPanel classes should use View.layout instead of "refresh"
https://bugs.webkit.org/show_bug.cgi?id=159745
<rdar://problem/27335252>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/ApplicationCacheDetailsSidebarPanel.js:

(WebInspector.ApplicationCacheDetailsSidebarPanel.prototype.set applicationCacheFrame):
Use needsLayout.

  • UserInterface/Views/CSSStyleDetailsSidebarPanel.js:

(WebInspector.CSSStyleDetailsSidebarPanel.prototype.layout):
Move refresh logic to layout.
(WebInspector.CSSStyleDetailsSidebarPanel.prototype.initialLayout):
(WebInspector.CSSStyleDetailsSidebarPanel.prototype._styleSheetAddedOrRemoved):
Defer layout to coalesce updates.
(WebInspector.CSSStyleDetailsSidebarPanel):
(WebInspector.CSSStyleDetailsSidebarPanel.prototype.refresh): Deleted.

  • UserInterface/Views/DOMDetailsSidebarPanel.js:

(WebInspector.DOMDetailsSidebarPanel.prototype.set domNode):
Use needsLayout.

  • UserInterface/Views/DOMNodeDetailsSidebarPanel.js:

Move refresh logic to layout.

  • UserInterface/Views/DetailsSidebarPanel.js:

(WebInspector.DetailsSidebarPanel.prototype.shown): Deleted.
Base class already forces a layout when shown.
(WebInspector.DetailsSidebarPanel.prototype.needsRefresh): Deleted.
No longer needed.
(WebInspector.DetailsSidebarPanel.prototype.refresh): Deleted.
Renamed layout.
(WebInspector.DetailsSidebarPanel): Deleted.

  • UserInterface/Views/LayerTreeDetailsSidebarPanel.js:

(WebInspector.LayerTreeDetailsSidebarPanel.prototype.supportsDOMNode):
(WebInspector.LayerTreeDetailsSidebarPanel.prototype._layerTreeDidChange):
Use needsLayout.
(WebInspector.LayerTreeDetailsSidebarPanel.prototype.shown):
Base class already forces a layout when shown.

  • UserInterface/Views/ResourceDetailsSidebarPanel.js:

(WebInspector.ResourceDetailsSidebarPanel.prototype.set resource):
Use needsLayout.

  • UserInterface/Views/ScopeChainDetailsSidebarPanel.js:

(WebInspector.ScopeChainDetailsSidebarPanel):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype.set callFrame):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._addWatchExpression):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._removeWatchExpression):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._clearAllWatchExpressions):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._refreshAllWatchExpressionsButtonClicked):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._didEvaluateExpression):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._mainResourceDidChange):
Use needsLayout.

4:33 PM Changeset in webkit [203252] by jfernandez@igalia.com
  • 4 edits in trunk/Source/WebCore

[css-grid] Handle min-content/max-content with orthogonal flows
https://bugs.webkit.org/show_bug.cgi?id=159294

Reviewed by Darin Adler.

Currently there is no support for orthogonal flows in many aspects of the
Grid Layout logic.

The Grid sizing algorithm should be adapted to this scenario, hence this
patch focus on the min-content and max-content functions, used to resolve
content based track sizes.

There are still issues related to alignment and sizes using percentages,
but they will be addressed in different patches.

Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html

fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeLogicalWidthInRegion):

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::GridSizingData::advanceNextState):
(WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
(WebCore::RenderGrid::computeTrackSizesForDirection):
(WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
(WebCore::RenderGrid::layoutBlock):
(WebCore::RenderGrid::computeIntrinsicLogicalWidths):
(WebCore::RenderGrid::computeIntrinsicLogicalHeight):
(WebCore::hasOverrideContainingBlockContentSizeForChild):
(WebCore::overrideContainingBlockContentSizeForChild):
(WebCore::setOverrideContainingBlockContentSizeForChild):
(WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
(WebCore::RenderGrid::gridTrackSize):
(WebCore::RenderGrid::isOrthogonalChild): Added.
(WebCore::RenderGrid::logicalHeightForChild):
(WebCore::RenderGrid::flowAwareDirectionForChild): Added.
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::layoutPositionedObject):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
(WebCore::RenderGrid::gridAreaBreadthForChild):
(WebCore::RenderGrid::columnAxisPositionForChild):
(WebCore::RenderGrid::rowAxisPositionForChild):
(WebCore::RenderGrid::findChildLogicalPosition):

  • rendering/RenderGrid.h:

(WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
(WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
(WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
(WebCore::RenderGrid::logicalHeightForChild):
(WebCore::RenderGrid::gridAreaBreadthForChild):
(WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):

4:21 PM Changeset in webkit [203251] by Ryan Haddad
  • 14 edits in trunk/Source/WebKit2

Unreviewed, rolling out r203248.

This change causes LayoutTests to crash and exit early

Reverted changeset:

"Use more Refs with WorkQueues"
https://bugs.webkit.org/show_bug.cgi?id=159792
http://trac.webkit.org/changeset/203248

4:17 PM Changeset in webkit [203250] by Chris Dumez
  • 25 edits in trunk/Source

Use emptyString() instead of "" when possible
https://bugs.webkit.org/show_bug.cgi?id=159789

Reviewed by Alex Christensen.

Use emptyString() instead of "" when possible to reduce String allocations.

Source/WebCore:

  • Modules/webdatabase/Database.cpp:

(WebCore::Database::performOpenAndVerify):

  • css/CSSSelector.h:
  • css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::removeProperty):
(WebCore::MutableStyleProperties::removeCustomProperty):

  • editing/TextCheckingHelper.cpp:

(WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
(WebCore::TextCheckingHelper::findFirstBadGrammar):

  • editing/TypingCommand.h:

(WebCore::TypingCommand::create):

  • fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::cleanup):

  • inspector/InspectorStyleSheet.cpp:

(WebCore::fillMediaListChain):

  • page/UserContentURLPattern.cpp:

(WebCore::UserContentURLPattern::parse):

  • platform/graphics/MediaPlayer.cpp:

(WebCore::MediaPlayer::load):

  • platform/gtk/DataObjectGtk.h:

(WebCore::DataObjectGtk::clearURIList):

  • platform/network/curl/ResourceHandleCurl.cpp:

(WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):

  • platform/network/curl/ResourceHandleManager.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::layerTreeAsText):

  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::updateContent):

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::noneDashboardRegions):

  • rendering/svg/SVGTextMetrics.cpp:

(WebCore::SVGTextMetrics::SVGTextMetrics):

  • xml/XPathParser.cpp:

(WebCore::XPath::Parser::lexString):

Source/WebKit/cf:

  • WebCoreSupport/WebInspectorClientCF.cpp:

(populateSetting):

Source/WebKit/win:

  • Plugins/PluginView.cpp:

(WebCore::parseRFC822HeaderFields):

Source/WebKit2:

  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::pasteboardChangedOwner):

  • WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:

(WebKit::parseRFC822HeaderFields):
(WebKit::NPN_Status):

4:15 PM Changeset in webkit [203249] by Brent Fulgham
  • 4 edits
    2 adds in trunk

editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc
https://bugs.webkit.org/show_bug.cgi?id=142969
<rdar://problem/27331095>

Reviewed by Alex Christensen.

Fix based on a Blink change (patch by <rouslan@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>

Source/WebCore:

Test: editing/spelling/copy-paste-crash.html

editing/spelling/spellcheck-async.html

  • editing/SpellChecker.cpp:

(WebCore::SpellCheckRequest::didSucceed):
(WebCore::SpellCheckRequest::didCancel):

LayoutTests:

  • editing/spelling/copy-paste-crash-expected.txt: Added.
  • editing/spelling/copy-paste-crash.html: Added.
  • platform/platform/mac-wk2/TestExpectations: Skip test on mac-wk2 since all Spelling tests are

currently broken (see <https://webkit.org/b/105616>).

4:04 PM Changeset in webkit [203248] by achristensen@apple.com
  • 14 edits in trunk/Source/WebKit2

Use more Refs with WorkQueues
https://bugs.webkit.org/show_bug.cgi?id=159792

Reviewed by Brady Eidson.

  • NetworkProcess/CustomProtocols/CustomProtocolManager.h:
  • Platform/IPC/Connection.cpp:

(IPC::Connection::setShouldExitOnSyncMessageSendFailure):
(IPC::Connection::addWorkQueueMessageReceiver):

  • Platform/IPC/Connection.h:
  • Shared/mac/SecItemShim.cpp:

(WebKit::SecItemShim::initializeConnection):

  • UIProcess/Storage/LocalStorageDatabaseTracker.cpp:

(WebKit::LocalStorageDatabaseTracker::create):
(WebKit::LocalStorageDatabaseTracker::LocalStorageDatabaseTracker):

  • UIProcess/Storage/LocalStorageDatabaseTracker.h:
  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::StorageArea::openDatabaseAndImportItemsIfNeeded):
(WebKit::StorageManager::StorageManager):

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::processWillOpenConnection):
(WebKit::WebResourceLoadStatisticsStore::processDidCloseConnection):

  • UIProcess/mac/SecItemShimProxy.cpp:

(WebKit::SecItemShimProxy::initializeConnection):
(WebKit::SecItemShimProxy::secItemRequest):

  • WebProcess/Plugins/PluginProcessConnectionManager.cpp:

(WebKit::PluginProcessConnectionManager::initializeConnection):
(WebKit::PluginProcessConnectionManager::getPluginProcessConnection):

  • WebProcess/WebPage/EventDispatcher.cpp:

(WebKit::EventDispatcher::initializeConnection):
(WebKit::EventDispatcher::wheelEvent):

  • WebProcess/WebPage/ViewUpdateDispatcher.cpp:

(WebKit::ViewUpdateDispatcher::initializeConnection):
(WebKit::ViewUpdateDispatcher::visibleContentRectUpdate):

3:14 PM Changeset in webkit [203247] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Remove duplicate TestExpectations entry.

Unreviewed test gardening.

  • platform/mac/TestExpectations:
3:05 PM Changeset in webkit [203246] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
https://bugs.webkit.org/show_bug.cgi?id=159784

Reviewed by Simon Fraser.

No change in functionality.

  • platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::ImageBuffer):

2:52 PM Changeset in webkit [203245] by timothy@apple.com
  • 6 edits in trunk/Source/WebKit2

Web Automation: FrameNotFound errors happen a lot for the main frame
https://bugs.webkit.org/show_bug.cgi?id=159777
rdar://problem/27224628

Send both pageID and frameID, and have the WebProcess side resolve the
mainFrame from 0 based on the known pageID. This avoids a race waiting
for the DidCreateMainFrame message.

Reviewed by Brian Burg.

  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::webFrameIDForHandle):
(WebKit::WebAutomationSession::switchToBrowsingContext):
(WebKit::WebAutomationSession::evaluateJavaScriptFunction):
(WebKit::WebAutomationSession::resolveChildFrameHandle):
(WebKit::WebAutomationSession::resolveParentFrameHandle):
(WebKit::WebAutomationSession::computeElementLayout):
(WebKit::WebAutomationSession::getAllCookies):
(WebKit::WebAutomationSession::deleteSingleCookie):
(WebKit::WebAutomationSession::webFrameProxyForHandle): Deleted.
(WebKit::WebAutomationSession::webFrameIDForHandle): Added.

  • UIProcess/Automation/WebAutomationSession.h:
  • WebProcess/Automation/WebAutomationSessionProxy.cpp:

(WebKit::WebAutomationSessionProxy::evaluateJavaScriptFunction):
(WebKit::WebAutomationSessionProxy::resolveChildFrameWithOrdinal):
(WebKit::WebAutomationSessionProxy::resolveChildFrameWithNodeHandle):
(WebKit::WebAutomationSessionProxy::resolveChildFrameWithName):
(WebKit::WebAutomationSessionProxy::resolveParentFrame):
(WebKit::WebAutomationSessionProxy::focusFrame):
(WebKit::WebAutomationSessionProxy::computeElementLayout):
(WebKit::WebAutomationSessionProxy::takeScreenshot):
(WebKit::WebAutomationSessionProxy::getCookiesForFrame):
(WebKit::WebAutomationSessionProxy::deleteCookie):

  • WebProcess/Automation/WebAutomationSessionProxy.h:
  • WebProcess/Automation/WebAutomationSessionProxy.messages.in:
2:43 PM Changeset in webkit [203244] by achristensen@apple.com
  • 26 edits
    2 adds
    4 deletes in trunk/Source

Use SocketProvider to create SocketStreamHandles
https://bugs.webkit.org/show_bug.cgi?id=159774

Source/WebCore:

Reviewed by Brady Eidson.

No new tests. No change in behaviour.

In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
instead of a SocketStreamHandle, which is the class I want to make into an interface
and proxy the web traffic over to the NetworkProcess.

  • CMakeLists.txt:
  • Modules/websockets/ThreadableWebSocketChannel.cpp: Added.

(WebCore::ThreadableWebSocketChannel::create):
I removed this in 202930, so this is restoring it from that patch, hence the old copyright.

  • Modules/websockets/ThreadableWebSocketChannel.h:

(WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect):

  • Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::WebSocketChannel):
(WebCore::WebSocketChannel::connect):

  • Modules/websockets/WebSocketChannel.h:

(WebCore::WebSocketChannel::create):

  • Modules/websockets/WorkerThreadableWebSocketChannel.cpp:

(WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
(WebCore::WorkerThreadableWebSocketChannel::resume):
(WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
(WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):

  • Modules/websockets/WorkerThreadableWebSocketChannel.h:

(WebCore::WorkerThreadableWebSocketChannel::create):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::create):

  • WebCore.xcodeproj/project.pbxproj:
  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::overlayPage):

  • loader/EmptyClients.cpp:

(WebCore::EmptyEditorClient::registerRedoStep):
(WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.

  • loader/EmptyClients.h:
  • page/SocketProvider.cpp: Added.

(WebCore::SocketProvider::createSocketStreamHandle):

  • page/SocketProvider.h:

(WebCore::SocketProvider::~SocketProvider): Deleted.

  • platform/network/cf/SocketStreamHandle.h:
  • svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::dataChanged):

Source/WebKit:

Reviewed by Alex Christensen.

  • PlatformMac.cmake:
  • PlatformWin.cmake:
  • WebKit.xcodeproj/project.pbxproj:

Source/WebKit/mac:

Reviewed by Brady Eidson.

  • Misc/WebSocketProvider.h: Removed.
  • Misc/WebSocketProvider.mm: Removed.
  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):

Source/WebKit/win:

Reviewed by Brady Eidson.

  • WebSocketProvider.cpp: Removed.
  • WebSocketProvider.h: Removed.
  • WebView.cpp: Replaced WebSocketProvider with SocketProvider as we did in WebCore.

Source/WebKit2:

Reviewed by Brady Eidson.

  • WebProcess/Network/WebSocketProvider.cpp:

(WebKit::WebSocketProvider::createSocketStreamHandle):
(WebKit::WebSocketProvider::createWebSocketChannel): Deleted.

  • WebProcess/Network/WebSocketProvider.h:
2:42 PM Changeset in webkit [203243] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Maintain selected function when switching between different profile representations
https://bugs.webkit.org/show_bug.cgi?id=159778
<rdar://problem/27355913>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-07-14
Reviewed by Timothy Hatcher.

  • UserInterface/Models/CallingContextTree.js:

(WebInspector.CCTNode):
(WebInspector.CCTNode.prototype.get hash):
(WebInspector.CCTNode.prototype.findOrMakeChild):
(WebInspector.CCTNode.prototype.equals):
Expose the hash so two nodes can be compared cheaply.

  • UserInterface/Views/ProfileView.js:

(WebInspector.ProfileView.prototype._repopulateDataGridFromTree):
(WebInspector.ProfileView.prototype._restoreSharedState):
(WebInspector.ProfileView.prototype._dataGridNodeSelected):
Share data between multiple ProfileViews. Currently just remembering
and restoring the selected function.

  • UserInterface/Views/ScriptProfileTimelineView.js:

(WebInspector.ScriptProfileTimelineView):
(WebInspector.ScriptProfileTimelineView.prototype._showProfileViewForOrientation):
Include the shared data when constructing new ProfileViews.

2:39 PM Changeset in webkit [203242] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
https://bugs.webkit.org/show_bug.cgi?id=159776
<rdar://problem/22467100>

Reviewed by Tim Horton.

Potential null dereference under ViewGestureController::beginSwipeGesture() of:
m_webPageProxy.backForwardList().currentItem()

The client side is expected to call ViewGestureController::canSwipeInDirection() but
this only guarantees that the m_alternateBackForwardListSourceView's currentItem is
non-null when m_alternateBackForwardListSourceView is non-null. It does not guarantee
that m_webPageProxy's currentItem is non-null.

  • UIProcess/ios/ViewGestureControllerIOS.mm:

(WebKit::ViewGestureController::beginSwipeGesture):

2:15 PM Changeset in webkit [203241] by beidson@apple.com
  • 4 edits in trunk/Source/WebCore

"User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
https://bugs.webkit.org/show_bug.cgi?id=158741

Reviewed by Alex Christensen.

No new tests (Covered by existing tests in some configurations)

  • Check if a database hard delete is complete in more places.
  • Asynchronously clear out the hard close protector instead of synchronously.
  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
(WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
(WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
(WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
(WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
(WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
(WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

(WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):

  • Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:

(WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):

2:01 PM Changeset in webkit [203240] by Brent Fulgham
  • 4 edits in trunk/Source/WebCore

CSSStyleSheet members should clear their owner node when destroyed
https://bugs.webkit.org/show_bug.cgi?id=117470

Reviewed by Chris Dumez.

Make sure that CSSStyleSheet members are detached from their owner node when
the owning object is destroyed.

I audited other CSSStyleSheet uses, and found one other place where the owner node was not
being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
handle the node ownership properly.

Fix based on a Blink change (patch by <haraken@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>

Also includes a follow-up fix (patch by <haraken@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>

No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.

  • contentextensions/ContentExtensionStyleSheet.cpp:

(WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):

  • contentextensions/ContentExtensionStyleSheet.h:
  • dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
(WebCore::authorStyleSheetsForElement):

1:54 PM Changeset in webkit [203239] by ggaren@apple.com
  • 2 edits
    2 adds in trunk/Source/JavaScriptCore

ASSERTION FAILED: : this != replacement()
https://bugs.webkit.org/show_bug.cgi?id=159779

Reviewed by Michael Saboff.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison): If we jettison during GC, and our owner
is dead, we choose not to replace ourselves. (See
https://bugs.webkit.org/show_bug.cgi?id=159588.) So, it's possible to
invalidate and still be our owner's CodeBlock. Relax our ASSERT to allow
for this.

1:14 PM Changeset in webkit [203238] by Csaba Osztrogonác
  • 12 edits in trunk/Source

Fix the !ENABLE(WEB_SOCKETS) build after r202930
https://bugs.webkit.org/show_bug.cgi?id=159768

Reviewed by Alex Christensen.

Source/WebCore:

  • loader/EmptyClients.cpp:
  • loader/EmptyClients.h:
  • page/SocketProvider.h:
  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::WorkerGlobalScope):

  • workers/WorkerThread.cpp:

(WebCore::WorkerThread::WorkerThread):

Source/WebKit/mac:

  • Misc/WebSocketProvider.h:

Source/WebKit/win:

  • WebSocketProvider.h:

Source/WebKit2:

  • WebProcess/Network/WebSocketProvider.h:
12:46 PM Changeset in webkit [203237] by Brent Fulgham
  • 1 edit
    2 adds in trunk/LayoutTests

Add test to confirm we do not crash in media destruction
https://bugs.webkit.org/show_bug.cgi?id=122816

Test based on a Blink change (patch by <igor.o@sisa.samsung.com>):
<https://chromium.googlesource.com/chromium/blink/+/7a2b2dcefbc013003487d5055eeda7a57daafa93%5E%21/#F0>

We do not seem to have the bug that prompted the Chromium source change. Adding
test case to ensure we do not introduce this problem in the future.

  • editing/undo/audio-in-undo-stack-crash-expected.txt: Added.
  • editing/undo/audio-in-undo-stack-crash.html: Added.
12:45 PM Changeset in webkit [203236] by Chris Dumez
  • 3 edits in trunk/Source/WTF

Avoid an extra heap allocation when dispatching Functions to WorkQueue
https://bugs.webkit.org/show_bug.cgi?id=158367

Reviewed by Anders Carlsson.

Avoid an extra heap allocation when dispatching Functions to WorkQueue
by adding leakCallable() / adoptCallable() functions to Function.

  • wtf/Function.h:
  • wtf/cocoa/WorkQueueCocoa.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

12:32 PM Changeset in webkit [203235] by commit-queue@webkit.org
  • 4 edits
    1 add in trunk

DOMIterators should be assigned a correct prototype
https://bugs.webkit.org/show_bug.cgi?id=159115

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-14
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/headers/headers-basic.html: Updating test (changes to be upstreamed to w3c wpt repo)

Source/WebCore:

Default iterator object internal prototype property is the Iterator prototype as defined in
http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
Linking DOMIterator prototype to IteratorPrototype.
This allows adding @@iterator property to the result of entries, keys and values methods.
This in turns allow doing for-of loops on them.

Covered by updated test.

  • ForwardingHeaders/runtime/IteratorPrototype.h: Added.
  • bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
12:30 PM Changeset in webkit [203234] by commit-queue@webkit.org
  • 5 edits in trunk

Remove support for value iterators from JSDOMIterator
https://bugs.webkit.org/show_bug.cgi?id=159293

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-14
Reviewed by Chris Dumez.

Source/WebCore:

Value iterators are now handled without using DOMIterator.
Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
entries and forEach implementation should be made compliant with set-like.
This means that item value should be passed instead of an index in entries iterator and forEach callback.

Covered by updated test.

  • bindings/js/JSDOMIterator.h:

(WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
(WebCore::appendForEachArguments): Pass set item as second parameter.
(WebCore::iteratorForEach): Remove index handling.

LayoutTests:

  • fast/text/font-face-set-javascript-expected.txt:
  • fast/text/font-face-set-javascript.html:
12:29 PM Changeset in webkit [203233] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

Fix the !ENABLE(MATHML) build after r201739
https://bugs.webkit.org/show_bug.cgi?id=159767

Reviewed by Alex Christensen.

  • dom/Document.cpp:

(WebCore::Document::validateCustomElementName):

12:28 PM Changeset in webkit [203232] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

Fix the !ENABLE(CSS_IMAGE_SET) build
https://bugs.webkit.org/show_bug.cgi?id=159766

Reviewed by Alex Christensen.

  • css/CSSParser.cpp:
12:09 PM Changeset in webkit [203231] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Land test expectations for rdar://problem/27353750.

  • platform/mac/TestExpectations:
11:33 AM Changeset in webkit [203230] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

Possible crash under NavigationState::NavigationClient::processDidCrash()
https://bugs.webkit.org/show_bug.cgi?id=159773
<rdar://problem/19814215>

Reviewed by Anders Carlsson.

Add a m_navigationState.m_navigationDelegateMethods.webViewWebProcessDidCrash before
trying to call it to avoid crashing if the client does not implement it.

At the beginning of the method, we abort early only if both webViewWebContentProcessDidTerminate
and webViewWebProcessDidCrash are implemented. However, if webViewWebContentProcessDidTerminate
implemented but not webViewWebProcessDidCrash we can end up crashing as we fail to check later
on before trying to call it.

  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::NavigationClient::processDidCrash):

11:18 AM Changeset in webkit [203229] by mark.lam@apple.com
  • 5 edits
    1 add in trunk

JSONObject Walker::walk must save array length before processing array elements.
https://bugs.webkit.org/show_bug.cgi?id=153485

Reviewed by Darin Adler and Michael Saboff.

Source/JavaScriptCore:

According to https://tc39.github.io/ecma262/#sec-internalizejsonproperty,
JSON.parse() should cache the length of an array and use the cached length when
iterating array elements (see section 24.3.1.1 2.b.iii).

  • runtime/JSONObject.cpp:

(JSC::Walker::walk):

  • tests/stress/JSON-parse-should-cache-array-lengths.js: Added.

(toString):
(shouldBe):
(test):
(test2):

LayoutTests:

  • js/JSON-parse-reviver-expected.txt:
  • js/script-tests/JSON-parse-reviver.js:
  • Fixed a bug in arrayReviver() where it was setting the array length to 3, but was immediately returning a value from the reviver for index 3. This effectively forces array.length to 4. As a result, case 4 always failed silently, and case 5 never executed.
  • Added tracking of cases visited by the revivers so that they can be verified.
10:59 AM Changeset in webkit [203228] by fred.wang@free.fr
  • 26 edits in trunk/Source/WebCore

Cleanup of MathML headers
https://bugs.webkit.org/show_bug.cgi?id=159336

Reviewed by Alex Christensen.

We do some cleanup in MathML headers:

  • Use #pragma once
  • Use final for class that are not extended.
  • Use final instead of override for virtual members that are not overridden by derived classes.
  • Try and reduce the visibility of function members to private or protected as appropriate.
  • Remove useless #include
  • Remove useless class or friendship declaration
  • Remove unused functions

No new tests, behavior is unchanged.

  • mathml/MathMLElement.h:
  • mathml/MathMLInlineContainerElement.h:
  • mathml/MathMLMathElement.h:
  • mathml/MathMLMencloseElement.h:
  • mathml/MathMLOperatorDictionary.h:
  • mathml/MathMLPaddedElement.h:
  • mathml/MathMLSelectElement.h:
  • mathml/MathMLSpaceElement.h:
  • mathml/MathMLTextElement.h:
  • rendering/mathml/MathOperator.h:
  • rendering/mathml/RenderMathMLBlock.h:
  • rendering/mathml/RenderMathMLFenced.h:
  • rendering/mathml/RenderMathMLFraction.h:
  • rendering/mathml/RenderMathMLMath.h:
  • rendering/mathml/RenderMathMLMenclose.h:
  • rendering/mathml/RenderMathMLOperator.h:
  • rendering/mathml/RenderMathMLRoot.h:
  • rendering/mathml/RenderMathMLRow.cpp:

(WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.

  • rendering/mathml/RenderMathMLRow.h:
  • rendering/mathml/RenderMathMLScripts.h:
  • rendering/mathml/RenderMathMLSpace.h:
  • rendering/mathml/RenderMathMLToken.h:
  • rendering/mathml/RenderMathMLUnderOver.h:
10:50 AM Changeset in webkit [203227] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

Fix the DatabaseProcess build with disabled IDB
https://bugs.webkit.org/show_bug.cgi?id=159769

Reviewed by Alex Christensen.

  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didClose):

10:38 AM Changeset in webkit [203226] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[mips] Handle properly unaligned halfword load
https://bugs.webkit.org/show_bug.cgi?id=153226

Patch by Julien Brianceau <jbriance@cisco.com> on 2016-07-14
Reviewed by Michael Catanzaro.

Waiting for the kernel to silently fix-up unaligned accesses is
not efficient, so let's provide an implementation of load16Unaligned
in mips macro assembler.

Performance improvement seen with SunSpider's regexp-dna test.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::load16Unaligned):
(JSC::MacroAssemblerMIPS::load32WithUnalignedHalfWords):

10:26 AM Changeset in webkit [203225] by achristensen@apple.com
  • 6 edits in trunk/Source/WebCore

Pass SessionID to WebSocketHandle constructor
https://bugs.webkit.org/show_bug.cgi?id=159772

Reviewed by Brady Eidson.

No new tests. No change in behavior.

  • Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::connect):

  • platform/network/cf/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):

  • platform/network/cf/SocketStreamHandleCFNet.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):

  • platform/network/curl/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):

  • platform/network/soup/SocketStreamHandle.h:
8:48 AM Changeset in webkit [203224] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
https://bugs.webkit.org/show_bug.cgi?id=159346

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2016-07-14
Reviewed by Antonio Gomes.

This is a follow up of r203216 to fix wrong use of Optional values.

  • platform/linux/MemoryPressureHandlerLinux.cpp:
5:33 AM Changeset in webkit [203223] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

[ThreadedCompositor] Build fails in debug mode after r202040
https://bugs.webkit.org/show_bug.cgi?id=159757

Patch by Hyunjun Ko <Hyunjun Ko> on 2016-07-14
Reviewed by Michael Catanzaro.

Debug mode build failed due to call getter method, which is
removed, in ASSERT().

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::glContext): Deleted.
(WebKit::ThreadedCompositor::didChangeVisibleRect): Deleted.
(WebKit::ThreadedCompositor::renderLayerTree): Deleted.

4:16 AM Changeset in webkit [203222] by commit-queue@webkit.org
  • 13 edits
    15 adds in trunk

DOM value iterable interfaces should use Array prototype methods
https://bugs.webkit.org/show_bug.cgi?id=159296

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-14
Reviewed by Chris Dumez and Mark Lam.

Source/JavaScriptCore:

  • JavaScriptCore.xcodeproj/project.pbxproj: Marking some header files as private so that they can be included in

WebCore.

  • runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation): copying iterable methods (entries, forEach, keys and values) to private slots.

Source/WebCore:

Test: fast/dom/NodeList/nodelist-iterable.html
Also covered by updated layout test and binding tests.

For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
[re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
[re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
[re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
[re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
[re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.

This change applies only to NodeList at the moment.
Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.

  • CMakeLists.txt:
  • ForwardingHeaders/builtins/BuiltinNames.h: Added.
  • ForwardingHeaders/builtins/JSCBuiltins.h: Added.
  • ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSDOMIterator.cpp: Added.

(WebCore::addValueIterableMethods): Copy iterator methods from array prototype.

  • bindings/js/JSDOMIterator.h:
  • bindings/scripts/CodeGeneratorJS.pm:

(GeneratePropertiesHashTable):
(GenerateImplementation):
(IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
(IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
(GenerateImplementationIterableFunctions):

  • bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
  • bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
  • bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
  • bindings/scripts/test/JS/JSTestIterable.cpp: Added.
  • bindings/scripts/test/JS/JSTestIterable.h: Added.
  • bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
  • bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
  • bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
  • bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
  • bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.

Array prototype methods should not be copied.

  • bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).

Array prototype methods should be copied.

LayoutTests:

  • fast/dom/nodeListIterator-expected.txt:
  • fast/dom/nodeListIterator.html:
  • fast/dom/NodeList/nodelist-iterable-expected.txt: Added.
  • fast/dom/NodeList/nodelist-iterable.html: Added.
3:14 AM Changeset in webkit [203221] by commit-queue@webkit.org
  • 11 edits
    3 adds in trunk

[Fetch API] Request and Response url getter should use URL serialization
https://bugs.webkit.org/show_bug.cgi?id=159705

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-14
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/basic/response-url-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/response-url-worker-expected.txt: Added.
  • web-platform-tests/fetch/api/basic/response-url-worker.html: Added.
  • web-platform-tests/fetch/api/basic/response-url.html: Added.
  • web-platform-tests/fetch/api/basic/response-url.js: Added.

(checkResponseURL):

  • web-platform-tests/fetch/api/request/request-init-003.sub-expected.txt:
  • web-platform-tests/fetch/api/request/request-init-003.sub.html:

Source/WebCore:

Tests: fetch/fetch-url-serialization.html

imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/response-url.html

Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
information in the URL itself.

Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
Tests do not check for URLs with username and password as Request constructor throws with such URLs.

  • Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::url): Adding request url serialization, fragment included.

  • Modules/fetch/FetchRequest.h:
  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.

  • Modules/fetch/FetchResponse.h:
  • platform/URL.cpp:

(WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
(WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.

  • platform/URL.h:

(WebCore::URL::hasUser): Helper getter.
(WebCore::URL::hasPassword): Ditto.
(WebCore::URL::hasQuery): Ditto.
(WebCore::URL::hasFragment): Ditto.

LayoutTests:

  • fetch/fetch-url-serialization-expected.txt: Added.
  • fetch/fetch-url-serialization.html: Added.
  • fetch/fetch-urls.json: Added.
1:36 AM Changeset in webkit [203220] by svillar@igalia.com
  • 3 edits in trunk/Source/WebCore

[css-grid] Const-ify track sizing algorithm
https://bugs.webkit.org/show_bug.cgi?id=159716

Reviewed by Carlos Garcia Campos.

All the methods used to run the track sizing algorithm should not
modify the state of LayoutGrid. We can safely const-ify all of them
and remove the ugly const_cast in computeIntrinsicLogicalWidths().

No new tests needed as there is no change in behavior.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::logicalHeightForChild):
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
(WebCore::RenderGrid::distributeSpaceToTracks):

  • rendering/RenderGrid.h:
12:54 AM Changeset in webkit [203219] by jer.noble@apple.com
  • 4 edits in trunk

REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
https://bugs.webkit.org/show_bug.cgi?id=159533

Reviewed by Eric Carlson.

Source/WebCore:

Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
changes.

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::mainContentCheckTimerFired):
(WebCore::MediaElementSession::updateIsMainContent):

LayoutTests:

  • platform/mac/TestExpectations:
12:29 AM Changeset in webkit [203218] by achristensen@apple.com
  • 2 edits in trunk/LayoutTests

Rebaseline test after r203204 and r203207.

  • js/typed-array-mutated-during-set-expected.txt:
12:05 AM Changeset in webkit [203217] by achristensen@apple.com
  • 14 edits in trunk/Source

Modernize WebSocket handle
https://bugs.webkit.org/show_bug.cgi?id=159750

Reviewed by Brady Eidson.

Source/WebCore:

No new tests. No change in behavior.
This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
and makes our use of SocketStreamHandleClient a reference instead of a pointer.

  • Modules/websockets/ThreadableWebSocketChannel.h:
  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::send):

  • Modules/websockets/WebSocketChannel.cpp:

(WebCore::WebSocketChannel::connect):

  • platform/network/SocketStreamHandleBase.cpp:

(WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
(WebCore::SocketStreamHandleBase::send):
(WebCore::SocketStreamHandleBase::disconnect):
(WebCore::SocketStreamHandleBase::sendPendingData):
(WebCore::SocketStreamHandleBase::setClient): Deleted.

  • platform/network/SocketStreamHandleBase.h:

(WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
(WebCore::SocketStreamHandleBase::bufferedAmount):
(WebCore::SocketStreamHandleBase::client):

  • platform/network/cf/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):

  • platform/network/cf/SocketStreamHandleCFNet.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::addCONNECTCredentials):
(WebCore::SocketStreamHandle::copyCFStreamDescription):
(WebCore::SocketStreamHandle::readStreamCallback):
(WebCore::SocketStreamHandle::writeStreamCallback):
(WebCore::SocketStreamHandle::reportErrorToClient):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::port):

  • platform/network/curl/SocketStreamHandle.h:

(WebCore::SocketStreamHandle::create):

  • platform/network/curl/SocketStreamHandleCurl.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::readData):
(WebCore::SocketStreamHandle::didReceiveData):
(WebCore::SocketStreamHandle::didOpenSocket):
(WebCore::SocketStreamHandle::createCopy):

  • platform/network/soup/SocketStreamHandle.h:
  • platform/network/soup/SocketStreamHandleSoup.cpp:

(WebCore::SocketStreamHandle::SocketStreamHandle):
(WebCore::SocketStreamHandle::~SocketStreamHandle):
(WebCore::SocketStreamHandle::connected):
(WebCore::SocketStreamHandle::connectedCallback):
(WebCore::SocketStreamHandle::readBytes):
(WebCore::SocketStreamHandle::didFail):
(WebCore::SocketStreamHandle::writeReady):
(WebCore::SocketStreamHandle::platformClose):
(WebCore::SocketStreamHandle::beginWaitingForSocketWritability):

Source/WebKit2:

  • UIProcess/InspectorServer/soup/WebSocketServerSoup.cpp:

(WebKit::connectionCallback):

Note: See TracTimeline for information about the timeline view.