Context Navigation

← Previous Period
Next Period →

Timeline

Sep 12, 2016:

11:52 PM Changeset in webkit [205855] by pvollan@apple.com

3 edits
1 delete in trunk/Source/WebCore

[Win] Warning fix.
https://bugs.webkit.org/show_bug.cgi?id=161858

Reviewed by Brent Fulgham.

Use exported constants from CoreText.dll, instead of creating copies.

PlatformAppleWin.cmake:
platform/spi/win/CoreTextSPIWin.cpp: Removed.
platform/spi/win/CoreTextSPIWin.h:

11:46 PM Changeset in webkit [205854] by commit-queue@webkit.org

14 edits
1 copy
4 moves
10 adds
1 delete in trunk

ScriptElement should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161686

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-12
Reviewed by Darin Adler.

Source/WebCore:

Setting ScriptElement fetch mode according its crossOrigin attribute.
Removing LoadableClassicScriptchecking of CORS since this is now done at ResourceLoader/CachedResource level.

Updating CachedResourceLoader to ensure that a resource that matches an on-going resource load but with different fetch mode/origin,
always gets its loading started if the resource state is not Cached.

Tests: fast/dom/script-crossorigin-loads-fail-origin.html

http/tests/security/cross-origin-cached-images-parallel.html
http/tests/security/cross-origin-cached-images.html
http/tests/security/cross-origin-cached-scripts-parallel.html
http/tests/security/cross-origin-cached-scripts.html
http/tests/security/script-crossorigin-loads-correctly-credentials.html
http/tests/security/script-with-dataurl.html

dom/LoadableClassicScript.cpp:

(WebCore::LoadableClassicScript::create):
(WebCore::LoadableClassicScript::notifyFinished): Checking CORS failures using the resource state.
(WebCore::LoadableClassicScript::~LoadableClassicScript): Deleted.
(WebCore::LoadableClassicScript::isLoaded): Deleted.

dom/LoadableClassicScript.h:
dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestScriptWithCache): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode according crossOrigin attribute.

dom/ScriptElement.h:
loader/cache/CachedImage.cpp:

(WebCore::CachedImage::setBodyDataFrom):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Adding support for script resources.
(WebCore::CachedResourceLoader::requestResource): Ensuring that 'updated' resources gets actually loaded.

loader/cache/CachedScript.cpp:

(WebCore::CachedScript::setBodyDataFrom): Implementing specific data copy from another CachedScript.

loader/cache/CachedScript.h:

LayoutTests:

Added new tests.
Updated cookie test for robustness as the order of the cookie items when more than one may not be preserved.

Moved one of the blink test to http/tests as it requires HTTP to run properly.
Updated blink test expectation as it is run from file, while it should be run from http.

Copied a similar test to http/tests/local to ensure that script load fails when served from the filesystem , CORS check failing.
The test was previously passing in WebKit as the test file was served from filesystem and was granted universal access.
The CORS checks were done through SecurityOrigin::canRequest which was testing that first.
With the patch, CORS checks are done at a lower level and do not take in to account universal access.
This aligns with Chrome and Firefox behavior.

http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Added.
http/tests/local/script-crossorigin-loads-fail-origin.html: Copied from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Sorting the cookie to make the test more resistant.
http/tests/security/cross-origin-cached-images-expected.txt: Added.
http/tests/security/cross-origin-cached-images-parallel-expected.txt: Added.
http/tests/security/cross-origin-cached-images-parallel.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html.
http/tests/security/cross-origin-cached-images.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource.html.
http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Removed.
http/tests/security/cross-origin-cached-scripts-expected.txt: Added.
http/tests/security/cross-origin-cached-scripts-parallel-expected.txt: Added.
http/tests/security/cross-origin-cached-scripts-parallel.html: Added.
http/tests/security/cross-origin-cached-scripts.html: Added.
http/tests/security/resources/cors-script.php: Updated according chromium script to activate CORS credentials header if requested.
http/tests/security/resources/cross-origin-cached-resource-iframe.html:
http/tests/security/resources/notify-loaded.js: Added.
http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt.
http/tests/security/script-crossorigin-loads-correctly-credentials.html: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
http/tests/security/script-with-dataurl-expected.txt: Added.
http/tests/security/script-with-dataurl.html: Added.
http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt:

11:15 PM Changeset in webkit [205853] by Carlos Garcia Campos

2 edits in trunk/Source/WebCore

[GTK] Scrollbar too large
https://bugs.webkit.org/show_bug.cgi?id=161735

Reviewed by Michael Catanzaro.

We were not calculating the total scrollbar size correctly when the theme defines a minimum width/height. In
that case we need to take the extra size into account (border, margin, padding), but not adding the minimum
size. We were also adjusting the thumb position when rendering in indicator mode, but we really need to adjust
the whole rectangle. This worked in Adwaita because it uses a transparent track when in indicator mode. We are
also now taking into account the text direction when doing this adjustment for the indicator mode.

platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::paint):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):

11:12 PM Changeset in webkit [205852] by Carlos Garcia Campos

5 edits in trunk/Source/WebCore

[GTK] Crash of WebProcess on the last WebView disconnect (take two)
https://bugs.webkit.org/show_bug.cgi?id=161842

Reviewed by Michael Catanzaro.

The problem is that when PlatformDisplayX11 is destroyed, the sharing GL context is deleted and its destructor
makes a downcast of PlatformDisplay to get the native X11 display. We could simply keep a pointer to the native
X11 display in GLContextGLX, got at construction time from the PlatformDisplay, and ensure the sharing GL
context is deleted before the native X11 display is closed.

platform/graphics/PlatformDisplay.h: Make m_sharingGLContext protected.
platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::GLContextGLX): Initialize m_x11Display.
(WebCore::GLContextGLX::~GLContextGLX): Use m_x11Display and remove confusing comment about possible crash with
nviedia closed drivers.
(WebCore::GLContextGLX::defaultFrameBufferSize): Use m_x11Display.
(WebCore::GLContextGLX::makeContextCurrent): Ditto.
(WebCore::GLContextGLX::swapBuffers): Ditto.
(WebCore::GLContextGLX::swapInterval): Ditto.
(WebCore::GLContextGLX::cairoDevice): Ditto.

platform/graphics/glx/GLContextGLX.h:
platform/graphics/x11/PlatformDisplayX11.cpp:

(WebCore::PlatformDisplayX11::~PlatformDisplayX11): Delete the sharing GL context before closing the display.

10:48 PM Changeset in webkit [205851] by bshafiei@apple.com

5 edits in branches/safari-602-branch/Source

Versioning.

9:33 PM Changeset in webkit [205850] by fpizlo@apple.com

14 edits in trunk/Source/JavaScriptCore

MarkedBlock should be able to use flipIfNecessary() as the "I'm not empty" trigger
https://bugs.webkit.org/show_bug.cgi?id=161869

Reviewed by Saam Barati.

In bug 161581, I'm going to use flipIfNecessary() during marking to trigger the "I'm not
empty" hook, which will set a bit in the markingNotEmpty bitvector.

For this to work, we need to ensure that nobody else uses flipIfNecessary() during marking.
If anyone else does it but they aren't marking new objects, then this prevents
flipIfNecessary() from triggering when the first object is marked, which means we won't
always detect when a block became non-empty.

I addressed this by adding a isMarking flag, and asserting in flipIfNecessary() that the flag
isn't set. flipIfNecessaryDuringMarking() is used only on the marking path, so that code
knows that it can trigger something like noteMarked(). The only places that were using
flipIfNecessary() should have been using needsFlip() anyway.

heap/CellContainer.h:
heap/CellContainerInlines.h:

(JSC::CellContainer::needsFlip):

heap/Heap.cpp:

(JSC::Heap::markRoots):
(JSC::Heap::beginMarking):
(JSC::Heap::endMarking):
(JSC::Heap::clearLivenessData): Deleted.
(JSC::Heap::converge): Deleted.
(JSC::Heap::resetVisitors): Deleted.

heap/Heap.h:
heap/HeapInlines.h:

(JSC::Heap::testAndSetMarked):

heap/LargeAllocation.h:

(JSC::LargeAllocation::flipIfNecessaryDuringMarking):
(JSC::LargeAllocation::flipIfNecessaryConcurrently): Deleted.

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::flipIfNecessarySlow):
(JSC::MarkedBlock::flipIfNecessaryDuringMarkingSlow):
(JSC::MarkedBlock::flipIfNecessaryConcurrentlySlow): Deleted.

heap/MarkedBlock.h:

(JSC::MarkedBlock::flipIfNecessaryDuringMarking):
(JSC::MarkedBlock::Handle::flipIfNecessaryDuringMarking):
(JSC::MarkedBlock::flipIfNecessaryConcurrently): Deleted.
(JSC::MarkedBlock::Handle::flipIfNecessaryConcurrently): Deleted.

heap/MarkedSpace.h:

(JSC::MarkedSpace::isMarking):
(JSC::MarkedSpace::setIsMarking):
(JSC::MarkedSpace::largeAllocationsForThisCollectionSize): Deleted.

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):

heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):

9:32 PM Changeset in webkit [205849] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

[GTK] Fix lint warnings of LayoutTests/platform/gtk/TestExpectations
https://bugs.webkit.org/show_bug.cgi?id=161890

Unreviewed test gardening.

Patch by Fujii Hironori <Fujii Hironori> on 2016-09-12

platform/gtk/TestExpectations: Removed deleted test cases

js/regress/nested-function-parsing.html, js/regress/new-array-buffer-dead.html
and js/regress/method-on-number.html.
Skip imported/w3c/web-platform-tests/media-source/

7:57 PM Changeset in webkit [205848] by sbarati@apple.com

7 edits
2 adds in trunk

Speed up Function.prototype.bind a bit by making it a builtin
https://bugs.webkit.org/show_bug.cgi?id=161879

Reviewed by Filip Pizlo.

JSTests:

microbenchmarks/function-bind-inlining.js: Added.

(assert):
(test):
(test2):
(foo):

microbenchmarks/function-bind-no-inlining.js: Added.

(assert):
(test):
(test2):
(foo):

LayoutTests:

js/dom/function-bind-expected.txt:

7:12 PM Changeset in webkit [205847] by Chris Dumez

10 edits in trunk

Fix post-landing review comments after r205787
https://bugs.webkit.org/show_bug.cgi?id=161885

Reviewed by Darin Adler.

Source/WebCore:

Leverage new StringBuilder::append(CFStringRef) overload.

html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTTPRefreshInternal):

page/CaptionUserPreferencesMediaAF.cpp:

(WebCore::CaptionUserPreferencesMediaAF::captionsDefaultFontCSS):
(WebCore::buildDisplayStringForTrackBase):

platform/network/mac/CookieJarMac.mm:

(WebCore::cookiesForSession):

rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::mediaControlsStyleSheet):
(WebCore::RenderThemeIOS::mediaControlsScript):

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::mediaControlsStyleSheet):
(WebCore::RenderThemeMac::mediaControlsScript):

Source/WTF:

Add new StringBuilder::append(CFStringRef) / append(NSString*)
overloads to avoid an extra string copy when possible.

wtf/text/StringBuilder.cpp:

(WTF::StringBuilder::append):

wtf/text/StringBuilder.h:

(WTF::StringBuilder::append):

Tools:

Leverage new StringBuilder::append(CFStringRef) overload.

WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::dumpDOMAsWebArchive):

6:25 PM Changeset in webkit [205846] by achristensen@apple.com

4 edits in trunk

URLParser: Correctly ignore spaces before relative URLs with no scheme
https://bugs.webkit.org/show_bug.cgi?id=161889

Reviewed by Daniel Bates.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

5:58 PM Changeset in webkit [205845] by n_wang@apple.com

3 edits
2 adds in trunk

AX: Crash at WebCore::Range::compareBoundaryPoints(WebCore::Range::CompareHow, WebCore::Range const&, int&) const + 23
https://bugs.webkit.org/show_bug.cgi?id=161878

Reviewed by Chris Fleizach.

Source/WebCore:

In function characterOffsetsInOrder(const CharacterOffset&, const CharacterOffset&), we are creating two
ranges based on the nodes that are associated to the passed in CharacterOffsets. When the first node is a doctype
node, the first range will be a nullptr, and dereferencing it leads to a crash. Fixed this by adding a
NULL check.

Test: accessibility/mac/doctype-node-in-text-marker-crash.html

accessibility/AXObjectCache.cpp:

(WebCore::characterOffsetsInOrder):
(WebCore::resetNodeAndOffsetForReplacedNode):

LayoutTests:

accessibility/mac/doctype-node-in-text-marker-crash-expected.txt: Added.
accessibility/mac/doctype-node-in-text-marker-crash.html: Added.

5:29 PM Changeset in webkit [205844] by bshafiei@apple.com

5 edits in tags/Safari-603.1.5.1/Source

Versioning.

5:25 PM Changeset in webkit [205843] by bshafiei@apple.com

1 copy in tags/Safari-603.1.5.1

New tag.

5:14 PM Changeset in webkit [205842] by sbarati@apple.com

3 edits
4 adds in trunk

HashMapImpl should take into account m_deleteCount in its load factor and it should be able to rehash the table to be smaller
https://bugs.webkit.org/show_bug.cgi?id=161640

Reviewed by Geoffrey Garen.

JSTests:

microbenchmarks/map-rehash.js: Added.
stress/map-delete.js: Added.

(assert):

stress/map-rehash-2.js: Added.

(assert):

stress/map-rehash.js: Added.

(assert):

Source/JavaScriptCore:

HashMapImpl now takes into account m_deleteCount in its load factor.
It now knows how to rehash to either decrease its capacity, stay at
the same capacity, or increase its capacity. The reason we can sometimes
stay at the same capacity is that we can reduce the load factor enough
by rehashing that growing isn't warranted. The reason for this is that
anytime we rehash, we remove all deleted sentinels from the buffer.
Therefore, staying at the same same capacity, when there are deleted entries,
can still reduce the load factor because it removes all deleted sentinels.

runtime/HashMapImpl.h:

(JSC::HashMapBuffer::create):
(JSC::HashMapBuffer::reset):
(JSC::HashMapImpl::HashMapImpl):
(JSC::HashMapImpl::add):
(JSC::HashMapImpl::remove):
(JSC::HashMapImpl::size):
(JSC::HashMapImpl::clear):
(JSC::HashMapImpl::approximateSize):
(JSC::HashMapImpl::shouldRehashAfterAdd):
(JSC::HashMapImpl::shouldShrink):
(JSC::HashMapImpl::rehash):
(JSC::HashMapImpl::checkConsistency):
(JSC::HashMapImpl::makeAndSetNewBuffer):
(JSC::HashMapImpl::assertBufferIsEmpty):

4:51 PM Changeset in webkit [205841] by commit-queue@webkit.org

22 edits
1 move
1 add in trunk/Source/WebCore

Move the pixel data of ImageFrame to a separate class named ImageBackingStore
https://bugs.webkit.org/show_bug.cgi?id=159679

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-09-12
Reviewed by Simon Fraser.

Move the pixel data manipulation part in ImageFrame into a separate class
and allocate it on demand.

PlatformEfl.cmake:
PlatformGTK.cmake:
PlatformWinCairo.cmake:
WebCore.xcodeproj/project.pbxproj:

Add ImageBackingStoreCairo.cpp and remove ImageDecoderCairo.cpp from the
WebKit projects.

platform/graphics/Color.cpp:

(WebCore::premultipliedChannel): channel = channel * alpha / 255.
(WebCore::unpremultipliedChannel): channel = channel * 255 / alpha.
(WebCore::makePremultipliedRGBA): Un-premultiplied channels to premultiplied RGBA32.
(WebCore::makeUnPremultipliedRGBA): Premultiplied channels to un-premultiplied RGBA32.
(WebCore::colorFromPremultipliedARGB): Use makeUnPremultipliedRGBA.
(WebCore::premultipliedARGBFromColor): Use makePremultipliedRGBA.

platform/graphics/Color.h:

(WebCore::fastMultiplyBy255): x * 255 = x * 256 - x = x << 8 - x.

platform/graphics/ImageBackingStore.h: Added.

(WebCore::ImageBackingStore::create): Creates a new ImageBackingStore.
(WebCore::ImageBackingStore::setSize): Changes the pixels size.
(WebCore::ImageBackingStore::setFrameRect): This will always just be the entire buffer except for GIF and PNG frames.
(WebCore::ImageBackingStore::size): Returns the pixels size.
(WebCore::ImageBackingStore::frameRect): Returns the pixels frame rectangle.
(WebCore::ImageBackingStore::clear): Clears the entire image.
(WebCore::ImageBackingStore::clearRect): Clears a rectangle in the image.
(WebCore::ImageBackingStore::repeatFirstRow): Repeats the first row in a rectangle in the image.
(WebCore::ImageBackingStore::pixelAt): Returns a pointer to a pixel data.
(WebCore::ImageBackingStore::setPixel): Sets the color of a pixel in the image.
(WebCore::ImageBackingStore::blendPixel): Blend a color with a pixel in the image.
(WebCore::ImageBackingStore::inBounds): Checks if a rectangle is in the bounds of the image.
(WebCore::ImageBackingStore::isOverSize): Checks whether a size could not be allocated for an image.
(WebCore::ImageBackingStore::ImageBackingStore):

platform/graphics/cg/NativeImageCG.cpp:

(WebCore::nativeImageHasAlpha): Implement this function. See comments in https://bugs.webkit.org/show_bug.cgi?id=158684.

platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageFrame::operator=): copyBitmapData() now copies the frameRect of the ImageBackingStore.
(WebCore::ImageFrame::clearPixelData): The pixels data and the pointer to these pixels are now included in the ImageBackingStore.
(WebCore::ImageFrame::zeroFillPixelData): Clearing the image pixels are now in ImageBackingStore::clear().
(WebCore::ImageFrame::zeroFillFrameRect): Clearing the image pixels are now in ImageBackingStore::clearRect().
(WebCore::ImageFrame::copyBitmapData): We either need to create a new ImageBackingStore or nullify the current one.
(WebCore::ImageFrame::setSize): ImageFrame::setSize() is supposed to be called once and to create the ImageBackingStore.
(WebCore::ImageFrame::setOriginalFrameRect): Delegate this call to ImageBackingStore::setFrameRect().
(WebCore::ImageDecoder::frameBytesAtIndex): ImageFrame::PixelData can be replaced by RGBA32.

platform/image-decoders/ImageDecoder.h:

(WebCore::ImageFrame::copyRowNTimes): The implementation was moved to ImageBackingStore::repeatFirstRow().
(WebCore::ImageFrame::size): Gets the size of an image from its ImageBackingStore.
(WebCore::ImageFrame::asNewNativeImage): Gets a NtaiveImagePtr from the ImageBackingStore.
(WebCore::ImageFrame::backingStore): Returns a raw pointer to the ImageBackingStore.
(WebCore::ImageFrame::hasBackingStore): Returns whether the ImageFrame has an ImageBackingStore.
(WebCore::ImageFrame::originalFrameRect): Returns the frameRect of the image from its ImageBackingStore.
(WebCore::ImageFrame::pixelAt): Delegates the call to the ImageBackingStore.
(WebCore::ImageFrame::setPixel): Delegates the call to the ImageBackingStore.
(WebCore::ImageFrame::blendPixel): Delegates the call to the ImageBackingStore.

(WebCore::ImageDecoder::setSize): setSize() now takes an IntSize.
(WebCore::ImageFrame::setOriginalFrameRect): Deleted. Moved to ImageDecoder.cpp.
(WebCore::ImageFrame::setRGBA): Deleted. Renamed to ImageFrame::setPixel().
(WebCore::ImageFrame::getAddr): Deleted. Renamed to ImageFrame::pixelAt().
(WebCore::ImageFrame::hasPixelData): Deleted. Renamed to ImageFrame::hasBackingStore().
(WebCore::ImageFrame::fixPointUnsignedMultiply): Deleted.
(WebCore::ImageFrame::divide255): Deleted. Replaced by fastDivideBy255() from Color.h.
(WebCore::ImageFrame::overRGBA): Deleted. Renamed to ImageFrame::blendPixel().
(WebCore::ImageFrame::width): Deleted.
(WebCore::ImageFrame::height): Deleted.
(WebCore::ImageDecoder::isOverSize): Deleted. Moved to ImageBackingStore::isOverSize().

platform/image-decoders/bmp/BMPImageReader.cpp:

(WebCore::BMPImageReader::decodeBMP):
(WebCore::BMPImageReader::processInfoHeader):
(WebCore::BMPImageReader::processNonRLEData):

platform/image-decoders/bmp/BMPImageReader.h:

(WebCore::BMPImageReader::setI):
(WebCore::BMPImageReader::setPixel):
(WebCore::BMPImageReader::fillRGBA):
(WebCore::BMPImageReader::setRGBA): Deleted.

platform/image-decoders/cairo/ImageBackingStoreCairo.cpp: Added.

(WebCore::ImageBackingStore::image):

platform/image-decoders/cairo/ImageDecoderCairo.cpp: Removed.
platform/image-decoders/gif/GIFImageDecoder.cpp:

(WebCore::GIFImageDecoder::setSize):
(WebCore::GIFImageDecoder::haveDecodedRow):
(WebCore::GIFImageDecoder::initFrameBuffer):

platform/image-decoders/gif/GIFImageDecoder.h:
platform/image-decoders/gif/GIFImageReader.cpp:

(GIFImageReader::parse):

platform/image-decoders/ico/ICOImageDecoder.cpp:

(WebCore::ICOImageDecoder::setSize):
(WebCore::ICOImageDecoder::processDirectoryEntries):

platform/image-decoders/ico/ICOImageDecoder.h:
platform/image-decoders/jpeg/JPEGImageDecoder.cpp:

(WebCore::JPEGImageReader::decode):
(WebCore::JPEGImageDecoder::setSize):
(WebCore::setPixel):
(WebCore::JPEGImageDecoder::outputScanlines):

platform/image-decoders/jpeg/JPEGImageDecoder.h:
platform/image-decoders/png/PNGImageDecoder.cpp:

(WebCore::PNGImageDecoder::setSize):
(WebCore::PNGImageDecoder::headerAvailable):
(WebCore::setPixelRGB):
(WebCore::setPixelRGBA):
(WebCore::setPixelPremultipliedRGBA):
(WebCore::PNGImageDecoder::rowAvailable):
(WebCore::PNGImageDecoder::initFrameBuffer):
(WebCore::PNGImageDecoder::frameComplete):

platform/image-decoders/png/PNGImageDecoder.h:
platform/image-decoders/webp/WEBPImageDecoder.cpp:

(WebCore::WEBPImageDecoder::decode):

Send an IntSize to ImageFrame::setSize() and ImageDecoder::setSize().
Replace ImageFrame::PixelData by RGBA32.
No need to call ImageFrame::setOriginalFrameRect() if this sets the frameRect to the entire image rectangle since this is done by default in ImageBackingStore::setSize().
ImageBackingStore::image() now replaces ImageFrame::asNewNativeImage().
ImageFrame::setPixel() now replaces ImageFrame::setRGBA().
ImageFrame::blendPixel() now replaces ImageFrame::overRGBA().
ImageFrame::pixelAt() now replaces ImageFrame::getAddr().

4:34 PM Changeset in webkit [205840] by bshafiei@apple.com

1 copy in tags/Safari-602.2.6

New tag.

4:33 PM Changeset in webkit [205839] by commit-queue@webkit.org

3 edits
2 adds in trunk

HTMLButtonElement.prototype.click should be HTMLElement.prototype.click
https://bugs.webkit.org/show_bug.cgi?id=161874

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-09-12
Reviewed by Chris Dumez.

Source/WebCore:

Test: fast/dom/HTMLButtonElement/click.html

html/HTMLButtonElement.idl:

Remove the unnecessary 'click' definition. It already exists in HTMLElement.
If this was needed for ObjC code generation on DOMHTMLButtonElement, then
the extra definition is no longer needed now that ObjC bindings have moved.

LayoutTests:

fast/dom/HTMLButtonElement/click-expected.txt: Added.
fast/dom/HTMLButtonElement/click.html: Added.

4:14 PM Changeset in webkit [205838] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking imported/w3c/web-platform-tests/dom/nodes/ProcessingInstruction-escapes-1.xhtml as flaky on mac.
https://bugs.webkit.org/show_bug.cgi?id=161883

Unreviewed test gardening.

platform/mac/TestExpectations:

4:11 PM Changeset in webkit [205837] by Yusuke Suzuki

2 edits in trunk/JSTests

Unreviewed, fix tests for different libm environments
https://bugs.webkit.org/show_bug.cgi?id=161857

stress/ftl-arithtan.js:

4:08 PM Changeset in webkit [205836] by Yusuke Suzuki

3 edits in trunk/Source/WTF

[WTF] HashTable's rehash is not compatible to Ref<T> and ASan
https://bugs.webkit.org/show_bug.cgi?id=161763

Reviewed by Darin Adler.

Destructors of HashTable's empty values need to be called while ones of deleted values don't.

wtf/HashTable.h:

(WTF::KeyTraits>::deallocateTable):

wtf/Ref.h:

4:03 PM Changeset in webkit [205835] by achristensen@apple.com

4 edits in trunk

URLParser: Fix relative URLs containing only fragments
https://bugs.webkit.org/show_bug.cgi?id=161882

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:36 PM Changeset in webkit [205834] by Matt Baker

3 edits
2 adds in trunk

Source/WebInspectorUI:
Web Inspector: Improve clarity of inspector tests by adding TestHarness.expect* functions similar to XCTest
https://bugs.webkit.org/show_bug.cgi?id=161278
<rdar://problem/28039741>

Reviewed by Joseph Pecoraro.

Under the hood they all call TestHarness.expectThat.

UserInterface/Test/TestHarness.js:

(TestHarness.prototype.expectFalse):
(TestHarness.prototype.expectNull):
(TestHarness.prototype.expectNotNull):
(TestHarness.prototype.expectEqual):
(TestHarness.prototype.expectNotEqual):
(TestHarness.prototype.expectShallowEqual):
(TestHarness.prototype.expectNotShallowEqual):
(TestHarness.prototype.expectEqualWithAccuracy):
(TestHarness.prototype.expectLessThan):
(TestHarness.prototype.expectLessThanOrEqual):
(TestHarness.prototype.expectGreaterThan):
(TestHarness.prototype.expectGreaterThanOrEqual):

LayoutTests:
Web Inspector: Add TestHarness assertions/expectations to provide additional semantics similar to XCTest
https://bugs.webkit.org/show_bug.cgi?id=161278
<rdar://problem/28039741>

Reviewed by Joseph Pecoraro.

Add test to verify that the TestHarness.expect* family of functions
trivially work. Since it isn't possible to verify the TestPage results
directly without introducing additional complexity, simply log baseline
"PASS" and "FAIL" results for each function.

inspector/unit-tests/test-harness-expect-functions-expected.txt: Added.
inspector/unit-tests/test-harness-expect-functions.html: Added.

3:36 PM Changeset in webkit [205833] by achristensen@apple.com

4 edits in trunk

URLParser: Correctly handle relative URLs that are just a scheme and a colon
https://bugs.webkit.org/show_bug.cgi?id=161876

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:35 PM Changeset in webkit [205832] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

REGRESSION (r205223): Web Inspector: Debugger popover title and code aren't horizontally aligned
https://bugs.webkit.org/show_bug.cgi?id=161848
<rdar://problem/28250703>

Reviewed by Matt Baker.

UserInterface/Views/SourceCodeTextEditor.css:

(.popover .debugger-popover-content > .title):
(.popover .debugger-popover-content.function > .body):
Make left and right padding the same.

(.popover .debugger-popover-content.function > .body .CodeMirror pre):
Override left padding defined in CodeMirrorOverrides.css by .CodeMirror pre rule.

3:16 PM Changeset in webkit [205831] by dino@apple.com

2 edits in trunk/Source/WebCore

Remove OptionalColor
https://bugs.webkit.org/show_bug.cgi?id=161853
<rdar://problem/28252385>

Reviewed by Alex Christensen.

OptionalColor isn't used. The concept will be implemented
in a different manner.

platform/graphics/Color.h:

3:13 PM Changeset in webkit [205830] by commit-queue@webkit.org

9 edits
1 add in trunk

[JSC] Use GetArrayLength for JSArray.length even when the array type is undecided
https://bugs.webkit.org/show_bug.cgi?id=161671

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-09-12
Reviewed by Geoffrey Garen.

JSTests:

stress/get-array-length-on-undecided.js: Added.

Source/JavaScriptCore:

UndecidedShape is a type with storage. When we allocate an uninitialized JSArray,
it gets a butterfly with its length.
When we were querying that length, we were generating a generic GetById with inline cache.

This patch adds the missing bits to treat Undecided like the other types with storage.

dfg/DFGArrayMode.cpp:

(JSC::DFG::canBecomeGetArrayLength):
(JSC::DFG::ArrayMode::refine):

dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::usesButterfly):
(JSC::DFG::ArrayMode::lengthNeedsStorage):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::checkArray):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetArrayLength):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):

3:05 PM Changeset in webkit [205829] by Simon Fraser

2 edits in trunk/Source/WebCore

Add Intersection Observer to the features.json file.

features.json:

3:01 PM Changeset in webkit [205828] by Yusuke Suzuki

22 edits
3 adds in trunk

[DFG][FTL] Add ArithTan
https://bugs.webkit.org/show_bug.cgi?id=161857

Reviewed by Filip Pizlo.

JSTests:

microbenchmarks/tan.js: Added.
stress/arith-tan-on-various-types.js: Added.

(let.validInputTypedTestCases.validInputTestCases.map):
(isIdentical):
(opaqueTanNoArgument):
(testNoArgument):
(opaqueAllTypesTan):
(testAllTypesCall):
(testTangleTypeCall):
(testConstant):
(opaqueTanForSideEffects):
(testSideEffect.let.testObject.valueOf):
(testSideEffect):
(opaqueTanForCSE):
(testCSE.let.testObject.valueOf):
(testCSE):
(opaqueTanForDCE):
(testDCE.let.testObject.valueOf):
(testDCE):
(testException.opaqueTanWithException):
(testException):

stress/ftl-arithtan.js: Added.

(foo):

Source/JavaScriptCore:

While ArithSin and ArithCos are supported, ArithTan is not supported yet.
And we also find that Math.tan is included in MotionMark's Multiply benchmark.

This patch adds ArithTan support in DFG and FTL. And it also cleans up the
existing ArithSin, ArithCos, and ArithLog compilations by unifying them.
The microbenchmark shows the 9% perf improvement.

tan 322.4819+-0.3766 ^{295.8700+-0.3094} definitely 1.0899x faster

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithDoubleUnaryOp):
(JSC::DFG::SpeculativeJIT::compileArithCos):
(JSC::DFG::SpeculativeJIT::compileArithTan):
(JSC::DFG::SpeculativeJIT::compileArithSin):
(JSC::DFG::SpeculativeJIT::compileArithLog):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithTan):

ftl/FTLOutput.cpp:

(JSC::FTL::Output::doubleTan):

ftl/FTLOutput.h:
runtime/Intrinsic.h:
runtime/MathObject.cpp:

(JSC::MathObject::finishCreation):

2:46 PM Changeset in webkit [205827] by commit-queue@webkit.org

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Hide PrivateSymbol.concatSlowPath? and other PrivateSymbols from memory edges
https://bugs.webkit.org/show_bug.cgi?id=156763

Patch by Devin Rousso <Devin Rousso> on 2016-09-12
Reviewed by Joseph Pecoraro.

UserInterface/Proxies/HeapSnapshotEdgeProxy.js:

(WebInspector.HeapSnapshotEdgeProxy.prototype.isPrivateSymbol):
Checks that the edge data does not begin with "PrivateSymbol".

UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._populate):
Only add child nodes if they are not PrivateSymbol nodes.

2:44 PM Changeset in webkit [205826] by mmaxfield@apple.com

6 edits in trunk/Source

[Cocoa] Reduce uses of CGFonts in favor of CTFonts
https://bugs.webkit.org/show_bug.cgi?id=161809

Reviewed by Daniel Bates.

Source/WebCore:

Eventually, we want to remove the cgFont() member of PlatformFontData for both memory
savings and conceptual clarity. Because there is no performance loss from moving from
CGFontGetGlyphsForUnichars() to CTFontGetGlyphsForCharacters(), making this switch
gets us closer to reducing the uses of cgFont().

No new tests because there is no behavior change.

platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

platform/graphics/GlyphPage.h:

(WebCore::GlyphData::GlyphData):

platform/graphics/mac/GlyphPageMac.cpp:

(WebCore::shouldFillWithVerticalGlyphs):
(WebCore::GlyphPage::fill):
(WebCore::shouldUseCoreText): Deleted.

Source/WTF:

wtf/unicode/CharacterNames.h:

2:42 PM Changeset in webkit [205825] by commit-queue@webkit.org

5 edits in trunk

AX: WKWebView for macOS does not allow configuration of tabsToLinks
https://bugs.webkit.org/show_bug.cgi?id=161394

Patch by DAN SAUNDERS <dasau@microsoft.com> on 2016-09-12
Reviewed by Anders Carlsson.

Source/WebKit2:

UIProcess/API/Cocoa/WKPreferences.h:
UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences encodeWithCoder:]):
(-[WKPreferences initWithCoder:]):
(-[WKPreferences tabFocusesLinks]):
(-[WKPreferences setTabFocusesLinks:]):

Tools:

TestWebKitAPI/Tests/WebKit2Cocoa/Coding.mm:

(TEST):

2:30 PM Changeset in webkit [205824] by achristensen@apple.com

4 edits in trunk

Remove trailing control characters and spaces before parsing a URL
https://bugs.webkit.org/show_bug.cgi?id=161870

Reviewed by Tim Horton.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::bufferView):
(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

2:23 PM Changeset in webkit [205823] by Chris Dumez

3 edits
2 adds in trunk

window.performance object resets script-applied properties
https://bugs.webkit.org/show_bug.cgi?id=137407

Reviewed by Darin Adler.

Source/WebCore:

Make sure the window.performance wrapper stays alive for as long as the
associated frame, similarly to what we do for window.screen.

Test: fast/performance/performance-object-gc.html

page/Performance.idl:

LayoutTests:

Add layout test coverage.

fast/performance/performance-object-gc-expected.txt: Added.
fast/performance/performance-object-gc.html: Added.

2:13 PM Changeset in webkit [205822] by sbarati@apple.com

10 edits
1 add in trunk/Source

Add WebKit support for an option in Safari's debug menu similar to "Get Bytecode Profile" but for the Sampling Profiler's data
https://bugs.webkit.org/show_bug.cgi?id=161785

Reviewed by Tim Horton.

Source/WebCore:

ForwardingHeaders/runtime/SamplingProfiler.h: Added.

Source/WebKit2:

This patch follows in the steps of how we dump output for the
internal JSC bytecode profiler tool, but now also for the internal
JSC sampling profiler tool. This can be used when doing performance
analysis work analyzing the JS execution of a page.

UIProcess/API/C/WKPage.cpp:

(WKPageGetSamplingProfilerOutput):

UIProcess/API/C/WKPagePrivate.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::getSamplingProfilerOutput):
(WebKit::WebPageProxy::invalidateStringCallback):

UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::getSamplingProfilerOutput):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

2:12 PM Changeset in webkit [205821] by hyatt@apple.com

3 edits
4 adds in trunk/Source/WebCore

[CSS Parser] Add support for the parsing of the HTML sizes attribute
https://bugs.webkit.org/show_bug.cgi?id=161868

Reviewed by Dean Jackson.

This patch adds the parsers for the sizes attribute. This code is heavily modified
from Blink, and it really only makes use of the tokenization/parsing code. What is done
with the results involves the same original code that we used over in SourceSizeList.cpp.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
css/parser/SizesAttributeParser.cpp: Added.

(WebCore::SizesAttributeParser::computeLength):
(WebCore::SizesAttributeParser::SizesAttributeParser):
(WebCore::SizesAttributeParser::length):
(WebCore::SizesAttributeParser::calculateLengthInPixels):
(WebCore::SizesAttributeParser::mediaConditionMatches):
(WebCore::SizesAttributeParser::parse):
(WebCore::SizesAttributeParser::effectiveSize):
(WebCore::SizesAttributeParser::effectiveSizeDefaultValue):

css/parser/SizesAttributeParser.h: Added.
css/parser/SizesCalcParser.cpp: Added.

(WebCore::SizesCalcParser::SizesCalcParser):
(WebCore::SizesCalcParser::result):
(WebCore::operatorPriority):
(WebCore::SizesCalcParser::handleOperator):
(WebCore::SizesCalcParser::appendNumber):
(WebCore::SizesCalcParser::appendLength):
(WebCore::SizesCalcParser::appendOperator):
(WebCore::SizesCalcParser::calcToReversePolishNotation):
(WebCore::operateOnStack):
(WebCore::SizesCalcParser::calculate):

css/parser/SizesCalcParser.h: Added.

(WebCore::SizesCalcValue::SizesCalcValue):
(WebCore::SizesCalcParser::isValid):

2:09 PM Changeset in webkit [205820] by jer.noble@apple.com

10 edits in trunk

Fix failing mediasource-play.html and mediasource-config-change-mp4-v-bitrate.html tests
https://bugs.webkit.org/show_bug.cgi?id=161819

Reviewed by Eric Carlson.

Source/WebCore:

Fixes tests: imported/w3c/web-platform-tests/media-source/mediasource-play.html

imported/w3c/web-platform-tests/media-source/mediasource-sourcebuffer-mode.html

The newest revision of the web-platform-test suite for Media Source tests new behavior
added to the MSE specification. Specifically, setting a MediaSource's duration will no
longer implicitly truncate the source's active SourceBuffer objects.

Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::setDuration): Return exception if issued by setDurationInternal.
(WebCore::MediaSource::setDurationInternal): Bring "duration change" algorithm up to spec.

Modules/mediasource/MediaSource.h:
Modules/mediasource/SampleMap.h:

(WebCore::PresentationOrderSampleMap::begin): Add const accessor.
(WebCore::PresentationOrderSampleMap::end): Ditto.
(WebCore::PresentationOrderSampleMap::rbegin): Ditto.
(WebCore::PresentationOrderSampleMap::rend): DItto.
(WebCore::DecodeOrderSampleMap::begin): Ditto.
(WebCore::DecodeOrderSampleMap::end): Ditto.
(WebCore::DecodeOrderSampleMap::rbegin): Ditto.
(WebCore::DecodeOrderSampleMap::rend): Ditto.

Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::highestPresentationTimestamp): Added convenience method.
(WebCore::SourceBuffer::removeCodedFrames): Drive-by fix; use .values() rather than

pulling the value out of each HashMap iterator.

Modules/mediasource/SourceBuffer.h:

LayoutTests:

media/media-source/media-source-end-of-stream-readyState.html:
media/media-source/media-source-end-of-stream-readyState-expected.txt:
platform/mac/TestExpectations:

2:04 PM Changeset in webkit [205819] by sbarati@apple.com

7 edits
1 add in trunk

MapHash should do constant folding when it has a constant argument and its legal to hash that value
https://bugs.webkit.org/show_bug.cgi?id=161639

Reviewed by Filip Pizlo.

JSTests:

microbenchmarks/map-constant-key.js: Added.

(assert):
(test):
(foo):

Source/JavaScriptCore:

We now constant fold the MapHash node. We're careful to not resolve
ropes from the compiler thread, and to only hash strings if they're
not too large. The microbenchmark I added runs about 12% faster with
this patch.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

runtime/HashMapImpl.h:

(JSC::wangsInt64Hash):
(JSC::jsMapHash):
(JSC::concurrentJSMapHash):

Source/WTF:

This patch adds a concurrentHash method to StringImpl. It's
probably safe to get the actual hash while being racy, however,
it's simpler and more future proof to not have to worry about
that and to just compute it on demand. Users of this API should
be aware that it's doing non-trivial work. Currently, the only
user is JSC's JIT compilers, and they only ask for hashes for small-ish
strings.

wtf/text/StringImpl.h:
wtf/text/StringStatics.cpp:

(WTF::StringImpl::concurrentHash):

12:50 PM Changeset in webkit [205818] by Chris Dumez

23 edits in trunk/Source

Switch remaining users of Document::inPageCache() to pageCacheState()
https://bugs.webkit.org/show_bug.cgi?id=161865

Reviewed by Darin Adler.

Switch remaining users of Document::inPageCache() to pageCacheState() as
the former one is confusing (given that it returns true while the
pagehide event is being fired).

Source/WebCore:

dom/Document.cpp:

(WebCore::Document::scheduleStyleRecalc):
(WebCore::Document::fontsNeedUpdate):
(WebCore::Document::removeFocusedNodeOfSubtree):
(WebCore::Document::setFocusedElement):
(WebCore::Document::takeDOMWindowFrom):
(WebCore::Document::topDocument):
(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore::Document::webkitDidEnterFullScreenForElement):
(WebCore::Document::webkitWillExitFullScreenForElement):
(WebCore::Document::webkitDidExitFullScreenForElement):

dom/Document.h:

(WebCore::Document::needsStyleRecalc):
(WebCore::Document::inPageCache): Deleted.

history/CachedFrame.cpp:

(WebCore::CachedFrame::CachedFrame):
(WebCore::CachedFrame::clear):
(WebCore::CachedFrame::destroy):

html/HTMLMediaElement.cpp:

(WebCore::mediaElementIsAllowedToAutoplay):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::createElementRenderer):

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::addSubresourceLoader):

loader/HistoryController.cpp:

(WebCore::HistoryController::saveScrollPositionAndViewStateToItem):

page/DOMWindow.cpp:

(WebCore::DOMWindow::decrementScrollEventListenersCount):

page/FrameView.cpp:

(WebCore::FrameView::layout):

page/animation/AnimationBase.cpp:

(WebCore::AnimationBase::setNeedsStyleRecalc):

page/animation/AnimationController.cpp:

(WebCore::AnimationControllerPrivate::updateAnimations):
(WebCore::AnimationControllerPrivate::addElementChangeToDispatch):
(WebCore::AnimationController::cancelAnimations):
(WebCore::AnimationController::updateAnimations):

page/animation/ImplicitAnimation.cpp:

(WebCore::ImplicitAnimation::sendTransitionEvent):

page/animation/KeyframeAnimation.cpp:

(WebCore::KeyframeAnimation::sendAnimationEvent):

page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):

rendering/RenderElement.cpp:

(WebCore::shouldRepaintForImageAnimation):
(WebCore::RenderElement::newImageAnimationFrameAvailable):

rendering/RenderImage.cpp:

(WebCore::RenderImage::imageChanged):

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::willRemoveScrollingLayerWithBacking):
(WebCore::RenderLayerCompositor::didAddScrollingLayer):

rendering/RenderObject.cpp:

(WebCore::printRenderTreeForLiveDocuments):
(WebCore::printLayerTreeForLiveDocuments):

rendering/RenderView.cpp:

(WebCore::RenderView::lazyRepaintTimerFired):

rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::collectNonEmptyLeafRenderBlockFlowsForCurrentPage):

Source/WebKit/mac:

WebView/WebHTMLView.mm:

(-[WebHTMLView layoutToMinimumPageWidth:height:originalPageWidth:originalPageHeight:maximumShrinkRatio:adjustingViewSize:]):
(-[WebHTMLView setNeedsLayout:]):
(-[WebHTMLView setNeedsToApplyStyles:]):

11:59 AM Changeset in webkit [205817] by Keith Rollin

7 edits in trunk/Source

Enhance Network logging
https://bugs.webkit.org/show_bug.cgi?id=161771

Reviewed by Antti Koivisto.

Modify current logging statements to follow a consistent pattern in
order to enhance readability and parsing.

Source/WebCore:

No new tests -- there are no tests for logging.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::prepareForLoadStart):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):

Source/WebKit2:

NetworkProcess/Downloads/Download.cpp:

(WebKit::Download::didReceiveResponse):
(WebKit::Download::didReceiveData):
(WebKit::Download::didFinish):
(WebKit::Download::didFail):
(WebKit::Download::didCancel):

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::startNetworkLoad):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::didFailLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):

WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::willSendRequest):
(WebKit::WebResourceLoader::didReceiveResponse):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
(WebKit::WebResourceLoader::didReceiveResource):

11:45 AM Changeset in webkit [205816] by msaboff@apple.com

2 edits in trunk/JSTests

JSC test timeout: ChakraCore.yaml/ChakraCore/test/Bugs/bug56026_trycatch.js.default
https://bugs.webkit.org/show_bug.cgi?id=161863

Reviewed by Saam Barati.

ChakraCore.yaml:

Disabled Bugs/bug56026_trycatch.js.

11:35 AM Changeset in webkit [205815] by Matt Baker

3 edits
2 adds in trunk

Web Inspector: Object.shallowEqual() should return false if object prototype chains differ
https://bugs.webkit.org/show_bug.cgi?id=161852

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Improve Object.shallowEqual so it won't produce false positives.

UserInterface/Base/Utilities.js:

(value):
Object.shallowEqual should return false for non-array arguments.
Since typeof null === "object", use instanceof instead to avoid separate
null checks. Also use Array.shallowEqual fast path when both arguments are arrays.

LayoutTests:

inspector/unit-tests/object-utilities-expected.txt: Added.
inspector/unit-tests/object-utilities.html: Added.

Add test coverage for Object.shallowEqual.

11:18 AM Changeset in webkit [205814] by beidson@apple.com

2 edits in trunk/Source/WebCore

Crash in com.apple.WebCore: WebCore::NavigatorGamepad::gamepadFromPlatformGamepad.
<rdar://problem/28018073> and https://bugs.webkit.org/show_bug.cgi?id=161694

Reviewed by Alex Christensen.

No new tests (Caught by existing tests in some configurations).

Modules/gamepad/GamepadManager.cpp:

(WebCore::GamepadManager::platformGamepadInputActivity): Null check.

11:10 AM Changeset in webkit [205813] by achristensen@apple.com

4 edits in trunk

Fix more URLParser quirks
https://bugs.webkit.org/show_bug.cgi?id=161834

Reviewed by Brady Eidson.

Source/WebCore:

Added new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):
Skip some tabs and newlines. The spec says to remove them before processing the String,
but to reduce allocations I am skipping them whenever we increment an iterator.
Fix a few other quirks to be more web platform conformant.

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

11:06 AM Changeset in webkit [205812] by achristensen@apple.com

4 edits in trunk

Optimize URLParser performance
https://bugs.webkit.org/show_bug.cgi?id=161837

Reviewed by Brady Eidson.

Source/WebCore:

No change in behavior. Existing behavior covered by API tests and added a new API test.

platform/URLParser.cpp:

(WebCore::isDefaultPort):
Use switch statements instead of HashMap lookups.
(WebCore::isSpecialScheme):
Use switch statements instead of repeated String comparisons.
(WebCore::URLParser::parsePort):
Reduce String allocation.

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):
Added a test to verify the case insensitivity of the default port checks.

9:52 AM Changeset in webkit [205811] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking accessibility/mac/value-change/value-change-user-info-contenteditable.html as flaky on mac-wk2.
https://bugs.webkit.org/show_bug.cgi?id=160042

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

9:08 AM Changeset in webkit [205810] by fpizlo@apple.com

4 edits in trunk/Source

DFG::forAllKilledOperands() could use a faster bitvector scan in the same-inline-stack fast path
https://bugs.webkit.org/show_bug.cgi?id=161849

Reviewed by Saam Barati.

Source/JavaScriptCore:

This is a fairly obvious change. This turns a loop that would query each bit individually
into a loop that will process a word at a time. I would expect a very tiny progression in
DFG compile times.

This also gave me an opportunity to test and fix the new FastBitVector functionality.

dfg/DFGForAllKills.h:

(JSC::DFG::forAllKilledOperands):

Source/WTF:

It turns out that templates make private fields weird. FastBitVectorImpl can't necessarily
touch privates in instances of different template specializations of itself. So, I added a
public method called wordView() that exposes the necessary private field.

wtf/FastBitVector.h:

(WTF::FastBitVectorImpl::operator&):
(WTF::FastBitVectorImpl::operator|):
(WTF::FastBitVectorImpl::operator~):
(WTF::FastBitVectorImpl::forEachSetBit):
(WTF::FastBitVectorImpl::wordView):

8:50 AM Changeset in webkit [205809] by Simon Fraser

21 edits
2 adds in trunk

Make -webkit-transition-* and -webkit-animation-* properties be pure aliases of the unprefixed ones
https://bugs.webkit.org/show_bug.cgi?id=160478

Reviewed by Dean Jackson.

Source/WebCore:

Remove the custom -webkit prefixed transition and animation properties, and just make
them aliases of the unprefixed ones, as we do for transforms.

-webkit-animation-trigger remains as the only prefixed-only animation property.

This is mostly code deletion.

Test: fast/css/longhand-overrides-shorthand-prefixing.html

css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

css/CSSProperty.h:

(WebCore::prefixingVariantForPropertyId): Deleted.

css/CSSPropertyNames.in:
css/CSSToStyleMap.cpp:

(WebCore::CSSToStyleMap::mapAnimationDelay):
(WebCore::CSSToStyleMap::mapAnimationDirection):
(WebCore::CSSToStyleMap::mapAnimationDuration):
(WebCore::CSSToStyleMap::mapAnimationFillMode):
(WebCore::CSSToStyleMap::mapAnimationIterationCount):
(WebCore::CSSToStyleMap::mapAnimationName):
(WebCore::CSSToStyleMap::mapAnimationPlayState):
(WebCore::CSSToStyleMap::mapAnimationProperty):
(WebCore::CSSToStyleMap::mapAnimationTimingFunction):

css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):

css/StyleProperties.cpp:

(WebCore::StyleProperties::getPropertyValue):
(WebCore::MutableStyleProperties::removeShorthandProperty):
(WebCore::StyleProperties::asText):

css/StylePropertyShorthand.cpp:

(WebCore::animationShorthandForParsing):

css/StylePropertyShorthand.h:
css/StyleResolver.cpp:

(WebCore::StyleResolver::styleForKeyframe):

css/parser/CSSParser.cpp:

(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parseAnimationShorthand):
(WebCore::CSSParser::parseTransitionShorthand):
(WebCore::CSSParser::parseAnimationProperty):
(WebCore::CSSParser::addPropertyWithPrefixingVariant): Deleted.

css/parser/CSSParser.h:
html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlPanelElement::makeOpaque):
(WebCore::MediaControlPanelElement::makeTransparent):

LayoutTests:

Updated results, and a new test to ensure that longhand properties override
shorthand ones, with various combinations of prefixing.

fast/css/getComputedStyle/computed-style-expected.txt:
fast/css/getComputedStyle/computed-style-without-renderer-expected.txt:
fast/css/longhand-overrides-shorthand-prefixing-expected.txt: Added.
fast/css/longhand-overrides-shorthand-prefixing.html: Added.
fast/css/prefixed-unprefixed-variant-style-declaration-expected.txt:
fast/css/prefixed-unprefixed-variant-style-declaration.html:
transitions/svg-transitions-expected.txt:
transitions/transitions-parsing-expected.txt:
transitions/transitions-parsing.html:

5:31 AM Changeset in webkit [205808] by pvollan@apple.com

2 edits in trunk/Source/WebCore

Unreviewed build fix after r205090.

platform/cf/MediaAccessibilitySoftLink.cpp:

4:46 AM Changeset in webkit [205807] by jfernandez@igalia.com

8 edits
2 adds in trunk

[css-align] Initial values are parsed as invalid for some Alignment properties
https://bugs.webkit.org/show_bug.cgi?id=161303

Reviewed by Darin Adler.

Source/WebCore:

Due to the implementation of the new CSS Box Alignment specification,
some properties have now new values allowed, which are not valid
according to the Flexible Box Layout specification.

In r205102 we have get back the keywordID parsing, originally implemented for
the Flexbible Box Layout specification. Even though the new valued would be
parsed as invalid when they are set, the 'initial' values will be assigned
in any case.

This patch verifies that the 'initial' values depend on whether the Grid
Layout is enabled or not and verifying such values are parsed as valid.

Additionally, it gets back as well they keywordID parsing for the Content
Alignment properties (align-content and justify-content). This required to
touch a bit the StyleBuilderConverter logic, since we will have to deal with
either the complex CSSContentDistributionValue complex or the simpler
CSSPrimitiveValue.

Test: fast/css/ensure-flexbox-compatibility-with-initial-values.html

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertContentAlignmentData): Handling a primitive value if Grid Layout is not enabled.

css/parser/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue): Simpler parsing of alignment properties if Grid Layout is not enabled.
(WebCore::isKeywordPropertyID): Alignment properties are defined as keyword if Grid Layout is no enabled.
(WebCore::CSSParser::parseValue): Assert Grid Layout is enabled when using the complex parsing.

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::isCSSGridLayoutEnabled): Checking out the Grid Layout runtime flags.

rendering/style/RenderStyle.h:

(WebCore::RenderStyle::initialDefaultAlignment): Initial value will depend on whether Grid Layout is enabled or not.
(WebCore::RenderStyle::initialContentAlignment): Initial value will depend on whether Grid Layout is enabled or not.

LayoutTests:

Test to verify the "initial" values of the CSS Box Alignment properties
are parsed as valid independently of whether Grid Layout is enabled or not.

fast/css/ensure-flexbox-compatibility-with-initial-values-expected.txt: Added.
fast/css/ensure-flexbox-compatibility-with-initial-values.html: Added.
fast/css/resources/alignment-parsing-utils.js:

(checkSupportedValues):

2:28 AM Changeset in webkit [205806] by Chris Dumez

3 edits in trunk/Source/WebCore

ol.start may return incorrect value for reversed lists when not explicitly set
https://bugs.webkit.org/show_bug.cgi?id=161713

Reviewed by Ryosuke Niwa.

Fix style nit after r205689.

html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::itemCount):
(WebCore::HTMLOListElement::itemCountAfterLayout):

html/HTMLOListElement.h:

2:26 AM Changeset in webkit [205805] by Chris Dumez

5 edits in trunk/Source/WebCore

Start using Document::pageCacheState() instead of Document::inPageCache()
https://bugs.webkit.org/show_bug.cgi?id=161851

Reviewed by Ryosuke Niwa.

Start using Document::pageCacheState() instead of Document::inPageCache()
as the latter one is confusing (given that it is true when firing the
pagehide event, when the document is about to enter page cache).

loader/FrameLoader.cpp:

(WebCore::FrameLoader::closeURL):
(WebCore::FrameLoader::clear):
(WebCore::FrameLoader::dispatchUnloadEvents):

loader/cache/CachedResource.cpp:

(WebCore::CachedResource::load):

page/Page.cpp:

(WebCore::incrementFrame): Deleted.

page/Page.h:

1:09 AM Changeset in webkit [205804] by bshafiei@apple.com

1 copy in tags/Safari-602.1.50.0.9

New tag.

12:54 AM Changeset in webkit [205803] by bshafiei@apple.com

9 edits
2 copies
2 adds in branches/safari-602-branch

Merge r205788. rdar://problem/28245097

12:54 AM Changeset in webkit [205802] by bshafiei@apple.com

8 edits in branches/safari-602-branch

Merge r205154. rdar://problem/28233330

12:54 AM Changeset in webkit [205801] by bshafiei@apple.com

2 edits in branches/safari-602-branch/Source/WebCore

Merge r204943. rdar://problem/28233330

12:54 AM Changeset in webkit [205800] by bshafiei@apple.com

4 edits
2 adds in branches/safari-602-branch

Merge r204923. rdar://problem/28233330

12:53 AM Changeset in webkit [205799] by bshafiei@apple.com

7 edits
1 add in branches/safari-602-branch

Merge r205784. rdar://problem/28230123

12:53 AM Changeset in webkit [205798] by bshafiei@apple.com

5 edits
1 add in branches/safari-602-branch

Merge r205783. rdar://problem/28229756

12:53 AM Changeset in webkit [205797] by bshafiei@apple.com

13 edits
1 copy
1 add in branches/safari-602-branch

Merge r205765. rdar://problem/28033492

12:21 AM Changeset in webkit [205796] by bshafiei@apple.com

5 edits in branches/safari-602.1.50.0-branch/Source

Versioning.

Sep 11, 2016:

11:54 PM Changeset in webkit [205795] by bshafiei@apple.com

5 edits in branches/safari-602-branch/Source

Versioning.

9:03 PM Changeset in webkit [205794] by fpizlo@apple.com

17 edits
1 delete in trunk/Source

FastBitVector should have efficient and easy-to-use vector-vector operations
https://bugs.webkit.org/show_bug.cgi?id=161847

Reviewed by Saam Barati.

Source/JavaScriptCore:

Adapt existing users of FastBitVector to the new API.

bytecode/BytecodeLivenessAnalysis.cpp:

(JSC::BytecodeLivenessAnalysis::computeKills):
(JSC::BytecodeLivenessAnalysis::dumpResults):

bytecode/BytecodeLivenessAnalysisInlines.h:

(JSC::operandThatIsNotAlwaysLiveIsLive):
(JSC::BytecodeLivenessPropagation<DerivedAnalysis>::stepOverInstruction):
(JSC::BytecodeLivenessPropagation<DerivedAnalysis>::runLivenessFixpoint):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::validate):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::flushForTerminal):

dfg/DFGForAllKills.h:

(JSC::DFG::forAllKilledOperands):

dfg/DFGGraph.h:

(JSC::DFG::Graph::forAllLocalsLiveInBytecode):

dfg/DFGLiveCatchVariablePreservationPhase.cpp:

(JSC::DFG::LiveCatchVariablePreservationPhase::willCatchException):
(JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):

dfg/DFGNaturalLoops.cpp:

(JSC::DFG::NaturalLoops::NaturalLoops):

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::cleanMustHandleValuesIfNecessary):

Source/WTF:

FastBitVector is a bitvector representation that supports manual dynamic resizing and is
optimized for speed, not space. (BitVector supports automatic dynamic resizing and is
optimized for space, while Bitmap is sized statically and is optimized for both speed and
space.) This change greatly increases the power of FastBitVector. We will use these new
powers for changing the JSC GC to use FastBitVectors to track sets of MarkedBlocks (bug
161581) instead of using a combination of Vectors and doubly-linked lists.

This change splits FastBitVector into two parts:

A thing that manages the storage of a bitvector: a uint32_t array and a size_t numBits. We call this the word view.
A thing that takes some kind of abstract array of uint32_t's and does bitvector operations to it. We call this the FastBitVectorImpl.

FastBitVectorImpl and word views are immutable. The FastBitVector class is a subclass of
FastBitVectorImpl specialized on a word view that owns its words and has additional
support for mutable operations.

Doing this allows us to efficiently support things like this without any unnecessary
memory allocation or copying:

FastBitVector a, b, c; Assume that there is code to initialize these.
a &= b | ~c;

Previously, this kind of operation would not be efficient, because "~c" would have to
create a whole new FastBitVector. But now, it just returns a FastBitVectorImpl whose
underlying word view bitnots (~) its words on the fly. Using template magic, this can get
pretty complex. For example "b | ~c" returns a FastBitVectorImpl that wraps a word view
whose implementation of WordView::word(size_t index) is something like:

uint32_t word(size_t index) { return b.m_words.word(index) | ~c.m_words.word(index); }

FastBitVectorImpl supports all of the fast bulk bitvector operations, like
forEachSetBit(), bitCount(), etc. So, when you say "a &= b | ~c", the actual
implementation is going to run these bit operations on word granularity directly over the
storage inside a, b, c.

The use of operator overloading is worth explaining a bit. Previously, FastBitVector
avoided operator overloading. For example, the &= operation was called filter(). I think
that this was a pretty good approach at the time. I tried using non-operator methods in
this FastBitVector rewrite, but I found it very odd to say things like:

a.filter(b.bitOr(c.bitNot()));

I think that it's harder to see what is going on here, then using operators, because infix
notation is always better.

WTF.xcodeproj/project.pbxproj:
wtf/BitVector.h:

(WTF::BitVector::findBitInWord): Deleted.

wtf/CMakeLists.txt:
wtf/Dominators.h:

(WTF::Dominators::NaiveDominators::NaiveDominators):
(WTF::Dominators::NaiveDominators::dominates):
(WTF::Dominators::NaiveDominators::pruneDominators):

wtf/FastBitVector.cpp: Removed.
wtf/FastBitVector.h:

(WTF::fastBitVectorArrayLength):
(WTF::FastBitVectorWordView::FastBitVectorWordView):
(WTF::FastBitVectorWordView::numBits):
(WTF::FastBitVectorWordView::word):
(WTF::FastBitVectorWordOwner::FastBitVectorWordOwner):
(WTF::FastBitVectorWordOwner::~FastBitVectorWordOwner):
(WTF::FastBitVectorWordOwner::view):
(WTF::FastBitVectorWordOwner::operator=):
(WTF::FastBitVectorWordOwner::setAll):
(WTF::FastBitVectorWordOwner::clearAll):
(WTF::FastBitVectorWordOwner::set):
(WTF::FastBitVectorWordOwner::numBits):
(WTF::FastBitVectorWordOwner::arrayLength):
(WTF::FastBitVectorWordOwner::resize):
(WTF::FastBitVectorWordOwner::word):
(WTF::FastBitVectorWordOwner::words):
(WTF::FastBitVectorAndWords::FastBitVectorAndWords):
(WTF::FastBitVectorAndWords::view):
(WTF::FastBitVectorAndWords::numBits):
(WTF::FastBitVectorAndWords::word):
(WTF::FastBitVectorOrWords::FastBitVectorOrWords):
(WTF::FastBitVectorOrWords::view):
(WTF::FastBitVectorOrWords::numBits):
(WTF::FastBitVectorOrWords::word):
(WTF::FastBitVectorNotWords::FastBitVectorNotWords):
(WTF::FastBitVectorNotWords::view):
(WTF::FastBitVectorNotWords::numBits):
(WTF::FastBitVectorNotWords::word):
(WTF::FastBitVectorImpl::FastBitVectorImpl):
(WTF::FastBitVectorImpl::numBits):
(WTF::FastBitVectorImpl::size):
(WTF::FastBitVectorImpl::arrayLength):
(WTF::FastBitVectorImpl::operator==):
(WTF::FastBitVectorImpl::operator!=):
(WTF::FastBitVectorImpl::at):
(WTF::FastBitVectorImpl::operator[]):
(WTF::FastBitVectorImpl::bitCount):
(WTF::FastBitVectorImpl::operator&):
(WTF::FastBitVectorImpl::operator|):
(WTF::FastBitVectorImpl::operator~):
(WTF::FastBitVectorImpl::forEachSetBit):
(WTF::FastBitVectorImpl::forEachClearBit):
(WTF::FastBitVectorImpl::forEachBit):
(WTF::FastBitVectorImpl::findBit):
(WTF::FastBitVectorImpl::findSetBit):
(WTF::FastBitVectorImpl::findClearBit):
(WTF::FastBitVectorImpl::dump):
(WTF::FastBitVectorImpl::atImpl):
(WTF::FastBitVector::FastBitVector):
(WTF::FastBitVector::operator=):
(WTF::FastBitVector::resize):
(WTF::FastBitVector::setAll):
(WTF::FastBitVector::clearAll):
(WTF::FastBitVector::setAndCheck):
(WTF::FastBitVector::operator|=):
(WTF::FastBitVector::operator&=):
(WTF::FastBitVector::at):
(WTF::FastBitVector::operator[]):
(WTF::FastBitVector::BitReference::BitReference):
(WTF::FastBitVector::BitReference::operator bool):
(WTF::FastBitVector::BitReference::operator=):
(WTF::FastBitVector::~FastBitVector): Deleted.
(WTF::FastBitVector::numBits): Deleted.
(WTF::FastBitVector::set): Deleted.
(WTF::FastBitVector::equals): Deleted.
(WTF::FastBitVector::merge): Deleted.
(WTF::FastBitVector::filter): Deleted.
(WTF::FastBitVector::exclude): Deleted.
(WTF::FastBitVector::clear): Deleted.
(WTF::FastBitVector::get): Deleted.
(WTF::FastBitVector::bitCount): Deleted.
(WTF::FastBitVector::forEachSetBit): Deleted.
(WTF::FastBitVector::arrayLength): Deleted.

wtf/StdLibExtras.h:

(WTF::findBitInWord):

8:29 PM Changeset in webkit [205793] by commit-queue@webkit.org

2 edits
4 adds
14 deletes in trunk/Source/WebInspectorUI

Web Inspector: Combine similar SVG files for Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=161071

Patch by Devin Rousso <Devin Rousso> on 2016-09-11
Reviewed by Joseph Pecoraro.

UserInterface/Images/StyleRule.svg: Added.
UserInterface/Images/StyleRulePseudoElement.svg: Added.

Replaced <defs> with <symbol> give CSS some access to the referenced DOM inside <symbol>.
Since <symbol> uses Shadow DOM, applying CSS variables to the :target element and using
them inside <symbol> allows for variable styling of the content. Using a more basic
#foo .bar selector would not be valid since Shadow DOM separates the stylesheet selectors.

UserInterface/Images/gtk/StyleRule.svg: Added.
UserInterface/Images/gtk/StyleRulePseudoElement.svg: Added.

UserInterface/Images/StyleRuleAuthor.svg: Removed.
UserInterface/Images/StyleRuleInherited.svg: Removed.
UserInterface/Images/StyleRuleInspector.svg: Removed.
UserInterface/Images/StyleRuleUser.svg: Removed.
UserInterface/Images/StyleRuleUserAgent.svg: Removed.
UserInterface/Images/gtk/StyleRuleAuthor.svg: Removed.
UserInterface/Images/gtk/StyleRuleInherited.svg: Removed.
UserInterface/Images/gtk/StyleRuleInspector.svg: Removed.
UserInterface/Images/gtk/StyleRuleUser.svg: Removed.
UserInterface/Images/gtk/StyleRuleUserAgent.svg: Removed.

Merged into StyleRule.svg by using IDs in the URL.

UserInterface/Images/StyleRuleAuthorPseudo.svg: Removed.
UserInterface/Images/StyleRuleInspectorPseudo.svg: Removed.
UserInterface/Images/StyleRuleUserAgentPseudo.svg: Removed.
UserInterface/Images/StyleRuleUserPseudo.svg: Removed.

Merged into StyleRulePseudoElement.svg by using IDs in the URL.

UserInterface/Views/StyleRuleIcons.css:

(.author-style-rule-icon .icon):
(.author-style-rule-icon.pseudo-element-selector .icon):
(.user-style-rule-icon .icon):
(.user-style-rule-icon.pseudo-element-selector .icon):
(.user-agent-style-rule-icon .icon):
(.user-agent-style-rule-icon.pseudo-element-selector .icon):
(.inspector-style-rule-icon .icon):
(.inspector-style-rule-icon.pseudo-element-selector .icon):
(.inherited-style-rule-icon .icon):

5:03 PM Changeset in webkit [205792] by commit-queue@webkit.org

3 edits in trunk/Source/WebInspectorUI

REGRESSION (r205754): Web Inspector: Cannot click on links to stylesheets in Rules sidebar
https://bugs.webkit.org/show_bug.cgi?id=161838

Patch by Devin Rousso <Devin Rousso> on 2016-09-11
Reviewed by Brian Burg.

UserInterface/Views/CSSStyleDeclarationSection.css:

(.style-declaration-section > .header > textarea):
(.style-declaration-section > .header > .origin):
Added z-index to the non-selector elements of the header. Also limited the size of the
selector textarea to just the size of the displayed selector text.

UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor):
Fixed invalid enum value for propertyVisibilityMode.

3:30 PM Changeset in webkit [205791] by Chris Dumez

11 edits in trunk

HTMLTrackElement.kind's invalid value default should be the metadata state
https://bugs.webkit.org/show_bug.cgi?id=161840

Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

Rebaseline existing tests now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/HTMLElement/HTMLTrackElement/kind-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/kind-expected.txt:

Source/WebCore:

HTMLTrackElement.kind's invalid value default should be the metadata state,
not the subtitles state:

https://html.spec.whatwg.org/#attr-track-kind

Chrome agrees with the specification.

No new tests, rebaselined existing tests.

html/track/TextTrack.cpp:

(WebCore::TextTrack::setKindKeywordIgnoringASCIICase):

LayoutTests:

media/track/track-kind-expected.txt:
media/track/track-kind.html:

Update existing test to reflect behavior change.

media/track/w3c/interfaces/TextTrack/kind.html:

Re-sync test from W3C as it was outdated.

11:11 AM Changeset in webkit [205790] by hyatt@apple.com

11 edits
4 adds in trunk/Source/WebCore

[CSS Parser] Add the main parser implementation
https://bugs.webkit.org/show_bug.cgi?id=161813

Reviewed by Dean Jackson.

This patch adds the main CSSParserImpl that handles stylesheet and rule parsing. All parsing starts with this
class (it will eventually be invoked from the CSSParser). This patch also adds @supports parsing.

WebCore.xcodeproj/project.pbxproj:
css/CSSKeyframeRule.cpp:

(WebCore::StyleKeyframe::StyleKeyframe):

css/CSSKeyframeRule.h:
css/StyleRule.cpp:

(WebCore::StyleRuleBase::destroy):
(WebCore::StyleRuleBase::copy):
(WebCore::StyleRuleBase::createCSSOMWrapper):
(WebCore::StyleRuleCharset::StyleRuleCharset):
(WebCore::StyleRuleCharset::~StyleRuleCharset):
(WebCore::StyleRuleNamespace::StyleRuleNamespace):
(WebCore::StyleRuleNamespace::~StyleRuleNamespace):

css/StyleRule.h:

(WebCore::StyleRuleBase::isNamespaceRule):
(isType):
(WebCore::StyleRuleBase::isKeyframesRule): Deleted.

css/StyleSheetContents.cpp:

(WebCore::traverseSubresourcesInRules):

css/parser/CSSParserImpl.cpp: Added.

(WebCore::CSSParserImpl::CSSParserImpl):
(WebCore::CSSParserImpl::parseValue):
(WebCore::CSSParserImpl::parseVariableValue):
(WebCore::filterProperties):
(WebCore::createStyleProperties):
(WebCore::CSSParserImpl::parseInlineStyleDeclaration):
(WebCore::CSSParserImpl::parseDeclarationList):
(WebCore::CSSParserImpl::parseRule):
(WebCore::CSSParserImpl::parseStyleSheet):
(WebCore::CSSParserImpl::parsePageSelector):
(WebCore::CSSParserImpl::parseCustomPropertySet):
(WebCore::CSSParserImpl::parseKeyframeKeyList):
(WebCore::CSSParserImpl::supportsDeclaration):
(WebCore::CSSParserImpl::parseDeclarationListForInspector):
(WebCore::CSSParserImpl::parseStyleSheetForInspector):
(WebCore::computeNewAllowedRules):
(WebCore::CSSParserImpl::consumeRuleList):
(WebCore::CSSParserImpl::consumeAtRule):
(WebCore::CSSParserImpl::consumeQualifiedRule):
(WebCore::consumeStringOrURI):
(WebCore::CSSParserImpl::consumeCharsetRule):
(WebCore::CSSParserImpl::consumeImportRule):
(WebCore::CSSParserImpl::consumeNamespaceRule):
(WebCore::CSSParserImpl::consumeMediaRule):
(WebCore::CSSParserImpl::consumeSupportsRule):
(WebCore::CSSParserImpl::consumeViewportRule):
(WebCore::CSSParserImpl::consumeFontFaceRule):
(WebCore::CSSParserImpl::consumeKeyframesRule):
(WebCore::CSSParserImpl::consumePageRule):
(WebCore::CSSParserImpl::consumeKeyframeStyleRule):
(WebCore::observeSelectors):
(WebCore::CSSParserImpl::consumeStyleRule):
(WebCore::CSSParserImpl::consumeDeclarationList):
(WebCore::CSSParserImpl::consumeDeclaration):
(WebCore::CSSParserImpl::consumeVariableValue):
(WebCore::CSSParserImpl::consumeDeclarationValue):
(WebCore::CSSParserImpl::consumeKeyframeKeyList):

css/parser/CSSParserImpl.h: Added.
css/parser/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePagePseudoSelector):

css/parser/CSSParserValues.h:
css/parser/CSSPropertyParser.cpp:

(WebCore::CSSPropertyParser::parseValue):

css/parser/CSSSupportsParser.cpp: Added.

(WebCore::CSSSupportsParser::supportsCondition):
(WebCore::CSSSupportsParser::consumeCondition):
(WebCore::CSSSupportsParser::consumeNegation):
(WebCore::CSSSupportsParser::consumeConditionInParenthesis):

css/parser/CSSSupportsParser.h: Added.

(WebCore::CSSSupportsParser::CSSSupportsParser):

7:10 AM Changeset in webkit [205789] by Gyuyoung Kim

2 edits in trunk/LayoutTests

[EFL] Skip to test some w3c/web-platform-tests

Unreviewed EFL gardening.

Some tests of w3c/web-platform-tests have been flaky since r205777.

platform/efl/TestExpectations

12:24 AM Changeset in webkit [205788] by timothy_horton@apple.com

9 edits
4 adds in trunk

Candidates that don't end in spaces shouldn't have spaces arbitrarily appended to them
https://bugs.webkit.org/show_bug.cgi?id=161846
<rdar://problem/28245097>

Reviewed by Beth Dakin.

Tests: editing/mac/spelling/accept-candidate-without-adding-space.html,

editing/mac/spelling/accept-candidate-allows-autocorrect-on-next-word.html

editing/Editor.cpp:

(WebCore::Editor::handleAcceptedCandidate):
Stop appending a space just because the candidate doesn't end in a space.
There are languages where that doesn't make sense, and the platform
guarantees that candidates will always have spaces if they need them.

Also, adjust the way we compute the AcceptedCandidate document marker range.
There were two problems with the existing code: it expanded outward from
the post-insertion cursor in *both* directions, instead of just backwards,
and it used the length of the replaced text, not the length of the newly
inserted text (more of the confusion mentioned in r205765).

editing/mac/spelling/accept-candidate-replacing-multiple-words-expected.txt:
editing/mac/spelling/accept-candidate-replacing-multiple-words.html:
editing/mac/spelling/accept-candidate-without-crossing-editing-boundary-expected.txt:
editing/mac/spelling/accept-candidate-without-crossing-editing-boundary.html:

Update existing tests to put spaces at the end of accepted candidates to make them
more similar to what the OS will return to us.

editing/mac/spelling/accept-candidate-without-adding-space-expected.txt: Added.
editing/mac/spelling/accept-candidate-without-adding-space.html: Added.

Add a test where the accepted candidate does *not* have a space at the end,
testing that we don't add one where the candidate didn't contain one.

editing/mac/spelling/accept-candidate-allows-autocorrect-on-next-word-expected.txt: Added.
editing/mac/spelling/accept-candidate-allows-autocorrect-on-next-word.html: Added.

Add a test ensuring that the document marker added by accepting a candidate
doesn't overlap the next word and prevent autocorrect from working on it.

Sep 10, 2016:

11:08 AM Changeset in webkit [205787] by Chris Dumez

18 edits in trunk

parseHTMLInteger() should take a StringView in parameter
https://bugs.webkit.org/show_bug.cgi?id=161669

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

runtime/DateConversion.cpp:

(JSC::formatDateTime):
Explicitly construct a String from the const WCHAR* on Windows because
it is ambiguous otherwise now that there is a StringBuilder::append()
overload taking an AtomicString in.

Source/WebCore:

parseHTMLInteger() should take a StringView in parameter instead of a
const String&.

css/parser/CSSParser.cpp:

(WebCore::CSSParser::parseFontFaceSrcLocal):

css/parser/CSSParserValues.h:

(WebCore::CSSParserString::toStringView):
Add toStringView() to avoid unnecessarily constructing a String for
calling StringBuilder::append().

html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):
(WebCore::parseHTTPRefreshInternal):

html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):
Take a StringView in parameter instead of a const String&.

platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::isColumnDeclaredAsBlob):
Avoid unnecessarily constructing a String to call equalLettersIgnoringASCIICase()
by leveraging the StringView constructor taking a 'const char*' in parameter.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::constructTextRun):

rendering/RenderBlock.h:

Add constructTextRun() overload taking an AtomicString. It was otherwise ambiguous
because both a String or a StringView could be constructed from an AtomicString.

page/CaptionUserPreferencesMediaAF.cpp:

(WebCore::CaptionUserPreferencesMediaAF::captionsDefaultFontCSS):
(WebCore::buildDisplayStringForTrackBase):

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::mediaControlsStyleSheet):
(WebCore::RenderThemeMac::mediaControlsScript):
Explicitly construct a String from NSString / CFStringRef types as such calls are
now ambiguous.

Source/WTF:

wtf/text/StringBuilder.h:

(WTF::StringBuilder::append):
Add StringBuilder::append() overload taking an AtomicString in parameter.
It used to call StringBuilder::append(const String&) implicitly when
passing an AtomicString. However, it is now ambiguous because there
is an overload taking a StringView, and it is now possible to construct
a StringView from an AtomicString.

wtf/text/StringView.h:

(WTF::StringView::StringView):

Add StringView constructor taking an AtomicString in parameter for convenience. This avoids having to call AtomicString::string() explicitly at call sites.
Add StringView constructor taking a 'const char*' in parameter for performance. There are several call sites that were passing a const char* and implicitly constructing an unnecessary String to construct a StringView. This became more obvious because the constructor taking an AtomicString in parameter made such calls ambiguous.

Tools:

Explicitly construct a String from the CFStringRef in order to call
StringBuilder::append(). This is needed now that there is an append()
overload taking an AtomicString in parameter.

WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::dumpDOMAsWebArchive):

9:06 AM Changeset in webkit [205786] by Chris Dumez

9 edits
2 adds in trunk

It is possible for Document::m_frame pointer to become stale
https://bugs.webkit.org/show_bug.cgi?id=161812
<rdar://problem/27745023>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Document::m_frame is supposed to get cleared by Document::prepareForDestruction().
The Frame destructor calls Frame::setView(nullptr) which is supposed to call the
prepareForDestruction() on the Frame's associated document. However,
Frame::setView(nullptr) was calling prepareForDestruction() only if
Document::inPageCache() returned true. This is because, we allow Documents to
stay alive in the PageCache even though they don't have a frame.

The issue is that Document::m_inPageCache flag was set to true right before
firing the pagehide event, so technically before really entering PageCache.
Therefore, we can run into problems if a Frame gets destroyed by a pagehide
EventHandler because ~Frame() will not call Document::prepareForDestruction()
due to Document::m_inPageCache being true. After the frame is destroyed,
Document::m_frame becomes stale and any action on the document will likely
lead to crashes (such as the one in the layout test and the radar which
happens when trying to unregister event listeners from the document).

The solution adopted in this patch is to replace the m_inPageCache boolean
with a m_pageCacheState enumeration that has 3 states:

NotInPageCache
AboutToEnterPageCache
InPageCache

Frame::setView() / Frame::setDocument() were then updated to call
Document::prepareForDestruction() on the associated document whenever
the document's pageCacheState is not InPageCache. This means that we
will now call Document::prepareForDestruction() when the document is
being detached from its frame while firing the pagehide event.

Note that I tried to keep this patch minimal. Therefore, I kept
the Document::inPageCache() getter for now. I plan to switch all its
calls sites to the new Document::pageCacheState() getter in a follow-up
patch so that we can finally drop the confusing Document::inPageCache().

Test: fast/history/pagehide-remove-iframe-crash.html

dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::~Document):
(WebCore::Document::createRenderTree):
(WebCore::Document::destroyRenderTree):
(WebCore::Document::setFocusedElement):
(WebCore::Document::setPageCacheState):
(WebCore::Document::topDocument):

dom/Document.h:

(WebCore::Document::pageCacheState):
(WebCore::Document::inPageCache):

history/CachedFrame.cpp:

(WebCore::CachedFrame::destroy):

history/PageCache.cpp:

(WebCore::setPageCacheState):
(WebCore::PageCache::addIfCacheable):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::stopAllLoaders):
(WebCore::FrameLoader::open):

loader/HistoryController.cpp:

(WebCore::HistoryController::invalidateCurrentItemCachedPage):

page/Frame.cpp:

(WebCore::Frame::setView):

LayoutTests:

Add layout test that crashes on both Mac and iOS due to using a stale
Document::m_frame pointer.

fast/history/pagehide-remove-iframe-crash-expected.txt: Added.
fast/history/pagehide-remove-iframe-crash.html: Added.

8:06 AM Changeset in webkit [205785] by Gyuyoung Kim

2 edits in trunk/LayoutTests

[EFL] Mark new media source tests to failure

Unreviewed EFL gardening.

platform/efl/TestExpectations: New added media source tests are failing.

4:42 AM WebKitGTK/2.14.x edited by Carlos Garcia Campos

(diff)

1:19 AM Changeset in webkit [205784] by Wenson Hsieh

7 edits
1 add in trunk

Apple.com keynote does not display media controls
https://bugs.webkit.org/show_bug.cgi?id=161833
<rdar://problem/28230123>

Reviewed by Tim Horton.

Source/WebCore:

Tweaks the main content check so that we can distinguish between main content for the purposes of determining
autoplay policy vs. main content for the purposes of showing media controls. Namely, we make the latter less
restrictive than the former in terms of the maximum aspect ratio a video can have to be considered the right
size for main content.

New unit test in TestWebKitAPI.

html/HTMLMediaElement.cpp:

(WebCore::mediaElementSessionInfoForSession):

html/MediaElementSession.cpp:

(WebCore::MediaElementSession::canShowControlsManager):
(WebCore::MediaElementSession::isLargeEnoughForMainContent):
(WebCore::MediaElementSession::wantsToObserveViewportVisibilityForMediaControls):
(WebCore::isMainContentForPurposesOfAutoplay):
(WebCore::isElementLargeEnoughForMainContent):
(WebCore::MediaElementSession::updateIsMainContent):
(WebCore::isMainContent): Deleted.

html/MediaElementSession.h:

Tools:

New unit test verifying that wide videos (~2 aspect ratio) still get media controls.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm:

(TestWebKitAPI::TEST):

TestWebKitAPI/Tests/WebKit2Cocoa/wide-autoplaying-video-with-audio.html: Added.

Sep 9, 2016:

7:20 PM Changeset in webkit [205783] by timothy_horton@apple.com

5 edits
1 add in trunk

WKThumbnailView should expose a mode where it can be reparented without resnapshotting
https://bugs.webkit.org/show_bug.cgi?id=161828
<rdar://problem/28229756>

Reviewed by Alex Christensen.

UIProcess/API/Cocoa/_WKThumbnailView.h:
UIProcess/API/Cocoa/_WKThumbnailView.mm:

(-[_WKThumbnailView initWithFrame:fromWKView:]):
(-[_WKThumbnailView _viewWasUnparented]):
Add such a mode. Bail from snapshot teardown when unparented if it is on.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2/WKThumbnailView.mm: Added.

(-[SnapshotSizeObserver observeValueForKeyPath:ofObject:change:context:]):
(TestWebKitAPI::didFinishLoadForFrame):
(TestWebKitAPI::setPageLoaderClient):
(TestWebKitAPI::TEST):
Add a test ensuring that this behaves correctly.

7:06 PM Changeset in webkit [205782] by achristensen@apple.com

6 edits in trunk

URLParser: Keep track of cannot-be-a-base-url according to spec
https://bugs.webkit.org/show_bug.cgi?id=161830

Reviewed by Tim Horton.

Source/WebCore:

Covered by new API tests.

platform/URL.cpp:

(WebCore::URL::invalidate):

platform/URL.h:

Add a boolean required by the spec.
This will not add to sizeof(URL) because we already have some bit fields.

platform/URLParser.cpp:

(WebCore::URLParser::parse):
(WebCore::URLParser::allValuesEqual):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

6:08 PM Changeset in webkit [205781] by achristensen@apple.com

2 edits in trunk/Tools

Fix API tests after r205774.
https://bugs.webkit.org/show_bug.cgi?id=161820

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):
I had committed the wrong expected path in one case. The functionality is correct.

5:59 PM Changeset in webkit [205780] by dino@apple.com

2 edits in trunk/Source/ThirdParty/ANGLE

[ANGLE] instantiation of variable 'gl::GLTypeToGLenum<float>::value' required here, but no definition is available
https://bugs.webkit.org/show_bug.cgi?id=161829
<rdar://problem/28051244>

Reviewed by Alex Christensen.

Newer versions of clang require explicit definition of some template types
if they are in another translation unit.

src/libANGLE/Program.cpp: Add definitions for GLTypeToGLenum.

5:55 PM Changeset in webkit [205779] by bshafiei@apple.com

1 copy in tags/Safari-602.2.5

New tag.

5:49 PM Changeset in webkit [205778] by msaboff@apple.com

3 edits
1 move in trunk

Unreviewed, rolling r205759 back in with a fix.

An expectation file, JSTests/ChakraCore/test/Lib/tostring.baseline-jsc,
should be named "toString.baseline-jsc". For systems with case-insensitive
filesystems, the wrong name isn't an issue. That rename is part of this
fix.

Scripts/run-javascriptcore-tests:

(runJSCStressTests):

5:47 PM Changeset in webkit [205777] by jer.noble@apple.com

5 edits
105 moves
64 adds
8 deletes in trunk/LayoutTests

[Media Source] Import updated w3c/web-platform-tests and rebaseline
https://bugs.webkit.org/show_bug.cgi?id=161723

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

web-platform-tests/media-source/OWNERS: Added.
web-platform-tests/media-source/SourceBuffer-abort-expected.txt: Added.
web-platform-tests/media-source/SourceBuffer-abort-readyState-expected.txt: Added.
web-platform-tests/media-source/SourceBuffer-abort-readyState.html: Renamed from LayoutTests/http/tests/media/media-source/SourceBuffer-abort-readyState.html.
web-platform-tests/media-source/SourceBuffer-abort-removed-expected.txt: Added.
web-platform-tests/media-source/SourceBuffer-abort-removed.html: Renamed from LayoutTests/http/tests/media/media-source/SourceBuffer-abort-removed.html.
web-platform-tests/media-source/SourceBuffer-abort-updating-expected.txt: Added.
web-platform-tests/media-source/SourceBuffer-abort-updating.html: Renamed from LayoutTests/http/tests/media/media-source/SourceBuffer-abort-updating.html.
web-platform-tests/media-source/SourceBuffer-abort.html: Renamed from LayoutTests/http/tests/media/media-source/SourceBuffer-abort.html.
web-platform-tests/media-source/URL-createObjectURL-expected.txt: Added.
web-platform-tests/media-source/URL-createObjectURL-null-expected.txt: Added.
web-platform-tests/media-source/URL-createObjectURL-null.html: Added.
web-platform-tests/media-source/URL-createObjectURL-revoke-expected.txt: Added.
web-platform-tests/media-source/URL-createObjectURL-revoke.html: Added.
web-platform-tests/media-source/URL-createObjectURL.html: Added.
web-platform-tests/media-source/import_tests.sh: Added.
web-platform-tests/media-source/interfaces-expected.txt: Added.
web-platform-tests/media-source/interfaces.html: Added.
web-platform-tests/media-source/manifest.txt: Added.
web-platform-tests/media-source/mediasource-activesourcebuffers-expected.txt: Added.
web-platform-tests/media-source/mediasource-activesourcebuffers.html: Added.
web-platform-tests/media-source/mediasource-addsourcebuffer-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-addsourcebuffer-expected.txt.
web-platform-tests/media-source/mediasource-addsourcebuffer-mode-expected.txt: Added.
web-platform-tests/media-source/mediasource-addsourcebuffer-mode.html: Added.
web-platform-tests/media-source/mediasource-addsourcebuffer.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-addsourcebuffer.html.
web-platform-tests/media-source/mediasource-append-buffer-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-append-buffer-expected.txt.
web-platform-tests/media-source/mediasource-append-buffer.html: Added.
web-platform-tests/media-source/mediasource-appendbuffer-quota-exceeded-expected.txt: Added.
web-platform-tests/media-source/mediasource-appendbuffer-quota-exceeded.html: Added.
web-platform-tests/media-source/mediasource-appendwindow-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-appendwindow-expected.txt.
web-platform-tests/media-source/mediasource-appendwindow.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-appendwindow.html.
web-platform-tests/media-source/mediasource-avtracks-expected.txt: Added.
web-platform-tests/media-source/mediasource-avtracks.html: Added.
web-platform-tests/media-source/mediasource-buffered-expected.txt: Added.
web-platform-tests/media-source/mediasource-buffered.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-buffered.html.
web-platform-tests/media-source/mediasource-closed-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-closed-expected.txt.
web-platform-tests/media-source/mediasource-closed.html: Added.
web-platform-tests/media-source/mediasource-config-change-mp4-a-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-a-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-a-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-a-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-mp4-av-audio-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-audio-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-av-audio-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-audio-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-mp4-av-framesize-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-framesize-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-av-framesize.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-framesize.html.
web-platform-tests/media-source/mediasource-config-change-mp4-av-video-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-video-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-av-video-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-av-video-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-mp4-v-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-v-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-mp4-v-framerate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-framerate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-v-framerate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-framerate.html.
web-platform-tests/media-source/mediasource-config-change-mp4-v-framesize-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-framesize-expected.txt.
web-platform-tests/media-source/mediasource-config-change-mp4-v-framesize.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-mp4-v-framesize.html.
web-platform-tests/media-source/mediasource-config-change-webm-a-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-a-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-a-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-a-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-webm-av-audio-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-audio-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-av-audio-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-audio-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-webm-av-framesize-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-framesize-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-av-framesize.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-framesize.html.
web-platform-tests/media-source/mediasource-config-change-webm-av-video-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-video-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-av-video-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-av-video-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-webm-v-bitrate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-bitrate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-v-bitrate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-bitrate.html.
web-platform-tests/media-source/mediasource-config-change-webm-v-framerate-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-framerate-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-v-framerate.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-framerate.html.
web-platform-tests/media-source/mediasource-config-change-webm-v-framesize-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-framesize-expected.txt.
web-platform-tests/media-source/mediasource-config-change-webm-v-framesize.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-change-webm-v-framesize.html.
web-platform-tests/media-source/mediasource-config-changes.js: Renamed from LayoutTests/http/tests/media/media-source/mediasource-config-changes.js.

(resolutionFromFilename):
(appendBuffer):
(mediaSourceConfigChangeTest):

web-platform-tests/media-source/mediasource-detach-expected.txt: Added.
web-platform-tests/media-source/mediasource-detach.html: Added.
web-platform-tests/media-source/mediasource-duration-boundaryconditions-expected.txt: Added.
web-platform-tests/media-source/mediasource-duration-boundaryconditions.html: Added.
web-platform-tests/media-source/mediasource-duration-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-duration-expected.txt.
web-platform-tests/media-source/mediasource-duration.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-duration.html.
web-platform-tests/media-source/mediasource-endofstream-expected.txt: Added.
web-platform-tests/media-source/mediasource-endofstream-invaliderror-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-endofstream-invaliderror-expected.txt.
web-platform-tests/media-source/mediasource-endofstream-invaliderror.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-endofstream-invaliderror.html.
web-platform-tests/media-source/mediasource-endofstream.html: Added.
web-platform-tests/media-source/mediasource-errors-expected.txt: Added.
web-platform-tests/media-source/mediasource-errors.html: Added.
web-platform-tests/media-source/mediasource-getvideoplaybackquality-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-getvideoplaybackquality-expected.txt.
web-platform-tests/media-source/mediasource-getvideoplaybackquality.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-getvideoplaybackquality.html.
web-platform-tests/media-source/mediasource-is-type-supported-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-is-type-supported-expected.txt.
web-platform-tests/media-source/mediasource-is-type-supported.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-is-type-supported.html.
web-platform-tests/media-source/mediasource-liveseekable-expected.txt: Added.
web-platform-tests/media-source/mediasource-liveseekable.html: Added.
web-platform-tests/media-source/mediasource-multiple-attach-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-multiple-attach-expected.txt.
web-platform-tests/media-source/mediasource-multiple-attach.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-multiple-attach.html.
web-platform-tests/media-source/mediasource-play-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-play-expected.txt.
web-platform-tests/media-source/mediasource-play-then-seek-back-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-play-then-seek-back-expected.txt.
web-platform-tests/media-source/mediasource-play-then-seek-back.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-play-then-seek-back.html.
web-platform-tests/media-source/mediasource-play.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-play.html.
web-platform-tests/media-source/mediasource-preload-expected.txt: Added.
web-platform-tests/media-source/mediasource-preload.html: Added.
web-platform-tests/media-source/mediasource-redundant-seek-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-redundant-seek-expected.txt.
web-platform-tests/media-source/mediasource-redundant-seek.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-redundant-seek.html.
web-platform-tests/media-source/mediasource-remove-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-remove-expected.txt.
web-platform-tests/media-source/mediasource-remove.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-remove.html.
web-platform-tests/media-source/mediasource-removesourcebuffer-expected.txt: Added.
web-platform-tests/media-source/mediasource-removesourcebuffer.html: Added.
web-platform-tests/media-source/mediasource-seek-beyond-duration-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-seek-beyond-duration-expected.txt.
web-platform-tests/media-source/mediasource-seek-beyond-duration.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-seek-beyond-duration.html.
web-platform-tests/media-source/mediasource-seek-during-pending-seek-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-seek-during-pending-seek-expected.txt.
web-platform-tests/media-source/mediasource-seek-during-pending-seek.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-seek-during-pending-seek.html.
web-platform-tests/media-source/mediasource-seekable-expected.txt: Added.
web-platform-tests/media-source/mediasource-seekable.html: Added.
web-platform-tests/media-source/mediasource-sequencemode-append-buffer-expected.txt: Added.
web-platform-tests/media-source/mediasource-sequencemode-append-buffer.html: Added.
web-platform-tests/media-source/mediasource-sourcebuffer-mode-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-sourcebuffer-mode-expected.txt.
web-platform-tests/media-source/mediasource-sourcebuffer-mode.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-sourcebuffer-mode.html.
web-platform-tests/media-source/mediasource-sourcebuffer-trackdefaults-expected.txt: Added.
web-platform-tests/media-source/mediasource-sourcebuffer-trackdefaults.html: Added.
web-platform-tests/media-source/mediasource-sourcebufferlist-expected.txt: Renamed from LayoutTests/http/tests/media/media-source/mediasource-sourcebufferlist-expected.txt.
web-platform-tests/media-source/mediasource-sourcebufferlist.html: Renamed from LayoutTests/http/tests/media/media-source/mediasource-sourcebufferlist.html.
web-platform-tests/media-source/mediasource-timestamp-offset-expected.txt: Added.
web-platform-tests/media-source/mediasource-timestamp-offset.html: Added.
web-platform-tests/media-source/mediasource-trackdefault-expected.txt: Added.
web-platform-tests/media-source/mediasource-trackdefault.html: Added.
web-platform-tests/media-source/mediasource-trackdefaultlist-expected.txt: Added.
web-platform-tests/media-source/mediasource-trackdefaultlist.html: Added.
web-platform-tests/media-source/mediasource-util.js: Renamed from LayoutTests/http/tests/media/media-source/mediasource-util.js.

(EventExpectationsManager):
(EventExpectationsManager.prototype.expectEvent):
(EventExpectationsManager.prototype.waitForExpectedEvents):
(EventExpectationsManager.prototype.expectingEvents):
(EventExpectationsManager.prototype.handleWaitCallback_):
(EventExpectationsManager.prototype.getExpectations_):
(loadData_):
(onSourceOpen):
(openMediaSource_):
(MediaSourceUtil.loadTextData):
(MediaSourceUtil.loadBinaryData):
(MediaSourceUtil.fetchManifestAndData):
(MediaSourceUtil.extractSegmentData):
(MediaSourceUtil.getMediaDataForPlaybackTime):
(getFirstSupportedType):
(getSegmentInfo):
(MediaSourceUtil.getSubType):
(MediaSourceUtil.append):
(onEvent):
(onAppendDone):
(MediaSourceUtil.appendUntilEventFires):
(addExtraTestMethods.test.expectEvent):
(addExtraTestMethods.test.waitForExpectedEvents):
(addExtraTestMethods.test.waitForCurrentTimeChange):
(addExtraTestMethods.test.done):
(addExtraTestMethods):
(window.string_appeared_here):

web-platform-tests/media-source/mp4/test-a-128k-44100Hz-1ch-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-a-128k-44100Hz-1ch-manifest.json.
web-platform-tests/media-source/mp4/test-a-128k-44100Hz-1ch.mp4: Added.
web-platform-tests/media-source/mp4/test-a-192k-44100Hz-1ch-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-a-192k-44100Hz-1ch-manifest.json.
web-platform-tests/media-source/mp4/test-a-192k-44100Hz-1ch.mp4: Added.
web-platform-tests/media-source/mp4/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-v-128k-320x240-24fps-8kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-320x240-24fps-8kfr-manifest.json.
web-platform-tests/media-source/mp4/test-v-128k-320x240-24fps-8kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-320x240-24fps-8kfr.mp4.
web-platform-tests/media-source/mp4/test-v-128k-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-v-128k-320x240-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-320x240-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-v-128k-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-v-128k-640x480-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-128k-640x480-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test-v-256k-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-256k-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/mp4/test-v-256k-320x240-30fps-10kfr.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test-v-256k-320x240-30fps-10kfr.mp4.
web-platform-tests/media-source/mp4/test.mp4: Renamed from LayoutTests/http/tests/media/media-source/mp4/test.mp4.
web-platform-tests/media-source/webm/test-a-128k-44100Hz-1ch-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-a-128k-44100Hz-1ch-manifest.json.
web-platform-tests/media-source/webm/test-a-128k-44100Hz-1ch.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-a-128k-44100Hz-1ch.webm.
web-platform-tests/media-source/webm/test-a-192k-44100Hz-1ch-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-a-192k-44100Hz-1ch-manifest.json.
web-platform-tests/media-source/webm/test-a-192k-44100Hz-1ch.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-a-192k-44100Hz-1ch.webm.
web-platform-tests/media-source/webm/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-384k-44100Hz-1ch-320x240-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-384k-44100Hz-1ch-640x480-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-448k-44100Hz-1ch-640x480-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-av-640k-44100Hz-1ch-640x480-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-v-128k-320x240-24fps-8kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-320x240-24fps-8kfr-manifest.json.
web-platform-tests/media-source/webm/test-v-128k-320x240-24fps-8kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-320x240-24fps-8kfr.webm.
web-platform-tests/media-source/webm/test-v-128k-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-v-128k-320x240-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-320x240-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-v-128k-640x480-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-640x480-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-v-128k-640x480-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-128k-640x480-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-v-256k-320x240-30fps-10kfr-manifest.json: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-256k-320x240-30fps-10kfr-manifest.json.
web-platform-tests/media-source/webm/test-v-256k-320x240-30fps-10kfr.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-v-256k-320x240-30fps-10kfr.webm.
web-platform-tests/media-source/webm/test-vp8-vorbis-webvtt.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test-vp8-vorbis-webvtt.webm.
web-platform-tests/media-source/webm/test.webm: Renamed from LayoutTests/http/tests/media/media-source/webm/test.webm.

LayoutTests:

http/tests/media/media-source/mediasource-append-buffer.html: Removed.
http/tests/media/media-source/mediasource-buffered-expected.txt: Removed.
http/tests/media/media-source/mediasource-closed.html: Removed.
http/tests/media/media-source/mediasource-config-changes.js:

(resolutionFromFilename): Deleted.
(appendBuffer): Deleted.
(mediaSourceConfigChangeTest): Deleted.

http/tests/media/media-source/mediasource-util.js:

(EventExpectationsManager): Deleted.
(EventExpectationsManager.prototype.expectEvent): Deleted.
(EventExpectationsManager.prototype.waitForExpectedEvents): Deleted.
(EventExpectationsManager.prototype.expectingEvents): Deleted.
(EventExpectationsManager.prototype.handleWaitCallback_): Deleted.
(EventExpectationsManager.prototype.getExpectations_): Deleted.
(loadData_): Deleted.
(onSourceOpen): Deleted.
(openMediaSource_): Deleted.
(MediaSourceUtil.loadTextData): Deleted.
(MediaSourceUtil.loadBinaryData): Deleted.
(MediaSourceUtil.fetchManifestAndData): Deleted.
(MediaSourceUtil.extractSegmentData): Deleted.
(MediaSourceUtil.getMediaDataForPlaybackTime): Deleted.
(getFirstSupportedType): Deleted.
(getSegmentInfo): Deleted.
(MediaSourceUtil.getSubType): Deleted.
(addExtraTestMethods.test.failOnEvent): Deleted.
(addExtraTestMethods.test.endOnEvent): Deleted.
(addExtraTestMethods.test.expectEvent): Deleted.
(addExtraTestMethods.test.waitForExpectedEvents): Deleted.
(addExtraTestMethods.test.waitForCurrentTimeChange): Deleted.
(addExtraTestMethods.test.done): Deleted.
(addExtraTestMethods): Deleted.
(window.string_appeared_here): Deleted.

http/tests/media/media-source/mp4/test-a-128k-44100Hz-1ch.mp4: Removed.
http/tests/media/media-source/mp4/test-a-192k-44100Hz-1ch.mp4: Removed.
http/tests/media/media-source/webm/segment-info.js: Removed.
platform/ios-simulator/TestExpectations:
platform/mac/TestExpectations:
platform/mac/imported/w3c/web-platform-tests/media-source/SourceBuffer-abort-expected.txt: Added.
platform/mac/imported/w3c/web-platform-tests/media-source/SourceBuffer-abort-readyState-expected.txt: Added.
platform/mac/imported/w3c/web-platform-tests/media-source/SourceBuffer-abort-removed-expected.txt: Added.
platform/mac/imported/w3c/web-platform-tests/media-source/SourceBuffer-abort-updating-expected.txt: Added.

5:34 PM Changeset in webkit [205776] by johan_jensen@apple.com

2 edits in trunk/Tools

Unreviewed. Added myself to the list of committers.

Scripts/webkitpy/common/config/contributors.json:

5:06 PM Changeset in webkit [205775] by commit-queue@webkit.org

4 edits in trunk/Source/WebCore

Unreviewed, rolling out r205771.
https://bugs.webkit.org/show_bug.cgi?id=161823

Broke Windows build (Requested by litherum on #webkit).

Reverted changeset:

"Remove unused member of GlyphBuffer"
https://bugs.webkit.org/show_bug.cgi?id=161814
http://trac.webkit.org/changeset/205771

4:39 PM Changeset in webkit [205774] by achristensen@apple.com

4 edits in trunk

URLParser should convert ASCII hosts to lowercase
https://bugs.webkit.org/show_bug.cgi?id=161820

Reviewed by Geoffrey Garen.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::domainToASCII):
The fast path for domains that are already ASCII and do not need punycode encoding
should convert the domain to lowercase.
This matches behavior in URL::parse if isCanonicalHostnameLowercaseForScheme is true,
and RFC 5890.

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:44 PM Changeset in webkit [205773] by Ryan Haddad

2 edits in trunk/Tools

Unreviewed, rolling out r205759.

This change broke all JSC tests

Reverted changeset:

"Add ChakraCore tests to run-javascriptcore-tests"
https://bugs.webkit.org/show_bug.cgi?id=161808
http://trac.webkit.org/changeset/205759

3:14 PM Changeset in webkit [205772] by Ryan Haddad

2 edits in trunk/Tools

Revert r205770 because Ricky is already a committer.

Unreviewed.

Scripts/webkitpy/common/config/contributors.json:

2:54 PM Changeset in webkit [205771] by mmaxfield@apple.com

4 edits in trunk/Source/WebCore

Remove unused member of GlyphBuffer
https://bugs.webkit.org/show_bug.cgi?id=161814

Reviewed by Simon Fraser.

This m_offsets member never actually affected anything. It just made
FontCascade::drawGlyphBuffer() slower.

No new tests because there is no behavior change.

platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::drawGlyphBuffer):

platform/graphics/GlyphBuffer.h:

(WebCore::GlyphBuffer::clear):
(WebCore::GlyphBuffer::advanceAt):
(WebCore::GlyphBuffer::add):
(WebCore::GlyphBuffer::shrink):
(WebCore::GlyphBuffer::swap):
(WebCore::GlyphBuffer::offsetAt): Deleted.

platform/graphics/win/UniscribeController.cpp:

(WebCore::UniscribeController::shapeAndPlaceItem):

2:44 PM Changeset in webkit [205770] by Ricky Mondello

2 edits in trunk/Tools

Unreviewed. Added myself to the list of committers.

Scripts/webkitpy/common/config/contributors.json:

2:30 PM Changeset in webkit [205769] by keith_miller@apple.com

6 edits in trunk/Source/JavaScriptCore

WASM should support if-then-else
https://bugs.webkit.org/show_bug.cgi?id=161778

Reviewed by Michael Saboff.

This patch makes some major changes to the way that the WASM
function parser works. First, the control stack has been moved
from the parser's context to the parser itself. This simplifies
the way that the parser works and allows us to make the decoder
iterative rather than recursive. Since the control stack has been
moved to the parser, any context operation that refers to some
block now receives that block by reference.

For any if block, regardless of whether or not it is an
if-then-else or not, we will allocate both the entire control flow
diamond. This is not a major issue in the if-then case since B3
will immediately cleanup these blocks. In order to support if-then
and if-then-else we needed to be able to distinguish what the type
of the top block on the control stack is. This will be necessary
when validating the else opcode in the future. In the B3 IR
generator we decide to the type of the block strictly by the
shape.

Currently, if blocks don't handle passed and returned stack values
correctly. I plan to fix this when I add support for the block
signatures. See: https://github.com/WebAssembly/design/pull/765

testWASM.cpp:

(runWASMTests):

wasm/WASMB3IRGenerator.cpp:

(dumpProcedure):
(JSC::WASM::parseAndCompile):

wasm/WASMB3IRGenerator.h:
wasm/WASMFunctionParser.h:

(JSC::WASM::FunctionParser<Context>::parseBlock):
(JSC::WASM::FunctionParser<Context>::parseExpression):
(JSC::WASM::FunctionParser<Context>::parseUnreachableExpression):

wasm/WASMOps.h:

2:29 PM Changeset in webkit [205768] by achristensen@apple.com

4 edits in trunk

Source/WebCore:
Text replacement candidates don't always overwrite the entire original string
https://bugs.webkit.org/show_bug.cgi?id=161779
<rdar://problem/28033492>

Patch by Tim Horton <timothy_horton@apple.com> on 2016-09-09
Reviewed by Simon Fraser.

New test: editing/mac/spelling/accept-candidate-replacing-multiple-words.html.

editing/Editor.cpp:

(WebCore::Editor::contextRangeForCandidateRequest):
Factor contextRangeForCandidateRequest out of the WebKits, into Editor.
This just expands to paragraph boundaries from the cursor.

(WebCore::Editor::selectTextCheckingResult):
Add selectTextCheckingResult, which, given a TextCheckingResult,
selects the range represented by the result's location and length, which
indicate the portion of the context string that the result refers to.
In the case of accepting a candidate, we want to select that range
so that our insertion will overwrite it.

(WebCore::Editor::handleAcceptedCandidate):
Make use of selectTextCheckingResult instead of just assuming that we want
to replace the word to the left of the insertion point.

(WebCore::Editor::stringForCandidateRequest): Deleted.

editing/Editor.h:

testing/Internals.cpp:

(WebCore::Internals::handleAcceptedCandidate):

testing/Internals.h:
testing/Internals.idl:

Internals' handleAcceptedCandidate assumed (wrongly) that the length
of a TextCheckerResult was the length of the candidate, when really it is
the length of the text that the candidate would replace. Adjust this,
and expose the replacement range to JavaScript, so we can test this.

Tools:
URLParser: Fix and optimize parsing file URLs ending with a host but no slash
https://bugs.webkit.org/show_bug.cgi?id=161815

Reviewed by Geoffrey Garen.

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

2:20 PM Changeset in webkit [205767] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

jsc.cpp should call initializeMainThread() to make sure that GC thread assertions work
https://bugs.webkit.org/show_bug.cgi?id=161801

Reviewed by Keith Miller.

The GC has debug assertions that certain things don't happen on GC threads. Those assertions
are no-ops unless initializeGCThreads() is called, and I think the most canonical way to do
that is to call initializeMainThread().

jsc.cpp:

(jscmain):

1:57 PM Changeset in webkit [205766] by dino@apple.com

9 edits
8 adds in trunk

Expose Apple Pencil data to Touch events
https://bugs.webkit.org/show_bug.cgi?id=161783
<rdar://problem/28218898>

Reviewed by Beth Dakin.

Source/WebKit2:

Platform/spi/ios/UIKitSPI.h: Expose the new SPI. Since this is only used

on public builds, guard it against everything that is <= iOS 10.0.

Shared/WebEvent.h: New properties.

(WebKit::WebPlatformTouchPoint::setAltitudeAngle):
(WebKit::WebPlatformTouchPoint::altitudeAngle):
(WebKit::WebPlatformTouchPoint::setAzimuthAngle):
(WebKit::WebPlatformTouchPoint::azimuthAngle):
(WebKit::WebPlatformTouchPoint::setTouchType):
(WebKit::WebPlatformTouchPoint::touchType):
(WebKit::WebPlatformTouchPoint::force): Deleted.

Shared/WebEventConversion.cpp:

(WebKit::webPlatformTouchTypeToPlatform):
(WebKit::WebKit2PlatformTouchPoint::WebKit2PlatformTouchPoint): More
parameters sent to parent constructor.

Shared/ios/NativeWebTouchEventIOS.mm:

(WebKit::convertTouchType):
(WebKit::NativeWebTouchEvent::extractWebTouchPoint):

Shared/ios/WebPlatformTouchPointIOS.cpp:

(WebKit::WebPlatformTouchPoint::encode):
(WebKit::WebPlatformTouchPoint::decode):

Tools:

The values that IOHID expects are different from their
documentation, and from what UITouch interprets. Tweak
incoming data so it will produce the output we expect.

WebKitTestRunner/ios/HIDEventGenerator.mm:

(-[HIDEventGenerator stylusDownAtPoint:azimuthAngle:altitudeAngle:pressure:]):
(-[HIDEventGenerator stylusMoveToPoint:azimuthAngle:altitudeAngle:pressure:]):

LayoutTests:

Four new tests that check data coming out of an Apple Pencil.

fast/events/touch/ios/pencil-data-change-does-not-give-touchmove-expected.txt: Added.
fast/events/touch/ios/pencil-data-change-does-not-give-touchmove.html: Added.
fast/events/touch/ios/pencil-data-change-gives-touchforcechange-expected.txt: Added.
fast/events/touch/ios/pencil-data-change-gives-touchforcechange.html: Added.
fast/events/touch/ios/pencil-move-provides-stylus-data-expected.txt: Added.
fast/events/touch/ios/pencil-move-provides-stylus-data.html: Added.
fast/events/touch/ios/pencil-touch-registered-as-pencil-expected.txt: Added.
fast/events/touch/ios/pencil-touch-registered-as-pencil.html: Added.

1:46 PM Changeset in webkit [205765] by timothy_horton@apple.com

13 edits
1 copy
1 add in trunk

Text replacement candidates don't always overwrite the entire original string
https://bugs.webkit.org/show_bug.cgi?id=161779
<rdar://problem/28033492>

Reviewed by Simon Fraser.

Source/WebCore:

New test: editing/mac/spelling/accept-candidate-replacing-multiple-words.html.

editing/Editor.cpp:

(WebCore::Editor::contextRangeForCandidateRequest):
Factor contextRangeForCandidateRequest out of the WebKits, into Editor.
This just expands to paragraph boundaries from the cursor.

(WebCore::Editor::handleAcceptedCandidate):
Make use of selectTextCheckingResult instead of just assuming that we want
to replace the word to the left of the insertion point.

(WebCore::Editor::stringForCandidateRequest): Deleted.

editing/Editor.h:

testing/Internals.cpp:

(WebCore::Internals::handleAcceptedCandidate):

testing/Internals.h:
testing/Internals.idl:

Source/WebKit/mac:

WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::requestCandidatesForSelection):
Make use of the shared implementation of contextRangeForCandidateRequest.

Source/WebKit2:

WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::platformEditorState):
Make use of the shared implementation of contextRangeForCandidateRequest.

LayoutTests:

editing/mac/spelling/accept-candidate-without-crossing-editing-boundary.html:
editing/mac/spelling/accept-misspelled-candidate.html:

Adjust tests to send the correct replacement range.

editing/mac/spelling/accept-candidate-replacing-multiple-words.html:

Add a test that ensures that we will replace the entire string for a
candidate that replaces multiple words.

1:27 PM Changeset in webkit [205764] by jfbastien@apple.com

2 edits in trunk/Tools

Unreviewed. Added myself to the list of committers.

Scripts/webkitpy/common/config/contributors.json:

12:57 PM Changeset in webkit [205763] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline js/dom/global-constructors-attributes.html for mac-wk1 after r205755.

Unreviewed test gardening.

platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt:

12:28 PM Changeset in webkit [205762] by bshafiei@apple.com

4 edits in tags/Safari-603.1.5.0.1/Source/WebCore

Merged r205756. rdar://problem/28219953

12:27 PM Changeset in webkit [205761] by bshafiei@apple.com

5 edits in tags/Safari-603.1.5.0.1/Source

Versioning.

12:23 PM Changeset in webkit [205760] by bshafiei@apple.com

1 copy in tags/Safari-603.1.5.0.1

New tag.

12:15 PM Changeset in webkit [205759] by msaboff@apple.com

2 edits in trunk/Tools

Add ChakraCore tests to run-javascriptcore-tests
https://bugs.webkit.org/show_bug.cgi?id=161808

Reviewed by Saam Barati.

Added ChakraCore tests to the default list of tests to run.

Scripts/run-javascriptcore-tests:

(runJSCStressTests):

12:02 PM Changeset in webkit [205758] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking tiled-drawing/scrolling/fixed/four-bars-zoomed.html as flaky on mac-wk2 debug.
https://bugs.webkit.org/show_bug.cgi?id=161547

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

11:49 AM Changeset in webkit [205757] by msaboff@apple.com

2 edits in trunk/JSTests

Disable three flakey Chakra Tests
https://bugs.webkit.org/show_bug.cgi?id=161807

Reviewed by Saam Barati.

ChakraCore.yaml: Disabled the flakey tests

ChakraCore/test/Array/protoLookup_native.js
ChakraCore/test/LetConst/delete.js
ChakraCore/test/fieldopts/fieldhoist_sideeffect.js

11:44 AM Changeset in webkit [205756] by beidson@apple.com

4 edits in trunk/Source/WebCore

Soft-link GameController.framework.
<rdar://problem/28219953> and https://bugs.webkit.org/show_bug.cgi?id=161802

Reviewed by Brian Burg.

No new tests (No change in behavior).

Configurations/WebCore.xcconfig:
WebCore.xcodeproj/project.pbxproj:
platform/gamepad/cocoa/GameControllerGamepadProvider.mm:

(WebCore::GameControllerGamepadProvider::startMonitoringGamepads):

11:38 AM Changeset in webkit [205755] by jiewen_tan@apple.com

20 edits in trunk

Rename Key to CryptoKey
https://bugs.webkit.org/show_bug.cgi?id=161665
<rdar://problem/28083391>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

WebCryptoAPI/idlharness-expected.txt:

Source/WebCore:

A link to the spec: https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface

crypto/CryptoKey.idl:

Remove some unnecessary IDL attributes and reorder KeyType enum to match the spec.

crypto/CryptoKeyType.h:

LayoutTests:

crypto/subtle/aes-cbc-unwrap-rsa-expected.txt:
crypto/subtle/aes-cbc-unwrap-rsa.html:
crypto/subtle/aes-kw-key-manipulation-expected.txt:
crypto/subtle/aes-kw-key-manipulation.html:
crypto/subtle/aes-kw-wrap-unwrap-aes-expected.txt:
crypto/subtle/aes-kw-wrap-unwrap-aes.html:
crypto/subtle/rsa-oaep-wrap-unwrap-aes-expected.txt:
crypto/subtle/rsa-oaep-wrap-unwrap-aes.html:
crypto/subtle/rsaes-pkcs1-v1_5-wrap-unwrap-aes-expected.txt:
crypto/subtle/rsaes-pkcs1-v1_5-wrap-unwrap-aes.html:
crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-expected.txt:
crypto/subtle/rsassa-pkcs1-v1_5-import-jwk.html:
platform/mac/js/dom/global-constructors-attributes-expected.txt:
platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:

11:25 AM Changeset in webkit [205754] by commit-queue@webkit.org

7 edits in trunk/Source/WebInspectorUI

Web Inspector: Command-Z doesn't work when editing CSS selectors in Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=159734

Patch by Devin Rousso <Devin Rousso> on 2016-09-09
Reviewed by Brian Burg.

Replace the current usage of -webkit-user-select with a textarea sized exactly the same as
the selector text which holds the current value of the selector.

UserInterface/Test.html: Add WrappedPromise.

UserInterface/Models/DOMNodeStyles.js:

(WebInspector.DOMNodeStyles.prototype.refresh.fetchedMatchedStyles):
(WebInspector.DOMNodeStyles.prototype.refresh.fetchedInlineStyles):
(WebInspector.DOMNodeStyles.prototype.refresh.fetchedComputedStyle):
(WebInspector.DOMNodeStyles.prototype.refresh):
(WebInspector.DOMNodeStyles.prototype.changeRuleSelector.ruleSelectorChanged):
(WebInspector.DOMNodeStyles.prototype.changeRuleSelector):
Ensure that the promise returned by changeRuleSelector is only resolved once the initiated
refresh has completed, ensuring that all matched selectors are parsed and available.

UserInterface/Views/CSSStyleDeclarationSection.css:

(.style-declaration-section > .header):
(.style-declaration-section.locked > .header::before):
(.style-declaration-section.rule-disabled > .header > .icon):
(.style-declaration-section > .header > textarea):
(.style-declaration-section > .header > textarea:focus):
(.style-declaration-section > .header > textarea:focus + .selector):
(.style-declaration-section > .header > .selector):
(.style-declaration-section > .header > .selector:empty):
(.style-declaration-section > .header > .selector .matched):
(.style-declaration-section:not(.invalid-selector).rule-disabled > .header > .icon): Deleted.
(.style-declaration-section > .header > .selector:empty::before): Deleted.
(.style-declaration-section > .header > .selector:focus): Deleted.
(.style-declaration-section:matches(.locked, .selector-locked) > .header > .selector): Deleted.
(.style-declaration-section > .header > .selector > .matched): Deleted.
(.style-declaration-section.invalid-selector > .header > .icon): Deleted.
(.style-declaration-section.invalid-selector > .header > .selector): Deleted.
Added styling to make textarea invisible when not focused.
Also removed the .invalid-selector styles as the section now refreshed on all changes.

UserInterface/Views/CSSStyleDeclarationSection.js:

(WebInspector.CSSStyleDeclarationSection):
(WebInspector.CSSStyleDeclarationSection.prototype.refresh.appendSelector):
(WebInspector.CSSStyleDeclarationSection.prototype.refresh.appendSelectorTextKnownToMatch):
(WebInspector.CSSStyleDeclarationSection.prototype.refresh):
(WebInspector.CSSStyleDeclarationSection.prototype.focusRuleSelector):
(WebInspector.CSSStyleDeclarationSection.prototype.get selectorEditable):
(WebInspector.CSSStyleDeclarationSection.prototype.get _currentSelectorText):
(WebInspector.CSSStyleDeclarationSection.prototype._handleSelectorPaste.parseTextForRule):
(WebInspector.CSSStyleDeclarationSection.prototype._handleSelectorPaste):
(WebInspector.CSSStyleDeclarationSection.prototype.get selectorLocked): Deleted.
Added a hidden textarea for modifying the selector of the represented style.

UserInterface/Views/RulesStyleDetailsPanel.js:

(WebInspector.RulesStyleDetailsPanel.prototype.cssStyleDeclarationSectionEditorPreviousRule):
Now use new getters on CSSSTyleDeclarationSection for determining if a selector is editable.

UserInterface/Views/Variables.css:

(:root):
Added --style-declaration-section-header-padding CSS variable.

11:04 AM Changeset in webkit [205753] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

Make hasOwnProperty ALWAYS_INLINE
https://bugs.webkit.org/show_bug.cgi?id=161775

Reviewed by Ryosuke Niwa.

Speedometer spends around 2.5% of its time in hasOwnProperty.
Let's reduce the overhead of calling that function by marking
it as inline. Also, it's likely that the function will call into
JSObject::getOwnPropertySlot. I added a check to see if that's
the function we're calling, if it is, we do a direct call instead
of an indirect call.

runtime/JSObject.cpp:

(JSC::JSObject::hasOwnProperty): Deleted.

runtime/JSObjectInlines.h:

(JSC::JSObject::hasOwnProperty):

10:56 AM Changeset in webkit [205752] by achristensen@apple.com

4 edits in trunk

URLParser: Handle \ in path according to spec
https://bugs.webkit.org/show_bug.cgi?id=161805

Reviewed by Andy Estes.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

10:46 AM Changeset in webkit [205751] by Simon Fraser

2 edits in trunk/PerformanceTests

Perf test Animation/css-accelerated-animation.html failing
https://bugs.webkit.org/show_bug.cgi?id=161795

Skip Animation/css-accelerated-animation.html since this only works as a MobileSafari
perf test.

Skipped:

10:24 AM Changeset in webkit [205750] by commit-queue@webkit.org

17 edits in trunk

TextTrackLoader should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161792

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-09
Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/addCue-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/endTime-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/id-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/pauseOnExit-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/startTime-expected.txt:
web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrackCue/track-expected.txt:

Source/WebCore:

Covered by existing and updated tests.

Updating text track loader to use fetch mode according crossOrigin value.

Removed the check done in the case the crossOrigin value is not set.
Previously cross-origin loads were forbidden, now this is authorized.
This change allows aligning with the spec.
Also, this check could be bypassed in the case of a same-origin URL redirecting to a cross-origin one.

loader/TextTrackLoader.cpp:

(WebCore::TextTrackLoader::notifyFinished): Checking resource error in lieu of doing CORS checks on its own.
(WebCore::TextTrackLoader::load): Using CachedResourceRequest::setAsPotentiallyCrossOrigin

loader/TextTrackLoader.h:
loader/cache/CachedResource.cpp:

(WebCore::CachedResource::loadFrom): Setting loading and status values as would be done when load is finished.
(WebCore::CachedResource::setBodyDataFrom): Default implementation is to copy the shared buffer.

loader/cache/CachedResource.h:
loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Enabling resource update when mode or origin is different for TextTrack resources.

LayoutTests:

http/tests/security/text-track-crossorigin-expected.txt:
http/tests/security/text-track-crossorigin.html: Updating test to be more robust against timeout.

Updated test to succeed doing no-cors loading of cross-origin resources.

10:06 AM Changeset in webkit [205749] by achristensen@apple.com

4 edits in trunk

URLParser should parse URLs with non-special schemes
https://bugs.webkit.org/show_bug.cgi?id=161786

Reviewed by Andy Estes.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):
There's no reason for a SchemeEndCheckForSlashes state now that we can copy iterators.
It's not in the spec and not needed.
Also, move things around a little so parsing special or non-special schemes
followed by one or two slashes works correctly.

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

9:57 AM Changeset in webkit [205748] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking imported/w3c/web-platform-tests/IndexedDB/keyorder.htm as flaky on mac-wk2 debug.
https://bugs.webkit.org/show_bug.cgi?id=161742

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

9:51 AM Changeset in webkit [205747] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking inspector/debugger/breakpoint-columns.html as flaky on mac-wk2.
https://bugs.webkit.org/show_bug.cgi?id=161774

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

9:50 AM Changeset in webkit [205746] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

HashMapImpl needs to m_buffer.clear() in its constructor
https://bugs.webkit.org/show_bug.cgi?id=161796

Reviewed by Keith Miller.

This is the second time that I'm fixing a bug because AuxiliaryBarrier does not initialize
itself. That seemed like a good idea because maybe sometimes the user knows better how to
initialize it. But, it's not worth it if it's a constant source of bugs.

So, I'm fixing it for good by making AuxiliaryBarrier::AuxiliaryBarrier() initialize its
m_value.

runtime/AuxiliaryBarrier.h:

(JSC::AuxiliaryBarrier::AuxiliaryBarrier):

runtime/DirectArguments.cpp:

(JSC::DirectArguments::DirectArguments):

9:29 AM Changeset in webkit [205745] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking fast/text/emoji-num-glyphs.html as a flaky timeout.
https://bugs.webkit.org/show_bug.cgi?id=161799

Unreviewed test gardening.

TestExpectations:

9:17 AM Changeset in webkit [205744] by Chris Dumez

10 edits
2 adds in trunk

Regression(r186020): Null dereference in getStartDate()
https://bugs.webkit.org/show_bug.cgi?id=161733

Reviewed by Eric Carlson.

Source/WebCore:

Update HTMLMediaElement::getStartDate() to return NaN if m_player is null,
instead of crashing.

Test: fast/media/getStartDate-NaN.html

bindings/js/IDBBindingUtilities.cpp:

(WebCore::toJS):
Add a FIXME comment as this code is using jsDateOrNull() but should
probably be using jsDate() as per:

http://w3c.github.io/IndexedDB/#request-convert-a-key-to-a-value

bindings/js/JSDOMBinding.cpp:

(WebCore::jsDate):
(WebCore::jsDateOrNull):

bindings/js/JSDOMBinding.h:
Rename jsDateOrNaN() to jsDate() as this is the default behavior. Also, return new Date(NaN) instead of NaN if the implementation returns NaN. The IDL says we should return a Date, not a number.
Update jsDateOrNull() to only return jsNull() if the native value is NaN, instead of doing so for every value that is not finite. Our convention is to use NaN as special value to represent null in JS.

bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue):
When converting a native value (double) into a Date, rely on the fact
that the type is nullable when deciding if we should call jsDate() or
jsDateOrNull() to convert. This way, we no longe need a WebKit specific
[TreatReturnedDateAs=Null|NaN] IDL extended attribute.

bindings/scripts/IDLAttributes.txt:
html/HTMLInputElement.idl:

Mark valueAsDate attribute as nullable, as per the specification:

https://html.spec.whatwg.org/#htmlinputelement

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::getStartDate):
Return NaN if m_player is null instead of crashing. The reason I decided
to return NaN is because the specification [1] says to return a new Date
object representing the current timeline offset. The spec of timeline
offset [2] says that the initial timeline offset value is NaN.
[1] https://html.spec.whatwg.org/#dom-media-getstartdate
[2] https://html.spec.whatwg.org/#timeline-offset

bindings/scripts/IDLAttributes.txt:
html/HTMLMediaElement.idl:

Drop [TreatReturnedDateAs] attribute as it is no longer supported.

LayoutTests:

Add layout test coverage.

fast/media/getStartDate-NaN-expected.txt: Added.
fast/media/getStartDate-NaN.html: Added.

8:42 AM Changeset in webkit [205743] by commit-queue@webkit.org

188 edits
6 copies
20 moves
8 adds
18 deletes in trunk/LayoutTests

Sync web-platform-tests up to revision 6d9c836
https://bugs.webkit.org/show_bug.cgi?id=161738

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-09
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

resources/ImportExpectations:
resources/TestRepositories:
resources/resource-files.json:
resources/web-platform-tests-modules.json:
web-platform-tests/2dcontext/transformations/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/w3c-import.log.
web-platform-tests/IndexedDB/idbindex-multientry-big-expected.txt:
web-platform-tests/WebIDL/ecmascript-binding/es-exceptions/w3c-import.log: Added.
web-platform-tests/WebIDL/ecmascript-binding/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/w3c-import.log.
web-platform-tests/WebIDL/readme.txt: Added.
web-platform-tests/WebIDL/testable_assertions.txt: Added.
web-platform-tests/WebIDL/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/template/appending-to-a-template/w3c-import.log.
web-platform-tests/XMLHttpRequest/responsexml-document-properties-expected.txt:
web-platform-tests/XMLHttpRequest/send-entity-body-document-expected.txt:
web-platform-tests/XMLHttpRequest/send-non-same-origin.sub-expected.txt:
web-platform-tests/XMLHttpRequest/send-non-same-origin.sub.htm:
web-platform-tests/XMLHttpRequest/w3c-import.log:
web-platform-tests/common/canvas-tests.js:

(addCrossOriginYellowImage):

web-platform-tests/common/get-host-info.sub.js:

(get_host_info):

web-platform-tests/config.json: Added.
web-platform-tests/dom/historical-expected.txt:
web-platform-tests/dom/historical.html:
web-platform-tests/dom/interfaces-expected.txt:
web-platform-tests/dom/interfaces.html:
web-platform-tests/dom/nodes/DOMImplementation-createDocument-expected.txt:
web-platform-tests/dom/nodes/DOMImplementation-createDocument.html:
web-platform-tests/dom/nodes/DOMImplementation-hasFeature-expected.txt:
web-platform-tests/dom/nodes/DOMImplementation-hasFeature.html:
web-platform-tests/dom/nodes/Document-createElement-namespace-tests/w3c-import.log:
web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:
web-platform-tests/dom/nodes/Document-createElementNS.html:
web-platform-tests/dom/nodes/Document-createElementNS.js:
web-platform-tests/domparsing/w3c-import.log:
web-platform-tests/fetch/api/basic/mode-same-origin.html:
web-platform-tests/fetch/api/basic/mode-same-origin.js:
web-platform-tests/fetch/api/basic/referrer.html:
web-platform-tests/fetch/api/basic/referrer.js:

(runTest):

web-platform-tests/fetch/api/basic/request-headers-worker-expected.txt:
web-platform-tests/fetch/api/basic/request-headers.js:

(requestHeaders):

web-platform-tests/fetch/api/basic/scheme-blob-expected.txt:
web-platform-tests/fetch/api/basic/scheme-blob-worker-expected.txt:
web-platform-tests/fetch/api/basic/scheme-blob-worker.html:
web-platform-tests/fetch/api/basic/scheme-blob.html:
web-platform-tests/fetch/api/basic/scheme-blob.js:

(invalidRequestMethods.forEach):

web-platform-tests/fetch/api/basic/w3c-import.log:
web-platform-tests/fetch/api/cors/cors-basic.html:
web-platform-tests/fetch/api/cors/cors-basic.js:
web-platform-tests/fetch/api/cors/cors-cookies.html:
web-platform-tests/fetch/api/cors/cors-cookies.js:
web-platform-tests/fetch/api/cors/cors-no-preflight.html:
web-platform-tests/fetch/api/cors/cors-no-preflight.js:
web-platform-tests/fetch/api/cors/cors-origin.html:
web-platform-tests/fetch/api/cors/cors-origin.js:
web-platform-tests/fetch/api/cors/cors-preflight-redirect.html:
web-platform-tests/fetch/api/cors/cors-preflight-redirect.js:
web-platform-tests/fetch/api/cors/cors-preflight-referrer.html:
web-platform-tests/fetch/api/cors/cors-preflight-referrer.js:
web-platform-tests/fetch/api/cors/cors-preflight-status.html:
web-platform-tests/fetch/api/cors/cors-preflight-status.js:
web-platform-tests/fetch/api/cors/cors-preflight.html:
web-platform-tests/fetch/api/cors/cors-preflight.js:
web-platform-tests/fetch/api/cors/cors-redirect-credentials.html:
web-platform-tests/fetch/api/cors/cors-redirect-credentials.js:
web-platform-tests/fetch/api/cors/cors-redirect-preflight.html:
web-platform-tests/fetch/api/cors/cors-redirect-preflight.js:
web-platform-tests/fetch/api/cors/cors-redirect.html:
web-platform-tests/fetch/api/cors/cors-redirect.js:
web-platform-tests/fetch/api/cors/w3c-import.log:
web-platform-tests/fetch/api/headers/headers-combine-expected.txt:
web-platform-tests/fetch/api/headers/headers-combine.html:
web-platform-tests/fetch/api/redirect/redirect-mode.html:
web-platform-tests/fetch/api/redirect/redirect-mode.js:
web-platform-tests/fetch/api/redirect/redirect-origin.html:
web-platform-tests/fetch/api/redirect/redirect-origin.js:
web-platform-tests/fetch/api/redirect/w3c-import.log:
web-platform-tests/fetch/api/request/request-cache-expected.txt:
web-platform-tests/fetch/api/request/request-cache.html:
web-platform-tests/fetch/api/request/request-disturbed.html:
web-platform-tests/fetch/api/resources/get-host-info.sub.js: Removed.
web-platform-tests/fetch/api/resources/w3c-import.log:
web-platform-tests/fetch/api/response/response-init-001.html:
web-platform-tests/html/browsers/browsing-the-web/history-traversal/w3c-import.log:
web-platform-tests/html/browsers/history/the-history-interface/w3c-import.log:
web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log:
web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt: Added.
web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-on-new-window-expected.txt: Added.
web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-on-new-window.html: Added.
web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html: Added.
web-platform-tests/html/browsers/origin/cross-origin-objects/frame.html:
web-platform-tests/html/browsers/origin/cross-origin-objects/w3c-import.log:
web-platform-tests/html/browsers/origin/cross-origin-objects/win-documentdomain.sub.html:
web-platform-tests/html/browsers/the-window-object/security-window/window-security.sub.html:
web-platform-tests/html/browsers/windows/nested-browsing-contexts/frameElement.sub-expected.txt:
web-platform-tests/html/browsers/windows/w3c-import.log:
web-platform-tests/html/dom/dynamic-markup-insertion/opening-the-input-stream/010-expected.txt:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-N-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-N-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-N-EN-ref-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-N-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-N-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-bdi-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-bdi-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-dir-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-dir-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-dir_auto-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-dir_auto-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-script-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-script-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-style-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-style-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-textarea-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-contained-textarea-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-N-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-N-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-N-EN-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-N-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-N-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-N-EN-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-N-EN-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-N-EN-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-N-L-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-N-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-input-script-R-expected.html:
web-platform-tests/html/dom/elements/global-attributes/dir_auto-isolate-expected.html:
web-platform-tests/html/dom/interfaces-expected.txt:
web-platform-tests/html/dom/interfaces.html:
web-platform-tests/html/semantics/document-metadata/the-link-element/document-without-browsing-context-expected.txt:
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/parsing-expected.txt:
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/refresh.sub.html: Removed.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/w3c-import.log: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/w3c-import.log.
web-platform-tests/html/semantics/embedded-content/the-area-element/area-shape-expected.txt:
web-platform-tests/html/semantics/embedded-content/the-area-element/area-shape.html:
web-platform-tests/html/semantics/embedded-content/the-audio-element/audio_constructor-expected.txt:
web-platform-tests/html/semantics/embedded-content/the-audio-element/audio_constructor.html:
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.canvas-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.canvas.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.canvas.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.canvas.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.image-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.image.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.image.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.drawImage.image.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.fillStyle-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.fillStyle.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.fillStyle.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.fillStyle.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.strokeStyle-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.strokeStyle.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.strokeStyle.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.strokeStyle.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.timing-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.timing.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.timing.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.canvas.timing.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.create-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.create.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.create.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.create.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.cross-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.cross.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.cross.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.cross.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.fillStyle-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.fillStyle.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.fillStyle.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.fillStyle.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.strokeStyle-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.strokeStyle.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.strokeStyle.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.pattern.image.strokeStyle.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.reset-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.reset.sub-expected.txt.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.reset.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-canvas-element/security.reset.sub.html.
web-platform-tests/html/semantics/embedded-content/the-canvas-element/w3c-import.log:
web-platform-tests/html/semantics/embedded-content/the-img-element/environment-changes/viewport-change-expected.txt:
web-platform-tests/html/semantics/grouping-content/the-li-element/grouping-li-reftest-001-expected.html:
web-platform-tests/html/semantics/grouping-content/the-li-element/grouping-li-reftest-001-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-li-element/grouping-li-reftest-001-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-li-element/grouping-li-reftest-002-expected.html:
web-platform-tests/html/semantics/grouping-content/the-li-element/w3c-import.log:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-expected.txt:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-rev-reftest-001-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-rev-reftest-001-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-rev-reftest-001-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-001-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-001-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-001-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-002-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-002-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-start-reftest-002-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-001-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-001-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-001-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-002-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-002-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-002-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-003-expected.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-003-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-type-reftest-003-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol.html:
web-platform-tests/html/semantics/grouping-content/the-ol-element/w3c-import.log:
web-platform-tests/html/semantics/grouping-content/the-pre-element/grouping-pre-reftest-001-expected.html:
web-platform-tests/html/semantics/grouping-content/the-pre-element/grouping-pre-reftest-001-ref-expected.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-pre-element/grouping-pre-reftest-001-ref.html: Removed.
web-platform-tests/html/semantics/grouping-content/the-pre-element/w3c-import.log:
web-platform-tests/html/semantics/links/linktypes/alternate-css-expected.html:
web-platform-tests/html/semantics/tabular-data/the-table-element/tFoot.html:
web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-a-foster-parent-element.html:
web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-not-a-foster-parent-element.html:
web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-body.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/end-tag-table.html:
web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html:
web-platform-tests/html/syntax/parsing/template/appending-to-a-template/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-body-context.html:
web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-context.html:
web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-row-context.html:
web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/w3c-import.log:
web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html:
web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/w3c-import.log:
web-platform-tests/lint.whitelist:
web-platform-tests/resource-timing/SyntheticResponse.py:

(main):

web-platform-tests/resource-timing/resource-timing-expected.txt:
web-platform-tests/resource-timing/resource-timing.html:
web-platform-tests/resource-timing/resource-timing.js:

(logResourceEntry): Deleted.
(window.onload): Deleted.

web-platform-tests/resource-timing/resources/resource_timing_test0.xml:
web-platform-tests/resource-timing/resources/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/w3c-import.log.
web-platform-tests/resource-timing/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/w3c-import.log.
web-platform-tests/url/interfaces-expected.txt:

LayoutTests:

platform/wk2/TestExpectations:
platform/wk2/imported/w3c/web-platform-tests/html/semantics/document-metadata/styling/LinkStyle-expected.txt:

8:29 AM Changeset in webkit [205742] by bshafiei@apple.com

3 edits
1 add in branches/safari-602-branch

Merge r204403. rdar://problem/27991568

8:17 AM Changeset in webkit [205741] by bshafiei@apple.com

7 edits
1 add in branches/safari-602-branch/Source/JavaScriptCore

Merge r204485. rdar://problem/27991572

6:33 AM WebKitGTK/2.14.x edited by Michael Catanzaro

(diff)

6:31 AM WebKitGTK/2.14.x edited by Michael Catanzaro

(diff)

5:54 AM Changeset in webkit [205740] by mark.lam@apple.com

2 edits in trunk/Source/WTF

Gardening: fixing a few JSC test failures.
https://bugs.webkit.org/show_bug.cgi?id=161760

Not reviewed.

Without this fix, the following tests will crash on a null dereference of isGCThread.

stress/slow-path-generator-updating-current-node-dfg.js.misc-ftl-no-cjit
stress/unshift-array-storage.js.misc-ftl-no-cjit

wtf/MainThread.cpp:

(WTF::mayBeGCThread):

5:06 AM Changeset in webkit [205739] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.13.91

WebKitGTK+ 2.13.91

5:04 AM Changeset in webkit [205738] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.14

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.13.91 release.

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

gtk/NEWS: Add release notes for 2.13.91.

4:11 AM WebKitGTK/2.14.x edited by Carlos Garcia Campos

(diff)

3:56 AM Changeset in webkit [205737] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205561 - [GTK] Make inspection of Inspector conditional on DEVELOPER_MODE
https://bugs.webkit.org/show_bug.cgi?id=161702

Reviewed by Michael Catanzaro.

UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

3:55 AM Changeset in webkit [205736] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205547 - [GTK] Clarify frame callbacks behaviour in Wayland compositor
https://bugs.webkit.org/show_bug.cgi?id=161683

Patch by Emanuele Aina <Emanuele Aina> on 2016-09-07
Reviewed by Carlos Garcia Campos.

The way we fire frame callbacks in the nested Wayland compositor can
be puzzling to developers expecting Wayland semantics, but since we
have our own mechanism to handle synchronization we don't care much
about them. Add a comment to avoid surprised Wayland developers.

UIProcess/gtk/WaylandCompositor.cpp:

(WebKit::WaylandCompositor::Surface::commit):

3:54 AM Changeset in webkit [205735] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/gtk/po

Merge r205546 - [l10n] Updated Polish translation of WebKitGTK+ for 2.14
https://bugs.webkit.org/show_bug.cgi?id=161319

Patch by Piotr Drąg <piotrdrag@gmail.com> on 2016-09-07
Rubber-stamped by Michael Catanzaro.

pl.po:

3:53 AM Changeset in webkit [205734] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

[GTK] Crash of WebProcess on the last WebView disconnect
https://bugs.webkit.org/show_bug.cgi?id=161605

Reviewed by Michael Catanzaro.

The crash happens because GLX contexts are cleaned up in an exit handler to prevent X server crashes caused by
buggy drivers when process finishes with active GLX contexts. The cleanup is assuming that all contexts not
released when the exit handler is called are leaked, and then it manually deletes them. This assumption is no
longer true because PlatformDisplay owns the sharing GLContext now, and it's freed after the exit
handlers. Instead of deleting the GLContext objects, we could clear the internal GLXContext without breaking the
pointer ownership. Since this is specific to GLX, I've moed the code from GLContext to GLContextGLX and
simplified it.

platform/graphics/GLContext.cpp:

(WebCore::GLContext::GLContext):
(WebCore::GLContext::~GLContext):
(WebCore::activeContextList): Deleted.
(WebCore::GLContext::addActiveContext): Deleted.
(WebCore::GLContext::removeActiveContext): Deleted.
(WebCore::GLContext::cleanupActiveContextsAtExit): Deleted.

platform/graphics/glx/GLContextGLX.cpp:

(WebCore::activeContexts):
(WebCore::GLContextGLX::GLContextGLX):
(WebCore::GLContextGLX::~GLContextGLX):
(WebCore::GLContextGLX::clear):

platform/graphics/glx/GLContextGLX.h:

3:48 AM Changeset in webkit [205733] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205537 - [GTK][Threaded Compositor] Several flaky tests
https://bugs.webkit.org/show_bug.cgi?id=161242

Reviewed by Michael Catanzaro.

Source/WebKit2:

Reset the viewport attributes on SimpleViewportController when viewport attributes change and fixed layout is
not used. We were only updating the viewport attributes when fixed layout was used, but not resetting them again
when it's no longer used. That caused that reference tests run after fast/fixed-layout/fixed-layout.html or
compositing/fixed-with-fixed-layout.html in the same worker thread were incorrectly rendered.

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::dispatchViewportPropertiesDidChange): Remove ifdefs and call
WebPage::viewportPropertiesDidChange() unconditionally.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::setSize): Pass current page viewport arguments to sendViewportAttributesChanged().
(WebKit::WebPage::sendViewportAttributesChanged): It now receives the viewport arguments.
(WebKit::WebPage::viewportPropertiesDidChange): Move the iOS implementation from WebPageIOS.mm and for
coordinated graphics call sendViewportAttributesChanged() when fixed layout is used or reset the viewport
attributes when not used in case of threaded compositor.

WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewportPropertiesDidChange): Moved out of iOS ifdef.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::viewportPropertiesDidChange): Deleted.

3:35 AM Changeset in webkit [205732] by Carlos Garcia Campos

6 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205535 - ProxyObject's structure should not have ObjectPrototype as its prototype and it should not have special behavior for intercepting "proto"
https://bugs.webkit.org/show_bug.cgi?id=161558

Reviewed by Benjamin Poulain.

JSTests:

stress/proxy-get-prototype-of.js:
stress/proxy-set-prototype-of.js:

(let.handler.setPrototypeOf): Deleted.

stress/proxy-underscore-proto.js: Added.

(assert):

Source/JavaScriptCore:

ProxyObject had ObjectPrototype as its direct prototype.
This could lead to infinite loops when doing a getDirectPrototype()
loop.

Fixing this bug revealed another bug, which I made when implementing Proxy.
We should not special case "proto" in get and set for Proxy Object's
hooks. "proto" should just go through the normal set and get path.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::put):

3:15 AM Changeset in webkit [205731] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205522 - Member call on NULL pointer in JavaScriptCore/dfg/DFGAbstractInterpretterInlines.h
https://bugs.webkit.org/show_bug.cgi?id=160870

Reviewed by Darin Adler.

Credit goes to Jonathan Bedard for finding this bug using the undefined
behavior sanitizer.

The rule for MaterializeNewObject inside AI was assuming that the graph
is in SSA form. This used to be true when MaterializeNewObject was only
inserted by the allocation sinking phase. However, Filip added more uses
of MaterializeNewObject in his RegExp constant folding patch. This fixes
the bug by using the structure set inside the Node's OpInfo rather than
generating it from m_phiChildren inside AI.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

3:15 AM Changeset in webkit [205730] by Carlos Garcia Campos

65 edits
1 copy
14 adds in releases/WebKitGTK/webkit-2.14

Merge r205520 - Make JSMap and JSSet faster
https://bugs.webkit.org/show_bug.cgi?id=160989

Reviewed by Filip Pizlo.

JSTests:

microbenchmarks/dense-set.js: Added.

(bench):

microbenchmarks/large-map-iteration-with-additions.js: Added.

(bar):
(foo):

microbenchmarks/large-map-iteration-with-mutation.js: Added.

(bar):
(foo):

microbenchmarks/large-map-iteration.js: Added.

(bar):
(foo):

microbenchmarks/map-get-get-cse.js: Added.

(bar):
(foo):

microbenchmarks/map-has-get-cse-opportunity.js: Added.

(bar):
(foo):

microbenchmarks/sparse-set.js: Added.

(bench):

stress/map-cse-correctness.js: Added.

(assert):
(testHas):
(testGet):
(foo):

stress/map-iteration.js: Added.

(assert):
(test1):
(test2):
(test3):
(test4):
(test5):
(test6):
(test7):
(test8):
(test9):
(test10):
(test11):
(test12):
(test13):
(test14):
(test15):
(test16):
(test17):
(test18):

Source/JavaScriptCore:

This patch revamps how we implement Map and Set. It uses
a new hash map implementation. The hash map uses linear
probing and it uses Wang's 64 bit hash function for JSValues
that aren't strings. Strings use StringImpl's hash function.
The reason I wanted to roll our own HashTable is twofold:
I didn't want to inline WTF::HashMap's implementation into our
JIT, since that seems error prone and unmaintainable. Also, I wanted
a different structure for hash map buckets where buckets also exist in
a linked list.

The reason for making buckets part of a linked list is that iteration
is now simple. Iteration works by just traversing a linked list.
This design also allows for a simple implementation when doing iteration
while the hash table is mutating. Whenever we remove a bucket from
the hash table, it is removed from the list, meaning items in the
list don't point to it. However, the removed bucket will still point
to things that are either in the list, or have also been removed.
e.g, from a removed bucket, you can always follow pointers until you
either find an item in the list, or you find the tail of the list.
This is a really nice property because it means that a Map or Set
does not need to reason about the all the iterators that point
into its list. Also, whenever we add items to the Map or Set, we
hijack the tail as the new item, and make the new item point to a newly
created tail. This means that any iterator that pointed to the "tail" now
points to non-tail items. This makes the implementation of adding things
to the Map/Set while iterating easy.

I also made Map.prototype.get, Map.prototype.has, and Set.prototype.has
into intrinsics in the DFG. The IR can now reason about hash map
operations and can even do CSE over Wang's hash function, hash map
bucket lookups, hash map bucket loads, and testing if a key is in
the hash table. This makes code patterns for Map like so, super fast
in the FTL, since we will only be doing a single hash and hash bucket lookup:

`
function getKeyIfPresent(map, key) {

if (map.has(key))

return map.get(key);

}
`

This patch is roughly an 8% speedup on ES6SampleBench.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::not64):

bytecode/SpeculatedType.cpp:

(JSC::speculationFromClassInfo):

bytecode/SpeculatedType.h:
dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::execute):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGEdge.h:

(JSC::DFG::Edge::shift):
(JSC::DFG::Edge::makeWord):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

dfg/DFGHeapLocation.h:
dfg/DFGNode.h:

(JSC::DFG::Node::hasHeapPrediction):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateMapObject):
(JSC::DFG::SpeculativeJIT::speculateSetObject):
(JSC::DFG::SpeculativeJIT::speculate):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

ftl/FTLAbstractHeapRepository.h:
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileMapHash):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::compileLoadFromJSMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::compileIsNonEmptyMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::lowMapObject):
(JSC::FTL::DFG::LowerDFGToB3::lowSetObject):
(JSC::FTL::DFG::LowerDFGToB3::lowMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateMapObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateSetObject):
(JSC::FTL::DFG::LowerDFGToB3::setMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::lowRegExpObject): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::lowStorage): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::speculateRegExpObject): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::setStorage): Deleted.

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::wangsInt64Hash):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitAllocateDestructibleObject): Deleted.

jit/JITOperations.h:
parser/ModuleAnalyzer.cpp:

(JSC::ModuleAnalyzer::ModuleAnalyzer):

runtime/HashMapImpl.cpp: Added.

(JSC::HashMapBucket<Data>::visitChildren):
(JSC::HashMapImpl<HashMapBucket>::visitChildren):
(JSC::HashMapImpl<HashMapBucket>::copyBackingStore):

runtime/HashMapImpl.h: Added.

(JSC::HashMapBucket::selectStructure):
(JSC::HashMapBucket::createStructure):
(JSC::HashMapBucket::create):
(JSC::HashMapBucket::HashMapBucket):
(JSC::HashMapBucket::setNext):
(JSC::HashMapBucket::setPrev):
(JSC::HashMapBucket::setKey):
(JSC::HashMapBucket::setValue):
(JSC::HashMapBucket::key):
(JSC::HashMapBucket::value):
(JSC::HashMapBucket::next):
(JSC::HashMapBucket::prev):
(JSC::HashMapBucket::deleted):
(JSC::HashMapBucket::setDeleted):
(JSC::HashMapBucket::offsetOfKey):
(JSC::HashMapBucket::offsetOfValue):
(JSC::HashMapBuffer::allocationSize):
(JSC::HashMapBuffer::buffer):
(JSC::HashMapBuffer::create):
(JSC::areKeysEqual):
(JSC::normalizeMapKey):
(JSC::jsMapHash):
(JSC::HashMapImpl::selectStructure):
(JSC::HashMapImpl::createStructure):
(JSC::HashMapImpl::create):
(JSC::HashMapImpl::HashMapImpl):
(JSC::HashMapImpl::buffer):
(JSC::HashMapImpl::finishCreation):
(JSC::HashMapImpl::emptyValue):
(JSC::HashMapImpl::isEmpty):
(JSC::HashMapImpl::deletedValue):
(JSC::HashMapImpl::isDeleted):
(JSC::HashMapImpl::findBucket):
(JSC::HashMapImpl::get):
(JSC::HashMapImpl::has):
(JSC::HashMapImpl::add):
(JSC::HashMapImpl::remove):
(JSC::HashMapImpl::size):
(JSC::HashMapImpl::clear):
(JSC::HashMapImpl::bufferSizeInBytes):
(JSC::HashMapImpl::offsetOfBuffer):
(JSC::HashMapImpl::offsetOfCapacity):
(JSC::HashMapImpl::head):
(JSC::HashMapImpl::tail):
(JSC::HashMapImpl::approximateSize):
(JSC::HashMapImpl::findBucketAlreadyHashedAndNormalized):
(JSC::HashMapImpl::rehash):
(JSC::HashMapImpl::makeAndSetNewBuffer):

runtime/Intrinsic.h:
runtime/JSCJSValue.h:
runtime/JSCJSValueInlines.h:

(JSC::sameValue):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

runtime/JSMap.cpp:

(JSC::JSMap::destroy): Deleted.
(JSC::JSMap::estimatedSize): Deleted.
(JSC::JSMap::visitChildren): Deleted.
(JSC::JSMap::copyBackingStore): Deleted.
(JSC::JSMap::has): Deleted.
(JSC::JSMap::size): Deleted.
(JSC::JSMap::get): Deleted.
(JSC::JSMap::set): Deleted.
(JSC::JSMap::clear): Deleted.
(JSC::JSMap::remove): Deleted.

runtime/JSMap.h:

(JSC::JSMap::createStructure):
(JSC::JSMap::create):
(JSC::JSMap::get):
(JSC::JSMap::set):
(JSC::JSMap::JSMap):
(JSC::JSMap::Entry::key): Deleted.
(JSC::JSMap::Entry::value): Deleted.
(JSC::JSMap::Entry::visitChildren): Deleted.
(JSC::JSMap::Entry::setKey): Deleted.
(JSC::JSMap::Entry::setKeyWithoutWriteBarrier): Deleted.
(JSC::JSMap::Entry::setValue): Deleted.
(JSC::JSMap::Entry::clear): Deleted.

runtime/JSMapIterator.cpp:

(JSC::JSMapIterator::finishCreation):
(JSC::JSMapIterator::visitChildren):
(JSC::JSMapIterator::clone):

runtime/JSMapIterator.h:

(JSC::JSMapIterator::advanceIter):
(JSC::JSMapIterator::next):
(JSC::JSMapIterator::nextKeyValue):
(JSC::JSMapIterator::JSMapIterator):
(JSC::JSMapIterator::setIterator):
(JSC::JSMapIterator::finish): Deleted.
(JSC::JSMapIterator::iteratorData): Deleted.

runtime/JSModuleLoader.cpp:

(JSC::JSModuleLoader::finishCreation):

runtime/JSModuleLoader.h:

(JSC::JSModuleLoader::create):

runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::finishCreation):

runtime/JSModuleRecord.h:

(JSC::JSModuleRecord::create):

runtime/JSSet.cpp:

(JSC::JSSet::destroy): Deleted.
(JSC::JSSet::estimatedSize): Deleted.
(JSC::JSSet::visitChildren): Deleted.
(JSC::JSSet::copyBackingStore): Deleted.
(JSC::JSSet::has): Deleted.
(JSC::JSSet::size): Deleted.
(JSC::JSSet::add): Deleted.
(JSC::JSSet::clear): Deleted.
(JSC::JSSet::remove): Deleted.

runtime/JSSet.h:

(JSC::JSSet::createStructure):
(JSC::JSSet::create):
(JSC::JSSet::add):
(JSC::JSSet::JSSet):
(JSC::JSSet::Entry::key): Deleted.
(JSC::JSSet::Entry::value): Deleted.
(JSC::JSSet::Entry::visitChildren): Deleted.
(JSC::JSSet::Entry::setKey): Deleted.
(JSC::JSSet::Entry::setKeyWithoutWriteBarrier): Deleted.
(JSC::JSSet::Entry::setValue): Deleted.
(JSC::JSSet::Entry::clear): Deleted.

runtime/JSSetIterator.cpp:

(JSC::JSSetIterator::finishCreation):
(JSC::JSSetIterator::visitChildren):
(JSC::JSSetIterator::clone):

runtime/JSSetIterator.h:

(JSC::JSSetIterator::advanceIter):
(JSC::JSSetIterator::next):
(JSC::JSSetIterator::JSSetIterator):
(JSC::JSSetIterator::setIterator):
(JSC::JSSetIterator::finish): Deleted.
(JSC::JSSetIterator::iteratorData): Deleted.

runtime/JSType.h:
runtime/MapBase.cpp: Added.

(JSC::MapBase<HashMapBucketType>::visitChildren):
(JSC::MapBase<HashMapBucketType>::estimatedSize):

runtime/MapBase.h: Added.

(JSC::MapBase::size):
(JSC::MapBase::has):
(JSC::MapBase::clear):
(JSC::MapBase::remove):
(JSC::MapBase::findBucket):
(JSC::MapBase::offsetOfHashMapImpl):
(JSC::MapBase::impl):
(JSC::MapBase::finishCreation):
(JSC::MapBase::MapBase):

runtime/MapConstructor.cpp:

(JSC::constructMap):

runtime/MapIteratorPrototype.cpp:

(JSC::MapIteratorPrototypeFuncNext):

runtime/MapPrototype.cpp:

(JSC::MapPrototype::finishCreation):
(JSC::getMap):
(JSC::privateFuncIsMap):
(JSC::privateFuncMapIteratorNext):

runtime/PropertyDescriptor.cpp:

(JSC::sameValue): Deleted.

runtime/PropertyDescriptor.h:
runtime/SetConstructor.cpp:

(JSC::constructSet):

runtime/SetIteratorPrototype.cpp:

(JSC::SetIteratorPrototypeFuncNext):

runtime/SetPrototype.cpp:

(JSC::SetPrototype::finishCreation):
(JSC::getSet):
(JSC::privateFuncSetIteratorNext):

runtime/VM.cpp:

(JSC::VM::VM):

runtime/VM.h:

Source/WebCore:

ForwardingHeaders/runtime/HashMapImpl.h: Added.
ForwardingHeaders/runtime/MapBase.h: Added.
bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::serialize):
(WebCore::CloneDeserializer::deserialize):

Source/WTF:

I made s_flagCount public in StringImpl since JSC's JITs now use this field.

wtf/text/StringImpl.h:

2:47 AM Changeset in webkit [205729] by commit-queue@webkit.org

8 edits
3 adds in trunk

ASSERTION FAILED: promise.inherits(JSPromise::info())
https://bugs.webkit.org/show_bug.cgi?id=161632
<rdar://problem/28184743>

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-09
Reviewed by Mark Lam.

Source/JavaScriptCore:

runtime/JSPromiseDeferred.cpp:

(JSC::JSPromiseDeferred::create): Returning null if promise object is not created.

Source/WebCore:

Test: fetch/fetch-worker-crash.html

bindings/js/JSDOMPromise.h:

(WebCore::callPromiseFunction): Returning early if created promise is null.
Passing directly a DeferredWrapper to the generated code.

bindings/scripts/CodeGeneratorJS.pm: Updated to take a DeferredWrapper.

(GenerateImplementation):
(GenerateReturnParameters):

bindings/scripts/test/JS/JSTestObj.cpp: Rebasing expectations.

(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithOptionalIntArgumentPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Promise):
(WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionPromise):
(WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionWithExceptionPromise):

LayoutTests:

TestExpectations: Reenabling skipped tests.
fetch/fetch-worker-crash-expected.txt: Added.
fetch/fetch-worker-crash.html: Added.
fetch/fetch-worker-crash.js: Added.

2:42 AM Changeset in webkit [205728] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205519 - Strikethrough positions are erroneously snapped twice
https://bugs.webkit.org/show_bug.cgi?id=161647
<rdar://problem/11542470>

Reviewed by Zalan Bujtas.

Source/WebCore:

Because we're using an int for the position of the baseline, the math to calculate the
strikethrough position is snapped. Then, we snap it again inside GraphicsContext.

Test: fast/text/strikethrough-int.html

rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paintDecoration):

rendering/TextDecorationPainter.h:

(WebCore::TextDecorationPainter::setBaseline):

LayoutTests:

fast/css3-text/css3-text-decoration/text-decoration-line-through-mispositioned-expected.html: Updated.
fast/text/strikethrough-int-expected-mismatch.html: Added.
fast/text/strikethrough-int.html: Added.

2:38 AM Changeset in webkit [205727] by Carlos Garcia Campos

11 edits
1 add in releases/WebKitGTK/webkit-2.14

Merge r205511 - [JSC] Make ArithClz32 work with Cell arguments
https://bugs.webkit.org/show_bug.cgi?id=161369

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-09-06
Reviewed by Geoffrey Garen.

JSTests:

stress/arith-clz32-on-various-types.js: Added.

Source/JavaScriptCore:

ArithClz32 was already working with all primitive types
thanks to the magic of ValueToInt32.
This patch adds support for cell arguments through a function
call.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithClz32):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithClz32):

2:33 AM Changeset in webkit [205726] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205510 - ASSERTION FAILED: !paintInfo.overlapTestRequests->contains(this) in WebCore::RenderWidget::paintContents
https://bugs.webkit.org/show_bug.cgi?id=135602
<rdar://problem/27701733>

Reviewed by Simon Fraser.

Source/WebCore:

ASSERT is updated to support multiple fragments painting. We just have to ensure that the FrameView's rect
has not changed between the 2 paintContents calls.

Test: fast/layers/assert-on-overlap-testing-with-frames-inside-columns.html

rendering/RenderWidget.cpp:

(WebCore::RenderWidget::paintContents):

LayoutTests:

fast/layers/assert-on-overlap-testing-with-frames-inside-columns-expected.txt: Added.
fast/layers/assert-on-overlap-testing-with-frames-inside-columns.html: Added.

2:29 AM Changeset in webkit [205725] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205498 - Use TemporaryChange<> to maintain m_userIsInteracting
https://bugs.webkit.org/show_bug.cgi?id=161497

Reviewed by Tim Horton.

Replace some error-prone manual set/clear of m_userIsInteracting with
TemporaryChange<>.

No behavior change.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::mouseEvent):
(WebKit::WebPage::keyEvent):
(WebKit::WebPage::dispatchTouchEvent):

2:27 AM Changeset in webkit [205724] by Carlos Garcia Campos

8 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205489 - <table> inside <div align="right"> with large content inside = no scrollbar
https://bugs.webkit.org/show_bug.cgi?id=3352

Reviewed by Brent Fulgham.

Source/WebCore:

Respect "right" text-alignment only if the width of the child does not overflow the
width of its containing block. This makes our margin computation more closely conform
to section "Block-level, non-replaced elements in normal flow" of the CSS 2.1
spec., <http://www.w3.org/TR/CSS21/>, and to the behavior observed in Firefox, Chrome,
IE version 9 or later and Microsoft Edge.

Test: fast/block/align-overflow-child.html

rendering/RenderBox.cpp:

(WebCore::RenderBox::computeInlineDirectionMargins):

LayoutTests:

Add a new test that is derived from the test LayoutTests/fast/block/align-bigger-child.html included
in <https://src.chromium.org/viewvc/blink?revision=187157&view=revision>.

Also update expected results of existing tests.

fast/block/align-overflow-child-expected.txt: Added.
fast/block/align-overflow-child.html: Added.
platform/efl/tables/mozilla_expected_failures/marvin/table_overflow_td_align_right-expected.txt:
platform/gtk/tables/mozilla_expected_failures/marvin/table_overflow_td_align_right-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/table_overflow_td_align_right-expected.txt:
platform/mac/tables/mozilla_expected_failures/marvin/table_overflow_td_align_right-expected.txt:
platform/win/tables/mozilla_expected_failures/marvin/table_overflow_td_align_right-expected.txt:

2:26 AM Changeset in webkit [205723] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205485 - [GTK][Wayland] evince-browser-plugin prevents viewing PDFs
https://bugs.webkit.org/show_bug.cgi?id=158697

Reviewed by Michael Catanzaro.

Use a different cache file for plugins depending on the current platform display. Plugins can claim to work on
X11 but not on Wayland, for example, if they need XEmebed to work. That's the case of the evince browser plugin.

UIProcess/Plugins/gtk/PluginInfoCache.cpp:

(WebKit::cacheFilenameForCurrentDisplay):
(WebKit::PluginInfoCache::PluginInfoCache):

2:24 AM Changeset in webkit [205722] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205484 - [Threaded Compositor] Update timer should have lower priority than tasks scheduled in compositing thread
https://bugs.webkit.org/show_bug.cgi?id=161625

Reviewed by Sergio Villar Senin.

This way, if a resize is scheduled, for example, and there are pending updates, the resize will happen first,
and then the updates will happen at the right size.

Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:

(WebKit::CompositingRunLoop::CompositingRunLoop): Use G_PRIORITY_HIGH_IDLE as update timer priority. The actual
priority doesn't really matter as long as it's lower than G_PRIORITY_DEFAULT, because there are only two
possible sources in the compositing run loop, one for the tasks scheduled, and another one for the update timer.

2:21 AM Changeset in webkit [205721] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205479 - ASSERTION FAILED: !currBox->needsLayout() in WebCore::RenderBlock::checkPositionedObjectsNeedLayout
https://bugs.webkit.org/show_bug.cgi?id=120291
<rdar://problem/27683456>

Reviewed by David Hyatt.

Source/WebCore:

This patch ensures that we always set the 'positioned child needs layout' bit on the containing block
when a new positioned descendant gets inserted. It fixes cases for simplified layout when
we ended up not laying out the descendant element.

Test: fast/block/positioning/assert-when-positioned-descendant-is-not-getting-laid-out.html

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::insertPositionedObject):

LayoutTests:

fast/block/positioning/assert-when-positioned-descendant-is-not-getting-laid-out-expected.txt: Added.
fast/block/positioning/assert-when-positioned-descendant-is-not-getting-laid-out.html: Added.

2:19 AM Changeset in webkit [205720] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205475 - [GTK] glImageTargetTexture2D() is a GL function, rename accordingly
https://bugs.webkit.org/show_bug.cgi?id=161622

Patch by Emanuele Aina <Emanuele Aina> on 2016-09-06
Reviewed by Carlos Garcia Campos.

glImageTargetTexture2D() is a GL function, not EGL, using the 'egl'
prefix is misleading.

UIProcess/gtk/WaylandCompositor.cpp:

(WebKit::WaylandCompositor::Surface::prepareTextureForPainting):
(WebKit::WaylandCompositor::initializeEGL):

2:18 AM Changeset in webkit [205719] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205474 - [GTK][EFL] Make *_PROCESS_CMD_PREFIX conditional on DEVELOPER_MODE
https://bugs.webkit.org/show_bug.cgi?id=161621

Patch by Emanuele Aina <Emanuele Aina> on 2016-09-06
Reviewed by Carlos Garcia Campos.

Instead of enabling support for the *_PROCESS_CMD_PREFIX set of
environment valiables (eg. WEB_PROCESS_CMD_PREFIX) on debug builds
only, enable it when DEVELOPER_MODE is enabled as it already guards
similar features (eg. WEBKIT_EXEC_PATH).

UIProcess/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::getLaunchOptions):

UIProcess/Launcher/ProcessLauncher.h:
UIProcess/Launcher/efl/ProcessLauncherEfl.cpp:

(WebKit::ProcessLauncher::launchProcess):

UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:

(WebKit::ProcessLauncher::launchProcess):

2:15 AM Changeset in webkit [205718] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205466 - Heap::isMarked() should use concurrent lazy flipping
https://bugs.webkit.org/show_bug.cgi?id=161613

Reviewed by Michael Catanzaro.

I found out about this race condition via
https://bugs.webkit.org/show_bug.cgi?id=160125#c233.

The problem is that we use isMarked, and maybe even isLive, inside the concurrent mark
phase. So, they need to lazy-flip in a non-racy way.

heap/HeapInlines.h:

(JSC::Heap::isLive):
(JSC::Heap::isMarked):

1:55 AM Changeset in webkit [205717] by Carlos Garcia Campos

291 edits
9 copies
14 adds
1 delete in releases/WebKitGTK/webkit-2.14

Merge r205462 - Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
https://bugs.webkit.org/show_bug.cgi?id=160125

Reviewed by Geoffrey Garen and Keith Miller.
JSTests:

Most of the things I did properly covered by existing tests, but I found some simple cases of
unshifting that had sketchy coverage.

stress/array-storage-array-unshift.js: Added.
stress/contiguous-array-unshift.js: Added.
stress/double-array-unshift.js: Added.
stress/int32-array-unshift.js: Added.

Source/bmalloc:

I needed to tryMemalign, so I added such a thing.

bmalloc/Allocator.cpp:

(bmalloc::Allocator::allocate):
(bmalloc::Allocator::tryAllocate):
(bmalloc::Allocator::allocateImpl):

bmalloc/Allocator.h:
bmalloc/Cache.h:

(bmalloc::Cache::tryAllocate):

bmalloc/bmalloc.h:

(bmalloc::api::tryMemalign):

Source/JavaScriptCore:

In order to make the GC concurrent (bug 149432), we would either need to enable concurrent
copying or we would need to not copy. Concurrent copying carries a 1-2% throughput overhead
from the barriers alone. Considering that MarkedSpace does a decent job of avoiding
fragmentation, it's unlikely that it's worth paying 1-2% throughput for copying. So, we want
to get rid of copied space. This change moves copied space's biggest client over to marked
space.

Moving butterflies to marked space means having them use the new Auxiliary HeapCell
allocation path. This is a fairly mechanical change, but it caused performance regressions
everywhere, so this change also fixes MarkedSpace's performance issues.

At a high level the mechanical changes are:

We use AuxiliaryBarrier instead of CopyBarrier.

We use tryAllocateAuxiliary instead of tryAllocateStorage. I got rid of the silly CheckedBoolean stuff, since it's so much more trouble than it's worth.

The JITs have to emit inlined marked space allocations instead of inline copy space allocations.

Everyone has to get used to zeroing their butterflies after allocation instead of relying on them being pre-zeroed by the GC. Copied space would zero things for you, while marked space doesn't.

That's about 1/3 of this change. But this led to performance problems, which I fixed with
optimizations that amounted to a major MarkedSpace rewrite:

MarkedSpace always causes internal fragmentation for array allocations because the vector length we choose when we resize usually leads to a cell size that doesn't correspond to any size class. I got around this by making array allocations usually round up vectorLength to the maximum allowed by the size class that we would have allocated in. Also, ensureLengthSlow() and friends first make sure that the requested length can't just be fulfilled with the current allocation size. This safeguard means that not every array allocation has to do size class queries. For example, the fast path of new Array(length) never does any size class queries, under the assumption that (1) the speed gained from avoiding an ensureLengthSlow() call, which then just changes the vectorLength by doing the size class query, is too small to offset the speed lost by doing the query on every allocation and (2) new Array(length) is a pretty good hint that resizing is not very likely.

Size classes in MarkedSpace were way too precise, which led to external fragmentation. This changes MarkedSpace size classes to use a linear progression for very small sizes followed by a geometric progression that naturally transitions to a hyperbolic progression. We want hyperbolic sizes when we get close to blockSize: for example the largest size we want is payloadSize / 2 rounded down, to ensure we get exactly two cells with minimal slop. The next size down should be payloadSize / 3 rounded down, and so on. After the last precise size (80 bytes), we proceed using a geometric progression, but round up each size to minimize slop at the end of the block. This naturally causes the geometric progression to turn hyperbolic for large sizes. The size class configuration happens at VM start-up, so it can be controlled with runtime options. I found that a base of 1.4 works pretty well.

Large allocations caused massive internal fragmentation, since the smallest large allocation had to use exactly blockSize, and the largest small allocation used blockSize / 2. The next size up - the first large allocation size to require two blocks - also had 50% internal fragmentation. This is because we required large allocations to be blockSize aligned, so that MarkedBlock::blockFor() would work. I decided to rewrite all of that. Cells no longer have to be owned by a MarkedBlock. They can now alternatively be owned by a LargeAllocation. These two things are abstracted as CellContainer. You know that a cell is owned by a LargeAllocation if the MarkedBlock::atomSize / 2 bit is set. Basically, large allocations are deliberately misaligned by 8 bytes. This actually works out great since (1) typed arrays won't use large allocations anyway since they have their own malloc fallback and (2) large array butterflies already have a 8 byte header, which means that the 8 byte base misalignment aligns the large array payload on a 16 byte boundary. I took extreme care to make sure that the isLargeAllocation bit checks are as rare as possible; for example, ExecState::vm() skips the check because we know that callees must be small allocations. It's also possible to use template tricks to do one check for cell container kind, and then invoke a function specialized for MarkedBlock or a function specialized for LargeAllocation. LargeAllocation includes stubs for all MarkedBlock methods that get used from functions that are template-specialized like this. That's mostly to speed up the GC marking code. Most other code can use CellContainer API or HeapCell API directly. That's another thing: HeapCell, the common base of JSCell and auxiliary allocations, is now smart enough to do a lot of things for you, like HeapCell::vm(), HeapCell::heap(), HeapCell::isLargeAllocation(), and HeapCell::cellContainer(). The size cutoff for large allocations is runtime-configurable, so long as you don't choose something so small that callees end up large. I found that 400 bytes is roughly optimal. This means that the MarkedBlock size classes end up being:

16, 32, 48, 64, 80, 112, 160, 224, 320

The next size class would have been 432, but that's above the 400 byte cutoff. All of this
is configurable with --sizeClassProgression and --largeAllocationCutoff. You can see what
size classes you end up with by doing --dumpSizeClasses=true.

Copied space uses 64KB blocks, while marked space used to use 16KB blocks. Allocating a lot of stuff in 16KB blocks was slower than allocating it in 64KB blocks because the GC had a lot of per-block overhead. I removed this overhead: It's now 2x faster to scan all MarkedBlocks because the list that contains the interesting meta-data is allocated on the side, for better locality during a sequential walk. It's no longer necessary to scan MarkedBlocks to find WeakSets, since the sets of WeakSets for eden scan and full scan are maintained on-the-fly. It's no longer necessary to scan all MarkedBlocks to clear mark bits because we now use versioned mark bits: to clear then, just increment the 64-bit heap version. It's no longer necessary to scan retired MarkedBlocks while allocating because marking retires them on-the-fly. It's no longer necessary to sort all blocks in the IncrementalSweeper's snapshot because blocks now know if they are in the snapshot. Put together, these optimizations allowed me to reduce block size to 16KB without losing much performance. There is some small perf loss on JetStream/splay, but not enough to hurt JetStream overall. I tried reducing block sizes further, to 4KB, since that is a progression on membuster. That's not possible yet, since there is still enough per-block overhead yet that such a reduction hurts JetStream too much. I filed a bug about improving this further: https://bugs.webkit.org/show_bug.cgi?id=161581.

Even after all of that, copying butterflies was still faster because it allowed us to skip sweeping dead space. A good GC allocates over dead bytes without explicitly freeing them, so the GC pause is O(size of live), not O(size of live + dead). O(dead) is usually much larger than O(live), especially in an eden collection. Copying satisfies this premise while mark+sweep does not. So, I invented a new kind of allocator: bump'n'pop. Previously, our MarkedSpace allocator was a freelist pop. That's simple and easy to inline but requires that we walk the block to build a free list. This means walking dead space. The new allocator allows totally free MarkedBlocks to simply set up a bump-pointer arena instead. The allocator is a hybrid of bump-pointer and freelist pop. It tries bump first. The bump pointer always bumps by cellSize, so the result of filling a block with bumping looks as if we had used freelist popping to fill it. Additionally, each MarkedBlock now has a bit to quickly tell if the block is entirely free. This makes sweeping O(1) whenever a MarkedBlock is completely empty, which is the common case because of the generational hypothesis: the number of objects that survive an eden collection is a tiny fraction of the number of objects that had been allocated, and this fraction is so small that there are typically fewer than one survivors per MarkedBlock. This change was enough to make this change a net win over tip-of-tree.

FTL now shares the same allocation fast paths as everything else, which is great, because bump'n'pop has gnarly control flow. We don't really want B3 to have to think about that control flow, since it won't be able to improve the machine code we write ourselves. GC fast paths are best written in assembly. So, I've empowered B3 to have even better support for Patchpoint terminals. It's now totally fine for a Patchpoint terminal to be non-Void. So, the new FTL allocation fast paths are just Patchpoint terminals that call through to AssemblyHelpers::emitAllocate(). B3 still reasons about things like constant-folding the size class calculation and constant-hoisting the allocator. Also, I gave the FTL the ability to constant-fold some allocator logic (in case we first assume that we're doing a variable-length allocation but then realize that the length is known). I think it makes sense to have constant folding rules in FTL::Output, or whatever the B3 IR builder is, since this makes lowering easier (you can constant fold during lowering more easily) and it reduces the amount of malloc traffic. In the future, we could teach B3 how to better constant-fold this code. That would require allowing loads to be constant-folded, which is doable but hella tricky.

It used to be that if a logical object allocation required two physical allocations (first the butterfly and then the cell), then the JIT would emit the code in such a way that a failure in the second fast path would cause us to forget the successful first physical allocation. This was pointlessly wasteful. It turns out that it's very cheap to devote a register to storing either the butterfly or null, because the butterfly register is anyway going to be free inside the first allocation. The only overhead here is zeroing the butterfly register. With that in place, we can just pass the butterfly-or-null to the slow path, which can then either allocate a butterfly or not. So now we never waste a successful allocation. This patch implements such a solution both in DFG (where it's easy to do this since we control registers already) and in FTL (where it's annoying, because mutable "butterfly-or-null" variables are hard to say in SSA; also I realized that we had code duplicated the JSArray allocation utility, so I deduplicated it). This came up because in one version of this patch, this wastage would resonate with some Kraken benchmark: the benchmark would always allocate N small things followed by one bigger thing. The problem was I accidentally adjusted the various fixed overheads in MarkedBlock in such a way that the JSObject size class, which both the small and big thing shared for their cell, could hold exactly N cells per MarkedBlock. Then the benchmark would always call slow path when it allocated the big thing. So, it would end up having to allocate the big thing's large butterfly twice, every single time! Ouch!

It used to be that we zeroed CopiedBlocks using memset, and so array allocations enjoyed amortization of the cost of zeroing. This doesn't work anymore - it's now up to the client of the allocator to initialize the object to whatever state they need. It used to be that we would just use a dumb loop. I initially changed this so that we would end up in memset for large allocations, but this didn't actually help performance that much. I got a much better result by playing with different memsets written in assembly. First I wrote one using non-temporal stores. That was a small speed-up over memset. Then I tried the classic "rep stos" approach, and holy cow that version was fast. It's a ~20% speed-up on array allocation microbenchmarks. So, this patch adds code paths to do "rep stos" on x86_64, or memset, or use a loop, as appropriate, for both "contiguous" arrays (holes are zero) and double arrays (holes are PNaN). Note that the JIT always emits either a loop or a flat slab of stores (if the size is known), but those paths in the JIT won't trigger for NewArrayWithSize() if the size is large, since that takes us to the operationNewArrayWithSize() slow path, which calls into JSArray::create(). That's why the optimizations here are all in JSArray::create() - that's the hot place for large arrays that need to be filled with holes.

All of this put together gives us neutral perf on JetStream, membuster, and PLT3, a ~1%
regression on Speedometer, and up to a 4% regression Kraken. The Kraken regression is
because Kraken was allocating exactly 1024 element arrays at a rate of 400MB/sec. This is a
best-case scenario for bump allocation. I think that we should fix bmalloc to make up the
difference, but take the hit for now because it's a crazy corner case. By comparison, the
alternative approach of using a copy barrier would have cost us 1-2%. That's the real
apples-to-apples comparison if your premise is that we should have a concurrent GC. After we
finish removing copied space, we will be barrier-ready for concurrent GC: we already have a
marking barrier and we simply won't need a copying barrier. This change gets us there for
the purposes of our benchmarks, since the remaining clients of copied space are not very
important. On the other hand, if we keep copying, then getting barrier-ready would mean
adding back the copy barrier, which costs more perf.

We might get bigger speed-ups once we remove CopiedSpace altogether. That requires moving
typed arrays and a few other weird things over to Aux MarkedSpace.

This also includes some header sanitization. The introduction of AuxiliaryBarrier, HeapCell,
and CellContainer meant that I had to include those files from everywhere. Fortunately,
just including JSCInlines.h (instead of manually including the files that includes) is
usually enough. So, I made most of JSC's cpp files include JSCInlines.h, which is something
that we were already basically doing. In places where JSCInlines.h would be too much, I just
included HeapInlines.h. This got weird, because we previously included HeapInlines.h from
JSObject.h. That's bad because it led to some circular dependencies, so I fixed it - but that
meant having to manually include HeapInlines.h from the places that previously got it
implicitly via JSObject.h. But that led to more problems for some reason: I started getting
build errors because non-JSC files were having trouble including Opcode.h. That's just silly,
since Opcode.h is meant to be an internal JSC header. So, I made it an internal header and
made it impossible to include it from outside JSC. This was a lot of work, but it was
necessary to get the patch to build on all ports. It's also a net win. There were many places
in WebCore that were transitively including a *ton* of JSC headers just because of the
JSObject.h->HeapInlines.h edge and a bunch of dependency edges that arose from some public
(for WebCore) JSC headers needing Interpreter.h or Opcode.h for bad reasons.

API/JSManagedValue.mm:

(-[JSManagedValue initWithValue:]):

API/JSTypedArray.cpp:
API/ObjCCallbackFunction.mm:
API/tests/testapi.mm:

(testObjectiveCAPI):
(testWeakValue): Deleted.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
Scripts/builtins/builtins_generate_combined_implementation.py:

(BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):

Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:

(BuiltinsInternalsWrapperImplementationGenerator.generate_secondary_header_includes):

Scripts/builtins/builtins_generate_separate_implementation.py:

(BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):

assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::JumpList::link):
(JSC::AbstractMacroAssembler::JumpList::linkTo):

assembler/MacroAssembler.h:
assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::add32):

assembler/MacroAssemblerCodeRef.cpp: Added.

(JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
(JSC::MacroAssemblerCodePtr::dumpWithName):
(JSC::MacroAssemblerCodePtr::dump):
(JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
(JSC::MacroAssemblerCodeRef::dump):

assembler/MacroAssemblerCodeRef.h:

(JSC::MacroAssemblerCodePtr::createLLIntCodePtr): Deleted.
(JSC::MacroAssemblerCodePtr::dumpWithName): Deleted.
(JSC::MacroAssemblerCodePtr::dump): Deleted.
(JSC::MacroAssemblerCodeRef::createLLIntCodeRef): Deleted.
(JSC::MacroAssemblerCodeRef::dump): Deleted.

b3/B3BasicBlock.cpp:

(JSC::B3::BasicBlock::appendBoolConstant):

b3/B3BasicBlock.h:
b3/B3DuplicateTails.cpp:
b3/B3StackmapGenerationParams.h:
b3/testb3.cpp:

(JSC::B3::testPatchpointTerminalReturnValue):
(JSC::B3::run):

bindings/ScriptValue.cpp:
bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
bytecode/BytecodeBasicBlock.cpp:
bytecode/BytecodeLivenessAnalysis.cpp:
bytecode/BytecodeUseDef.h:
bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::callTypeFor):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::callTypeFor): Deleted.

bytecode/CallLinkStatus.cpp:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::clearLLIntGetByIdCache):
(JSC::CodeBlock::predictedMachineCodeSize):

bytecode/CodeBlock.h:

(JSC::CodeBlock::jitCodeMap): Deleted.
(JSC::clearLLIntGetByIdCache): Deleted.

bytecode/ExecutionCounter.h:
bytecode/Instruction.h:
bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:

(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):

bytecode/ObjectAllocationProfile.h:

(JSC::ObjectAllocationProfile::isNull):
(JSC::ObjectAllocationProfile::initialize):

bytecode/Opcode.h:

(JSC::padOpcodeName):

bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generateImpl):
(JSC::PolymorphicAccess::regenerate):

bytecode/PolymorphicAccess.h:
bytecode/PreciseJumpTargets.cpp:
bytecode/StructureStubInfo.cpp:
bytecode/StructureStubInfo.h:
bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm): Deleted.

bytecode/UnlinkedCodeBlock.h:
bytecode/UnlinkedInstructionStream.cpp:
bytecode/UnlinkedInstructionStream.h:
dfg/DFGOperations.cpp:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):

dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

ftl/FTLAbstractHeapRepository.h:
ftl/FTLCompile.cpp:
ftl/FTLJITFinalizer.cpp:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
(JSC::FTL::DFG::LowerDFGToB3::allocateArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileAllocateArrayWithSize): Deleted.

ftl/FTLOutput.cpp:

(JSC::FTL::Output::constBool):
(JSC::FTL::Output::add):
(JSC::FTL::Output::shl):
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::zeroExt):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
(JSC::FTL::Output::above):
(JSC::FTL::Output::aboveOrEqual):
(JSC::FTL::Output::below):
(JSC::FTL::Output::belowOrEqual):
(JSC::FTL::Output::greaterThan):
(JSC::FTL::Output::greaterThanOrEqual):
(JSC::FTL::Output::lessThan):
(JSC::FTL::Output::lessThanOrEqual):
(JSC::FTL::Output::select):
(JSC::FTL::Output::appendSuccessor):
(JSC::FTL::Output::addIncomingToPhi):

ftl/FTLOutput.h:
ftl/FTLValueFromBlock.h:

(JSC::FTL::ValueFromBlock::operator bool):
(JSC::FTL::ValueFromBlock::ValueFromBlock): Deleted.

ftl/FTLWeightedTarget.h:

(JSC::FTL::WeightedTarget::frequentedBlock):

heap/CellContainer.h: Added.

(JSC::CellContainer::CellContainer):
(JSC::CellContainer::operator bool):
(JSC::CellContainer::isMarkedBlock):
(JSC::CellContainer::isLargeAllocation):
(JSC::CellContainer::markedBlock):
(JSC::CellContainer::largeAllocation):

heap/CellContainerInlines.h: Added.

(JSC::CellContainer::isMarked):
(JSC::CellContainer::isMarkedOrNewlyAllocated):
(JSC::CellContainer::noteMarked):
(JSC::CellContainer::cellSize):
(JSC::CellContainer::weakSet):
(JSC::CellContainer::flipIfNecessary):

heap/ConservativeRoots.cpp:

(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::ConservativeRoots::grow):
(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):

heap/ConservativeRoots.h:

(JSC::ConservativeRoots::roots):

heap/CopyToken.h:
heap/FreeList.cpp: Added.

(JSC::FreeList::dump):

heap/FreeList.h: Added.

(JSC::FreeList::FreeList):
(JSC::FreeList::list):
(JSC::FreeList::bump):
(JSC::FreeList::operator==):
(JSC::FreeList::operator!=):
(JSC::FreeList::operator bool):
(JSC::FreeList::allocationWillFail):
(JSC::FreeList::allocationWillSucceed):

heap/GCTypeMap.h: Added.

(JSC::GCTypeMap::operator[]):

heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::gatherStackRoots):
(JSC::Heap::gatherJSStackRoots):
(JSC::Heap::gatherScratchBufferRoots):
(JSC::Heap::clearLivenessData):
(JSC::Heap::visitSmallStrings):
(JSC::Heap::visitConservativeRoots):
(JSC::Heap::removeDeadCompilerWorklistEntries):
(JSC::Heap::gatherExtraHeapSnapshotData):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::visitProtectedObjects):
(JSC::Heap::visitArgumentBuffers):
(JSC::Heap::visitException):
(JSC::Heap::visitStrongHandles):
(JSC::Heap::visitHandleStack):
(JSC::Heap::visitSamplingProfiler):
(JSC::Heap::traceCodeBlocksAndJITStubRoutines):
(JSC::Heap::converge):
(JSC::Heap::visitWeakHandles):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::clearUnmarkedExecutables):
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::collectWithoutAnySweep):
(JSC::Heap::collectImpl):
(JSC::Heap::suspendCompilerThreads):
(JSC::Heap::willStartCollection):
(JSC::Heap::flushOldStructureIDTables):
(JSC::Heap::flushWriteBarrierBuffer):
(JSC::Heap::stopAllocation):
(JSC::Heap::prepareForMarking):
(JSC::Heap::reapWeakHandles):
(JSC::Heap::pruneStaleEntriesFromWeakGCMaps):
(JSC::Heap::sweepArrayBuffers):
(JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
(JSC::MarkedBlockSnapshotFunctor::operator()):
(JSC::Heap::snapshotMarkedSpace):
(JSC::Heap::deleteSourceProviderCaches):
(JSC::Heap::notifyIncrementalSweeper):
(JSC::Heap::writeBarrierCurrentlyExecutingCodeBlocks):
(JSC::Heap::resetAllocators):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::didFinishCollection):
(JSC::Heap::resumeCompilerThreads):
(JSC::Zombify::visit):
(JSC::Heap::forEachCodeBlockImpl):

heap/Heap.h:

(JSC::Heap::allocatorForObjectWithoutDestructor):
(JSC::Heap::allocatorForObjectWithDestructor):
(JSC::Heap::allocatorForAuxiliaryData):
(JSC::Heap::jitStubRoutines):
(JSC::Heap::codeBlockSet):
(JSC::Heap::storageAllocator): Deleted.

heap/HeapCell.h:

(JSC::HeapCell::isZapped): Deleted.

heap/HeapCellInlines.h: Added.

(JSC::HeapCell::isLargeAllocation):
(JSC::HeapCell::cellContainer):
(JSC::HeapCell::markedBlock):
(JSC::HeapCell::largeAllocation):
(JSC::HeapCell::heap):
(JSC::HeapCell::vm):
(JSC::HeapCell::cellSize):
(JSC::HeapCell::allocatorAttributes):
(JSC::HeapCell::destructionMode):
(JSC::HeapCell::cellKind):

heap/HeapInlines.h:

(JSC::Heap::heap):
(JSC::Heap::isLive):
(JSC::Heap::isMarked):
(JSC::Heap::testAndSetMarked):
(JSC::Heap::setMarked):
(JSC::Heap::cellSize):
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::allocateObjectOfType):
(JSC::Heap::subspaceForObjectOfType):
(JSC::Heap::allocatorForObjectOfType):
(JSC::Heap::allocateAuxiliary):
(JSC::Heap::tryAllocateAuxiliary):
(JSC::Heap::tryReallocateAuxiliary):
(JSC::Heap::isPointerGCObject): Deleted.
(JSC::Heap::isValueGCObject): Deleted.

heap/HeapOperation.cpp: Added.

(WTF::printInternal):

heap/HeapOperation.h:
heap/HeapUtil.h: Added.

(JSC::HeapUtil::findGCObjectPointersForMarking):
(JSC::HeapUtil::isPointerGCObjectJSCell):
(JSC::HeapUtil::isValueGCObject):

heap/IncrementalSweeper.cpp:

(JSC::IncrementalSweeper::sweepNextBlock):

heap/IncrementalSweeper.h:
heap/LargeAllocation.cpp: Added.

(JSC::LargeAllocation::tryCreate):
(JSC::LargeAllocation::LargeAllocation):
(JSC::LargeAllocation::lastChanceToFinalize):
(JSC::LargeAllocation::shrink):
(JSC::LargeAllocation::visitWeakSet):
(JSC::LargeAllocation::reapWeakSet):
(JSC::LargeAllocation::flip):
(JSC::LargeAllocation::isEmpty):
(JSC::LargeAllocation::sweep):
(JSC::LargeAllocation::destroy):
(JSC::LargeAllocation::dump):

heap/LargeAllocation.h: Added.

(JSC::LargeAllocation::fromCell):
(JSC::LargeAllocation::cell):
(JSC::LargeAllocation::isLargeAllocation):
(JSC::LargeAllocation::heap):
(JSC::LargeAllocation::vm):
(JSC::LargeAllocation::weakSet):
(JSC::LargeAllocation::clearNewlyAllocated):
(JSC::LargeAllocation::isNewlyAllocated):
(JSC::LargeAllocation::isMarked):
(JSC::LargeAllocation::isMarkedOrNewlyAllocated):
(JSC::LargeAllocation::isLive):
(JSC::LargeAllocation::hasValidCell):
(JSC::LargeAllocation::cellSize):
(JSC::LargeAllocation::aboveLowerBound):
(JSC::LargeAllocation::belowUpperBound):
(JSC::LargeAllocation::contains):
(JSC::LargeAllocation::attributes):
(JSC::LargeAllocation::flipIfNecessary):
(JSC::LargeAllocation::flipIfNecessaryConcurrently):
(JSC::LargeAllocation::testAndSetMarked):
(JSC::LargeAllocation::setMarked):
(JSC::LargeAllocation::clearMarked):
(JSC::LargeAllocation::noteMarked):
(JSC::LargeAllocation::headerSize):

heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::MarkedAllocator):
(JSC::MarkedAllocator::isPagedOut):
(JSC::MarkedAllocator::retire):
(JSC::MarkedAllocator::filterNextBlock):
(JSC::MarkedAllocator::setNextBlockToSweep):
(JSC::MarkedAllocator::tryAllocateWithoutCollectingImpl):
(JSC::MarkedAllocator::tryAllocateWithoutCollecting):
(JSC::MarkedAllocator::allocateSlowCase):
(JSC::MarkedAllocator::tryAllocateSlowCase):
(JSC::MarkedAllocator::allocateSlowCaseImpl):
(JSC::blockHeaderSize):
(JSC::MarkedAllocator::blockSizeForBytes):
(JSC::MarkedAllocator::tryAllocateBlock):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::removeBlock):
(JSC::MarkedAllocator::stopAllocating):
(JSC::MarkedAllocator::reset):
(JSC::MarkedAllocator::lastChanceToFinalize):
(JSC::MarkedAllocator::setFreeList):
(JSC::isListPagedOut): Deleted.
(JSC::MarkedAllocator::tryAllocateHelper): Deleted.
(JSC::MarkedAllocator::tryPopFreeList): Deleted.
(JSC::MarkedAllocator::tryAllocate): Deleted.
(JSC::MarkedAllocator::allocateBlock): Deleted.

heap/MarkedAllocator.h:

(JSC::MarkedAllocator::takeLastActiveBlock):
(JSC::MarkedAllocator::offsetOfFreeList):
(JSC::MarkedAllocator::offsetOfCellSize):
(JSC::MarkedAllocator::tryAllocate):
(JSC::MarkedAllocator::allocate):
(JSC::MarkedAllocator::forEachBlock):
(JSC::MarkedAllocator::offsetOfFreeListHead): Deleted.
(JSC::MarkedAllocator::MarkedAllocator): Deleted.
(JSC::MarkedAllocator::init): Deleted.
(JSC::MarkedAllocator::stopAllocating): Deleted.

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::tryCreate):
(JSC::MarkedBlock::Handle::Handle):
(JSC::MarkedBlock::Handle::~Handle):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::sweep):
(JSC::MarkedBlock::Handle::sweepHelperSelectScribbleMode):
(JSC::MarkedBlock::Handle::sweepHelperSelectStateAndSweepMode):
(JSC::MarkedBlock::Handle::unsweepWithNoNewlyAllocated):
(JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
(JSC::SetNewlyAllocatedFunctor::operator()):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::Handle::zap):
(JSC::MarkedBlock::Handle::forEachFreeCell):
(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::Handle::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessarySlow):
(JSC::MarkedBlock::flipIfNecessaryConcurrentlySlow):
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::assertFlipped):
(JSC::MarkedBlock::needsFlip):
(JSC::MarkedBlock::Handle::needsFlip):
(JSC::MarkedBlock::Handle::willRemoveBlock):
(JSC::MarkedBlock::Handle::didConsumeFreeList):
(JSC::MarkedBlock::markCount):
(JSC::MarkedBlock::Handle::isEmpty):
(JSC::MarkedBlock::clearHasAnyMarked):
(JSC::MarkedBlock::noteMarkedSlow):
(WTF::printInternal):
(JSC::MarkedBlock::create): Deleted.
(JSC::MarkedBlock::destroy): Deleted.
(JSC::MarkedBlock::callDestructor): Deleted.
(JSC::MarkedBlock::specializedSweep): Deleted.
(JSC::MarkedBlock::sweep): Deleted.
(JSC::MarkedBlock::sweepHelper): Deleted.
(JSC::MarkedBlock::stopAllocating): Deleted.
(JSC::MarkedBlock::clearMarksWithCollectionType): Deleted.
(JSC::MarkedBlock::lastChanceToFinalize): Deleted.
(JSC::MarkedBlock::resumeAllocating): Deleted.
(JSC::MarkedBlock::didRetireBlock): Deleted.

heap/MarkedBlock.h:

(JSC::MarkedBlock::VoidFunctor::returnValue):
(JSC::MarkedBlock::CountFunctor::CountFunctor):
(JSC::MarkedBlock::CountFunctor::count):
(JSC::MarkedBlock::CountFunctor::returnValue):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
(JSC::MarkedBlock::Handle::isOnBlocksToSweep):
(JSC::MarkedBlock::Handle::setIsOnBlocksToSweep):
(JSC::MarkedBlock::Handle::state):
(JSC::MarkedBlock::needsDestruction):
(JSC::MarkedBlock::handle):
(JSC::MarkedBlock::Handle::block):
(JSC::MarkedBlock::firstAtom):
(JSC::MarkedBlock::atoms):
(JSC::MarkedBlock::isAtomAligned):
(JSC::MarkedBlock::Handle::cellAlign):
(JSC::MarkedBlock::blockFor):
(JSC::MarkedBlock::Handle::allocator):
(JSC::MarkedBlock::Handle::heap):
(JSC::MarkedBlock::Handle::vm):
(JSC::MarkedBlock::vm):
(JSC::MarkedBlock::Handle::weakSet):
(JSC::MarkedBlock::weakSet):
(JSC::MarkedBlock::Handle::shrink):
(JSC::MarkedBlock::Handle::visitWeakSet):
(JSC::MarkedBlock::Handle::reapWeakSet):
(JSC::MarkedBlock::Handle::cellSize):
(JSC::MarkedBlock::cellSize):
(JSC::MarkedBlock::Handle::attributes):
(JSC::MarkedBlock::attributes):
(JSC::MarkedBlock::Handle::needsDestruction):
(JSC::MarkedBlock::Handle::destruction):
(JSC::MarkedBlock::Handle::cellKind):
(JSC::MarkedBlock::Handle::markCount):
(JSC::MarkedBlock::Handle::size):
(JSC::MarkedBlock::atomNumber):
(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessaryConcurrently):
(JSC::MarkedBlock::Handle::flipIfNecessary):
(JSC::MarkedBlock::Handle::flipIfNecessaryConcurrently):
(JSC::MarkedBlock::Handle::flipForEdenCollection):
(JSC::MarkedBlock::assertFlipped):
(JSC::MarkedBlock::Handle::assertFlipped):
(JSC::MarkedBlock::isMarked):
(JSC::MarkedBlock::testAndSetMarked):
(JSC::MarkedBlock::Handle::isNewlyAllocated):
(JSC::MarkedBlock::Handle::setNewlyAllocated):
(JSC::MarkedBlock::Handle::clearNewlyAllocated):
(JSC::MarkedBlock::Handle::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::isAtom):
(JSC::MarkedBlock::Handle::isLiveCell):
(JSC::MarkedBlock::Handle::forEachCell):
(JSC::MarkedBlock::Handle::forEachLiveCell):
(JSC::MarkedBlock::Handle::forEachDeadCell):
(JSC::MarkedBlock::Handle::needsSweeping):
(JSC::MarkedBlock::Handle::isAllocated):
(JSC::MarkedBlock::Handle::isMarked):
(JSC::MarkedBlock::Handle::isFreeListed):
(JSC::MarkedBlock::hasAnyMarked):
(JSC::MarkedBlock::noteMarked):
(WTF::MarkedBlockHash::hash):
(JSC::MarkedBlock::FreeList::FreeList): Deleted.
(JSC::MarkedBlock::allocator): Deleted.
(JSC::MarkedBlock::heap): Deleted.
(JSC::MarkedBlock::shrink): Deleted.
(JSC::MarkedBlock::visitWeakSet): Deleted.
(JSC::MarkedBlock::reapWeakSet): Deleted.
(JSC::MarkedBlock::willRemoveBlock): Deleted.
(JSC::MarkedBlock::didConsumeFreeList): Deleted.
(JSC::MarkedBlock::markCount): Deleted.
(JSC::MarkedBlock::isEmpty): Deleted.
(JSC::MarkedBlock::destruction): Deleted.
(JSC::MarkedBlock::cellKind): Deleted.
(JSC::MarkedBlock::size): Deleted.
(JSC::MarkedBlock::capacity): Deleted.
(JSC::MarkedBlock::setMarked): Deleted.
(JSC::MarkedBlock::clearMarked): Deleted.
(JSC::MarkedBlock::isNewlyAllocated): Deleted.
(JSC::MarkedBlock::setNewlyAllocated): Deleted.
(JSC::MarkedBlock::clearNewlyAllocated): Deleted.
(JSC::MarkedBlock::isLive): Deleted.
(JSC::MarkedBlock::isLiveCell): Deleted.
(JSC::MarkedBlock::forEachCell): Deleted.
(JSC::MarkedBlock::forEachLiveCell): Deleted.
(JSC::MarkedBlock::forEachDeadCell): Deleted.
(JSC::MarkedBlock::needsSweeping): Deleted.
(JSC::MarkedBlock::isAllocated): Deleted.
(JSC::MarkedBlock::isMarkedOrRetired): Deleted.

heap/MarkedSpace.cpp:

(JSC::MarkedSpace::initializeSizeClassForStepSize):
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::tryAllocate):
(JSC::MarkedSpace::allocateLarge):
(JSC::MarkedSpace::tryAllocateLarge):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::sweepLargeAllocations):
(JSC::MarkedSpace::zombifySweep):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::MarkedSpace::stopAllocating):
(JSC::MarkedSpace::prepareForMarking):
(JSC::MarkedSpace::resumeAllocating):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::freeBlock):
(JSC::MarkedSpace::freeOrShrinkBlock):
(JSC::MarkedSpace::shrink):
(JSC::MarkedSpace::clearNewlyAllocated):
(JSC::VerifyMarked::operator()):
(JSC::MarkedSpace::flip):
(JSC::MarkedSpace::objectCount):
(JSC::MarkedSpace::size):
(JSC::MarkedSpace::capacity):
(JSC::MarkedSpace::addActiveWeakSet):
(JSC::MarkedSpace::didAddBlock):
(JSC::MarkedSpace::didAllocateInBlock):
(JSC::MarkedSpace::forEachAllocator): Deleted.
(JSC::VerifyMarkedOrRetired::operator()): Deleted.
(JSC::MarkedSpace::clearMarks): Deleted.

heap/MarkedSpace.h:

(JSC::MarkedSpace::sizeClassToIndex):
(JSC::MarkedSpace::indexToSizeClass):
(JSC::MarkedSpace::version):
(JSC::MarkedSpace::blocksWithNewObjects):
(JSC::MarkedSpace::largeAllocations):
(JSC::MarkedSpace::largeAllocationsNurseryOffset):
(JSC::MarkedSpace::largeAllocationsOffsetForThisCollection):
(JSC::MarkedSpace::largeAllocationsForThisCollectionBegin):
(JSC::MarkedSpace::largeAllocationsForThisCollectionEnd):
(JSC::MarkedSpace::largeAllocationsForThisCollectionSize):
(JSC::MarkedSpace::forEachLiveCell):
(JSC::MarkedSpace::forEachDeadCell):
(JSC::MarkedSpace::allocatorFor):
(JSC::MarkedSpace::destructorAllocatorFor):
(JSC::MarkedSpace::auxiliaryAllocatorFor):
(JSC::MarkedSpace::allocateWithoutDestructor):
(JSC::MarkedSpace::allocateWithDestructor):
(JSC::MarkedSpace::allocateAuxiliary):
(JSC::MarkedSpace::tryAllocateAuxiliary):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::forEachAllocator):
(JSC::MarkedSpace::optimalSizeFor):
(JSC::MarkedSpace::didAddBlock): Deleted.
(JSC::MarkedSpace::didAllocateInBlock): Deleted.
(JSC::MarkedSpace::objectCount): Deleted.
(JSC::MarkedSpace::size): Deleted.
(JSC::MarkedSpace::capacity): Deleted.

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::SlotVisitor):
(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::reset):
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::appendJSCellOrAuxiliary):
(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::markAuxiliary):
(JSC::SlotVisitor::noteLiveAuxiliaryCell):
(JSC::SlotVisitor::visitChildren):

heap/SlotVisitor.h:
heap/WeakBlock.cpp:

(JSC::WeakBlock::create):
(JSC::WeakBlock::WeakBlock):
(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):

heap/WeakBlock.h:

(JSC::WeakBlock::disconnectContainer):
(JSC::WeakBlock::disconnectMarkedBlock): Deleted.

heap/WeakSet.cpp:

(JSC::WeakSet::~WeakSet):
(JSC::WeakSet::sweep):
(JSC::WeakSet::shrink):
(JSC::WeakSet::addAllocator):

heap/WeakSet.h:

(JSC::WeakSet::container):
(JSC::WeakSet::setContainer):
(JSC::WeakSet::WeakSet):
(JSC::WeakSet::visit):
(JSC::WeakSet::shrink): Deleted.

heap/WeakSetInlines.h:

(JSC::WeakSet::allocate):

inspector/InjectedScriptManager.cpp:
inspector/JSGlobalObjectInspectorController.cpp:
inspector/JSJavaScriptCallFrame.cpp:
inspector/ScriptDebugServer.cpp:
inspector/agents/InspectorDebuggerAgent.cpp:
interpreter/CachedCall.h:

(JSC::CachedCall::CachedCall):

interpreter/Interpreter.cpp:

(JSC::loadVarargs):
(JSC::StackFrame::sourceID): Deleted.
(JSC::StackFrame::sourceURL): Deleted.
(JSC::StackFrame::functionName): Deleted.
(JSC::StackFrame::computeLineAndColumn): Deleted.
(JSC::StackFrame::toString): Deleted.

interpreter/Interpreter.h:

(JSC::StackFrame::isNative): Deleted.

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocate):
(JSC::AssemblyHelpers::emitAllocateJSCell):
(JSC::AssemblyHelpers::emitAllocateJSObject):
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
(JSC::AssemblyHelpers::emitAllocateVariableSized):

jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):

jit/JIT.cpp:

(JSC::JIT::compileCTINativeCall):
(JSC::JIT::link):

jit/JIT.h:

(JSC::JIT::compileCTINativeCall): Deleted.

jit/JITExceptions.cpp:

(JSC::genericUnwind):

jit/JITExceptions.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emitWriteBarrier):

jit/JITThunks.cpp:
jit/JITThunks.h:
jsc.cpp:

(functionDescribeArray):
(main):

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LLIntExceptions.cpp:
llint/LLIntThunks.cpp:
llint/LLIntThunks.h:
llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter.cpp:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
parser/ModuleAnalyzer.cpp:
parser/NodeConstructors.h:
parser/Nodes.h:
profiler/ProfilerBytecode.cpp:
profiler/ProfilerBytecode.h:
profiler/ProfilerBytecodeSequence.cpp:
runtime/ArrayConventions.h:

(JSC::indexingHeaderForArrayStorage):
(JSC::baseIndexingHeaderForArrayStorage):
(JSC::indexingHeaderForArray): Deleted.
(JSC::baseIndexingHeaderForArray): Deleted.

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSplice):
(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncConcatMemcpy):

runtime/ArrayStorage.h:

(JSC::ArrayStorage::vectorLength):
(JSC::ArrayStorage::totalSizeFor):
(JSC::ArrayStorage::totalSize):
(JSC::ArrayStorage::availableVectorLength):
(JSC::ArrayStorage::optimalVectorLength):
(JSC::ArrayStorage::sizeFor): Deleted.

runtime/AuxiliaryBarrier.h: Added.

(JSC::AuxiliaryBarrier::AuxiliaryBarrier):
(JSC::AuxiliaryBarrier::clear):
(JSC::AuxiliaryBarrier::get):
(JSC::AuxiliaryBarrier::slot):
(JSC::AuxiliaryBarrier::operator bool):
(JSC::AuxiliaryBarrier::setWithoutBarrier):

runtime/AuxiliaryBarrierInlines.h: Added.

(JSC::AuxiliaryBarrier<T>::AuxiliaryBarrier):
(JSC::AuxiliaryBarrier<T>::set):

runtime/Butterfly.h:
runtime/ButterflyInlines.h:

(JSC::Butterfly::availableContiguousVectorLength):
(JSC::Butterfly::optimalContiguousVectorLength):
(JSC::Butterfly::createUninitialized):
(JSC::Butterfly::growArrayRight):

runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::createEmpty):

runtime/CommonSlowPathsExceptions.cpp:
runtime/CommonSlowPathsExceptions.h:
runtime/DataView.cpp:
runtime/DirectArguments.h:
runtime/ECMAScriptSpecInternalFunctions.cpp:
runtime/Error.cpp:
runtime/Error.h:
runtime/ErrorInstance.cpp:
runtime/ErrorInstance.h:
runtime/Exception.cpp:
runtime/Exception.h:
runtime/GeneratorFrame.cpp:
runtime/GeneratorPrototype.cpp:
runtime/InternalFunction.cpp:

(JSC::InternalFunction::InternalFunction):

runtime/IntlCollator.cpp:
runtime/IntlCollatorConstructor.cpp:
runtime/IntlCollatorPrototype.cpp:
runtime/IntlDateTimeFormat.cpp:
runtime/IntlDateTimeFormatConstructor.cpp:
runtime/IntlDateTimeFormatPrototype.cpp:
runtime/IntlNumberFormat.cpp:
runtime/IntlNumberFormatConstructor.cpp:
runtime/IntlNumberFormatPrototype.cpp:
runtime/IntlObject.cpp:
runtime/IteratorPrototype.cpp:
runtime/JSArray.cpp:

(JSC::JSArray::tryCreateUninitialized):
(JSC::JSArray::setLengthWritable):
(JSC::JSArray::unshiftCountSlowCase):
(JSC::JSArray::setLengthWithArrayStorage):
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::push):
(JSC::JSArray::fastSlice):
(JSC::JSArray::shiftCountWithArrayStorage):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithArrayStorage):
(JSC::JSArray::fillArgList):
(JSC::JSArray::copyToArguments):

runtime/JSArray.h:

(JSC::createContiguousArrayButterfly):
(JSC::createArrayButterfly):
(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized): Deleted.

runtime/JSArrayBufferView.h:
runtime/JSCInlines.h:
runtime/JSCJSValue.cpp:

(JSC::JSValue::dumpInContextAssumingStructure):

runtime/JSCallee.cpp:

(JSC::JSCallee::JSCallee):

runtime/JSCell.cpp:

(JSC::JSCell::estimatedSize):

runtime/JSCell.h:

(JSC::JSCell::cellStateOffset): Deleted.

runtime/JSCellInlines.h:

(JSC::ExecState::vm):
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
(JSC::JSCell::vm): Deleted.

runtime/JSFunction.cpp:

(JSC::JSFunction::create):
(JSC::JSFunction::allocateAndInitializeRareData):
(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::put):
(JSC::JSFunction::deleteProperty):
(JSC::JSFunction::defineOwnProperty):
(JSC::JSFunction::setFunctionName):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyName):
(JSC::JSFunction::reifyLazyPropertyIfNeeded):
(JSC::JSFunction::reifyBoundNameIfNeeded):

runtime/JSFunction.h:
runtime/JSFunctionInlines.h:

(JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
(JSC::JSFunction::JSFunction):

runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):

runtime/JSInternalPromise.cpp:
runtime/JSInternalPromiseConstructor.cpp:
runtime/JSInternalPromiseDeferred.cpp:
runtime/JSInternalPromisePrototype.cpp:
runtime/JSJob.cpp:
runtime/JSMapIterator.cpp:
runtime/JSModuleNamespaceObject.cpp:
runtime/JSModuleRecord.cpp:
runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::createInitialArrayStorage):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
(JSC::JSObject::getNewVectorLength):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::growOutOfLineStorage):
(JSC::JSObject::copyButterfly): Deleted.
(JSC::JSObject::copyBackingStore): Deleted.

runtime/JSObject.h:

(JSC::JSObject::globalObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::setStructureAndReallocateStorageIfNecessary): Deleted.

runtime/JSObjectInlines.h:
runtime/JSPromise.cpp:
runtime/JSPromiseConstructor.cpp:
runtime/JSPromiseDeferred.cpp:
runtime/JSPromisePrototype.cpp:
runtime/JSPropertyNameIterator.cpp:
runtime/JSScope.cpp:

(JSC::JSScope::resolve):

runtime/JSScope.h:

(JSC::JSScope::globalObject):
(JSC::JSScope::vm): Deleted.

runtime/JSSetIterator.cpp:
runtime/JSStringIterator.cpp:
runtime/JSTemplateRegistryKey.cpp:
runtime/JSTypedArrayViewConstructor.cpp:
runtime/JSTypedArrayViewPrototype.cpp:
runtime/JSWeakMap.cpp:
runtime/JSWeakSet.cpp:
runtime/MapConstructor.cpp:
runtime/MapIteratorPrototype.cpp:
runtime/MapPrototype.cpp:
runtime/NativeErrorConstructor.cpp:
runtime/NativeStdFunctionCell.cpp:
runtime/Operations.h:

(JSC::scribbleFreeCells):
(JSC::scribble):

runtime/Options.h:
runtime/PropertyTable.cpp:
runtime/ProxyConstructor.cpp:
runtime/ProxyObject.cpp:
runtime/ProxyRevoke.cpp:
runtime/RegExp.cpp:

(JSC::RegExp::match):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::matchCompareWithInterpreter):

runtime/RegExp.h:
runtime/RegExpConstructor.h:
runtime/RegExpInlines.h:

(JSC::RegExp::matchInline):

runtime/RegExpMatchesArray.h:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):

runtime/RegExpPrototype.cpp:

(JSC::genericSplit):

runtime/RuntimeType.cpp:
runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::processUnverifiedStackTraces):

runtime/SetConstructor.cpp:
runtime/SetIteratorPrototype.cpp:
runtime/SetPrototype.cpp:
runtime/StackFrame.cpp: Added.

(JSC::StackFrame::sourceID):
(JSC::StackFrame::sourceURL):
(JSC::StackFrame::functionName):
(JSC::StackFrame::computeLineAndColumn):
(JSC::StackFrame::toString):

runtime/StackFrame.h: Added.

(JSC::StackFrame::isNative):

runtime/StringConstructor.cpp:
runtime/StringIteratorPrototype.cpp:
runtime/StructureInlines.h:

(JSC::Structure::propertyTable):

runtime/TemplateRegistry.cpp:
runtime/TestRunnerUtils.cpp:

(JSC::finalizeStatsAtEndOfTesting):

runtime/TestRunnerUtils.h:
runtime/TypeProfilerLog.cpp:
runtime/TypeSet.cpp:
runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::ensureStackCapacityForCLoop):
(JSC::VM::isSafeToRecurseSoftCLoop):

runtime/VM.h:
runtime/VMEntryScope.h:
runtime/VMInlines.h:

(JSC::VM::ensureStackCapacityFor):
(JSC::VM::isSafeToRecurseSoft):

runtime/WeakMapConstructor.cpp:
runtime/WeakMapData.cpp:
runtime/WeakMapPrototype.cpp:
runtime/WeakSetConstructor.cpp:
runtime/WeakSetPrototype.cpp:
testRegExp.cpp:

(testOneRegExp):

tools/JSDollarVM.cpp:
tools/JSDollarVMPrototype.cpp:

(JSC::JSDollarVMPrototype::isInObjectSpace):

Source/WebCore:

No new tests because no new WebCore behavior.

Just rewiring #includes.

ForwardingHeaders/heap/HeapInlines.h: Added.
ForwardingHeaders/interpreter/Interpreter.h: Removed.
ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h: Added.
Modules/indexeddb/IDBCursorWithValue.cpp:
Modules/indexeddb/client/TransactionOperation.cpp:
Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
Modules/indexeddb/server/UniqueIDBDatabase.cpp:
bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp:
bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp:
bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp:
bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
bindings/js/JSClientRectCustom.cpp:
bindings/js/JSDOMBinding.cpp:
bindings/js/JSDOMBinding.h:
bindings/js/JSDeviceMotionEventCustom.cpp:
bindings/js/JSDeviceOrientationEventCustom.cpp:
bindings/js/JSErrorEventCustom.cpp:
bindings/js/JSIDBCursorWithValueCustom.cpp:
bindings/js/JSIDBIndexCustom.cpp:
bindings/js/JSPopStateEventCustom.cpp:
bindings/js/JSWebGL2RenderingContextCustom.cpp:
bindings/js/JSWorkerGlobalScopeCustom.cpp:
bindings/js/WorkerScriptController.cpp:
contentextensions/ContentExtensionParser.cpp:
dom/ErrorEvent.cpp:
html/HTMLCanvasElement.cpp:
html/MediaDocument.cpp:
inspector/CommandLineAPIModule.cpp:
loader/EmptyClients.cpp:
page/CaptionUserPreferences.cpp:
page/Frame.cpp:
page/PageGroup.cpp:
page/UserContentController.cpp:
platform/mock/mediasource/MockBox.cpp:
testing/GCObservation.cpp:

Source/WebKit2:

Just rewiring some #includes.

UIProcess/ViewGestureController.cpp:
UIProcess/WebPageProxy.cpp:
UIProcess/WebProcessPool.cpp:
UIProcess/WebProcessProxy.cpp:
WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
WebProcess/Plugins/Netscape/JSNPObject.cpp:

Source/WTF:

I needed tryFastAlignedMalloc() so I added it.

wtf/FastMalloc.cpp:

(WTF::tryFastAlignedMalloc):

wtf/FastMalloc.h:
wtf/ParkingLot.cpp:

(WTF::ParkingLot::forEachImpl):
(WTF::ParkingLot::forEach): Deleted.

wtf/ParkingLot.h:

(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::forEach):

wtf/ScopedLambda.h:

(WTF::scopedLambdaRef):

wtf/SentinelLinkedList.h:

(WTF::SentinelLinkedList::forEach):
(WTF::RawNode>::takeFrom):

wtf/SimpleStats.h:

(WTF::SimpleStats::operator bool):
(WTF::SimpleStats::operator!): Deleted.

Tools:

DumpRenderTree/TestRunner.cpp:
DumpRenderTree/mac/DumpRenderTree.mm:

(DumpRenderTreeMain):

Scripts/run-jsc-stress-tests:
TestWebKitAPI/Tests/WTF/Vector.cpp:

(TestWebKitAPI::TEST):

1:42 AM Changeset in webkit [205716] by bshafiei@apple.com

12 edits in branches/safari-602-branch/Source

Merge r204456. rdar://problem/27860536

1:42 AM Changeset in webkit [205715] by bshafiei@apple.com

14 edits
5 adds in branches/safari-602-branch/Source

Merge r203381. rdar://problem/27860536

1:42 AM Changeset in webkit [205714] by bshafiei@apple.com

5 edits
1 add in branches/safari-602-branch

Merge r204107. rdar://problem/27860536

1:42 AM Changeset in webkit [205713] by bshafiei@apple.com

2 edits in branches/safari-602-branch/Source/WebKit/win

Merge r205393. rdar://problem/27806012

1:42 AM Changeset in webkit [205712] by bshafiei@apple.com

2 edits
1 copy
2 adds in branches/safari-602-branch/LayoutTests

Merge r205388. rdar://problem/27806012

1:42 AM Changeset in webkit [205711] by bshafiei@apple.com

14 edits in branches/safari-602-branch

Merge r205381. rdar://problem/27806012

1:42 AM Changeset in webkit [205710] by bshafiei@apple.com

2 edits in branches/safari-602-branch/Source/WebKit2

Merge r205371. rdar://problem/28020157

1:42 AM Changeset in webkit [205709] by bshafiei@apple.com

33 edits in branches/safari-602-branch/Source

Merge r205365. rdar://problem/28020157

1:42 AM Changeset in webkit [205708] by bshafiei@apple.com

3 edits
4 adds in branches/safari-602-branch

Merge r205246. rdar://problem/28162589

1:41 AM Changeset in webkit [205707] by bshafiei@apple.com

5 edits in branches/safari-602-branch/Source

Merge r205192. rdar://problem/28097740

1:41 AM Changeset in webkit [205706] by bshafiei@apple.com

16 edits
1 add in branches/safari-602-branch

Merge r205417. rdar://problem/28018438

1:41 AM Changeset in webkit [205705] by bshafiei@apple.com

26 edits
6 adds in branches/safari-602-branch

Merge r205412. rdar://problem/28014919

1:41 AM Changeset in webkit [205704] by bshafiei@apple.com

2 edits in branches/safari-602-branch/Source/WebKit2

Merge r204911. rdar://problem/28175524

1:33 AM Changeset in webkit [205703] by mmaxfield@apple.com

8 edits in trunk/Source/WebCore

[Cocoa] Improve performance of glyph advance metrics gathering
https://bugs.webkit.org/show_bug.cgi?id=161119

Reviewed by Simon Fraser.

Most of the glyphs in a GlyphPage are never read from. Therefore, we can get a performance boost
by not populating as many items in the GlyphPage. Because of the performance characteristics of
CTFontGetGlyphsForCharacters(), a better size for a GlyphPage is 16 items. This, coupled with
using CTFontGetUnsummedAdvancesForGlyphsAndStyle(), causes between a 0.01%-0.5% speedup on PLT.

No new tests because there is no behavior change.

platform/graphics/Font.cpp:

(WebCore::Font::initCharWidths):
(WebCore::Font::platformGlyphInit):
(WebCore::createAndFillGlyphPage):

platform/graphics/Font.h:

(WebCore::Font::widthForGlyph):

platform/graphics/GlyphMetricsMap.h:
platform/graphics/GlyphPage.h:
platform/graphics/cocoa/FontCocoa.mm:
platform/spi/cocoa/CoreTextSPI.h:

(WebCore::Font::platformWidthForGlyph):
(WebCore::canUseFastGlyphAdvanceGetter): Deleted.

1:15 AM Changeset in webkit [205702] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205457 - [CMake] Duplicated IDL files in WebCore_IDL_FILES
https://bugs.webkit.org/show_bug.cgi?id=161592

Patch by Fujii Hironori <Fujii Hironori> on 2016-09-05
Reviewed by Darin Adler.

CMakeLists.txt: Removed duplicated IDL files.
DerivedSources.cpp: Added #if ENABLE(USER_MESSAGE_HANDLERS)

12:42 AM Changeset in webkit [205701] by Antti Koivisto

11 edits in trunk/Source/WebCore

v3: WebContent crash due to RELEASE_ASSERT in WebCore: WebCore::StyleResolver::styleForElement
https://bugs.webkit.org/show_bug.cgi?id=161689

Reviewed by Andreas Kling.

These crashes happen because synchronously triggered resource loads generate callbacks that may end up
deleting the resource loader.

Stop triggering resource loads from StyleResolver. Instead trigger them when applying style to render tree.

css/StyleResolver.cpp:

(WebCore::StyleResolver::~StyleResolver):

Replace the RELEASE_ASSERT against deletion during resource loads by a general isDeleted assert.

(WebCore::StyleResolver::styleForElement):
(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::styleForPage):
(WebCore::StyleResolver::applyMatchedProperties):
(WebCore::StyleResolver::loadPendingResources): Deleted.

css/StyleResolver.h:
page/animation/KeyframeAnimation.cpp:

(WebCore::KeyframeAnimation::KeyframeAnimation):
(WebCore::KeyframeAnimation::resolveKeyframeStyles):

Ensure resource load for all animation frames.

page/animation/KeyframeAnimation.h:
rendering/RenderElement.cpp:

(WebCore::RenderElement::createFor):
(WebCore::RenderElement::initializeStyle):

Load resources when renderer initializes a style.

(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::getUncachedPseudoStyle):

Load resources for pseudo styles.

rendering/RenderImage.cpp:

(WebCore::RenderImage::RenderImage):
(WebCore::RenderImage::styleWillChange):

Shuffle image resource initialization out from constructor so initializeStyle gets called before.

rendering/RenderImage.h:
rendering/style/StyleCachedImage.cpp:

(WebCore::StyleCachedImage::StyleCachedImage):

Track pending status with a bit instead of implicitly by the existence of CachedResource.
This is useful for asserts.

(WebCore::StyleCachedImage::load):
(WebCore::StyleCachedImage::isPending):
(WebCore::StyleCachedImage::addClient):
(WebCore::StyleCachedImage::removeClient):
(WebCore::StyleCachedImage::image):

rendering/style/StyleCachedImage.h:

12:01 AM Changeset in webkit [205700] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205452 - [GTK] GL_PACK_ROW_LENGTH is not available in GLES2
https://bugs.webkit.org/show_bug.cgi?id=161484

Reviewed by Carlos Garcia Campos.

UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:

(WebKit::AcceleratedBackingStoreWayland::paint): when under GLES2 we cannot rely on
GL_PACK_ROW_LENGTH; use glReadPixel directly when stride matches width, read line
by line manually otherwise. Colour conversion is also required to get the data out
correctly.

12:01 AM Changeset in webkit [205699] by Carlos Garcia Campos

11 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205431 - [GTK] SetNativeSurfaceHandleForCompositing should not be compiled in for wayland build
https://bugs.webkit.org/show_bug.cgi?id=161483

Reviewed by Žan Doberšek.

SetNativeSurfaceHandleForCompositing and DestroyNativeSurfaceHandleForCompositing messages should only be used
for GTK+ port when compiled with OpenGL and X11 enabled and redirected XComposite window disabled. So, we should
use USE(TEXTURE_MAPPER) && PLATFORM(GTK) && PLATFORM(X11) && !USE(REDIRECTED_XCOMPOSITE_WINDOW) consistently.
This fixes the build when building the GTK+ port with Wayland enabled and X11 disabled.

UIProcess/AcceleratedDrawingAreaProxy.cpp:

(WebKit::AcceleratedDrawingAreaProxy::didUpdateBackingStoreState):

UIProcess/AcceleratedDrawingAreaProxy.h:
WebProcess/WebPage/AcceleratedDrawingArea.cpp:

(WebKit::AcceleratedDrawingArea::enterAcceleratedCompositingMode):

WebProcess/WebPage/AcceleratedDrawingArea.h:
WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp:
WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h:
WebProcess/WebPage/DrawingArea.h:
WebProcess/WebPage/DrawingArea.messages.in:
WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:
WebProcess/WebPage/gtk/LayerTreeHostGtk.h:

Sep 8, 2016:

11:59 PM Changeset in webkit [205698] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205430 - MediaPlayerPrivateGStreamerBase: improve build guards in nativeImageForCurrentTime()
https://bugs.webkit.org/show_bug.cgi?id=161594

Reviewed by Philippe Normand.

Guard the uses of cairo-gl API in nativeImageForCurrentTime() with the
USE(CAIRO) && ENABLE(ACCELERATED_2D_CANVAS) pair of build guards. This
API is only made available when the ACCELERATED_2D_CANVAS option is
enabled. Placing the guards this way thus avoids compilation errors
when compiling USE_GSTREAMER_GL code without the accelerated 2D canvas
support enabled.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):

11:48 PM Changeset in webkit [205697] by bshafiei@apple.com

5 edits in branches/safari-602-branch/Source

Versioning.

11:26 PM Changeset in webkit [205696] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ build after r205689.

WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLOListElement.cpp:

(webkit_dom_html_o_list_element_set_start):

10:20 PM Changeset in webkit [205695] by Yusuke Suzuki

7 edits
5 adds in trunk

ScriptRunner should be driven by PendingScript rather than ScriptElement
https://bugs.webkit.org/show_bug.cgi?id=161726

Reviewed by Ryosuke Niwa.

Source/WebCore:

Tests: js/dom/document-write-in-error-event.html

js/dom/document-write-in-load-event.html

ScriptRunner is driven by ScriptElement::notifyFinished. While ScriptRunner is driven by this,
HTMLScriptRunner does not use it. Instead, HTMLScriptRunner uses PendingScriptClient. As a result,
ScriptElement::notifyFinished is used only when the script is annotated with "defer" or "async"
while all the external script will load the LoadableScript. It is confusing.
This patch removes ScriptElement::notifyFinished and use PendingScript's observability
in ScriptRunner instead.

This patch also fixes the behavior about ignore-destructive-writes counter[1]. When dispatching
the load and error events, this ignore-destructive-writes counter should not be incremeneted by
this execution. The added tests ensure this behavior.

[1]: https://html.spec.whatwg.org/multipage/scripting.html#execute-the-script-block

dom/ScriptElement.cpp: Drop LoadableScriptClient interface.

(WebCore::ScriptElement::prepareScript): Do not use addClient. ScriptRunner use PendingScript::{setClient,clearClient} instead.
(WebCore::ScriptElement::executeScriptForScriptRunner): IgnoreDestructiveWriteCountIncrementer will be done in ScriptElement::executeScript.
So no need to do it here, that's duplicated.
(WebCore::ScriptElement::~ScriptElement): Deleted. ScriptElement does not use addClient/removeClient.
(WebCore::ScriptElement::stopLoadRequest): Deleted.
(WebCore::ScriptElement::executeScriptForHTMLScriptRunner): Deleted. executeScriptForHTMLScriptRunner and executeScriptForScriptRunner are
merged into executeScriptForRunner.
(WebCore::ScriptElement::notifyFinished): Deleted.

dom/ScriptElement.h:

(WebCore::ScriptElement::~ScriptElement):
(WebCore::ScriptElement::willExecuteInOrder): Used in ScriptRunner to determine whether the script is async or defer.
(WebCore::ScriptElement::willExecuteWhenDocumentFinishedParsing): Deleted.

dom/ScriptRunner.cpp:

(WebCore::ScriptRunner::~ScriptRunner): HashSet's iterator will return const PendingScript&.
Another option is using HashSet<RefPtr<PendingScript>>. Here, we use a little bit weired const_cast.
(WebCore::ScriptRunner::queueScriptForExecution): Use PendingScript::setClient to wait loading.
(WebCore::ScriptRunner::notifyFinished): Notify the script ready here.
(WebCore::ScriptRunner::timerFired): Use executeScriptForScriptRunner.
(WebCore::ScriptRunner::notifyScriptReady): Deleted.

dom/ScriptRunner.h:
html/parser/HTMLScriptRunner.cpp:

(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent): Use executeScriptForScriptRunner.

LayoutTests:

js/dom/document-write-in-error-event-expected.txt: Added.
js/dom/document-write-in-error-event.html: Added.
js/dom/document-write-in-load-event-expected.txt: Added.
js/dom/document-write-in-load-event.html: Added.
js/dom/script-tests/dummy.js: Added.

10:11 PM Changeset in webkit [205694] by Yusuke Suzuki

7 edits in trunk

[WTF] HashTable's rehash is not compatible to Ref<T> and ASan
https://bugs.webkit.org/show_bug.cgi?id=161763

Reviewed by Mark Lam.

Source/WebCore:

Include wtf/text/StringHash.h to avoid linking errors in EFL port.

loader/ResourceLoadStatistics.h:

Source/WTF:

If we move an object, the location which the moved object used should not be touched anymore.
HashTable::rehash performs WTFMove for the object that resides in the old table.
However, after moving it, we accidentally touch this location by using !isEmptyOrDeletedBucket(table[i])
in HashTable::deallocateTable. And it causes ASan crashing if we use Ref<> for HashTable's key or value.

In this patch, we call the destructor right after moving the object. And HashTable::rehash just calls
fastFree since all the objects in the old table are already moved and destructed.
And we also change HashTable::deallocate to destruct only live objects. Calling destructors for empty objects
is meaningless. And according to the Ref<>'s comment, empty object is not designed to be destructed.

wtf/HashTable.h:

(WTF::KeyTraits>::deallocateTable):

Tools:

Add tests that inserts many Ref<>s. It incurs HashTable::rehash, and we can ensure
that ASan crash does not occur with this patch.

TestWebKitAPI/Tests/WTF/HashMap.cpp:

(TestWebKitAPI::TEST):

TestWebKitAPI/Tests/WTF/HashSet.cpp:

(TestWebKitAPI::TEST):

10:07 PM Changeset in webkit [205693] by BJ Burg

2 edits in trunk/Source/WebInspectorUI

Web Inspector: make copy-user-interface-resources.pl easier to read
https://bugs.webkit.org/show_bug.cgi?id=161772

Reviewed by Joseph Pecoraro.

Scripts/copy-user-interface-resources.pl:

Break long script invocations across multiple lines so that the
options and values are paired together.

9:33 PM Changeset in webkit [205692] by BJ Burg

4 edits
2 deletes in trunk/Source/WebInspectorUI

Web Inspector: get rid of extra copies of jsmin.py and cssmin.py
https://bugs.webkit.org/show_bug.cgi?id=161770
<rdar://problem/28216813>

Reviewed by Joseph Pecoraro.

Scripts/copy-user-interface-resources-dryrun.rb:
Keep track of the original working directory.
Stage scripts from PrivateHeaders into the temporary directory.
Add a comment to clarify what this script is simulating.
Use system instead of exec so we can print an error message.

Scripts/copy-user-interface-resources.pl:
Use jsmin.py and cssmin.py from JavaScriptCore instead of

WebInspectorUI. There are no differences between the two copies.

Scripts/cssmin.py: Removed.
Scripts/jsmin.py: Removed.

WebInspectorUI.xcodeproj/project.pbxproj:
Remove unused copies of jsmin.py and cssmin.py.

8:49 PM Changeset in webkit [205691] by Chris Dumez

5 edits in trunk

HTMLObjectElement.hspace / vspace attributes should be unsigned
https://bugs.webkit.org/show_bug.cgi?id=161766

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

HTMLObjectElement.hspace / vspace attributes should be unsigned:

https://html.spec.whatwg.org/#HTMLObjectElement-partial

Firefox agrees with the specification but those were signed in WebKit.

No new tests, rebaselined existing test.

html/HTMLObjectElement.idl:

8:31 PM Changeset in webkit [205690] by Chris Dumez

8 edits in trunk

HTMLObjectElement.codebase attribute should reflect as a URL
https://bugs.webkit.org/show_bug.cgi?id=161768

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline existing test now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

HTMLObjectElement.codebase attribute should reflect as a URL:

https://html.spec.whatwg.org/#dom-applet-codebase

Chrome and Firefox agree with the specification.

No new test, rebaselined existing test.

html/HTMLObjectElement.idl:

8:31 PM Changeset in webkit [205689] by Chris Dumez

8 edits in trunk

ol.start may return incorrect value for reversed lists when not explicitly set
https://bugs.webkit.org/show_bug.cgi?id=161713

Reviewed by Zalan Bujtas.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

web-platform-tests/html/semantics/grouping-content/the-ol-element/grouping-ol-expected.txt:
web-platform-tests/html/semantics/grouping-content/the-ol-element/ol.start-reflection-2-expected.txt:

Source/WebCore:

ol.start may return incorrect value for reversed lists when not explicitly set.
This is because we're supposed to return the number of rendered <li> child
elements, which relies on layout. However, we did not make sure the layout is
up-to-date before counting the number of li child elements. This patch fixes
the issue.

No new tests, rebaselined existing tests.

html/HTMLOListElement.h:

7:50 PM Changeset in webkit [205688] by mitz@apple.com

2 edits in trunk/Source/WebKit2

Re-landing the fix for

[Mac] .tbd files for the shims end up installed when building with GENERATE_TEXT_BASED_STUBS=YES
https://bugs.webkit.org/show_bug.cgi?id=161722

without reintroducing https://webkit.org/b/161782

Configurations/Shim.xcconfig: Don’t install the shims. The Copy Shims build phase in the WebKit target will copy them into place without bringing their .tbd files along. Keep the install path set, though, because it determines the dylibs’ install names.

7:25 PM Changeset in webkit [205687] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Unreviewed, rolling out r205576.
https://bugs.webkit.org/show_bug.cgi?id=161782

Introduced a crash at launch and broke all our Mac perf
testing (Requested by rniwa on #webkit).

Reverted changeset:

"[Mac] .tbd files for the shims end up installed when building
with GENERATE_TEXT_BASED_STUBS=YES"
https://bugs.webkit.org/show_bug.cgi?id=161722
http://trac.webkit.org/changeset/205576

6:53 PM Changeset in webkit [205686] by Chris Dumez

6 edits
2 adds in trunk

Add support for HTMLIframeElement.allowFullscreen attribute
https://bugs.webkit.org/show_bug.cgi?id=161757

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

Add support for HTMLIframeElement.allowFullscreen attribute:

https://html.spec.whatwg.org/#dom-iframe-allowfullscreen

Firefox and Chrome already support it, unprefixed.

Note that the HTMLIframeElement.allowFullscreen attribute reflects the
allowfullscreen content attribute which we already support.

Test: fullscreen/full-screen-iframe-allowFullscreen.html

html/HTMLIFrameElement.idl:

LayoutTests:

Add layout test coverage.

fullscreen/full-screen-iframe-allowFullscreen-expected.txt: Added.
fullscreen/full-screen-iframe-allowFullscreen.html: Added.

6:43 PM Changeset in webkit [205685] by Chris Dumez

8 edits in trunk

frame.longDesc / iframe.longDesc should reflect as a URL
https://bugs.webkit.org/show_bug.cgi?id=161764

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:
web-platform-tests/html/dom/reflection-obsolete-expected.txt:

Source/WebCore:

frame.longDesc / iframe.longDesc should reflect as a URL:

They already do in Chrome and Firefox.

No new tests, rebaselined existing tests.

html/HTMLFrameElement.idl:
html/HTMLIFrameElement.idl:

6:32 PM Changeset in webkit [205684] by achristensen@apple.com

5 edits in trunk

URLParser: Handle \ in paths of special URLs according to spec
https://bugs.webkit.org/show_bug.cgi?id=161781

Reviewed by Tim Horton.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::bufferView):
(WebCore::URLParser::copyURLPartsUntil):
(WebCore::URLParser::parse):

platform/URLParser.h:

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

6:22 PM Changeset in webkit [205683] by fpizlo@apple.com

13 edits in trunk/Source

Heap::isMarked() shouldn't pay the price of concurrent lazy flipping
https://bugs.webkit.org/show_bug.cgi?id=161760

Reviewed by Mark Lam.
Source/JavaScriptCore:

To fix a race condition in marking, I made Heap::isMarked() and Heap::isLive() atomic by
using flipIfNecessaryConcurrently() instead of flipIfNecessary().

This introduces three unnecessary overheads:

isLive() is not called by marking, so that change was not necessary.

isMarked() gets calls many times outside of marking, so it shouldn't always do the concurrent thing. This adds isMarkedConcurrently() for use in marking, and reverts isMarked().

isMarked() and isMarkedConcurrently() don't actually have to do the lazy flip. They can return false if the flip is necessary.

I added a bunch of debug assertions to make sure that isLive() and isMarked() are not called
during marking.

If we needed to, we could remove most of the calls to isMarkedConcurrently(). As a kind of
optimization, CodeBlock does an initial fixpoint iteration during marking, and so all of the
code called from CodeBlock's fixpoint iterator needs to use isMarkedConcurrently(). But we
could probably arrange for CodeBlock only do fixpoint iterating during the weak reference
thing.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::visitWeakly):
(JSC::CodeBlock::shouldJettisonDueToOldAge):
(JSC::shouldMarkTransition):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::determineLiveness):

bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::propagateTransitions):

heap/Heap.h:
heap/HeapInlines.h:

(JSC::Heap::isLive):
(JSC::Heap::isMarked):
(JSC::Heap::isMarkedConcurrently):

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::flipIfNecessarySlow):
(JSC::MarkedBlock::flipIfNecessaryConcurrentlySlow):
(JSC::MarkedBlock::needsFlip):

heap/MarkedBlock.h:

(JSC::MarkedBlock::needsFlip):
(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessaryConcurrently):

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::markAuxiliary):
(JSC::SlotVisitor::visitChildren):

runtime/Structure.cpp:

(JSC::Structure::isCheapDuringGC):
(JSC::Structure::markIfCheap):

Source/WTF:

wtf/MainThread.cpp:

(WTF::isMainThreadOrGCThread):
(WTF::mayBeGCThread):

wtf/MainThread.h:

6:06 PM Changeset in webkit [205682] by commit-queue@webkit.org

33 edits
1 move
2 adds
2 deletes in trunk/Source

Move the BitmapImage platform dependent code to a new file named NativeImage[CG|Cairo].cpp
https://bugs.webkit.org/show_bug.cgi?id=158684

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-09-08
Reviewed by Simon Fraser.

Source/WebCore:

This is a refactoring patch. It moves the BitmapImage platform dependent
code from BitmapImage to NativeImage[CG|Cairo].cpp. The new APIs are
responsible of drawing a NativeImagePtr and answering some metadata queries.

No new tests -- Code refactoring, no behavior change.

PlatformAppleWin.cmake:
PlatformEfl.cmake:
PlatformGTK.cmake:
PlatformMac.cmake:
PlatformWinCairo.cmake:
WebCore.xcodeproj/project.pbxproj:
loader/cache/MemoryCache.h:
loader/icon/IconDatabaseBase.h:
page/mac/TextIndicatorWindow.mm:

(-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]):
(createContentCrossfadeAnimation):

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::BitmapImage):
(WebCore::BitmapImage::destroyDecodedData):
(WebCore::BitmapImage::destroyDecodedDataIfNecessary):
(WebCore::BitmapImage::dataChanged):
(WebCore::BitmapImage::ensureFrameAtIndexIsCached):
(WebCore::BitmapImage::frameImageAtIndex):
(WebCore::BitmapImage::nativeImage):
(WebCore::BitmapImage::nativeImageForCurrentFrame):
(WebCore::BitmapImage::nativeImageOfSize):
(WebCore::BitmapImage::framesNativeImages):
(WebCore::BitmapImage::frameIsCompleteAtIndex):
(WebCore::BitmapImage::frameDurationAtIndex):
(WebCore::BitmapImage::frameHasAlphaAtIndex):
(WebCore::BitmapImage::frameOrientationAtIndex):
(WebCore::BitmapImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::drawPattern):
(WebCore::BitmapImage::canAnimate):
(WebCore::BitmapImage::clearTimer):
(WebCore::BitmapImage::startTimer):
(WebCore::BitmapImage::stopAnimation):
(WebCore::BitmapImage::resetAnimation):
(WebCore::BitmapImage::hasSingleSecurityOrigin): Deleted.
(WebCore::BitmapImage::filenameExtension): Deleted.
(WebCore::BitmapImage::ensureFrameIsCached): Deleted.

platform/graphics/BitmapImage.h:

(WebCore::FrameData::FrameData):
m_hasAlpha can be initialized with false because it is accessed only in
BitmapImage::frameHasAlphaAtIndex() and it is guarded by m_haveMetadata.
Both m_haveMetadata and m_hasAlpha are set in BitmapImage constructor
and in BitmapImage::cacheFrame().

(WebCore::FrameData::~FrameData):
(WebCore::FrameData::clear):

platform/graphics/Icon.h:
platform/graphics/Image.h:

(WebCore::Image::nativeImage):
(WebCore::Image::nativeImageOfSize):
(WebCore::Image::framesNativeImages):
(WebCore::Image::orientationForCurrentFrame): Deleted.
(WebCore::Image::getCGImageRef): Deleted.
(WebCore::Image::getFirstCGImageRefOfSize): Deleted.
(WebCore::Image::getCGImageArray): Deleted.

platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::calculateMaximumSubsamplingLevel):
(WebCore::ImageSource::size):
(WebCore::ImageSource::sizeRespectingOrientation):

platform/graphics/ImageSource.h:
platform/graphics/MediaPlayer.h:
platform/graphics/NativeImage.h: Added.
platform/graphics/NativeImagePtr.h: Removed.
platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updatePausedImage):

platform/graphics/cairo/BitmapImageCairo.cpp: Removed.
platform/graphics/cairo/NativeImageCairo.cpp: Added.

(WebCore::nativeImageSize):
(WebCore::nativeImageHasAlpha):
(WebCore::nativeImageSinglePixelSolidColor):
(WebCore::subsamplingScale):
(WebCore::drawNativeImage):
(WebCore::clearNativeImageSubImages):

platform/graphics/cg/BitmapImageCG.cpp: Removed.
platform/graphics/cg/ImageDecoderCG.cpp:

(WebCore::ImageDecoder::size):

platform/graphics/cg/ImageDecoderCG.h:
platform/graphics/cg/NativeImageCG.cpp: Added.

(WebCore::nativeImageSize):
(WebCore::nativeImageHasAlpha):
(WebCore::nativeImageSinglePixelSolidColor):
(WebCore::subsamplingScale):
(WebCore::drawNativeImage):
(WebCore::clearNativeImageSubImages):

platform/graphics/cg/PatternCG.cpp:

(WebCore::Pattern::createPlatformPattern):

platform/graphics/cocoa/TextTrackRepresentationCocoa.mm:

(TextTrackRepresentationCocoa::update):

platform/graphics/mac/ImageMac.mm:

(WebCore::BitmapImage::getTIFFRepresentation):

platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:

(WebCore::MockRealtimeVideoSourceMac::updatePlatformLayer):
(WebCore::MockRealtimeVideoSourceMac::updateSampleBuffer):

platform/win/DragImageCGWin.cpp:

(WebCore::createDragImageFromImage):

Source/WebKit/mac:

DOM/DOM.mm:

(-[DOMNode getPreviewSnapshotImage:andRects:]):

Misc/WebCache.mm:

(+[WebCache imageForURL:]):
Replace BitmapImage::getCGImageRef() with BitmapImage::nativeImage().

Source/WebKit2:

UIProcess/API/C/cg/WKIconDatabaseCG.cpp:

(WKIconDatabaseTryGetCGImageForURL):
(WKIconDatabaseTryCopyCGImageArrayForURL):
It was the only place in the code which uses BitmapImage::getCGImageArray().
Call BitmapImage::framesNativeImages() instead and form the returned
Vector<NativeImagePtr> build the CFArrayRef.

UIProcess/WebIconDatabase.h:

Include "NativeImage.h" instead of "NativeImagePtr.h".

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _presentationSnapshotForPreviewItemController:]):

WebProcess/Plugins/PluginView.cpp:

(WebKit::isAlmostSolidColor):
Call BitmapImage::getCGImageRef() instead of calling BitmapImage::nativeImage().

5:55 PM Changeset in webkit [205681] by Simon Fraser

2 edits in trunk/Tools

Update the content-animation.plan file to run css-accelerated-animation.html
and pull SVN revision r205680.

Scripts/webkitpy/benchmark_runner/data/plans/content-animation.plan:

5:51 PM Changeset in webkit [205680] by Simon Fraser

3 edits
1 add in trunk

Add a content-animation test with accelerated CSS animations
https://bugs.webkit.org/show_bug.cgi?id=161776

Reviewed by Dean Jackson.

PerformanceTests:

Add a test that measures the frame rate of accelerated CSS animations.

This is like css-animation.html (which animates 'left' and 'top') but animates
transforms instead. In order to get animation in X and Y we make two nested elements
and set transformX() on one, and transformY() on the other.

Animation/css-accelerated-animation.html: Added.

Tools:

Scripts/webkitpy/benchmark_runner/data/patches/ContentAnimation.patch:

5:46 PM Changeset in webkit [205679] by achristensen@apple.com

4 edits in trunk

URLParser: Parsing empty URLs with a base URL should return the base URL
https://bugs.webkit.org/show_bug.cgi?id=161777

Reviewed by Tim Horton.

Source/WebCore:

Covered by an API test and progress towards passing all web platform tests when using URLParser.

platform/URLParser.cpp:

(WebCore::URLParser::parse):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

5:43 PM Changeset in webkit [205678] by achristensen@apple.com

5 edits in trunk

URLParser failures should preserve the original input string
https://bugs.webkit.org/show_bug.cgi?id=161769

Reviewed by Tim Horton.

Source/WebCore:

No new tests, but covered by updates to API tests.
This also represents many newly passing web platform tests when using URLParser.

platform/URLParser.cpp:

(WebCore::URLParser::failure):
(WebCore::URLParser::parse):

platform/URLParser.h:

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):
(TestWebKitAPI::shouldFail):

5:05 PM Changeset in webkit [205677] by achristensen@apple.com

4 edits in trunk

URLParser should parse URLs with a user but no password
https://bugs.webkit.org/show_bug.cgi?id=161773

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parseAuthority):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

4:21 PM Changeset in webkit [205676] by Matt Baker

4 edits in trunk/Source/WebInspectorUI

Web Inspector: TimelineDataGridNode should refresh when graph column is resized
https://bugs.webkit.org/show_bug.cgi?id=161765
<rdar://problem/28215674>

Reviewed by Brian Burg.

UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype.resizerDragging):
Call DataGridNode.didResizeColumn for all visible nodes in the columns
to the left and right of the column resizer.

UserInterface/Views/DataGridNode.js:

(WebInspector.DataGridNode.prototype.didResizeColumn):
Add protected base class method for subclasses to override.

UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode.prototype.didResizeColumn):
Refresh the node's graph when the "graph" column is resized.
Renamed left/rightCellIndex -> left/rightColumnIndex.

4:19 PM Changeset in webkit [205675] by sbarati@apple.com

13 edits
1 add in trunk

We should inline operationConvertJSValueToBoolean into JIT code
https://bugs.webkit.org/show_bug.cgi?id=161729

Reviewed by Filip Pizlo.

JSTests:

stress/value-to-boolean.js: Added.

(assert):
(test1):
(test2):
(test3):

Source/JavaScriptCore:

This patch introduces an AssemblyHelpers emitter function
that replaces operationConvertJSValueToBoolean. This operation
was showing up when I was doing performance analysis for the
speedometer benchmark. I saw that it was spending about 1% of
its time in this function. Hopefully this patch can help us speedup
up speedometer by a little bit.

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitConvertValueToBoolean):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitAllocateDestructibleObject): Deleted.

jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emitSlow_op_jfalse): Deleted.
(JSC::JIT::emitSlow_op_jtrue): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emitSlow_op_jfalse): Deleted.
(JSC::JIT::emitSlow_op_jtrue): Deleted.

jit/JITOperations.cpp:
jit/JITOperations.h:

4:13 PM Changeset in webkit [205674] by Nikita Vasilyev

8 edits in trunk/Source/WebInspectorUI

Web Inspector: Add a button to navigation bar to toggle Control Flow Profiler
https://bugs.webkit.org/show_bug.cgi?id=160973
<rdar://problem/27912606>

Reviewed by Brian Burg.

Localizations/en.lproj/localizedStrings.js:

Add "Fade unexecuted code" and "Do not fade unexecuted code".

UserInterface/Base/Main.js:

(WebInspector.loaded):
Add a setting to remember whether Code Coverage Profiler is on or off between Web Inspector reloads.

UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.shown):
(WebInspector.SourceCodeTextEditor.prototype.canShowTypeAnnotations):
(WebInspector.SourceCodeTextEditor.prototype.canShowCoverageHints):
(WebInspector.SourceCodeTextEditor.prototype.contentDidChange):
(WebInspector.SourceCodeTextEditor.prototype.toggleTypeAnnotations):
(WebInspector.SourceCodeTextEditor.prototype.toggleUnexecutedCodeHighlights):
(WebInspector.SourceCodeTextEditor.prototype.prettyPrint):
(WebInspector.SourceCodeTextEditor.prototype._proceedPopulateWithContent):
(WebInspector.SourceCodeTextEditor.prototype._setTypeTokenAnnotatorEnabledState):
(WebInspector.SourceCodeTextEditor.prototype.set _basicBlockAnnotatorEnabled):
(WebInspector.SourceCodeTextEditor.prototype._enableScrollEventsForTypeTokenAnnotator):
(WebInspector.SourceCodeTextEditor.prototype._enableScrollEventsForControlFlowAnnotator):
(WebInspector.SourceCodeTextEditor.prototype._disableScrollEventsForControlFlowAnnotator):
(WebInspector.SourceCodeTextEditor.prototype._createTypeTokenScrollEventHandler):
(WebInspector.SourceCodeTextEditor.prototype._createControlFlowScrollEventHandler):
(WebInspector.SourceCodeTextEditor.prototype.canBeFormatted): Deleted.
(WebInspector.SourceCodeTextEditor.prototype.dialogWasDismissed): Deleted.
(WebInspector.SourceCodeTextEditor.prototype.showPopoverForTypes): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._addBreakpointWithEditorLineInfo): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._removeBreakpointWithEditorLineInfo): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._tokenTrackingControllerHighlightedMarkedExpression): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._dismissEditingController): Deleted.
(WebInspector.SourceCodeTextEditor.prototype.editingControllerDidStartEditing): Deleted.
(WebInspector.SourceCodeTextEditor.prototype.editingControllerDidFinishEditing): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._getAssociatedScript): Deleted.
(WebInspector.SourceCodeTextEditor.prototype._createTypeTokenAnnotator): Deleted.
Make Code Coverage profiler independent from Type Profiler.

UserInterface/Views/TextContentView.js:

(WebInspector.TextContentView):
(WebInspector.TextContentView.prototype.get navigationItems):
(WebInspector.TextContentView.prototype.get textEditor): Deleted.

UserInterface/Views/TextEditor.js:

(WebInspector.TextEditor.prototype.get hasModified):
(WebInspector.TextEditor.prototype.canShowCoverageHints):

UserInterface/Views/TextResourceContentView.js:

(WebInspector.TextResourceContentView):
(WebInspector.TextResourceContentView.prototype.get navigationItems):
(WebInspector.TextResourceContentView.prototype._contentDidPopulate):
(WebInspector.TextResourceContentView.prototype._toggleTypeAnnotations):
(WebInspector.TextResourceContentView.prototype._toggleUnexecutedCodeHighlights):
(WebInspector.TextResourceContentView.prototype._enableControlFlowProfilerSettingChanged):
(WebInspector.TextResourceContentView.prototype._contentWillPopulate): Deleted.

UserInterface/Views/ScriptContentView.js:

(WebInspector.ScriptContentView):
(WebInspector.ScriptContentView.prototype.get navigationItems):
(WebInspector.ScriptContentView.prototype._contentDidPopulate):
(WebInspector.ScriptContentView.prototype._toggleTypeAnnotations):
(WebInspector.ScriptContentView.prototype._toggleUnexecutedCodeHighlights):
(WebInspector.ScriptContentView.prototype._enableControlFlowProfilerSettingChanged):
(WebInspector.ScriptContentView.prototype._contentWillPopulate): Deleted.
Add the [C] icon right next to the [T] (Type Profiler) icon.

4:07 PM Changeset in webkit [205673] by Ryan Haddad

2 edits in trunk/LayoutTests

Remove pass expectation for fast/text/emoji-num-glyphs.html after r205657.

Unreviewed test gardening.

platform/mac/TestExpectations:

3:54 PM Changeset in webkit [205672] by clopez@igalia.com

2 edits in trunk

[CMake] Build failure with GCC 6 (fatal error: stdlib.h: No such file or directory)
https://bugs.webkit.org/show_bug.cgi?id=161697

Reviewed by Michael Catanzaro.

Get the list of system includes from GCC and add it to the CMake
list of implicit includes. This way, CMake will filter any of this
directories from the list of includes when calling the compiler.

This avoids an issue with GCC 6 that causes build failures when
including the default include path as a system include (-isystem).

Source/cmake/OptionsCommon.cmake:

3:33 PM Changeset in webkit [205671] by achristensen@apple.com

2 edits in trunk/Source/WebCore

Fix URLs after r205669.
https://bugs.webkit.org/show_bug.cgi?id=161731

platform/URLParser.cpp:

(WebCore::URLParser::enabled):
I accidentally committed enabling the URLParser by default. Not ready yet.

3:30 PM Changeset in webkit [205670] by Chris Dumez

41 edits
2 adds
3 deletes in trunk

Align proto getter / setter behavior with other browsers
https://bugs.webkit.org/show_bug.cgi?id=161455

Reviewed by Saam Barati.

Source/JavaScriptCore:

Drop allowsAccessFrom from the methodTable and delegate cross-origin
checking to the DOM bindings for SetPrototypeOf? / GetPrototypeOf?.
This is more consistent with other operations (e.g. GetOwnProperty?).

jsc.cpp:
runtime/JSGlobalObject.cpp:
runtime/JSGlobalObject.h:
runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
(JSC::globalFuncBuiltinLog): Deleted.

runtime/JSGlobalObjectFunctions.h:
runtime/JSObject.cpp:

(JSC::JSObject::setPrototypeWithCycleCheck):
Remove check added in r197648. This check was added to match
the latest EcmaScript spec:

https://tc39.github.io/ecma262/#sec-ordinarysetprototypeof (step 8)

This check allowed for Prototype? chain cycles if the prototype
chain includes objects that do not use the ordinary object definitions
for GetPrototypeOf? and SetPrototypeOf?.
The issue is that the rest of our code base does not properly handle
such cycles and we can end up in infinite loops. This became obvious
because this patch updates Window / Location so that they no longer
use the default GetPrototypeOf? / SetPrototypeOf?. If I do not
remove this check, I get an infinite loop in
Structure::anyObjectInChainMayInterceptIndexedAccesses(), which is
called from JSObject::setPrototypeDirect(), when running the following
layout test:

html/browsers/history/the-location-interface/allow_prototype_cycle_through_location.sub.html

I filed https://bugs.webkit.org/show_bug.cgi?id=161534 to track this
issue.

runtime/JSObject.h:

(JSC::JSObject::getArrayLength): Deleted.

runtime/JSProxy.cpp:

(JSC::JSProxy::setPrototype):
(JSC::JSProxy::getPrototype):

runtime/JSProxy.h:
runtime/ObjectConstructor.cpp:

(JSC::objectConstructorGetPrototypeOf):
(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorGetOwnPropertyDescriptor): Deleted.
(JSC::objectConstructorGetOwnPropertyDescriptors): Deleted.

runtime/ObjectConstructor.h:
runtime/ReflectObject.cpp:

(JSC::reflectObjectGetPrototypeOf):
(JSC::reflectObjectSetPrototypeOf):

Source/WebCore:

Align cross-origin proto getter / setter behavior with other
browsers and the specification:

SetPrototypeOf? should throw a TypeError:

GetPrototypeOf? should return null cross-origin:

Test: js/dom/setPrototypeOf-location-window.html

bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::JSDOMWindowBase): Deleted.

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::setPrototype):
(WebCore::JSDOMWindow::getPrototype):
(WebCore::JSDOMWindow::preventExtensions):

bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::setPrototype):
(WebCore::JSLocation::getPrototype):

bindings/js/JSWorkerGlobalScopeBase.cpp:

(WebCore::JSWorkerGlobalScopeBase::supportsRichSourceInfo): Deleted.

bindings/js/JSWorkerGlobalScopeBase.h:
bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):

bindings/scripts/IDLAttributes.txt:
page/DOMWindow.idl:
page/Location.idl:

LayoutTests:

Add layout test coverage and update a few existing test to reflect
behavior change.

fast/dom/Window/script-tests/window-custom-prototype.js: Removed.
fast/dom/Window/window-custom-prototype-crash-expected.txt:
fast/dom/Window/window-custom-prototype-expected.txt: Removed.
fast/dom/Window/window-custom-prototype.html: Removed.
http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
http/tests/security/cross-frame-access-object-getPrototypeOf.html:
http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
http/tests/security/cross-frame-access-object-setPrototypeOf.html:
http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt:
http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html:
http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt:
http/tests/security/xss-DENIED-method-with-iframe-proto.html:
http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt:
http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html:
http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt:
http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html:
js/dom/setPrototypeOf-location-window-expected.txt: Added.
js/dom/setPrototypeOf-location-window.html: Added.

3:28 PM Changeset in webkit [205669] by achristensen@apple.com

4 edits in trunk

URLParser should parse ports after IPv4 and IPv6 hosts
https://bugs.webkit.org/show_bug.cgi?id=161731

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parsePort):
(WebCore::URLParser::parseHost):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:16 PM Changeset in webkit [205668] by achristensen@apple.com

4 edits in trunk

URLParser should correctly handle \ in path
https://bugs.webkit.org/show_bug.cgi?id=161762

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::isSpecialScheme):
(WebCore::bufferView):
(WebCore::URLParser::parse):
Treat \ as / in the path of special URLs as described in the spec and tested in web platform tests.
Also a slight performance improvement using StringViews instead of copied Strings.

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:15 PM Changeset in webkit [205667] by achristensen@apple.com

4 edits in trunk

URLParser should handle URLs with empty authority
https://bugs.webkit.org/show_bug.cgi?id=161711

Reviewed by Brady Eidson.

Source/WebCore:

Covered by new API tests.

platform/URLParser.cpp:

(WebCore::URLParser::parse):
(WebCore::URLParser::parseAuthority):

Tools:

TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

3:12 PM Changeset in webkit [205666] by fpizlo@apple.com

36 edits
13 deletes in trunk/Source/JavaScriptCore

Remove CopiedSpace and use MarkedSpace instead
https://bugs.webkit.org/show_bug.cgi?id=159658

Reviewed by Keith Miller.

This removes the final client of CopiedSpace, the overrides array of DirectArguments. That
is a simple change.

Then this stubs out some remaining internal debugging code that referenced CopiedSpace in
JSDollarVM and HeapVerifier. I filed FIXMEs to restore that debugging functionality.

The rest of this patch is deleting CopiedSpace.

API/JSObjectRef.cpp:
CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGOperations.cpp:
heap/ConservativeRoots.cpp:

(JSC::ConservativeRoots::genericAddPointer):

heap/CopiedAllocator.h: Removed.
heap/CopiedBlock.cpp: Removed.
heap/CopiedBlock.h: Removed.
heap/CopiedBlockInlines.h: Removed.
heap/CopiedSpace.cpp: Removed.
heap/CopiedSpace.h: Removed.
heap/CopiedSpaceInlines.h: Removed.
heap/CopyBarrier.h: Removed.
heap/CopyToken.h: Removed.
heap/CopyVisitor.cpp: Removed.
heap/CopyVisitor.h: Removed.
heap/CopyVisitorInlines.h: Removed.
heap/CopyWorkList.h: Removed.
heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::isPagedOut):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collectImpl):
(JSC::Heap::stopAllocation):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::copyBackingStores): Deleted.
(JSC::Heap::threadBytesCopied): Deleted.

heap/Heap.h:

(JSC::Heap::objectSpace):
(JSC::Heap::allocatorForAuxiliaryData):
(JSC::Heap::storageSpace): Deleted.
(JSC::Heap::storageAllocator): Deleted.

heap/HeapCellInlines.h:
heap/HeapInlines.h:

(JSC::Heap::tryAllocateStorage): Deleted.
(JSC::Heap::tryReallocateStorage): Deleted.

heap/HeapVerifier.cpp:

(JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
(JSC::HeapVerifier::reportObject):
(JSC::getButterflyDetails): Deleted.

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::copyLater): Deleted.

heap/SlotVisitor.h:
jit/AssemblyHelpers.h:
jit/JITOpcodes.cpp:
jsc.cpp:
runtime/ArrayConstructor.cpp:
runtime/ArrayPrototype.cpp:
runtime/Butterfly.h:
runtime/ButterflyInlines.h:

(JSC::Butterfly::createUninitializedDuringCollection): Deleted.

runtime/ClassInfo.h:
runtime/DirectArguments.cpp:

(JSC::DirectArguments::visitChildren):
(JSC::DirectArguments::overrideThings):
(JSC::DirectArguments::copyBackingStore): Deleted.

runtime/DirectArguments.h:
runtime/JSArray.cpp:
runtime/JSCell.cpp:

(JSC::JSCell::copyBackingStore): Deleted.

runtime/JSCell.h:
runtime/JSLexicalEnvironment.h:
runtime/JSObject.cpp:
runtime/JSTypedArrays.cpp:
runtime/LiteralParser.cpp:
runtime/ObjectConstructor.cpp:
runtime/RegExpObject.cpp:
runtime/StringPrototype.cpp:
runtime/WeakMapData.cpp:
tools/JSDollarVMPrototype.cpp:

(JSC::JSDollarVMPrototype::isInStorageSpace):

3:02 PM Changeset in webkit [205665] by Chris Dumez

5 edits in trunk

HTMLImageElement.hspace / vspace attributes should be unsigned
https://bugs.webkit.org/show_bug.cgi?id=161754

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

HTMLImageElement.hspace / vspace attributes should be unsigned:

https://html.spec.whatwg.org/#HTMLImageElement-partial

Firefox agrees with the specification, however, those were signed in
webKit.

No new tests, rebaselined existing test.

html/HTMLImageElement.idl:

3:00 PM Changeset in webkit [205664] by mark.lam@apple.com

2 edits in trunk/JSTests

REGRESSION (r205569?): 32-bit JSC test timeout: stress/rest-parameter-many-arguments.js.dfg-maximal-flush-validate-no-cjit
https://bugs.webkit.org/show_bug.cgi?id=161756

Reviewed by Saam Barati.

It looks like the 32-bit JSC bot is just too slow at running this test with the
dfg-maximal-flush-validate-no-cjit configuration. We'll try excluding that
configuration.

stress/rest-parameter-many-arguments.js:

2:31 PM Changeset in webkit [205663] by Chris Dumez

8 edits in trunk/Source/WebCore

Update parseHTMLNonNegativeInteger() to return an unsigned value
https://bugs.webkit.org/show_bug.cgi?id=161759

Reviewed by Alex Christensen.

Update parseHTMLNonNegativeInteger() to return an unsigned value instead
of a signed one as the value can never be negative.

html/HTMLElement.cpp:

(WebCore::HTMLElement::parseBorderWidthAttribute):

html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::width):
(WebCore::HTMLImageElement::height):

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::maxLengthAttributeChanged):
(WebCore::HTMLInputElement::minLengthAttributeChanged):

html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLengthAttributeChanged):
(WebCore::HTMLTextAreaElement::minLengthAttributeChanged):

html/ImageInputType.cpp:

(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):

html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLNonNegativeInteger):
(WebCore::parseHTTPRefreshInternal):

html/parser/HTMLParserIdioms.h:

2:30 PM Changeset in webkit [205662] by commit-queue@webkit.org

1 edit
12 deletes in trunk/JSTests

Delete older WebAssembly tests
https://bugs.webkit.org/show_bug.cgi?id=161758

Patch by JF Bastien <jfbastien@apple.com> on 2016-09-08
Reviewed by Filip Pizlo.

They're not running, rely on the older polyfill prototype, and the older code was deleted in: https://trac.webkit.org/changeset/204180

stress/wasm-arithmetic-float32.js: Removed.
stress/wasm-arithmetic-float64.js: Removed.
stress/wasm-arithmetic-int32.js: Removed.
stress/wasm-calls.js: Removed.
stress/wasm-comma.js: Removed.
stress/wasm-control-flow.js: Removed.
stress/wasm-globals.js: Removed.
stress/wasm-linear-memory.js: Removed.
stress/wasm-locals.js: Removed.
stress/wasm-relational.js: Removed.
stress/wasm-type-conversion.js: Removed.
stress/wasm/arithmetic-float32.wasm: Removed.
stress/wasm/arithmetic-float64.wasm: Removed.
stress/wasm/arithmetic-int32.wasm: Removed.
stress/wasm/calls.wasm: Removed.
stress/wasm/comma.wasm: Removed.
stress/wasm/control-flow.wasm: Removed.
stress/wasm/globals.wasm: Removed.
stress/wasm/linear-memory.wasm: Removed.
stress/wasm/locals.wasm: Removed.
stress/wasm/relational.wasm: Removed.
stress/wasm/type-conversion.wasm: Removed.

2:16 PM Changeset in webkit [205661] by commit-queue@webkit.org

6 edits in trunk/Source/WebCore

Get rid of the color profile from ImageFrame and ImageDecoder
https://bugs.webkit.org/show_bug.cgi?id=159699

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-09-08
Reviewed by Simon Fraser.

The color profile is set but it is never used.

platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageFrame::setColorProfile): Deleted.

platform/image-decoders/ImageDecoder.h:
platform/image-decoders/jpeg/JPEGImageDecoder.cpp:

(WebCore::JPEGImageReader::decode):
(WebCore::JPEGImageDecoder::outputScanlines):
(WebCore::readColorProfile): Deleted.

platform/image-decoders/jpeg/JPEGImageDecoder.h:
platform/image-decoders/png/PNGImageDecoder.cpp:

(WebCore::PNGImageDecoder::headerAvailable):
(WebCore::PNGImageDecoder::rowAvailable):
(WebCore::readColorProfile): Deleted.

2:09 PM Changeset in webkit [205660] by hyatt@apple.com

33 edits
2 adds in trunk/Source/WebCore

[CSS Parser] Add support for new CSS selector parsing
https://bugs.webkit.org/show_bug.cgi?id=161749

Reviewed by Dean Jackson.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::isValidSelector):

css/CSSDefaultStyleSheets.cpp:

(WebCore::parseUASheet):

css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::matchingFaces):

css/CSSGrammar.y.in:
css/CSSSelector.cpp:

(WebCore::CSSSelector::selectorText):

css/CSSSelector.h:
css/DOMCSSNamespace.cpp:

(WebCore::DOMCSSNamespace::supports):

css/FontFace.cpp:

(WebCore::FontFace::parseString):
(WebCore::FontFace::setVariant):

css/MediaList.cpp:

(WebCore::MediaQuerySet::internalParse):
(WebCore::MediaQuerySet::parse):

css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

css/SelectorFilter.cpp:

(WebCore::SelectorFilter::collectIdentifierHashes):

css/SelectorPseudoClassAndCompatibilityElementMap.in:
css/SelectorPseudoTypeMap.h:
css/SourceSizeList.cpp:

(WebCore::parseSizesAttribute):

css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::MutableStyleProperties):

css/StyleProperties.h:
css/StyleRuleImport.cpp:

(WebCore::StyleRuleImport::setCSSStyleSheet):

css/StyleSheetContents.cpp:

(WebCore::StyleSheetContents::StyleSheetContents):
(WebCore::StyleSheetContents::parserAddNamespace):
(WebCore::StyleSheetContents::namespaceURIFromPrefix):
(WebCore::StyleSheetContents::determineNamespace): Deleted.

css/StyleSheetContents.h:
css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::setMatrixValue):

css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
css/parser/CSSParser.cpp:

(WebCore::strictCSSParserContext):
(WebCore::CSSParserContext::CSSParserContext):
(WebCore::CSSParser::parseColor):
(WebCore::CSSParser::shouldAcceptUnitLessValues):
(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parseColumnWidth):
(WebCore::CSSParser::parseColumnCount):
(WebCore::CSSParser::parseFontWeight):
(WebCore::CSSParser::parseColorParameters):
(WebCore::CSSParser::parseHSLParameters):
(WebCore::CSSParser::parseShadow):
(WebCore::CSSParser::parseBorderImageSlice):
(WebCore::CSSParser::parseBorderImageQuad):
(WebCore::CSSParser::parseDeprecatedLinearGradient):
(WebCore::CSSParser::parseLinearGradient):
(WebCore::CSSParser::parseTransformValue):
(WebCore::CSSParser::parseBuiltinFilterArguments):
(WebCore::CSSParser::determineNameInNamespace):

css/parser/CSSParser.h:

(WebCore::CSSParser::inStrictMode):
(WebCore::CSSParser::inQuirksMode):

css/parser/CSSParserMode.h:

(WebCore::isQuirksModeBehavior):
(WebCore::isUASheetBehavior):
(WebCore::isUnitLessLengthParsingEnabledForMode):
(WebCore::isCSSViewportParsingEnabledForMode):
(WebCore::strictToCSSParserMode):
(WebCore::isStrictParserMode):

css/parser/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoElementSelectorFromStringView):
(WebCore::CSSParserSelector::parsePseudoClassSelectorFromStringView):
(WebCore::CSSParserSelector::setSelectorList):
(WebCore::CSSParserSelector::appendTagHistory):
(WebCore::CSSParserSelector::releaseTagHistory):
(WebCore::CSSParserSelector::isHostPseudoSelector):

css/parser/CSSParserValues.h:

(WebCore::CSSParserSelector::match):
(WebCore::CSSParserSelector::pseudoElementType):
(WebCore::CSSParserSelector::selectorList):
(WebCore::CSSParserSelector::needsImplicitShadowCombinatorForMatching):

css/parser/CSSPropertyParser.h:

(WebCore::CSSPropertyParser::inQuirksMode):

css/parser/CSSSelectorParser.cpp: Added.

(WebCore::CSSSelectorParser::parseSelector):
(WebCore::CSSSelectorParser::CSSSelectorParser):
(WebCore::CSSSelectorParser::consumeComplexSelectorList):
(WebCore::CSSSelectorParser::consumeCompoundSelectorList):
(WebCore::CSSSelectorParser::consumeComplexSelector):
(WebCore::CSSSelectorParser::consumeCompoundSelector):
(WebCore::CSSSelectorParser::consumeSimpleSelector):
(WebCore::CSSSelectorParser::consumeName):
(WebCore::CSSSelectorParser::consumeId):
(WebCore::CSSSelectorParser::consumeClass):
(WebCore::CSSSelectorParser::consumeAttribute):
(WebCore::CSSSelectorParser::consumePseudo):
(WebCore::CSSSelectorParser::consumeCombinator):
(WebCore::CSSSelectorParser::consumeAttributeMatch):
(WebCore::CSSSelectorParser::consumeAttributeFlags):
(WebCore::CSSSelectorParser::consumeANPlusB):
(WebCore::CSSSelectorParser::defaultNamespace):
(WebCore::CSSSelectorParser::determineNamespace):
(WebCore::CSSSelectorParser::prependTypeSelectorIfNeeded):
(WebCore::CSSSelectorParser::addSimpleSelectorToCompound):
(WebCore::CSSSelectorParser::splitCompoundAtImplicitShadowCrossingCombinator):

css/parser/CSSSelectorParser.h: Added.

(WebCore::CSSSelectorParser::DisallowPseudoElementsScope::DisallowPseudoElementsScope):
(WebCore::CSSSelectorParser::DisallowPseudoElementsScope::~DisallowPseudoElementsScope):

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::fragmentRelationForSelectorRelation):

dom/StyledElement.cpp:

(WebCore::StyledElement::rebuildPresentationAttributeStyle):

svg/SVGFontFaceElement.cpp:

(WebCore::SVGFontFaceElement::SVGFontFaceElement):

1:54 PM Changeset in webkit [205659] by Simon Fraser

4 edits
2 adds in trunk

Don't run transitions to or from undefined Lengths
https://bugs.webkit.org/show_bug.cgi?id=161750
rdar://problem/28170460

Reviewed by Zalan Bujtas.

Source/WebCore:

For properties like max-height whose default value is 'none', we would erroneously
attempt to run transitions/animations, and then assert when one of the endpoints
was undefined.

So don't attempt to blend such Length values, just as do when they are auto.

Fixes some transitions on apple.com and developer.apple.com.

Test: transitions/transition-to-from-undefined.html

page/animation/CSSPropertyAnimation.cpp:

(WebCore::CSSPropertyAnimation::blendProperties):

platform/Length.cpp:

(WebCore::blend):

LayoutTests:

transitions/transition-to-from-undefined-expected.txt: Added.
transitions/transition-to-from-undefined.html: Added.

1:35 PM Changeset in webkit [205658] by fpizlo@apple.com

14 edits in trunk/Source/JavaScriptCore

Heap version should be 32-bit
https://bugs.webkit.org/show_bug.cgi?id=161751

Reviewed by Mark Lam.

32-bit devices are probably getting hurt by the 64-bit version number. The reason why I made
it 64-bit initially is so that I wouldn't have to worry about wrap-around. But wrap-around is
easy to handle.

heap/CellContainer.h:
heap/CellContainerInlines.h:

(JSC::CellContainer::flipIfNecessary):

heap/ConservativeRoots.cpp:

(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):

heap/ConservativeRoots.h:
heap/Heap.h:
heap/HeapInlines.h:

(JSC::Heap::testAndSetMarked):

heap/HeapUtil.h:

(JSC::HeapUtil::findGCObjectPointersForMarking):

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::MarkedBlock):

heap/MarkedBlock.h:

(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessaryConcurrently):
(JSC::MarkedBlock::Handle::flipIfNecessary):
(JSC::MarkedBlock::Handle::flipIfNecessaryConcurrently):

heap/MarkedSpace.cpp:

(JSC::MarkedSpace::flip):

heap/MarkedSpace.h:

(JSC::MarkedSpace::version):

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::SlotVisitor):

heap/SlotVisitor.h:

1:09 PM Changeset in webkit [205657] by mmaxfield@apple.com

11 edits in trunk

Support new emoji group candidates
https://bugs.webkit.org/show_bug.cgi?id=161664
<rdar://problem/24802695>
<rdar://problem/27666433>

Reviewed by Simon Fraser.

Source/WebCore:

Support more emoji group candidates. This includes joining groups into a single glyph, as
well as atomic deletions of the entire group when the backspace key is pressed.

Tests: editing/deleting/delete-emoji.html:

fast/text/emoji-num-glyphs.html:

platform/text/CharacterProperties.h:

(WebCore::isEmojiGroupCandidate):

Source/WTF:

Update breaking rules.

wtf/text/TextBreakIterator.cpp:

(WTF::cursorMovementIterator):

LayoutTests:

Add tests.

platform/ios-simulator/editing/deleting/delete-emoji-expected.txt:
platform/mac-yosemite/editing/deleting/delete-emoji-expected.txt:
platform/mac/editing/deleting/delete-emoji-expected.txt:
editing/deleting/delete-emoji.html:
fast/text/emoji-num-glyphs-expected.txt:
fast/text/emoji-num-glyphs.html:

1:05 PM Changeset in webkit [205656] by mark.lam@apple.com

9 edits in trunk/Source/JavaScriptCore

Add support for a ternary sub32 emitter for ARM64 and 32-bit ARM.
https://bugs.webkit.org/show_bug.cgi?id=161724

Reviewed by Filip Pizlo.

ARM architectures support ternary sub instructions. We should make use of them
in emitAllocateWithNonNullAllocator().

assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::sub32):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::sub32):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::sub32):

assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::sub32):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::sub32):

b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::testTernarySubInstructionSelection):
(JSC::B3::run):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):

12:46 PM Changeset in webkit [205655] by Chris Dumez

12 edits in trunk

HTMLImageElement.width / height attributes should be unsigned
https://bugs.webkit.org/show_bug.cgi?id=161730

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

HTMLImageElement.width / height attributes should be unsigned as per
the HTML specification:

https://html.spec.whatwg.org/#htmlimageelement

However, they are signed in WebKit. Firefox agrees with the
specification.

No new tests, rebaselined existing test.

bindings/js/JSImageConstructor.cpp:

(WebCore::JSImageConstructor::construct):
(WebCore::createImageConstructor): Deleted.

html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::createForJSConstructor):
(WebCore::HTMLImageElement::width):
(WebCore::HTMLImageElement::height):
(WebCore::HTMLImageElement::setHeight):
(WebCore::HTMLImageElement::setWidth):

html/HTMLImageElement.h:
html/HTMLImageElement.idl:
html/ImageDocument.cpp:

(WebCore::ImageDocument::restoreImageSize):

LayoutTests:

Update existing test to reflect behavior change.

js/dom/custom-constructors-expected.txt:
js/dom/script-tests/custom-constructors.js:

11:59 AM Changeset in webkit [205654] by fpizlo@apple.com

16 edits
2 deletes in trunk/Source

Move JSMap/JSSet over to Auxiliary MarkedSpace
https://bugs.webkit.org/show_bug.cgi?id=161744

Reviewed by Saam Barati.
Source/JavaScriptCore:

This moves the buffer out of CopiedSpace and into Auxiliary MarkedSpace.

Also removes MapData.h/MapDataInlines.h since they are not used anywhere, but they still
speak of CopiedSpace.

This is a purely mechanical change.

JavaScriptCore.xcodeproj/project.pbxproj:
heap/CopyToken.h:
runtime/HashMapImpl.cpp:

(JSC::HashMapImpl<HashMapBucket>::visitChildren):
(JSC::HashMapImpl<HashMapBucket>::copyBackingStore): Deleted.

runtime/HashMapImpl.h:

(JSC::HashMapBuffer::create):

runtime/JSMapIterator.cpp:
runtime/JSMapIterator.h:
runtime/JSSetIterator.cpp:
runtime/JSSetIterator.h:
runtime/MapBase.cpp:
runtime/MapData.h: Removed.
runtime/MapDataInlines.h: Removed.
runtime/MapPrototype.cpp:
runtime/SetConstructor.cpp:
runtime/SetPrototype.cpp:
runtime/VM.cpp:

Source/WebCore:

No new tests because no change in behavior.

bindings/js/SerializedScriptValue.cpp:

11:48 AM Changeset in webkit [205653] by commit-queue@webkit.org

7 edits
5 deletes in trunk

Unreviewed, rolling out r205652.
https://bugs.webkit.org/show_bug.cgi?id=161748

Crashing under ASan (Requested by yusukesuzuki on #webkit).

Reverted changeset:

"ScriptRunner should be driven by PendingScript rather than
ScriptElement"
https://bugs.webkit.org/show_bug.cgi?id=161726
http://trac.webkit.org/changeset/205652

10:49 AM Changeset in webkit [205652] by Yusuke Suzuki

7 edits
5 adds in trunk

ScriptRunner should be driven by PendingScript rather than ScriptElement
https://bugs.webkit.org/show_bug.cgi?id=161726

Reviewed by Ryosuke Niwa.

Source/WebCore:

[1]: https://html.spec.whatwg.org/multipage/scripting.html#execute-the-script-block

dom/ScriptElement.cpp: Drop LoadableScriptClient interface.

dom/ScriptElement.h:

dom/ScriptRunner.cpp:

dom/ScriptRunner.h:
html/parser/HTMLScriptRunner.cpp:

(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent): Use executeScriptForScriptRunner.

LayoutTests:

js/dom/document-write-in-error-event-expected.txt: Added.
js/dom/document-write-in-error-event.html: Added.
js/dom/document-write-in-load-event-expected.txt: Added.
js/dom/document-write-in-load-event.html: Added.
js/dom/script-tests/dummy.js: Added.

10:37 AM Changeset in webkit [205651] by commit-queue@webkit.org

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Debugger sidebar should include a warning message breakpoints are disabled
https://bugs.webkit.org/show_bug.cgi?id=156719
<rdar://problem/25787932>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-09-08
Reviewed by Brian Burg.

Localizations/en.lproj/localizedStrings.js:

New strings for breakpoints disabled warning banner.

UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger .warning-banner):
(.sidebar > .panel.navigation.debugger .warning-banner > a):
Generalize the class name to "warning-banner".

UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel):
(WebInspector.DebuggerSidebarPanel.prototype._breakpointsEnabledDidChange):
(WebInspector.DebuggerSidebarPanel.prototype._timelineCapturingWillStart):
(WebInspector.DebuggerSidebarPanel.prototype._timelineCapturingStopped):
(WebInspector.DebuggerSidebarPanel.prototype._updateBreakpointsDisabledBanner):
Show / hide a breakpoints disabled warning banner as needed.
Only one banner shows at a time, so either the timing warning
or the generic breakpoints disabled banner will show.

10:23 AM Changeset in webkit [205650] by achristensen@apple.com

4 edits in trunk

Re-land r205580 after r205649 fixed the test failures
https://bugs.webkit.org/show_bug.cgi?id=161668

Re-landing changesets:

"Punycode encode non-ascii hosts in URLParser"
https://bugs.webkit.org/show_bug.cgi?id=161655
http://trac.webkit.org/changeset/205521

"Fix query-only and fragment-only relative URLs when using
URLParser"
https://bugs.webkit.org/show_bug.cgi?id=161657
http://trac.webkit.org/changeset/205526

"URLParser should parse / as a relative URL"
https://bugs.webkit.org/show_bug.cgi?id=161667
http://trac.webkit.org/changeset/205532

10:19 AM Changeset in webkit [205649] by achristensen@apple.com

2 edits in trunk/Source/WebCore

Add range check in URLParser's serializeIPv6
https://bugs.webkit.org/show_bug.cgi?id=161743

Reviewed by David Kilzer.

No new tests, but this fixes API tests in some release builds after
the patch from https://bugs.webkit.org/show_bug.cgi?id=161668 is recommitted.

platform/URLParser.cpp:

(WebCore::serializeIPv6):
Don't go out of bounds. Don't assume that the memory immediately after the end of the array will be empty.

9:47 AM Changeset in webkit [205648] by fpizlo@apple.com

13 edits in trunk/Source/JavaScriptCore

Typed arrays should use MarkedSpace instead of CopiedSpace
https://bugs.webkit.org/show_bug.cgi?id=161100

Reviewed by Geoffrey Garen.

This moves typed array backing stores out of CopiedSpace and into Auxiliary MarkedSpace.

This is a purely mechanical change since Auxiliary MarkedSpace already knows how to do
everything that typed arrays want.

dfg/DFGOperations.cpp:

(JSC::DFG::newTypedArrayWithSize):

dfg/DFGOperations.h:

(JSC::DFG::operationNewTypedArrayWithSizeForType):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewTypedArray):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage): Deleted.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
(JSC::FTL::DFG::LowerDFGToB3::splatWords):
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorageAndGetEnd): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorage): Deleted.

heap/CopyToken.h:
heap/SlotVisitor.cpp:

(JSC::SlotVisitor::markAuxiliary):

jit/JITOperations.h:
runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::JSArrayBufferView):

runtime/JSArrayBufferView.h:
runtime/JSGenericTypedArrayView.h:
runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::createWithFastVector):
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
(JSC::JSGenericTypedArrayView<Adaptor>::copyBackingStore): Deleted.

9:11 AM Changeset in webkit [205647] by Carlos Garcia Campos

13 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205421 - Remove Style::PendingResources
https://bugs.webkit.org/show_bug.cgi?id=161574

Reviewed by Andreas Kling.

RenderStyle contains all the information needed to initialize resource loads. There is no need for this side structure.

css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::loadSubimages):

Load external SVG resources along with any image resources.

css/CSSToStyleMap.cpp:

(WebCore::CSSToStyleMap::styleImage):
(WebCore::CSSToStyleMap::mapFillImage):
(WebCore::CSSToStyleMap::mapNinePieceImage):

css/CSSToStyleMap.h:
css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertStyleImage):
(WebCore::StyleBuilderConverter::convertShapeValue):

css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyValueCursor):
(WebCore::StyleBuilderCustom::applyValueContent):

css/StyleResolver.cpp:

(WebCore::StyleResolver::State::clear):
(WebCore::StyleResolver::styleImage):
(WebCore::StyleResolver::createFilterOperations):
(WebCore::StyleResolver::loadPendingResources):
(WebCore::StyleResolver::State::ensurePendingResources): Deleted.
(WebCore::StyleResolver::styleCachedImageFromValue): Deleted.
(WebCore::StyleResolver::styleGeneratedImageFromValue): Deleted.

css/StyleResolver.h:

(WebCore::StyleResolver::State::takePendingResources): Deleted.

platform/graphics/filters/FilterOperation.cpp:

(WebCore::ReferenceFilterOperation::loadExternalDocumentIfNeeded):
(WebCore::ReferenceFilterOperation::getOrCreateCachedSVGDocumentReference): Deleted.

platform/graphics/filters/FilterOperation.h:

(WebCore::ReferenceFilterOperation::cachedSVGDocumentReference):

rendering/style/StyleCachedImage.cpp:

(WebCore::StyleCachedImage::StyleCachedImage):

style/StylePendingResources.cpp:

(WebCore::Style::loadPendingResources):

Trigger resource loads by checking pending resources in RenderStyle unconditionally. Keeping track of them
separately wasn't necessary or a meaningful optimization.

(WebCore::Style::loadPendingImages): Deleted.
(WebCore::Style::loadPendingSVGFilters): Deleted.

style/StylePendingResources.h:

9:11 AM Changeset in webkit [205646] by Carlos Garcia Campos

19 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205419 - Reverse ownership relation of StyleCachedImage and CSSImageValue
https://bugs.webkit.org/show_bug.cgi?id=161447

Reviewed by Andreas Kling.

Currently StyleCachedImage (which represents an image in RenderStyle) has a weak ref to the
underlying CSSImageValue/CSSImageSetValue which actually owns it. This is awkwards especially since
StyleGeneratedImage, the other StyleImage subclass has reversed relationship where it refs
the underlying CSSImageGeneratorValue.

This patch makes StyleCachedImage similar to StyleGeneratedImage. StyleCachedImage now refs the
underlying CSSImageValue/CSSImageSetValue. CSSImageValues no longer need to know about StyleCachedImage.
Instead they reference CachedImages (memory cache objects) directly. StyleCachedImage instances are now
conceptually unique to RenderStyle instances. Actual resources are shared as before by sharing CachedImages.

css/CSSCursorImageValue.cpp:

(WebCore::CSSCursorImageValue::loadImage):
(WebCore::CSSCursorImageValue::cachedImage):
(WebCore::CSSCursorImageValue::styleImage): Deleted.

css/CSSCursorImageValue.h:
css/CSSImageGeneratorValue.cpp:

(WebCore::CSSImageGeneratorValue::cachedImageForCSSValue):

css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::~CSSImageSetValue):
(WebCore::CSSImageSetValue::loadBestFitImage):
(WebCore::CSSImageSetValue::traverseSubresources):
(WebCore::CSSImageSetValue::styleImage): Deleted.

css/CSSImageSetValue.h:
css/CSSImageValue.cpp:

(WebCore::CSSImageValue::CSSImageValue):
(WebCore::CSSImageValue::~CSSImageValue):
(WebCore::CSSImageValue::isPending):
(WebCore::CSSImageValue::loadImage):
(WebCore::CSSImageValue::traverseSubresources):
(WebCore::CSSImageValue::knownToBeOpaque):
(WebCore::CSSImageValue::styleImage): Deleted.

css/CSSImageValue.h:
css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyValueContent):

css/StyleResolver.cpp:

(WebCore::StyleResolver::styleImage):
(WebCore::StyleResolver::styleCachedImageFromValue):
(WebCore::StyleResolver::styleGeneratedImageFromValue):
(WebCore::StyleResolver::cachedOrPendingFromValue): Deleted.
(WebCore::StyleResolver::generatedOrPendingFromValue): Deleted.
(WebCore::StyleResolver::setOrPendingFromValue): Deleted.
(WebCore::StyleResolver::cursorOrPendingFromValue): Deleted.

css/StyleResolver.h:
editing/TextIterator.cpp:

(WebCore::fullyClipsContents):

page/PageSerializer.cpp:

(WebCore::PageSerializer::retrieveResourcesForProperties):

rendering/style/FillLayer.cpp:

(WebCore::FillLayer::imagesIdentical):

Compare data equality instead of pointer equality for StyleImages (since StyleImages are no longer shared).

(WebCore::layerImagesIdentical): Deleted.

rendering/style/StyleCachedImage.cpp:

(WebCore::StyleCachedImage::StyleCachedImage):
(WebCore::StyleCachedImage::~StyleCachedImage):
(WebCore::StyleCachedImage::cachedImage):
(WebCore::StyleCachedImage::cssValue):
(WebCore::StyleCachedImage::canRender):
(WebCore::StyleCachedImage::isPending):
(WebCore::StyleCachedImage::isLoaded):
(WebCore::StyleCachedImage::errorOccurred):
(WebCore::StyleCachedImage::imageSize):
(WebCore::StyleCachedImage::imageHasRelativeWidth):
(WebCore::StyleCachedImage::imageHasRelativeHeight):
(WebCore::StyleCachedImage::computeIntrinsicDimensions):
(WebCore::StyleCachedImage::usesImageContainerSize):
(WebCore::StyleCachedImage::setContainerSizeForRenderer):
(WebCore::StyleCachedImage::addClient):
(WebCore::StyleCachedImage::removeClient):
(WebCore::StyleCachedImage::image):
(WebCore::StyleCachedImage::knownToBeOpaque):
(WebCore::StyleCachedImage::setCachedImage): Deleted.

rendering/style/StyleCachedImage.h:

8:51 AM Changeset in webkit [205645] by Carlos Garcia Campos

12 edits in releases/WebKitGTK/webkit-2.14/Source

Merge r205405 - Use ASCIILiteral in some more places
https://bugs.webkit.org/show_bug.cgi?id=161557

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-09-03
Reviewed by Darin Adler.

Source/JavaScriptCore:

runtime/TypeSet.h:

(JSC::StructureShape::setConstructorName):

Source/WebCore:

Modules/indexeddb/IDBDatabaseException.cpp:

(WebCore::IDBDatabaseException::getErrorName):
(WebCore::IDBDatabaseException::getErrorDescription):

Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::binaryType):

css/FontFace.cpp:

(WebCore::FontFace::stretch):
(WebCore::FontFace::unicodeRange):
(WebCore::FontFace::featureSettings):

html/canvas/WebGLRenderingContextBase.cpp:
html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::initiatorFor):

loader/FormSubmission.cpp:

(WebCore::FormSubmission::Attributes::parseEncodingType):

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::toRawString):

platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::CGImageToDataURL):
(WebCore::ImageBuffer::toDataURL):
(WebCore::ImageDataToDataURL):

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::filenameExtension):

8:31 AM Changeset in webkit [205644] by Carlos Garcia Campos

10 edits
15 adds in releases/WebKitGTK/webkit-2.14

Merge r205400 - Align meta element http-equiv="refresh" parsing with the HTML specification
https://bugs.webkit.org/show_bug.cgi?id=161543

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Import corresponding test from W3C.

web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/parsing-expected.txt: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/parsing.html: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/;url=foo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/dir.headers: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/foo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/foo'bar: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/refresh.sub.html: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/ufoo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/urfoo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/url foo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/urlfoo: Added.
web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/x;url=foo: Added.

Source/WebCore:

Align meta element http-equiv="refresh" parsing with the HTML specification:

https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv-refresh

Tests: imported/w3c/web-platform-tests/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/parsing.html

dom/Document.cpp:

(WebCore::Document::processHttpEquiv):

html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTTPRefreshInternal):
(WebCore::parseMetaHTTPEquivRefresh):

html/parser/HTMLParserIdioms.h:
loader/FrameLoader.cpp:

(WebCore::FrameLoader::receivedFirstData):

platform/network/HTTPParsers.cpp:

(WebCore::skipWhiteSpace):
(WebCore::skipEquals):
(WebCore::parseHTTPRefresh):
(WebCore::parseXSSProtectionHeader):
(WebCore::skipValue): Deleted.

platform/network/HTTPParsers.h:

LayoutTests:

Update layout test to only use HTML spaces in http-equiv="refresh"
content value.

http/tests/misc/refresh-meta-with-newline.html:

8:31 AM Changeset in webkit [205643] by Carlos Garcia Campos

6 edits
1 add in releases/WebKitGTK/webkit-2.14

Merge r205399 - run-webkit-tests should detect w3c test resource files
https://bugs.webkit.org/show_bug.cgi?id=161307

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-03
Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

resources/resource-files.json: Added.

Tools:

Scripts/webkitpy/port/base.py:

(Port.init): Adding self._w3c_resource_files to store the list of resource files.
(Port.potential_test_names_from_expected_file):
(Port._real_tests):
(Port.is_w3c_resource_file): Computing whether a file is a resource file based on imported/w3c/resources/resource-files.json.
(Port._is_test_file): Updated to call Port.is_w3c_resource_file. _is_test_file is no longer static.
(Port): Deleted.

Scripts/webkitpy/port/base_unittest.py:

(PortTest.test_additional_platform_directory):
(PortTest.test_find_no_paths_specified):
(PortTest.test_is_test_file): Updated to use non-static version of _is_test_file.
(PortTest.test_is_w3c_resource_file): Adding tests.

LayoutTests:

TestExpectations: Removing resource files skip expectations.

8:26 AM Changeset in webkit [205642] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205397 - [GTK] -Wmissing-field-initializers on WaylandCompositor.cpp:295
https://bugs.webkit.org/show_bug.cgi?id=161524

Reviewed by Carlos Garcia Campos.

UIProcess/gtk/WaylandCompositor.cpp:

8:21 AM Changeset in webkit [205641] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205395 - [Threaded Compositor] Move the viewport controller off the compositing thread
https://bugs.webkit.org/show_bug.cgi?id=161532

Reviewed by Michael Catanzaro.

While working on bug #161242 I've realized that having the view port controller in the compositing thread makes
everything more complex. The viewport controller receives changes about things like contents size, viewport
size, etc. and uses that information to compute the visible contents rect and page scale factor. Then it
notifies back to main thread about the computed visible contents rect and page scale. Those computations are not
heave at all, so they could be done in the main thread and we would avoid communications between the main and
compositing thread in both directions. The main thread needs the visible contents rect to notify the compositing
coordinator and the page cale to scale the page in case of pixed layout. But the compositing thread only needs
to know the effective scale and scroll position. So, instead of going to the compositing thread after every
change that might update the visible contents rect and page scale factor, we could do those calculations in the
main thread and only notify the compositing thread about the actual changes in the scroll position and effective scale.

Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:

(WebKit::CoordinatedGraphicsScene::createTilesIfNeeded): Return early if backingStore is nullptr, which can
happen if the layer shouldn't have a backing store and was removed by the previous call to prepareContentBackingStore().
(WebKit::CoordinatedGraphicsScene::updateTilesIfNeeded): Ditto.

Shared/CoordinatedGraphics/SimpleViewportController.cpp:

(WebKit::SimpleViewportController::SimpleViewportController): Remove the client since we no longer need to
notify about changes.
(WebKit::SimpleViewportController::didChangeViewportSize): Remove call to syncVisibleContents().
(WebKit::SimpleViewportController::didChangeContentsSize): Ditto.
(WebKit::SimpleViewportController::didChangeViewportAttributes): Ditto.
(WebKit::SimpleViewportController::didScroll): Removed unused scrollBy methods and renamed scrollTo as
didiScroll for consistency. Save the position without calling boundContentsPosition, because that's already
donde when the position is used to compute the contents visible rectangle.
(WebKit::SimpleViewportController::visibleContentsRect): No need to notify about the changes.
(WebKit::SimpleViewportController::visibleContentsSize): Deleted.

Shared/CoordinatedGraphics/SimpleViewportController.h:
Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::create): Pass a reference to the client instead of a pointer. It's no longer
possible to have a valid pointer when the object has been destroyed, so we can better use a reference now.
(WebKit::ThreadedCompositor::ThreadedCompositor): Ditto.
(WebKit::ThreadedCompositor::~ThreadedCompositor): Remove assert.
(WebKit::ThreadedCompositor::invalidate): No need to invalidate the client.
(WebKit::ThreadedCompositor::setScaleFactor): Set the effective scale factor that should be used for rendering.
(WebKit::ThreadedCompositor::setScrollPosition): Set the current scroll position and effective scale factor.
(WebKit::ThreadedCompositor::setViewportSize): Set the viewport size and effective scale factor.
(WebKit::ThreadedCompositor::renderNextFrame): Update m_client use that is no longer a pointer.
(WebKit::ThreadedCompositor::commitScrollOffset): Ditto.
(WebKit::ThreadedCompositor::renderLayerTree): Call glViewport after a resize and use m_viewportSize,
m_scrollPosition and m_scaleFactor members.
(WebKit::ThreadedCompositor::didChangeVisibleRect): Deleted.

Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h:
WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp:

(WebKit::ThreadedCoordinatedLayerTreeHost::ThreadedCoordinatedLayerTreeHost): Pass the compositor client as a
reference to ThreadedCompositor constructor.
(WebKit::ThreadedCoordinatedLayerTreeHost::scrollNonCompositedContents): Update the viewport and call didChangeViewport().
(WebKit::ThreadedCoordinatedLayerTreeHost::contentsSizeChanged): Ditto.
(WebKit::ThreadedCoordinatedLayerTreeHost::deviceOrPageScaleFactorChanged): Pass the effective scale factor to
the compositor.
(WebKit::ThreadedCoordinatedLayerTreeHost::sizeDidChange): Update the viewport, the compositor and call didChangeViewport().
(WebKit::ThreadedCoordinatedLayerTreeHost::didChangeViewportProperties): Update the viewport and call didChangeViewport().
(WebKit::ThreadedCoordinatedLayerTreeHost::didChangeViewport): Notify the compositing coordinator about the new
visible contents rectangle, and update the threaded compositor if needed.

WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h:

8:19 AM Changeset in webkit [205640] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205392 - Should never be reached failure in WebCore::floatValueForLength
https://bugs.webkit.org/show_bug.cgi?id=139397
<rdar://problem/27704376>

Reviewed by Simon Fraser.

Source/WebCore:

floatValueForLength can't resolve unspecified Length types. Filter them out and return 0 as if they were auto.

Test: svg/css/assert-on-non-resolvable-dimension.html

svg/SVGLengthContext.cpp:

(WebCore::SVGLengthContext::valueForLength):

LayoutTests:

svg/css/assert-on-non-resolvable-dimension-expected.txt: Added.
svg/css/assert-on-non-resolvable-dimension.html: Added.

8:17 AM Changeset in webkit [205639] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205384 - ASSERT_NOT_REACHED() is touched in WebCore::valueForLength
https://bugs.webkit.org/show_bug.cgi?id=123337
<rdar://problem/27684121>

Reviewed by Simon Fraser.

Source/WebCore:

Do not try to use unspecified height value while resolving logical height for table row.

Test: fast/table/assert-on-non-resolvable-row-dimension.html

rendering/RenderTableCell.h:

(WebCore::RenderTableCell::logicalHeightForRowSizing):

LayoutTests:

fast/table/assert-on-non-resolvable-row-dimension-expected.txt: Added.
fast/table/assert-on-non-resolvable-row-dimension.html: Added.

8:13 AM Changeset in webkit [205638] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205380 - [JSC] Remove some more useless cases from FTL Capabilities
https://bugs.webkit.org/show_bug.cgi?id=161466

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-09-02
Reviewed by Geoffrey Garen.

Some cases do not make sense:
-In: Fixup only generate CellUse.
-PutByIdXXX: same.
-GetIndexedPropertyStorage: those cases are the only ones supported

by DFG. We would have crashed in SpeculativeJIT if other modes
were generated.

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compilePutById):
(JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileIn):

8:11 AM Changeset in webkit [205637] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205374 - ASSERTION FAILED: !m_committedWidth in WebCore::LineWidth::fitBelowFloats
https://bugs.webkit.org/show_bug.cgi?id=149462
<rdar://problem/27710841>

Reviewed by David Hyatt.

Source/WebCore:

In certain cases (multiple spans on the same line with negativ marings), the LineWidth::m_committedWidth > 0
check is not sufficient to decide if some content has already been committed to the current line.
This patch adds a flag to indicate if we ever committed to the current line.

Test: fast/text/assert-when-text-with-negative-margin-sibling-does-not-fit.html

rendering/line/BreakingContext.h:

(WebCore::BreakingContext::handleText):

rendering/line/LineWidth.h:

(WebCore::LineWidth::hasCommitted):

LayoutTests:

fast/text/assert-when-text-with-negative-margin-sibling-does-not-fit-expected.txt: Added.
fast/text/assert-when-text-with-negative-margin-sibling-does-not-fit.html: Added.

8:02 AM Changeset in webkit [205636] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205364 - Register usage optimization in mathIC when LHS and RHS are constants isn't configured correctly
https://bugs.webkit.org/show_bug.cgi?id=160802

Patch by Caio Lima <Caio Lima> on 2016-09-02
Reviewed by Saam Barati.

This patch is fixing a broken mechanism of MathIC that avoids allocate
a register to LHS or RHS if one of these operands are proven as valid
constant for JIT*Generator. In previous implementation, even if the
JIT*Generator was not using an operand register because it was proven as a
constant, compileMathIC and emitICFast were allocating a register for
it. This was broken because mathIC->isLeftOperandValidConstant and
mathIC->isLeftOperandValidConstant were being called before its Generator be
properly initialized. We changed this mechanism to enable Generators write
their validConstant rules using static methods isLeftOperandValidConstant(SnippetOperand)
and isRightOperandValidConstant(SnippetOperand).

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileMathIC):

jit/JITAddGenerator.h:

(JSC::JITAddGenerator::JITAddGenerator):
(JSC::JITAddGenerator::isLeftOperandValidConstant):
(JSC::JITAddGenerator::isRightOperandValidConstant):

jit/JITArithmetic.cpp:

(JSC::JIT::emitMathICFast):

jit/JITMathIC.h:
jit/JITMulGenerator.h:

(JSC::JITMulGenerator::JITMulGenerator):
(JSC::JITMulGenerator::isLeftOperandValidConstant):
(JSC::JITMulGenerator::isRightOperandValidConstant):

jit/JITSubGenerator.h:

(JSC::JITSubGenerator::isLeftOperandValidConstant):
(JSC::JITSubGenerator::isRightOperandValidConstant):

7:59 AM Changeset in webkit [205635] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WTF

Merge r205362 - bitwise_cast infinite loops if called from the default constructor in ToType
https://bugs.webkit.org/show_bug.cgi?id=161365

Patch by JF Bastien <jfbastien@apple.com> on 2016-09-02
Reviewed by Saam Barati.

wtf/StdLibExtras.h:

(WTF::bitwise_cast): use aggregate initialization to avoid ctor

5:33 AM Changeset in webkit [205634] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205361 - GetByValWithThis: fix opInfo in DFG creation
https://bugs.webkit.org/show_bug.cgi?id=161541

Patch by JF Bastien <jfbastien@apple.com> on 2016-09-02
Reviewed by Saam Barati.

super-get-by-val-with-this-monomorphic might be 1.0148x faster after this change.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): fix OpInfo

5:33 AM Changeset in webkit [205633] by Carlos Garcia Campos

10 edits
1 delete in releases/WebKitGTK/webkit-2.14

Merge r205360 - REGRESSION (r204839): [mac-wk1] LayoutTest webgl/max-active-contexts-webglcontextlost-prevent-default.html is a flaky timeout
https://bugs.webkit.org/show_bug.cgi?id=161205

Reviewed by Geoffrey Garen.

Source/WebCore:

Fixes several issues:

Add missing isReachableFromOpaqueRoots() implementation for JSWebGLRenderingContextBase. It used to rely on the one from its JSCanvasRenderingContext base. However, that base was dropped in r204839.
Update JSWebGLRenderingContextBase::visitAdditionalChildren() to add its canvas object as opaque root as well. This used to be taken care of by JSCanvasRenderingContext::visitAdditionalChildren() but it got dropped in r204839.

This also refactors the code a bit for clarity.

No new tests, unskipped existing test.

WebCore.xcodeproj/project.pbxproj:
bindings/js/JSCanvasRenderingContext.h: Removed.
bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::getCSSCanvasContext):

bindings/js/JSHTMLCanvasElementCustom.cpp:

(WebCore::JSHTMLCanvasElement::getContext):

bindings/js/JSWebGLRenderingContextBaseCustom.cpp:

(WebCore::toJSNewlyCreated):
(WebCore::toJS):
(WebCore::JSWebGLRenderingContextBaseOwner::isReachableFromOpaqueRoots):
(WebCore::JSWebGLRenderingContextBase::visitAdditionalChildren):

html/canvas/CanvasRenderingContext.h:

(WebCore::CanvasRenderingContext::is3d):

html/canvas/WebGLRenderingContextBase.h:
html/canvas/WebGLRenderingContextBase.idl:

LayoutTests:

Unskip test case now that it is no longer flaky.

platform/mac-wk1/TestExpectations:

5:31 AM Changeset in webkit [205632] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/WebInspectorUI

Merge r205349 - Web Inspector: NetworkTimelineOverviewGraph.MinimumBarPaddingTime is undefined
https://bugs.webkit.org/show_bug.cgi?id=161510

Patch by Johan K. Jensen <johan_jensen@apple.com> on 2016-09-02
Reviewed by Brian Burg.

UserInterface/Views/NetworkTimelineOverviewGraph.js:

(WebInspector.NetworkTimelineOverviewGraph.prototype._networkTimelineRecordAdded):
(WebInspector.NetworkTimelineOverviewGraph):
Calculate the minimumBarPaddingTime in similar ways to TimelineRecordBar,
by using MinimumWidthPixel, MinimumMarginPixel and MinimumDurationPerPixel as the secondsPerPixel value.

UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
Make Minimum/MaximumDurationPerPixel public properties.

5:20 AM Changeset in webkit [205631] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Tools

Merge r205343 - [GTK] Fix compiler warning in MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=161529

We were missing a return statement in decidePermissionRequest() and
also there was unused variable in browserWindowConstructed().

Patch by Tomas Popela <tpopela@redhat.com> on 2016-09-02
Reviewed by Carlos Garcia Campos.

MiniBrowser/gtk/BrowserTab.c:

(decidePermissionRequest):

MiniBrowser/gtk/BrowserWindow.c:

(browserWindowConstructed):

5:20 AM Changeset in webkit [205630] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205341 - Unreviewed GTK+ build fix when compiling with Clang.

WebProcess/WebPage/gtk/AcceleratedSurface.cpp: Include WebPage.h.

5:19 AM Changeset in webkit [205629] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205332 - jsc: fix cmake build missing symbol getPropertySlot
https://bugs.webkit.org/show_bug.cgi?id=161521

Patch by JF Bastien <jfbastien@apple.com> on 2016-09-01
Reviewed by Saam Barati.

runtime/IntlDateTimeFormat.cpp: include JSCInlines.h
runtime/IntlNumberFormat.cpp: include JSCInlines.h

5:19 AM Changeset in webkit [205628] by Carlos Garcia Campos

26 edits
1 add in releases/WebKitGTK/webkit-2.14/Source

Merge r205324 - Move some JSObject and JSArray inline functions to their respective Inlines.h files.
https://bugs.webkit.org/show_bug.cgi?id=161499

Reviewed by Saam Barati.

Source/JavaScriptCore:

This is just a refactoring patch to move some inline functions to their Inlines.h
files. This will be needed to enable https://bugs.webkit.org/show_bug.cgi?id=161498
later.

bindings/ScriptValue.cpp:
interpreter/Interpreter.cpp:
runtime/IntlDateTimeFormatPrototype.cpp:
runtime/IntlNumberFormatPrototype.cpp:
runtime/JSArray.cpp:
runtime/JSArray.h:

(JSC::getLength): Deleted.
(JSC::toLength): Deleted.

runtime/JSArrayInlines.h:

(JSC::JSArray::mergeIndexingTypeForCopying):
(JSC::JSArray::canFastCopy):
(JSC::getLength):
(JSC::toLength):

runtime/JSInternalPromise.cpp:
runtime/JSInternalPromiseDeferred.cpp:
runtime/JSJob.cpp:
runtime/JSModuleRecord.cpp:
runtime/JSObject.h:

(JSC::JSObject::getPropertySlot): Deleted.
(JSC::JSObject::getNonIndexPropertySlot): Deleted.

runtime/JSObjectInlines.h:

(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):

runtime/JSPromiseDeferred.cpp:
runtime/JSTypedArrayViewPrototype.cpp:
runtime/MapConstructor.cpp:
runtime/SamplingProfiler.cpp:
runtime/SetConstructor.cpp:
runtime/WeakMapConstructor.cpp:
runtime/WeakSetConstructor.cpp:

Source/WebCore:

No new tests because there is no behavior change.

ForwardingHeaders/runtime/JSObjectInlines.h: Added.
bindings/js/JSDOMBinding.h:
bindings/js/JSSQLTransactionCustom.cpp:
bindings/js/JSWebGLRenderingContextBaseCustom.cpp:
contentextensions/ContentExtensionParser.cpp:

5:02 AM Changeset in webkit [205627] by Carlos Garcia Campos

10 edits
4 adds in releases/WebKitGTK/webkit-2.14

Merge r205321 - GetByIdWithThis/GetByValWithThis should have ValueProfiles so that they can predict their result types
https://bugs.webkit.org/show_bug.cgi?id=160922

Patch by JF Bastien <jfbastien@apple.com> on 2016-09-01
Reviewed by Keith Miller.

JSTests:

Benchmark GetBy{Id,Val}WithThis in monomorphic and polymorphic uses.
The value profile is used by the calc functions, which do some mild math with the result.
These benchmarks get ~4% faster with value profiling.

microbenchmarks/super-get-by-id-with-this-monomorphic.js: Added.

(A):
(A.prototype.set value):
(A.prototype.get value):
(B.prototype.set value):
(B.prototype.get value):
(B):
(const.bench):

microbenchmarks/super-get-by-id-with-this-polymorphic.js: Added.

(A):
(A.prototype.set value):
(A.prototype.get value):
(B.prototype.set value):
(B.prototype.get value):
(B):
(const.bench):

microbenchmarks/super-get-by-val-with-this-monomorphic.js: Added.

(value):
(A):
(A.prototype.set v):
(A.prototype.get v):
(B.prototype.set v):
(B.prototype.get v):
(B):
(const.bench):

microbenchmarks/super-get-by-val-with-this-polymorphic.js: Added.

(value):
(A):
(A.prototype.set v):
(A.prototype.get v):
(B.prototype.set v):
(B.prototype.get v):
(B):
(const.bench):

Source/JavaScriptCore:

Add value profiling to GetBy{Id,Val}WithThis.

bytecode/BytecodeList.json:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::emitGetByVal):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGNode.h:

(JSC::DFG::Node::hasHeapPrediction):

dfg/DFGPredictionPropagationPhase.cpp:
llint/LowLevelInterpreter.asm:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

4:22 AM Changeset in webkit [205626] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/WebInspectorUI

Merge r205320 - Web Inspector: Value checks of secondsPerPixel cause errors
https://bugs.webkit.org/show_bug.cgi?id=161304
<rdar://problem/28050070>

Reviewed by Brian Burg.

UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView.prototype.reset):
Clear resource node map, which is used to determine which nodes
to refresh during layout.

(WebInspector.NetworkTimelineView.prototype.layout):
Like OverviewTimelineView, only refresh node graphs when times change.
This prevents refreshing nodes when (endTime - startTime) === 0.

UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._recordingReset):
TimelineViews must be cleared before calling _updateTimes to avoid
doing layouts in timeline views containing stale data.

4:19 AM Changeset in webkit [205625] by Carlos Garcia Campos

14 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205309 - Rename WASM classes dropping the WASM prefix
https://bugs.webkit.org/show_bug.cgi?id=161500

Reviewed by Mark Lam.

Having to write WASM::WASMModule seems silly. Also, this patch
merges WASMFunctionReturnType and WASMValueType into one type
that is a typedef of B3::Type. Using B3::Type as the WASM
primitive type makes it trivial to convert a Vector of WASM
types into a Vector of B3 types.

b3/B3Type.h:
wasm/JSWASMModule.h:

(JSC::JSWASMModule::signatures):
(JSC::JSWASMModule::functionImports):
(JSC::JSWASMModule::functionImportSignatures):
(JSC::JSWASMModule::globalVariableTypes):
(JSC::JSWASMModule::functionDeclarations):
(JSC::JSWASMModule::functionPointerTables):

wasm/WASMB3IRGenerator.cpp:

(JSC::WASM::toB3Op):
(JSC::WASM::B3IRGenerator::addLocal):
(JSC::WASM::B3IRGenerator::unaryOp):
(JSC::WASM::B3IRGenerator::binaryOp):
(JSC::WASM::B3IRGenerator::addConstant):
(JSC::WASM::parseAndCompile):

wasm/WASMB3IRGenerator.h:
wasm/WASMFormat.h:
wasm/WASMFunctionParser.h:

(JSC::WASM::FunctionParser<Context>::FunctionParser):
(JSC::WASM::FunctionParser<Context>::parse):
(JSC::WASM::FunctionParser<Context>::parseBlock):
(JSC::WASM::FunctionParser<Context>::parseExpression):
(JSC::WASM::WASMFunctionParser<Context>::WASMFunctionParser): Deleted.
(JSC::WASM::WASMFunctionParser<Context>::parse): Deleted.
(JSC::WASM::WASMFunctionParser<Context>::parseBlock): Deleted.
(JSC::WASM::WASMFunctionParser<Context>::parseExpression): Deleted.

wasm/WASMModuleParser.cpp:

(JSC::WASM::ModuleParser::parse):
(JSC::WASM::ModuleParser::parseFunctionTypes):
(JSC::WASM::ModuleParser::parseFunctionSignatures):
(JSC::WASM::ModuleParser::parseFunctionDefinitions):
(JSC::WASM::WASMModuleParser::parse): Deleted.
(JSC::WASM::WASMModuleParser::parseFunctionTypes): Deleted.
(JSC::WASM::WASMModuleParser::parseFunctionSignatures): Deleted.
(JSC::WASM::WASMModuleParser::parseFunctionDefinitions): Deleted.

wasm/WASMModuleParser.h:

(JSC::WASM::ModuleParser::ModuleParser):
(JSC::WASM::ModuleParser::functionInformation):
(JSC::WASM::WASMModuleParser::WASMModuleParser): Deleted.
(JSC::WASM::WASMModuleParser::functionInformation): Deleted.

wasm/WASMOps.h:
wasm/WASMParser.h:

(JSC::WASM::Parser::Parser):
(JSC::WASM::Parser::consumeCharacter):
(JSC::WASM::Parser::consumeString):
(JSC::WASM::Parser::parseUInt32):
(JSC::WASM::Parser::parseUInt7):
(JSC::WASM::Parser::parseVarUInt1):
(JSC::WASM::Parser::parseValueType):
(JSC::WASM::WASMParser::WASMParser): Deleted.
(JSC::WASM::WASMParser::consumeCharacter): Deleted.
(JSC::WASM::WASMParser::consumeString): Deleted.
(JSC::WASM::WASMParser::parseUInt32): Deleted.
(JSC::WASM::WASMParser::parseUInt7): Deleted.
(JSC::WASM::WASMParser::parseVarUInt1): Deleted.
(JSC::WASM::WASMParser::parseValueType): Deleted.

wasm/WASMPlan.cpp:

(JSC::WASM::Plan::Plan):

wasm/WASMSections.cpp:

(JSC::WASM::Sections::lookup):
(JSC::WASM::WASMSections::lookup): Deleted.

wasm/WASMSections.h:

(JSC::WASM::Sections::validateOrder):
(JSC::WASM::WASMSections::validateOrder): Deleted.

4:16 AM Changeset in webkit [205624] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebInspectorUI

Merge r205307 - REGRESSION (r201454): Web Inspector: Text caret isn't visible when editing an attribute
https://bugs.webkit.org/show_bug.cgi?id=160986
<rdar://problem/27916207>

Reviewed by Brian Burg.

UserInterface/Views/DOMTreeOutline.css:

(.tree-outline.dom li .selection-area):
(.tree-outline.dom li > span):
Place selection area under the edited field, the way it was before r201454.

4:15 AM Changeset in webkit [205623] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.14

Merge r205304 - ObjectAllocationSinkingPhase::insertOSRHintsForUpdate() fails to emit updated hints in some cases
https://bugs.webkit.org/show_bug.cgi?id=161492

Reviewed by Mark Lam.

JSTests:

This bug affected function->activation references but not object->object field references,
because object->object field references are !neededForMaterialization(). So, the object
test always passed but the activation/function test used to always fail. It passes now.

stress/materialize-activation-referenced-from-phantom-function.js: Added.

(bar):
(inc):
(dec):
(foo):
(test):

stress/materialize-object-referenced-from-phantom-object.js: Added.

(bar):
(foo):
(test):

Source/JavaScriptCore:

If you materialize a sunken object that is referenced from another sunken object, then you
have to emit a PutHint to tell OSR that the latter object now refers to a materialized
object rather than to the old sunken one.

The ObjectAllocationSinkingPhase totally knows how to do this, but for some reason it only
did it when the PromotedLocationDescriptor for the field used for referring to the other
object is !neededForMaterialization(), i.e. it's a NamedPropertyPLoc or a ClosureVarPLoc.
I can sort of imagine why we thought that would be right - neededForMaterialization() means
it's a special meta-data field initialized on construction. But just because it's immutable
and special doesn't mean that materialization can't change its physical representation.
Removing the requirement that it's !neededForMaterialization() fixes the test and doesn't
regress anything.

dfg/DFGObjectAllocationSinkingPhase.cpp:

4:13 AM Changeset in webkit [205622] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r205294 - [GTK] Fix configuration without wayland support
https://bugs.webkit.org/show_bug.cgi?id=161475

WebKit2WaylandClientProtocol.c is a derived source that is created
conditionally on ENABLE_WAYLAND_TARGET. It was being included
in the sources list unconditionally, so configure failed whenever
wayland support was unavailable.

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-09-01
Reviewed by Žan Doberšek.

PlatformGTK.cmake: Include WebKit2WaylandClientProtocol.c in source list conditional on ENABLE_WAYLAND_TARGET

4:11 AM Changeset in webkit [205621] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205323 - Fix ENABLE(CSS_GRID_LAYOUT) guards harder after r205102/r205292

Unreviewed. Silence unused function warning.

css/CSSComputedStyleDeclaration.cpp:

4:11 AM Changeset in webkit [205620] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205292 - Unreviewed build fix after r205102.

The change made in r205102 caused compilation failures on
builds with the CSS_GRID_LAYOUT compilation flag disabled.

css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):
(WebCore::resolveJustifySelfAuto): Deleted.

css/CSSPropertyNames.in:
css/parser/CSSParser.cpp:

(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue):

3:55 AM Changeset in webkit [205619] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205291 - Fix the Mac cmake clean build issue
https://bugs.webkit.org/show_bug.cgi?id=157261

Patch by Fujii Hironori <Fujii Hironori> on 2016-09-01
Reviewed by Michael Catanzaro.

Building WebCoreDerivedSources target failed due to the race
condition with building ForwardingHeaders of JavaScriptCore.

CMakeLists.txt: Make WebCoreDerivedSources depends on JavaScriptCore.

3:28 AM Changeset in webkit [205618] by dino@apple.com

2 edits in trunk/Tools

Expose Apple Pencil input to testing system
https://bugs.webkit.org/show_bug.cgi?id=161670
<rdar://problem/28183327>

I fixed the internal builds, now try to fix the public builds.

WebKitTestRunner/ios/IOKitSPI.h: Add new enum values.

3:17 AM Changeset in webkit [205617] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205290 - FocusController should pass KeyboardEvent around by reference.
<https://webkit.org/b/161461>

Reviewed by Sam Weinig.

Clean up FocusController to pass KeyboardEvent& around internally.

Also make FocusController::setInitialFocus() synthesize a dummy KeyboardEvent
if one isn't provided, just like nextFocusableElement()/previousFocusableElement() does.
This way we can feel confident about dereferencing the formerly KeyboardEvent* everywhere.

page/EventHandler.cpp:

(WebCore::EventHandler::defaultArrowEventHandler):
(WebCore::EventHandler::defaultTabEventHandler):

page/FocusController.cpp:

(WebCore::isFocusableElementOrScopeOwner):
(WebCore::isNonFocusableScopeOwner):
(WebCore::isFocusableScopeOwner):
(WebCore::shadowAdjustedTabIndex):
(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):
(WebCore::FocusController::setInitialFocus):
(WebCore::FocusController::advanceFocus):
(WebCore::FocusController::advanceFocusInDocumentOrder):
(WebCore::FocusController::findFocusableElementAcrossFocusScope):
(WebCore::FocusController::findFocusableElementWithinScope):
(WebCore::FocusController::nextFocusableElementWithinScope):
(WebCore::FocusController::previousFocusableElementWithinScope):
(WebCore::FocusController::findFocusableElementOrScopeOwner):
(WebCore::FocusController::findElementWithExactTabIndex):
(WebCore::nextElementWithGreaterTabIndex):
(WebCore::previousElementWithLowerTabIndex):
(WebCore::FocusController::nextFocusableElement):
(WebCore::FocusController::previousFocusableElement):
(WebCore::FocusController::nextFocusableElementOrScopeOwner):
(WebCore::FocusController::previousFocusableElementOrScopeOwner):
(WebCore::FocusController::findFocusCandidateInContainer):
(WebCore::FocusController::advanceFocusDirectionallyInContainer):
(WebCore::FocusController::advanceFocusDirectionally):

page/FocusController.h:

3:15 AM Changeset in webkit [205616] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205286 - URTBF after r205161 to fix !ENABLE(WEB_TIMING) build.

bindings/js/JSPerformanceTimingCustom.cpp:

3:13 AM Changeset in webkit [205615] by Carlos Garcia Campos

10 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205283 - JITMathIC was misusing maxJumpReplacementSize
https://bugs.webkit.org/show_bug.cgi?id=161356
<rdar://problem/28065560>

Reviewed by Benjamin Poulain.

JITMathIC was assuming that maxJumpReplacementSize is the size
you'd get if you emitted a patchableJump() using the macro assembler.
This is not true, however. It happens to be true on arm64, x86 and x86-64,
however, it is not true on armv7. This patch introduces an alternative to
maxJumpReplacementSize called patchableJumpSize, and switches JITMathIC
to use that number instead.

assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::patchableJumpSize):
(JSC::ARM64Assembler::maxJumpReplacementSize): Deleted.

assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::patchableJumpSize):
(JSC::ARMv7Assembler::maxJumpReplacementSize): Deleted.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::patchableJumpSize):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::patchableJumpSize):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::patchableJumpSize):

assembler/X86Assembler.h:

(JSC::X86Assembler::patchableJumpSize):
(JSC::X86Assembler::maxJumpReplacementSize): Deleted.

jit/JITMathIC.h:

(JSC::JITMathIC::generateInline):

2:54 AM Changeset in webkit [205614] by Carlos Garcia Campos

18 edits in releases/WebKitGTK/webkit-2.14/Source

Merge r205282 - Clean up TextRun-related code
https://bugs.webkit.org/show_bug.cgi?id=161473

Reviewed by Simon Fraser.

Source/WebCore:

Some assorted cleanup, including:

Renaming "AllowTrailingExpansion | ForbidLeadingExpansion" to "DefaultExpansion"
Migrating from pointers to references
Migrating from ints to unsigneds
Using proper character names from CharacterNames.h
Simplifying CoreTextSPI.h

No new tests because there is no behavior change.

platform/graphics/TextRun.h:

(WebCore::TextRun::TextRun):

platform/graphics/mac/ComplexTextController.cpp:

(WebCore::TextLayout::isNeeded):
(WebCore::TextLayout::constructTextRun):

platform/spi/cocoa/CoreTextSPI.h:
platform/text/TextFlags.h:
rendering/RenderBlock.cpp:

(WebCore::RenderBlock::constructTextRun):

rendering/RenderBlock.h:
rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::computePreferredLogicalWidths):
(WebCore::RenderListMarker::getRelativeMarkerRect):

rendering/RenderMenuList.cpp:

(RenderMenuList::updateOptionsWidth):

rendering/RenderText.cpp:

(WebCore::RenderText::widthFromCache):
(WebCore::RenderText::trimmedPrefWidths):
(WebCore::hyphenWidth):
(WebCore::maxWordFragmentWidth):
(WebCore::RenderText::computePreferredLogicalWidths):
(WebCore::RenderText::width):

rendering/RenderText.h:
rendering/RenderThemeIOS.mm:
rendering/line/BreakingContext.h:

(WebCore::textWidth):
(WebCore::tryHyphenating):

rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::offsetForPositionInFragment):
(WebCore::SVGInlineTextBox::selectionRectForTextFragment):
(WebCore::SVGInlineTextBox::localSelectionRect):
(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paint):
(WebCore::SVGInlineTextBox::acquirePaintingResource):
(WebCore::SVGInlineTextBox::prepareGraphicsContextForTextPainting):
(WebCore::SVGInlineTextBox::constructTextRun):
(WebCore::SVGInlineTextBox::paintDecorationWithStyle):
(WebCore::SVGInlineTextBox::paintTextWithShadows):
(WebCore::SVGInlineTextBox::paintText):

rendering/svg/SVGInlineTextBox.h:

Source/WebKit/mac:

Remove unused #includes.

WebCoreSupport/WebDragClient.mm:
WebView/WebView.mm:

2:40 AM Changeset in webkit [205613] by Carlos Garcia Campos

20 edits
2 moves in releases/WebKitGTK/webkit-2.14/Source

Merge r205278 - [JSC] Add initiator parameter to module pipeline
https://bugs.webkit.org/show_bug.cgi?id=161470

Reviewed by Saam Barati.

Source/JavaScriptCore:

The fetching semantics of the <script type="module"> tag has per module-tag context.
For example, "nonce", "crossorigin" etc. attributes are shared in the fetching requests
issued from the module-tag. To transfer this information, we add a new parameter "initiator"
to the module loader pipeline. We are planning to transfer information by this parameter.

At the same time, we also perform some clean up.

Use arrow function in ModuleLoaderPrototype.js.
Rename "ResolveDependencies" to "Satisfy" to align to the loader spec.

builtins/ModuleLoaderPrototype.js:

(newRegistryEntry):
(commitInstantiated):
(requestFetch):
(requestTranslate):
(requestInstantiate):
(requestSatisfy):
(requestInstantiateAll):
(requestLink):
(moduleEvaluation):
(provide):
(loadAndEvaluateModule):
(requestResolveDependencies.): Deleted.
(requestResolveDependencies): Deleted.
(requestReady): Deleted.
(link): Deleted.
(loadModule): Deleted.
(linkAndEvaluateModule): Deleted.

bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):

bytecode/BytecodeIntrinsicRegistry.h:
jsc.cpp:

(GlobalObject::moduleLoaderResolve):
(GlobalObject::moduleLoaderFetch):

runtime/Completion.cpp:

(JSC::loadAndEvaluateModule):
(JSC::loadModule):
(JSC::linkAndEvaluateModule):

runtime/Completion.h:
runtime/JSGlobalObject.h:
runtime/JSModuleLoader.cpp:

(JSC::JSModuleLoader::loadAndEvaluateModule):
(JSC::JSModuleLoader::loadModule):
(JSC::JSModuleLoader::linkAndEvaluateModule):
(JSC::JSModuleLoader::resolve):
(JSC::JSModuleLoader::fetch):
(JSC::JSModuleLoader::translate):
(JSC::JSModuleLoader::instantiate):
(JSC::JSModuleLoader::evaluate):

runtime/JSModuleLoader.h:
runtime/ModuleLoaderPrototype.cpp:

(JSC::moduleLoaderPrototypeResolve):
(JSC::moduleLoaderPrototypeFetch):
(JSC::moduleLoaderPrototypeTranslate):
(JSC::moduleLoaderPrototypeInstantiate):
(JSC::moduleLoaderPrototypeEvaluate):

Source/WebCore:

No user-observable behavior change.

We rename JSModuleLoader to ScriptModuleLoader.
The name "JSModuleLoader" is misleading since it seems like this is a JS object.
"ModuleLoader" is not good since there is CSS modules.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
bindings/js/JSBindingsAllInOne.cpp:
bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::moduleLoaderResolve):
(WebCore::JSDOMWindowBase::moduleLoaderFetch):
(WebCore::JSDOMWindowBase::moduleLoaderEvaluate):

bindings/js/JSDOMWindowBase.h:
bindings/js/JSMainThreadExecState.h:

(WebCore::JSMainThreadExecState::loadModule):
(WebCore::JSMainThreadExecState::linkAndEvaluateModule):

bindings/js/JSModuleLoader.cpp:

(WebCore::JSModuleLoader::JSModuleLoader): Deleted.
(WebCore::JSModuleLoader::resolve): Deleted.
(WebCore::JSModuleLoader::fetch): Deleted.
(WebCore::JSModuleLoader::evaluate): Deleted.

bindings/js/JSModuleLoader.h:

(WebCore::JSModuleLoader::document): Deleted.

bindings/js/ScriptModuleLoader.cpp: Renamed from Source/WebCore/bindings/js/JSModuleLoader.cpp.

(WebCore::ScriptModuleLoader::ScriptModuleLoader):
(WebCore::ScriptModuleLoader::resolve):
(WebCore::ScriptModuleLoader::fetch):
(WebCore::ScriptModuleLoader::evaluate):

bindings/js/ScriptModuleLoader.h: Renamed from Source/WebCore/bindings/js/JSModuleLoader.h.

(WebCore::ScriptModuleLoader::document):

dom/Document.cpp:

(WebCore::Document::Document):

dom/Document.h:

(WebCore::Document::moduleLoader):

2:16 AM Changeset in webkit [205612] by Carlos Garcia Campos

5 edits
4 adds in releases/WebKitGTK/webkit-2.14

Merge r205277 - ASSERTION FAILED: !flow->layer() && !flow->isInlineElementContinuation() in WebCore::RenderBlock::addContinuationWithOutline
https://bugs.webkit.org/show_bug.cgi?id=151022
<rdar://problem/27710993>

Reviewed by Simon Fraser.

Source/WebCore:

Certain CSS properties like opacity, mask etc (graphical group members) require the layer to be a non-normal flow,
self painting layer so that we can manage painting properly. However in addition to those CSS properties, some of the will-change
values (again, graphical group members) also require the layer to be non-normal flow, self painting.
This patch ensures that when deciding whether a layer should be a normal flow layer, we take the will-change values into account as well.

Tests: compositing/layer-creation/assert-on-inline-element-with-will-change.html

compositing/layer-creation/will-change-on-normal-flow-content.html

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):

rendering/style/WillChangeData.cpp:

(WebCore::propertyCreatesGraphicalGroup):
(WebCore::WillChangeData::addFeature):

rendering/style/WillChangeData.h:

(WebCore::WillChangeData::canCreateGraphicalGroup):
(WebCore::WillChangeData::canTriggerCompositingOnInline): Deleted.

LayoutTests:

compositing/layer-creation/assert-on-inline-element-with-will-change-expected.txt: Added.
compositing/layer-creation/assert-on-inline-element-with-will-change.html: Added.
compositing/layer-creation/will-change-on-normal-flow-content-expected.txt: Added.
compositing/layer-creation/will-change-on-normal-flow-content.html: Added.

2:09 AM Changeset in webkit [205611] by pvollan@apple.com

4 edits in trunk/Source/JavaScriptCore

[Win64] Compile fixes.
https://bugs.webkit.org/show_bug.cgi?id=161682

Reviewed by Brent Fulgham.

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

jit/JITCall.cpp:

(JSC::JIT::compileOpCall):

runtime/ArrayConventions.cpp:

(JSC::clearArrayMemset):

2:08 AM Changeset in webkit [205610] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205276 - [JSC] linking and evaluating the modules are done in a sync manner
https://bugs.webkit.org/show_bug.cgi?id=161467

Reviewed by Saam Barati.

While the fetching and the other stages are done in an asynchronous manner,
linking and evaluating are done in a sync manner.
Just return the result value and do not wrap them with the internal promise.

builtins/ModuleLoaderPrototype.js:

(linkAndEvaluateModule):

runtime/Completion.cpp:

(JSC::linkAndEvaluateModule):

runtime/Completion.h:
runtime/JSModuleLoader.cpp:

(JSC::JSModuleLoader::linkAndEvaluateModule):

runtime/JSModuleLoader.h:

2:05 AM Changeset in webkit [205609] by Carlos Garcia Campos

7 edits
4 adds in releases/WebKitGTK/webkit-2.14

Merge r205268 - Web Inspector: XHR with text but responseType = "blob" shows blank content
https://bugs.webkit.org/show_bug.cgi?id=161422
<rdar://problem/28066869>

Reviewed by Brian Burg.

Source/WebCore:

Test: inspector/network/xhr-json-blob-has-content.html

When an XMLHttpRequest finished loading it was always setting the Inspector's
content for that load at the end. However, if the XHR was loading binary data
then it was passing an empty string to the inspector and overwriting the
data the inspector already had for the resource. Avoid this overwriting.

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::didFinishLoading):
When loading binary content we have no decoded text to send to the inspector.

inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didFinishXHRLoadingImpl):

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::didFinishXHRLoading):
Switch to an Optional string, and if it is not available don't
call through to the NetworkAgent expecting decoded text.

inspector/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::didFinishXHRLoading):

inspector/InspectorNetworkAgent.h:

Improve variable name.

LayoutTests:

inspector/network/resources/data.json: Added.
inspector/network/xhr-json-blob-has-content-expected.txt: Added.
inspector/network/xhr-json-blob-has-content.html: Added.

2:04 AM Changeset in webkit [205608] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.14

Merge r205267 - stress/random-53bit.js.ftl-no-cjit-no-inline-validate sometimes fails
https://bugs.webkit.org/show_bug.cgi?id=161436

Reviewed by Filip Pizlo.

JSTests:

The test checks Math.random() correctly produces 53bit random values.
The test can fail by design, but this should be fairly rare.

However, when introducing, we wrap the test() with 1e4 to ensure the FTL compilation, and this
increases the failure rate. By increasing the MAX in the test, we make the failures much more rare case.

And we also add getRandomSeed() and setRandomSeed(seed) JSC shell helpers to dump more useful information
and reproduce the situation easily.

stress/random-53bit.js:

(test):

Source/JavaScriptCore:

jsc.cpp:

(GlobalObject::finishCreation):
(functionGetRandomSeed):
(functionSetRandomSeed):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::weakRandom):
(JSC::JSGlobalObject::weakRandomInteger): Deleted.

1:46 AM Changeset in webkit [205607] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.14

Merge r205258 - Object.getPrototypeOf() should return null cross-origin
https://bugs.webkit.org/show_bug.cgi?id=161393

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Object.getPrototypeOf() should return null cross-origin:

Firefox and Chrome return null. However, WebKit was returning undefined.

runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):

LayoutTests:

Add layout test coverage.

http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
http/tests/security/cross-frame-access-object-getPrototypeOf.html:

1:23 AM Changeset in webkit [205606] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205254 - [JSC] AbstractValue can contain padding which is not zero-filled
https://bugs.webkit.org/show_bug.cgi?id=161427

Reviewed by Saam Barati.

We checked that AbstractValue is zero-filled when initializing it to ensure
that zero-filled memory can be used as the initialized AbstractValue.
However, since the size of SpeculatedType becomes 64bit, AbstractValue can have
padding now. And this padding is not ensured that it is initialized with zeros.
So debug assertion fails when building with GCC.

This patch changes the strategy. Instead of checking the initialized
AbstractValue is zero-filled, we ensure that zero-filled AbstractValue can be
considered to be equal to the initialized AbstractValue.

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::ensureCanInitializeWithZeros):

dfg/DFGAbstractValue.h:

(JSC::DFG::AbstractValue::AbstractValue):

1:23 AM Changeset in webkit [205605] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Revert "Unreviewed. Remove incorrect assert causing crashes in debug builds."

This reverts commit 6e6102ed50f641baac41e5f953a1b9118e030ebe.

1:19 AM Changeset in webkit [205604] by Carlos Garcia Campos

107 edits in releases/WebKitGTK/webkit-2.14/Source

Merge r205249 - DOM event handling should pass Event around by reference.
<https://webkit.org/b/161398>

Reviewed by Chris Dumez.

Source/WebCore:

Start with making Node::defaultEventHandler() take an Event& instead of an Event*,
and then spread out from there, propagating the referenceness.

dom/Element.cpp:

(WebCore::Element::isKeyboardFocusable):

dom/Element.h:
dom/EventDispatcher.cpp:

(WebCore::callDefaultEventHandlersInTheBubblingOrder):

dom/Node.cpp:

(WebCore::Node::dispatchDOMActivateEvent):
(WebCore::Node::defaultEventHandler):

dom/Node.h:
editing/Editor.cpp:

(WebCore::Editor::handleKeyboardEvent):
(WebCore::Editor::handleInputMethodKeydown):
(WebCore::Editor::handleTextEvent):

editing/Editor.h:
html/BaseCheckableInputType.cpp:

(WebCore::BaseCheckableInputType::handleKeydownEvent):
(WebCore::BaseCheckableInputType::handleKeypressEvent):

html/BaseCheckableInputType.h:
html/BaseChooserOnlyDateAndTimeInputType.cpp:

(WebCore::BaseChooserOnlyDateAndTimeInputType::handleDOMActivateEvent):
(WebCore::BaseChooserOnlyDateAndTimeInputType::handleKeydownEvent):
(WebCore::BaseChooserOnlyDateAndTimeInputType::handleKeypressEvent):
(WebCore::BaseChooserOnlyDateAndTimeInputType::handleKeyupEvent):

html/BaseChooserOnlyDateAndTimeInputType.h:
html/BaseClickableWithKeyInputType.cpp:

(WebCore::BaseClickableWithKeyInputType::handleKeydownEvent):
(WebCore::BaseClickableWithKeyInputType::handleKeypressEvent):
(WebCore::BaseClickableWithKeyInputType::handleKeyupEvent):

html/BaseClickableWithKeyInputType.h:
html/BaseDateAndTimeInputType.cpp:

(WebCore::BaseDateAndTimeInputType::isKeyboardFocusable):

html/BaseDateAndTimeInputType.h:
html/CheckboxInputType.cpp:

(WebCore::CheckboxInputType::handleKeyupEvent):

html/CheckboxInputType.h:
html/ColorInputType.cpp:

(WebCore::ColorInputType::handleDOMActivateEvent):

html/ColorInputType.h:
html/FileInputType.cpp:

(WebCore::FileInputType::handleDOMActivateEvent):

html/FileInputType.h:
html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::isKeyboardFocusable):
(WebCore::HTMLAnchorElement::defaultEventHandler):
(WebCore::HTMLAnchorElement::handleClick):
(WebCore::HTMLAnchorElement::eventType):
(WebCore::isEnterKeyKeydownEvent):

html/HTMLAnchorElement.h:
html/HTMLAreaElement.cpp:

(WebCore::HTMLAreaElement::isKeyboardFocusable):

html/HTMLAreaElement.h:
html/HTMLButtonElement.cpp:

(WebCore::HTMLButtonElement::defaultEventHandler):

html/HTMLButtonElement.h:
html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::isKeyboardFocusable):

html/HTMLFormControlElement.h:
html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::submitImplicitly):
(WebCore::submitElementFromEvent):
(WebCore::HTMLFormElement::validateInteractively):
(WebCore::HTMLFormElement::prepareForSubmission):

html/HTMLFormElement.h:
html/HTMLFrameOwnerElement.cpp:

(WebCore::HTMLFrameOwnerElement::isKeyboardFocusable):

html/HTMLFrameOwnerElement.h:
html/HTMLFrameSetElement.cpp:

(WebCore::HTMLFrameSetElement::defaultEventHandler):

html/HTMLFrameSetElement.h:
html/HTMLIFrameElement.h:
html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::isKeyboardFocusable):
(WebCore::HTMLInputElement::isTextFormControlKeyboardFocusable):
(WebCore::HTMLInputElement::willDispatchEvent):
(WebCore::HTMLInputElement::defaultEventHandler):

html/HTMLInputElement.h:
html/HTMLLabelElement.cpp:

(WebCore::HTMLLabelElement::defaultEventHandler):

html/HTMLLabelElement.h:
html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::defaultEventHandler):

html/HTMLLinkElement.h:
html/HTMLPlugInElement.cpp:

(WebCore::HTMLPlugInElement::defaultEventHandler):
(WebCore::HTMLPlugInElement::isKeyboardFocusable):

html/HTMLPlugInElement.h:
html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::defaultEventHandler):

html/HTMLPlugInImageElement.h:
html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::isKeyboardFocusable):
(WebCore::HTMLSelectElement::menuListDefaultEventHandler):
(WebCore::HTMLSelectElement::listBoxDefaultEventHandler):
(WebCore::HTMLSelectElement::defaultEventHandler):

html/HTMLSelectElement.h:
html/HTMLSummaryElement.cpp:

(WebCore::HTMLSummaryElement::defaultEventHandler):

html/HTMLSummaryElement.h:
html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::isKeyboardFocusable):
(WebCore::HTMLTextAreaElement::defaultEventHandler):
(WebCore::HTMLTextAreaElement::handleBeforeTextInsertedEvent):

html/HTMLTextAreaElement.h:
html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::forwardEvent):

html/HTMLTextFormControlElement.h:
html/ImageInputType.cpp:

(WebCore::ImageInputType::handleDOMActivateEvent):

html/ImageInputType.h:
html/InputType.cpp:

(WebCore::InputType::handleClickEvent):
(WebCore::InputType::handleMouseDownEvent):
(WebCore::InputType::handleDOMActivateEvent):
(WebCore::InputType::handleKeydownEvent):
(WebCore::InputType::handleKeypressEvent):
(WebCore::InputType::handleKeyupEvent):
(WebCore::InputType::handleBeforeTextInsertedEvent):
(WebCore::InputType::handleTouchEvent):
(WebCore::InputType::forwardEvent):
(WebCore::InputType::shouldSubmitImplicitly):
(WebCore::InputType::dispatchSimulatedClickIfActive):
(WebCore::InputType::isKeyboardFocusable):

html/InputType.h:
html/MediaDocument.cpp:

(WebCore::MediaDocument::defaultEventHandler):

html/MediaDocument.h:
html/NumberInputType.cpp:

(WebCore::NumberInputType::handleKeydownEvent):

html/NumberInputType.h:
html/RadioInputType.cpp:

(WebCore::RadioInputType::handleClickEvent):
(WebCore::RadioInputType::handleKeydownEvent):
(WebCore::RadioInputType::handleKeyupEvent):
(WebCore::RadioInputType::isKeyboardFocusable):

html/RadioInputType.h:
html/RangeInputType.cpp:

(WebCore::RangeInputType::handleMouseDownEvent):
(WebCore::RangeInputType::handleTouchEvent):
(WebCore::RangeInputType::handleKeydownEvent):

html/RangeInputType.h:
html/ResetInputType.cpp:

(WebCore::ResetInputType::handleDOMActivateEvent):

html/ResetInputType.h:
html/SearchInputType.cpp:

(WebCore::SearchInputType::handleKeydownEvent):

html/SearchInputType.h:
html/SubmitInputType.cpp:

(WebCore::SubmitInputType::handleDOMActivateEvent):

html/SubmitInputType.h:
html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::isKeyboardFocusable):
(WebCore::TextFieldInputType::handleKeydownEvent):
(WebCore::TextFieldInputType::handleKeydownEventForSpinButton):
(WebCore::TextFieldInputType::forwardEvent):
(WebCore::TextFieldInputType::shouldSubmitImplicitly):
(WebCore::TextFieldInputType::handleBeforeTextInsertedEvent):

html/TextFieldInputType.h:
html/shadow/AutoFillButtonElement.cpp:

(WebCore::AutoFillButtonElement::defaultEventHandler):

html/shadow/AutoFillButtonElement.h:
html/shadow/MediaControlElementTypes.cpp:

(WebCore::MediaControlMuteButtonElement::defaultEventHandler):
(WebCore::MediaControlSeekButtonElement::defaultEventHandler):
(WebCore::MediaControlVolumeSliderElement::defaultEventHandler):

html/shadow/MediaControlElementTypes.h:
html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlPanelElement::defaultEventHandler):
(WebCore::MediaControlVolumeSliderContainerElement::defaultEventHandler):
(WebCore::MediaControlPanelMuteButtonElement::defaultEventHandler):
(WebCore::MediaControlPlayButtonElement::defaultEventHandler):
(WebCore::MediaControlOverlayPlayButtonElement::defaultEventHandler):
(WebCore::MediaControlRewindButtonElement::defaultEventHandler):
(WebCore::MediaControlReturnToRealtimeButtonElement::defaultEventHandler):
(WebCore::MediaControlToggleClosedCaptionsButtonElement::defaultEventHandler):
(WebCore::MediaControlClosedCaptionsTrackListElement::defaultEventHandler):
(WebCore::MediaControlTimelineElement::defaultEventHandler):
(WebCore::MediaControlFullscreenButtonElement::defaultEventHandler):
(WebCore::MediaControlFullscreenVolumeMinButtonElement::defaultEventHandler):
(WebCore::MediaControlFullscreenVolumeMaxButtonElement::defaultEventHandler):

html/shadow/MediaControlElements.h:
html/shadow/MediaControls.cpp:

(WebCore::MediaControls::defaultEventHandler):
(WebCore::MediaControls::containsRelatedTarget):

html/shadow/MediaControls.h:
html/shadow/MediaControlsApple.cpp:

(WebCore::MediaControlsApple::defaultEventHandler):
(WebCore::MediaControlsApple::handleClickEvent):
(WebCore::MediaControlsAppleEventListener::handleEvent):

html/shadow/MediaControlsApple.h:
html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::defaultEventHandler):
(WebCore::SliderThumbElement::handleTouchStart):
(WebCore::SliderThumbElement::handleTouchMove):
(WebCore::SliderThumbElement::handleTouchEndAndCancel):
(WebCore::SliderThumbElement::handleTouchEvent):

html/shadow/SliderThumbElement.h:
html/shadow/SpinButtonElement.cpp:

(WebCore::SpinButtonElement::defaultEventHandler):
(WebCore::SpinButtonElement::forwardEvent):

html/shadow/SpinButtonElement.h:
html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerTextElement::defaultEventHandler):
(WebCore::SearchFieldResultsButtonElement::defaultEventHandler):
(WebCore::SearchFieldCancelButtonElement::defaultEventHandler):

html/shadow/TextControlInnerElements.h:
html/shadow/mac/ImageControlsButtonElementMac.cpp:

(WebCore::ImageControlsButtonElementMac::defaultEventHandler):

html/shadow/mac/ImageControlsButtonElementMac.h:
loader/FrameLoader.cpp:

(WebCore::FrameLoader::dispatchBeforeUnloadEvent):

mathml/MathMLElement.cpp:

(WebCore::MathMLElement::defaultEventHandler):
(WebCore::MathMLElement::isKeyboardFocusable):

mathml/MathMLElement.h:
mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::defaultEventHandler):

mathml/MathMLSelectElement.h:
page/EventHandler.cpp:

(WebCore::didScrollInScrollableArea):
(WebCore::handleWheelEventInAppropriateEnclosingBox):
(WebCore::EventHandler::defaultWheelEventHandler):
(WebCore::EventHandler::keyEvent):
(WebCore::handleKeyboardSelectionMovement):
(WebCore::EventHandler::handleKeyboardSelectionMovementForAccessibility):
(WebCore::EventHandler::defaultKeyboardEventHandler):
(WebCore::EventHandler::defaultTextInputEventHandler):
(WebCore::EventHandler::defaultSpaceEventHandler):
(WebCore::EventHandler::defaultBackspaceEventHandler):
(WebCore::EventHandler::defaultArrowEventHandler):
(WebCore::EventHandler::defaultTabEventHandler):

page/EventHandler.h:
page/FocusController.cpp:

(WebCore::isFocusableElementOrScopeOwner):
(WebCore::isNonFocusableScopeOwner):
(WebCore::isFocusableScopeOwner):
(WebCore::FocusController::advanceFocusInDocumentOrder):
(WebCore::FocusController::findFocusCandidateInContainer):

rendering/RenderFrameSet.cpp:

(WebCore::RenderFrameSet::userResize):

rendering/RenderFrameSet.h:
svg/SVGAElement.cpp:

(WebCore::SVGAElement::defaultEventHandler):
(WebCore::SVGAElement::isKeyboardFocusable):

svg/SVGAElement.h:

Source/WebKit2:

WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performNonEditingBehaviorForSelector):

1:00 AM Changeset in webkit [205603] by Carlos Garcia Campos

3 edits
4 adds in releases/WebKitGTK/webkit-2.14

Merge r205246 - REGRESSION (r201701): Unable to copy from CodeMirror editor version used in Jenkins install website
https://bugs.webkit.org/show_bug.cgi?id=161386
<rdar://problem/27590077>

Reviewed by Dan Bernstein.

Source/WebCore:

This CodeMirror version uses a hidden <textarea> to implement copy/paste. The textarea has width:1px; border-width:1px.
Jenkins page has also has a stylesheet that contains * { box-sizing:border-box } and as a result the textarea content
width gets computed as 0. With r201701 we use content size instead of box size for clipping and the textarea content is
(correctly) considered invisible.

Add a quirk that allows this to continue working.

Test: editing/text-iterator/hidden-textarea-selection-quirk.html

editing/TextIterator.cpp:

(WebCore::fullyClipsContents):

LayoutTests:

editing/text-iterator/hidden-textarea-selection-quirk-expected.txt: Added.
editing/text-iterator/hidden-textarea-selection-quirk.html: Added.
platform/ios-simulator/editing/text-iterator/hidden-textarea-selection-quirk-expected.txt: Added.

textarea.select() doesn't select the text content on iOS.

12:58 AM Changeset in webkit [205602] by Carlos Garcia Campos

11 edits
1 copy in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r205218 - Make PendingScript as ref-counted
https://bugs.webkit.org/show_bug.cgi?id=161350

Reviewed by Ryosuke Niwa.

Currently, while PendingScript is copyable, PendingScript is also CachedResourceClient.
So when copying this, the client registration is done in PendingScript's operator= etc.
However, this copying functionality is not effectively used.
In this patch, we change this PendingScript to ref-counted class and make it noncopyable.
This change makes things simple (dropping this copying functionality), and drops unnecessary
addClient / removeClient calls. And we also simplify PendingScript class. Since we can offer
all the members at the construction time, we do not need any setters like setCachedScript,
setElement etc. This prevents us from accidentally generating the half-baked pending script.

Furthermore, by changing PendingScript noncopyable & ref-counted, we easily make it
observable. In this patch, we add PendingScriptClient to receive the notification from
PendingScript. Previously, we directly used CachedScript in PendingScript to receive the
notification. When introducing ScriptModuleGraph and making this PendingScript the container
of the both CachedScript and ScriptModuleGraph, hiding the raw CachedScript operations is
useful.

No behavior changes.

WebCore.xcodeproj/project.pbxproj:
dom/PendingScript.cpp:

(WebCore::PendingScript::create): These factory functions take all the information needed
to construct the PendingScript. So the setters of PendingScript are dropped. This is better
since we now do not expose any half-baked pending script accidentally.
(WebCore::PendingScript::PendingScript):
(WebCore::PendingScript::~PendingScript):
(WebCore::PendingScript::notifyClientFinished):
(WebCore::PendingScript::notifyFinished):
(WebCore::PendingScript::isLoaded): When introducing ScriptModuleGraph, this will query to
either CachedScript or ScriptModuleGraph. PendingScript will become the container for the
both types.
(WebCore::PendingScript::setClient):
(WebCore::PendingScript::clearClient): PendingScript is now observable by PendingScriptClient.
This avoids touching CachedScript in PendingScript directly. That is good when we introduce
ScriptModuleGraph and make PendingScript the container of the both CachedScript and ScriptModuleGraph.
(WebCore::PendingScript::releaseElementAndClear): Deleted. Previously, PendingScript is not ref-counted.
So when we would like to say "this pending script is empty", we used the pending script with
m_element = nullptr. This releaseElementAndClear cleared this m_element and made the pending
script empty. Now, we use RefPtr<PendingScript> and empty one is just represented by the nullptr.
This function is no longer necessary. Dropped.
(WebCore::PendingScript::setCachedScript): Deleted. The fields are set in the constructor.
So this setter is no longer necessary. Dropped.

dom/PendingScript.h:
dom/PendingScriptClient.h: Copied from Source/WebCore/html/parser/HTMLScriptRunnerHost.h.

(WebCore::PendingScriptClient::~PendingScriptClient):

dom/ScriptRunner.cpp:

(WebCore::ScriptRunner::queueScriptForExecution):
(WebCore::ScriptRunner::notifyScriptReady):
(WebCore::ScriptRunner::timerFired): We use std::exchange to retrieve the RefPtr<PendingScript>
and make the original vector element nullptr. Without this, all the PendingScript is held until
the iteration finishes. We keep the original semantics here that the pending script can be
released per iteration.

dom/ScriptRunner.h:
html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::watchForLoad):
(WebCore::HTMLDocumentParser::stopWatchingForLoad): Use PendingScript instead of touching
CachedScript directly.
(WebCore::HTMLDocumentParser::notifyFinished):

html/parser/HTMLDocumentParser.h:
html/parser/HTMLScriptRunner.cpp:

(WebCore::HTMLScriptRunner::~HTMLScriptRunner):
(WebCore::HTMLScriptRunner::sourceFromPendingScript):
(WebCore::HTMLScriptRunner::isPendingScriptReady):
(WebCore::HTMLScriptRunner::executeParsingBlockingScript):
(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent): As the previous comment describes,
we used releaseElementAndClear to make the current pending script empty. Instead of doing so, we now
explicitly clear executeParsingBlockingScript (by assigning nullptr to m_parserBlockingScript).
(WebCore::HTMLScriptRunner::watchForLoad):
(WebCore::HTMLScriptRunner::stopWatchingForLoad): Previously, we used CachedScript::addClient directly
in the m_host.watchForLoad. This means that we did not have a quick way to query whether the pending
script is watched. In the old implementation, we have the m_watchingForLoad : bool flag in PendingScript
to hold the watching status for the given pending script. This pendingScript.setWatchingForLoad(true)
just made this flag true. But now, we do not use CachedScript::addClient directly. Instead, we have
the PendingScriptClient and PendingScript::{setClient,clearClient}. We can know whether this pending
script is watched by checking m_client != nullptr. This makes m_watchingForLoad unnecessary.
So this patch drops m_watchingForLoad and pendingScript.setWatchingForLoad(true) call.
(WebCore::HTMLScriptRunner::hasParserBlockingScript):
(WebCore::HTMLScriptRunner::executeParsingBlockingScripts): We clear the m_parserBlockingScript here
instead of the middle of the executePendingScriptAndDispatchEvent.
(WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad):
(WebCore::HTMLScriptRunner::executeScriptsWaitingForParsing):
(WebCore::requestPendingScript):
(WebCore::HTMLScriptRunner::requestParsingBlockingScript): Setting m_parsingBlockingScript is now done
in this caller side.
(WebCore::HTMLScriptRunner::requestDeferredScript):
(WebCore::HTMLScriptRunner::runScript):
(WebCore::HTMLScriptRunner::requestPendingScript): Instead of configuring the passed PendingScript&,
we return the pending script and the caller sets it to m_parserBlockingScript or holds it. And we now
change this function to static location one and drop the member function. Previously, we always make
PendingScript& valid by always calling setElement(...). I think this is the bug since we accidentally
exposed the half-baked pending script. But this bug is not shown since !cachedScript path is dead code!
This requestPendingScript is called from two places, requestDeferredScript and requestParsingBlockingScript.
And these functions are called if the script has willBeParserExecuted flag. In the case of the script
tag having "src" attribute, this flag is only set if cachedScript is correctly instantiated. So when
these functions are called, we can ensure that cachedScript is correctly instantiated for the given script.
In the case of the script tag not having "src" attribute, these functions are won't be called. This is
because if such a script tag has willBeParserExecuted flag, it also has m_readyToBeParserExecuted
and it does not have m_willExecuteWhenDocumentFinishedParsing flag, and in that case the both
functions are never called. So we drop that path and insert the assertion to ensure the above conditions.

html/parser/HTMLScriptRunner.h:
html/parser/HTMLScriptRunnerHost.h:

12:57 AM Changeset in webkit [205601] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205216 - [JSC] Some arith nodes are too pessimistic with the types supported on the fast path
https://bugs.webkit.org/show_bug.cgi?id=161410

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-08-30
Reviewed by Geoffrey Garen.

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
DoubleRep is able to convert numbers, undefined, booleans and null.
I was too pessimistic when I gated the double implementations
on number-or-boolean speculation. We can just let DoubleRep convert
the other cases as long as it is not a Cell.

12:56 AM Changeset in webkit [205600] by Carlos Garcia Campos

4 edits
1 copy in releases/WebKitGTK/webkit-2.14/Source/bmalloc

Merge r205210 - bmalloc: speed up the lock slow path
https://bugs.webkit.org/show_bug.cgi?id=161058

Unreviewed roll-in - with regression fixed.

Revert to using yield() instead of swtch() because very low priority
background tasks can cause priority inversion and deadlock. In the
network process, that happened with com.apple.WebKit.Cache.Storage.serialBackground.

Still a big speedup on MallocBench.

bmalloc.xcodeproj/project.pbxproj:
bmalloc/ScopeExit.h: Added.

(bmalloc::ScopeExit::ScopeExit):
(bmalloc::ScopeExit::~ScopeExit):
(bmalloc::makeScopeExit):

bmalloc/StaticMutex.cpp:

(bmalloc::StaticMutex::lockSlowCase):

bmalloc/StaticMutex.h:

(bmalloc::StaticMutex::init):

12:50 AM Changeset in webkit [205599] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.14

Merge r205205 - Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object
https://bugs.webkit.org/show_bug.cgi?id=161396

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object:

Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message.

Note that technically, we should also throw in the same origin case.
However, not all browsers agree on this yet so I haven't not changed
the behavior for the same origin case.

runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):

LayoutTests:

Update / rebaseline existing test to reflect behavior change.

http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
http/tests/security/cross-frame-access-object-setPrototypeOf.html:

12:45 AM Changeset in webkit [205598] by pvollan@apple.com

4 edits in trunk

[Win] Exception fuzz tests fail
https://bugs.webkit.org/show_bug.cgi?id=140928

Reviewed by Mark Lam.

JSTests:

Unskip tests.

exceptionFuzz.yaml:

Source/JavaScriptCore:

Flush stdout when throwing the exception to make sure the output comes before output in the exception handler.
The tests depend on the output to stdout being written in the correct order.

runtime/ExceptionFuzz.cpp:

(JSC::doExceptionFuzzing):

12:44 AM Changeset in webkit [205597] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r205204 - [JSC] Clean up the remaining compare nodes in FTLCapabilities
https://bugs.webkit.org/show_bug.cgi?id=161400

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-08-30
Reviewed by Geoffrey Garen.

It looks like we implemented all the cases without realizing it.

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compare):

12:44 AM Changeset in webkit [205596] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.14

Merge r205200 - Delete? should throw for cross-origin Window / Location objects
https://bugs.webkit.org/show_bug.cgi?id=161397

Reviewed by Ryosuke Niwa.

Source/WebCore:

Delete? should throw for cross-origin Window / Location objects:

https://github.com/whatwg/html/pull/1728

Firefox and Chrome already throw. Previously, WebKit was merely
ignoring the call and logging an error message.

No new tests, updated existing test.

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::deleteProperty):
(WebCore::JSDOMWindow::deletePropertyByIndex):

bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::deleteProperty):
(WebCore::JSLocation::deletePropertyByIndex):

LayoutTests:

Update / rebaseline existing test to reflect behavior change.

http/tests/security/cross-frame-access-delete-expected.txt:
http/tests/security/cross-frame-access-delete.html:
http/tests/security/resources/cross-frame-iframe-for-delete-test.html:

12:44 AM Changeset in webkit [205595] by Carlos Garcia Campos

204 edits
1 copy
2 adds in releases/WebKitGTK/webkit-2.14/Source

Merge r205198 - Introduce the ThrowScope and force every throw site to instantiate a ThrowScope.
https://bugs.webkit.org/show_bug.cgi?id=161171

Reviewed by Filip Pizlo and Geoffrey Garen.

Source/JavaScriptCore:

This is the first step towards having a mechanism (using the ThrowScope) to
verify that we're properly checking for exceptions in all the needed places.
See comments at the top of ThrowScope.cpp for details on how the ThrowScope works.

This patch only introduces the ThrowScope, and changes all throw sites to throw
using a ThrowScope instance. VM::throwException() functions are now private, and
cannot be accessed directly. All throws must now go through a ThrowScope.

Verification is disabled for the moment until we can fix all the verification
failures that will show up.

I also did a smoke test of the ThrowScope mechanisms by running verification on
the JSTests/stress/op-add-exceptions.js test with a local build with verification
turned on.

Performance is neutral on aggregate with this patch.

Misc other changes:

deleted the unused CALL_THROW() macro from LLIntSlowPaths.cpp.
moved createListFromArrayLike() from JSObject.h to JSObjectInlines.h.

API/APICallbackFunction.h:

(JSC::APICallbackFunction::call):
(JSC::APICallbackFunction::construct):

API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
(JSC::JSCallbackObject<Parent>::defaultValue):
(JSC::JSCallbackObject<Parent>::put):
(JSC::JSCallbackObject<Parent>::putByIndex):
(JSC::JSCallbackObject<Parent>::deleteProperty):
(JSC::JSCallbackObject<Parent>::construct):
(JSC::JSCallbackObject<Parent>::customHasInstance):
(JSC::JSCallbackObject<Parent>::call):
(JSC::JSCallbackObject<Parent>::getStaticValue):
(JSC::JSCallbackObject<Parent>::staticFunctionGetter):
(JSC::JSCallbackObject<Parent>::callbackGetter):

API/JSTypedArray.cpp:

(createTypedArray):

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGOperations.cpp:

(JSC::DFG::newTypedArrayWithSize):

inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):

inspector/JSInjectedScriptHostPrototype.cpp:

(Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
(Inspector::jsInjectedScriptHostPrototypeFunctionInternalConstructorName):
(Inspector::jsInjectedScriptHostPrototypeFunctionIsHTMLAllCollection):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapSize):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetSize):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionIteratorEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionEvaluateWithScopeExtension):
(Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
(Inspector::jsInjectedScriptHostPrototypeFunctionFunctionDetails):
(Inspector::jsInjectedScriptHostPrototypeFunctionGetInternalProperties):

inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):

inspector/JSJavaScriptCallFramePrototype.cpp:

(Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluateWithScopeExtension):
(Inspector::jsJavaScriptCallFramePrototypeFunctionScopeDescriptions):
(Inspector::jsJavaScriptCallFrameAttributeCaller):
(Inspector::jsJavaScriptCallFrameAttributeSourceID):
(Inspector::jsJavaScriptCallFrameAttributeLine):
(Inspector::jsJavaScriptCallFrameAttributeColumn):
(Inspector::jsJavaScriptCallFrameAttributeFunctionName):
(Inspector::jsJavaScriptCallFrameAttributeScopeChain):
(Inspector::jsJavaScriptCallFrameAttributeThisObject):
(Inspector::jsJavaScriptCallFrameAttributeType):
(Inspector::jsJavaScriptCallFrameIsTailDeleted):

interpreter/CachedCall.h:

(JSC::CachedCall::CachedCall):

interpreter/Interpreter.cpp:

(JSC::eval):
(JSC::sizeOfVarargs):
(JSC::sizeFrameForForwardArguments):
(JSC::sizeFrameForVarargs):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):

jit/JITOperations.cpp:
jsc.cpp:

(WTF::CustomGetter::customGetter):
(WTF::RuntimeArray::lengthGetter):
(functionCreateElement):
(functionRun):
(functionRunString):
(functionLoad):
(functionLoadString):
(functionReadFile):
(functionCheckSyntax):
(functionTransferArrayBuffer):
(functionLoadModule):
(functionCheckModuleSyntax):
(functionSamplingProfilerStackTraces):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::getByVal):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):
(JSC::LLInt::llint_throw_stack_overflow_error):

runtime/ArrayConstructor.cpp:

(JSC::constructArrayWithSizeQuirk):

runtime/ArrayConstructor.h:

(JSC::isArray):

runtime/ArrayPrototype.cpp:

(JSC::shift):
(JSC::unshift):
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncSplice):
(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncConcatMemcpy):

runtime/BooleanPrototype.cpp:

(JSC::booleanProtoFuncToString):
(JSC::booleanProtoFuncValueOf):

runtime/CommonSlowPaths.cpp:
runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::opIn):

runtime/CommonSlowPathsExceptions.cpp:

(JSC::CommonSlowPaths::interpreterThrowInCaller):

runtime/ConstructData.cpp:

(JSC::construct):

runtime/DatePrototype.cpp:

(JSC::formateDateInstance):
(JSC::dateProtoFuncToISOString):
(JSC::dateProtoFuncToLocaleString):
(JSC::dateProtoFuncToLocaleDateString):
(JSC::dateProtoFuncToLocaleTimeString):
(JSC::dateProtoFuncToPrimitiveSymbol):
(JSC::dateProtoFuncGetTime):
(JSC::dateProtoFuncGetFullYear):
(JSC::dateProtoFuncGetUTCFullYear):
(JSC::dateProtoFuncGetMonth):
(JSC::dateProtoFuncGetUTCMonth):
(JSC::dateProtoFuncGetDate):
(JSC::dateProtoFuncGetUTCDate):
(JSC::dateProtoFuncGetDay):
(JSC::dateProtoFuncGetUTCDay):
(JSC::dateProtoFuncGetHours):
(JSC::dateProtoFuncGetUTCHours):
(JSC::dateProtoFuncGetMinutes):
(JSC::dateProtoFuncGetUTCMinutes):
(JSC::dateProtoFuncGetSeconds):
(JSC::dateProtoFuncGetUTCSeconds):
(JSC::dateProtoFuncGetMilliSeconds):
(JSC::dateProtoFuncGetUTCMilliseconds):
(JSC::dateProtoFuncGetTimezoneOffset):
(JSC::dateProtoFuncSetTime):
(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):
(JSC::dateProtoFuncSetYear):
(JSC::dateProtoFuncGetYear):
(JSC::dateProtoFuncToJSON):

runtime/Error.cpp:

(JSC::throwConstructorCannotBeCalledAsFunctionTypeError):
(JSC::throwTypeError):
(JSC::throwSyntaxError):

runtime/Error.h:

(JSC::throwRangeError):
(JSC::throwVMError):
(JSC::throwVMTypeError):
(JSC::throwVMRangeError):
(JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
(JSC::StrictModeTypeErrorFunction::callThrowTypeError):

runtime/ErrorPrototype.cpp:

(JSC::errorProtoFuncToString):

runtime/ExceptionFuzz.cpp:

(JSC::doExceptionFuzzing):

runtime/ExceptionHelpers.cpp:

(JSC::throwOutOfMemoryError):
(JSC::throwStackOverflowError):
(JSC::throwTerminatedExecutionException):

runtime/ExceptionHelpers.h:
runtime/Executable.cpp:

(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::EvalExecutable::create):

runtime/FunctionConstructor.cpp:

(JSC::constructFunction):
(JSC::constructFunctionSkippingEvalEnabledCheck):

runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):
(JSC::functionProtoFuncBind):

runtime/GetterSetter.cpp:

(JSC::callSetter):

runtime/IntlCollator.cpp:

(JSC::IntlCollator::compareStrings):

runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototypeGetterCompare):
(JSC::IntlCollatorPrototypeFuncResolvedOptions):

runtime/IntlDateTimeFormat.cpp:

(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
(JSC::IntlDateTimeFormat::format):

runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototypeGetterFormat):
(JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):

runtime/IntlNumberFormat.cpp:

(JSC::IntlNumberFormat::initializeNumberFormat):
(JSC::IntlNumberFormat::formatNumber):

runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototypeGetterFormat):
(JSC::IntlNumberFormatPrototypeFuncResolvedOptions):

runtime/IntlObject.cpp:

(JSC::intlStringOption):
(JSC::intlNumberOption):
(JSC::canonicalizeLocaleList):
(JSC::lookupSupportedLocales):

runtime/IteratorOperations.cpp:

(JSC::iteratorNext):
(JSC::iteratorClose):
(JSC::createIteratorResultObject):
(JSC::iteratorForIterable):

runtime/JSArray.cpp:

(JSC::JSArray::defineOwnProperty):
(JSC::JSArray::put):
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::push):
(JSC::JSArray::unshiftCountWithArrayStorage):
(JSC::JSArray::unshiftCountWithAnyIndexingType):

runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):
(JSC::callArrayBuffer):

runtime/JSArrayBufferPrototype.cpp:

(JSC::arrayBufferProtoFuncSlice):

runtime/JSCInlines.h:
runtime/JSCJSValue.cpp:

(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):
(JSC::JSValue::toStringSlowCase):

runtime/JSCJSValueInlines.h:

(JSC::toPreferredPrimitiveType):
(JSC::JSValue::requireObjectCoercible):

runtime/JSDataView.cpp:

(JSC::JSDataView::create):

runtime/JSDataViewPrototype.cpp:

(JSC::getData):
(JSC::setData):
(JSC::dataViewProtoGetterBuffer):
(JSC::dataViewProtoGetterByteLength):
(JSC::dataViewProtoGetterByteOffset):

runtime/JSFunction.cpp:

(JSC::callHostFunctionAsConstructor):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):

runtime/JSGenericTypedArrayView.h:

(JSC::JSGenericTypedArrayView::setIndex):

runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewFromIterator):
(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::constructGenericTypedArrayView):
(JSC::callGenericTypedArrayView):

runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::create):
(JSC::JSGenericTypedArrayView<Adaptor>::createUninitialized):
(JSC::JSGenericTypedArrayView<Adaptor>::validateRange):
(JSC::JSGenericTypedArrayView<Adaptor>::throwNeuteredTypedArrayTypeError):

runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncCopyWithin):
(JSC::genericTypedArrayViewProtoFuncIncludes):
(JSC::genericTypedArrayViewProtoFuncIndexOf):
(JSC::genericTypedArrayViewProtoFuncJoin):
(JSC::genericTypedArrayViewProtoFuncLastIndexOf):
(JSC::genericTypedArrayViewProtoGetterFuncBuffer):
(JSC::genericTypedArrayViewProtoGetterFuncLength):
(JSC::genericTypedArrayViewProtoGetterFuncByteLength):
(JSC::genericTypedArrayViewProtoGetterFuncByteOffset):
(JSC::genericTypedArrayViewProtoFuncReverse):
(JSC::genericTypedArrayViewPrivateFuncSort):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::encode):
(JSC::decode):
(JSC::globalFuncEval):
(JSC::globalFuncThrowTypeError):
(JSC::globalFuncThrowTypeErrorArgumentsCalleeAndCaller):
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):

runtime/JSModuleEnvironment.cpp:

(JSC::JSModuleEnvironment::put):

runtime/JSModuleNamespaceObject.cpp:

(JSC::JSModuleNamespaceObject::getOwnPropertySlot):
(JSC::JSModuleNamespaceObject::put):
(JSC::JSModuleNamespaceObject::putByIndex):
(JSC::JSModuleNamespaceObject::defineOwnProperty):
(JSC::moduleNamespaceObjectSymbolIterator):

runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::getModuleNamespace):
(JSC::JSModuleRecord::link):
(JSC::JSModuleRecord::instantiateDeclarations):

runtime/JSONObject.cpp:

(JSC::Stringifier::appendStringifiedValue):
(JSC::Walker::walk):
(JSC::JSONProtoFuncParse):
(JSC::JSONProtoFuncStringify):

runtime/JSObject.cpp:

(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::callToPrimitiveFunction):
(JSC::JSObject::ordinaryToPrimitive):
(JSC::JSObject::hasInstance):
(JSC::JSObject::defaultHasInstance):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::validateAndApplyPropertyDescriptor):
(JSC::JSObject::getMethod):

runtime/JSObject.h:

(JSC::createListFromArrayLike): Deleted.

runtime/JSObjectInlines.h:

(JSC::createListFromArrayLike):
(JSC::JSObject::putInline):

runtime/JSPromiseConstructor.cpp:

(JSC::constructPromise):
(JSC::callPromise):

runtime/JSPropertyNameIterator.cpp:

(JSC::propertyNameIteratorFuncNext):

runtime/JSString.cpp:

(JSC::JSRopeString::outOfMemory):

runtime/JSStringBuilder.h:

(JSC::JSStringBuilder::build):
(JSC::jsMakeNontrivialString):

runtime/JSStringJoiner.cpp:

(JSC::JSStringJoiner::joinedLength):
(JSC::JSStringJoiner::join):

runtime/JSStringJoiner.h:

(JSC::JSStringJoiner::JSStringJoiner):

runtime/JSSymbolTableObject.h:

(JSC::symbolTablePut):

runtime/JSTypedArrayViewConstructor.cpp:

(JSC::constructTypedArrayView):

runtime/JSTypedArrayViewPrototype.cpp:

(JSC::typedArrayViewPrivateFuncLength):
(JSC::typedArrayViewPrivateFuncSort):
(JSC::typedArrayViewProtoFuncSet):
(JSC::typedArrayViewProtoFuncCopyWithin):
(JSC::typedArrayViewProtoFuncIncludes):
(JSC::typedArrayViewProtoFuncLastIndexOf):
(JSC::typedArrayViewProtoFuncIndexOf):
(JSC::typedArrayViewProtoFuncJoin):
(JSC::typedArrayViewProtoGetterFuncBuffer):
(JSC::typedArrayViewProtoGetterFuncLength):
(JSC::typedArrayViewProtoGetterFuncByteLength):
(JSC::typedArrayViewProtoGetterFuncByteOffset):
(JSC::typedArrayViewProtoFuncReverse):
(JSC::typedArrayViewPrivateFuncSubarrayCreate):
(JSC::typedArrayViewProtoFuncSlice):

runtime/MapConstructor.cpp:

(JSC::callMap):
(JSC::constructMap):

runtime/MapDataInlines.h:

(JSC::JSIterator>::ensureSpaceForAppend):

runtime/MapIteratorPrototype.cpp:

(JSC::MapIteratorPrototypeFuncNext):

runtime/MapPrototype.cpp:

(JSC::getMap):
(JSC::mapProtoFuncValues):
(JSC::mapProtoFuncEntries):
(JSC::mapProtoFuncKeys):

runtime/ModuleLoaderPrototype.cpp:

(JSC::moduleLoaderPrototypeParseModule):

runtime/NullSetterFunction.cpp:

(JSC::callReturnUndefined):

runtime/NumberPrototype.cpp:

(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
(JSC::numberProtoFuncToLocaleString):
(JSC::numberProtoFuncValueOf):

runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):
(JSC::toPropertyDescriptor):
(JSC::objectConstructorDefineProperty):
(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncToString):

runtime/Operations.h:

(JSC::jsString):
(JSC::jsStringFromRegisterArray):
(JSC::jsStringFromArguments):

runtime/ProxyConstructor.cpp:

(JSC::makeRevocableProxy):
(JSC::proxyRevocableConstructorThrowError):
(JSC::constructProxyObject):
(JSC::callProxy):

runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):

runtime/ReflectObject.cpp:

(JSC::reflectObjectConstruct):
(JSC::reflectObjectDefineProperty):
(JSC::reflectObjectEnumerate):
(JSC::reflectObjectGet):
(JSC::reflectObjectGetOwnPropertyDescriptor):
(JSC::reflectObjectGetPrototypeOf):
(JSC::reflectObjectIsExtensible):
(JSC::reflectObjectOwnKeys):
(JSC::reflectObjectPreventExtensions):
(JSC::reflectObjectSet):
(JSC::reflectObjectSetPrototypeOf):

runtime/RegExpConstructor.cpp:

(JSC::toFlags):
(JSC::regExpCreate):

runtime/RegExpObject.cpp:

(JSC::collectMatches):

runtime/RegExpObject.h:

(JSC::RegExpObject::setLastIndex):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTestFast):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncMatchFast):
(JSC::regExpProtoFuncCompile):
(JSC::regExpProtoFuncToString):
(JSC::regExpProtoGetterGlobal):
(JSC::regExpProtoGetterIgnoreCase):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):
(JSC::regExpProtoGetterFlags):
(JSC::regExpProtoGetterSource):
(JSC::regExpProtoFuncSplitFast):

runtime/Reject.h:

(JSC::reject):

runtime/SetConstructor.cpp:

(JSC::callSet):
(JSC::constructSet):

runtime/SetIteratorPrototype.cpp:

(JSC::SetIteratorPrototypeFuncNext):

runtime/SetPrototype.cpp:

(JSC::getSet):
(JSC::setProtoFuncValues):
(JSC::setProtoFuncEntries):

runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayEntry::put):

runtime/StringConstructor.cpp:

(JSC::stringFromCodePoint):

runtime/StringObject.cpp:

(JSC::StringObject::put):
(JSC::StringObject::putByIndex):

runtime/StringPrototype.cpp:

(JSC::jsSpliceSubstrings):
(JSC::jsSpliceSubstringsWithSeparators):
(JSC::repeatCharacter):
(JSC::replace):
(JSC::stringProtoFuncToString):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncCodePointAt):
(JSC::stringProtoFuncConcat):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
(JSC::stringProtoFuncLocaleCompare):
(JSC::toLocaleCase):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString):
(JSC::stringProtoFuncStartsWith):
(JSC::stringProtoFuncEndsWith):
(JSC::stringProtoFuncIncludes):
(JSC::stringProtoFuncIterator):
(JSC::normalize):
(JSC::stringProtoFuncNormalize):

runtime/StringRecursionChecker.cpp:

(JSC::StringRecursionChecker::throwStackOverflowError):

runtime/Symbol.cpp:

(JSC::Symbol::toNumber):

runtime/SymbolConstructor.cpp:

(JSC::symbolConstructorKeyFor):

runtime/SymbolPrototype.cpp:

(JSC::symbolProtoFuncToString):
(JSC::symbolProtoFuncValueOf):

runtime/ThrowScope.cpp: Added.

(JSC::ThrowScope::ThrowScope):
(JSC::ThrowScope::~ThrowScope):
(JSC::ThrowScope::throwException):
(JSC::ThrowScope::printIfNeedCheck):
(JSC::ThrowScope::simulateThrow):
(JSC::ThrowScope::verifyExceptionCheckNeedIsSatisfied):

runtime/ThrowScope.h: Added.

(JSC::ThrowScope::vm):
(JSC::ThrowScope::exception):
(JSC::ThrowScope::release):
(JSC::ThrowScope::ThrowScope):
(JSC::ThrowScope::throwException):
(JSC::throwException):

runtime/ThrowScopeLocation.h: Added.

(JSC::ThrowScopeLocation::ThrowScopeLocation):

runtime/VM.h:
runtime/VMEntryScope.h:

(JSC::VMEntryScope::vm):

runtime/WeakMapConstructor.cpp:

(JSC::callWeakMap):
(JSC::constructWeakMap):

runtime/WeakMapPrototype.cpp:

(JSC::getWeakMapData):
(JSC::protoFuncWeakMapSet):

runtime/WeakSetConstructor.cpp:

(JSC::callWeakSet):
(JSC::constructWeakSet):

runtime/WeakSetPrototype.cpp:

(JSC::getWeakMapData):
(JSC::protoFuncWeakSetAdd):

Source/WebCore:

No new tests because this is only an internal API change. If it builds, it should be good.

bindings/js/JSApplePaySessionCustom.cpp:

(WebCore::JSApplePaySession::completeShippingMethodSelection):
(WebCore::JSApplePaySession::completeShippingContactSelection):
(WebCore::JSApplePaySession::completePaymentMethodSelection):

bindings/js/JSBlobCustom.cpp:

(WebCore::constructJSBlob):

bindings/js/JSCSSStyleDeclarationCustom.cpp:

(WebCore::JSCSSStyleDeclaration::getPropertyCSSValue):

bindings/js/JSCryptoAlgorithmDictionary.cpp:

(WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier):
(WebCore::createAesCbcParams):
(WebCore::createAesKeyGenParams):
(WebCore::createHmacParams):
(WebCore::createHmacKeyParams):
(WebCore::createRsaKeyGenParams):
(WebCore::createRsaOaepParams):
(WebCore::createRsaSsaParams):

bindings/js/JSCryptoCustom.cpp:

(WebCore::JSCrypto::getRandomValues):

bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::getJSArrayFromJSON):
(WebCore::getStringFromJSON):
(WebCore::getBooleanFromJSON):
(WebCore::getBigIntegerVectorFromJSON):
(WebCore::JSCryptoKeySerializationJWK::JSCryptoKeySerializationJWK):
(WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
(WebCore::tryJWKKeyOpsValue):
(WebCore::JSCryptoKeySerializationJWK::reconcileUsages):
(WebCore::JSCryptoKeySerializationJWK::keyDataOctetSequence):
(WebCore::JSCryptoKeySerializationJWK::keyDataRSAComponents):
(WebCore::JSCryptoKeySerializationJWK::keyData):
(WebCore::addJWKAlgorithmToJSON):
(WebCore::JSCryptoKeySerializationJWK::serialize):

bindings/js/JSCryptoOperationData.cpp:

(WebCore::cryptoOperationDataFromJSValue):

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::upgradeElement):

bindings/js/JSCustomElementRegistryCustom.cpp:

(WebCore::getCustomElementCallback):
(WebCore::JSCustomElementRegistry::define):

bindings/js/JSDOMBinding.cpp:

(WebCore::setDOMException):
(WebCore::enforceRange):
(WebCore::toSmallerInt):
(WebCore::toSmallerUInt):
(WebCore::canAccessDocument):
(WebCore::throwTypeError):
(WebCore::throwNotSupportedError):
(WebCore::throwInvalidStateError):
(WebCore::throwSecurityError):
(WebCore::throwArgumentMustBeEnumError):
(WebCore::throwArgumentMustBeFunctionError):
(WebCore::throwArgumentTypeError):
(WebCore::throwArrayElementTypeError):
(WebCore::throwAttributeTypeError):
(WebCore::throwConstructorScriptExecutionContextUnavailableError):
(WebCore::throwSequenceTypeError):
(WebCore::throwNonFiniteTypeError):
(WebCore::throwGetterTypeError):
(WebCore::throwSetterTypeError):
(WebCore::throwThisTypeError):
(WebCore::callThrowTypeError):

bindings/js/JSDOMBinding.h:

(WebCore::toJSSequence):
(WebCore::toRefPtrNativeArray):
(WebCore::toNativeArray):

bindings/js/JSDOMConstructor.h:

(WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
(WebCore::JSBuiltinConstructor<JSClass>::callConstructor):

bindings/js/JSDOMConvert.h:

(WebCore::convertWrapperType):

bindings/js/JSDOMIterator.h:

(WebCore::iteratorCreate):
(WebCore::iteratorForEach):
(WebCore::JSDOMIteratorPrototype<JSWrapper>::next):

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::put):
(WebCore::JSDOMWindow::showModalDialog):
(WebCore::handlePostMessage):
(WebCore::JSDOMWindow::setTimeout):
(WebCore::JSDOMWindow::setInterval):

bindings/js/JSDataCueCustom.cpp:

(WebCore::constructJSDataCue):

bindings/js/JSDictionary.cpp:

(WebCore::JSDictionary::convertValue):

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::createTouchList):
(WebCore::JSDocument::getCSSCanvasContext):

bindings/js/JSFileCustom.cpp:

(WebCore::constructJSFile):

bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::JSHTMLAllCollection::item):

bindings/js/JSHTMLCanvasElementCustom.cpp:

(WebCore::JSHTMLCanvasElement::getContext):
(WebCore::JSHTMLCanvasElement::probablySupportsContext):

bindings/js/JSHTMLDocumentCustom.cpp:

(WebCore::JSHTMLDocument::open):

bindings/js/JSHTMLElementCustom.cpp:

(WebCore::constructJSHTMLElement):

bindings/js/JSHTMLFormControlsCollectionCustom.cpp:

(WebCore::JSHTMLFormControlsCollection::namedItem):

bindings/js/JSHTMLInputElementCustom.cpp:

(WebCore::JSHTMLInputElement::selectionStart):
(WebCore::JSHTMLInputElement::setSelectionStart):
(WebCore::JSHTMLInputElement::selectionEnd):
(WebCore::JSHTMLInputElement::setSelectionEnd):
(WebCore::JSHTMLInputElement::selectionDirection):
(WebCore::JSHTMLInputElement::setSelectionDirection):
(WebCore::JSHTMLInputElement::setSelectionRange):

bindings/js/JSHistoryCustom.cpp:

(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):

bindings/js/JSIDBDatabaseCustom.cpp:

(WebCore::JSIDBDatabase::createObjectStore):

bindings/js/JSImageConstructor.cpp:

(WebCore::JSImageConstructor::construct):

bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::getOwnPropertySlotDelegate):

bindings/js/JSMediaDevicesCustom.cpp:

(WebCore::JSMediaDevices::getUserMedia):

bindings/js/JSMediaStreamTrackCustom.cpp:

(WebCore::JSMediaStreamTrack::getSettings):
(WebCore::JSMediaStreamTrack::getCapabilities):

bindings/js/JSMessagePortCustom.cpp:

(WebCore::fillMessagePortArray):

bindings/js/JSMessagePortCustom.h:

(WebCore::handlePostMessage):

bindings/js/JSMockContentFilterSettingsCustom.cpp:

(WebCore::JSMockContentFilterSettings::setDecisionPoint):
(WebCore::toDecision):

bindings/js/JSModuleLoader.cpp:

(WebCore::JSModuleLoader::evaluate):

bindings/js/JSMutationObserverCustom.cpp:

(WebCore::constructJSMutationObserver):

bindings/js/JSNodeCustom.cpp:

(WebCore::JSNode::insertBefore):
(WebCore::JSNode::replaceChild):
(WebCore::JSNode::removeChild):
(WebCore::JSNode::appendChild):

bindings/js/JSNodeFilterCustom.cpp:

(WebCore::JSNodeFilter::acceptNode):

bindings/js/JSPluginElementFunctions.cpp:

(WebCore::pluginElementPropertyGetter):

bindings/js/JSReadableStreamPrivateConstructors.cpp:

(WebCore::constructJSReadableStreamDefaultController):
(WebCore::constructJSReadableStreamDefaultReader):

bindings/js/JSSVGLengthCustom.cpp:

(WebCore::JSSVGLength::setValue):
(WebCore::JSSVGLength::convertToSpecifiedUnits):

bindings/js/JSWebGL2RenderingContextCustom.cpp:

(WebCore::JSWebGL2RenderingContext::getIndexedParameter):

bindings/js/JSWebGLRenderingContextBaseCustom.cpp:

(WebCore::getObjectParameter):
(WebCore::JSWebGLRenderingContextBase::getAttachedShaders):
(WebCore::JSWebGLRenderingContextBase::getExtension):
(WebCore::JSWebGLRenderingContextBase::getFramebufferAttachmentParameter):
(WebCore::JSWebGLRenderingContextBase::getParameter):
(WebCore::JSWebGLRenderingContextBase::getProgramParameter):
(WebCore::JSWebGLRenderingContextBase::getShaderParameter):
(WebCore::JSWebGLRenderingContextBase::getUniform):
(WebCore::dataFunctionf):
(WebCore::dataFunctioni):
(WebCore::dataFunctionMatrix):

bindings/js/JSWebKitSubtleCryptoCustom.cpp:

(WebCore::cryptoKeyFormatFromJSValue):
(WebCore::cryptoKeyUsagesFromJSValue):
(WebCore::JSWebKitSubtleCrypto::encrypt):
(WebCore::JSWebKitSubtleCrypto::decrypt):
(WebCore::JSWebKitSubtleCrypto::sign):
(WebCore::JSWebKitSubtleCrypto::verify):
(WebCore::JSWebKitSubtleCrypto::digest):
(WebCore::JSWebKitSubtleCrypto::generateKey):
(WebCore::importKey):
(WebCore::JSWebKitSubtleCrypto::importKey):
(WebCore::exportKey):
(WebCore::JSWebKitSubtleCrypto::exportKey):
(WebCore::JSWebKitSubtleCrypto::wrapKey):
(WebCore::JSWebKitSubtleCrypto::unwrapKey):

bindings/js/JSWorkerCustom.cpp:

(WebCore::constructJSWorker):

bindings/js/JSWorkerGlobalScopeCustom.cpp:

(WebCore::JSWorkerGlobalScope::setTimeout):
(WebCore::JSWorkerGlobalScope::setInterval):

bindings/js/ReadableStreamDefaultController.cpp:

(WebCore::ReadableStreamDefaultController::invoke):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneBase::throwStackOverflow):
(WebCore::CloneDeserializer::throwValidationError):
(WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::evaluate):
(WebCore::WorkerScriptController::setException):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateEnumerationImplementationContent):
(GenerateDictionaryImplementationContent):
(GenerateOverloadedFunctionOrConstructor):
(GenerateImplementation):
(GenerateFunctionCastedThis):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateConstructorDefinition):

bindings/scripts/test/JS/JSInterfaceName.cpp:

(WebCore::jsInterfaceNameConstructor):
(WebCore::setJSInterfaceNameConstructor):

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::jsTestActiveDOMObjectExcitingAttr):
(WebCore::jsTestActiveDOMObjectConstructor):
(WebCore::setJSTestActiveDOMObjectConstructor):
(WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
(WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):

bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::jsTestClassWithJSBuiltinConstructorConstructor):
(WebCore::setJSTestClassWithJSBuiltinConstructorConstructor):

bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::jsTestCustomConstructorWithNoInterfaceObjectConstructor):
(WebCore::setJSTestCustomConstructorWithNoInterfaceObjectConstructor):

bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::jsTestCustomNamedGetterConstructor):
(WebCore::setJSTestCustomNamedGetterConstructor):
(WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):

bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::construct):
(WebCore::jsTestEventConstructorAttr1):
(WebCore::jsTestEventConstructorAttr2):
(WebCore::jsTestEventConstructorAttr3):
(WebCore::jsTestEventConstructorConstructor):
(WebCore::setJSTestEventConstructorConstructor):

bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::jsTestEventTargetConstructor):
(WebCore::setJSTestEventTargetConstructor):
(WebCore::jsTestEventTargetPrototypeFunctionItem):

bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::jsTestExceptionName):
(WebCore::jsTestExceptionConstructor):
(WebCore::setJSTestExceptionConstructor):

bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::jsTestGenerateIsReachableConstructor):
(WebCore::setJSTestGenerateIsReachableConstructor):

bindings/scripts/test/JS/JSTestGlobalObject.cpp:

(WebCore::jsTestGlobalObjectRegularAttribute):
(WebCore::jsTestGlobalObjectPublicAndPrivateAttribute):
(WebCore::jsTestGlobalObjectPublicAndPrivateConditionalAttribute):
(WebCore::jsTestGlobalObjectEnabledAtRuntimeAttribute):
(WebCore::jsTestGlobalObjectConstructor):
(WebCore::setJSTestGlobalObjectConstructor):
(WebCore::setJSTestGlobalObjectRegularAttribute):
(WebCore::setJSTestGlobalObjectPublicAndPrivateAttribute):
(WebCore::setJSTestGlobalObjectPublicAndPrivateConditionalAttribute):
(WebCore::setJSTestGlobalObjectEnabledAtRuntimeAttribute):
(WebCore::jsTestGlobalObjectInstanceFunctionRegularOperation):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation1):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation2):
(WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation):
(WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):

bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceConstructor::construct):
(WebCore::jsTestInterfaceConstructorImplementsStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorImplementsStaticAttr):
(WebCore::jsTestInterfaceImplementsStr1):
(WebCore::jsTestInterfaceImplementsStr2):
(WebCore::jsTestInterfaceImplementsStr3):
(WebCore::jsTestInterfaceImplementsNode):
(WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::jsTestInterfaceSupplementalStr1):
(WebCore::jsTestInterfaceSupplementalStr2):
(WebCore::jsTestInterfaceSupplementalStr3):
(WebCore::jsTestInterfaceSupplementalNode):
(WebCore::jsTestInterfaceConstructor):
(WebCore::setJSTestInterfaceConstructor):
(WebCore::setJSTestInterfaceConstructorImplementsStaticAttr):
(WebCore::setJSTestInterfaceImplementsStr2):
(WebCore::setJSTestInterfaceImplementsStr3):
(WebCore::setJSTestInterfaceImplementsNode):
(WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::setJSTestInterfaceSupplementalStr2):
(WebCore::setJSTestInterfaceSupplementalStr3):
(WebCore::setJSTestInterfaceSupplementalNode):
(WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
(WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
(WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
(WebCore::jsTestInterfaceConstructorFunctionImplementsMethod4):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
(WebCore::jsTestInterfaceConstructorFunctionSupplementalMethod4):

bindings/scripts/test/JS/JSTestIterable.cpp:

(WebCore::jsTestIterableConstructor):
(WebCore::setJSTestIterableConstructor):

bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:

(WebCore::jsTestJSBuiltinConstructorTestAttributeCustom):
(WebCore::jsTestJSBuiltinConstructorTestAttributeRWCustom):
(WebCore::jsTestJSBuiltinConstructorConstructor):
(WebCore::setJSTestJSBuiltinConstructorConstructor):
(WebCore::setJSTestJSBuiltinConstructorTestAttributeRWCustom):
(WebCore::jsTestJSBuiltinConstructorPrototypeFunctionTestCustomFunction):

bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::jsTestMediaQueryListListenerConstructor):
(WebCore::setJSTestMediaQueryListListenerConstructor):
(WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):

bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorNamedConstructor::construct):
(WebCore::jsTestNamedConstructorConstructor):
(WebCore::setJSTestNamedConstructorConstructor):

bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::JSTestNodeConstructor::construct):
(WebCore::jsTestNodeName):
(WebCore::jsTestNodeConstructor):
(WebCore::setJSTestNodeConstructor):
(WebCore::setJSTestNodeName):

bindings/scripts/test/JS/JSTestNondeterministic.cpp:

(WebCore::jsTestNondeterministicNondeterministicReadonlyAttr):
(WebCore::jsTestNondeterministicNondeterministicWriteableAttr):
(WebCore::jsTestNondeterministicNondeterministicExceptionAttr):
(WebCore::jsTestNondeterministicNondeterministicGetterExceptionAttr):
(WebCore::jsTestNondeterministicNondeterministicSetterExceptionAttr):
(WebCore::jsTestNondeterministicConstructor):
(WebCore::setJSTestNondeterministicConstructor):
(WebCore::setJSTestNondeterministicNondeterministicWriteableAttr):
(WebCore::setJSTestNondeterministicNondeterministicExceptionAttr):
(WebCore::setJSTestNondeterministicNondeterministicGetterExceptionAttr):
(WebCore::setJSTestNondeterministicNondeterministicSetterExceptionAttr):
(WebCore::jsTestNondeterministicPrototypeFunctionNondeterministicZeroArgFunction):

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::convert<TestObj::EnumType>):
(WebCore::convert<TestObj::Optional>):
(WebCore::convert<AlternateEnumName>):
(WebCore::convert<TestObj::EnumA>):
(WebCore::convert<TestObj::EnumB>):
(WebCore::convert<TestObj::EnumC>):
(WebCore::convert<TestObj::Kind>):
(WebCore::convert<TestObj::Size>):
(WebCore::convert<TestObj::Confidence>):
(WebCore::convertDictionary<TestObj::Dictionary>):
(WebCore::convertDictionary<TestObj::DictionaryThatShouldNotTolerateNull>):
(WebCore::convertDictionary<TestObj::DictionaryThatShouldTolerateNull>):
(WebCore::convertDictionary<AlternateDictionaryName>):
(WebCore::JSTestObjConstructor::construct):
(WebCore::jsTestObjReadOnlyLongAttr):
(WebCore::jsTestObjReadOnlyStringAttr):
(WebCore::jsTestObjReadOnlyTestObjAttr):
(WebCore::jsTestObjConstructorStaticReadOnlyLongAttr):
(WebCore::jsTestObjConstructorStaticStringAttr):
(WebCore::jsTestObjConstructorTestSubObj):
(WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
(WebCore::jsTestObjEnumAttr):
(WebCore::jsTestObjByteAttr):
(WebCore::jsTestObjOctetAttr):
(WebCore::jsTestObjShortAttr):
(WebCore::jsTestObjClampedShortAttr):
(WebCore::jsTestObjEnforceRangeShortAttr):
(WebCore::jsTestObjUnsignedShortAttr):
(WebCore::jsTestObjLongAttr):
(WebCore::jsTestObjLongLongAttr):
(WebCore::jsTestObjUnsignedLongLongAttr):
(WebCore::jsTestObjStringAttr):
(WebCore::jsTestObjUsvstringAttr):
(WebCore::jsTestObjTestObjAttr):
(WebCore::jsTestObjTestNullableObjAttr):
(WebCore::jsTestObjLenientTestObjAttr):
(WebCore::jsTestObjUnforgeableAttr):
(WebCore::jsTestObjStringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjUsvstringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjImplementationEnumAttr):
(WebCore::jsTestObjXMLObjAttr):
(WebCore::jsTestObjCreate):
(WebCore::jsTestObjReflectedStringAttr):
(WebCore::jsTestObjReflectedUSVStringAttr):
(WebCore::jsTestObjReflectedIntegralAttr):
(WebCore::jsTestObjReflectedUnsignedIntegralAttr):
(WebCore::jsTestObjReflectedBooleanAttr):
(WebCore::jsTestObjReflectedURLAttr):
(WebCore::jsTestObjReflectedUSVURLAttr):
(WebCore::jsTestObjReflectedCustomIntegralAttr):
(WebCore::jsTestObjReflectedCustomBooleanAttr):
(WebCore::jsTestObjReflectedCustomURLAttr):
(WebCore::jsTestObjEnabledAtRuntimeAttribute):
(WebCore::jsTestObjTypedArrayAttr):
(WebCore::jsTestObjAttrWithGetterException):
(WebCore::jsTestObjAttrWithGetterExceptionWithMessage):
(WebCore::jsTestObjAttrWithSetterException):
(WebCore::jsTestObjAttrWithSetterExceptionWithMessage):
(WebCore::jsTestObjStringAttrWithGetterException):
(WebCore::jsTestObjStringAttrWithSetterException):
(WebCore::jsTestObjCustomAttr):
(WebCore::jsTestObjOnfoo):
(WebCore::jsTestObjOnwebkitfoo):
(WebCore::jsTestObjWithScriptStateAttribute):
(WebCore::jsTestObjWithCallWithAndSetterCallWithAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute):
(WebCore::jsTestObjConditionalAttr1):
(WebCore::jsTestObjConditionalAttr2):
(WebCore::jsTestObjConditionalAttr3):
(WebCore::jsTestObjConditionalAttr4Constructor):
(WebCore::jsTestObjConditionalAttr5Constructor):
(WebCore::jsTestObjConditionalAttr6Constructor):
(WebCore::jsTestObjCachedAttribute1):
(WebCore::jsTestObjCachedAttribute2):
(WebCore::jsTestObjAnyAttribute):
(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjMutablePoint):
(WebCore::jsTestObjImmutablePoint):
(WebCore::jsTestObjStrawberry):
(WebCore::jsTestObjDescription):
(WebCore::jsTestObjId):
(WebCore::jsTestObjHash):
(WebCore::jsTestObjReplaceableAttribute):
(WebCore::jsTestObjNullableDoubleAttribute):
(WebCore::jsTestObjNullableLongAttribute):
(WebCore::jsTestObjNullableBooleanAttribute):
(WebCore::jsTestObjNullableStringAttribute):
(WebCore::jsTestObjNullableLongSettableAttribute):
(WebCore::jsTestObjNullableStringSettableAttribute):
(WebCore::jsTestObjNullableUSVStringSettableAttribute):
(WebCore::jsTestObjNullableStringValue):
(WebCore::jsTestObjAttribute):
(WebCore::jsTestObjAttributeWithReservedEnumType):
(WebCore::jsTestObjPutForwardsAttribute):
(WebCore::jsTestObjPutForwardsNullableAttribute):
(WebCore::jsTestObjStringifierAttribute):
(WebCore::jsTestObjConstructor):
(WebCore::setJSTestObjConstructor):
(WebCore::setJSTestObjConstructorStaticStringAttr):
(WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
(WebCore::setJSTestObjEnumAttr):
(WebCore::setJSTestObjByteAttr):
(WebCore::setJSTestObjOctetAttr):
(WebCore::setJSTestObjShortAttr):
(WebCore::setJSTestObjClampedShortAttr):
(WebCore::setJSTestObjEnforceRangeShortAttr):
(WebCore::setJSTestObjUnsignedShortAttr):
(WebCore::setJSTestObjLongAttr):
(WebCore::setJSTestObjLongLongAttr):
(WebCore::setJSTestObjUnsignedLongLongAttr):
(WebCore::setJSTestObjStringAttr):
(WebCore::setJSTestObjUsvstringAttr):
(WebCore::setJSTestObjTestObjAttr):
(WebCore::setJSTestObjTestNullableObjAttr):
(WebCore::setJSTestObjLenientTestObjAttr):
(WebCore::setJSTestObjStringAttrTreatingNullAsEmptyString):
(WebCore::setJSTestObjUsvstringAttrTreatingNullAsEmptyString):
(WebCore::setJSTestObjImplementationEnumAttr):
(WebCore::setJSTestObjXMLObjAttr):
(WebCore::setJSTestObjCreate):
(WebCore::setJSTestObjReflectedStringAttr):
(WebCore::setJSTestObjReflectedUSVStringAttr):
(WebCore::setJSTestObjReflectedIntegralAttr):
(WebCore::setJSTestObjReflectedUnsignedIntegralAttr):
(WebCore::setJSTestObjReflectedBooleanAttr):
(WebCore::setJSTestObjReflectedURLAttr):
(WebCore::setJSTestObjReflectedUSVURLAttr):
(WebCore::setJSTestObjReflectedCustomIntegralAttr):
(WebCore::setJSTestObjReflectedCustomBooleanAttr):
(WebCore::setJSTestObjReflectedCustomURLAttr):
(WebCore::setJSTestObjEnabledAtRuntimeAttribute):
(WebCore::setJSTestObjTypedArrayAttr):
(WebCore::setJSTestObjAttrWithGetterException):
(WebCore::setJSTestObjAttrWithGetterExceptionWithMessage):
(WebCore::setJSTestObjAttrWithSetterException):
(WebCore::setJSTestObjAttrWithSetterExceptionWithMessage):
(WebCore::setJSTestObjStringAttrWithGetterException):
(WebCore::setJSTestObjStringAttrWithSetterException):
(WebCore::setJSTestObjCustomAttr):
(WebCore::setJSTestObjOnfoo):
(WebCore::setJSTestObjOnwebkitfoo):
(WebCore::setJSTestObjWithScriptStateAttribute):
(WebCore::setJSTestObjWithCallWithAndSetterCallWithAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAttribute):
(WebCore::setJSTestObjWithScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::setJSTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute):
(WebCore::setJSTestObjConditionalAttr1):
(WebCore::setJSTestObjConditionalAttr2):
(WebCore::setJSTestObjConditionalAttr3):
(WebCore::setJSTestObjConditionalAttr4Constructor):
(WebCore::setJSTestObjConditionalAttr5Constructor):
(WebCore::setJSTestObjConditionalAttr6Constructor):
(WebCore::setJSTestObjAnyAttribute):
(WebCore::setJSTestObjMutablePoint):
(WebCore::setJSTestObjImmutablePoint):
(WebCore::setJSTestObjStrawberry):
(WebCore::setJSTestObjId):
(WebCore::setJSTestObjReplaceableAttribute):
(WebCore::setJSTestObjNullableLongSettableAttribute):
(WebCore::setJSTestObjNullableStringSettableAttribute):
(WebCore::setJSTestObjNullableUSVStringSettableAttribute):
(WebCore::setJSTestObjNullableStringValue):
(WebCore::setJSTestObjAttributeWithReservedEnumType):
(WebCore::setJSTestObjPutForwardsAttribute):
(WebCore::setJSTestObjPutForwardsNullableAttribute):
(WebCore::setJSTestObjStringifierAttribute):
(WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation1):
(WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation2):
(WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation):
(WebCore::jsTestObjPrototypeFunctionVoidMethod):
(WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionByteMethod):
(WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionOctetMethod):
(WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionLongMethod):
(WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionObjMethod):
(WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
(WebCore::jsTestObjInstanceFunctionUnforgeableMethod):
(WebCore::jsTestObjPrototypeFunctionMethodWithArgTreatingNullAsEmptyString):
(WebCore::jsTestObjPrototypeFunctionMethodWithXPathNSResolverParameter):
(WebCore::jsTestObjPrototypeFunctionNullableStringMethod):
(WebCore::jsTestObjConstructorFunctionNullableStringStaticMethod):
(WebCore::jsTestObjPrototypeFunctionNullableStringSpecialMethod):
(WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalEnumArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalEnumArgAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
(WebCore::jsTestObjPrototypeFunctionMethodWithUSVStringArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNullableUSVStringArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithUSVStringArgTreatingNullAsEmptyString):
(WebCore::jsTestObjPrototypeFunctionSerializedValue):
(WebCore::jsTestObjPrototypeFunctionOptionsObject):
(WebCore::jsTestObjPrototypeFunctionMethodWithException):
(WebCore::jsTestObjPrototypeFunctionMethodWithExceptionWithMessage):
(WebCore::jsTestObjPrototypeFunctionCustomMethod):
(WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionPrivateMethod):
(WebCore::jsTestObjPrototypeFunctionPublicAndPrivateMethod):
(WebCore::jsTestObjPrototypeFunctionAddEventListener):
(WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
(WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
(WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
(WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
(WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
(WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
(WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
(WebCore::jsTestObjPrototypeFunctionWithDocumentArgument):
(WebCore::jsTestObjPrototypeFunctionWithCallerDocumentArgument):
(WebCore::jsTestObjPrototypeFunctionWithCallerWindowArgument):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArgAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUSVString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNull):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsNull):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsEmptyString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUSVStringIsEmptyString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsEmptyString):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalDoubleIsNaN):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalFloatIsNaN):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalLongLong):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalLongLongIsZero):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUnsignedLongLong):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUnsignedLongLongIsZero):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequence):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequenceIsEmpty):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBoolean):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBooleanIsFalse):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAny):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalNullableWrapper):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalNullableWrapperIsNull):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalXPathNSResolver):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackFunctionArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackFunctionArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackFunctionAndOptionalArg):
(WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackAndOptionalArg):
(WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackArg):
(WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
(WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
(WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter):
(WebCore::jsTestObjConstructorFunctionClassMethod):
(WebCore::jsTestObjConstructorFunctionClassMethodWithOptional):
(WebCore::jsTestObjConstructorFunctionClassMethod2):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod11):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod12):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
(WebCore::jsTestObjPrototypeFunctionClassMethodWithEnforceRange):
(WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
(WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
(WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
(WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence):
(WebCore::jsTestObjPrototypeFunctionGetElementById):
(WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
(WebCore::jsTestObjPrototypeFunctionConvert1):
(WebCore::jsTestObjPrototypeFunctionConvert2):
(WebCore::jsTestObjPrototypeFunctionConvert3):
(WebCore::jsTestObjPrototypeFunctionConvert4):
(WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
(WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
(WebCore::jsTestObjPrototypeFunctionOrange):
(WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
(WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
(WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
(WebCore::jsTestObjPrototypeFunctionAny):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithOptionalIntArgumentPromise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction):
(WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionPromise):
(WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionWithExceptionPromise):
(WebCore::jsTestObjPrototypeFunctionMethodWithNeedsCustomElementReactionStack):
(WebCore::jsTestObjPrototypeFunctionConditionalOverload1):
(WebCore::jsTestObjPrototypeFunctionConditionalOverload2):
(WebCore::jsTestObjPrototypeFunctionConditionalOverload):
(WebCore::jsTestObjPrototypeFunctionSingleConditionalOverload1):
(WebCore::jsTestObjPrototypeFunctionSingleConditionalOverload2):
(WebCore::jsTestObjPrototypeFunctionSingleConditionalOverload):
(WebCore::jsTestObjPrototypeFunctionAttachShadowRoot):
(WebCore::jsTestObjPrototypeFunctionToString):

bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::constructJSTestOverloadedConstructors1):
(WebCore::constructJSTestOverloadedConstructors2):
(WebCore::constructJSTestOverloadedConstructors3):
(WebCore::constructJSTestOverloadedConstructors4):
(WebCore::constructJSTestOverloadedConstructors5):
(WebCore::JSTestOverloadedConstructorsConstructor::construct):
(WebCore::jsTestOverloadedConstructorsConstructor):
(WebCore::setJSTestOverloadedConstructorsConstructor):

bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:

(WebCore::constructJSTestOverloadedConstructorsWithSequence1):
(WebCore::constructJSTestOverloadedConstructorsWithSequence2):
(WebCore::JSTestOverloadedConstructorsWithSequenceConstructor::construct):
(WebCore::jsTestOverloadedConstructorsWithSequenceConstructor):
(WebCore::setJSTestOverloadedConstructorsWithSequenceConstructor):

bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::jsTestOverrideBuiltinsConstructor):
(WebCore::setJSTestOverrideBuiltinsConstructor):
(WebCore::jsTestOverrideBuiltinsPrototypeFunctionNamedItem):

bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::jsTestSerializedScriptValueInterfaceValue):
(WebCore::jsTestSerializedScriptValueInterfaceReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
(WebCore::jsTestSerializedScriptValueInterfacePorts):
(WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceConstructor):
(WebCore::setJSTestSerializedScriptValueInterfaceConstructor):
(WebCore::setJSTestSerializedScriptValueInterfaceValue):
(WebCore::setJSTestSerializedScriptValueInterfaceCachedValue):

bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsConstructor::construct):
(WebCore::jsTestTypedefsUnsignedLongLongAttr):
(WebCore::jsTestTypedefsImmutableSerializedScriptValue):
(WebCore::jsTestTypedefsConstructorTestSubObj):
(WebCore::jsTestTypedefsAttrWithGetterException):
(WebCore::jsTestTypedefsAttrWithSetterException):
(WebCore::jsTestTypedefsStringAttrWithGetterException):
(WebCore::jsTestTypedefsStringAttrWithSetterException):
(WebCore::jsTestTypedefsConstructor):
(WebCore::setJSTestTypedefsConstructor):
(WebCore::setJSTestTypedefsUnsignedLongLongAttr):
(WebCore::setJSTestTypedefsImmutableSerializedScriptValue):
(WebCore::setJSTestTypedefsAttrWithGetterException):
(WebCore::setJSTestTypedefsAttrWithSetterException):
(WebCore::setJSTestTypedefsStringAttrWithGetterException):
(WebCore::setJSTestTypedefsStringAttrWithSetterException):
(WebCore::jsTestTypedefsPrototypeFunctionFunc):
(WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
(WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
(WebCore::jsTestTypedefsPrototypeFunctionNullableSequenceArg):
(WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
(WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
(WebCore::jsTestTypedefsPrototypeFunctionStringSequenceFunction):
(WebCore::jsTestTypedefsPrototypeFunctionStringSequenceFunction2):
(WebCore::jsTestTypedefsPrototypeFunctionCallWithSequenceThatRequiresInclude):
(WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):

bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::jsattributeReadonly):
(WebCore::jsattributeConstructor):
(WebCore::setJSattributeConstructor):

bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::jsreadonlyConstructor):
(WebCore::setJSreadonlyConstructor):

bridge/c/c_instance.cpp:

(JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
(JSC::Bindings::CInstance::invokeMethod):
(JSC::Bindings::CInstance::invokeDefaultMethod):
(JSC::Bindings::CInstance::invokeConstruct):
(JSC::Bindings::CInstance::toJSPrimitive):

bridge/objc/objc_instance.mm:

(ObjcInstance::moveGlobalExceptionToExecState):
(ObjcInstance::invokeMethod):

bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcField::valueFromInstance):
(JSC::Bindings::ObjcField::setValueToInstance):
(JSC::Bindings::ObjcArray::setValueAt):
(JSC::Bindings::ObjcArray::valueAt):
(JSC::Bindings::callObjCFallbackObject):

bridge/objc/objc_utility.h:
bridge/objc/objc_utility.mm:

(JSC::Bindings::throwError):

bridge/runtime_array.cpp:

(JSC::RuntimeArray::lengthGetter):
(JSC::RuntimeArray::put):
(JSC::RuntimeArray::putByIndex):

bridge/runtime_method.cpp:

(JSC::RuntimeMethod::lengthGetter):
(JSC::callRuntimeMethod):

bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::fallbackObjectGetter):
(JSC::Bindings::RuntimeObject::fieldGetter):
(JSC::Bindings::RuntimeObject::methodGetter):
(JSC::Bindings::RuntimeObject::getOwnPropertySlot):
(JSC::Bindings::RuntimeObject::put):
(JSC::Bindings::RuntimeObject::defaultValue):
(JSC::Bindings::RuntimeObject::getOwnPropertyNames):
(JSC::Bindings::RuntimeObject::throwInvalidAccessError):

bridge/runtime_object.h:

Source/WebKit/mac:

Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):

Plugins/Hosted/ProxyInstance.mm:

(WebKit::ProxyInstance::invokeMethod):

Source/WebKit2:

WebProcess/Plugins/Netscape/JSNPMethod.cpp:

(WebKit::callMethod):

WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::callMethod):
(WebKit::JSNPObject::callObject):
(WebKit::JSNPObject::callConstructor):
(WebKit::JSNPObject::getOwnPropertySlot):
(WebKit::JSNPObject::put):
(WebKit::JSNPObject::deleteProperty):
(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):
(WebKit::JSNPObject::methodGetter):
(WebKit::JSNPObject::throwInvalidAccessError):

WebProcess/Plugins/Netscape/JSNPObject.h:
WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):

Source/WTF:

wtf/Platform.h:
Introduced the ENABLE(THROW_SCOPE_VERIFICATION) flag.

12:36 AM Changeset in webkit [205594] by zandobersek@gmail.com

2 edits
2 adds
2 deletes in trunk/Source/WebKit2

Move webkit2gtk.pc.in, webkit2gtk-web-extension.pc.in files under Source/WebKit2/gtk/
https://bugs.webkit.org/show_bug.cgi?id=161703

Reviewed by Carlos Garcia Campos.

Move the pkg-config input files that are specific to the GTK+ port
under the Source/WebKit2/gtk/ directory. Build rules are updated
accordingly.

PlatformGTK.cmake:
gtk/webkit2gtk-web-extension.pc.in: Renamed from Source/WebKit2/webkit2gtk-web-extension.pc.in.
gtk/webkit2gtk.pc.in: Renamed from Source/WebKit2/webkit2gtk.pc.in.

12:24 AM Changeset in webkit [205593] by bshafiei@apple.com

2 edits in tags/Safari-603.1.5/Source/JavaScriptCore

Merged r205566. rdar://problem/28184766

12:18 AM Changeset in webkit [205592] by Joseph Pecoraro

10 edits in trunk/Source

[Mac] Address some clang static analyzer warnings in WebKit
https://bugs.webkit.org/show_bug.cgi?id=161597

Reviewed by Darin Adler.

Source/WebKit/mac:

Misc/WebIconDatabase.h:

Remove unused instance variable. It has not been used since r16005 (2006)!

Misc/WebSharingServicePickerController.mm:

(-[WebSharingServicePickerController sharingServicePicker:sharingServicesForItems:mask:proposedSharingServices:]):
Address array leak.

WebCoreSupport/WebSelectionServiceController.mm:

(WebSelectionServiceController::hasRelevantSelectionServices):
Address attachment and cell leak.

WebView/WebFullScreenController.h:
WebView/WebImmediateActionController.h:

Remove unused instance variables.

Source/WebKit2:

UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(-[WKLayerHostView makeBackingLayer]):

UIProcess/mac/WKSharingServicePickerDelegate.mm:

(-[WKSharingServicePickerDelegate sharingServicePicker:sharingServicesForItems:mask:proposedSharingServices:]):

WebProcess/InjectedBundle/API/mac/WKDOMRange.mm:

(-[WKDOMRange rangeByExpandingToWordBoundaryByCharacters:inDirection:]):
Address leaks caught by the static analyzer.

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed