Timeline

View changes from
going back days
by author

Repository changesets Wiki changes

Nov 7, 2016:

5:26 PM Changeset in webkit [208423] by bshafiei@apple.com

• 1 copy in tags/Safari-602.3.9

New tag.

6:46 AM Changeset in webkit [208422] by Ryan Haddad

• 9 edits in trunk

Unreviewed, rolling out r208382.

This change appears to have caused 3
SerializedCryptoKeyWrapTest API tests to fail on macOS.

Reverted changeset:

"[Readable Streams API] Implement ByteStreamController
error()"
​https://bugs.webkit.org/show_bug.cgi?id=164319
​http://trac.webkit.org/changeset/208382

Nov 6, 2016:

10:12 PM Changeset in webkit [208421] by matthew_hanson@apple.com

• 8 edits in branches/safari-602-branch/Source/WebCore

Merge r208392. rdar://problem/28409526

Nov 5, 2016:

11:00 AM Changeset in webkit [208420] by Konstantin Tokarev

• 4 edits in trunk/Source

Fixed compilation of LLInt with MinGW
​https://bugs.webkit.org/show_bug.cgi?id=164449

Reviewed by Michael Catanzaro.

MinGW uses LLIntAssembly.h with GNU assembler syntax, just like GCC on
other platforms.

Source/JavaScriptCore:

• llint/LowLevelInterpreter.cpp: Include LLIntAssembly.h with

appropriate preamble.

Source/WTF:

• wtf/InlineASM.h: Define LOCAL_LABEL_STRING as .L#name for MinGW.

10:59 AM Changeset in webkit [208419] by Ryan Haddad

• 3 edits in trunk/LayoutTests

Removing flaky expectations for tests that were fixed with r208327.
​https://bugs.webkit.org/show_bug.cgi?id=164034

Unreviewed test gardening.

• TestExpectations:
• platform/mac/TestExpectations:

10:58 AM Changeset in webkit [208418] by Konstantin Tokarev

• 4 edits in trunk

[MinGW] Fixed C99/C++11 format attributes in printf-like functions
​https://bugs.webkit.org/show_bug.cgi?id=164448

Reviewed by Michael Catanzaro.

By default MinGW uses printf-like function provided in msvcrt.dll,
however they miss support for C99/C++11 format attributes. Use MinGW
implementations instead.

.:

• Source/cmake/OptionsCommon.cmake: Define USE_MINGW_ANSI_STDIO

Source/WTF:

• wtf/Assertions.h: Use gnu_printf format in WTF_ATTRIBUTE_PRINTF

1:24 AM Changeset in webkit [208417] by Yusuke Suzuki

• 2 edits in trunk/Source/WTF

[JSCOnly] RunLoopGeneric should adopt MonotonicTime / WallTime change
​https://bugs.webkit.org/show_bug.cgi?id=164447

Reviewed by Csaba Osztrogonác.

Build fix for JSCOnly.

• wtf/generic/RunLoopGeneric.cpp:

(WTF::RunLoop::TimerBase::ScheduledTask::create):
(WTF::RunLoop::TimerBase::ScheduledTask::ScheduledTask):
(WTF::RunLoop::TimerBase::ScheduledTask::scheduledTimePoint):
(WTF::RunLoop::TimerBase::ScheduledTask::updateReadyTime):
(WTF::RunLoop::populateTasks):
(WTF::RunLoop::dispatchAfter):
(WTF::RunLoop::TimerBase::start):

12:56 AM Changeset in webkit [208416] by Carlos Garcia Campos

• 4 edits in trunk

[SOUP] Layout test http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials.html fails
​https://bugs.webkit.org/show_bug.cgi?id=139358

Reviewed by Michael Catanzaro.

Source/WebKit2:

Stop putting the credentials in the URL unconditionally and ensure we only do that when provided by the URL
itself. Libsoup has its own cache of SoupAuth, so we don't need to pass user/pass in the URL for every single
request, libsoup will authenticate those automatically.

• NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::applyAuthenticationToRequest):

LayoutTests:

• platform/gtk/TestExpectations: Unskip http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials.html.

Nov 4, 2016:

8:02 PM Changeset in webkit [208415] by fpizlo@apple.com

• 52 edits
  11 adds in trunk

WTF::ParkingLot should stop using std::chrono because std::chrono::duration casts are prone to overflows
​https://bugs.webkit.org/show_bug.cgi?id=152045

Reviewed by Andy Estes.
Source/JavaScriptCore:

Probably the nicest example of why this patch is a good idea is the change in
AtomicsObject.cpp.

• jit/ICStats.cpp:

(JSC::ICStats::ICStats):

• runtime/AtomicsObject.cpp:

(JSC::atomicsFuncWait):

Source/WebCore:

No new layout tests because no new behavior. The new WTF time classes have some unit tests
in TestWebKitAPI.

• fileapi/ThreadableBlobRegistry.cpp:

(WebCore::ThreadableBlobRegistry::blobSize):

• platform/MainThreadSharedTimer.h:
• platform/SharedTimer.h:
• platform/ThreadTimers.cpp:

(WebCore::ThreadTimers::updateSharedTimer):

• platform/cf/MainThreadSharedTimerCF.cpp:

(WebCore::MainThreadSharedTimer::setFireInterval):

• platform/efl/MainThreadSharedTimerEfl.cpp:

(WebCore::MainThreadSharedTimer::setFireInterval):

• platform/glib/MainThreadSharedTimerGLib.cpp:

(WebCore::MainThreadSharedTimer::setFireInterval):

• platform/win/MainThreadSharedTimerWin.cpp:

(WebCore::MainThreadSharedTimer::setFireInterval):

• workers/WorkerRunLoop.cpp:

(WebCore::WorkerRunLoop::runInMode):

Source/WebKit2:

• Platform/IPC/Connection.cpp:

(IPC::Connection::SyncMessageState::wait):
(IPC::Connection::sendMessage):
(IPC::Connection::timeoutRespectingIgnoreTimeoutsForTesting):
(IPC::Connection::waitForMessage):
(IPC::Connection::sendSyncMessage):
(IPC::Connection::waitForSyncReply):

• Platform/IPC/Connection.h:

(IPC::Connection::sendSync):
(IPC::Connection::waitForAndDispatchImmediately):

• Platform/IPC/MessageSender.h:

(IPC::MessageSender::sendSync):

• UIProcess/ChildProcessProxy.h:

(WebKit::ChildProcessProxy::sendSync):

• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently):

• UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::applicationWillTerminate):

• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::sendProcessWillSuspendImminently):

• UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::applicationWillTerminate):

• UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.h:
• UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(-[WKOneShotDisplayLinkHandler displayLinkFired:]):
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):
(WebKit::RemoteLayerTreeDrawingAreaProxy::didRefreshDisplay):
(WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState):

• UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:

(WebKit::TiledCoreAnimationDrawingAreaProxy::waitForDidUpdateActivityState):

• UIProcess/mac/WKImmediateActionController.mm:

(-[WKImmediateActionController immediateActionRecognizerWillBeginAnimation:]):

• UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::stringSelectionForPasteboard):
(WebKit::WebPageProxy::dataSelectionForPasteboard):
(WebKit::WebPageProxy::readSelectionFromPasteboard):
(WebKit::WebPageProxy::shouldDelayWindowOrderingForEvent):
(WebKit::WebPageProxy::acceptsFirstMouse):

• WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::runBeforeUnloadConfirmPanel):
(WebKit::WebChromeClient::runJavaScriptAlert):
(WebKit::WebChromeClient::runJavaScriptConfirm):
(WebKit::WebChromeClient::runJavaScriptPrompt):
(WebKit::WebChromeClient::print):
(WebKit::WebChromeClient::exceededDatabaseQuota):
(WebKit::WebChromeClient::reachedApplicationCacheOriginQuota):

• WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::postSynchronousMessageForTesting):

Source/WTF:

We used to use 'double' for all time measurements. Sometimes it was milliseconds,
sometimes it was seconds. Sometimes we measured a span of time, sometimes we spoke of time
since some epoch. When we spoke of time since epoch, we either used a monotonic clock or
a wall clock. The type - always 'double' - never told us what kind of time we had, even
though there were roughly six of them (sec interval, ms interval, sec since epoch on wall,
ms since epoch on wall, sec since epoch monotonic, ms since epoch monotonic).

At some point, we thought that it would be a good idea to replace these doubles with
std::chrono. But since replacing some things with std::chrono, we found it to be terribly
inconvenient:

• Outrageous API. I never want to say std::chrono::milliseconds(blah). I never want to say std::chrono::steady_clock::timepoint. The syntax for duration_cast is ugly, and ideally duration_cast would not even be a thing.

• No overflow protection. std::chrono uses integers by default and using anything else is clumsy. But the integer math is done without regard for the rough edges of integer math, so any cast between std::chrono types risks overflow. Any comparison risks overflow because it may do conversions silently. We have even found bugs where some C++ implementations had more overflows than others, which ends up being a special kind of hell. In many cases, the overflow also has nasal demons.

It's an error to represent time using integers. It would have been excusable back when
floating point math was not guaranteed to be supported on all platforms, but that would
have been a long time ago. Time is a continuous, infinite concept and it's a perfect fit
for floating point:

• Floating point preserves precision under multiplication in all but extreme cases, so using floating point for time means that unit conversions are almost completely lossless. This means that we don't have to think very hard about what units to use. In this patch, we use seconds almost everywhere. We only convert at boundaries, like an API boundary that wants something other than seconds.

• Floating point makes it easy to reason about infinity, which is something that time code wants to do a lot. Example: when would you like to timeout? Infinity please! This is the most elegant way of having an API support both a timeout variant and a no-timeout variant.

• Floating point does well-understood things when math goes wrong, and these things are pretty well optimized to match what a mathematician would do when computing with real numbers represented using scientific notation with a finite number of significant digits. This means that time math under floating point looks like normal math. On the other hand, std::chrono time math looks like garbage because you have to always check for multiple possible UB corners whenever you touch large integers. Integers that represent time are very likely to be large and you don't have to do much to overflow them. At this time, based on the number of bugs we have already seen due to chrono overflows, I am not certain that we even understand what are all of the corner cases that we should even check for.

This patch introduces a new set of timekeeping classes that are all based on double, and
all internally use seconds. These classes support algebraic typing. The classes are:

• Seconds: this is for measuring a duration.
• WallTime: time since epoch according to a wall clock (aka real time clock).
• MonotonicTime: time since epoch according to a monotonic clock.
• ClockType: enum that says either Wall or Monotonic.
• TimeWithDynamicClockType: a tuple of double and ClockType, which represents either a wall time or a monotonic time.

All of these classes behave like C++ values and are cheap to copy around since they are
very nearly POD. This supports comprehensive conversions between the various time types.
Most of this is by way of algebra. Here are just some of the rules we recognize:

WallTime = WallTime + Seconds
Seconds = WallTime - WallTime
MonotonicTime = MonotonicTime + Seconds
etc...

We support negative, infinite, and NaN times because math.

We support conversions between MonotonicTime and WallTime, like:

WallTime wt = mt.approximateWallTime()

This is called this "approximate" because the only way to do it is to get the current time
on both clocks and convert relative to that.

Many of our APIs would be happy using whatever notion of time the user wanted to use. For
those APIs, which includes Condition and ParkingLot, we have TimeWithDynamicClockType. You
can automatically convert WallTime or MonotonicTime to TimeWithDynamicClockType. This
means that if you use a WallTime with Condition::waitUntil, then Condition's internal
logic for when it should wake up makes its decision based on the current WallTime - but if
you use MonotonicTime then waitUntil will make its decision based on current
MonotonicTime. This is a greater level of flexibility than chrono allowed, since chrono
did not have the concept of a dynamic clock type.

This patch does not include conversions between std::chrono and these new time classes,
because past experience shows that we're quite bad at getting conversions between
std::chrono and anything else right. Also, I didn't need such conversion code because this
patch only converts code that transitively touches ParkingLot and Condition. It was easy
to get all of that code onto the new time classes.

• WTF.xcodeproj/project.pbxproj:
• wtf/AutomaticThread.cpp:

(WTF::AutomaticThread::start):

• wtf/CMakeLists.txt:
• wtf/ClockType.cpp: Added.

(WTF::printInternal):

• wtf/ClockType.h: Added.
• wtf/Condition.h:

(WTF::ConditionBase::waitUntil):
(WTF::ConditionBase::waitFor):
(WTF::ConditionBase::wait):
(WTF::ConditionBase::waitUntilWallClockSeconds): Deleted.
(WTF::ConditionBase::waitUntilMonotonicClockSeconds): Deleted.
(WTF::ConditionBase::waitForSeconds): Deleted.
(WTF::ConditionBase::waitForSecondsImpl): Deleted.
(WTF::ConditionBase::waitForImpl): Deleted.
(WTF::ConditionBase::absoluteFromRelative): Deleted.

• wtf/CrossThreadQueue.h:

(WTF::CrossThreadQueue<DataType>::waitForMessage):

• wtf/CurrentTime.cpp:

(WTF::sleep):

• wtf/MessageQueue.h:

(WTF::MessageQueue::infiniteTime): Deleted.

• wtf/MonotonicTime.cpp: Added.

(WTF::MonotonicTime::now):
(WTF::MonotonicTime::approximateWallTime):
(WTF::MonotonicTime::dump):
(WTF::MonotonicTime::sleep):

• wtf/MonotonicTime.h: Added.

(WTF::MonotonicTime::MonotonicTime):
(WTF::MonotonicTime::fromRawDouble):
(WTF::MonotonicTime::infinity):
(WTF::MonotonicTime::secondsSinceEpoch):
(WTF::MonotonicTime::approximateMonotonicTime):
(WTF::MonotonicTime::operator bool):
(WTF::MonotonicTime::operator+):
(WTF::MonotonicTime::operator-):
(WTF::MonotonicTime::operator+=):
(WTF::MonotonicTime::operator-=):
(WTF::MonotonicTime::operator==):
(WTF::MonotonicTime::operator!=):
(WTF::MonotonicTime::operator<):
(WTF::MonotonicTime::operator>):
(WTF::MonotonicTime::operator<=):
(WTF::MonotonicTime::operator>=):

• wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionallyImpl):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):
(WTF::ParkingLot::unparkCount):

• wtf/ParkingLot.h:

(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::compareAndPark):

• wtf/Seconds.cpp: Added.

(WTF::Seconds::operator+):
(WTF::Seconds::operator-):
(WTF::Seconds::dump):
(WTF::Seconds::sleep):

• wtf/Seconds.h: Added.

(WTF::Seconds::Seconds):
(WTF::Seconds::value):
(WTF::Seconds::seconds):
(WTF::Seconds::milliseconds):
(WTF::Seconds::microseconds):
(WTF::Seconds::nanoseconds):
(WTF::Seconds::fromMilliseconds):
(WTF::Seconds::fromMicroseconds):
(WTF::Seconds::fromNanoseconds):
(WTF::Seconds::infinity):
(WTF::Seconds::operator bool):
(WTF::Seconds::operator+):
(WTF::Seconds::operator-):
(WTF::Seconds::operator*):
(WTF::Seconds::operator/):
(WTF::Seconds::operator+=):
(WTF::Seconds::operator-=):
(WTF::Seconds::operator*=):
(WTF::Seconds::operator/=):
(WTF::Seconds::operator==):
(WTF::Seconds::operator!=):
(WTF::Seconds::operator<):
(WTF::Seconds::operator>):
(WTF::Seconds::operator<=):
(WTF::Seconds::operator>=):

• wtf/TimeWithDynamicClockType.cpp: Added.

(WTF::TimeWithDynamicClockType::now):
(WTF::TimeWithDynamicClockType::nowWithSameClock):
(WTF::TimeWithDynamicClockType::wallTime):
(WTF::TimeWithDynamicClockType::monotonicTime):
(WTF::TimeWithDynamicClockType::approximateWallTime):
(WTF::TimeWithDynamicClockType::approximateMonotonicTime):
(WTF::TimeWithDynamicClockType::operator-):
(WTF::TimeWithDynamicClockType::operator<):
(WTF::TimeWithDynamicClockType::operator>):
(WTF::TimeWithDynamicClockType::operator<=):
(WTF::TimeWithDynamicClockType::operator>=):
(WTF::TimeWithDynamicClockType::dump):
(WTF::TimeWithDynamicClockType::sleep):

• wtf/TimeWithDynamicClockType.h: Added.

(WTF::TimeWithDynamicClockType::TimeWithDynamicClockType):
(WTF::TimeWithDynamicClockType::fromRawDouble):
(WTF::TimeWithDynamicClockType::secondsSinceEpoch):
(WTF::TimeWithDynamicClockType::clockType):
(WTF::TimeWithDynamicClockType::withSameClockAndRawDouble):
(WTF::TimeWithDynamicClockType::operator bool):
(WTF::TimeWithDynamicClockType::operator+):
(WTF::TimeWithDynamicClockType::operator-):
(WTF::TimeWithDynamicClockType::operator+=):
(WTF::TimeWithDynamicClockType::operator-=):
(WTF::TimeWithDynamicClockType::operator==):
(WTF::TimeWithDynamicClockType::operator!=):

• wtf/WallTime.cpp: Added.

(WTF::WallTime::now):
(WTF::WallTime::approximateMonotonicTime):
(WTF::WallTime::dump):
(WTF::WallTime::sleep):

• wtf/WallTime.h: Added.

(WTF::WallTime::WallTime):
(WTF::WallTime::fromRawDouble):
(WTF::WallTime::infinity):
(WTF::WallTime::secondsSinceEpoch):
(WTF::WallTime::approximateWallTime):
(WTF::WallTime::operator bool):
(WTF::WallTime::operator+):
(WTF::WallTime::operator-):
(WTF::WallTime::operator+=):
(WTF::WallTime::operator-=):
(WTF::WallTime::operator==):
(WTF::WallTime::operator!=):
(WTF::WallTime::operator<):
(WTF::WallTime::operator>):
(WTF::WallTime::operator<=):
(WTF::WallTime::operator>=):

• wtf/threads/BinarySemaphore.cpp:

(WTF::BinarySemaphore::wait):

• wtf/threads/BinarySemaphore.h:

Tools:

• TestWebKitAPI/CMakeLists.txt:
• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WTF/Condition.cpp:

(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WTF/SynchronizedFixedQueue.cpp:

(TestWebKitAPI::ToUpperConverter::stopProducing):
(TestWebKitAPI::ToUpperConverter::stopConsuming):

• TestWebKitAPI/Tests/WTF/Time.cpp: Added.

(WTF::operator<<):
(TestWebKitAPI::TEST):

7:57 PM Changeset in webkit [208414] by Alan Bujtas

• 5 edits in trunk/Source/WebCore

RenderFlowThread state reset cleanup.
​https://bugs.webkit.org/show_bug.cgi?id=164426

Reviewed by Simon Fraser.

RenderFlowThread state reset is spread across several functions. This patch groups them
together in RenderObject::resetFlowThreadState().

No change in functionality.

• rendering/RenderBlock.cpp:

(WebCore::RenderBlock::removeLeftoverAnonymousBlock):
(WebCore::RenderBlock::dropAnonymousBoxChild): This is now part of resetFlowThreadState() since resetFlowThreadState
gets called even when NotifyChildren is false.

• rendering/RenderElement.cpp:

(WebCore::RenderElement::insertChildInternal): Initialize the thread state before we notify the child.
(WebCore::RenderElement::removeChildInternal): Reset the state even when NotifyChildren is false.
(WebCore::RenderElement::willBeRemovedFromTree): This code is moved to removeFromRenderFlowThread().
(WebCore::RenderElement::removeFromRenderFlowThread):

• rendering/RenderObject.cpp:

(WebCore::RenderObject::initializeFlowThreadState): This is in transition for webkit.org/b/164428 (RenderFlowThread state initialization cleanup.)
(WebCore::RenderObject::resetFlowThreadState):
(WebCore::RenderObject::setParent): This was seemingly a random place to put flow state initialization.
(WebCore::RenderObject::willBeRemovedFromTree): resetFlowThreadState() takes care of it now.

• rendering/RenderObject.h:

7:48 PM Changeset in webkit [208413] by jfbastien@apple.com

• 2 edits in trunk/Source/JavaScriptCore

testWASM should be very sad if no options are provided
​https://bugs.webkit.org/show_bug.cgi?id=164444

Reviewed by Saam Barati.

Detect missing or invalid options on the command line.

• testWasm.cpp:

(CommandLine::parseArguments):

6:15 PM Changeset in webkit [208412] by Yusuke Suzuki

• 5 edits
  6 adds in trunk

[DOMJIT] Add DOMJIT::Signature annotation to Document::getElementById
​https://bugs.webkit.org/show_bug.cgi?id=164356

Reviewed by Filip Pizlo.

Source/WebCore:

This patch implements DOMJIT::Signature annotation for getElementById.
Since getElementById is also implemented in DocumentFragment, we implement
the branchIfDocumentFragment/branchIfNotDocumentFragment for that.

In dromaeo, we have a test like this.

test( "getElementById", function(){

for ( var i = 0; i < num * 30; i++ ) {

ret = document.getElementById("testA" + num).nodeType;
ret = document.getElementById("testB" + num).nodeType;
ret = document.getElementById("testC" + num).nodeType;
ret = document.getElementById("testD" + num).nodeType;
ret = document.getElementById("testE" + num).nodeType;
ret = document.getElementById("testF" + num).nodeType;

}

});

In the above test, JSC already knows the following things.

1. Since nodeType is now handled as CallDOMGetter, we know that it is pure.
2. getElementById look up becomes PureGetById since document is impure object. But it is kept as PureGetById. So it does not write DOMState.
3. "testA" + num will be converted to constant string.
4. CallDOM for getElementById said it just reads(DOMState:DOM). And it saids that it returns the same value as long as DOMState is not clobbered.
5. CheckCell leading CallDOM ensures the inlined getElementById node. (CallDOM node).

The key thing is that no node clobbers DOMState during the loop. So CallDOM & CallDOMGetter can be hoisted.
This improves dom-query significantly. Dromaeo dom-query getElementById becomes 40x faster (247796 v.s. 6197).
Dromaeo dom-query getElementById (not in document) becomes 89x faster (630317.8 v.s. 7066.).

Tests: js/dom/domjit-function-get-element-by-id-changed.html

js/dom/domjit-function-get-element-by-id-licm.html
js/dom/domjit-function-get-element-by-id.html

• dom/NonElementParentNode.idl:
• domjit/DOMJITCheckDOM.h:

(WebCore::DOMJIT::TypeChecker<DocumentFragment>::branchIfFail):

• domjit/DOMJITHelpers.h:

(WebCore::DOMJIT::branchIfDocumentFragment):
(WebCore::DOMJIT::branchIfNotDocumentFragment):

LayoutTests:

• js/dom/domjit-function-get-element-by-id-changed-expected.txt: Added.
• js/dom/domjit-function-get-element-by-id-changed.html: Added.
• js/dom/domjit-function-get-element-by-id-expected.txt: Added.
• js/dom/domjit-function-get-element-by-id-licm-expected.txt: Added.
• js/dom/domjit-function-get-element-by-id-licm.html: Added.
• js/dom/domjit-function-get-element-by-id.html: Added.

5:55 PM Changeset in webkit [208411] by Simon Fraser

• 6 edits in trunk/Source/WebCore

Rename unscaledUnobscuredVisibleContentSize and unscaledVisibleContentSizeIncludingObscuredArea for attempted clarity
​https://bugs.webkit.org/show_bug.cgi?id=164438

Reviewed by Tim Horton.

unscaledUnobscuredVisibleContentSize() and unscaledVisibleContentSizeIncludingObscuredArea() were an endless source
of confusion.

Functions with "VisibleContent" in the name are usually expected to return document coordinates (affected by zooming),
so unscaledUnobscuredVisibleContentSize caused cognitive dissonance because of "unscaled" vs "visibleContent", and
"unobscured" vs "visible".

So rename:

unscaledUnobscuredVisibleContentSize -> sizeForUnobscuredContent
unscaledVisibleContentSizeIncludingObscuredArea -> sizeForVisibleContent

sizeForUnobscuredContent() can also be private to ScrollView.

• inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::update):

• platform/ScrollView.cpp:

(WebCore::ScrollView::unobscuredContentRectInternal):
(WebCore::ScrollView::sizeForVisibleContent):
(WebCore::ScrollView::sizeForUnobscuredContent): Don't compute unscaledVisibleContentSizeIncludingObscuredArea
before testing whether we have a platform widget.
(WebCore::ScrollView::layoutSize):
(WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Deleted.
(WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Deleted.

• platform/ScrollView.h:
• rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::flushPendingLayerChanges):
(WebCore::RenderLayerCompositor::frameViewDidChangeSize):
(WebCore::RenderLayerCompositor::updateRootLayerPosition):
(WebCore::RenderLayerCompositor::ensureRootLayer):

5:48 PM Changeset in webkit [208410] by mark.lam@apple.com

• 3 edits
  1 add in trunk

Error description code should be able to handle Symbol values.
​https://bugs.webkit.org/show_bug.cgi?id=164436
<rdar://problem/29115583>

Reviewed by Filip Pizlo and Saam Barati.

JSTests:

• stress/error-description-on-symbols-should-not-crash.js: Added.

Source/JavaScriptCore:

Previously, we try to toString() the Symbol value, resulting in it throwing an
exception in errorDescriptionForValue() which breaks the invariant that
errorDescriptionForValue() should not throw.

We fixed this by making errorDescriptionForValue() aware of the Symbol type, and
not so a toString() on Symbol values. Also fixed notAFunctionSourceAppender()
to build a nicer message for Symbol values.

• runtime/ExceptionHelpers.cpp:

(JSC::errorDescriptionForValue):
(JSC::notAFunctionSourceAppender):

5:41 PM Changeset in webkit [208409] by Simon Fraser

• 4 edits
  8 adds in trunk

Layout viewport wrong with RTL documents
​https://bugs.webkit.org/show_bug.cgi?id=164434

Reviewed by Tim Horton.

Source/WebCore:

The layoutViewportRect was computed incorrectly in RTL documents, because
FrameView::unscaledMaximumScrollPosition() was wrong; it erroneously mapped
what it thought was a scrollOffset to a scrollPosition.

Unscaled scroll positions are in the same coordinate space as unscaledDocumentRect,
so we should not call scrollPositionFromOffset() in FrameView::unscaledMaximumScrollPosition().

Changed FrameView::unscaledMinimumScrollPosition() to also just grab the location of
unscaledDocumentRect, for symmetry.

Finally fixed the tiled scrolling indicator's viewport rect for zoomed RTL documents
by using the unscaled scroll origin.

Tests: fast/visual-viewport/rtl-nonzoomed-rects.html

fast/visual-viewport/rtl-zoomed-rects.html

• page/FrameView.cpp:

(WebCore::FrameView::setLayoutViewportOrigin):
(WebCore::FrameView::unscaledScrollOrigin):
(WebCore::FrameView::unscaledMinimumScrollPosition):
(WebCore::FrameView::unscaledMaximumScrollPosition):

• page/FrameView.h:

LayoutTests:

• fast/visual-viewport/rtl-nonzoomed-rects-expected.txt: Added.
• fast/visual-viewport/rtl-nonzoomed-rects.html: Added.
• fast/visual-viewport/rtl-zoomed-rects-expected.txt: Added.
• fast/visual-viewport/rtl-zoomed-rects.html: Added.
• platform/ios-simulator/fast/visual-viewport/rtl-nonzoomed-rects-expected.txt: Added.
• platform/ios-simulator/fast/visual-viewport/rtl-zoomed-rects-expected.txt: Added.
• platform/mac-wk1/fast/visual-viewport/rtl-zoomed-rects-expected.txt: Added. WK1 and RTL are weird.

5:03 PM Changeset in webkit [208408] by commit-queue@webkit.org

• 31 edits
  3 copies
  2 moves
  1 add
  1 delete in trunk/Source/WebCore

[WebIDL] Add support for modern callback syntax
​https://bugs.webkit.org/show_bug.cgi?id=164435

Patch by Sam Weinig <​sam@webkit.org> on 2016-11-04
Reviewed by Chris Dumez.

Support new callback syntax:

callback Function = void (DOMString arg1, long arg2);

This replaces "callback interface" types with a Callback=FunctionOnly
extended attribute.

• Modules/geolocation/PositionCallback.idl:
• Modules/geolocation/PositionErrorCallback.idl:
• Modules/notifications/NotificationPermissionCallback.idl:
• Modules/quota/StorageErrorCallback.idl:
• Modules/quota/StorageQuotaCallback.idl:
• Modules/quota/StorageUsageCallback.idl:
• Modules/webaudio/AudioBufferCallback.idl:
• Modules/webdatabase/DatabaseCallback.idl:
• Modules/webdatabase/SQLStatementCallback.idl:
• Modules/webdatabase/SQLStatementErrorCallback.idl:
• Modules/webdatabase/SQLTransactionCallback.idl:
• Modules/webdatabase/SQLTransactionErrorCallback.idl:
• dom/RequestAnimationFrameCallback.idl:
• dom/StringCallback.idl:
• html/VoidCallback.idl:
• page/IntersectionObserverCallback.idl:
• css/MediaQueryListListener.idl:

Update to new syntax.

• css/MediaQueryListListener.h:
• css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::styleResolverChanged):
Switch to using the now required 'handleEvent' name. This is an implementation detail
that we should change.

• bindings/scripts/CodeGenerator.pm:

Update document processing to allow a callback only file. Update callback
type checks to look for a regex that matches in the new format.

• bindings/scripts/CodeGeneratorJS.pm:

(AddToImplIncludesForIDLType):
(AddToIncludesForIDLType):
(AddToImplIncludes):
(AddToIncludes):
Abstract includes functions to allow passing in an include hash.

(GenerateCallbackFunctionHeader):
(GenerateCallbackFunctionImplementation):
(GenerateCallbackInterfaceHeader):
(GenerateCallbackInterfaceImplementation):
(GenerateCallbackHeaderContent):
(GenerateCallbackImplementationContent):
Refactor callback generation code into GenerateCallbackHeaderContent and GenerateCallbackImplementationContent
to allow using it for both the new callbacks as well as the old callback interfaces.

• bindings/scripts/IDLParser.pm:

(Parse):
(applyTypedefs):
(applyTypedefsToOperation):
(parseCallbackRest):
Parse callbacks into the new IDLCallbackFunction type. Ensure that typedefs are applied as well.

• bindings/scripts/IDLAttributes.txt:

Remove support for Callback=FunctionOnly.

• bindings/scripts/test/JS/JSTestCallback.cpp: Removed.
• bindings/scripts/test/JS/JSTestCallback.h: Removed.
• bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
• bindings/scripts/test/JS/JSTestCallbackFunction.h:
• bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp: Added.
• bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.h: Added.
• bindings/scripts/test/JS/JSTestCallbackInterface.cpp: Copied from Source/WebCore/bindings/scripts/test/JS/JSTestCallback.cpp.
• bindings/scripts/test/JS/JSTestCallbackInterface.h: Copied from Source/WebCore/bindings/scripts/test/JS/JSTestCallback.h.
• bindings/scripts/test/JS/JSTestObj.cpp:
• bindings/scripts/test/JS/JSTestTypedefs.cpp:
• bindings/scripts/test/TestCallback.idl: Removed.
• bindings/scripts/test/TestCallbackFunction.idl:
• bindings/scripts/test/TestCallbackFunctionWithTypedefs.idl: Added.
• bindings/scripts/test/TestCallbackInterface.idl: Copied from Source/WebCore/bindings/scripts/test/TestCallback.idl.
• bindings/scripts/test/TestObj.idl:
• bindings/scripts/test/TestTypedefs.idl:

Update existing tests and add new ones to test callback functions specifically.

4:59 PM Changeset in webkit [208407] by achristensen@apple.com

• 4 edits in trunk/Source/WebCore

Move isDefaultPortForProtocol from URLParser.cpp back to URL.cpp
​https://bugs.webkit.org/show_bug.cgi?id=164439

Reviewed by Daniel Bates.

No change in behaviour.

• platform/URL.cpp:

(WebCore::defaultPortForProtocol):
(WebCore::isDefaultPortForProtocol):

• platform/URLParser.cpp:

(WebCore::URLParser::defaultPortForProtocol):
(WebCore::URLParser::parsePort):
(WebCore::defaultPortForProtocol): Deleted.
(WebCore::isDefaultPortForProtocol): Deleted.

• platform/URLParser.h:

4:55 PM Changeset in webkit [208406] by Wenson Hsieh

• 23 edits
  2 adds in trunk

Safari does not emit composition end if blurred for dead key / Japanese IME
​https://bugs.webkit.org/show_bug.cgi?id=164369
<rdar://problem/29050439>

Reviewed by Ryosuke Niwa.

Source/WebCore:

On Mac, _before_ changing selection, try to finalize the composition by calling Editor::cancelComposition early.
This is because the focused element may have changed after performing the selection change, so we would
otherwise be dispatching the compositionend to the new focused element (or no compositionend at all) instead
of the element with the composition.

Doing this allows us to match Chrome and Firefox behavior. After canceling the composition, we then need to also
clear the system IME state. We do this on Mac WK1/WK2 through the cancelComposition() codepath, which ends up
calling into -discardMarkedText, which resets the marked text state. Some minor refactoring was performed to
accomplish this -- currently, discardedComposition sends a CompositionWasCanceled message over to the UI process
that discards the marked text, and then updates the editor state. This patch splits this into two separate
steps -- see the WebKit2 ChangeLog for more details.

Test: fast/events/ime-compositionend-on-selection-change.html

• editing/Editor.cpp:

(WebCore::Editor::selectionWillChange):

• editing/Editor.h:
• editing/FrameSelection.cpp:

(WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance):

• editing/mac/EditorMac.mm:

(WebCore::Editor::selectionWillChange):

• loader/EmptyClients.h:
• page/EditorClient.h:

Source/WebKit/mac:

When canceling a composition, make sure that we clear the system IME state.

• WebCoreSupport/WebEditorClient.h:
• WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::canceledComposition):

Source/WebKit/win:

Add a stub implementation of canceledComposition.

• WebCoreSupport/WebEditorClient.cpp:

(WebEditorClient::canceledComposition):

• WebCoreSupport/WebEditorClient.h:

Source/WebKit2:

Split WebPage::discardedComposition into two steps, where we first discard marked text and then update the
editor state. This allows the codepath where we cancel the composition early (before setting the selection) to
discard marked text without also forcing an editor state update at the same time. The editor state is later
updated in WebPage::didChangeSelection.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::compositionWasCanceled):

• UIProcess/WebPageProxy.h:
• UIProcess/WebPageProxy.messages.in:
• WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::canceledComposition):

• WebProcess/WebCoreSupport/WebEditorClient.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didChangeSelection):
(WebKit::WebPage::discardedComposition):
(WebKit::WebPage::canceledComposition):

• WebProcess/WebPage/WebPage.h:

LayoutTests:

Adds a new test verifying that we dispatch compositionend events in various circumstances:

1. After composing in an editable area and then focusing another editable area.
2. After composing in an editable area and then blur()-ing.
3. After composing in an editable area and then changing the selection.

There should be no behavior change for other platforms, so no new tests are needed there with this change.

• fast/events/ime-compositionend-on-selection-change-expected.txt: Added.
• fast/events/ime-compositionend-on-selection-change.html: Added.
• platform/ios-simulator/TestExpectations:

4:27 PM Changeset in webkit [208405] by beidson@apple.com

• 23 edits in trunk

IndexedDB 2.0: Clean up more transaction abort and exception throwing behavior from IDBObjectStore.
​https://bugs.webkit.org/show_bug.cgi?id=164424

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

This patch actually turns a handful of PASS to FAIL in the imported tests, but those are parts of the
spec in flux/under discussion.

We'll update either source or the tests as things are resolved.

• IndexedDB-private-browsing/idbcursor_advance_index7-expected.txt:
• IndexedDB-private-browsing/idbcursor_continue_index7-expected.txt:
• IndexedDB-private-browsing/idbindex_get7-expected.txt:
• IndexedDB-private-browsing/idbindex_getKey7-expected.txt:
• IndexedDB-private-browsing/idbindex_openCursor2-expected.txt:
• IndexedDB-private-browsing/idbindex_openKeyCursor3-expected.txt:
• web-platform-tests/IndexedDB/idbcursor_advance_index7-expected.txt:
• web-platform-tests/IndexedDB/idbcursor_continue_index7-expected.txt:
• web-platform-tests/IndexedDB/idbindex_get8-expected.txt:
• web-platform-tests/IndexedDB/idbindex_getKey8-expected.txt:
• web-platform-tests/IndexedDB/idbindex_openCursor3-expected.txt:
• web-platform-tests/IndexedDB/idbindex_openKeyCursor4-expected.txt:
• web-platform-tests/IndexedDB/transaction-abort-index-metadata-revert-expected.txt:
• web-platform-tests/IndexedDB/transaction-abort-multiple-metadata-revert-expected.txt:
• web-platform-tests/IndexedDB/transaction-abort-object-store-metadata-revert-expected.txt:

Source/WebCore:

No new tests (Covered by existing tests).

This patch actually turns a handful of PASS to FAIL in the imported tests, but those are parts of the
spec in flux/under discussion.

We'll update either source or the tests as things are resolved.

• Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::rollbackInfoForVersionChangeAbort):

• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::get):
(WebCore::IDBObjectStore::putOrAdd):
(WebCore::IDBObjectStore::rollbackForVersionChangeAbort):

LayoutTests:

• storage/indexeddb/resources/transaction-basics.js:
• storage/indexeddb/transaction-basics-expected.txt:
• storage/indexeddb/transaction-basics-private-expected.txt:

4:02 PM Changeset in webkit [208404] by ggaren@apple.com

• 5 edits
  2 adds in trunk

EvalCodeCache should not give up in strict mode and other cases
​https://bugs.webkit.org/show_bug.cgi?id=164357

Reviewed by Michael Saboff.

JSTests:

• microbenchmarks/eval-cached.js: Added. 45x faster now.
• stress/eval-cached.js: Added. Try running the same eval text in a bunch

of different scopes and verify that we access the right scope.

Source/JavaScriptCore:

EvalCodeCache gives up in non-trivial cases because generated eval code
can't soundly migrate from, for example, a let scope to a non-let scope.
The number of cases has grown over time.

Instead, let's cache eval code based on the location of the call to
eval(). That way, we never relocate the code, and it's sound to make
normal assumptions about our surrounding scope.

• bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::CacheKey::CacheKey): Use CallSiteIndex to uniquely
identify the location of our call to eval().

(JSC::EvalCodeCache::CacheKey::hash):
(JSC::EvalCodeCache::CacheKey::operator==):
(JSC::EvalCodeCache::CacheKey::Hash::equal): Use CallSiteIndex instead
of lots of other flags.

(JSC::EvalCodeCache::tryGet): No need to include details that are implied
by our CallSiteIndex.

(JSC::EvalCodeCache::getSlow): No need to skip caching in complex
situations. We promise we'll never relocate the cached code.

(JSC::EvalCodeCache::isCacheableScope): Deleted.
(JSC::EvalCodeCache::isCacheable): Deleted.

• interpreter/Interpreter.cpp:

(JSC::eval): Pass through a CallSiteIndex to uniquely identify this call
to eval().

3:53 PM Changeset in webkit [208403] by rniwa@webkit.org

• 6 edits
  5 adds in trunk

Load stylesheets in link elements inside a connected shadow tree
​https://bugs.webkit.org/show_bug.cgi?id=160683
<rdar://problem/29040652>

Reviewed by Antti Koivisto.

Source/WebCore:

Allow external stylesheets within a shadow tree by storing the appropriate style scope in HTMLLinkElement
when it's connected to a document instead of always talking to document's style scope.

Tests: fast/shadow-dom/link-element-in-shadow-tree.html

fast/shadow-dom/selected-stylesheet-in-shadow-tree.html

• html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::HTMLLinkElement): (WebCore::HTMLLinkElement::~HTMLLinkElement): (WebCore::HTMLLinkElement::setDisabledState): Exit early when the element is not in a document as invoking didChangeActiveStyleSheetCandidates would require having a valid m_styleScope and process() already exits early when inDocument() is false. (WebCore::HTMLLinkElement::parseAttribute): (WebCore::HTMLLinkElement::process): Removed the early exit for when the element is in a shadow tree. (WebCore::HTMLLinkElement::insertedInto): Exit early unless this element has just become connected to a document instead of whenever its self-inclusive ancestor is inserted into a container. (WebCore::HTMLLinkElement::removedFrom): Ditto for removal. Also call removeStyleSheetCandidateNode after calling removePendingSheet since the latter depends on m_styleScope being not null. (WebCore::HTMLLinkElement::addPendingSheet): (WebCore::HTMLLinkElement::removePendingSheet):
• html/HTMLLinkElement.h:
• html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::insertedInto): Only call inline style owner's insertedIntoDocument if this element has just become connected to a document. (WebCore::HTMLStyleElement::removedFrom): Ditto for the removal.
• style/StyleScope.h:
• svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::insertedInto): Ditto. (WebCore::SVGStyleElement::removedFrom): Ditto for the removal.

LayoutTests:

Added W3C style testharness.js tests for loading stylesheets via a link element inside a ahadow tree.

• fast/shadow-dom/link-element-in-shadow-tree-expected.txt: Added.
• fast/shadow-dom/link-element-in-shadow-tree.html: Added.
• fast/shadow-dom/resources/green-host.css: Added.
• fast/shadow-dom/selected-stylesheet-in-shadow-tree-expected.txt: Added.
• fast/shadow-dom/selected-stylesheet-in-shadow-tree.html: Added.

3:53 PM Changeset in webkit [208402] by keith_miller@apple.com

• 5 edits in trunk/Source/JavaScriptCore

Add support for Wasm br_table
​https://bugs.webkit.org/show_bug.cgi?id=164429

Reviewed by Michael Saboff.

This patch adds support for Wasm br_table. The Wasm br_table
opcode essentially directly maps to B3's switch opcode.

There are also three other minor changes:
1) all non-argument locals should be initialized to zero at function entry.
2) add new setErrorMessage member to WasmFunctionParser.h
3) return does not decode an extra immediate anymore.

• testWasm.cpp:

(runWasmTests):

• wasm/WasmB3IRGenerator.cpp:
• wasm/WasmFunctionParser.h:

(JSC::Wasm::FunctionParser::setErrorMessage):
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
(JSC::Wasm::FunctionParser<Context>::popExpressionStack):

• wasm/WasmValidate.cpp:

(JSC::Wasm::Validate::checkBranchTarget):
(JSC::Wasm::Validate::addBranch):
(JSC::Wasm::Validate::addSwitch):

3:12 PM Changeset in webkit [208401] by jfbastien@apple.com

• 28 edits
  1 add in trunk

WebAssembly JS API: implement more sections
​https://bugs.webkit.org/show_bug.cgi?id=164023

Reviewed by Keith Miller.

On the JSC side:

• Put in parser stubs for all WebAssembly sections.
• Parse Import, Export sections.
• Use tryReserveCapacity instead of reserve, and bail out of the parser if it fails. This prevents the parser from bringing everything down when faced with a malicious input.
• Encapsulate all parsed module information into its own structure, making it easier to pass around (from parser to Plan to Module to Instance).
• Create WasmFormat.cpp to hold parsed module information's dtor to avoid including WasmMemory.h needlessly.

JSTests:

• parseCode: avoid overflow through function size.
• Remove all remainders of polyfill-prototype-1, and update license.
• Add missing WasmOps.h and WasmValidateInlines.h auto-generation for cmake build.

On the Builder.js testing side:

• Implement Type, Import (function only), Export (function only) sections.
• Check section order and uniqueness.
• Optionally auto-generate the Type section from subsequent Export / Import / Code entries.
• Allow re-exporting an import.

• wasm/Builder.js: build type, import, and export sections

(const._normalizeFunctionSignature):

• wasm/Builder_WebAssemblyBinary.js: Added. Forked from Builder.js

(const.emitters.Type):
(const.emitters.Import):
(const.emitters.Function):
(const.emitters.Table):
(const.emitters.Memory):
(const.emitters.Global):
(const.emitters.Export):
(const.emitters.Start):
(const.emitters.Element):
(const.emitters.Code):
(const.emitters.Data):
(export.const.Binary):

• wasm/LowLevelBinary.js: Add a few useful outputs

(export.default.LowLevelBinary.prototype.varuint1):
(export.default.LowLevelBinary.prototype.varint7):

• wasm/WASM.js: value type and external kind helpers
• wasm/assert.js: array element-wise equality comparison

(const._eq):

• wasm/js-api/test_Module.js:

(ModuleWithImports):

• wasm/self-test/test_BuilderJSON.js: many more tests for all the new Builder APIs, and update to some older tests which now require a Type section or rejiggered Function signature

(const.assertOpThrows):
(SectionsWithSameCustomName):
(TwoTypeSections):
(EmptyImportSection):
(ImportBeforeTypeSections):

• wasm/self-test/test_BuilderWebAssembly.js: remove a test which wasn't helpful and is now obsolete

(CustomSection):

Source/JavaScriptCore:

• Remove all remainders of polyfill-prototype-1, and update license.
• Add missing WasmOps.h and WasmValidateInlines.h auto-generation for cmake build.

On the Builder.js testing side:

• Implement Type, Import (function only), Export (function only) sections.
• Check section order and uniqueness.
• Optionally auto-generate the Type section from subsequent Export / Import / Code entries.
• Allow re-exporting an import.

• CMakeLists.txt: missing auto-genration
• JavaScriptCore.xcodeproj/project.pbxproj: merge conflict
• testWasm.cpp: update for API changes, no functional change

(checkPlan):
(runWasmTests):

• wasm/WasmFormat.cpp: add a dtor which requires extra headers which I'd rather not include in WasmFormat.h

(JSC::Wasm::ModuleInformation::~ModuleInformation):

• wasm/WasmFormat.h: Add External, Import, Functioninformation, Export, ModuleInformation, CompiledFunction, and remove obsolete stuff which was a holdover from the first implementation (all that code is now gone, so remove its license)

(JSC::Wasm::External::isValid):

• wasm/WasmModuleParser.cpp: simplify some, make names consistent with the WebAssembly section names, check memory allocations so they can fail early

(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::ModuleParser::parseType):
(JSC::Wasm::ModuleParser::parseImport):
(JSC::Wasm::ModuleParser::parseFunction):
(JSC::Wasm::ModuleParser::parseTable):
(JSC::Wasm::ModuleParser::parseMemory):
(JSC::Wasm::ModuleParser::parseGlobal):
(JSC::Wasm::ModuleParser::parseExport):
(JSC::Wasm::ModuleParser::parseStart):
(JSC::Wasm::ModuleParser::parseElement):
(JSC::Wasm::ModuleParser::parseCode): avoid overflow through function size.
(JSC::Wasm::ModuleParser::parseData):

• wasm/WasmModuleParser.h:

(JSC::Wasm::ModuleParser::moduleInformation):

• wasm/WasmParser.h:

(JSC::Wasm::Parser::consumeUTF8String): add as required by spec
(JSC::Wasm::Parser::parseExternalKind): add as per spec

• wasm/WasmPlan.cpp:

(JSC::Wasm::Plan::Plan): fix some ownership, improve some error messages

• wasm/WasmPlan.h: fix some ownership

(JSC::Wasm::Plan::getModuleInformation):
(JSC::Wasm::Plan::getMemory):
(JSC::Wasm::Plan::compiledFunctionCount):
(JSC::Wasm::Plan::compiledFunction):
(JSC::Wasm::Plan::getCompiledFunctions):

• wasm/WasmSections.h: macroize with description, so that error messages are super pretty. This could be auto-generated.
• wasm/js/JSWebAssemblyModule.cpp:

(JSC::JSWebAssemblyModule::create): take module information
(JSC::JSWebAssemblyModule::JSWebAssemblyModule): ditto

• wasm/js/JSWebAssemblyModule.h:

(JSC::JSWebAssemblyModule::moduleInformation):

• wasm/js/WebAssemblyInstanceConstructor.cpp:

(JSC::constructJSWebAssemblyInstance): check that modules with imports are instantiated with an import object, as per spec. This needs to be tested.

• wasm/js/WebAssemblyMemoryConstructor.cpp:

(JSC::constructJSWebAssemblyMemory):

• wasm/js/WebAssemblyModuleConstructor.cpp:

(JSC::constructJSWebAssemblyModule):

• wasm/js/WebAssemblyTableConstructor.cpp:

(JSC::constructJSWebAssemblyTable):

3:02 PM Changeset in webkit [208400] by achristensen@apple.com

• 6 edits in trunk

Unreviewed, rolling out r208293.

asserts in API tests.

Reverted changeset:

"NetworkSession: Network process crash when converting main
resource to download"
​https://bugs.webkit.org/show_bug.cgi?id=164220
​http://trac.webkit.org/changeset/208293

2:54 PM Changeset in webkit [208399] by commit-queue@webkit.org

• 18 edits in trunk

Add a setting and preferences to enable/disable async image decoding
​https://bugs.webkit.org/show_bug.cgi?id=164417

Patch by Said Abou-Hallawa <​sabouhallawa@apple.com> on 2016-11-04
Reviewed by Simon Fraser.

Source/WebCore:

Add an asyncImageDecodingEnabled setting. This setting controls whether an
image "can" be asynchronously decoded on a separate thread or not. The
function ImageSource::isAsyncDecodingRequired() will be used in conjunction
with this setting to decide whether an image "should" be asynchronously
decoded or not.

• page/Settings.in:

Source/WebKit/mac:

Hook up the asyncImageDecodingEnabled setting for WebKit1.

• WebView/WebPreferenceKeysPrivate.h:
• WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences asyncImageDecodingEnabled]):
(-[WebPreferences setAsyncImageDecodingEnabled:]):

• WebView/WebPreferencesPrivate.h:
• WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit2:

Hook up the asyncImageDecodingEnabled setting for WebKit2.

• Shared/WebPreferencesDefinitions.h:
• UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences _asyncImageDecodingEnabled]):
(-[WKPreferences _setAsyncImageDecodingEnabled:]):

• UIProcess/API/Cocoa/WKPreferencesPrivate.h:
• WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

Tools:

Pref and a menu item to toggle asyncImageDecodingEnabled for WebKits 1 and 2.

• MiniBrowser/mac/SettingsController.h:
• MiniBrowser/mac/SettingsController.m:

(-[SettingsController _populateMenu]):
(-[SettingsController validateMenuItem:]):
(-[SettingsController toggleAsyncImageDecodingEnabled:]):
(-[SettingsController asyncImageDecodingEnabled]):

• MiniBrowser/mac/WK1BrowserWindowController.m:

(-[WK1BrowserWindowController didChangeSettings]):

• MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController didChangeSettings]):

2:04 PM Changeset in webkit [208398] by timothy_horton@apple.com

• 4 edits in trunk/Source/WebCore

Apply post-landing review comments for r208347

• dom/Element.cpp:

(WebCore::Element::findAnchorElementForLink):
Use attributeWithoutSynchronization.

• page/PrintContext.cpp:

(WebCore::PrintContext::spoolPage):
(WebCore::PrintContext::spoolRect):
(WebCore::PrintContext::collectLinkedDestinations):
(WebCore::PrintContext::outputLinkedDestinations):

• page/PrintContext.h:

Pass Document by reference instead of Node by pointer,
use ElementTraversal instead of NodeTraversal to avoid
having to locally check the type, and null-check renderers.

1:48 PM Changeset in webkit [208397] by Chris Dumez

• 2 edits
  2 adds in trunk/LayoutTests

Add layout test for input.setCustomValidity()
​https://bugs.webkit.org/show_bug.cgi?id=164419

Reviewed by Simon Fraser.

Add layout test for input.setCustomValidity().

• fast/forms/validation-custom-message-expected.txt: Added.
• fast/forms/validation-custom-message.html: Added.

1:09 PM Changeset in webkit [208396] by mmaxfield@apple.com

• 7 edits
  2 adds in trunk

Implement WebGL2RenderingContext::copyBufferSubData()
​https://bugs.webkit.org/show_bug.cgi?id=164008

Reviewed by Dean Jackson.

Source/WebCore:

Similar to previous work regarding WebGL 2 buffers, this method implements
the ability to copy from one buffer to another without the data leaving
the GPU.

Test: fast/canvas/webgl/copyBufferSubData.html

• html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::copyBufferSubData):

• html/canvas/WebGLBuffer.cpp:

(WebCore::WebGLBuffer::associateCopyBufferSubData):

• html/canvas/WebGLBuffer.h:
• platform/graphics/GraphicsContext3D.h:
• platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::copyBufferSubData):

LayoutTests:

• fast/canvas/webgl/copyBufferSubData-expected.txt: Added.
• fast/canvas/webgl/copyBufferSubData.html: Added.

12:42 PM Changeset in webkit [208395] by Simon Fraser

• 27 edits in trunk/Source

Rename some ScrollingTree/Node-related functions to reduce the number of uses of "update"
​https://bugs.webkit.org/show_bug.cgi?id=164420

Reviewed by Tim Horton.

Rename:

commitNewTreeState -> commitTreeState ("new" was redundant)
updateBeforeChildren -> commitStateBeforeChildren
updateAfterChildren -> commitStateAfterChildren

Source/WebCore:

• page/scrolling/ScrollingTree.cpp:

(WebCore::ScrollingTree::commitTreeState):
(WebCore::ScrollingTree::updateTreeFromStateNode):
(WebCore::ScrollingTree::commitNewTreeState): Deleted.

• page/scrolling/ScrollingTree.h:
• page/scrolling/ScrollingTreeFrameScrollingNode.cpp:

(WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren):
(WebCore::ScrollingTreeFrameScrollingNode::updateBeforeChildren): Deleted.

• page/scrolling/ScrollingTreeFrameScrollingNode.h:
• page/scrolling/ScrollingTreeNode.h:

(WebCore::ScrollingTreeNode::commitStateAfterChildren):
(WebCore::ScrollingTreeNode::updateAfterChildren): Deleted.

• page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren):
(WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren):
(WebCore::ScrollingTreeScrollingNode::updateBeforeChildren): Deleted.
(WebCore::ScrollingTreeScrollingNode::updateAfterChildren): Deleted.

• page/scrolling/ScrollingTreeScrollingNode.h:
• page/scrolling/ThreadedScrollingTree.cpp:

(WebCore::ThreadedScrollingTree::commitTreeState):
(WebCore::ThreadedScrollingTree::commitNewTreeState): Deleted.

• page/scrolling/ThreadedScrollingTree.h:
• page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
• page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:

(WebCore::ScrollingTreeFrameScrollingNodeIOS::commitStateBeforeChildren):
(WebCore::ScrollingTreeFrameScrollingNodeIOS::commitStateAfterChildren):
(WebCore::ScrollingTreeFrameScrollingNodeIOS::updateBeforeChildren): Deleted.
(WebCore::ScrollingTreeFrameScrollingNodeIOS::updateAfterChildren): Deleted.

• page/scrolling/ios/ScrollingTreeIOS.cpp:

(WebCore::ScrollingTreeIOS::commitNewTreeState): Deleted.

• page/scrolling/ios/ScrollingTreeIOS.h:
• page/scrolling/mac/ScrollingCoordinatorMac.mm:

(WebCore::ScrollingCoordinatorMac::commitTreeState):

• page/scrolling/mac/ScrollingTreeFixedNode.h:
• page/scrolling/mac/ScrollingTreeFixedNode.mm:

(WebCore::ScrollingTreeFixedNode::commitStateBeforeChildren):
(WebCore::ScrollingTreeFixedNode::updateBeforeChildren): Deleted.

• page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
• page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateBeforeChildren):
(WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateAfterChildren):
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): Deleted.
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateAfterChildren): Deleted.

• page/scrolling/mac/ScrollingTreeStickyNode.h:
• page/scrolling/mac/ScrollingTreeStickyNode.mm:

(WebCore::ScrollingTreeStickyNode::commitStateBeforeChildren):
(WebCore::ScrollingTreeStickyNode::updateBeforeChildren): Deleted.

Source/WebKit2:

• UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:

(WebKit::RemoteScrollingCoordinatorProxy::commitScrollingTreeState):
(WebKit::RemoteScrollingCoordinatorProxy::updateScrollingTree): Deleted.

• UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
• UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.h:
• UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:

(WebKit::ScrollingTreeOverflowScrollingNodeIOS::commitStateBeforeChildren):
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::commitStateAfterChildren):
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::updateBeforeChildren): Deleted.
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::updateAfterChildren): Deleted.

• UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

12:21 PM Changeset in webkit [208394] by matthew_hanson@apple.com

• 5 edits in tags/Safari-603.1.11.1/Source

Versioning

12:19 PM Changeset in webkit [208393] by matthew_hanson@apple.com

• 1 edit in tags/Safari-602.3.8/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

Merge r208385. rdar://problem/28857505

12:16 PM Changeset in webkit [208392] by andersca@apple.com

• 9 edits in trunk/Source/WebCore

Add new 'other' Apple Pay button style
​https://bugs.webkit.org/show_bug.cgi?id=164384
rdar://problem/28302528

Reviewed by Dean Jackson.

• DerivedSources.make:
• WebCorePrefix.h:

Add extension points.

• css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
Add ApplePayButtonType::Other.

(WebCore::CSSPrimitiveValue::operator ApplePayButtonType):
Add CSSValueOther.

• css/CSSValueKeywords.in:

Add other.

• css/parser/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue):
Add CSSValueOther.

• css/parser/CSSParserFastPaths.cpp:

(WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
Add CSSValueOther.

• rendering/RenderThemeCocoa.mm:

(WebCore::toPKPaymentButtonType):
Handle ApplePayButtonType::Other.

• rendering/style/RenderStyleConstants.h:

Add ApplePayButtonType::Other.

12:16 PM Changeset in webkit [208391] by matthew_hanson@apple.com

• 1 copy in tags/Safari-603.1.11.1

New tag.

11:32 AM Changeset in webkit [208390] by Antti Koivisto

• 3 edits
  2 adds in trunk

slotted() pseudo does not work with ID selector
​https://bugs.webkit.org/show_bug.cgi?id=160538
<rdar://problem/28534529>

Reviewed by Andreas Kling.

Source/WebCore:

When we saw an id selector while addin rules we immediately threw it into the m_idRules
optimization bucket and bailed out. However selectors containing ::slotted must always end
up in m_slottedPseudoElementRules list no matter what else is there.

Fix by treating id like other selectors and only choosing the bucket after analysing all
the selector components.

Test: fast/shadow-dom/css-scoping-slot-with-id.html

• css/RuleSet.cpp:

(WebCore::RuleSet::addRule): Also made this use switch instead of a series of ifs.

LayoutTests:

• fast/shadow-dom/css-scoping-slot-with-id-expected.html: Added.
• fast/shadow-dom/css-scoping-slot-with-id.html: Added.

11:10 AM Changeset in webkit [208389] by beidson@apple.com

• 4 edits in trunk

IndexedDB 2.0: Handle IDBObjectStore rename behavior properly when version change transaction aborts.
​https://bugs.webkit.org/show_bug.cgi?id=164416

Reviewed by Beth Dakin.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idbobjectstore-rename-abort-expected.txt:

Source/WebCore:

No new tests (Covered by existing tests).

• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::rollbackForVersionChangeAbort):

11:08 AM Changeset in webkit [208388] by achristensen@apple.com

• 36 edits
  2 adds
  1 delete in trunk/Source

NetworkSession: Add NetworkDataTask implementation for blobs
​https://bugs.webkit.org/show_bug.cgi?id=163939

Source/WebCore:

Patch by Keith Rollin <Keith Rollin> on 2016-11-04
Reviewed by Alex Christensen.

• WebCore.xcodeproj/project.pbxproj: Mark HTTPParsers.h and AsyncFileStream.h as private.
• fileapi/AsyncFileStream.h: Add WEBCORE_EXPORT to AsyncFileStream class.
• platform/network/BlobData.h: Add WEBCORE_EXPORT to length().
• platform/network/HTTPParsers.h: Add WEBCORE_EXPORT to parseRange().
• platform/network/ResourceResponseBase.h: Add WEBCORE_EXPORT to setHTTPHeaderField().

Source/WebCore/platform/gtk/po:

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2016-11-04
Reviewed by Alex Christensen.

• POTFILES.in: Remove DownloadSoup.cpp

Source/WebKit2:

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2016-11-04
Reviewed by Alex Christensen.

Add NetworkDataTaskBlob to handle blobs when using NetworkSession instead of using ResourceHandle. This patch
adds more USE(NETWORK_SESSION) ifdefs to not use ResourceHandle in Downloads and NetworkLoad when NetworkSession
is enabled.

• CMakeLists.txt: Add new files to compilation.
• NetworkProcess/Downloads/BlobDownloadClient.cpp:
• NetworkProcess/Downloads/BlobDownloadClient.h:
• NetworkProcess/Downloads/Download.cpp:

(WebKit::Download::Download): Split the constructor again and remove the PlatformDownloadTaskRef
definitions. Now Cocoa specific constructor receives a NSURLSessionDownloadTask and the general constructor
reveices a NetworkDataTask and is used by Soup backend and blobs.
(WebKit::Download::~Download):
(WebKit::Download::start):
(WebKit::Download::startWithHandle):
(WebKit::Download::cancel):
(WebKit::Download::didReceiveAuthenticationChallenge):
(WebKit::Download::didReceiveData):
(WebKit::Download::didFinish):
(WebKit::Download::platformCancelNetworkLoad): Rename cancelNetworkLoad() as platformCancelNetworkLoad() since
this is now used only by Cocoa platform to cancel the NSURLSessionDownloadTask.

• NetworkProcess/Downloads/Download.h:

(WebKit::Download::Download):
(WebKit::Download::suggestedName):
(WebKit::Download::request):

• NetworkProcess/Downloads/DownloadManager.cpp:

(WebKit::DownloadManager::startDownload): Remove blobs specific code when using NetworkSession.
(WebKit::DownloadManager::continueDecidePendingDownloadDestination):

• NetworkProcess/Downloads/DownloadManager.h:
• NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:

(WebKit::Download::platformCancelNetworkLoad):

• NetworkProcess/Downloads/soup/DownloadSoup.cpp: Removed.
• NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::convertMainResourceLoadToDownload): Remove blobs specific code when
using NetworkSession.

• NetworkProcess/NetworkDataTask.cpp:

(WebKit::NetworkDataTask::create): If request is a blob, create a NetworkDataTaskBlob.

• NetworkProcess/NetworkDataTask.h: Add invalidateAndCancel pure virtual method.
• NetworkProcess/NetworkDataTaskBlob.cpp: Added.

(WebKit::NetworkDataTaskBlob::NetworkDataTaskBlob):
(WebKit::NetworkDataTaskBlob::~NetworkDataTaskBlob):
(WebKit::NetworkDataTaskBlob::clearStream):
(WebKit::NetworkDataTaskBlob::resume):
(WebKit::NetworkDataTaskBlob::suspend):
(WebKit::NetworkDataTaskBlob::cancel):
(WebKit::NetworkDataTaskBlob::invalidateAndCancel):
(WebKit::NetworkDataTaskBlob::getSizeForNext):
(WebKit::NetworkDataTaskBlob::didGetSize):
(WebKit::NetworkDataTaskBlob::seek):
(WebKit::NetworkDataTaskBlob::didReceiveResponse):
(WebKit::NetworkDataTaskBlob::read):
(WebKit::NetworkDataTaskBlob::readData):
(WebKit::NetworkDataTaskBlob::readFile):
(WebKit::NetworkDataTaskBlob::didOpen):
(WebKit::NetworkDataTaskBlob::didRead):
(WebKit::NetworkDataTaskBlob::consumeData):
(WebKit::NetworkDataTaskBlob::setPendingDownloadLocation):
(WebKit::NetworkDataTaskBlob::suggestedFilename):
(WebKit::NetworkDataTaskBlob::download):
(WebKit::NetworkDataTaskBlob::writeDownload):
(WebKit::NetworkDataTaskBlob::cleanDownloadFiles):
(WebKit::NetworkDataTaskBlob::didFailDownload):
(WebKit::NetworkDataTaskBlob::didFinishDownload):
(WebKit::NetworkDataTaskBlob::didFail):
(WebKit::NetworkDataTaskBlob::didFinish):

• NetworkProcess/NetworkDataTaskBlob.h: Added.
• NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): Remove blobs specific code when using NetworkSession.
(WebKit::NetworkLoad::~NetworkLoad):
(WebKit::NetworkLoad::setDefersLoading):
(WebKit::NetworkLoad::cancel):
(WebKit::NetworkLoad::continueWillSendRequest):
(WebKit::NetworkLoad::continueDidReceiveResponse):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
(WebKit::NetworkLoad::canAuthenticateAgainstProtectionSpaceAsync):

• NetworkProcess/NetworkLoad.h:
• NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::invalidateAndCancel): Moved from NetworkSessionSoup, since this is now used also by blobs.

• NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::registerNetworkDataTask): Ditto.
(WebKit::NetworkSession::unregisterNetworkDataTask): Ditto.

• NetworkProcess/cocoa/NetworkDataTaskCocoa.h: Add invalidateAndCancel() implementation that does nothing

because in Cocoa all tasks are invalidated and canceled by the network session.

• NetworkProcess/mac/NetworkLoadMac.mm:
• NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::NetworkDataTaskSoup):
(WebKit::NetworkDataTaskSoup::~NetworkDataTaskSoup):
(WebKit::NetworkDataTaskSoup::download):

• NetworkProcess/soup/NetworkDataTaskSoup.h:
• NetworkProcess/soup/NetworkSessionSoup.cpp:
• NetworkProcess/soup/NetworkSessionSoup.h:
• PlatformEfl.cmake: Remove DownloadSoup.cpp from compilation.
• PlatformGTK.cmake: Ditto.
• WebKit2.xcodeproj/project.pbxproj: Add new files to compilation.

11:02 AM Changeset in webkit [208387] by beidson@apple.com

• 2 edits in trunk/Tools

REGRESSION (r208349) StringHasher::hashMemory behavior changed, causing API tests to fail
​https://bugs.webkit.org/show_bug.cgi?id=164390

Reviewed by Geoffrey Garen.

Operating under the assumption that the behavior change is okay/desirable, this updates the test.

• TestWebKitAPI/Tests/WTF/StringHasher.cpp:

(TestWebKitAPI::TEST):

11:02 AM Changeset in webkit [208386] by beidson@apple.com

• 11 edits in trunk

IndexedDB 2.0: Use IDB-specific exceptions in places where the generic exceptions are currently used.
​https://bugs.webkit.org/show_bug.cgi?id=164406

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idbindex-rename-errors-expected.txt:
• web-platform-tests/IndexedDB/idbobjectstore-rename-errors-expected.txt:

Source/WebCore:

No new tests (Covered by existing tests).

• Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::setName):

• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::setName):

LayoutTests:

• storage/indexeddb/modern/index-rename-1-expected.txt:
• storage/indexeddb/modern/index-rename-1-private-expected.txt:
• storage/indexeddb/modern/objectstore-rename-1-expected.txt:
• storage/indexeddb/modern/objectstore-rename-1-private-expected.txt:

10:26 AM Changeset in webkit [208385] by matthew_hanson@apple.com

• 1 edit in branches/safari-602-branch/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

Fix-up merge of r208299. rdar://problem/28857505

10:01 AM WebKitGTK/2.14.x edited by Carlos Garcia Campos

(diff)

9:48 AM Changeset in webkit [208384] by jdiggs@igalia.com

• 16 edits
  4 adds in trunk

AX: [ATK] Attempting to clear selection on ARIA listboxes results in crash
​https://bugs.webkit.org/show_bug.cgi?id=164331

Reviewed by Chris Fleizach.

Source/WebCore:

The ATK code is using is<AccessibilityListBox>() to identify native listboxes.
But is<AccessibilityListBox>() returns the value of isListBox() which returns
true both for AccessibilityListBox instances as well as for AccessibilityObject
instances which have an AccessibilityRole value of ListBoxRole. Because only
native listboxes should be AccessibilityListBoxes, add isNativeListBox() so
that we can distinguish native and ARIA listboxes.

Tests: accessibility/aria-listbox-clear-selection-crash.html

accessibility/listbox-clear-selection.html

• accessibility/AccessibilityListBox.h:
• accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isNativeListBox):
(WebCore::AccessibilityObject::isListBox):

Tools:

Add AccessibilityUIElement::clearSelectedChildren() to DRT and WKTR.
Implement it for ATK.

• DumpRenderTree/AccessibilityUIElement.h:
• DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::clearSelectedChildren):

• DumpRenderTree/mac/AccessibilityUIElementMac.mm:

(AccessibilityUIElement::clearSelectedChildren):

• DumpRenderTree/win/AccessibilityUIElementWin.cpp:

(AccessibilityUIElement::clearSelectedChildren):

• WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
• WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
• WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::clearSelectedChildren):

• WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::clearSelectedChildren):

• WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::clearSelectedChildren):

LayoutTests:

Add tests to verify clearing selection works for native listboxes, and does not
crash for ARIA listboxes. These tests are being skipped for the Mac and Win ports
which do not yet implement AccessibilityUIElement::clearSelectedChildren().

• accessibility/aria-listbox-clear-selection-crash-expected.txt: Added.
• accessibility/aria-listbox-clear-selection-crash.html: Added.
• accessibility/listbox-clear-selection-expected.txt: Added.
• accessibility/listbox-clear-selection.html: Added.
• platform/mac/TestExpectations:
• platform/win/TestExpectations:

8:49 AM Changeset in webkit [208383] by beidson@apple.com

• 11 edits in trunk

IndexedDB 2.0: Throw the correct exceptions during IDBObjectStore/IDBIndex renaming.
​https://bugs.webkit.org/show_bug.cgi?id=164405

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idbindex-rename-errors-expected.txt:
• web-platform-tests/IndexedDB/idbobjectstore-rename-errors-expected.txt:

Source/WebCore:

No new tests (Covered by existing tests).

• Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::setName):

• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::setName):

LayoutTests:

• storage/indexeddb/modern/index-rename-1-expected.txt:
• storage/indexeddb/modern/index-rename-1-private-expected.txt:
• storage/indexeddb/modern/objectstore-rename-1-expected.txt:
• storage/indexeddb/modern/objectstore-rename-1-private-expected.txt:

3:39 AM Changeset in webkit [208382] by commit-queue@webkit.org

• 9 edits in trunk

[Readable Streams API] Implement ByteStreamController error()
​https://bugs.webkit.org/show_bug.cgi?id=164319

Patch by Romain Bellessort <​romain.bellessort@crf.canon.fr> on 2016-11-04
Reviewed by Youenn Fablet.

Source/WebCore:

Implemented error() method of ReadableByteStreamController.

Updated test expectations for error() and added IDL-related tests.

• Modules/streams/ReadableByteStreamController.js:

(error): Implemented.

• Modules/streams/ReadableByteStreamInternals.js:

(privateInitializeReadableByteStreamController):
(isReadableByteStreamController): Added.
(readableByteStreamControllerError): Added.
(readableByteStreamControllerClearPendingPullIntos): Added.

• Modules/streams/ReadableStream.js:

(initializeReadableStream): More detailed error message.

• Modules/streams/ReadableStreamDefaultController.js:

(error): Removed unnecessary variable declaration.

• bindings/js/WebCoreBuiltinNames.h: Added totalQueuedBytes.

LayoutTests:

Updated test expectation for error() test (previously FAIL, now PASS).
Added IDL-related tests for ReadableByteStreamController.

• streams/readable-byte-stream-controller-expected.txt:

2:35 AM Changeset in webkit [208381] by pvollan@apple.com

• 8 edits in trunk

[Win] Page visibility tests are timing out.
​https://bugs.webkit.org/show_bug.cgi?id=164363

Reviewed by Brent Fulgham.

Source/WebKit/win:

Add method to set page visibility.

• Interfaces/IWebViewPrivate.idl:
• WebView.cpp:

(WebView::QueryInterface):
(WebView::findString):
(WebView::setVisibilityState):

• WebView.h:

Tools:

Implement methods to set page visibility.

• DumpRenderTree/win/TestRunnerWin.cpp:

(TestRunner::resetPageVisibility):
(TestRunner::setPageVisibility):

LayoutTests:

Unskip page visibility tests.

• platform/win/TestExpectations:

Nov 3, 2016:

11:37 PM Changeset in webkit [208380] by beidson@apple.com

• 4 edits in trunk

IndexedDB 2.0: Handle IDBIndex rename behavior properly when version change transaction aborts.
​https://bugs.webkit.org/show_bug.cgi?id=164403

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idbindex-rename-abort-expected.txt: Updated to passing expectations.

Source/WebCore:

No new tests (Covered by existing test).

• Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::rollbackInfoForVersionChangeAbort): Only rollback the info if this index

already existed before this version change transaction.

11:34 PM Changeset in webkit [208379] by commit-queue@webkit.org

• 9 edits in trunk/Source/WebCore

[WebRTC] Introduce asynchronous backend createOffer API
​https://bugs.webkit.org/show_bug.cgi?id=164365

Patch by Youenn Fablet <​youenn@apple.com> on 2016-11-03
Reviewed by Sam Weinig.

Covered by existing tests.

Removing PeerEndpointBackendClient as it is only RTCPeerConnection.
This allows removing virtual for some functions.

Moving MediaEndpointPeerClient::m_client to PeerEndpointBackendClient::m_peerConnection and making it a reference.

Implementing createOffer at PeerConnectionBackend by splitting it in four sub-functions:

• main createOffer, implemented at PeerConnectionBackend.
• doCreateOffer implemented by subclasses (MediaEndpointPeerConnection).
• createOfferSucceeded/createOfferFailed implemented by PeerConnectionBackend.

• CMakeLists.txt:
• Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::createMediaEndpointPeerConnection):
(WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
(WebCore::MediaEndpointPeerConnection::doCreateOffer):
(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::createAnswerTask):
(WebCore::MediaEndpointPeerConnection::setLocalDescriptionTask):
(WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
(WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
(WebCore::MediaEndpointPeerConnection::createReceiver):
(WebCore::MediaEndpointPeerConnection::replaceTrack):
(WebCore::MediaEndpointPeerConnection::replaceTrackTask):
(WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
(WebCore::MediaEndpointPeerConnection::localDescriptionTypeValidForState):
(WebCore::MediaEndpointPeerConnection::remoteDescriptionTypeValidForState):
(WebCore::MediaEndpointPeerConnection::gotIceCandidate):
(WebCore::MediaEndpointPeerConnection::doneGatheringCandidates):
(WebCore::MediaEndpointPeerConnection::iceTransportStateChanged):
(WebCore::MediaEndpointPeerConnection::createOffer): Deleted.

• Modules/mediastream/MediaEndpointPeerConnection.h:
• Modules/mediastream/PeerConnectionBackend.cpp:

(WebCore::PeerConnectionBackend::createOffer):
(WebCore::PeerConnectionBackend::createOfferSucceeded):
(WebCore::PeerConnectionBackend::createOfferFailed):
(WebCore::createPeerConnectionBackend): Deleted.

• Modules/mediastream/PeerConnectionBackend.h:

(WebCore::PeerConnectionBackend::PeerConnectionBackend):
(WebCore::PeerConnectionBackendClient::~PeerConnectionBackendClient): Deleted.

• Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::RTCPeerConnection):

• Modules/mediastream/RTCPeerConnection.h:
• WebCore.xcodeproj/project.pbxproj:

11:21 PM Changeset in webkit [208378] by Antti Koivisto

• 4 edits in trunk/Source/WebCore

REGRESSION (r207717): DumpRenderTree crashed in com.apple.WebCore: WebCore::Style::Scope::flushPendingUpdate + 16
​https://bugs.webkit.org/show_bug.cgi?id=164397
<rdar://problem/29100135>

Reviewed by Ryosuke Niwa.

The problem here was that we were leaving stale pointers to Document::m_inDocumentShadowRoots set when
using fast-path document teardown.

(Patch and stories mostly by rniwa).

• dom/Document.cpp:

(WebCore::Document::~Document):
(WebCore::Document::didInsertInDocumentShadowRoot):
(WebCore::Document::didRemoveInDocumentShadowRoot):

Improve asserts.

• dom/Element.cpp:

(WebCore::Element::removeShadowRoot):

Remove the superfluous call to notifyChildNodeRemoved in Element::removeShadowRoot to
avoid invoking notifyChildNodeRemoved during a document teardown, which is incorrect. It's sufficient that
~ShadowRoot calls ContainerNode::removeDetachedChildren(), and in turn removeDetachedChildrenInContainer()
since the latter function tears down nodes via the deletion queue during a document destruction and use
notifyChildNodeRemoved() on nodes that outlive the shadow root.

• dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::~ShadowRoot):

Take care to clean up inDocumentShadowRoots for fast-pathed destruction too.

(WebCore::ShadowRoot::insertedInto):
(WebCore::ShadowRoot::removedFrom):

Improve ShadowRoot's insertedInto and removedFrom so that they only try to add and remove itself from
m_inDocumentShadowRoots when the connected-ness changes.

11:18 PM Changeset in webkit [208377] by mark.lam@apple.com

• 12 edits
  1 add in trunk

ClonedArguments need to also support haveABadTime mode.
​https://bugs.webkit.org/show_bug.cgi?id=164200
<rdar://problem/27211336>

Reviewed by Geoffrey Garen.

JSTests:

• stress/have-a-bad-time-with-arguments.js: Added.

Source/JavaScriptCore:

For those who are not familiar with the parlance, "have a bad time" in the VM
means that Object.prototype has been modified in such a way that we can no longer
trivially do indexed property accesses without consulting the Object.prototype.
This defeats JIT indexed put optimizations, and hence, makes the VM "have a
bad time".

Once the VM enters haveABadTime mode, all existing objects are converted to use
slow put storage. Thereafter, JSArrays are always created with slow put storage.
JSObjects are always created with a blank indexing type. When a new indexed
property is put into the new object, its indexing type will be converted to the
slow put array indexing type just before we perform the put operation. This is
how we ensure that the objects will also use slow put storage.

However, ClonedArguments is an object which was previously created unconditionally
to use contiguous storage. Subsequently, if we try to call Object.preventExtensions()
on that ClonedArguments object, Object.preventExtensions() will:

1. make the ClonedArguments enter dictionary indexing mode, which means it will
2. first ensure that the ClonedArguments is using slow put array storage via JSObject::ensureArrayStorageSlow().

However, JSObject::ensureArrayStorageSlow() expects that we never see an object
with contiguous storage once we're in haveABadTime mode. Our ClonedArguments
object did not obey this invariant.

The fix is to make the ClonedArguments factories create objects that use slow put
array storage when in haveABadTime mode. This means:

1. JSGlobalObject::haveABadTime() now changes m_clonedArgumentsStructure to use its slow put version.

Also the caching of the slow put version of m_regExpMatchesArrayStructure,
because we only need to create it when we are having a bad time.

2. The ClonedArguments factories now allocates a butterfly with slow put array storage if we're in haveABadTime mode.

Also added some assertions in ClonedArguments' factory methods to ensure that
the created object has the slow put indexing type when it needsSlowPutIndexing().

3. DFGFixupPhase now watches the havingABadTimeWatchpoint because ClonedArguments' structure will change when having a bad time.

4. DFGArgumentEliminationPhase and DFGVarargsForwardingPhase need not be changed because it is still valid to eliminate the creation of the arguments object even having a bad time, as long as the arguments object does not escape.

5. The DFGAbstractInterpreterInlines now checks for haveABadTime, and sets the predicted type to be SpecObject.

Note: this issue does not apply to DirectArguments and ScopedArguments because
they use a blank indexing type (just like JSObject).

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::dump):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createWithMachineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
(JSC::ClonedArguments::createStructure):
(JSC::ClonedArguments::createSlowPutStructure):

• runtime/ClonedArguments.h:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::haveABadTime):
(JSC::JSGlobalObject::visitChildren):

• runtime/JSGlobalObject.h:

10:33 PM Changeset in webkit [208376] by matthew_hanson@apple.com

• 5 edits in branches/safari-602-branch/Source

Versioning

10:33 PM Changeset in webkit [208375] by matthew_hanson@apple.com

• 1 copy in tags/Safari-602.3.8

New tag.

10:32 PM Changeset in webkit [208374] by matthew_hanson@apple.com

• 5 edits in branches/safari-602-branch/Source

Versioning.

10:28 PM Changeset in webkit [208373] by fpizlo@apple.com

• 22 edits
  8 adds in trunk

DFG plays fast and loose with the shadow values of a Phi
​https://bugs.webkit.org/show_bug.cgi?id=164309

Reviewed by Saam Barati.

JSTests:

This test demonstrates why the DFG needs to recognize the shadow value of a Phi.

• stress/dfg-ssa-swap.js: Added.

(foo):

Source/JavaScriptCore:

Oh boy, what an embarrassing mistake! The style of SSA I like to use avoids block/value
tuples as parameters of a Phi, thereby simplifying CFG transformations and making Phi largely
not a special case for most compiler transforms. It does this by introducing another value
called Upsilon, which stores a value into some Phi.

B3 uses this also. The easiest way to understand what Upsilon/Phi behave like is to look at
the B3->Air lowering. Air is not SSA - it has Tmps that you can assign to and use as many
times as you like. B3 allocates one Tmp per Value, and an extra "phiTmp" for Phis, so that
Phis get two Tmps total. Upsilon stores the value into the phiTmp of the Phi, while Phi moves
the value from its phiTmp to its tmp.

This is necessary to support scenarios like this:

a: Phi()
b: Upsilon(@x, ^{a)
c: Use(@a)}

Here, we want @c to see @a's value before @b. That's a very basic requirement of SSA: that
the a value (like @a) doesn't change during its lifetime.

Unfortunately, DFG's liveness analysis, abstract interpreter, and integer range optimization
all failed to correctly model Upsilon/Phi this way. They would assume that it's accurate to
model the Upsilon as storing into the Phi directly.

Because DFG does flow analysis over SSA, making it correct means enabling it to speak of the
shadow value. This change addresses this problem by introducing the concept of a
NodeFlowProjection. This is a key that lets us speak of both a Node's primary value and its
optional "shadow" value. Liveness, AI, and integer range are now keyed by NodeFlowProjection
rather than Node*. Conceptually this turns out to be a very simple change, but it does touch
a good amount of code.

This looks to be perf-neutral.

Rolled back in after fixing the debug build.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• b3/air/AirLiveness.h:

(JSC::B3::Air::TmpLivenessAdapter::numIndices):
(JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
(JSC::B3::Air::RegLivenessAdapter::numIndices):
(JSC::B3::Air::AbstractLiveness::AbstractLiveness):
(JSC::B3::Air::TmpLivenessAdapter::maxIndex): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::maxIndex): Deleted.
(JSC::B3::Air::RegLivenessAdapter::maxIndex): Deleted.

• dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::forNode):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::forAllValues):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::dump):

• dfg/DFGAtTailAbstractState.cpp:

(JSC::DFG::AtTailAbstractState::createValueForNode):
(JSC::DFG::AtTailAbstractState::forNode):

• dfg/DFGAtTailAbstractState.h:
• dfg/DFGBasicBlock.h:
• dfg/DFGCombinedLiveness.cpp:

(JSC::DFG::liveNodesAtHead):

• dfg/DFGCombinedLiveness.h:
• dfg/DFGFlowIndexing.cpp: Added.

(JSC::DFG::FlowIndexing::FlowIndexing):
(JSC::DFG::FlowIndexing::~FlowIndexing):
(JSC::DFG::FlowIndexing::recompute):

• dfg/DFGFlowIndexing.h: Added.

(JSC::DFG::FlowIndexing::graph):
(JSC::DFG::FlowIndexing::numIndices):
(JSC::DFG::FlowIndexing::index):
(JSC::DFG::FlowIndexing::shadowIndex):
(JSC::DFG::FlowIndexing::nodeProjection):

• dfg/DFGFlowMap.h: Added.

(JSC::DFG::FlowMap::FlowMap):
(JSC::DFG::FlowMap::resize):
(JSC::DFG::FlowMap::graph):
(JSC::DFG::FlowMap::at):
(JSC::DFG::FlowMap::atShadow):
(WTF::printInternal):

• dfg/DFGGraph.cpp:

(JSC::DFG::Graph::Graph):

• dfg/DFGGraph.h:

(JSC::DFG::Graph::abstractValuesCache): Deleted.

• dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::setLiveValues):
(JSC::DFG::InPlaceAbstractState::endBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

• dfg/DFGInPlaceAbstractState.h:

(JSC::DFG::InPlaceAbstractState::createValueForNode):
(JSC::DFG::InPlaceAbstractState::forNode):

• dfg/DFGIntegerRangeOptimizationPhase.cpp:
• dfg/DFGLivenessAnalysisPhase.cpp:

(JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase):
(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::processBlock):
(JSC::DFG::LivenessAnalysisPhase::addChildUse): Deleted.

• dfg/DFGNode.h:

(JSC::DFG::NodeComparator::operator()):
(JSC::DFG::nodeListDump):
(JSC::DFG::nodeMapDump):
(JSC::DFG::nodeValuePairListDump):
(JSC::DFG::nodeComparator): Deleted.

• dfg/DFGNodeAbstractValuePair.cpp: Added.

(JSC::DFG::NodeAbstractValuePair::dump):

• dfg/DFGNodeAbstractValuePair.h: Added.

(JSC::DFG::NodeAbstractValuePair::NodeAbstractValuePair):

• dfg/DFGNodeFlowProjection.cpp: Added.

(JSC::DFG::NodeFlowProjection::dump):

• dfg/DFGNodeFlowProjection.h: Added.

(JSC::DFG::NodeFlowProjection::NodeFlowProjection):
(JSC::DFG::NodeFlowProjection::operator bool):
(JSC::DFG::NodeFlowProjection::kind):
(JSC::DFG::NodeFlowProjection::node):
(JSC::DFG::NodeFlowProjection::operator*):
(JSC::DFG::NodeFlowProjection::operator->):
(JSC::DFG::NodeFlowProjection::hash):
(JSC::DFG::NodeFlowProjection::operator==):
(JSC::DFG::NodeFlowProjection::operator!=):
(JSC::DFG::NodeFlowProjection::operator<):
(JSC::DFG::NodeFlowProjection::operator>):
(JSC::DFG::NodeFlowProjection::operator<=):
(JSC::DFG::NodeFlowProjection::operator>=):
(JSC::DFG::NodeFlowProjection::isHashTableDeletedValue):
(JSC::DFG::NodeFlowProjection::isStillValid):
(JSC::DFG::NodeFlowProjection::forEach):
(JSC::DFG::NodeFlowProjectionHash::hash):
(JSC::DFG::NodeFlowProjectionHash::equal):

• dfg/DFGStoreBarrierInsertionPhase.cpp:

Source/WTF:

Made this API use size rather than maxIndex as its initialization parameter, because that's
less confusing.

• wtf/IndexSparseSet.h:

(WTF::IndexSparseSet<OverflowHandler>::IndexSparseSet):

10:15 PM Changeset in webkit [208372] by matthew_hanson@apple.com

• 3 edits in branches/safari-602-branch/Source/JavaScriptCore

Merge r208299. rdar://problem/28857505

10:11 PM Changeset in webkit [208371] by Simon Fraser

• 39 edits in trunk

Give all the geometry classes a single-argument scale() function for consistency
​https://bugs.webkit.org/show_bug.cgi?id=164400

Reviewed by Zalan Bujtas.
Source/WebCore:

Add single-argument scale() to FloatPoint, FloatQuad, FloatSize and LayoutPoint, as well
as adding one to GraphicsContext. Switch callers who passed the same value for sx and sy
to the new functions.

• dom/Document.cpp:

(WebCore::Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale):

• dom/MouseRelatedEvent.cpp:

(WebCore::MouseRelatedEvent::init):
(WebCore::MouseRelatedEvent::computeRelativePosition):

• dom/TreeScope.cpp:

(WebCore::TreeScope::nodeFromPoint):

• page/PrintContext.cpp:

(WebCore::PrintContext::spoolPage):

• platform/cocoa/ThemeCocoa.mm:

(WebCore::fitContextToBox):

• platform/graphics/FloatPoint.h:

(WebCore::FloatPoint::scale):

• platform/graphics/FloatQuad.h:

(WebCore::FloatQuad::scale):

• platform/graphics/FloatSize.h:

(WebCore::FloatSize::scale):

• platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContext::applyDeviceScaleFactor):

• platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContext::scale):

• platform/graphics/LayoutPoint.h:

(WebCore::LayoutPoint::scale):

• platform/graphics/ca/TileCoverageMap.cpp:

(WebCore::TileCoverageMap::update):

• platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::platformCALayerPaintContents):

• platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::drawConsuming):
(WebCore::ImageBuffer::draw):
(WebCore::ImageBuffer::drawPattern):

• platform/mac/ThemeMac.mm:

(WebCore::paintToggleButton):
(WebCore::paintButton):
(WebCore::paintStepper):

• rendering/RenderImage.cpp:

(WebCore::RenderImage::nodeAtPoint):

• rendering/RenderMediaControls.cpp:

(WebCore::getUnzoomedRectAndAdjustCurrentContext):

• rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::paintMenuList):
(WebCore::RenderThemeMac::paintSliderThumb):
(WebCore::RenderThemeMac::paintSearchField):
(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::paintSearchFieldResultsButton):

• rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::selectionRectForTextFragment):
(WebCore::SVGInlineTextBox::paintDecorationWithStyle):
(WebCore::SVGInlineTextBox::paintTextWithShadows):

• svg/SVGPathBlender.cpp:

(WebCore::SVGPathBlender::blendAnimatedFloatPoint):
(WebCore::SVGPathBlender::blendArcToSegment):

• svg/SVGPathParser.cpp:

(WebCore::SVGPathParser::parseCurveToCubicSmoothSegment):
(WebCore::SVGPathParser::parseCurveToQuadraticSegment):
(WebCore::SVGPathParser::parseCurveToQuadraticSmoothSegment):
(WebCore::SVGPathParser::decomposeArcToCubic):

• svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::localCoordinateSpaceTransform):

Source/WebKit2:

Use single-argument scale() functions.

• PluginProcess/PluginControllerProxy.cpp:

(WebKit::PluginControllerProxy::paint):

• Shared/mac/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::drawInContext):

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLayerTree:]):
(-[WKWebView _takeViewSnapshot]):
(-[WKWebView _scrollToContentScrollPosition:scrollOrigin:]):
(-[WKWebView _scrollByContentOffset:]):
(-[WKWebView _zoomToFocusRect:selectionRect:fontSize:minimumScale:maximumScale:allowScaling:forceScroll:]):

• UIProcess/ios/WKContentView.mm:

(-[WKContentView _didCommitLayerTree:]):

• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _updateTapHighlight]):

• UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::indicatorLocation):
(WebKit::RemoteLayerTreeDrawingAreaProxy::updateDebugIndicator):

• UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::scaledMagnificationOrigin):

• WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:

(WebKit::InjectedBundleRangeHandle::renderedImage):

• WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::snapshot):

• WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::scrollToPoint):

• WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::createSelectionSnapshot):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::scalePageInViewCoordinates):
(WebKit::WebPage::scaleView):
(WebKit::WebPage::snapshotAtSize):
(WebKit::WebPage::snapshotNode):
(WebKit::WebPage::drawRectToImage):

• WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::restorePageState):

Tools:

Test single-argument scale().

• TestWebKitAPI/Tests/WebCore/FloatPoint.cpp:

(TestWebKitAPI::TEST):

10:08 PM Changeset in webkit [208370] by Antti Koivisto

• 5 edits
  2 adds in trunk

Source/WebCore:
REGRESSION (r207669): Crash under media controls shadow root construction
​https://bugs.webkit.org/show_bug.cgi?id=164381
<rdar://problem/28935401>

Reviewed by Simon Fraser.

The problem is that we are running a script for media control UA shadow tree in HTMLMediaElement::insertedInto.
It is not safe to run scripts in insertedInto as the tree is in inconsistent state. Instead finishedInsertingSubtree
callback should be used.

Test: media/media-controls-shadow-construction-crash.html

Seen on ​https://www.theguardian.com/artanddesign/video/2013/oct/14/banksy-central-park-new-york-video

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::insertedInto):
(WebCore::HTMLMediaElement::finishedInsertingSubtree):

Move configureMediaControls() to finishedInsertingSubtree().

• html/HTMLMediaElement.h:
• style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::resolveComposedTree):

Add an assert to make the bad state easier to hit in tests.

LayoutTests:
REGRESSION (r207669): Crash under SVGRenderSupport::updateMaskedAncestorShouldIsolateBlending
​https://bugs.webkit.org/show_bug.cgi?id=164381
<rdar://problem/28935401>

Reviewed by Simon Fraser.

• media/media-controls-shadow-construction-crash-expected.txt: Added.
• media/media-controls-shadow-construction-crash.html: Added.

10:05 PM Changeset in webkit [208369] by matthew_hanson@apple.com

• 6 edits in branches/safari-602-branch/Source

Merge r208328. rdar://problem/29084886

9:47 PM Changeset in webkit [208368] by matthew_hanson@apple.com

• 9 edits
  1 add in branches/safari-602-branch

Merge r208340. rdar://problem/29092397

9:38 PM Changeset in webkit [208367] by commit-queue@webkit.org

• 22 edits
  8 deletes in trunk

Unreviewed, rolling out r208364.
​https://bugs.webkit.org/show_bug.cgi?id=164402

broke the build (Requested by smfr on #webkit).

Reverted changeset:

"DFG plays fast and loose with the shadow values of a Phi"
​https://bugs.webkit.org/show_bug.cgi?id=164309
​http://trac.webkit.org/changeset/208364

8:46 PM Changeset in webkit [208366] by rniwa@webkit.org

• 3 edits in trunk/Source/WebCore

Add an assertion to diagnose stress GC bots test failures
​https://bugs.webkit.org/show_bug.cgi?id=164396

Reviewed by Antti Koivisto.

Added an assertion for calling ElementQueue::add while ElementQueue::invokeAll is in progress.
This should never happen as long as all DOM API has an appropriate CEReactions IDL attribute.

• dom/CustomElementReactionQueue.cpp:

(WebCore::CustomElementReactionStack::ElementQueue::add):
(WebCore::CustomElementReactionStack::ElementQueue::invokeAll):

• dom/CustomElementReactionQueue.h:

7:57 PM Changeset in webkit [208365] by commit-queue@webkit.org

• 9 edits in trunk/Source/WebCore

Add the asynchronous image decoding mode
​https://bugs.webkit.org/show_bug.cgi?id=155546

Patch by Said Abou-Hallawa <​sabouhallawa@apple.com> on 2016-11-03
Reviewed by Simon Fraser.

The asynchronous image decoding feature targets enhancing the rendering
in two scenarios: the animated images and scrolling a page which large
images. Enabling this feature for these two scenarios will be landed
separately.

The goal of the asynchronous image decoding is to have the decoded image
frame ready before it has to be drawn. Drawing an image does not have to
wait the image frame to be decoded.

• platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::frameImageAtIndex): Use the negation of frameHasValidNativeImageAtIndex().

• platform/graphics/BitmapImage.h:

(WebCore::BitmapImage::frameIsBeingDecodedAtIndex): Answers whether a frame is being decoded.
(WebCore::BitmapImage::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
(WebCore::BitmapImage::frameHasInvalidNativeImageAtIndex): Deleted.

• platform/graphics/Image.h:

(WebCore::Image::newFrameNativeImageAvailableAtIndex): Notifies the image with the availability of a frame NativeImage.

• platform/graphics/ImageFrame.h:

(WebCore::ImageFrame::isBeingDecoded): Answers whether the frame is being decoded.
(WebCore::ImageFrame::hasValidNativeImage): Checks the validity of the frame.
(WebCore::ImageFrame::hasInvalidNativeImage): Deleted.

• platform/graphics/ImageFrameCache.cpp:

(WebCore::ImageFrameCache::~ImageFrameCache): Asserts the decoding loop was ended before deleting the ImageFrameCache.
(WebCore::ImageFrameCache::setFrameNativeImageAtIndex): Rename this function to matches the other which take the frame index.
(WebCore::ImageFrameCache::setFrameMetadataAtIndex): Ditto.
(WebCore::ImageFrameCache::replaceFrameNativeImageAtIndex): It setts the ImageFrame's members and updates the decoded size.
(WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Replaces the frame NativeImage and notifies the Image with the new frame.
(WebCore::ImageFrameCache::decodingQueue): Ensures the decoding WorkQueue is created and returns it.
(WebCore::ImageFrameCache::startAsyncDecodingQueue): Starts a decoding WorkQueue which loops until m_frameRequestQueue is closed.
(WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex): Allows ImageSource to send a request to start asynchronous frame image decoding.
(WebCore::ImageFrameCache::stopAsyncDecodingQueue): Stops the decoding WorkQueue by closing m_frameRequestQueue.
(WebCore::ImageFrameCache::frameAtIndex): Call replaceFrameNativeImageAtIndex().
(WebCore::ImageFrameCache::frameIsBeingDecodedAtIndex): Returns true if a request for the image frame is issued but not finished yet.
(WebCore::ImageFrameCache::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
(WebCore::ImageFrameCache::setFrameNativeImage): Deleted. Was renamed to be setFrameNativeImageAtIndex.
(WebCore::ImageFrameCache::setFrameMetadata): Deleted. Was renamed to be setFrameMetadataAtIndex
(WebCore::ImageFrameCache::frameHasInvalidNativeImageAtIndex): Deleted. Was renamed to be frameHasValidNativeImageAtIndex.

• platform/graphics/ImageFrameCache.h:

(WebCore::ImageFrameCache::create): The decoding queue needs to hold a reference to this class so it can stop decoding safely without blocking.
(WebCore::ImageFrameCache::hasDecodingQueue): Returns true if a decoding queue has started.

• platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::ImageSource): Call ImageFrameCache::create().
(WebCore::ImageSource::clear): Deleting the decoder is unnecessary for asynchronous decoding because ImageFrameCache manages all the memory.

(WebCore::ImageSource::destroyDecodedData):
(WebCore::ImageSource::destroyDecodedDataIfNecessary):
(WebCore::ImageSource::ensureDecoderAvailable):
(WebCore::ImageSource::dataChanged):
(WebCore::ImageSource::isAllDataReceived):
(WebCore::ImageSource::isAsyncDecodingRequired): Answers the question whether the async image decoding is required for this ImageSource.
(WebCore::ImageSource::frameImageAtIndex):

• platform/graphics/ImageSource.h:

(WebCore::ImageSource::decodedSize):
(WebCore::ImageSource::requestFrameAsyncDecodingAtIndex):
(WebCore::ImageSource::stopAsyncDecodingQueue):
(WebCore::ImageSource::isSizeAvailable):
(WebCore::ImageSource::frameCount):
(WebCore::ImageSource::repetitionCount):
(WebCore::ImageSource::filenameExtension):
(WebCore::ImageSource::hotSpot):
(WebCore::ImageSource::size):
(WebCore::ImageSource::sizeRespectingOrientation):
(WebCore::ImageSource::singlePixelSolidColor):
(WebCore::ImageSource::frameIsBeingDecodedAtIndex):
(WebCore::ImageSource::frameIsCompleteAtIndex):
(WebCore::ImageSource::frameHasAlphaAtIndex):
(WebCore::ImageSource::frameHasImageAtIndex):
(WebCore::ImageSource::frameSubsamplingLevelAtIndex):
(WebCore::ImageSource::frameSizeAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):
(WebCore::ImageSource::frameDurationAtIndex):
(WebCore::ImageSource::frameOrientationAtIndex):

Make m_frameCache a type Ref<ImageFrameCache>. Use '->' instead of '.' when accessing its members.

(WebCore::ImageSource::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
(WebCore::ImageSource::frameHasInvalidNativeImageAtIndex): Deleted. Was renamed to be frameHasValidNativeImageAtIndex.

7:37 PM Changeset in webkit [208364] by fpizlo@apple.com

• 22 edits
  8 adds in trunk

DFG plays fast and loose with the shadow values of a Phi
​https://bugs.webkit.org/show_bug.cgi?id=164309

Reviewed by Saam Barati.

JSTests:

This test demonstrates why the DFG needs to recognize the shadow value of a Phi.

• stress/dfg-ssa-swap.js: Added.

(foo):

Source/JavaScriptCore:

Oh boy, what an embarrassing mistake! The style of SSA I like to use avoids block/value
tuples as parameters of a Phi, thereby simplifying CFG transformations and making Phi largely
not a special case for most compiler transforms. It does this by introducing another value
called Upsilon, which stores a value into some Phi.

B3 uses this also. The easiest way to understand what Upsilon/Phi behave like is to look at
the B3->Air lowering. Air is not SSA - it has Tmps that you can assign to and use as many
times as you like. B3 allocates one Tmp per Value, and an extra "phiTmp" for Phis, so that
Phis get two Tmps total. Upsilon stores the value into the phiTmp of the Phi, while Phi moves
the value from its phiTmp to its tmp.

This is necessary to support scenarios like this:

a: Phi()
b: Upsilon(@x, ^{a)
c: Use(@a)}

Here, we want @c to see @a's value before @b. That's a very basic requirement of SSA: that
the a value (like @a) doesn't change during its lifetime.

Unfortunately, DFG's liveness analysis, abstract interpreter, and integer range optimization
all failed to correctly model Upsilon/Phi this way. They would assume that it's accurate to
model the Upsilon as storing into the Phi directly.

Because DFG does flow analysis over SSA, making it correct means enabling it to speak of the
shadow value. This change addresses this problem by introducing the concept of a
NodeFlowProjection. This is a key that lets us speak of both a Node's primary value and its
optional "shadow" value. Liveness, AI, and integer range are now keyed by NodeFlowProjection
rather than Node*. Conceptually this turns out to be a very simple change, but it does touch
a good amount of code.

This looks to be perf-neutral.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• b3/air/AirLiveness.h:

(JSC::B3::Air::TmpLivenessAdapter::numIndices):
(JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
(JSC::B3::Air::RegLivenessAdapter::numIndices):
(JSC::B3::Air::AbstractLiveness::AbstractLiveness):
(JSC::B3::Air::TmpLivenessAdapter::maxIndex): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::maxIndex): Deleted.
(JSC::B3::Air::RegLivenessAdapter::maxIndex): Deleted.

• dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::forNode):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::forAllValues):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::dump):

• dfg/DFGAtTailAbstractState.cpp:

(JSC::DFG::AtTailAbstractState::createValueForNode):
(JSC::DFG::AtTailAbstractState::forNode):

• dfg/DFGAtTailAbstractState.h:
• dfg/DFGBasicBlock.h:
• dfg/DFGCombinedLiveness.cpp:

(JSC::DFG::liveNodesAtHead):

• dfg/DFGCombinedLiveness.h:
• dfg/DFGFlowIndexing.cpp: Added.

(JSC::DFG::FlowIndexing::FlowIndexing):
(JSC::DFG::FlowIndexing::~FlowIndexing):
(JSC::DFG::FlowIndexing::recompute):

• dfg/DFGFlowIndexing.h: Added.

(JSC::DFG::FlowIndexing::graph):
(JSC::DFG::FlowIndexing::numIndices):
(JSC::DFG::FlowIndexing::index):
(JSC::DFG::FlowIndexing::shadowIndex):
(JSC::DFG::FlowIndexing::nodeProjection):

• dfg/DFGFlowMap.h: Added.

(JSC::DFG::FlowMap::FlowMap):
(JSC::DFG::FlowMap::resize):
(JSC::DFG::FlowMap::graph):
(JSC::DFG::FlowMap::at):
(JSC::DFG::FlowMap::atShadow):
(WTF::printInternal):

• dfg/DFGGraph.cpp:

(JSC::DFG::Graph::Graph):

• dfg/DFGGraph.h:

(JSC::DFG::Graph::abstractValuesCache): Deleted.

• dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::setLiveValues):
(JSC::DFG::InPlaceAbstractState::endBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

• dfg/DFGInPlaceAbstractState.h:

(JSC::DFG::InPlaceAbstractState::createValueForNode):
(JSC::DFG::InPlaceAbstractState::forNode):

• dfg/DFGIntegerRangeOptimizationPhase.cpp:
• dfg/DFGLivenessAnalysisPhase.cpp:

(JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase):
(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::processBlock):
(JSC::DFG::LivenessAnalysisPhase::addChildUse): Deleted.

• dfg/DFGNode.h:

(JSC::DFG::NodeComparator::operator()):
(JSC::DFG::nodeListDump):
(JSC::DFG::nodeMapDump):
(JSC::DFG::nodeValuePairListDump):
(JSC::DFG::nodeComparator): Deleted.

• dfg/DFGNodeAbstractValuePair.cpp: Added.

(JSC::DFG::NodeAbstractValuePair::dump):

• dfg/DFGNodeAbstractValuePair.h: Added.

(JSC::DFG::NodeAbstractValuePair::NodeAbstractValuePair):

• dfg/DFGNodeFlowProjection.cpp: Added.

(JSC::DFG::NodeFlowProjection::dump):

• dfg/DFGNodeFlowProjection.h: Added.

(JSC::DFG::NodeFlowProjection::NodeFlowProjection):
(JSC::DFG::NodeFlowProjection::operator bool):
(JSC::DFG::NodeFlowProjection::kind):
(JSC::DFG::NodeFlowProjection::node):
(JSC::DFG::NodeFlowProjection::operator*):
(JSC::DFG::NodeFlowProjection::operator->):
(JSC::DFG::NodeFlowProjection::hash):
(JSC::DFG::NodeFlowProjection::operator==):
(JSC::DFG::NodeFlowProjection::operator!=):
(JSC::DFG::NodeFlowProjection::operator<):
(JSC::DFG::NodeFlowProjection::operator>):
(JSC::DFG::NodeFlowProjection::operator<=):
(JSC::DFG::NodeFlowProjection::operator>=):
(JSC::DFG::NodeFlowProjection::isHashTableDeletedValue):
(JSC::DFG::NodeFlowProjection::isStillValid):
(JSC::DFG::NodeFlowProjection::forEach):
(JSC::DFG::NodeFlowProjectionHash::hash):
(JSC::DFG::NodeFlowProjectionHash::equal):

• dfg/DFGStoreBarrierInsertionPhase.cpp:

Source/WTF:

Made this API use size rather than maxIndex as its initialization parameter, because that's
less confusing.

• wtf/IndexSparseSet.h:

(WTF::IndexSparseSet<OverflowHandler>::IndexSparseSet):

6:57 PM Changeset in webkit [208363] by mmaxfield@apple.com

• 7 edits
  4 adds in trunk

[WebGL2] Implement getBufferSubData()
​https://bugs.webkit.org/show_bug.cgi?id=164111

Reviewed by Dean Jackson.

Source/WebCore:

The call exists in OpenGL 3.2 but in order to have parity with
OpenGL ES 3 we back it with glMapBufferRange() instead.

This patch simply adds surface area to GraphicsContext3D
until we can get an ANGLE implementation of it.

When testing this patch I discovered that r207649 incorrectly
interpreted arguments to bufferData() and bufferSubData() as
byte offsets. Instead, they should be element indices. This
patch fixes those functions to work correctly so that
getBufferSubData() can be tested correctly.

Tests: fast/canvas/webgl/webgl2-buffers.html

fast/canvas/webgl/getBufferSubData-webgl1.html

• html/canvas/WebGL2RenderingContext.cpp:

(WebCore::arrayBufferViewElementSize):
(WebCore::WebGL2RenderingContext::bufferData):
(WebCore::WebGL2RenderingContext::bufferSubData):
(WebCore::WebGL2RenderingContext::getBufferSubData):

• html/canvas/WebGL2RenderingContext.h:
• html/canvas/WebGL2RenderingContext.idl:
• platform/graphics/GraphicsContext3D.h:
• platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::getBufferSubData):
(WebCore::GraphicsContext3D::mapBufferRange):
(WebCore::GraphicsContext3D::unmapBuffer):

LayoutTests:

Test every successful download/upload combination I can think of.

• fast/canvas/webgl/getBufferSubData-webgl1.html: Added.
• fast/canvas/webgl/getBufferSubData-webgl1-expected.txt: Added.
• fast/canvas/webgl/webgl2-buffers-expected.txt: Added.
• fast/canvas/webgl/webgl2-buffers.html: Added.

6:47 PM Changeset in webkit [208362] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Unreviewed, mark support for the 'download' attribute as 'Done'.

• features.json:

6:38 PM Changeset in webkit [208361] by Chris Dumez

• 33 edits
  3 copies
  5 adds in trunk

[WK2][Cocoa] Implement user interface for HTML form validation
​https://bugs.webkit.org/show_bug.cgi?id=164143
<rdar://problem/28944652>

Reviewed by Simon Fraser.

Source/WebCore:

Add ValidationBubble class to show HTML form validation messages
using native dialogs. It currently has an implementation for both
Mac and iOS. It is in WebCore under platform/ so that it can be
used by both WebKit1 and WebKit2.

Update ownership of ValidationMessageClient so that is is owned
by the Page using a unique_ptr<>, which seems to be the modern
way of handling lifetime for page clients.

Test: fast/forms/validation-messages.html

• WebCore.xcodeproj/project.pbxproj:
• html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::focusAndShowValidationMessage):

• html/ValidationMessage.cpp:

(WebCore::ValidationMessage::updateValidationMessage):

• page/Page.cpp:

(WebCore::Page::Page):
(WebCore::Page::~Page):

• page/Page.h:

(WebCore::Page::validationMessageClient):

• page/PageConfiguration.cpp:
• page/PageConfiguration.h:
• platform/ValidationBubble.h: Copied from Tools/DumpRenderTree/mac/UIScriptControllerMac.mm.

(WebCore::ValidationBubble::message):

• platform/ios/ValidationBubbleIOS.mm: Added.

(-[WebValidationBubbleDelegate adaptivePresentationStyleForPresentationController:traitCollection:]):
(WebCore::ValidationBubble::ValidationBubble):
(WebCore::ValidationBubble::~ValidationBubble):
(WebCore::ValidationBubble::show):
(WebCore::ValidationBubble::setAnchorRect):

• platform/mac/ValidationBubbleMac.mm: Added.

(WebCore::ValidationBubble::ValidationBubble):
(WebCore::ValidationBubble::~ValidationBubble):
(WebCore::ValidationBubble::showRelativeTo):

Source/WebKit2:

Implement the ValidationMessageClient in WebKit2 and have it display
a ValidationBubble on Cocoa. ValidationBubble is implemented using
native popovers on both Mac and iOS. As a result, Mac and iOS WK2
now use native popover for HTML form validation instead of the old
Shadow DOM based UI in WebCore.

The native popover shows at the bottom (or top) of the input and it
disapears as soon as the user starts typing or interacts with the
view (e.g. tap / scroll / zoom).

The feature is still disabled at runtime.

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):
(-[WKWebView _keyboardWillShow:]):
(-[WKWebView _keyboardDidShow:]):
(-[WKWebView _contentsOfUserInterfaceItem:]):

• UIProcess/API/Cocoa/WKWebViewPrivate.h:
• UIProcess/Cocoa/WebPageProxyCocoa.mm:
• UIProcess/PageClient.h:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::handleWheelEvent):
(WebKit::WebPageProxy::setPageZoomFactor):
(WebKit::WebPageProxy::setPageAndTextZoomFactors):
(WebKit::WebPageProxy::pageDidScroll):
(WebKit::WebPageProxy::resetState):
(WebKit::WebPageProxy::hideValidationMessage):

• UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::validationBubble):
(WebKit::WebPageProxy::setIsKeyboardAnimatingIn):

• UIProcess/WebPageProxy.messages.in:
• UIProcess/ios/PageClientImplIOS.h:
• UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::createValidationBubble):

• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _willStartScrollingOrZooming]):
(-[WKContentView scrollViewWillStartPanOrPinchGesture]):
(-[WKContentView _didEndScrollingOrZooming]):

• UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::dynamicViewportSizeUpdate):
(WebKit::WebPageProxy::potentialTapAtPosition):
(WebKit::WebPageProxy::showValidationMessage):
(WebKit::WebPageProxy::setIsScrollingOrZooming):

• UIProcess/mac/PageClientImpl.h:
• UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::createValidationBubble):

• UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::showValidationMessage):

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/WebCoreSupport/WebValidationMessageClient.cpp: Copied from Tools/DumpRenderTree/mac/UIScriptControllerMac.mm.

(WebKit::WebValidationMessageClient::WebValidationMessageClient):
(WebKit::WebValidationMessageClient::~WebValidationMessageClient):
(WebKit::WebValidationMessageClient::showValidationMessage):
(WebKit::WebValidationMessageClient::hideValidationMessage):
(WebKit::WebValidationMessageClient::isValidationMessageVisible):

• WebProcess/WebCoreSupport/WebValidationMessageClient.h: Copied from Tools/DumpRenderTree/mac/UIScriptControllerMac.mm.
• WebProcess/WebPage/WebPage.cpp:

(WebKit::m_userInterfaceLayoutDirection):

Tools:

Add support for UIScriptController::contentsOfUserInterfaceItem("validationBubble")
on both Mac and iOS to retrieve the currently displayed validation message.

• DumpRenderTree/mac/UIScriptControllerMac.mm:

(WTR::UIScriptController::contentsOfUserInterfaceItem):

• TestRunnerShared/UIScriptContext/UIScriptController.cpp:

(WTR::UIScriptController::contentsOfUserInterfaceItem):
(WTR::UIScriptController::selectFormAccessoryPickerRow):

• WebKitTestRunner/mac/UIScriptControllerMac.mm:

(WTR::UIScriptController::contentsOfUserInterfaceItem):

LayoutTests:

• fast/forms/validation-messages-expected.txt: Added.
• fast/forms/validation-messages.html: Added.

Add layout test coverage for checking that the right validation messages
are displayed when submitting forms with constraint violations. More
testing will be landed in follow up to cover other things besides the
messages (e.g. when does the bubble disappear).

• platform/mac-wk1/TestExpectations:

Skip new test on WebKit1 because the feature is WebKit2 only at the
moment.

• platform/ios-simulator-wk2/TestExpectations:
• platform/mac-wk2/TestExpectations:

Skip tests for the Shadow DOM based HTML form validation UI on
Mac and iOS WK2 now that those ports use native popovers instead.

6:37 PM Changeset in webkit [208360] by rniwa@webkit.org

• 11 edits
  21 copies
  4 moves
  1 add
  2 deletes in trunk/LayoutTests

Update custom elements tests
​https://bugs.webkit.org/show_bug.cgi?id=164352

Reviewed by Antti Koivisto.
LayoutTests/imported/w3c:

Reimported the custom elements tests as of 5047c27a5c61cc12eab75ac72b86125ec3cc8527.

• web-platform-tests/custom-elements/custom-element-reaction-queue-expected.txt: Added.
• web-platform-tests/custom-elements/custom-element-reaction-queue.html: Added.
• web-platform-tests/custom-elements/htmlconstructor/newtarget.html:
• web-platform-tests/custom-elements/reactions/CSSStyleDeclaration-expected.txt: Moved from fast/custom-elements/reactions/.
• web-platform-tests/custom-elements/reactions/CSSStyleDeclaration.html: Ditto.
• web-platform-tests/custom-elements/reactions/Document.html: Updated.
• web-platform-tests/custom-elements/reactions/HTMLAnchorElement-expected.txt: Moved from fast/custom-elements/reactions/.
• web-platform-tests/custom-elements/reactions/HTMLAnchorElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOptionElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOptionElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOptionsCollection-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOptionsCollection.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOutputElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLOutputElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLSelectElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLSelectElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableRowElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableRowElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableSectionElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTableSectionElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTitleElement-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/HTMLTitleElement.html: Ditto.
• web-platform-tests/custom-elements/reactions/ShadowRoot-expected.txt: Ditto.
• web-platform-tests/custom-elements/reactions/ShadowRoot.html: Ditto.
• web-platform-tests/custom-elements/reactions/resources/reactions.js:
• web-platform-tests/custom-elements/reactions/w3c-import.log:
• web-platform-tests/custom-elements/resources/custom-elements-helpers.js:
• web-platform-tests/custom-elements/upgrading/upgrading-enqueue-reactions-expected.txt: Moved from fast/custom-elements/.
• web-platform-tests/custom-elements/upgrading/upgrading-enqueue-reactions.html: Ditto.
• web-platform-tests/custom-elements/upgrading/w3c-import.log:
• web-platform-tests/custom-elements/w3c-import.log:

LayoutTests:

Removed tests that have been back imported via web-platform-tests.

• fast/custom-elements/custom-element-reaction-queue-expected.txt: Removed.
• fast/custom-elements/custom-element-reaction-queue.html: Removed.
• fast/custom-elements/reactions-for-webkit-extensions.html:
• fast/custom-elements/reactions/: Removed.
• fast/custom-elements/resources/additional-helpers.js: Removed.
• fast/custom-elements/upgrading-enqueue-reactions-expected.txt: Removed.
• fast/custom-elements/upgrading-enqueue-reactions.html: Removed.

6:08 PM Changeset in webkit [208359] by beidson@apple.com

• 10 edits in trunk

IndexedDB 2.0: Rename IDBKeyRange.contains to IDBKeyRange.includes.
​https://bugs.webkit.org/show_bug.cgi?id=164383

Reviewed by Beth Dakin.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idbkeyrange-includes-expected.txt:

Source/WebCore:

No new tests (Updated existing tests).

• Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::includes):
(WebCore::IDBKeyRange::contains): Deleted.

• Modules/indexeddb/IDBKeyRange.h:
• Modules/indexeddb/IDBKeyRange.idl:

LayoutTests:

• storage/indexeddb/resources/keyrange.js:

4:57 PM Changeset in webkit [208358] by Ryan Haddad

• 2 edits in trunk/LayoutTests

Marking two inspector/sampling-profiler tests as flaky.
​https://bugs.webkit.org/show_bug.cgi?id=164388

Unreviewed test gardening.

• platform/mac/TestExpectations:

4:49 PM Changeset in webkit [208357] by Konstantin Tokarev

• 7 edits in trunk

Fixes to build JSCOnly on macOS
​https://bugs.webkit.org/show_bug.cgi?id=164379

Reviewed by Michael Catanzaro.

.:

• Source/cmake/OptionsJSCOnly.cmake: Define BUILDING_JSCONLY, use

system ICU libraries on macOS

• Source/cmake/WebKitMacros.cmake: Fixed WEBKIT_FRAMEWORK macro for

static JSC

Source/WTF:

• wtf/Platform.h: JSCOnly port should not provide any PLATFORM() macro

Tools:

• TestWebKitAPI/PlatformJSCOnly.cmake: Moved BUILDING_JSCONLY

definition to OptionsJSCOnly.cmake

4:18 PM Changeset in webkit [208356] by Ryan Haddad

• 9 edits
  5 deletes in trunk

Unreviewed, rolling out r208302.

This change causes LayoutTest crashes under GuardMalloc.

Reverted changeset:

"Load stylesheets in link elements inside a connected shadow
tree"
​https://bugs.webkit.org/show_bug.cgi?id=160683
​http://trac.webkit.org/changeset/208302

4:10 PM Changeset in webkit [208355] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Unreviewed, add HTML5 specification for HTML Interactive Form Validation feature.

• features.json:

4:06 PM Changeset in webkit [208354] by Chris Dumez

• 2 edits in trunk/Source/WebCore

Unreviewed, add HTML Interactive Form Validation to features.json

• features.json:

3:54 PM Changeset in webkit [208353] by matthew_hanson@apple.com

• 4 edits
  2 deletes in tags/Safari-603.1.11

Merge r208351. rdar://problem/29094221

3:53 PM Changeset in webkit [208352] by matthew_hanson@apple.com

• 20 edits
  5 deletes in tags/Safari-603.1.11

Roll out r208149. rdar://problem/29098431

3:24 PM Changeset in webkit [208351] by Yusuke Suzuki

• 4 edits
  2 deletes in trunk

Unreviewed, rolling out due to crash in Amazon web site
​https://bugs.webkit.org/show_bug.cgi?id=164380
<rdar://problem/29094221>

Source/WebCore:

• dom/Node.idl:
• domjit/JSNodeDOMJIT.cpp:

(WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter): Deleted.

LayoutTests:

• js/dom/domjit-accessor-owner-document-expected.txt: Removed.
• js/dom/domjit-accessor-owner-document.html: Removed.

3:23 PM Changeset in webkit [208350] by Konstantin Tokarev

• 2 edits in trunk

[cmake][MinGW] Don't use MS bitfield layout to reduce sizes of data structures
​https://bugs.webkit.org/show_bug.cgi?id=164026

Reviewed by Michael Catanzaro.

With MS bitfileds RegisterAtOffset becomes wider than ptrdiff_t because of
different alignment requirements, invoking static_assert. Instead of
muting assert for MinGW like it's done for MSVC, it's a better choice to
use more dense layout, as bitfields are not used in public APIs.

Also, suppress MinGW warnings from "#pragma warning" which it doesn't
understand.

• Source/cmake/OptionsCommon.cmake:

2:47 PM Changeset in webkit [208349] by beidson@apple.com

• 21 edits
  5 adds in trunk

IndexedDB 2.0: Support binary keys.
<rdar://problem/28806927> and ​https://bugs.webkit.org/show_bug.cgi?id=164359

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/IndexedDB/idb_binary_key_conversion-expected.txt:
• web-platform-tests/IndexedDB/idbfactory_cmp3-expected.txt:
• web-platform-tests/IndexedDB/idbfactory_cmp4-expected.txt:

Source/WebCore:

Tests: storage/indexeddb/modern/binary-keys-1-private.html

storage/indexeddb/modern/binary-keys-1.html
Changes to other existing tests.

• Modules/indexeddb/IDBKey.cpp:

(WebCore::IDBKey::createBinary):
(WebCore::IDBKey::IDBKey):
(WebCore::IDBKey::compare):

• Modules/indexeddb/IDBKey.h:

(WebCore::IDBKey::binary):
(WebCore::compareBinaryKeyData):

• Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::IDBKeyData):
(WebCore::IDBKeyData::maybeCreateIDBKey):
(WebCore::IDBKeyData::isolatedCopy):
(WebCore::IDBKeyData::encode):
(WebCore::IDBKeyData::decode):
(WebCore::IDBKeyData::compare):
(WebCore::IDBKeyData::loggingString):
(WebCore::IDBKeyData::operator==):

• Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::hash):
(WebCore::IDBKeyData::encode):
(WebCore::IDBKeyData::decode):

• Modules/indexeddb/IndexedDB.h: Add new enum for the new key type.

• bindings/js/IDBBindingUtilities.cpp:

(WebCore::toJS):
(WebCore::createIDBKeyFromValue):

• platform/ThreadSafeDataBuffer.h:

(WebCore::ThreadSafeDataBufferImpl::ThreadSafeDataBufferImpl):
(WebCore::ThreadSafeDataBuffer::copyData):
(WebCore::ThreadSafeDataBuffer::size):
(WebCore::ThreadSafeDataBuffer::operator==):
(WebCore::ThreadSafeDataBuffer::ThreadSafeDataBuffer):

Source/WTF:

• wtf/Hasher.h:

(WTF::StringHasher::hashMemory): Teach hashMemory() to handle buffers with odd lengths.

LayoutTests:

• storage/indexeddb/factory-cmp-expected.txt:
• storage/indexeddb/factory-cmp-private-expected.txt:
• storage/indexeddb/key-type-binary-expected.txt:
• storage/indexeddb/key-type-binary-private-expected.txt:
• storage/indexeddb/modern/binary-keys-1-expected.txt: Added.
• storage/indexeddb/modern/binary-keys-1-private-expected.txt: Added.
• storage/indexeddb/modern/binary-keys-1-private.html: Added.
• storage/indexeddb/modern/binary-keys-1.html: Added.
• storage/indexeddb/modern/resources/binary-keys-1.js: Added.
• storage/indexeddb/resources/factory-cmp.js:
• storage/indexeddb/resources/key-type-binary.js:

2:20 PM Changeset in webkit [208348] by Nikita Vasilyev

• 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Stack overflow when searching a timeline recording for JS function names
​https://bugs.webkit.org/show_bug.cgi?id=161784
<rdar://problem/28219498>

Reviewed by Timothy Hatcher.

_populate method of ProfileNodeDataGridNode and ProfileDataGridNode traverses
all children of a given node. makeVisible function of DataGrid#_applyFiltersToNode
traverses all its parents to expand them. This creates an infinite recursion.
Remove "populate" event before appending child nodes to prevent it.

• UserInterface/Views/ProfileDataGridNode.js:

(WebInspector.ProfileDataGridNode.prototype._populate):
(WebInspector.ProfileDataGridNode):

• UserInterface/Views/ProfileNodeDataGridNode.js:

(WebInspector.ProfileNodeDataGridNode.prototype._populate):
(WebInspector.ProfileNodeDataGridNode):

2:07 PM Changeset in webkit [208347] by timothy_horton@apple.com

• 14 edits in trunk/Source

Printing to PDF should produce internal links when HTML has internal links
​https://bugs.webkit.org/show_bug.cgi?id=112081
<rdar://problem/5955705>

Reviewed by Simon Fraser.
Patch originally by David Lattimore.

No new tests, as it's unclear how to test PDF output.

• dom/Element.cpp:

(WebCore::Element::findAnchorElementForLink):

• dom/Element.h:

Add findAnchorElementForLink, which looks up the anchor element corresponding
to the current element's href, and also returns the fragment name as an out parameter.

• page/PrintContext.cpp:

(WebCore::PrintContext::PrintContext):
(WebCore::PrintContext::spoolPage):
(WebCore::PrintContext::spoolRect):
(WebCore::PrintContext::end):
(WebCore::PrintContext::collectLinkedDestinations):
(WebCore::PrintContext::outputLinkedDestinations):

• rendering/RenderObject.cpp:

(WebCore::RenderObject::addPDFURLRect):
Plumb internal links (fragment links) through to GraphicsContext, using
the fragment name from the page.

• page/PrintContext.h:
• platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContext::supportsInternalLinks):
(WebCore::GraphicsContext::setDestinationForRect):
(WebCore::GraphicsContext::addDestinationAtPoint):

• platform/graphics/GraphicsContext.h:
• platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::supportsInternalLinks):
(WebCore::GraphicsContext::setDestinationForRect):
(WebCore::GraphicsContext::addDestinationAtPoint):
Plumb internal links through to the CGContext. Apply the CTM, because
these functions expect positions in global coordinates.

• platform/graphics/win/GraphicsContextDirect2D.cpp:

(WebCore::GraphicsContext::setURLForRect):

• platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::setURLForRect):
Adjust setURLForRect to take a FloatRect, like everything else, and
stop rounding.

• UIProcess/mac/WKPrintingView.h:
• UIProcess/mac/WKPrintingView.mm:

(linkDestinationName):
(-[WKPrintingView _drawPDFDocument:page:atPoint:]):
Propagate link-to-destination annotations (and each page's destinations)
into the printed PDF.
Generate a unique destination name based on the page and position, because
we have lost the fragment name information.

(-[WKPrintingView drawRect:]):
Compute all of the destinations for every page, so that we can add them
to the context as we paint the pages (we need the page CTM in order to add them).

2:07 PM Changeset in webkit [208346] by matthew_hanson@apple.com

• 2 edits in tags/Safari-603.1.11/Source/WebCore

Merge r208319. rdar://problem/29053414

2:07 PM Changeset in webkit [208345] by matthew_hanson@apple.com

• 12 edits
  2 adds in tags/Safari-603.1.11

Merge r208314. rdar://problem/29053414

2:06 PM Changeset in webkit [208344] by achristensen@apple.com

• 36 edits
  1 copy
  2 deletes in trunk/Source

Unreviewed, rolling out r208298.
Source/WebCore:

​https://bugs.webkit.org/show_bug.cgi?id=163939

caused asan crashes

Reverted changeset:

"NetworkSession: Add NetworkDataTask implementation for blobs"
​https://bugs.webkit.org/show_bug.cgi?id=163939
​http://trac.webkit.org/changeset/208298

Source/WebCore/platform/gtk/po:

caused

Reverted changeset:

"NetworkSession: Add NetworkDataTask implementation for blobs"
​https://bugs.webkit.org/show_bug.cgi?id=163939
​http://trac.webkit.org/changeset/208298

Source/WebKit2:

​https://bugs.webkit.org/show_bug.cgi?id=163939

caused asan crashes

Reverted changeset:

"NetworkSession: Add NetworkDataTask implementation for blobs"
​https://bugs.webkit.org/show_bug.cgi?id=163939
​http://trac.webkit.org/changeset/208298

1:53 PM Changeset in webkit [208343] by keith_miller@apple.com

• 1 edit in trunk/Source/JavaScriptCore/ChangeLog

Unreviewed, changelog fix due to failed git rebase..

1:53 PM Changeset in webkit [208342] by Ryan Haddad

• 21 edits in trunk/Source/WebKit2

Unreviewed, rolling out r208330.

This change appears to have caused two editing tests to fail
on macOS.

Reverted changeset:

"Reduce PassRefPtr use in WebKit2"
​https://bugs.webkit.org/show_bug.cgi?id=164360
​http://trac.webkit.org/changeset/208330

1:47 PM Changeset in webkit [208341] by keith_miller@apple.com

• 5 edits in trunk/Source/JavaScriptCore

Asking for a value profile prediction should be defensive against not finding a value profile
​https://bugs.webkit.org/show_bug.cgi?id=164306

Patch by Saam Barati <​sbarati@apple.com> on 2016-11-03
Reviewed by Mark Lam.

Currently, the code that calls CodeBlock::valueProfilePredictionForBytecodeOffset
in the DFG assumes it will always be at a value producing node. However, this isn't
true if we tail call from an inlined setter. When we're at a tail call, we try
to find the first caller that isn't a tail call to see what value the
tail_call produces. If we inline a setter, however, we will end up finding
the put_by_id as our first non-tail-called "caller", and that won't have a
value profile associated with it since it's not a value producing node.
CodeBlock::valueProfilePredictionForBytecodeOffset should be defensive
against finding a null value profile.

• bytecode/CodeBlock.h:

(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):

12:31 PM Changeset in webkit [208340] by mitz@apple.com

• 9 edits
  1 add in trunk

WKWebView’s _observedRenderingProgressEvents not restored after web process crash
​https://bugs.webkit.org/show_bug.cgi?id=164368
<rdar://problem/29091954>

Reviewed by Anders Carlsson.

Source/WebKit2:

Test: TestWebKitAPI/Tests/WebKit2Cocoa/ObservedRenderingProgressEventsAfterCrash.mm.

• Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode): Encode new observedLayoutMilestones member.
(WebKit::WebPageCreationParameters::decode): Decode it.

• Shared/WebPageCreationParameters.h: Declared new observedLayoutMilestones member variable.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy): Removed initializer for

m_wantsSessionRestorationRenderTreeSizeThresholdEvent.

(WebKit::WebPageProxy::listenForLayoutMilestones): Update new m_observedLayoutMilestones

member variable. Don’t update m_wantsSessionRestorationRenderTreeSizeThresholdEvent.

(WebKit::WebPageProxy::creationParameters): Set the observedLayoutMilestones member in the

creation parameters.

• UIProcess/WebPageProxy.h: Declared new member variable, deleted m_wantsSessionRestorationRenderTreeSizeThresholdEvent declaration.

• UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::didCommitLayerTree): Rather than using

m_wantsSessionRestorationRenderTreeSizeThresholdEvent, use m_observedLayoutMilestones.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage): Add the observed layout milestones from the creation parameters.

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKit2Cocoa/ObservedRenderingProgressEventsAfterCrash.mm: Added.

(TEST):

12:09 PM Changeset in webkit [208339] by Brent Fulgham

• 2 edits in trunk/Source/WebCore

[Win][Direct2D] Native Windows widgets are drawn upside-down
​https://bugs.webkit.org/show_bug.cgi?id=164370

Reviewed by Alex Christensen.

When we return from drawing in GDI code, we need to flip the resulting
bitmap so that it draws in the proper orientation in Direct2D.

Tested by existing widget tests.

• platform/graphics/win/GraphicsContextDirect2D.cpp:

(WebCore::GraphicsContext::releaseWindowsContext): Flip before drawing
to our Direct2D context.

11:47 AM Changeset in webkit [208338] by commit-queue@webkit.org

• 30 edits in trunk/Tools

Purge PassRefPtr from Tools
​https://bugs.webkit.org/show_bug.cgi?id=164358

Patch by Alex Christensen <​achristensen@webkit.org> on 2016-11-03
Reviewed by Michael Catanzaro.

• ImageDiff/efl/ImageDiff.cpp:
• TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitAccessibility.cpp:
• WebKitTestRunner/InjectedBundle/AccessibilityController.cpp:

(WTR::AccessibilityController::create):
(WTR::AccessibilityController::rootElement):
(WTR::AccessibilityController::focusedElement):
(WTR::AccessibilityController::elementAtPoint):
(WTR::AccessibilityController::addNotificationListener): Deleted.
(WTR::AccessibilityController::removeNotificationListener): Deleted.
(WTR::AccessibilityController::accessibleElementById): Deleted.
(WTR::AccessibilityController::logAccessibilityEvents): Deleted.
(WTR::AccessibilityController::resetToConsistentState): Deleted.
(WTR::AccessibilityController::platformName): Deleted.

• WebKitTestRunner/InjectedBundle/AccessibilityController.h:

(WTR::AccessibilityController::logAccessibilityEvents):

• WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp:

(WTR::AccessibilityTextMarker::create):

• WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h:
• WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp:

(WTR::AccessibilityTextMarkerRange::create):

• WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h:
• WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::create):
(WTR::AccessibilityUIElement::linkedElement):
(WTR::AccessibilityUIElement::headerElementAtIndex):
(WTR::AccessibilityUIElement::fieldsetAncestorElement):
(WTR::AccessibilityUIElement::characterAtOffset):
(WTR::AccessibilityUIElement::wordAtOffset):
(WTR::AccessibilityUIElement::lineAtOffset):
(WTR::AccessibilityUIElement::sentenceAtOffset):
(WTR::AccessibilityUIElement::selectedTextMarkerRange):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::paragraphTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousParagraphStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::AccessibilityUIElement): Deleted.
(WTR::AccessibilityUIElement::~AccessibilityUIElement): Deleted.
(WTR::AccessibilityUIElement::isEqual): Deleted.
(WTR::AccessibilityUIElement::elementAtPoint): Deleted.
(WTR::AccessibilityUIElement::childAtIndex): Deleted.
(WTR::AccessibilityUIElement::indexOfChild): Deleted.
(WTR::AccessibilityUIElement::childrenCount): Deleted.
(WTR::AccessibilityUIElement::titleUIElement): Deleted.
(WTR::AccessibilityUIElement::parentElement): Deleted.
(WTR::AccessibilityUIElement::takeFocus): Deleted.
(WTR::AccessibilityUIElement::takeSelection): Deleted.
(WTR::AccessibilityUIElement::addSelection): Deleted.
(WTR::AccessibilityUIElement::removeSelection): Deleted.
(WTR::AccessibilityUIElement::allAttributes): Deleted.
(WTR::AccessibilityUIElement::attributesOfLinkedUIElements): Deleted.
(WTR::AccessibilityUIElement::linkedUIElementAtIndex): Deleted.
(WTR::AccessibilityUIElement::attributesOfDocumentLinks): Deleted.
(WTR::AccessibilityUIElement::attributesOfChildren): Deleted.
(WTR::AccessibilityUIElement::parameterizedAttributeNames): Deleted.
(WTR::AccessibilityUIElement::increment): Deleted.
(WTR::AccessibilityUIElement::decrement): Deleted.
(WTR::AccessibilityUIElement::showMenu): Deleted.
(WTR::AccessibilityUIElement::press): Deleted.
(WTR::AccessibilityUIElement::stringAttributeValue): Deleted.
(WTR::AccessibilityUIElement::uiElementArrayAttributeValue): Deleted.
(WTR::AccessibilityUIElement::uiElementAttributeValue): Deleted.
(WTR::AccessibilityUIElement::numberAttributeValue): Deleted.
(WTR::AccessibilityUIElement::boolAttributeValue): Deleted.
(WTR::AccessibilityUIElement::isAttributeSupported): Deleted.
(WTR::AccessibilityUIElement::isAttributeSettable): Deleted.
(WTR::AccessibilityUIElement::isPressActionSupported): Deleted.
(WTR::AccessibilityUIElement::isIncrementActionSupported): Deleted.
(WTR::AccessibilityUIElement::isDecrementActionSupported): Deleted.
(WTR::AccessibilityUIElement::role): Deleted.
(WTR::AccessibilityUIElement::subrole): Deleted.
(WTR::AccessibilityUIElement::roleDescription): Deleted.
(WTR::AccessibilityUIElement::computedRoleString): Deleted.
(WTR::AccessibilityUIElement::title): Deleted.
(WTR::AccessibilityUIElement::description): Deleted.
(WTR::AccessibilityUIElement::language): Deleted.
(WTR::AccessibilityUIElement::stringValue): Deleted.
(WTR::AccessibilityUIElement::accessibilityValue): Deleted.
(WTR::AccessibilityUIElement::helpText): Deleted.
(WTR::AccessibilityUIElement::orientation): Deleted.
(WTR::AccessibilityUIElement::x): Deleted.
(WTR::AccessibilityUIElement::y): Deleted.
(WTR::AccessibilityUIElement::width): Deleted.
(WTR::AccessibilityUIElement::height): Deleted.
(WTR::AccessibilityUIElement::intValue): Deleted.
(WTR::AccessibilityUIElement::minValue): Deleted.
(WTR::AccessibilityUIElement::maxValue): Deleted.
(WTR::AccessibilityUIElement::valueDescription): Deleted.
(WTR::AccessibilityUIElement::insertionPointLineNumber): Deleted.
(WTR::AccessibilityUIElement::selectedTextRange): Deleted.
(WTR::AccessibilityUIElement::isEnabled): Deleted.
(WTR::AccessibilityUIElement::isRequired): Deleted.
(WTR::AccessibilityUIElement::isFocused): Deleted.
(WTR::AccessibilityUIElement::isFocusable): Deleted.
(WTR::AccessibilityUIElement::isSelected): Deleted.
(WTR::AccessibilityUIElement::isSelectedOptionActive): Deleted.
(WTR::AccessibilityUIElement::isSelectable): Deleted.
(WTR::AccessibilityUIElement::isMultiSelectable): Deleted.
(WTR::AccessibilityUIElement::setSelectedChild): Deleted.
(WTR::AccessibilityUIElement::setSelectedChildAtIndex): Deleted.
(WTR::AccessibilityUIElement::removeSelectionAtIndex): Deleted.
(WTR::AccessibilityUIElement::selectedChildrenCount): Deleted.
(WTR::AccessibilityUIElement::selectedChildAtIndex): Deleted.
(WTR::AccessibilityUIElement::isExpanded): Deleted.
(WTR::AccessibilityUIElement::isChecked): Deleted.
(WTR::AccessibilityUIElement::isIndeterminate): Deleted.
(WTR::AccessibilityUIElement::isVisible): Deleted.
(WTR::AccessibilityUIElement::isOffScreen): Deleted.
(WTR::AccessibilityUIElement::isCollapsed): Deleted.
(WTR::AccessibilityUIElement::isIgnored): Deleted.
(WTR::AccessibilityUIElement::hasPopup): Deleted.
(WTR::AccessibilityUIElement::hierarchicalLevel): Deleted.
(WTR::AccessibilityUIElement::clickPointX): Deleted.
(WTR::AccessibilityUIElement::clickPointY): Deleted.
(WTR::AccessibilityUIElement::documentEncoding): Deleted.
(WTR::AccessibilityUIElement::documentURI): Deleted.
(WTR::AccessibilityUIElement::url): Deleted.
(WTR::AccessibilityUIElement::speak): Deleted.
(WTR::AccessibilityUIElement::attributesOfColumnHeaders): Deleted.
(WTR::AccessibilityUIElement::attributesOfRowHeaders): Deleted.
(WTR::AccessibilityUIElement::attributesOfColumns): Deleted.
(WTR::AccessibilityUIElement::attributesOfRows): Deleted.
(WTR::AccessibilityUIElement::attributesOfVisibleCells): Deleted.
(WTR::AccessibilityUIElement::attributesOfHeader): Deleted.
(WTR::AccessibilityUIElement::indexInTable): Deleted.
(WTR::AccessibilityUIElement::rowIndexRange): Deleted.
(WTR::AccessibilityUIElement::columnIndexRange): Deleted.
(WTR::AccessibilityUIElement::rowCount): Deleted.
(WTR::AccessibilityUIElement::columnCount): Deleted.
(WTR::AccessibilityUIElement::rowHeaders): Deleted.
(WTR::AccessibilityUIElement::columnHeaders): Deleted.
(WTR::AccessibilityUIElement::selectedRowAtIndex): Deleted.
(WTR::AccessibilityUIElement::disclosedByRow): Deleted.
(WTR::AccessibilityUIElement::disclosedRowAtIndex): Deleted.
(WTR::AccessibilityUIElement::rowAtIndex): Deleted.
(WTR::AccessibilityUIElement::ariaOwnsElementAtIndex): Deleted.
(WTR::AccessibilityUIElement::ariaFlowToElementAtIndex): Deleted.
(WTR::AccessibilityUIElement::ariaControlsElementAtIndex): Deleted.
(WTR::AccessibilityUIElement::ariaIsGrabbed): Deleted.
(WTR::AccessibilityUIElement::ariaDropEffects): Deleted.
(WTR::AccessibilityUIElement::classList): Deleted.
(WTR::AccessibilityUIElement::lineForIndex): Deleted.
(WTR::AccessibilityUIElement::rangeForLine): Deleted.
(WTR::AccessibilityUIElement::rangeForPosition): Deleted.
(WTR::AccessibilityUIElement::boundsForRange): Deleted.
(WTR::AccessibilityUIElement::setSelectedTextRange): Deleted.
(WTR::AccessibilityUIElement::setSelectedVisibleTextRange): Deleted.
(WTR::AccessibilityUIElement::stringForRange): Deleted.
(WTR::AccessibilityUIElement::attributedStringForRange): Deleted.
(WTR::AccessibilityUIElement::attributedStringRangeIsMisspelled): Deleted.
(WTR::AccessibilityUIElement::uiElementCountForSearchPredicate): Deleted.
(WTR::AccessibilityUIElement::uiElementForSearchPredicate): Deleted.
(WTR::AccessibilityUIElement::selectTextWithCriteria): Deleted.
(WTR::AccessibilityUIElement::cellForColumnAndRow): Deleted.
(WTR::AccessibilityUIElement::horizontalScrollbar): Deleted.
(WTR::AccessibilityUIElement::verticalScrollbar): Deleted.
(WTR::AccessibilityUIElement::addNotificationListener): Deleted.
(WTR::AccessibilityUIElement::removeNotificationListener): Deleted.
(WTR::AccessibilityUIElement::lineTextMarkerRangeForTextMarker): Deleted.
(WTR::AccessibilityUIElement::textMarkerRangeForElement): Deleted.
(WTR::AccessibilityUIElement::textMarkerRangeLength): Deleted.
(WTR::AccessibilityUIElement::textMarkerRangeForMarkers): Deleted.
(WTR::AccessibilityUIElement::startTextMarkerForTextMarkerRange): Deleted.
(WTR::AccessibilityUIElement::endTextMarkerForTextMarkerRange): Deleted.
(WTR::AccessibilityUIElement::accessibilityElementForTextMarker): Deleted.
(WTR::AccessibilityUIElement::endTextMarkerForBounds): Deleted.
(WTR::AccessibilityUIElement::startTextMarkerForBounds): Deleted.
(WTR::AccessibilityUIElement::textMarkerForPoint): Deleted.
(WTR::AccessibilityUIElement::previousTextMarker): Deleted.
(WTR::AccessibilityUIElement::nextTextMarker): Deleted.
(WTR::AccessibilityUIElement::startTextMarker): Deleted.
(WTR::AccessibilityUIElement::endTextMarker): Deleted.
(WTR::AccessibilityUIElement::stringForTextMarkerRange): Deleted.
(WTR::AccessibilityUIElement::attributedStringForTextMarkerRangeContainsAttribute): Deleted.
(WTR::AccessibilityUIElement::indexForTextMarker): Deleted.
(WTR::AccessibilityUIElement::isTextMarkerValid): Deleted.
(WTR::AccessibilityUIElement::textMarkerForIndex): Deleted.
(WTR::AccessibilityUIElement::scrollToMakeVisible): Deleted.
(WTR::AccessibilityUIElement::scrollToGlobalPoint): Deleted.
(WTR::AccessibilityUIElement::scrollToMakeVisibleWithSubFocus): Deleted.
(WTR::AccessibilityUIElement::supportedActions): Deleted.
(WTR::AccessibilityUIElement::mathPostscriptsDescription): Deleted.
(WTR::AccessibilityUIElement::mathPrescriptsDescription): Deleted.
(WTR::AccessibilityUIElement::pathDescription): Deleted.

• WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
• WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::create):

• WebKitTestRunner/InjectedBundle/EventSendingController.h:
• WebKitTestRunner/InjectedBundle/GCController.cpp:

(WTR::GCController::create):

• WebKitTestRunner/InjectedBundle/GCController.h:
• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::beginTesting):

• WebKitTestRunner/InjectedBundle/InjectedBundle.h:
• WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::create):

• WebKitTestRunner/InjectedBundle/TestRunner.h:
• WebKitTestRunner/InjectedBundle/TextInputController.cpp:

(WTR::TextInputController::create):

• WebKitTestRunner/InjectedBundle/TextInputController.h:
• WebKitTestRunner/InjectedBundle/atk/AccessibilityControllerAtk.cpp:

(WTR::AccessibilityController::accessibleElementById):
(WTR::AccessibilityController::rootElement):
(WTR::AccessibilityController::focusedElement):
(WTR::AccessibilityController::logAccessibilityEvents): Deleted.

• WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.h:

(WTR::AccessibilityNotificationHandler::create):

• WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::elementAtPoint):
(WTR::AccessibilityUIElement::childAtIndex):
(WTR::accessibilityElementAtIndex):
(WTR::AccessibilityUIElement::linkedUIElementAtIndex):
(WTR::AccessibilityUIElement::ariaOwnsElementAtIndex):
(WTR::AccessibilityUIElement::ariaFlowToElementAtIndex):
(WTR::AccessibilityUIElement::ariaControlsElementAtIndex):
(WTR::AccessibilityUIElement::disclosedRowAtIndex):
(WTR::AccessibilityUIElement::rowAtIndex):
(WTR::AccessibilityUIElement::selectedChildAtIndex):
(WTR::AccessibilityUIElement::selectedRowAtIndex):
(WTR::AccessibilityUIElement::titleUIElement):
(WTR::AccessibilityUIElement::parentElement):
(WTR::AccessibilityUIElement::disclosedByRow):
(WTR::AccessibilityUIElement::uiElementAttributeValue):
(WTR::AccessibilityUIElement::uiElementForSearchPredicate):
(WTR::AccessibilityUIElement::cellForColumnAndRow):
(WTR::AccessibilityUIElement::horizontalScrollbar):
(WTR::AccessibilityUIElement::verticalScrollbar):
(WTR::AccessibilityUIElement::lineTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForElement):
(WTR::AccessibilityUIElement::previousTextMarker):
(WTR::AccessibilityUIElement::nextTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForMarkers):
(WTR::AccessibilityUIElement::startTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForBounds):
(WTR::AccessibilityUIElement::startTextMarkerForBounds):
(WTR::AccessibilityUIElement::textMarkerForPoint):
(WTR::AccessibilityUIElement::accessibilityElementForTextMarker):
(WTR::AccessibilityUIElement::textMarkerForIndex):
(WTR::AccessibilityUIElement::startTextMarker):
(WTR::AccessibilityUIElement::endTextMarker):

• WebKitTestRunner/InjectedBundle/ios/AccessibilityControllerIOS.mm:

(WTR::AccessibilityController::accessibleElementById):
(WTR::AccessibilityController::logAccessibilityEvents): Deleted.

• WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::headerElementAtIndex):
(WTR::AccessibilityUIElement::linkedElement):
(WTR::AccessibilityUIElement::elementAtPoint):
(WTR::AccessibilityUIElement::childAtIndex):
(WTR::AccessibilityUIElement::linkedUIElementAtIndex):
(WTR::AccessibilityUIElement::ariaOwnsElementAtIndex):
(WTR::AccessibilityUIElement::ariaFlowToElementAtIndex):
(WTR::AccessibilityUIElement::ariaControlsElementAtIndex):
(WTR::AccessibilityUIElement::disclosedRowAtIndex):
(WTR::AccessibilityUIElement::rowAtIndex):
(WTR::AccessibilityUIElement::selectedChildAtIndex):
(WTR::AccessibilityUIElement::selectedRowAtIndex):
(WTR::AccessibilityUIElement::titleUIElement):
(WTR::AccessibilityUIElement::parentElement):
(WTR::AccessibilityUIElement::disclosedByRow):
(WTR::AccessibilityUIElement::uiElementArrayAttributeValue):
(WTR::AccessibilityUIElement::uiElementAttributeValue):
(WTR::AccessibilityUIElement::rangeForLine):
(WTR::AccessibilityUIElement::rangeForPosition):
(WTR::AccessibilityUIElement::uiElementForSearchPredicate):
(WTR::AccessibilityUIElement::fieldsetAncestorElement):
(WTR::AccessibilityUIElement::cellForColumnAndRow):
(WTR::AccessibilityUIElement::horizontalScrollbar):
(WTR::AccessibilityUIElement::verticalScrollbar):
(WTR::AccessibilityUIElement::lineTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForElement):
(WTR::AccessibilityUIElement::previousTextMarker):
(WTR::AccessibilityUIElement::nextTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForMarkers):
(WTR::AccessibilityUIElement::startTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForBounds):
(WTR::AccessibilityUIElement::startTextMarkerForBounds):
(WTR::AccessibilityUIElement::textMarkerForPoint):
(WTR::AccessibilityUIElement::accessibilityElementForTextMarker):
(WTR::AccessibilityUIElement::textMarkerForIndex):
(WTR::AccessibilityUIElement::startTextMarker):
(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::paragraphTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousParagraphStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::mathPostscriptsDescription):
(WTR::AccessibilityUIElement::mathPrescriptsDescription):
(WTR::AccessibilityUIElement::supportedActions):

• WebKitTestRunner/InjectedBundle/mac/AccessibilityControllerMac.mm:

(WTR::AccessibilityController::accessibleElementById):
(WTR::AccessibilityController::logAccessibilityEvents): Deleted.

• WebKitTestRunner/InjectedBundle/mac/AccessibilityNotificationHandler.mm:

(makeValueRefForValue):
(-[AccessibilityNotificationHandler _notificationReceived:]):

• WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::elementAtPoint):
(WTR::AccessibilityUIElement::childAtIndex):
(WTR::AccessibilityUIElement::linkedUIElementAtIndex):
(WTR::AccessibilityUIElement::ariaOwnsElementAtIndex):
(WTR::AccessibilityUIElement::ariaFlowToElementAtIndex):
(WTR::AccessibilityUIElement::ariaControlsElementAtIndex):
(WTR::AccessibilityUIElement::disclosedRowAtIndex):
(WTR::AccessibilityUIElement::rowAtIndex):
(WTR::AccessibilityUIElement::selectedChildAtIndex):
(WTR::AccessibilityUIElement::selectedRowAtIndex):
(WTR::AccessibilityUIElement::titleUIElement):
(WTR::AccessibilityUIElement::parentElement):
(WTR::AccessibilityUIElement::disclosedByRow):
(WTR::AccessibilityUIElement::uiElementAttributeValue):
(WTR::AccessibilityUIElement::uiElementForSearchPredicate):
(WTR::AccessibilityUIElement::cellForColumnAndRow):
(WTR::AccessibilityUIElement::horizontalScrollbar):
(WTR::AccessibilityUIElement::verticalScrollbar):
(WTR::AccessibilityUIElement::lineTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForElement):
(WTR::AccessibilityUIElement::previousTextMarker):
(WTR::AccessibilityUIElement::nextTextMarker):
(WTR::AccessibilityUIElement::textMarkerRangeForMarkers):
(WTR::AccessibilityUIElement::selectedTextMarkerRange):
(WTR::AccessibilityUIElement::startTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForTextMarkerRange):
(WTR::AccessibilityUIElement::endTextMarkerForBounds):
(WTR::AccessibilityUIElement::startTextMarkerForBounds):
(WTR::AccessibilityUIElement::textMarkerForPoint):
(WTR::AccessibilityUIElement::accessibilityElementForTextMarker):
(WTR::AccessibilityUIElement::textMarkerForIndex):
(WTR::AccessibilityUIElement::startTextMarker):
(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::paragraphTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousParagraphStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextParagraphEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::sentenceTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousSentenceStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextSentenceEndTextMarkerForTextMarker):

• WebKitTestRunner/efl/EventSenderProxyEfl.cpp:

(WTR::keyPadName):
(WTR::keyName):

11:42 AM Changeset in webkit [208337] by commit-queue@webkit.org

• 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Modify FolderTreeElement to have a Collection as a its represented object
​https://bugs.webkit.org/show_bug.cgi?id=164349

Patch by Devin Rousso <Devin Rousso> on 2016-11-03
Reviewed by Matt Baker.

• UserInterface/Views/FolderTreeElement.js:

(WebInspector.FolderTreeElement):
Now accepts a representedObject parameter, which must be a WebInspector.Collection.

• UserInterface/Views/FolderizedTreeElement.js:

(WebInspector.FolderizedTreeElement.prototype.registerFolderizeSettings):
(WebInspector.FolderizedTreeElement.prototype.updateParentStatus):
(WebInspector.FolderizedTreeElement.prototype._parentTreeElementForRepresentedObject):
(WebInspector.FolderizedTreeElement.prototype._settingsForRepresentedObject):
(WebInspector.FolderizedTreeElement.prototype._shouldGroupIntoFolders):
(WebInspector.FolderizedTreeElement):
Rework the logic for creating WebInspector.FolderTreeElement so that items for the
representedObject parameter may be passed in via registerFolderizeSettings.

• UserInterface/Views/FrameTreeElement.js:

(WebInspector.FrameTreeElement):
(WebInspector.FrameTreeElement.): Deleted.
(WebInspector.FrameTreeElement.makeChildCountCallback): Deleted.
Rework logic for calling registerFolderizeSettings to support the representedObject
parameter. Also changed calls to WebInspector.Frame to support the
WebInspector.Collection class.

• UserInterface/Views/ResourceSidebarPanel.js:

(WebInspector.ResourceSidebarPanel.prototype.treeElementForRepresentedObject):
(WebInspector.ResourceSidebarPanel.prototype._scriptWasAdded):
(WebInspector.ResourceSidebarPanel.prototype._scriptsCleared):
Create WebInspector.Collection instances of Script model objects for additional folders
created by the Resources sidebar:

• Anonymous Scripts
• Extension Scripts
• Extra Scripts

11:04 AM Changeset in webkit [208336] by matthew_hanson@apple.com

• 2 edits in branches/safari-602-branch/Source/WebCore

Merge r208319. rdar://problem/29084077

11:04 AM Changeset in webkit [208335] by matthew_hanson@apple.com

• 11 edits
  2 adds in branches/safari-602-branch

Merge r208314. rdar://problem/29084077

11:04 AM Changeset in webkit [208334] by matthew_hanson@apple.com

• 6 edits in branches/safari-602-branch/Source

Merge r208307. rdar://problem/29078457

11:04 AM Changeset in webkit [208333] by matthew_hanson@apple.com

• 8 edits in branches/safari-602-branch/Source

Merge r208286. rdar://problem/28634857

11:04 AM Changeset in webkit [208332] by matthew_hanson@apple.com

• 3 edits
  4 adds in branches/safari-602-branch

Merge r208101. rdar://problem/29053206

11:04 AM Changeset in webkit [208331] by matthew_hanson@apple.com

• 10 edits
  6 adds in branches/safari-602-branch

Merge r208025. rdar://problem/28216240

10:47 AM Changeset in webkit [208330] by achristensen@apple.com

• 21 edits in trunk/Source/WebKit2

Reduce PassRefPtr use in WebKit2
​https://bugs.webkit.org/show_bug.cgi?id=164360

Reviewed by Tim Horton.

• Shared/API/APISecurityOrigin.h:

(API::SecurityOrigin::SecurityOrigin):

• Shared/API/APISerializedScriptValue.h:

(API::SerializedScriptValue::create):
(API::SerializedScriptValue::SerializedScriptValue):

• Shared/API/c/WKSharedAPICast.h:

(WebKit::ProxyingRefPtr::ProxyingRefPtr):
(WebKit::toAPI):

• Shared/APIWebArchive.h:
• Shared/APIWebArchive.mm:

(API::WebArchive::create):
(API::WebArchive::WebArchive):

• UIProcess/API/APIHitTestResult.cpp:

(API::HitTestResult::create):

• UIProcess/API/APIHitTestResult.h:
• UIProcess/API/APIUIClient.h:

(API::UIClient::createNewPage):

• UIProcess/API/C/WKPage.cpp:

(WebKit::RunBeforeUnloadConfirmPanelResultListener::create):
(WebKit::RunBeforeUnloadConfirmPanelResultListener::RunBeforeUnloadConfirmPanelResultListener):
(WebKit::RunJavaScriptAlertResultListener::create):
(WebKit::RunJavaScriptAlertResultListener::RunJavaScriptAlertResultListener):
(WebKit::RunJavaScriptConfirmResultListener::create):
(WebKit::RunJavaScriptConfirmResultListener::RunJavaScriptConfirmResultListener):
(WebKit::RunJavaScriptPromptResultListener::create):
(WebKit::RunJavaScriptPromptResultListener::RunJavaScriptPromptResultListener):
(WKPageSetPageUIClient):

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _takeViewSnapshot]):

• UIProcess/API/Cocoa/WKWebViewInternal.h:
• UIProcess/Cocoa/UIDelegate.h:
• UIProcess/Cocoa/UIDelegate.mm:

(WebKit::UIDelegate::UIClient::createNewPage):

• UIProcess/ios/WKGeolocationProviderIOS.mm:

(-[WKWebAllowDenyPolicyListener initWithPermissionRequestProxy:]):

• UIProcess/mac/WKImmediateActionController.mm:

(-[WKImmediateActionController _webHitTestResult]):

• WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(contextMenuItems):
(WKBundlePageCopyContextMenuItems):
(WKBundlePageCopyContextMenuAtPointInWindow):

• WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserMessageHandlerDescriptorProxy::create):

• WebProcess/WebPage/WebUndoStep.cpp:

(WebKit::WebUndoStep::create):

• WebProcess/WebPage/WebUndoStep.h:

(WebKit::WebUndoStep::WebUndoStep):

9:34 AM Changeset in webkit [208329] by barraclough@apple.com

• 25 edits
  2 deletes in trunk/Source

Remove PageThrottler & all related code
​https://bugs.webkit.org/show_bug.cgi?id=164302

Reviewed by Ryosuke Niwa.

All relevant information now available from the ActivityState.

Source/WebCore:

• CMakeLists.txt:
• WebCore.xcodeproj/project.pbxproj:
• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMuted):
(WebCore::HTMLMediaElement::updateVolume):
(WebCore::HTMLMediaElement::updatePlayState):
(WebCore::HTMLMediaElement::updateAudioAssertionState): Deleted.

• html/HTMLMediaElement.h:
• loader/FrameLoader.cpp:

(WebCore::FrameLoader::completed):
(WebCore::FrameLoader::started):

• loader/FrameLoader.h:
• page/ChromeClient.h:
• page/Page.cpp:

(WebCore::Page::Page):

• page/Page.h:

(WebCore::Page::pageActivityStateChanged): Deleted.
(WebCore::Page::pageThrottler): Deleted.

• page/PageThrottler.cpp: Removed.
• page/PageThrottler.h: Removed.

Source/WebKit2:

• PluginProcess/PluginProcess.cpp:

(WebKit::PluginProcess::PluginProcess):
(WebKit::PluginProcess::createWebProcessConnection):
(WebKit::PluginProcess::audioHardwareDidBecomeActive): Deleted.
(WebKit::PluginProcess::audioHardwareDidBecomeInactive): Deleted.

• PluginProcess/PluginProcess.h:

(): Deleted.

• PluginProcess/WebProcessConnection.cpp:

(WebKit::WebProcessConnection::audioHardwareDidBecomeActive): Deleted.
(WebKit::WebProcessConnection::audioHardwareDidBecomeInactive): Deleted.

• PluginProcess/WebProcessConnection.h:
• WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::evaluate):

• WebProcess/Plugins/Plugin.h:

(WebKit::Plugin::audioHardwareActivity): Deleted.

• WebProcess/Plugins/PluginProcessConnection.cpp:

(WebKit::PluginProcessConnection::PluginProcessConnection):
(WebKit::PluginProcessConnection::didReceiveMessage):
(WebKit::PluginProcessConnection::audioHardwareDidBecomeActive): Deleted.
(WebKit::PluginProcessConnection::audioHardwareDidBecomeInactive): Deleted.

• WebProcess/Plugins/PluginProcessConnection.h:

(WebKit::PluginProcessConnection::supportsAsynchronousPluginInitialization):
(WebKit::PluginProcessConnection::audioHardwareActivity): Deleted.

• WebProcess/Plugins/PluginProcessConnection.messages.in:
• WebProcess/Plugins/PluginProxy.cpp:

(WebKit::PluginProxy::audioHardwareActivity): Deleted.

• WebProcess/Plugins/PluginProxy.h:
• WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::audioHardwareActivity): Deleted.

• WebProcess/Plugins/PluginView.h:
• WebProcess/WebPage/WebPage.cpp:

9:19 AM Changeset in webkit [208328] by mitz@apple.com

• 6 edits in trunk/Source

REGRESSION (r206247): Painting milestones can be delayed until the next layer flush
​https://bugs.webkit.org/show_bug.cgi?id=164340
<rdar://problem/29074344>

Reviewed by Tim Horton.

Source/WebCore:

To give WebKit a chance to deliver the painting milestones to its client after the commit,
we must tell it about them before or during the commit. To that end, we should not defer
the call to firePaintRelatedMilestonesIfNeeded until after the commit.

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::RenderLayerCompositor): Removed

m_paintRelatedMilestonesTimer initializer.

(WebCore::RenderLayerCompositor::didPaintBacking): Call

FrameView::firePaintRelatedMilestonesIfNeeded directly from here.

(WebCore::RenderLayerCompositor::paintRelatedMilestonesTimerFired): Deleted.

• rendering/RenderLayerCompositor.h:

Source/WebKit2:

• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h: Declared new helper function.
• WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::sendPendingNewlyReachedLayoutMilestones): Helper

function that sends the message to the UI process and resets
m_pendingNewlyReachedLayoutMilestones.

(WebKit::TiledCoreAnimationDrawingArea::flushLayers): Wait until after the commit to get the

pending milestones and send them to the UI process. This way we don’t miss milestones that
fire during the commit.

8:51 AM Changeset in webkit [208327] by Antti Koivisto

• 2 edits in trunk/Source/WebCore

imported/mozilla/svg/paint-order-01.svg and imported/mozilla/svg/paint-order-02.svg are flaky failures
​https://bugs.webkit.org/show_bug.cgi?id=164355

Reviewed by Ryosuke Niwa.

Revert one change from ​https://trac.webkit.org/changeset/207669 to see if it is causing flakiness in
some XML based tests.

• xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::end):

7:39 AM Changeset in webkit [208326] by sbarati@apple.com

• 4 edits
  1 add in trunk

Asking for a value profile prediction should be defensive against not finding a value profile
​https://bugs.webkit.org/show_bug.cgi?id=164306

Reviewed by Mark Lam.

JSTests:

• stress/inlined-tail-call-in-inlined-setter-should-not-crash-when-getting-value-profile.js: Added.

(let.o.set foo):
(bar):

Source/JavaScriptCore:

Currently, the code that calls CodeBlock::valueProfilePredictionForBytecodeOffset
in the DFG assumes it will always be at a value producing node. However, this isn't
true if we tail call from an inlined setter. When we're at a tail call, we try
to find the first caller that isn't a tail call to see what value the
tail_call produces. If we inline a setter, however, we will end up finding
the put_by_id as our first non-tail-called "caller", and that won't have a
value profile associated with it since it's not a value producing node.
CodeBlock::valueProfilePredictionForBytecodeOffset should be defensive
against finding a null value profile.

• bytecode/CodeBlock.h:

(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):

1:04 AM Changeset in webkit [208325] by Carlos Garcia Campos

• 1 copy in releases/WebKitGTK/webkit-2.14.2

WebKitGTK+ 2.14.2

1:03 AM Changeset in webkit [208324] by Carlos Garcia Campos

• 4 edits in releases/WebKitGTK/webkit-2.14

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.14.2 release.

.:

• Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

• gtk/NEWS: Add release notes for 2.14.2.