Context Navigation

← Previous Period
Next Period →

Timeline

Nov 15, 2016:

10:51 PM Changeset in webkit [208786] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Warning added in r208542
https://bugs.webkit.org/show_bug.cgi?id=164636

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-11-15
Reviewed by Eric Carlson.

Deleted the copy constructor, we now explicitly copy the object in
the clone method.

platform/mediastream/MediaStreamTrackPrivate.cpp: Delete the

copy constructor.
(WebCore::MediaStreamTrackPrivate::clone): Copy the relevant
information for the clone operation in the API.

platform/mediastream/MediaStreamTrackPrivate.h: Delete the copy

constructor.

10:18 PM Changeset in webkit [208785] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Add more assertions to ElementQueue diagnose a bug
https://bugs.webkit.org/show_bug.cgi?id=164814

Reviewed by Yusuke Suzuki.

Add more assertions to check the sanity of the element queue.
Also made them all release assertions so that we can catch them better.

dom/CustomElementReactionQueue.cpp:

(WebCore::CustomElementReactionStack::ElementQueue::add):
(WebCore::CustomElementReactionStack::ElementQueue::invokeAll):

10:11 PM Changeset in webkit [208784] by Simon Fraser

2 edits in trunk/Source/WebKit2

[iOS WK2] Scroll view scrolling and zooming animations can keep running across page loads
https://bugs.webkit.org/show_bug.cgi?id=164810

Reviewed by Tim Horton.

Scrolling and zooming animations can leak across page loads, which makes tests flakey,
and is unexpected by users.

Tested by scrollingcoordinator/ios/sync-layer-positions-after-scroll.html followed by
scrollingcoordinator/ios/ui-scrolling-tree.html

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLoadForMainFrame]):

10:03 PM Changeset in webkit [208783] by commit-queue@webkit.org

5 edits in trunk/Source/WebInspectorUI

Web Inspector: SourceCodeTextEditor should display execution lines for background threads
https://bugs.webkit.org/show_bug.cgi?id=164679
<rdar://problem/29233026>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

There may be multiple threads paused in the same content view. With
this change we should a thread indicator for each primary line a
thread is paused on. It uses the same inline line indicator that
inline errors/warnings (issues) use.

When there is a single thread (just the Page) we don't show thread
indicators. But as soon as there are multiple threads we start
managing and showing them. The line indicator contains the name of
the thread on the side.

Note that SourceCodeTextEditor maintains the thread indicators, but
it still always handles the ActiveCallFrame as it used to, pushing
values down into TextEditor. The ActiveCallFrame styles override
the thread line indicators (albeit with the same styles). The reason
these are still separate is that TextEditor has some special styles
regarding its gutter for the active execution line. Eventually we
may want to find a way to push this up into SourceCodeTextEditor.

Localizations/en.lproj/localizedStrings.js:

New string "%d Threads" when multiple threads are on the same line.

UserInterface/Views/ScopeChainDetailsSidebarPanel.js:

(WebInspector.ScopeChainDetailsSidebarPanel):
(WebInspector.ScopeChainDetailsSidebarPanel.prototype._activeCallFrameDidChange):
Update Watch Expressions when the active call frame changes.

UserInterface/Views/SourceCodeTextEditor.css:

(.source-code.text-editor > .CodeMirror .line-indicator-widget):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .arrow):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline > .arrow):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .icon):
(.source-code.text-editor > .CodeMirror .line-indicator-widget > .text):
(.source-code.text-editor > .CodeMirror .line-indicator-widget.inline > .text):
Share line indicator widget styles between issue widgets and thread widgets.

(.source-code.text-editor > .CodeMirror .thread-indicator):
(.source-code.text-editor > .CodeMirror .thread-widget):
(.source-code.text-editor > .CodeMirror .thread-widget.inline):
(.source-code.text-editor > .CodeMirror .thread-widget.inline > .arrow):
Colors for the thread-widget line-indicators.

UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor):
(WebInspector.SourceCodeTextEditor.prototype.close):
New event listeners handling for Target added / removed events.

(WebInspector.SourceCodeTextEditor.prototype._targetAdded):
(WebInspector.SourceCodeTextEditor.prototype._targetRemoved):
Update thread indicators as needed.

(WebInspector.SourceCodeTextEditor.prototype._looselyMatchesSourceCodeLocation):
More generic match based just on the URLs. Even if the exact script comes
from a different target, if they share the same URL that is fine.

(WebInspector.SourceCodeTextEditor.prototype._callFramesDidChange):
(WebInspector.SourceCodeTextEditor.prototype._addThreadIndicatorForTarget):
(WebInspector.SourceCodeTextEditor.prototype._removeThreadIndicatorForTarget):
(WebInspector.SourceCodeTextEditor.prototype._threadIndicatorWidgetForLine):
(WebInspector.SourceCodeTextEditor.prototype._updateThreadIndicatorWidget):
(WebInspector.SourceCodeTextEditor.prototype._handleThreadIndicatorWidgetClick):
Manage thread line indicator widgets. There are 3 maps we maintain.

line -> [threads]

List of threads paused on a line, needed for the UI text.

line -> widget

Gets the widget on a line so we can modify and eventually remove it.

target -> line

If a target is removed, we need to know what line it had an indicator on.

(WebInspector.SourceCodeTextEditor.prototype._isWidgetToggleable):
Generalize for all of our different line indicator widgets.

(WebInspector.SourceCodeTextEditor.prototype._contentDidPopulate):
(WebInspector.SourceCodeTextEditor.prototype.textEditorUpdatedFormatting):
(WebInspector.SourceCodeTextEditor.prototype._reinsertAllThreadIndicators):
When first populated, or reformatted, clear and reinsert all widgets.

(WebInspector.SourceCodeTextEditor.prototype._reinsertAllIssues):
(WebInspector.SourceCodeTextEditor.prototype._logCleared):
(WebInspector.SourceCodeTextEditor.prototype._clearIssueWidgets): Renamed.
Rename _clearWidgets to _clearIssueWidgets.

9:05 PM Changeset in webkit [208782] by mark.lam@apple.com

3 edits
1 add in trunk

Make JSC test functions more robust.
https://bugs.webkit.org/show_bug.cgi?id=164807

Reviewed by Keith Miller.

JSTests:

stress/jsc-test-functions-should-be-more-robust.js: Added.

Source/JavaScriptCore:

jsc.cpp:

(functionGetHiddenValue):
(functionSetHiddenValue):

8:47 PM Changeset in webkit [208781] by keith_miller@apple.com

25 edits in trunk

B3 should support UDiv/UMod
https://bugs.webkit.org/show_bug.cgi?id=164811

Reviewed by Filip Pizlo.

JSTests:

Link new instructions to wasm.

wasm/wasm.json:

Source/JavaScriptCore:

This patch adds support for UDiv and UMod in B3. Many of the magic number
cases have been ommited for now since they are unlikely to happen in wasm
code. Most wasm code we will see is generated via llvm, which has more
robust versions of what we would do anyway. Additionally, this patch
links the new opcodes up to the wasm parser.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::uDiv32):
(JSC::MacroAssemblerARM64::uDiv64):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::x86UDiv32):

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::x86UDiv64):

assembler/X86Assembler.h:

(JSC::X86Assembler::divq_r):

b3/B3Common.h:

(JSC::B3::chillUDiv):
(JSC::B3::chillUMod):

b3/B3Const32Value.cpp:

(JSC::B3::Const32Value::uDivConstant):
(JSC::B3::Const32Value::uModConstant):

b3/B3Const32Value.h:
b3/B3Const64Value.cpp:

(JSC::B3::Const64Value::uDivConstant):
(JSC::B3::Const64Value::uModConstant):

b3/B3Const64Value.h:
b3/B3LowerMacros.cpp:
b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):
(JSC::B3::Air::LowerToAir::lowerX86UDiv):

b3/B3Opcode.cpp:

(WTF::printInternal):

b3/B3Opcode.h:
b3/B3ReduceStrength.cpp:
b3/B3Validate.cpp:
b3/B3Value.cpp:

(JSC::B3::Value::uDivConstant):
(JSC::B3::Value::uModConstant):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

b3/B3Value.h:
b3/B3ValueKey.cpp:

(JSC::B3::ValueKey::materialize):

b3/air/AirInstInlines.h:

(JSC::B3::Air::isX86UDiv32Valid):
(JSC::B3::Air::isX86UDiv64Valid):

b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::testUDivArgsInt32):
(JSC::B3::testUDivArgsInt64):
(JSC::B3::testUModArgsInt32):
(JSC::B3::testUModArgsInt64):
(JSC::B3::run):

wasm/wasm.json:

8:07 PM Changeset in webkit [208780] by Chris Dumez

2 edits in trunk/Source/WebCore

Simplify Element::stripScriptingAttributes()
https://bugs.webkit.org/show_bug.cgi?id=164785

Reviewed by Ryosuke Niwa.

Simplify Element::stripScriptingAttributes() by leveraging
Vector::removeAllMatching().

No new tests, no Web-exposed behavior change.

dom/Element.cpp:

(WebCore::Element::stripScriptingAttributes):

7:10 PM Changeset in webkit [208779] by commit-queue@webkit.org

19 edits
2 copies
2 adds in trunk

Source/JavaScriptCore:
Web Inspector: Preview other CSS @media in browser window (print)
https://bugs.webkit.org/show_bug.cgi?id=13530
<rdar://problem/5712928>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

inspector/protocol/Page.json:

Update to preferred JSON style.

Source/WebInspectorUI:
Web Inspector: Remove unused and untested Page.setTouchEmulationEnabled command
https://bugs.webkit.org/show_bug.cgi?id=164793

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

Localizations/en.lproj/localizedStrings.js:

Tooltips for new button.

UserInterface/Base/Main.js:

(WebInspector.loaded):
New global setting.

UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView):
(WebInspector.DOMTreeContentView.prototype.get navigationItems):
(WebInspector.DOMTreeContentView.prototype._showPrintStylesSettingChanged):
(WebInspector.DOMTreeContentView.prototype._togglePrintStylesSetting):
New navigation bar button to toggle print styles.

UserInterface/Controllers/CSSStyleManager.js:

(WebInspector.CSSStyleManager.prototype.mediaTypeChanged):
After toggling styles we will need to refresh styles, so provide
a meaningful way to trigger refreshing styles from the frontend.

UserInterface/Images/Printer.svg: Added.
UserInterface/Images/gtk/Printer.svg: Added.

New Printer icon for enabling / disabling print styles.

UserInterface/Images/gtk/Crosshair.svg:
UserInterface/Images/gtk/LayerBorders.svg:
UserInterface/Images/gtk/NavigationItemCurleyBraces.svg:
UserInterface/Images/gtk/NavigationItemTypes.svg:
UserInterface/Images/gtk/PaintFlashing.svg:
UserInterface/Images/gtk/ShadowDOM.svg:
UserInterface/Images/gtk/ToggleLeftSidebar.svg:
UserInterface/Images/gtk/ToggleRightSidebar.svg:
UserInterface/Images/gtk/UpDownArrows.svg:

Fix a number of existing GTK images to have activated styles.

LayoutTests:
Web Inspector: Preview other CSS @media in browser window (print)
https://bugs.webkit.org/show_bug.cgi?id=13530
<rdar://problem/5712928>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

inspector/page/media-query-list-listener-exception-expected.txt: Copied from LayoutTests/inspector/page/setEmulatedMedia-expected.txt.
inspector/page/media-query-list-listener-exception.html: Copied from LayoutTests/inspector/page/setEmulatedMedia.html.

Rename this test which is about swallowing exceptions and happened to use inspector code.

inspector/page/setEmulatedMedia-expected.txt:
inspector/page/setEmulatedMedia.html:

Test for Page.setEmulatedMedia command.

6:55 PM Changeset in webkit [208778] by jonlee@apple.com

13 edits in trunk

Report active video and audio capture devices separately
https://bugs.webkit.org/show_bug.cgi?id=164769

Reviewed by Eric Carlson.

Source/WebCore:

For UI purposes, separate the notion of any active capture device to
an active audio and video capture device.

page/MediaProducer.h: Replace HasActiveMediaCaptureDevice with

HasActiveAudioCaptureDevice and HasActiveVideoCaptureDevice.

Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::mediaState): Update the logic for mediaState().
Since it is possible to arbitrarily add tracks from various sources,
check specifically for a local AV source (meaning a capture device) that
is producing data.

platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::hasLocalVideoSource): Iterate over the tracks
and look for video sources that are not remote.
(WebCore::MediaStreamPrivate::hasLocalAudioSource): Ditto for audio.

platform/mediastream/MediaStreamPrivate.h:
testing/Internals.cpp:

(WebCore::Internals::pageMediaState): Update internals reporting.

Source/WebKit2:

Replace kWKMediaHasActiveCaptureDevice with kWKMediaHasActiveAudioCaptureDevice and
kWKMediaHasActiveVideoCaptureDevice

UIProcess/API/C/WKPage.cpp:

(WKPageGetMediaState):

UIProcess/API/C/WKPagePrivate.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::isPlayingMediaDidChange): Update the mask to include the two
bits.

LayoutTests:

fast/mediastream/MediaStream-page-muted-expected.txt: Update test.
fast/mediastream/MediaStream-page-muted.html:

5:35 PM Changeset in webkit [208777] by fpizlo@apple.com

7 edits in trunk/Source/JavaScriptCore

Unreviewed, revert renaming useConcurrentJIT to useConcurrentJS.

dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

heap/Heap.cpp:

(JSC::Heap::addToRememberedSet):

jit/JITWorklist.cpp:

(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):

runtime/Options.cpp:

(JSC::recomputeDependentOptions):

runtime/Options.h:
runtime/WriteBarrierInlines.h:

(JSC::WriteBarrierBase<T>::set):
(JSC::WriteBarrierBase<Unknown>::set):

5:16 PM Changeset in webkit [208776] by Chris Dumez

9 edits in trunk/Source/WebCore

Avoid copying vector of attributes as much as possible in the HTML parser
https://bugs.webkit.org/show_bug.cgi?id=164778

Reviewed by Ryosuke Niwa.

Avoid copying vector of attributes as much as possible in the HTML parser by moving
AtomicHTMLToken around and making it obvious it is safe to move its attributes
vector as well.

No new tests, no Web-exposed behavior change.

html/parser/AtomicHTMLToken.h:

(WebCore::AtomicHTMLToken::AtomicHTMLToken):
(WebCore::findAttribute):

html/parser/HTMLConstructionSite.cpp:

(WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML):
(WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement):
(WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagInBody):
(WebCore::HTMLConstructionSite::insertHTMLBodyStartTagInBody):
(WebCore::HTMLConstructionSite::insertDoctype):
(WebCore::HTMLConstructionSite::insertComment):
(WebCore::HTMLConstructionSite::insertCommentOnDocument):
(WebCore::HTMLConstructionSite::insertCommentOnHTMLHtmlElement):
(WebCore::HTMLConstructionSite::insertHTMLHeadElement):
(WebCore::HTMLConstructionSite::insertHTMLBodyElement):
(WebCore::HTMLConstructionSite::insertHTMLFormElement):
(WebCore::HTMLConstructionSite::insertHTMLElement):
(WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface):
(WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement):
(WebCore::HTMLConstructionSite::insertFormattingElement):
(WebCore::HTMLConstructionSite::insertScriptElement):
(WebCore::HTMLConstructionSite::insertForeignElement):
(WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
(WebCore::HTMLConstructionSite::createElementFromSavedToken):

html/parser/HTMLConstructionSite.h:
html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::constructTreeFromHTMLToken):

html/parser/HTMLStackItem.h:

(WebCore::HTMLStackItem::HTMLStackItem):
(WebCore::HTMLStackItem::create):

html/parser/HTMLTreeBuilder.cpp:

(WebCore::CustomElementConstructionData::CustomElementConstructionData):
(WebCore::HTMLTreeBuilder::constructTree):
(WebCore::HTMLTreeBuilder::processToken):
(WebCore::HTMLTreeBuilder::processDoctypeToken):
(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::processFakeEndTag):
(WebCore::HTMLTreeBuilder::processFakePEndTagIfPInButtonScope):
(WebCore::HTMLTreeBuilder::processCloseWhenNestedTag):
(WebCore::HTMLTreeBuilder::processStartTagForInBody):
(WebCore::HTMLTreeBuilder::insertGenericHTMLElement):
(WebCore::HTMLTreeBuilder::processTemplateStartTag):
(WebCore::HTMLTreeBuilder::processTemplateEndTag):
(WebCore::HTMLTreeBuilder::processEndOfFileForInTemplateContents):
(WebCore::HTMLTreeBuilder::processStartTagForInTable):
(WebCore::HTMLTreeBuilder::processStartTag):
(WebCore::HTMLTreeBuilder::processHtmlStartTagForInBody):
(WebCore::HTMLTreeBuilder::processBodyEndTagForInBody):
(WebCore::HTMLTreeBuilder::processAnyOtherEndTagForInBody):
(WebCore::HTMLTreeBuilder::callTheAdoptionAgency):
(WebCore::HTMLTreeBuilder::processEndTagForInTableBody):
(WebCore::HTMLTreeBuilder::processEndTagForInRow):
(WebCore::HTMLTreeBuilder::processEndTagForInCell):
(WebCore::HTMLTreeBuilder::processEndTagForInBody):
(WebCore::HTMLTreeBuilder::processEndTagForInTable):
(WebCore::HTMLTreeBuilder::processEndTag):
(WebCore::HTMLTreeBuilder::processComment):
(WebCore::HTMLTreeBuilder::processCharacter):
(WebCore::HTMLTreeBuilder::processEndOfFile):
(WebCore::HTMLTreeBuilder::defaultForBeforeHTML):
(WebCore::HTMLTreeBuilder::defaultForBeforeHead):
(WebCore::HTMLTreeBuilder::defaultForInHead):
(WebCore::HTMLTreeBuilder::defaultForInHeadNoscript):
(WebCore::HTMLTreeBuilder::defaultForAfterHead):
(WebCore::HTMLTreeBuilder::processStartTagForInHead):
(WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag):
(WebCore::HTMLTreeBuilder::processGenericRawTextStartTag):
(WebCore::HTMLTreeBuilder::processScriptStartTag):
(WebCore::HTMLTreeBuilder::shouldProcessTokenInForeignContent):
(WebCore::hasAttribute):
(WebCore::HTMLTreeBuilder::processTokenInForeignContent):
(WebCore::HTMLTreeBuilder::parseError):

html/parser/HTMLTreeBuilder.h:
html/parser/TextDocumentParser.cpp:

(WebCore::TextDocumentParser::insertFakePreElement):

5:06 PM Changeset in webkit [208775] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking js/regress-141098.html as flaky on ios-simulator.
https://bugs.webkit.org/show_bug.cgi?id=163046

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

5:03 PM Changeset in webkit [208774] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

REGRESSION (r208248): Web Inspector: Pressing Left Arrow breaks autocomplete
https://bugs.webkit.org/show_bug.cgi?id=164391
<rdar://problem/29102408>

Reviewed by Matt Baker.

Unroll r208248.

UserInterface/Controllers/CodeMirrorCompletionController.js:

(WebInspector.CodeMirrorCompletionController):
(WebInspector.CodeMirrorCompletionController.prototype.updateCompletions):
(WebInspector.CodeMirrorCompletionController.prototype.isCompletionChange):
(WebInspector.CodeMirrorCompletionController.prototype.hideCompletions):
(WebInspector.CodeMirrorCompletionController.prototype.close):
(WebInspector.CodeMirrorCompletionController.prototype.completionSuggestionsSelectedCompletion):
(WebInspector.CodeMirrorCompletionController.prototype._createCompletionHintMarker):
(WebInspector.CodeMirrorCompletionController.prototype._applyCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._applyCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._commitCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._commitCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._removeLastChangeFromHistory):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint.clearMarker):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint.update):
(WebInspector.CodeMirrorCompletionController.prototype._removeCompletionHint):
(WebInspector.CodeMirrorCompletionController.prototype._completeAtCurrentPosition):
(WebInspector.CodeMirrorCompletionController.prototype._generateJavaScriptCompletions):

5:01 PM Changeset in webkit [208773] by ap@apple.com

2 edits in trunk/Tools

Update Youenn's e-mail addresses.

Scripts/webkitpy/common/config/contributors.json:

4:44 PM Changeset in webkit [208772] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Fix iOS API test assertion after r208534
https://bugs.webkit.org/show_bug.cgi?id=164751

Patch by Alex Christensen <achristensen@webkit.org> on 2016-11-15
Reviewed by Geoffrey Garen.

This removes a firing assertion in the WebKit1.AudioSessionCategoryIOS API test on the iOS simulator.

platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::setLowMemoryHandler):
This assertion is no longer valid because we are using m_installed to determine if m_lowMemoryHandler xor m_releaseMemoryBlock is set,
and we should be setting both right now on iOS and they are both useful in freeing memory. These should be united.

4:25 PM Changeset in webkit [208771] by beidson@apple.com

7 edits in trunk

IndexedDB 2.0: Key collation during SQLite lookups is insanely slow.
https://bugs.webkit.org/show_bug.cgi?id=164754

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by *all* existing tests, and unskips a previously-too-slow test)

The new serialization format is straight forward enough to get back with minimal documentation
in a comment with the code itself being the rest of the documentation.

It handles all current IDB key types and leaves room for future key types.

Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::setBinaryValue):

Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::binary):

Modules/indexeddb/server/IDBSerialization.cpp:

(WebCore::serializedTypeForKeyType):
(WebCore::writeLittleEndian):
(WebCore::readLittleEndian):
(WebCore::writeDouble):
(WebCore::readDouble):
(WebCore::encodeKey):
(WebCore::serializeIDBKeyData):
(WebCore::decodeKey):
(WebCore::deserializeIDBKeyData):

Modules/indexeddb/server/IDBSerialization.h:

Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey): Verify that Type == Invalid

keys don't get into the database. This was happening before and the previous serialization
supported it, but there's clearly no point in supporting it with the new serialization.

LayoutTests:

TestExpectations: Unskip a test that passes even in debug builds, and re-classify a test that used to be too-slow everywhere to be too-slow only in debug builds.

4:23 PM Changeset in webkit [208770] by Simon Fraser

3 edits
2 adds in trunk

UIScriptController: script with no async tasks fails if an earlier script registered a callback
https://bugs.webkit.org/show_bug.cgi?id=164762

Reviewed by Wenson Hsieh.
Tools:

UIScriptContext::runUIScript() considers a script to be "immediate" if that script doesn't
queue any async tasks. However, if an earlier UI script registered a callback, UIScriptContext::runUIScript()
would consider that an outstanding task.

Fix by unregistering any callbacks associated with the current UI script when uiScriptComplete() is called.

TestRunnerShared/UIScriptContext/UIScriptContext.cpp:

(UIScriptContext::tryToCompleteUIScriptForCurrentParentCallback):

LayoutTests:

fast/harness/ui-side-script-with-callback-expected.txt: Added.
fast/harness/ui-side-script-with-callback.html: Added.

4:23 PM Changeset in webkit [208769] by Simon Fraser

5 edits
2 adds in trunk

UIScriptController: setting a callback to undefined should unregister it
https://bugs.webkit.org/show_bug.cgi?id=164796

Reviewed by Dean Jackson.
Tools:

"Immediate" UI scripts (those that don't schedule any async tasks) should return
immediately, without the need to call uiScriptComplete(). However, this is broken if
an earlier UI script registered a callback (since no-one clears that callback after the
first script completes).

Make possible the workaround of setting the callback to undefined, which previously did
not clear the callback registration.

TestRunnerShared/UIScriptContext/UIScriptContext.cpp:

(UIScriptContext::registerCallback):

TestRunnerShared/UIScriptContext/UIScriptContext.h:
WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::platformClearAllCallbacks):

LayoutTests:

fast/harness/ui-side-script-unregister-callback-expected.txt: Added.
fast/harness/ui-side-script-unregister-callback.html: Added.

4:23 PM Changeset in webkit [208768] by ggaren@apple.com

5 edits in trunk/Source/JavaScriptCore

Debugging and other tools should not disable the code cache
https://bugs.webkit.org/show_bug.cgi?id=164802

Reviewed by Mark Lam.

bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::fromGlobalCode): Updated for interface
change.

parser/SourceCodeKey.h:

(JSC::SourceCodeFlags::SourceCodeFlags):
(JSC::SourceCodeFlags::bits):
(JSC::SourceCodeKey::SourceCodeKey): Treat debugging and other tools
as part of our key so that we can cache code while using tools. Be sure
to include these bits in our hash function so you don't get storms of
collisions as you open and close the Web Inspector.

runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): Treat tools as
a part of our key instead of as a reason to disable caching.

runtime/CodeCache.h:

4:19 PM Changeset in webkit [208767] by mark.lam@apple.com

10 edits in trunk/Source/JavaScriptCore

Remove JSString::SafeView and replace its uses with StringViewWithUnderlyingString.
https://bugs.webkit.org/show_bug.cgi?id=164777

Reviewed by Geoffrey Garen.

JSString::SafeView no longer achieves its intended goal to make it easier to
handle strings safely. Its clients still need to do explicit exception checks in
order to be correct. We'll remove it and replace its uses with
StringViewWithUnderlyingString instead which serves to gets the a StringView
(which is what we really wanted from SafeView) and keeps the backing String alive
while the view is in use.

Also added some missing exception checks.

jsc.cpp:

(printInternal):
(functionDebug):

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncJoin):

runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorFuncCompare):

runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewProtoFuncJoin):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::toStringView):
(JSC::globalFuncParseFloat):

runtime/JSONObject.cpp:

(JSC::JSONProtoFuncParse):

runtime/JSString.h:

(JSC::JSString::SafeView::is8Bit): Deleted.
(JSC::JSString::SafeView::length): Deleted.
(JSC::JSString::SafeView::SafeView): Deleted.
(JSC::JSString::SafeView::get): Deleted.
(JSC::JSString::view): Deleted.

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncRepeatCharacter):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncNormalize):

4:09 PM Changeset in webkit [208766] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking http/tests/cache/disk-cache/disk-cache-remove-several-pending-writes.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=161650

Unreviewed test gardening.

platform/mac/TestExpectations:

4:06 PM Changeset in webkit [208765] by Brent Fulgham

2 edits in trunk/Source/WebCore

Ensure sufficient buffer for worst-case URL encoding
https://bugs.webkit.org/show_bug.cgi?id=164794
<rdar://problem/5905510>

Reviewed by David Kilzer.

Slightly increase the default allocation size for URL parsing to account for
the worst-case parsing case. Under these assumptions, we might need three times
the byte length of the URL, plus nine bytes for fix-up characters.

In short, increase the default buffer size by 9 bytes.

No new tests. No change in behavior.

platform/URL.cpp:

(WebCore::URL::parse): Slightly increase the default buffer size.

3:48 PM Changeset in webkit [208764] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip fast/forms/search-cancel-button-change-input.html on ios-simulator since the test relies upon mouse events.

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

3:42 PM Changeset in webkit [208763] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove bogus assertion.

heap/Heap.cpp:

(JSC::Heap::markToFixpoint):

3:32 PM Changeset in webkit [208762] by fpizlo@apple.com

4 edits in trunk

[mac-wk1 debug] ASSERTION FAILED: thisObject->m_propertyTableUnsafe
https://bugs.webkit.org/show_bug.cgi?id=162986

Reviewed by Saam Barati.

Source/JavaScriptCore:

This assertion is wrong for concurrent GC anyway, so this removes it.

runtime/Structure.cpp:

(JSC::Structure::visitChildren):

LayoutTests:

This test should not crash anymore.

platform/mac-wk1/TestExpectations:

3:21 PM Changeset in webkit [208761] by fpizlo@apple.com

73 edits
1 move in trunk/Source

Rename CONCURRENT_JIT/ConcurrentJIT to CONCURRENT_JS/ConcurrentJS
https://bugs.webkit.org/show_bug.cgi?id=164791

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Just renaming.

JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/ArrayProfile.cpp:

(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
(JSC::ArrayProfile::briefDescriptionWithoutUpdating):

bytecode/ArrayProfile.h:

(JSC::ArrayProfile::observedArrayModes):
(JSC::ArrayProfile::mayInterceptIndexedAccesses):
(JSC::ArrayProfile::mayStoreToHole):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::usesOriginalArrayStructures):

bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):
(JSC::CallLinkStatus::computeFor):
(JSC::CallLinkStatus::computeExitSiteData):
(JSC::CallLinkStatus::computeFromCallLinkInfo):
(JSC::CallLinkStatus::computeDFGStatuses):

bytecode/CallLinkStatus.h:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::getStubInfoMap):
(JSC::CodeBlock::getCallLinkInfoMap):
(JSC::CodeBlock::getByValInfoMap):
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::addByValInfo):
(JSC::CodeBlock::addCallLinkInfo):
(JSC::CodeBlock::resetJITData):
(JSC::CodeBlock::shrinkToFit):
(JSC::CodeBlock::getArrayProfile):
(JSC::CodeBlock::addArrayProfile):
(JSC::CodeBlock::getOrAddArrayProfile):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::nameForRegister):
(JSC::CodeBlock::livenessAnalysisSlow):

bytecode/CodeBlock.h:

(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
(JSC::CodeBlock::addFrequentExitSite):
(JSC::CodeBlock::hasExitSite):
(JSC::CodeBlock::livenessAnalysis):

bytecode/DFGExitProfile.cpp:

(JSC::DFG::ExitProfile::add):
(JSC::DFG::ExitProfile::hasExitSite):
(JSC::DFG::QueryableExitProfile::initialize):

bytecode/DFGExitProfile.h:

(JSC::DFG::ExitProfile::hasExitSite):

bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::hasExitSite):
(JSC::GetByIdStatus::computeFor):
(JSC::GetByIdStatus::computeForStubInfo):
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

bytecode/GetByIdStatus.h:
bytecode/LazyOperandValueProfile.cpp:

(JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
(JSC::CompressedLazyOperandValueProfileHolder::add):
(JSC::LazyOperandValueProfileParser::initialize):
(JSC::LazyOperandValueProfileParser::prediction):

bytecode/LazyOperandValueProfile.h:
bytecode/MethodOfGettingAValueProfile.cpp:

(JSC::MethodOfGettingAValueProfile::emitReportValue):

bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::hasExitSite):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::computeForStubInfo):

bytecode/PutByIdStatus.h:
bytecode/StructureStubClearingWatchpoint.cpp:

(JSC::StructureStubClearingWatchpoint::fireInternal):

bytecode/ValueProfile.h:

(JSC::ValueProfileBase::briefDescription):
(JSC::ValueProfileBase::computeUpdatedPrediction):

dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::fromObserved):

dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::withSpeculationFromProfile):
(JSC::DFG::ArrayMode::withProfile):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::tryGetConstantClosureVar):

dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGPredictionInjectionPhase.cpp:

(JSC::DFG::PredictionInjectionPhase::run):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

heap/Heap.cpp:

(JSC::Heap::addToRememberedSet):

jit/JIT.cpp:

(JSC::JIT::compileWithoutLinking):

jit/JITInlines.h:

(JSC::JIT::chooseArrayMode):

jit/JITOperations.cpp:

(JSC::tryGetByValOptimize):

jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompileGetByValWithCachedId):
(JSC::JIT::privateCompilePutByValWithCachedId):

jit/JITWorklist.cpp:

(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):

jit/Repatch.cpp:

(JSC::repatchGetByID):
(JSC::repatchPutByID):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):

profiler/ProfilerBytecodeSequence.cpp:

(JSC::Profiler::BytecodeSequence::BytecodeSequence):

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

runtime/ConcurrentJITLock.h: Removed.
runtime/ConcurrentJSLock.h: Copied from Source/JavaScriptCore/runtime/ConcurrentJITLock.h.

(JSC::ConcurrentJSLockerBase::ConcurrentJSLockerBase):
(JSC::ConcurrentJSLockerBase::~ConcurrentJSLockerBase):
(JSC::GCSafeConcurrentJSLocker::GCSafeConcurrentJSLocker):
(JSC::GCSafeConcurrentJSLocker::~GCSafeConcurrentJSLocker):
(JSC::ConcurrentJSLocker::ConcurrentJSLocker):
(JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase): Deleted.
(JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase): Deleted.
(JSC::ConcurrentJITLockerBase::unlockEarly): Deleted.
(JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker): Deleted.
(JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker): Deleted.
(JSC::ConcurrentJITLocker::ConcurrentJITLocker): Deleted.

runtime/InferredType.cpp:

(JSC::InferredType::canWatch):
(JSC::InferredType::addWatchpoint):
(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):

runtime/InferredType.h:
runtime/InferredTypeTable.cpp:

(JSC::InferredTypeTable::visitChildren):
(JSC::InferredTypeTable::get):
(JSC::InferredTypeTable::willStoreValue):
(JSC::InferredTypeTable::makeTop):

runtime/InferredTypeTable.h:
runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::heapSnapshot):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addStaticGlobals):

runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):

runtime/JSObject.cpp:

(JSC::JSObject::deleteProperty):
(JSC::JSObject::shiftButterflyAfterFlattening):

runtime/JSObject.h:
runtime/JSObjectInlines.h:

(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):

runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::collectClosureVariablesUnderTDZ):

runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::findVariableIndex):
(JSC::JSSegmentedVariableObject::addVariables):
(JSC::JSSegmentedVariableObject::heapSnapshot):

runtime/JSSegmentedVariableObject.h:
runtime/JSSymbolTableObject.cpp:

(JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):

runtime/JSSymbolTableObject.h:

(JSC::symbolTableGet):
(JSC::symbolTablePut):

runtime/Options.cpp:

(JSC::recomputeDependentOptions):

runtime/Options.h:
runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

runtime/RegExp.cpp:

(JSC::RegExp::compile):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):

runtime/RegExp.h:
runtime/Structure.cpp:

(JSC::Structure::materializePropertyTable):
(JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
(JSC::Structure::addNewPropertyTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::ensurePropertyReplacementWatchpointSet):
(JSC::Structure::add):
(JSC::Structure::remove):
(JSC::Structure::visitChildren):

runtime/Structure.h:
runtime/StructureInlines.h:

(JSC::Structure::propertyReplacementWatchpointSet):
(JSC::Structure::add):
(JSC::Structure::remove):

runtime/SymbolTable.cpp:

(JSC::SymbolTable::visitChildren):
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::entryFor):
(JSC::SymbolTable::prepareForTypeProfiling):
(JSC::SymbolTable::uniqueIDForVariable):
(JSC::SymbolTable::uniqueIDForOffset):
(JSC::SymbolTable::globalTypeSetForOffset):
(JSC::SymbolTable::globalTypeSetForVariable):

runtime/SymbolTable.h:
runtime/TypeSet.cpp:

(JSC::TypeSet::addTypeInformation):
(JSC::TypeSet::invalidateCache):

runtime/TypeSet.h:

(JSC::TypeSet::structureSet):

runtime/VM.h:
runtime/WriteBarrierInlines.h:

(JSC::WriteBarrierBase<T>::set):
(JSC::WriteBarrierBase<Unknown>::set):

yarr/YarrInterpreter.cpp:

(JSC::Yarr::ByteCompiler::compile):
(JSC::Yarr::byteCompile):

yarr/YarrInterpreter.h:

(JSC::Yarr::BytecodePattern::BytecodePattern):

Source/WTF:

Both the concurrent GC and the concurrent JIT rely on concurrency support in fundamental
JSC runtime components like JSValue. So, the thing that guards it should be a "feature"
called CONCURRENT_JS not CONCURRENT_JIT.

wtf/Platform.h:

3:12 PM Changeset in webkit [208760] by commit-queue@webkit.org

16 edits in trunk/Source

Web Inspector: Remove unused and untested Page.setTouchEmulationEnabled command
https://bugs.webkit.org/show_bug.cgi?id=164793

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Matt Baker.

Source/JavaScriptCore:

inspector/protocol/Page.json:

Source/WebCore:

inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorPageAgent::updateTouchEventEmulationInPage): Deleted.
(WebCore::InspectorPageAgent::setTouchEmulationEnabled): Deleted.

inspector/InspectorPageAgent.h:

Source/WebInspectorUI:

UserInterface/Protocol/Legacy/10.0/InspectorBackendCommands.js:
UserInterface/Protocol/Legacy/7.0/InspectorBackendCommands.js:
UserInterface/Protocol/Legacy/8.0/InspectorBackendCommands.js:
UserInterface/Protocol/Legacy/9.0/InspectorBackendCommands.js:
UserInterface/Protocol/Legacy/9.3/InspectorBackendCommands.js:
Versions/Inspector-iOS-10.0.json:
Versions/Inspector-iOS-7.0.json:
Versions/Inspector-iOS-8.0.json:
Versions/Inspector-iOS-9.0.json:
Versions/Inspector-iOS-9.3.json:

2:50 PM Changeset in webkit [208759] by jiewen_tan@apple.com

6 edits in trunk/LayoutTests

js-test-pre.js::shouldReject doesn't need _rejectCallback and _resolveCallback
https://bugs.webkit.org/show_bug.cgi?id=164758

Reviewed by Youenn Fablet.

Since the function returns a promise, it doesn't need _rejectCallback and _resolveCallback.

crypto/subtle/generate-key-malformed-parameters.html:
crypto/subtle/rsa-generate-key-malformed-parameters.html:
crypto/workers/subtle/resources/rsa-generate-key.js:
crypto/workers/subtle/rsa-generate-key-expected.txt:
resources/js-test-pre.js:

2:48 PM Changeset in webkit [208758] by Yusuke Suzuki

2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for Windows debug build after r208738
https://bugs.webkit.org/show_bug.cgi?id=164727

This static member variable can be touched outside of the JSC project
since inlined MacroAssembler member functions read / write it.
So it should be exported.

assembler/MacroAssemblerX86Common.h:

2:25 PM Changeset in webkit [208757] by jiewen_tan@apple.com

2 edits in trunk/Source/WebCore

Unreviewed, quick fix for r208751

bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::jsSubtleCryptoFunctionExportKeyPromise):

2:16 PM Changeset in webkit [208756] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, fix build after r208710.

Inline functions should not be marked as WEBCORE_EXPORT.

dom/QualifiedName.h:

2:12 PM Changeset in webkit [208755] by commit-queue@webkit.org

4 edits in trunk

Web Inspector: inspector/worker/debugger-pause.html fails on WebKit1
https://bugs.webkit.org/show_bug.cgi?id=164787

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::cancelPauseOnNextStatement):
Clear this DebuggerAgent state when we resume.

LayoutTests:

inspector/worker/debugger-pause.html:

Make this test work for WebKit1 where the VM is shared between the
page and inspector page. We need to be able to stop the Inspector's
evaluation, so that we can evaluate and pause on the page, and then
come back to the inspector afterwards.

2:02 PM Changeset in webkit [208754] by fpizlo@apple.com

5 edits in trunk/Source/JavaScriptCore

It should be possible to disable concurrent GC timeslicing
https://bugs.webkit.org/show_bug.cgi?id=164788

Reviewed by Saam Barati.

Collector timeslicing means that the collector will try to pause once every 2ms. This is
great because it throttles the mutator and prevents it from outpacing the collector. But
it reduces some of the efficacy of the collectContinuously=true configuration: while
it's great that collecting continuously means that the collector will also pause more
frequently and so it will test the pausing code, it also means that the collector will
spend less time running concurrently. The primary purpose of collectContinuously is to
maximize the amount of time that the collector is running concurrently to the mutator to
maximize the likelihood that a race will cause a detectable error.

This adds an option to disable collector timeslicing (useCollectorTimeslicing=false).
The idea is that we will usually use this in conjunction with collectContinuously=true
to find race conditions during marking, but we can also use the two options
independently to focus our testing on other things.

heap/Heap.cpp:

(JSC::Heap::markToFixpoint):

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::drainInParallel): We should have added this helper ages ago.

heap/SlotVisitor.h:
runtime/Options.h:

2:00 PM Changeset in webkit [208753] by Brent Fulgham

2 edits in trunk/Source/WebCore

strncpy may leave unterminated string in WebCore::URL::init
https://bugs.webkit.org/show_bug.cgi?id=74473
<rdar://problem/10576626>

Reviewed by David Kilzer.

Reviving an old patch by David Kilzer! This should have been integrated years ago.

No new tests. No change in behavior.

platform/URL.cpp:

(WebCore::URL::init): Make sure we always enter 'parse' with a
null-terminated string.

1:51 PM Changeset in webkit [208752] by sbarati@apple.com

2 edits in trunk/JSTests

Debug JSC test timeout: stress/has-own-property-name-cache-symbols-and-strings.js.ftl-no-cjit-small-pool
https://bugs.webkit.org/show_bug.cgi?id=163012

Unreviewed. This patch makes a test run for less time because it's timing out on the bots.

stress/has-own-property-name-cache-symbols-and-strings.js:

1:48 PM Changeset in webkit [208751] by jiewen_tan@apple.com

2 edits in trunk/Source/WebCore

Followup patch for r208737

Reviewed by Yusuke Suzuki.

bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::jsSubtleCryptoFunctionExportKeyPromise):

1:15 PM Changeset in webkit [208750] by fpizlo@apple.com

6 edits in trunk/Source

The concurrent GC should have a timeslicing controller
https://bugs.webkit.org/show_bug.cgi?id=164783

Reviewed by Geoffrey Garen.
Source/JavaScriptCore:

This adds a simple control system for deciding when the collector should let the mutator run
and when it should stop the mutator. We definitely have to stop the mutator during certain
collector phases, but during marking - which takes the most time - we can go either way.
Normally we want to let the mutator run, but if the heap size starts to grow then we have to
stop the mutator just to make sure it doesn't get too far ahead of the collector. That could
lead to memory exhaustion, so it's better to just stop in that case.

The controller tries to never stop the mutator for longer than short timeslices. It slices on
a 2ms period (configurable via Options). The amount of that period that the collector spends
with the mutator stopped is determined by the fraction of the collector's concurrent headroom
that has been allocated over. The headroom is currently configured at 50% of what was
allocated before the collector started.

This moves a bunch of parameters into Options so that it's easier to play with different
configurations.

I tried these different values for the period:

1ms: 30% worse than 2ms on splay-latency.
2ms: best score on splay-latency: the tick time above the 99.5% percentile is <2ms.
3ms: 40% worse than 2ms on splay-latency.
4ms: 40% worse than 2ms on splay-latency.

I also tried 100% headroom as an alternate to 50% and found it to be a worse.

This patch is a 2x improvement on splay-latency with the default parameters and concurrent GC
enabled. Prior to this change, the GC didn't have a good bound on its pause times, which
would cause these problems. Concurrent GC is now 5.6x better on splay-latency than no
concurrent GC.

heap/Heap.cpp:

(JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope):
(JSC::Heap::markToFixpoint):
(JSC::Heap::collectInThread):

runtime/Options.h:

Source/WTF:

wtf/LockAlgorithm.h: Added some comments.
wtf/Seconds.h: Added support for modulo. It's necessary for timeslicing.

(WTF::Seconds::operator%):
(WTF::Seconds::operator%=):

1:11 PM Changeset in webkit [208749] by Yusuke Suzuki

2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for CLoop after r208738
https://bugs.webkit.org/show_bug.cgi?id=164727

jsc.cpp:

(WTF::DOMJITFunctionObject::unsafeFunction):
(WTF::DOMJITFunctionObject::finishCreation):

1:06 PM Changeset in webkit [208748] by Simon Fraser

25 edits
7 adds in trunk

[iOS WK2] Implement support for visual viewports
https://bugs.webkit.org/show_bug.cgi?id=164765

Reviewed by Tim Horton.

Adopt the visual viewport scrolling model in iOS WK2.
Source/WebCore:

This is more complex than the Mac implementation for two primary reasons. First,
WKWebView needs to to able to control the rectangle used for fixed position layout
to get the correct behavior when zooming all the way out, and because iOS displays
pages scaled down, exposing document overflow such that the layout viewport rectangle
has to get larger than the initial containing block size (which does not happen on Mac).

This is achieved by pushing a "layoutViewportOverrideRect" down onto FrameView, in
a similar way to the customFixedPositionRect that's used now. We share that name
for now in code that is agnostic to its use (e.g. VisibleContentRectUpdateInfo).

I tried so hard to write tests, but ran into various problems (webkit.org/b/164762,
webkit.org/b/164764). Will add tests via webkit.org/b/164764.

page/FrameView.cpp:

(WebCore::FrameView::fixedScrollableAreaBoundsInflatedForScrolling): layoutViewportOrigin()
was removed.
(WebCore::FrameView::setBaseLayoutViewportOrigin): Rename with "base" to make it clearer that
it can be overridden.
(WebCore::FrameView::setLayoutViewportOverrideRect):
(WebCore::FrameView::baseLayoutViewportSize): Renamed.
(WebCore::FrameView::updateLayoutViewport): Logging.
(WebCore::FrameView::layoutViewportRect):
(WebCore::FrameView::scrollPositionForFixedPosition):
(WebCore::FrameView::unscaledMaximumScrollPosition): During page transitions on iOS, it
was possible for unscaledDocumentRect to be empty, but visibleSize() to be non-empty, leading
to odd negative max scroll offsets, so clamp to 0,0.
(WebCore::FrameView::setLayoutViewportOrigin): Deleted.

page/FrameView.h:
page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::reconcileScrollingState): scrollPositionForFixedPosition() already does the
visualViewportEnabled() check.

page/scrolling/mac/ScrollingTreeFixedNode.mm:

(WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):

platform/graphics/FloatSize.cpp:

(WebCore::FloatSize::constrainedBetween): Added for consistency with the other geometry types.

platform/graphics/FloatSize.h:
platform/graphics/LayoutSize.cpp:

(WebCore::LayoutSize::constrainedBetween): Ditto.

platform/graphics/LayoutSize.h:
rendering/RenderView.cpp:

(WebCore::RenderView::clientLogicalWidthForFixedPosition): If we have an override layout viewport, its size might be different
from the RenderView's size (the initial containing block), so we need to use the layoutViewportRect here.
(WebCore::RenderView::clientLogicalHeightForFixedPosition):

Source/WebKit2:

Pass the parameters used for computing the layout viewport up to WK2 via RemoteLayerTreeTransaction.
These are stored on WebPageProxy. When they change, _didCommitLayerTree triggers a -_updateVisibleContentRects.

WebPageProxy::computeCustomFixedPositionRect() is the function that computes the "override" layout viewport.
It starts with the baseLayoutViewportSize from the web process (which is based on the initial containing block
size), then ensures that it's no smaller than the unobscured content rect, since it makes no sense for the
layout viewport to be smaller than the visual viewport. The static FrameView::computeLayoutViewportOrigin()
is then use to "push" the layout viewport around as the visual viewport changes.

Shared/VisibleContentRectUpdateInfo.h:
Shared/WebCoreArgumentCoders.cpp: Encode LayoutSize and LayoutPoint.

(IPC::ArgumentCoder<LayoutSize>::encode):
(IPC::ArgumentCoder<LayoutSize>::decode):
(IPC::ArgumentCoder<LayoutPoint>::encode):
(IPC::ArgumentCoder<LayoutPoint>::decode):

Shared/WebCoreArgumentCoders.h:
Shared/mac/RemoteLayerTreeTransaction.h:

(WebKit::RemoteLayerTreeTransaction::baseLayoutViewportSize):
(WebKit::RemoteLayerTreeTransaction::setBaseLayoutViewportSize):
(WebKit::RemoteLayerTreeTransaction::minStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::setMinStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::maxStableLayoutViewportOrigin):
(WebKit::RemoteLayerTreeTransaction::setMaxStableLayoutViewportOrigin):

Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::encode):
(WebKit::RemoteLayerTreeTransaction::decode):
(WebKit::RemoteLayerTreeTransaction::description):

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _didCommitLayerTree:]):

UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:

(WebKit::RemoteScrollingCoordinatorProxy::visualViewportEnabled): Accessor.

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::customFixedPositionRect):

UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::customFixedPositionRect):

UIProcess/ios/WKContentView.mm:

(-[WKContentView didUpdateVisibleRect:unobscuredRect:unobscuredRectInScrollViewCoordinates:obscuredInset:scale:minimumScale:inStableState:isChangingObscuredInsetsInteractively:enclosedInScrollableAncestorView:]):
(-[WKContentView _didCommitLayerTree:]):

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::computeCustomFixedPositionRect): When visual viewports are enabled, compute
the layout viewport rect, taking the baseLayoutViewportSize and the current unobscured rect into account.
(WebKit::WebPageProxy::updateLayoutViewportParameters):

UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

WebProcess/WebPage/WebPage.cpp: Encode in the transaction the layout viewport parameters (with minor refactor).

(WebKit::WebPage::willCommitLayerTree):

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::updateVisibleContentRects): This is where the web process receives the new override layout viewport
from the web process (with some logging).

LayoutTests:

These tests don't correctly test iOS WK2's async scrolling behavior (webkit.org/b/164779)
so rebaseline.

platform/ios-simulator-wk2/fast/visual-viewport/nonzoomed-rects-expected.txt: Added.
platform/ios-simulator-wk2/fast/visual-viewport/rtl-nonzoomed-rects-expected.txt: Added.
platform/ios-simulator-wk2/fast/visual-viewport/rtl-zoomed-rects-expected.txt: Added.
platform/ios-simulator-wk2/fast/visual-viewport/zoomed-fixed-expected.txt: Added.
platform/ios-simulator-wk2/fast/visual-viewport/zoomed-fixed-scroll-down-then-up-expected.txt: Added.
platform/ios-simulator-wk2/fast/visual-viewport/zoomed-rects-expected.txt: Added.

12:55 PM Changeset in webkit [208747] by mmaxfield@apple.com

13 edits in trunk/Source/WebCore

[WebGL] Remove unused Chromium-specific OpenGL extensions
https://bugs.webkit.org/show_bug.cgi?id=164782

Reviewed by Dean Jackson.

No new tests because there is no behavior change.

html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::copyBufferSubData):
(WebCore::WebGL2RenderingContext::clear):
(WebCore::WebGL2RenderingContext::getExtension):

html/canvas/WebGLCompressedTextureS3TC.cpp:

(WebCore::WebGLCompressedTextureS3TC::supported):

html/canvas/WebGLDepthTexture.cpp:

(WebCore::WebGLDepthTexture::supported):

html/canvas/WebGLDrawBuffers.cpp:

(WebCore::WebGLDrawBuffers::satisfiesWebGLRequirements):

html/canvas/WebGLFramebuffer.cpp:

(WebCore::WebGLFramebuffer::onAccess):

html/canvas/WebGLFramebuffer.h:
html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::getExtension):
(WebCore::WebGLRenderingContext::clear):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::setupFlags):
(WebCore::WebGLRenderingContextBase::bufferData):
(WebCore::WebGLRenderingContextBase::bufferSubData):
(WebCore::WebGLRenderingContextBase::copyTexSubImage2D):
(WebCore::WebGLRenderingContextBase::validateDrawArrays):
(WebCore::WebGLRenderingContextBase::validateDrawElements):
(WebCore::WebGLRenderingContextBase::readPixels):
(WebCore::WebGLRenderingContextBase::texImage2DBase):
(WebCore::WebGLRenderingContextBase::copyTexImage2D):

html/canvas/WebGLRenderingContextBase.h:

(WebCore::WebGLRenderingContextBase::isGLES2NPOTStrict):
(WebCore::WebGLRenderingContextBase::isErrorGeneratedOnOutOfBoundsAccesses): Deleted.
(WebCore::WebGLRenderingContextBase::isResourceSafe): Deleted.

platform/graphics/GraphicsContext3D.cpp:

(WebCore::GraphicsContext3D::texImage2DResourceSafe):

platform/graphics/GraphicsContext3D.h:
platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::isResourceSafe): Deleted.

12:35 PM Changeset in webkit [208746] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: URL Breakpoints that resolve in multiple workers should only appear in the UI once
https://bugs.webkit.org/show_bug.cgi?id=164334
<rdar://problem/29073523>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Matt Baker.

UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype._addBreakpoint):
Don't add a duplicate BreakpointTreeElements for the same Breakpoint.

12:14 PM Changeset in webkit [208745] by Brent Fulgham

6 edits
2 adds in trunk

Correct handling of changing input type
https://bugs.webkit.org/show_bug.cgi?id=164759
<rdar://problem/29211174>

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/forms/search-cancel-button-change-input.html

It is possible for JavaScript to change the type property of an input field. WebKit
needs to gracefully handle this case.

Add a type traits specialization so we can properly downcast InputType elements.
Use this to only call search functions on actual search input types.

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::onSearch): Only perform search functions if the
input type is actually a search field.

html/InputType.h: Add type traits specialization for 'downcast' template.
html/SearchInputType.h: Ditto.

LayoutTests:

fast/forms/search-cancel-button-change-input-expected.txt: Added.
fast/forms/search-cancel-button-change-input.html: Added.

12:12 PM Changeset in webkit [208744] by Alan Bujtas

4 edits in trunk/Source/WebCore

CounterNode::insertAfter and ::removeChild should take references.
https://bugs.webkit.org/show_bug.cgi?id=164780

Reviewed by Simon Fraser.

No change in functionality.

rendering/CounterNode.cpp:

(WebCore::CounterNode::insertAfter):
(WebCore::CounterNode::removeChild):

rendering/CounterNode.h:
rendering/RenderCounter.cpp:

(WebCore::makeCounterNode):
(WebCore::destroyCounterNodeWithoutMapRemoval):
(WebCore::updateCounters):

11:53 AM Changeset in webkit [208743] by Antti Koivisto

11 edits
2 adds in trunk

slot doesn't work as a flex container
https://bugs.webkit.org/show_bug.cgi?id=160740
<rdar://problem/28605080>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/css-scoping-slot-flex.html

The style adjustment for flex children needs to be based on their parent box style rather
than the composed tree parent. This can be different when display:contents is involved.

css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::documentElementUserAgentStyle):

css/StyleMedia.cpp:

(WebCore::StyleMedia::matchMedium):

css/StyleResolver.cpp:

(WebCore::StyleResolver::StyleResolver):
(WebCore::StyleResolver::styleForElement):

Optionally provide parent box style so we can do adjustments based on it when computing style for rendering.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::equivalentBlockDisplay):

Avoid boolean parameters.

(WebCore::StyleResolver::adjustRenderStyle):

Do the display:contents adjustment first and treat 'content' like 'none' later'. We never want to override
'contents' with adjustments.
Use parent box style for flex/grid adjustments instead of the DOM parent style.

css/StyleResolver.h:
rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::computeStyleInRegion):

style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):

Call with parent box style.

(WebCore::Style::TreeResolver::parentBoxStyle):

Find the parent box style if any.

style/StyleTreeResolver.h:
svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

LayoutTests:

fast/shadow-dom/css-scoping-slot-flex-expected.html: Added.
fast/shadow-dom/css-scoping-slot-flex.html: Added.
fast/shadow-dom/slot-crash-expected.txt:

11:45 AM Changeset in webkit [208742] by commit-queue@webkit.org

25 edits in trunk/Source/WebCore

Misc Inspector backend cleanup
https://bugs.webkit.org/show_bug.cgi?id=164768

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-11-15
Reviewed by Brian Burg.

inspector/DOMPatchSupport.cpp:
inspector/InspectorApplicationCacheAgent.cpp:
inspector/InspectorApplicationCacheAgent.h:
inspector/InspectorCSSAgent.cpp:
inspector/InspectorCSSAgent.h:
inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

inspector/InspectorDOMAgent.h:
inspector/InspectorDOMDebuggerAgent.h:
inspector/InspectorDOMStorageAgent.cpp:
inspector/InspectorDOMStorageAgent.h:
inspector/InspectorDatabaseAgent.cpp:
inspector/InspectorDatabaseAgent.h:
inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::frontendLoaded):

inspector/InspectorIndexedDBAgent.cpp:

(WebCore::ClearObjectStoreListener::create): Deleted.
(WebCore::ClearObjectStoreListener::~ClearObjectStoreListener): Deleted.
(WebCore::ClearObjectStoreListener::ClearObjectStoreListener): Deleted.
(WebCore::ClearObjectStore::create): Deleted.
(WebCore::ClearObjectStore::ClearObjectStore): Deleted.

inspector/InspectorLayerTreeAgent.cpp:
inspector/InspectorLayerTreeAgent.h:
inspector/InspectorNetworkAgent.h:
inspector/InspectorPageAgent.cpp:
inspector/InspectorPageAgent.h:
inspector/InspectorReplayAgent.cpp:
inspector/InspectorReplayAgent.h:
inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::stopFromConsole):

inspector/InspectorTimelineAgent.h:
inspector/PageRuntimeAgent.h:

11:44 AM Changeset in webkit [208741] by mark.lam@apple.com

3 edits
1 add in trunk

The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
https://bugs.webkit.org/show_bug.cgi?id=164781
<rdar://problem/28418590>

Reviewed by Geoffrey Garen and Michael Saboff.

JSTests:

stress/jsc-setImpureGetterDelegate-on-bad-type.js: Added.

Source/JavaScriptCore:

jsc.cpp:

(functionSetImpureGetterDelegate):

11:42 AM Changeset in webkit [208740] by mmaxfield@apple.com

87 edits in trunk/Source/WebCore

[WebGL] Migrate construction functions from pointers to references
https://bugs.webkit.org/show_bug.cgi?id=164749

Reviewed by Zalan Bujtas.

Mechanical find/replace.

No new tests because there is no behavior change.

html/canvas/ANGLEInstancedArrays.cpp:

(WebCore::ANGLEInstancedArrays::ANGLEInstancedArrays):
(WebCore::ANGLEInstancedArrays::supported):
(WebCore::ANGLEInstancedArrays::drawArraysInstancedANGLE):
(WebCore::ANGLEInstancedArrays::drawElementsInstancedANGLE):
(WebCore::ANGLEInstancedArrays::vertexAttribDivisorANGLE):

html/canvas/ANGLEInstancedArrays.h:
html/canvas/EXTBlendMinMax.cpp:

(WebCore::EXTBlendMinMax::EXTBlendMinMax):

html/canvas/EXTBlendMinMax.h:
html/canvas/EXTFragDepth.cpp:

(WebCore::EXTFragDepth::EXTFragDepth):

html/canvas/EXTFragDepth.h:
html/canvas/EXTShaderTextureLOD.cpp:

(WebCore::EXTShaderTextureLOD::EXTShaderTextureLOD):

html/canvas/EXTShaderTextureLOD.h:
html/canvas/EXTTextureFilterAnisotropic.cpp:

(WebCore::EXTTextureFilterAnisotropic::EXTTextureFilterAnisotropic):

html/canvas/EXTTextureFilterAnisotropic.h:
html/canvas/EXTsRGB.cpp:

(WebCore::EXTsRGB::EXTsRGB):

html/canvas/EXTsRGB.h:
html/canvas/OESElementIndexUint.cpp:

(WebCore::OESElementIndexUint::OESElementIndexUint):

html/canvas/OESElementIndexUint.h:
html/canvas/OESStandardDerivatives.cpp:

(WebCore::OESStandardDerivatives::OESStandardDerivatives):

html/canvas/OESStandardDerivatives.h:
html/canvas/OESTextureFloat.cpp:

(WebCore::OESTextureFloat::OESTextureFloat):

html/canvas/OESTextureFloat.h:
html/canvas/OESTextureFloatLinear.cpp:

(WebCore::OESTextureFloatLinear::OESTextureFloatLinear):

html/canvas/OESTextureFloatLinear.h:
html/canvas/OESTextureHalfFloat.cpp:

(WebCore::OESTextureHalfFloat::OESTextureHalfFloat):

html/canvas/OESTextureHalfFloat.h:
html/canvas/OESTextureHalfFloatLinear.cpp:

(WebCore::OESTextureHalfFloatLinear::OESTextureHalfFloatLinear):

html/canvas/OESTextureHalfFloatLinear.h:
html/canvas/OESVertexArrayObject.cpp:

(WebCore::OESVertexArrayObject::OESVertexArrayObject):
(WebCore::OESVertexArrayObject::createVertexArrayOES):
(WebCore::OESVertexArrayObject::deleteVertexArrayOES):
(WebCore::OESVertexArrayObject::isVertexArrayOES):
(WebCore::OESVertexArrayObject::bindVertexArrayOES):

html/canvas/WebGL2RenderingContext.cpp:

(WebCore::WebGL2RenderingContext::initializeVertexArrayObjects):
(WebCore::WebGL2RenderingContext::initializeShaderExtensions):
(WebCore::WebGL2RenderingContext::drawBuffers):
(WebCore::WebGL2RenderingContext::createVertexArray):
(WebCore::WebGL2RenderingContext::isVertexArray):
(WebCore::WebGL2RenderingContext::bindVertexArray):
(WebCore::WebGL2RenderingContext::getExtension):
(WebCore::WebGL2RenderingContext::getSupportedExtensions):

html/canvas/WebGLBuffer.cpp:

(WebCore::WebGLBuffer::create):
(WebCore::WebGLBuffer::WebGLBuffer):

html/canvas/WebGLBuffer.h:
html/canvas/WebGLCompressedTextureATC.cpp:

(WebCore::WebGLCompressedTextureATC::WebGLCompressedTextureATC):
(WebCore::WebGLCompressedTextureATC::supported):

html/canvas/WebGLCompressedTextureATC.h:
html/canvas/WebGLCompressedTexturePVRTC.cpp:

(WebCore::WebGLCompressedTexturePVRTC::WebGLCompressedTexturePVRTC):
(WebCore::WebGLCompressedTexturePVRTC::supported):

html/canvas/WebGLCompressedTexturePVRTC.h:
html/canvas/WebGLCompressedTextureS3TC.cpp:

(WebCore::WebGLCompressedTextureS3TC::WebGLCompressedTextureS3TC):
(WebCore::WebGLCompressedTextureS3TC::supported):

html/canvas/WebGLCompressedTextureS3TC.h:
html/canvas/WebGLContextObject.cpp:

(WebCore::WebGLContextObject::WebGLContextObject):

html/canvas/WebGLContextObject.h:
html/canvas/WebGLDebugRendererInfo.cpp:

(WebCore::WebGLDebugRendererInfo::WebGLDebugRendererInfo):

html/canvas/WebGLDebugRendererInfo.h:
html/canvas/WebGLDebugShaders.cpp:

(WebCore::WebGLDebugShaders::WebGLDebugShaders):
(WebCore::WebGLDebugShaders::getTranslatedShaderSource):

html/canvas/WebGLDebugShaders.h:
html/canvas/WebGLDepthTexture.cpp:

(WebCore::WebGLDepthTexture::WebGLDepthTexture):
(WebCore::WebGLDepthTexture::supported):

html/canvas/WebGLDepthTexture.h:
html/canvas/WebGLDrawBuffers.cpp:

(WebCore::WebGLDrawBuffers::WebGLDrawBuffers):
(WebCore::WebGLDrawBuffers::supported):
(WebCore::WebGLDrawBuffers::drawBuffersWEBGL):
(WebCore::WebGLDrawBuffers::satisfiesWebGLRequirements):

html/canvas/WebGLDrawBuffers.h:
html/canvas/WebGLExtension.cpp:

(WebCore::WebGLExtension::WebGLExtension):

html/canvas/WebGLExtension.h:

(WebCore::WebGLExtension::ref):
(WebCore::WebGLExtension::deref):
(WebCore::WebGLExtension::context):

html/canvas/WebGLFramebuffer.cpp:

(WebCore::WebGLFramebuffer::create):
(WebCore::WebGLFramebuffer::WebGLFramebuffer):
(WebCore::WebGLFramebuffer::drawBuffersIfNecessary):

html/canvas/WebGLFramebuffer.h:
html/canvas/WebGLLoseContext.cpp:

(WebCore::WebGLLoseContext::WebGLLoseContext):
(WebCore::WebGLLoseContext::loseContext):
(WebCore::WebGLLoseContext::restoreContext):

html/canvas/WebGLLoseContext.h:
html/canvas/WebGLObject.cpp:

(WebCore::WebGLObject::WebGLObject):

html/canvas/WebGLObject.h:
html/canvas/WebGLProgram.cpp:

(WebCore::WebGLProgram::create):
(WebCore::WebGLProgram::WebGLProgram):

html/canvas/WebGLProgram.h:
html/canvas/WebGLQuery.cpp:

(WebCore::WebGLQuery::create):
(WebCore::WebGLQuery::WebGLQuery):

html/canvas/WebGLQuery.h:
html/canvas/WebGLRenderbuffer.cpp:

(WebCore::WebGLRenderbuffer::create):
(WebCore::WebGLRenderbuffer::WebGLRenderbuffer):

html/canvas/WebGLRenderbuffer.h:
html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::initializeVertexArrayObjects):
(WebCore::WebGLRenderingContext::getExtension):
(WebCore::WebGLRenderingContext::getSupportedExtensions):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::create):
(WebCore::WebGLRenderingContextBase::setupFlags):
(WebCore::WebGLRenderingContextBase::checkObjectToBeBound):
(WebCore::WebGLRenderingContextBase::createBuffer):
(WebCore::WebGLRenderingContextBase::createFramebuffer):
(WebCore::WebGLRenderingContextBase::createTexture):
(WebCore::WebGLRenderingContextBase::createProgram):
(WebCore::WebGLRenderingContextBase::createRenderbuffer):
(WebCore::WebGLRenderingContextBase::createShader):
(WebCore::WebGLRenderingContextBase::deleteObject):
(WebCore::WebGLRenderingContextBase::validateWebGLObject):
(WebCore::WebGLRenderingContextBase::framebufferRenderbuffer):
(WebCore::WebGLRenderingContextBase::framebufferTexture2D):
(WebCore::WebGLRenderingContextBase::getUniform):
(WebCore::WebGLRenderingContextBase::readPixels):
(WebCore::WebGLRenderingContextBase::loseContextImpl):
(WebCore::WebGLRenderingContextBase::maybeRestoreContext):
(WebCore::WebGLRenderingContextBase::supportsDrawBuffers):

html/canvas/WebGLSampler.cpp:

(WebCore::WebGLSampler::create):
(WebCore::WebGLSampler::WebGLSampler):

html/canvas/WebGLSampler.h:
html/canvas/WebGLShader.cpp:

(WebCore::WebGLShader::create):
(WebCore::WebGLShader::WebGLShader):

html/canvas/WebGLShader.h:
html/canvas/WebGLSharedObject.cpp:

(WebCore::WebGLSharedObject::WebGLSharedObject):

html/canvas/WebGLSharedObject.h:
html/canvas/WebGLSync.cpp:

(WebCore::WebGLSync::create):
(WebCore::WebGLSync::WebGLSync):

html/canvas/WebGLSync.h:
html/canvas/WebGLTexture.cpp:

(WebCore::WebGLTexture::create):
(WebCore::WebGLTexture::WebGLTexture):

html/canvas/WebGLTexture.h:
html/canvas/WebGLTransformFeedback.cpp:

(WebCore::WebGLTransformFeedback::create):
(WebCore::WebGLTransformFeedback::WebGLTransformFeedback):

html/canvas/WebGLTransformFeedback.h:
html/canvas/WebGLVertexArrayObject.cpp:

(WebCore::WebGLVertexArrayObject::create):
(WebCore::WebGLVertexArrayObject::WebGLVertexArrayObject):

html/canvas/WebGLVertexArrayObject.h:
html/canvas/WebGLVertexArrayObjectBase.cpp:

(WebCore::WebGLVertexArrayObjectBase::WebGLVertexArrayObjectBase):

html/canvas/WebGLVertexArrayObjectBase.h:
html/canvas/WebGLVertexArrayObjectOES.cpp:

(WebCore::WebGLVertexArrayObjectOES::create):
(WebCore::WebGLVertexArrayObjectOES::WebGLVertexArrayObjectOES):
(WebCore::WebGLVertexArrayObjectOES::deleteObjectImpl):

html/canvas/WebGLVertexArrayObjectOES.h:
platform/graphics/GraphicsContext3D.h:
platform/graphics/gpu/Texture.cpp:

(WebCore::convertFormat):

platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:

(WebCore::GraphicsContext3D::readPixelsAndConvertToBGRAIfNecessary):
(WebCore::GraphicsContext3D::reshapeFBOs):
(WebCore::GraphicsContext3D::getIntegerv):
(WebCore::GraphicsContext3D::getExtensions):

platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::validateDepthStencil):
(WebCore::GraphicsContext3D::drawArraysInstanced):
(WebCore::GraphicsContext3D::drawElementsInstanced):
(WebCore::GraphicsContext3D::vertexAttribDivisor):

11:31 AM Changeset in webkit [208739] by jdiggs@igalia.com

5 edits
2 adds in trunk

AX: Need to update implicit/default values for aria-valuemin, aria-valuenow, and aria-valuemax
https://bugs.webkit.org/show_bug.cgi?id=164773

Reviewed by Chris Fleizach.

Source/WebCore:

Return the values stated in the ARIA 1.1 spec, namely:

aria-valuemin is 0 for roles other than spinbutton
aria-valuemax is 100 for roles other than spinbutton
aria-valuenow is half way between aria-valuemax and aria-valuemin for roles other than spinbutton, and 0 for spinbutton

For spinbutton, the spec states that "there is no minimum/maximum value."
But at least in the case of ATK/AT-SPI2, the accessible value interface
is expected to provide a number. Therefore, expose the values we use to
constrain input type="number": -std::numeric_limits<float>::max() and
std::numeric_limits<float>::max().

Test: accessibility/spinbutton-implicit-values.html

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::valueForRange):
(WebCore::AccessibilityNodeObject::maxValueForRange):
(WebCore::AccessibilityNodeObject::minValueForRange):

LayoutTests:

accessibility/progressbar-expected.txt: Updated to reflect new behavior.
accessibility/progressbar.html: Updated to reflect new behavior.
accessibility/spinbutton-implicit-values-expected.txt: Added.
accessibility/spinbutton-implicit-values.html: Added.

11:21 AM Changeset in webkit [208738] by Yusuke Suzuki

4 edits
1 add in trunk

[DOMJIT] Allow using macro assembler scratches in FTL CheckDOM
https://bugs.webkit.org/show_bug.cgi?id=164727

Reviewed by Filip Pizlo.

JSTests:

stress/check-dom-with-signature.js: Added.

(shouldBe):
(calling):
(i.array.forEach):

Source/JavaScriptCore:

While CallDOMGetter can use macro assembler scratch registers, we previiously
assumed that CheckDOM code generator does not use macro assembler scratch registers.
It is currently true in x86 environment. But it is not true in the other environments.

We should not limit DOMJIT::Patchpoint's functionality in such a way. We should allow
arbitrary macro assembler operations inside the DOMJIT::Patchpoint. This patch allows
CheckDOM to use macro assembler scratch registers.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckDOM):

jsc.cpp:

(WTF::DOMJITFunctionObject::DOMJITFunctionObject):
(WTF::DOMJITFunctionObject::createStructure):
(WTF::DOMJITFunctionObject::create):
(WTF::DOMJITFunctionObject::unsafeFunction):
(WTF::DOMJITFunctionObject::safeFunction):
(WTF::DOMJITFunctionObject::checkDOMJITNode):
(WTF::DOMJITFunctionObject::finishCreation):
(GlobalObject::finishCreation):
(functionCreateDOMJITFunctionObject):

11:08 AM Changeset in webkit [208737] by jiewen_tan@apple.com

26 edits
2 moves
73 adds in trunk

Update SubtleCrypto::exportKey to match the latest spec
https://bugs.webkit.org/show_bug.cgi?id=164722
<rdar://problem/29251740>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

WebCryptoAPI/idlharness-expected.txt:

Source/WebCore:

This patch does following few things:

It updates the SubtleCrypto::exportKey method to match the latest spec: https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-exportKey. It also refers to the latest Editor's Draft to a certain degree: https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-exportKey.
It implements exportKey operations of the following algorithms: AES-CBC, AES-KW, HMAC, RSAES-PKCS1-V1_5, RSASSA-PKCS1-V1_5, and RSA-OAEP.
It also fixes the following bugs: https://bugs.webkit.org/show_bug.cgi?id=156114, <rdar://problem/21773066>.

Note: We currently only support Raw and Jwk key format.

Tests: crypto/subtle/aes-cbc-generate-export-key-jwk-length-128.html

crypto/subtle/aes-cbc-generate-export-key-jwk-length-192.html
crypto/subtle/aes-cbc-generate-export-key-jwk-length-256.html
crypto/subtle/aes-cbc-generate-export-key-raw.html
crypto/subtle/aes-export-key-malformed-parameters.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-128.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-192.html
crypto/subtle/aes-kw-generate-export-key-jwk-length-256.html
crypto/subtle/aes-kw-generate-export-raw-key.html
crypto/subtle/export-key-malformed-parameters.html
crypto/subtle/hmac-export-key-malformed-parameters.html
crypto/subtle/hmac-generate-export-key-jwk-sha1.html
crypto/subtle/hmac-generate-export-key-jwk-sha224.html
crypto/subtle/hmac-generate-export-key-jwk-sha256.html
crypto/subtle/hmac-generate-export-key-jwk-sha384.html
crypto/subtle/hmac-generate-export-key-jwk-sha512.html
crypto/subtle/hmac-generate-export-raw-key.html
crypto/subtle/hmac-import-key-malformed-parameters.html
crypto/subtle/rsa-export-key-malformed-parameters.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384.html
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512.html
crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384.html
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512.html
crypto/workers/subtle/aes-generate-export-key-jwk.html
crypto/workers/subtle/aes-generate-export-key-raw.html
crypto/workers/subtle/hmac-generate-export-key-jwk.html
crypto/workers/subtle/hmac-generate-export-key-raw.html
crypto/workers/subtle/rsa-generate-export-key-jwk.html

bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::toJSValueFromJsonWebKey):
(WebCore::jsSubtleCryptoFunctionExportKeyPromise):
(WebCore::JSSubtleCrypto::exportKey):

crypto/CryptoAlgorithm.cpp:

(WebCore::CryptoAlgorithm::exportKey):

crypto/CryptoAlgorithm.h:
crypto/SubtleCrypto.idl:
crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:

(WebCore::CryptoAlgorithmAES_CBC::importKey):
(WebCore::CryptoAlgorithmAES_CBC::exportKey):

crypto/algorithms/CryptoAlgorithmAES_CBC.h:
crypto/algorithms/CryptoAlgorithmAES_KW.cpp:

(WebCore::CryptoAlgorithmAES_KW::importKey):
(WebCore::CryptoAlgorithmAES_KW::exportKey):

crypto/algorithms/CryptoAlgorithmAES_KW.h:
crypto/algorithms/CryptoAlgorithmHMAC.cpp:

(WebCore::CryptoAlgorithmHMAC::importKey):
(WebCore::CryptoAlgorithmHMAC::exportKey):

crypto/algorithms/CryptoAlgorithmHMAC.h:
crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:

(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey):
(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::exportKey):

crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:

(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::exportKey):

crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:

(WebCore::CryptoAlgorithmRSA_OAEP::importKey):
(WebCore::CryptoAlgorithmRSA_OAEP::exportKey):

crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
crypto/keys/CryptoKeyAES.cpp:

(WebCore::CryptoKeyAES::exportJwk):

crypto/keys/CryptoKeyAES.h:
crypto/keys/CryptoKeyHMAC.cpp:

(WebCore::CryptoKeyHMAC::exportJwk):

crypto/keys/CryptoKeyHMAC.h:
crypto/keys/CryptoKeyRSA.cpp:

(WebCore::CryptoKeyRSA::exportJwk):

crypto/keys/CryptoKeyRSA.h:

LayoutTests:

Besides adding test cases for SubtleCrypto::exportKey, this patch also corrects a typo:
hmac-import-malformed-parameters* => hmac-import-key-malformed-parameters*.

crypto/subtle/aes-cbc-generate-export-key-jwk-length-128-expected.txt: Added.
crypto/subtle/aes-cbc-generate-export-key-jwk-length-128.html: Added.
crypto/subtle/aes-cbc-generate-export-key-jwk-length-192-expected.txt: Added.
crypto/subtle/aes-cbc-generate-export-key-jwk-length-192.html: Added.
crypto/subtle/aes-cbc-generate-export-key-jwk-length-256-expected.txt: Added.
crypto/subtle/aes-cbc-generate-export-key-jwk-length-256.html: Added.
crypto/subtle/aes-cbc-generate-export-key-raw-expected.txt: Added.
crypto/subtle/aes-cbc-generate-export-key-raw.html: Added.
crypto/subtle/aes-export-key-malformed-parameters-expected.txt: Added.
crypto/subtle/aes-export-key-malformed-parameters.html: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-128-expected.txt: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-128.html: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-192-expected.txt: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-192.html: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-256-expected.txt: Added.
crypto/subtle/aes-kw-generate-export-key-jwk-length-256.html: Added.
crypto/subtle/aes-kw-generate-export-raw-key-expected.txt: Added.
crypto/subtle/aes-kw-generate-export-raw-key.html: Added.
crypto/subtle/export-key-malformed-parameters-expected.txt: Added.
crypto/subtle/export-key-malformed-parameters.html: Added.
crypto/subtle/hmac-export-key-malformed-parameters-expected.txt: Added.
crypto/subtle/hmac-export-key-malformed-parameters.html: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha1-expected.txt: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha1.html: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha224-expected.txt: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha224.html: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha256-expected.txt: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha256.html: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha384-expected.txt: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha384.html: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha512-expected.txt: Added.
crypto/subtle/hmac-generate-export-key-jwk-sha512.html: Added.
crypto/subtle/hmac-generate-export-raw-key-expected.txt: Added.
crypto/subtle/hmac-generate-export-raw-key.html: Added.
crypto/subtle/hmac-import-key-malformed-parameters-expected.txt: Renamed from LayoutTests/crypto/subtle/hmac-import-malformed-parameters-expected.txt.
crypto/subtle/hmac-import-key-malformed-parameters.html: Renamed from LayoutTests/crypto/subtle/hmac-import-malformed-parameters.html.
crypto/subtle/rsa-export-key-malformed-parameters-expected.txt: Added.
crypto/subtle/rsa-export-key-malformed-parameters.html: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1-expected.txt: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha1.html: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224-expected.txt: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha224.html: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256-expected.txt: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha256.html: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384-expected.txt: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha384.html: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512-expected.txt: Added.
crypto/subtle/rsa-oaep-generate-export-key-jwk-sha512.html: Added.
crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk-expected.txt: Added.
crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-jwk.html: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1-expected.txt: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha1.html: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224-expected.txt: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha224.html: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256-expected.txt: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha256.html: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384-expected.txt: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha384.html: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512-expected.txt: Added.
crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-jwk-sha512.html: Added.
crypto/workers/subtle/aes-generate-export-key-jwk-expected.txt: Added.
crypto/workers/subtle/aes-generate-export-key-jwk.html: Added.
crypto/workers/subtle/aes-generate-export-key-raw-expected.txt: Added.
crypto/workers/subtle/aes-generate-export-key-raw.html: Added.
crypto/workers/subtle/hmac-generate-export-key-jwk-expected.txt: Added.
crypto/workers/subtle/hmac-generate-export-key-jwk.html: Added.
crypto/workers/subtle/hmac-generate-export-key-raw-expected.txt: Added.
crypto/workers/subtle/hmac-generate-export-key-raw.html: Added.
crypto/workers/subtle/resources/aes-generate-export-key-jwk.js: Added.
crypto/workers/subtle/resources/aes-generate-export-key-raw.js: Added.
crypto/workers/subtle/resources/hmac-generate-export-key-jwk.js: Added.
crypto/workers/subtle/resources/hmac-generate-export-key-raw.js: Added.
crypto/workers/subtle/resources/rsa-generate-export-key-jwk.js: Added.
crypto/workers/subtle/rsa-generate-export-key-jwk-expected.txt: Added.
crypto/workers/subtle/rsa-generate-export-key-jwk.html: Added.

11:04 AM Changeset in webkit [208736] by ggaren@apple.com

5 edits in trunk/Source/JavaScriptCore

CodeCache should stop pretending to cache builtins
https://bugs.webkit.org/show_bug.cgi?id=164750

Reviewed by Saam Barati.

We were passing JSParserBuiltinMode to all CodeCache functions, but the
passed-in value was always NotBuiltin.

Let's stop passing it.

parser/SourceCodeKey.h:

(JSC::SourceCodeFlags::SourceCodeFlags):
(JSC::SourceCodeKey::SourceCodeKey):

runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock):
(JSC::CodeCache::getUnlinkedProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock):
(JSC::CodeCache::getUnlinkedModuleProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):

runtime/CodeCache.h:

(JSC::generateUnlinkedCodeBlock):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createLocalEvalCodeBlock):
(JSC::JSGlobalObject::createGlobalEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):

10:19 AM Changeset in webkit [208735] by jonlee@apple.com

10 edits in trunk

Remove HasMediaCaptureDevice
https://bugs.webkit.org/show_bug.cgi?id=164767
<rdar://problem/29263696>

Reviewed by Eric Carlson.

Source/WebCore:

Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::mediaState): Remove HasMediaCaptureDevice in state.

page/MediaProducer.h:
testing/Internals.cpp:

(WebCore::Internals::pageMediaState): Remove it in the media string.

Source/WebKit2:

UIProcess/API/C/WKPage.cpp: Remove kWKMediaHasCaptureDevice.

(WKPageGetMediaState):

UIProcess/API/C/WKPagePrivate.h:

LayoutTests:

fast/mediastream/MediaStream-page-muted-expected.txt: Remove check for HasMediaCaptureDevice.
fast/mediastream/MediaStream-page-muted.html:

9:32 AM Changeset in webkit [208734] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

REGRESSION (r208711-r208722): ASSERTION FAILED: hasInlineStorage()
https://bugs.webkit.org/show_bug.cgi?id=164775

Reviewed by Mark Lam and Keith Miller.

We were calling inlineStorage() which asserts that inline storage is not empty. But we
were calling it in a context where it could be empty and that's fine. So, we now call
inlineStorageUnsafe().

runtime/JSObject.h:

(JSC::JSFinalObject::JSFinalObject):

8:57 AM Changeset in webkit [208733] by hyatt@apple.com

9 edits in trunk

[CSS Parser] Fix font-synthesis and text-decoration-skip parsing
https://bugs.webkit.org/show_bug.cgi?id=164736

Reviewed by Dean Jackson.

Source/WebCore:

Fix the properties to not allow duplicate values, to reject when
garbage values are included, to require that none be a singleton,
and to preserve the declaration order of the properties.

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertTextDecorationSkip):

css/parser/CSSParser.cpp:

(WebCore::CSSParser::parseFontSynthesis):
(WebCore::CSSParser::parseTextDecorationSkip):

css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontSynthesis):
(WebCore::consumeTextDecorationSkip):
(WebCore::CSSPropertyParser::parseSingleValue):

LayoutTests:

fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-roundtrip-expected.txt:
fast/css3-text/css3-text-decoration/text-decoration-skip/text-decoration-skip-roundtrip.html:
fast/css3-text/font-synthesis-parse-expected.txt:
fast/css3-text/font-synthesis-parse.html:

8:40 AM Changeset in webkit [208732] by dbates@webkit.org

32 edits
1 move
3 adds
1 delete in trunk

Disallow loads using HTTP 0.9 at the ResourceHandle/NetworkDataTask level
https://bugs.webkit.org/show_bug.cgi?id=164662
<rdar://problem/29268514>

Source/WebCore:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Currently we disallow non-default HTTP 0.9 loads at the ResourceLoader level and disallow
subresource loads using HTTP 0.9 on a default port when the embedding page loads using a
different HTTP version. However loads can still be initiated from other loaders (e.g. FrameLoader)
with regards to the first issue. The latter issue does not afford much protection and
increases code complexity. Instead we should simplify our policy and move our code to the
lowest networking abstraction level, ResourceHandle/NetworkDataTask, so that we disallow
all non-default port loads using HTTP 0.9 regardless of the loader used.

Tests: http/tests/security/http-0.9/image-default-port-allowed.html

http/tests/security/http-0.9/xhr-blocked.html

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::responseReceived): Remove logic to cancel an HTTP 0.9 load from here.
We will cancel the HTTP 0.9 load at the ResourceHandle/NetworkDataTask level.

loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveResponse): Ditto.

platform/URL.h: Export stringCenterEllipsizedToLength() so that we can use it in WebKit2.
platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::notifyResponseOnSuccess): Modified to call ResourceHandle::didReceiveResponse().
(WebCore::BlobResourceHandle::notifyResponseOnError): Ditto.

platform/network/ResourceHandle.cpp:

(WebCore::ResourceHandle::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Perform any
additional platform-specific logic after notifying the resource handle client of the received
response. Only the libsoup backend overwrites this member function to do something meaningful.

platform/network/ResourceHandle.h:
platform/network/ResourceResponseBase.h:
platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:

(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse): Modified to
call ResourceHandle::didReceiveResponse().

platform/network/mac/WebCoreResourceHandleAsDelegate.mm:

(-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]): Ditto.

platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:

(-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]): Ditto.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::nextMultipartResponsePartCallback): Ditto.
(WebCore::sendRequestCallback): Ditto.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Turns around and
calls continueAfterDidReceiveResponse().

Source/WebKit2:

Reviewed by Alex Christensen and Brady Eidson.

Make changes to NetworkDataTask similar to the changes made to ResourceHandle so as to
disallow non-default port HTTP 0.9 loads when using the ENABLE(NETWORK_SESSION) networking
code path in WebKit2.

NetworkProcess/NetworkDataTask.cpp:

(WebKit::NetworkDataTask::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.

NetworkProcess/NetworkDataTask.h:
NetworkProcess/NetworkDataTaskBlob.cpp:

(WebKit::NetworkDataTaskBlob::resume): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskBlob::getSizeForNext): Ditto.
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse): Renamed from didReceiveResponse().

NetworkProcess/NetworkDataTaskBlob.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::didReceiveResponse): Deleted.

NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::didSendRequest): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskSoup::dispatchDidReceiveResponse): Renamed from didReceiveResponse(). Also
remove the local variable response and inline its value into the call to ResourceHandle::didReceiveResponse()
as this variable is used exactly once in this function and its name does not describe its purpose any more
than its value.
(WebKit::NetworkDataTaskSoup::didRequestNextPart): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.

NetworkProcess/soup/NetworkDataTaskSoup.h:

LayoutTests:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Add a test to ensure that we block a synchronous XHR load using HTTP 0.9.
Renamed test image-default-port-blocked.html to image-default-port-allowed.html
as we now allow a subresource load using HTTP 0.9 on a default port regardless
of the HTTP version the embedding page used.

Update test expectations as DRT/WTR do not emit a localized description for the
error associated with a load failure. Note that a message is emitted to
Web Inspector console.

http/tests/security/http-0.9/iframe-blocked-expected.txt:
http/tests/security/http-0.9/iframe-blocked.html: Dump frame load callbacks

to see that load was cancelled as there is no other unique visible indication
of success.

http/tests/security/http-0.9/image-blocked-expected.txt: Update expected result.
http/tests/security/http-0.9/image-default-port-allowed-expected.txt: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked-expected.txt.
http/tests/security/http-0.9/image-default-port-allowed.html: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked.html.
http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Update expected result.
http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html: Ditto.
http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt: Ditto.
http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Ditto.
http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Ditto.
http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Ditto.
http/tests/security/http-0.9/xhr-blocked-expected.txt: Added.
http/tests/security/http-0.9/xhr-blocked.html: Added.
platform/wk2/TestExpectations: Skip the HTTP-0.9 tests in WebKit2 that use internals.registerDefaultPortForProtocol().

The function internals.registerDefaultPortForProtocol only updates the default-port-to-protocol map in the WebContent
process. However network loads in WebKit2 occur in the NetworkProcess. Further investigation is needed to determine
the best way to support testing with default ports. Ideally, we would run an HTTP server on port 80 for testing and
remove the need for internals.registerDefaultPortForProtocol().

8:02 AM Changeset in webkit [208731] by Alan Bujtas

6 edits
2 adds in trunk

[MultiCol] Render tree should be all clean by the end of FrameView::layout().
https://bugs.webkit.org/show_bug.cgi?id=162833

Reviewed by Simon Fraser.

Source/WebCore:

This is a temporary workaround until after we addressed render tree mutation during layout (webkit.org/b/163849).

Test: fast/inline/out-of-flow-quotation-text-with-multicolumn.html

page/FrameView.cpp:

(WebCore::FrameView::layout):

rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::RenderMultiColumnFlowThread::populate):
(WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):

rendering/RenderQuote.cpp:

(WebCore::RenderQuote::attachQuote): Populating/evacuating the flow should not trigger quotation text changes.
(WebCore::RenderQuote::detachQuote):

rendering/RenderView.h:

(WebCore::RenderTreeInternalMutationScope::RenderTreeInternalMutationScope):
(WebCore::RenderTreeInternalMutationScope::~RenderTreeInternalMutationScope):

LayoutTests:

This patch actually fixes the renderering of the closing quotation mark. Currently, it is
not rendered at all.

fast/inline/out-of-flow-quotation-text-with-multicolumn-expected.html: Added.
fast/inline/out-of-flow-quotation-text-with-multicolumn.html: Added.

4:27 AM Changeset in webkit [208730] by eric.carlson@apple.com

4 edits in trunk/Source

REGRESSION (r208606?): LayoutTest fast/mediastream/enumerating-crash.html is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=164715

Reviewed by Jon Lee.

No new tests, fixes a crash in an existing test.

Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::document): Return nullptr when the script execution context has

been cleared.

Modules/mediastream/UserMediaRequest.h:

(WebCore::UserMediaRequest::document): Deleted.

4:13 AM Changeset in webkit [208729] by commit-queue@webkit.org

7 edits in trunk

WebRTC: update MediaStream-MediaElement-srcObject.html test and unskip it
https://bugs.webkit.org/show_bug.cgi?id=159343

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-11-15
Reviewed by Philippe Normand.

Source/WebCore:

Test updated.

We can not initialize the srcObject attribute when creating the mediaplayer
or we would be removing the srcObject we are going to use.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::createMediaPlayer):

LayoutTests:

Update the test to use the getUserMedia API and unskip it.

fast/mediastream/MediaStream-MediaElement-srcObject-expected.txt:

Update the result of using the getUserMedia API.

fast/mediastream/MediaStream-MediaElement-srcObject.html: Use

the getUserMedia API from the helper.

platform/gtk/TestExpectations: Unskip the test.
platform/mac/TestExpectations: Unskip the test.

Nov 14, 2016:

11:06 PM Changeset in webkit [208728] by Csaba Osztrogonác

2 edits in trunk/Source/JavaScriptCore

[ARM] Unreviewed buildfix after r208720.

assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::storeFence): Stub function copied from MacroAssemblerARMv7.h.

10:08 PM Changeset in webkit [208727] by commit-queue@webkit.org

68 edits in trunk/Source

Move SecurityOrigin::createFromDatabaseIdentifier to SecurityOriginData
https://bugs.webkit.org/show_bug.cgi?id=164720

Patch by Alex Christensen <achristensen@webkit.org> on 2016-11-14
Reviewed by Brady Eidson.

Source/WebCore:

This is adding to r208558 where we moved databaseIdentifier to SecurityOriginData so we
don't have to use SecurityOrigin in the DatabaseProcess. This is a step towards only using
SecurityOrigin (and the SchemeRegistry) in the WebProcess. SecurityOriginData is for other
processes and IPC. There should be no change in behaviour.

Modules/webdatabase/Database.cpp:

(WebCore::Database::Database):
(WebCore::Database::securityOrigin):

Modules/webdatabase/Database.h:
Modules/webdatabase/DatabaseContext.cpp:

(WebCore::DatabaseContext::securityOrigin):

Modules/webdatabase/DatabaseContext.h:
Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::tryToOpenDatabaseBackend):
(WebCore::DatabaseManager::fullPathForDatabase):
(WebCore::DatabaseManager::detailsForNameAndOrigin):

Modules/webdatabase/DatabaseManager.h:
Modules/webdatabase/DatabaseManagerClient.h:

(WebCore::DatabaseManagerClient::dispatchDidAddNewOrigin):

Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::hasAdequateQuotaForOrigin):
(WebCore::DatabaseTracker::canEstablishDatabase):
(WebCore::DatabaseTracker::retryCanEstablishDatabase):
(WebCore::DatabaseTracker::hasEntryForOriginNoLock):
(WebCore::DatabaseTracker::hasEntryForDatabase):
(WebCore::DatabaseTracker::maximumSize):
(WebCore::DatabaseTracker::originPath):
(WebCore::DatabaseTracker::fullPathForDatabaseNoLock):
(WebCore::DatabaseTracker::fullPathForDatabase):
(WebCore::DatabaseTracker::origins):
(WebCore::DatabaseTracker::databaseNamesNoLock):
(WebCore::DatabaseTracker::databaseNames):
(WebCore::DatabaseTracker::detailsForNameAndOrigin):
(WebCore::DatabaseTracker::setDatabaseDetails):
(WebCore::DatabaseTracker::addOpenDatabase):
(WebCore::DatabaseTracker::removeOpenDatabase):
(WebCore::DatabaseTracker::originLockFor):
(WebCore::DatabaseTracker::deleteOriginLockFor):
(WebCore::DatabaseTracker::usage):
(WebCore::DatabaseTracker::quotaNoLock):
(WebCore::DatabaseTracker::quota):
(WebCore::DatabaseTracker::setQuota):
(WebCore::DatabaseTracker::addDatabase):
(WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
(WebCore::DatabaseTracker::deleteOrigin):
(WebCore::DatabaseTracker::isDeletingDatabaseOrOriginFor):
(WebCore::DatabaseTracker::recordCreatingDatabase):
(WebCore::DatabaseTracker::doneCreatingDatabase):
(WebCore::DatabaseTracker::creatingDatabase):
(WebCore::DatabaseTracker::canDeleteDatabase):
(WebCore::DatabaseTracker::recordDeletingDatabase):
(WebCore::DatabaseTracker::doneDeletingDatabase):
(WebCore::DatabaseTracker::isDeletingDatabase):
(WebCore::DatabaseTracker::canDeleteOrigin):
(WebCore::DatabaseTracker::isDeletingOrigin):
(WebCore::DatabaseTracker::recordDeletingOrigin):
(WebCore::DatabaseTracker::doneDeletingOrigin):
(WebCore::DatabaseTracker::deleteDatabase):
(WebCore::DatabaseTracker::deleteDatabaseFile):
(WebCore::DatabaseTracker::removeDeletedOpenedDatabases):
(WebCore::DatabaseTracker::scheduleNotifyDatabaseChanged):

Modules/webdatabase/DatabaseTracker.h:
Modules/webdatabase/SQLTransactionCoordinator.cpp:

(WebCore::getDatabaseIdentifier):

inspector/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::findStorageArea):

loader/EmptyClients.cpp:
page/DOMWindow.cpp:

(WebCore::DOMWindow::sessionStorage):

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::maybeCreateFromDatabaseIdentifier): Deleted.
(WebCore::SecurityOrigin::createFromDatabaseIdentifier): Deleted.

page/SecurityOrigin.h:
page/SecurityOriginData.cpp:

(WebCore::SecurityOriginData::fromDatabaseIdentifier):

page/SecurityOriginData.h:

(WebCore::SecurityOriginData::SecurityOriginData):

storage/StorageArea.h:
storage/StorageEventDispatcher.cpp:

(WebCore::StorageEventDispatcher::dispatchSessionStorageEvents):
(WebCore::StorageEventDispatcher::dispatchLocalStorageEvents):
(WebCore::StorageEventDispatcher::dispatchSessionStorageEventsToFrames):
(WebCore::StorageEventDispatcher::dispatchLocalStorageEventsToFrames):

storage/StorageEventDispatcher.h:
storage/StorageNamespace.h:
storage/StorageNamespaceProvider.cpp:

(WebCore::StorageNamespaceProvider::localStorageArea):

Source/WebKit:

Storage/StorageAreaImpl.cpp:

(WebKit::StorageAreaImpl::StorageAreaImpl):
(WebKit::StorageAreaImpl::create):
(WebKit::StorageAreaImpl::dispatchStorageEvent):

Storage/StorageAreaImpl.h:
Storage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::storageArea):
(WebKit::StorageNamespaceImpl::clearOriginForDeletion):

Storage/StorageNamespaceImpl.h:
Storage/StorageTracker.cpp:

(WebKit::StorageTracker::origins):
(WebKit::StorageTracker::deleteOriginWithIdentifier):
(WebKit::StorageTracker::deleteOrigin):

Storage/StorageTracker.h:
Storage/WebStorageNamespaceProvider.cpp:

(WebKit::WebStorageNamespaceProvider::clearLocalStorageForOrigin):

Storage/WebStorageNamespaceProvider.h:

Source/WebKit/mac:

Storage/WebDatabaseManager.mm:

(-[WebDatabaseManager origins]):
(-[WebDatabaseManager databasesWithOrigin:]):
(-[WebDatabaseManager deleteOrigin:]):
(-[WebDatabaseManager deleteDatabase:withOrigin:]):

Storage/WebDatabaseManagerClient.h:
Storage/WebDatabaseManagerClient.mm:

(DidModifyOriginData::dispatchToMainThread):
(DidModifyOriginData::DidModifyOriginData):
(WebDatabaseManagerClient::dispatchDidModifyOrigin):
(WebDatabaseManagerClient::dispatchDidModifyDatabase):

Storage/WebDatabaseQuotaManager.mm:

(-[WebDatabaseQuotaManager usage]):
(-[WebDatabaseQuotaManager quota]):
(-[WebDatabaseQuotaManager setQuota:]):

Storage/WebStorageManager.mm:

(-[WebStorageManager origins]):
(-[WebStorageManager deleteOrigin:]):

Storage/WebStorageTrackerClient.h:
Storage/WebStorageTrackerClient.mm:

(WebStorageTrackerClient::dispatchDidModifyOrigin):

WebCoreSupport/WebSecurityOrigin.mm:

(-[WebSecurityOrigin usage]):
(-[WebSecurityOrigin quota]):
(-[WebSecurityOrigin setQuota:]):

Source/WebKit/win:

WebDatabaseManager.cpp:

(DidModifyOriginData::dispatchToMainThread):
(DidModifyOriginData::DidModifyOriginData):
(WebDatabaseManager::dispatchDidModifyOrigin):
(WebDatabaseManager::dispatchDidModifyDatabase):

WebDatabaseManager.h:
WebSecurityOrigin.cpp:

(WebSecurityOrigin::usage):
(WebSecurityOrigin::quota):
(WebSecurityOrigin::setQuota):

Source/WebKit2:

DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::indexedDatabaseOrigins):

DatabaseProcess/DatabaseProcess.h:
NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):

Shared/API/c/WKSecurityOriginRef.cpp:

(WKSecurityOriginCreateFromDatabaseIdentifier):

Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::Entry::encode):
(WebKit::WebsiteData::Entry::decode):

Shared/WebsiteData/WebsiteData.h:
UIProcess/API/C/WKKeyValueStorageManager.cpp:

(WKKeyValueStorageManagerGetStorageDetailsByOrigin):

UIProcess/Storage/LocalStorageDatabaseTracker.cpp:

(WebKit::LocalStorageDatabaseTracker::deleteDatabasesModifiedSince):
(WebKit::LocalStorageDatabaseTracker::origins):

UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame):
(WebKit::UserMediaPermissionRequestManagerProxy::enumerateMediaDevicesForFrame):

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::exceededDatabaseQuota):
(WebKit::WebPageProxy::reachedApplicationCacheOriginQuota):
(WebKit::WebPageProxy::requestGeolocationPermissionForFrame):

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
(WebKit::WebsiteDataStore::removeData):
(WebKit::WebsiteDataStore::mediaKeyOrigins):

WebProcess/InjectedBundle/API/c/WKBundle.cpp:

(WKBundleSetDatabaseQuota):

WebProcess/MediaCache/WebMediaKeyStorageManager.cpp:

(WebKit::WebMediaKeyStorageManager::getMediaKeyOrigins):

WebProcess/Storage/StorageAreaImpl.cpp:

(WebKit::StorageAreaImpl::create):
(WebKit::StorageAreaImpl::StorageAreaImpl):
(WebKit::StorageAreaImpl::securityOrigin):

WebProcess/Storage/StorageAreaImpl.h:
WebProcess/Storage/StorageAreaMap.cpp:

(WebKit::StorageAreaMap::dispatchSessionStorageEvent):
(WebKit::StorageAreaMap::dispatchLocalStorageEvent):

WebProcess/Storage/StorageAreaMap.h:

(WebKit::StorageAreaMap::securityOrigin):

WebProcess/Storage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::didDestroyStorageAreaMap):
(WebKit::StorageNamespaceImpl::storageArea):

WebProcess/Storage/StorageNamespaceImpl.h:
WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::exceededDatabaseQuota):

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::fetchWebsiteData):

8:28 PM Changeset in webkit [208726] by caitp@igalia.com

7 edits
2 adds in trunk

[JSC] do not reference AwaitExpression Promises in async function Promise chain
https://bugs.webkit.org/show_bug.cgi?id=164753

Reviewed by Yusuke Suzuki.

JSTests:

asyncFunctionTests.yaml:
stress/async-await-long-loop.js: Added.

(shouldBe):
(async.longLoop):

stress/async-await-throw-loop.js: Added.

(shouldBe):
(async.thrower):
(async.throwLoop):

Source/JavaScriptCore:

Previously, long-running async functions which contained many AwaitExpressions
would allocate and retain references to intermediate Promise objects for each await,
resulting in a memory leak.

To mitigate this leak, a reference to the original Promise (and its resolve and reject
functions) associated with the async function are kept, and passed to each call to
@asyncFunctionResume, while intermediate Promises are discarded. This is done by adding
a new Register to the BytecodeGenerator to hold the PromiseCapability object associated
with an async function wrapper. The capability is used to reject the Promise if an
exception is thrown during parameter initialization, and is used to store the resulting
value once the async function has terminated.

builtins/AsyncFunctionPrototype.js:

(globalPrivate.asyncFunctionResume):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::promiseCapabilityRegister):

bytecompiler/NodesCodegen.cpp:

(JSC::FunctionNode::emitBytecode):

8:02 PM Changeset in webkit [208725] by Joseph Pecoraro

31 edits
12 adds in trunk

Web Inspector: Worker debugging should pause all targets and view call frames in all targets
https://bugs.webkit.org/show_bug.cgi?id=164305
<rdar://problem/29056192>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

inspector/InjectedScriptSource.js:

(InjectedScript.prototype._propertyDescriptors):
Accessing proto does a ToThis(...) conversion on the receiver.
In the case of GlobalObjects (such as WorkerGlobalScope when paused)
this would return undefined and throw an exception. We can use
Object.getPrototypeOf to avoid that conversion and possible error.

inspector/protocol/Debugger.json:

Provide a new way to effectively resume + pause immediately.
This must be implemented on the backend to correctly synchronize
the resuming and pausing.

inspector/agents/InspectorDebuggerAgent.h:
inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::continueUntilNextRunLoop):
Treat this as resume and pause. Resume now, and trigger
a pause if the VM becomes idle and we didn't pause before then
(such as hitting a breakpoint after we resumed).

(Inspector::InspectorDebuggerAgent::pause):
(Inspector::InspectorDebuggerAgent::resume):
(Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
(Inspector::InspectorDebuggerAgent::cancelPauseOnNextStatement):
Clean up and correct pause on next statement logic.

(Inspector::InspectorDebuggerAgent::registerIdleHandler):
(Inspector::InspectorDebuggerAgent::willStepAndMayBecomeIdle):
(Inspector::InspectorDebuggerAgent::didBecomeIdle):
(Inspector::InspectorDebuggerAgent::didBecomeIdleAfterStepping): Deleted.
The idle handler may now also trigger a pause in the case
where continueUntilNextRunLoop resumed and wants to pause.

(Inspector::InspectorDebuggerAgent::didPause):
Eliminate the useless didPause. The DOMDebugger was keeping track
of its own state that was worse then the state in DebuggerAgent.

Source/WebCore:

Tests: inspector/debugger/continueUntilNextRunLoop

inspector/worker/debugger-multiple-targets-pause

workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::postMessageToPageInspector):
Switch from postTask (callOnMainThread) to RunLoop::main().dispatch so
that a paused Worker can send Inspector protocol messages responses
back through the Main Page's InspectorWorkerAgent even if the Page
itself is paused and MainThread callbacks are paused.

workers/WorkerRunLoop.h:

(WebCore::WorkerRunLoop::isNested):

workers/WorkerRunLoop.cpp:

(WebCore::WorkerRunLoop::runInMode):
When running a nested WorkerRunLoop, running inspector debugger
commands, we should not fire timers on the Worker. Timers would
then be happening out of order and would not be debuggable.

dom/EventTarget.cpp:

(WebCore::EventTarget::fireEventListeners):

inspector/InspectorDOMDebuggerAgent.cpp:

(WebCore::InspectorDOMDebuggerAgent::pauseOnNativeEventIfNeeded):
(WebCore::InspectorDOMDebuggerAgent::clear):
(WebCore::InspectorDOMDebuggerAgent::didPause): Deleted.

inspector/InspectorDOMDebuggerAgent.h:
inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::willHandleEventImpl):
(WebCore::InspectorInstrumentation::didFireTimerImpl):
(WebCore::InspectorInstrumentation::didHandleEventImpl): Deleted.
(WebCore::InspectorInstrumentation::cancelPauseOnNativeEvent): Deleted.

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::willHandleEvent):
(WebCore::InspectorInstrumentation::didHandleEvent): Deleted.
Remove unnecessary code where WebCore is trying to keep track
of pause on next statement but that state is already more
accurately provided by InspectorDebuggerAgent.

Source/WebInspectorUI:

This implements a policy where, when one Target ("Thread") pauses
the frontend triggers a pause in all other Targets. The intended
user experience is "all threads pause" whenever the frontend shows
the debugger paused UI.

DebuggerManager has a few straight forward changes:

The paused state reflects if any target is paused.
The Paused Event is fired when going from !paused -> paused. This means when the first target pauses.
The Resumed Event is fired when going from paused -> !paused. This means only after all targets have resumed.
The CallFrameDidChange Event now includes the Target that updated.

When a Target first pauses the frontend then immediately pauses all
other Targets. This puts them into a "pausing" state (we display as
Idle) and they will pause as soon as they start executing JavaScript.

When a Target steps the "paused" state isn't changing. So this is
just a CallFramesDidChange update.

When clicking Resume we resume all targets. This is will be the normal,
expected way users resume execution. Note that one of the threads may
then hit a breakpoint and re-pause all threads.

Sometimes when multiple threads are paused you may want to run an
individual thread to completion but keep other threads paused. There
is a context menu on the ThreadTreeElement to resume just that
single thread. It will continue and pause for its next run loop.

Localizations/en.lproj/localizedStrings.js:
UserInterface/Images/Thread.svg: Added.
UserInterface/Images/gtk/Thread.svg: Added.
UserInterface/Main.html:

New strings and files.

UserInterface/Base/Main.js:

(WebInspector.loaded):

UserInterface/Test/Test.js:

(WebInspector.loaded):
Place the TargetManager first since other managers may want to listen
for TargetAdded / TargetRemoved events.

UserInterface/Controllers/DebuggerManager.js:

(WebInspector.DebuggerManager.prototype.get paused):
This is now a computed state.

(WebInspector.DebuggerManager.prototype.pause):
(WebInspector.DebuggerManager.prototype.resume):
Affect all targets.

(WebInspector.DebuggerManager.prototype.stepOver):
(WebInspector.DebuggerManager.prototype.stepInto):
(WebInspector.DebuggerManager.prototype.stepOut):
(WebInspector.DebuggerManager.prototype.reset):
Update to use the paused computed property.

(WebInspector.DebuggerManager.prototype.continueUntilNextRunLoop):
Issue the new Debugger.continueUntilNextRunLoop command
on a given target.

(WebInspector.DebuggerManager.prototype.initializeTarget):
When a new Target is created and we were already paused,
then start that Worker in a paused state.

(WebInspector.DebuggerManager.prototype.debuggerDidPause):
Recover from bad cases where the backend informs the frontend about
internal JavaScript that it shouldn't know about. Legacy backend do
this but also there are corner cases we need to handle.
Dispatch events appropriately now that multiple targets may be paused.

(WebInspector.DebuggerManager.prototype._didResumeInternal):
Dispatch events appropriately now that multiple targets may be paused.

(WebInspector.DebuggerManager.prototype._targetRemoved):
Remove debugger data for targets that go away to avoid leaks.

UserInterface/Models/DebuggerData.js:

(WebInspector.DebuggerData):
(WebInspector.DebuggerData.prototype.get paused):
(WebInspector.DebuggerData.prototype.get pausing):
Move some more per-Target state into DebuggerData.

(WebInspector.DebuggerData.prototype.pauseIfNeeded):
(WebInspector.DebuggerData.prototype.resumeIfNeeded):
(WebInspector.DebuggerData.prototype.continueUntilNextRunLoop):
These should only be called by DebuggerManager. They correctly
update the state of the DebuggerData for this Target, and also
issue the underlying command to the target.

(WebInspector.DebuggerData.prototype.updateForPause):
(WebInspector.DebuggerData.prototype.updateForResume):
Handle a special case where continueUntilNextRunLoop triggers
an invisible "pause" on the backend that we should mirror.

UserInterface/Protocol/Target.js:

(WebInspector.MainTarget):
(WebInspector.MainTarget.prototype.get displayName):
(WebInspector.MainTarget.prototype.initialize):
Better display names.

UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel):
(WebInspector.DebuggerSidebarPanel.prototype._debuggerDidPause):
(WebInspector.DebuggerSidebarPanel.prototype._debuggerDidResume):
(WebInspector.DebuggerSidebarPanel.prototype._updateSingleThreadCallStacks):
(WebInspector.DebuggerSidebarPanel.prototype._selectActiveCallFrameTreeElement):
(WebInspector.DebuggerSidebarPanel.prototype._showSingleThreadCallStacks):
(WebInspector.DebuggerSidebarPanel.prototype._showMultipleThreadCallStacks):
(WebInspector.DebuggerSidebarPanel.prototype._findThreadTreeElementForTarget):
(WebInspector.DebuggerSidebarPanel.prototype._targetAdded):
(WebInspector.DebuggerSidebarPanel.prototype._targetRemoved):
(WebInspector.DebuggerSidebarPanel.prototype._debuggerCallFramesDidChange):
(WebInspector.DebuggerSidebarPanel.prototype._debuggerActiveCallFrameDidChange):
The DebuggerSidebar still has a single "Call Stacks" section, but maintains
two TreeOutlines and only shows one at a time. The Single Thread view shows
a flat list of the call frames for the Main Target when it is the only target.
The Multiple Threads view shows a list of Threads and their call frames.
We always keep both up to date, because we may need to swap between them
purely as Targets are added / removed. There is a bit of extra logic to
ensure we select elements properly based only on the visible tree outline.

UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype.didAppendConsoleMessageView):
When evaluating in a particular target, "runAfterPendingDispatches"
must wait for all other commands in that particular target to have
completed. So use the target specific version.

UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel.prototype._isTreeElementWithoutRepresentedObject):
Gracefully handle a few more TreeElements without a represented object.

UserInterface/Views/IdleTreeElement.css: Added.

(.details-section.call-stack .idle .icon):

UserInterface/Views/IdleTreeElement.js: Added.

(WebInspector.IdleTreeElement):
Very basic tree element to encapsulate an Idle call frame with an
empty represented object.

UserInterface/Views/ThreadTreeElement.css: Added.

(.details-section.call-stack .thread .icon):

UserInterface/Views/ThreadTreeElement.js: Added.

(WebInspector.ThreadTreeElement):
(WebInspector.ThreadTreeElement.prototype.get target):
(WebInspector.ThreadTreeElement.prototype.refresh):
(WebInspector.ThreadTreeElement.prototype.onattach):
(WebInspector.ThreadTreeElement.prototype.oncontextmenu):
ThreadTreeElement has no represented object, but makes it easy
to refresh a list of CallFrameTreeElements for a given target.

LayoutTests:

inspector/debugger/continueUntilNextRunLoop-expected.txt: Added.
inspector/debugger/continueUntilNextRunLoop.html: Added.

New test for new Debugger.continueUntilNextRunLoop protocol method.

inspector/worker/debugger-multiple-targets-pause-expected.txt: Added.
inspector/worker/debugger-multiple-targets-pause.html: Added.
inspector/worker/resources/worker-debugger-thread-1.js: Added.
inspector/worker/resources/worker-debugger-thread-2.js: Added.

This tests uses a 250ms timeout because we have to have the worker thread
evaluate some work and trigger a pause on other threads before their work
starts. On debug builds, shorter times, like 100ms, would not be enough.

inspector/worker/debugger-pause-expected.txt:
inspector/worker/debugger-pause.html:

Now that all threads pause, the first InspectorTest.log evaluates JavaScript on
the page and causes a pause. So make the first log empty to keep the test unchanged.

inspector/worker/runtime-basic-expected.txt:
inspector/unit-tests/target-manager-expected.txt:

Updated display name of the mainTarget.

6:42 PM Changeset in webkit [208724] by mmaxfield@apple.com

10 edits
2 adds in trunk

[WebGL2] Teach WebGLRenderingContextBase about new texture internal formats
https://bugs.webkit.org/show_bug.cgi?id=164525

Reviewed by Dean Jackson.

Source/WebCore:

Test: fast/canvas/webgl/webgl2-texture-upload-enums.html

This patch migrates the existing WebGL calls texImage2D(), texSubImage2D(),
and readPixels() to understand the new WebGL 2 texture types. In WebGL1, the
format and the internalFormat were required to be the same, and we had this
assumption baked into many places in these functions. In WebGL 2, those two
values are often different, which means I had to fix all of these assumptions
in our code. Also, rather than have two completely separate parallel
implementations of these functions, a more forward-looking approach is to
have one implementation which has a few checks to isWebGL1() in strategic
places. (This way, bugs only have to be fixed in a single place). Therefore,
this patch deletes the WebGL 2 versions of these functions.

html/canvas/WebGL2RenderingContext.cpp: These functions are moved to

WebGLRenderingContextBase.
(WebCore::WebGL2RenderingContext::isIntegerFormat):
(WebCore::WebGL2RenderingContext::copyTexImage2D): Deleted.
(WebCore::WebGL2RenderingContext::texSubImage2DBase): Deleted.
(WebCore::WebGL2RenderingContext::texSubImage2DImpl): Deleted.
(WebCore::WebGL2RenderingContext::texSubImage2D): Deleted.
(WebCore::WebGL2RenderingContext::validateTexFuncParameters): Deleted.
(WebCore::WebGL2RenderingContext::validateTexFuncFormatAndType): Deleted.
(WebCore::WebGL2RenderingContext::validateTexFuncData): Deleted.

html/canvas/WebGL2RenderingContext.h: Moved function implementations to

WebGLRenderingContextBase.

html/canvas/WebGLRenderingContext.cpp: Ditto.

(WebCore::WebGLRenderingContext::copyTexImage2D): Deleted.
(WebCore::WebGLRenderingContext::texSubImage2DBase): Deleted.
(WebCore::WebGLRenderingContext::texSubImage2DImpl): Deleted.
(WebCore::WebGLRenderingContext::texSubImage2D): Deleted.
(WebCore::WebGLRenderingContext::validateTexFuncParameters): Deleted.
(WebCore::WebGLRenderingContext::validateTexFuncFormatAndType): Deleted.
(WebCore::WebGLRenderingContext::validateTexFuncData): Deleted.

html/canvas/WebGLRenderingContext.h: Moved function implementations to

WebGLRenderingContextBase.

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::validateSettableTexInternalFormat):
Teach about new depth texture formats.
(WebCore::WebGLRenderingContextBase::copyTexSubImage2D): Rename
"internalformat" to "internalFormat". Teach about the distinction between
format and internalFormat. When pre-filling textures with 0s to work around
buggy drivers, we need a new way of knowing which format/type arguments to
pass to texSubImage2D() which are compatible with the texture's internal
format. The implementation of this function was added to GraphicsContext3D
and is called here.
(WebCore::WebGLRenderingContextBase::generateMipmap): Teach about the
distinction between format and internalFormat.
(WebCore::internalFormatTheme): This is used so readPixels() knows what
kind of format/type arguments are compatible with the texture's internal
format.
(WebCore::numberOfComponentsForFormat): Ditto.
(WebCore::numberOfComponentsForInternalFormat): Ditto.
(WebCore::WebGLRenderingContextBase::readPixels): Many more format/type
combinations are required in order to test the various new kinds of
textures.
(WebCore::WebGLRenderingContextBase::texImage2DBase): Rename internalformat
to internalFormat, and teach about the distinction between format and
internalFormat.
(WebCore::WebGLRenderingContextBase::validateTexFunc): Ditto.
(WebCore::WebGLRenderingContextBase::texImage2D): Ditto.
(WebCore::WebGLRenderingContextBase::texSubImage2DImpl): Moved from
WebGLRenderingContext.
(WebCore::WebGLRenderingContextBase::texSubImage2D): Ditto.
(WebCore::WebGLRenderingContextBase::validateArrayBufferType): Ditto.
(WebCore::WebGLRenderingContextBase::validateTexFuncData): Ditto.
(WebCore::WebGLRenderingContextBase::validateTexFuncParameters): Ditto.
(WebCore::WebGLRenderingContextBase::validateTexFuncFormatAndType): Ditto.
This is the main function where the new internalFormats are dealt with.
The OpenGL ES spec lists a table of all the internalFormats and all their
compatible format/type values. This table is entered into this function to
check that the combinations are correct.
(WebCore::WebGLRenderingContextBase::texSubImage2DBase): Moved from
WebGLRenderingContext.
(WebCore::WebGLRenderingContextBase::copyTexImage2D): Ditto.
(WebCore::WebGLRenderingContextBase::validateSettableTexFormat): Deleted.

html/canvas/WebGLRenderingContextBase.h: No longer overrides virtual

functions.

platform/graphics/GraphicsContext3D.cpp:

(WebCore::GraphicsContext3D::computeFormatAndTypeParameters): Because
this is inside GraphicsContext3D, it doesn't need any isWebGL1() checks.
Teach about new enums.
(WebCore::GraphicsContext3D::possibleFormatAndTypeForInternalFormat):
Ditto.
(WebCore::GraphicsContext3D::packImageData):
(WebCore::GraphicsContext3D::packPixels): It is possible to try to
copy data from a video into one of these new formats. Currently, we
implement this by swizzling on the CPU. Rather than implementing all the
swizzling functions in this patch (which would make this patch much
larger), simply bail in this case. We will implement this later.
(WebCore::GraphicsContext3D::getClearBitsByFormat): Update.

platform/graphics/GraphicsContext3D.h:

(WebCore::GraphicsContext3D::hasAlpha): Ditto.
(WebCore::GraphicsContext3D::hasColor): Ditto.

LayoutTests:

Test texture types without drawing. Instead, attach a texture to a framebuffer and
use readPixels() to make sure the texture retains its data.

fast/canvas/webgl/webgl2-texture-upload-enums-expected.txt: Added.
fast/canvas/webgl/webgl2-texture-upload-enums.html: Added.

6:20 PM Changeset in webkit [208723] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix cloop.

runtime/JSCellInlines.h:

6:19 PM Changeset in webkit [208722] by Simon Fraser

3 edits in trunk/Source/WebCore

Scrolling when zoomed doesn't always use the correct layout viewport
https://bugs.webkit.org/show_bug.cgi?id=164756

Reviewed by Dean Jackson.

The scrolling thread was always using the layout viewport rect pushed onto it and
never computing a new one, so when scrolling around after zooming position:fixed
elements would not get the expected visual viewport behavior.

Fix by having ScrollingTreeFrameScrollingNode updating its notion of the layout viewport
on scrolls.

Not testable because we can't dump the scrolling tree on Mac (yet).

page/scrolling/ScrollingTreeFrameScrollingNode.h:

(WebCore::ScrollingTreeFrameScrollingNode::setLayoutViewport):

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints):

5:51 PM Changeset in webkit [208721] by fpizlo@apple.com

2 edits in trunk/PerformanceTests

Unreviewed, revert unintended change.

ES6SampleBench/Air/benchmark.js:

5:49 PM Changeset in webkit [208720] by fpizlo@apple.com

72 edits
1 add in trunk

The GC should be optionally concurrent and disabled by default
https://bugs.webkit.org/show_bug.cgi?id=164454

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This started out as a patch to have the GC scan the stack at the end, and then the
outage happened and I decided to pick a more aggresive target: give the GC a concurrent
mode that can be enabled at runtime, and whose only effect is that it turns on the
ResumeTheWorldScope. This gives our GC a really intuitive workflow: by default, the GC
thread is running solo with the world stopped and the parallel markers converged and
waiting. We have a parallel work scope to enable the parallel markers and now we have a
ResumeTheWorldScope that will optionally resume the world and then stop it again.

It's easy to make a concurrent GC that always instantly crashes. I can't promise that
this one won't do that when you run it. I set a specific goal: I wanted to do >10
concurrent GCs in debug mode with generations, optimizing JITs, and parallel marking
disabled.

To reach this milestone, I needed to do a bunch of stuff:

The mutator needs a separate mark stack for the barrier, since it will mutate this stack concurrently to the collector's slot visitors.

The use of CellState to indicate whether an object is being scanned the first time or a subsequent time was racy. It fails spectacularly when a barrier is fired at the same time as visitChildren is running or if the barrier runs at the same time as the GC marks the same object. So, I split SlotVisitor's mark stacks. It's now the case that you know why you're being scanned by looking at which stack you came off of.

All of root marking must be in the collector fixpoint. I renamed markRoots to markToFixpoint. They say concurrency is hard, but the collector looks more intuitive this way. We never gained anything from forcing people to make a choice between scanning something in the fixpoint versus outside of it. Because root scanning is cheap, we can afford to do it repeatedly, which means all root scanning can now do constraint-based marking (like: I'll mark you if that thing is marked).

JSObject::visitChildren's scanning of the butterfly raced with property additions, indexed storage transitions and resizing, and a bunch of miscellaneous dirty butterfly reshaping functions - like the one that flattens a dictionary and some sneaky ArrayStorage transformations. Many of these can be fixed by using store-store fences in the mutator and load-load fences in the collector. I've adopted the rule that the collector must always see either a butterfly and structure that match or a newer butterfly with an older structure, where their age is just one transition apart. This can be achieved with fences. For the cases where it breaks down, I added a lock to every JSCell. This is a full-fledged WTF lock that we sneak into two available bits in the indexingType. See the WTF ChangeLog for details.

The mutator fencing rules are as follows:

Store-store fence before and after setting the butterfly.
Store-store fence before setting structure if you had changed the shape of the butterfly.
Store-store fence after initializing all fields in an allocation.

A dictionary Structure can change in strange ways while the GC is trying to scan it. So, JSObject::visitChildren will now grab the object's structure's lock if the object's structure is a dictionary. Dictionary structures are 1:1 with their object, so this does not reduce GC parallelism (super unlikely that the GC will simultaneously scan an object from two threads).

The GC can blow away a Structure's property table at any time. As a small consolation, it's now holding the Structure's lock when it does so. But there was tons of code in Structure that uses DeferGC to prevent the GC from blowing away the property table. This doesn't work with concurrent GC, since DeferGC only means that the GC won't run its safepoint (i.e. stop-the-world code) in the DeferGC region. It will still do marking and it was the Structure::visitChildren that would delete the table. It turns out that Structure's reliance on the property table not being deleted was the product of code rot. We already had functions that would materialize the table on demand. We were simply making the mistake of saying:

structure->materializePropertyMap();
...
structure->propertyTable()->things

Instead of saying:

PropertyTable* table = structure->ensurePropertyTable();
...
table->things

Switching the code to use the latter idiom allowed me to simplify the code a lot while
fixing the race.

The LLInt's get_by_val handling was broken because the indexing shape constants were wrong. Once I started putting more things into the IndexingType, that started causing crashes for me. So I fixed LLInt. That turned out to be a lot of work, since that code had rotted in subtle ways.

This is a speed-up in SunSpider, probably because of the LLInt fix. This is neutral on
Octane and Kraken. It's a smaller slow-down on LongSpider, but I think we can ignore
that (we don't view LongSpider as an official benchmark). By default, the concurrent GC
is disabled: in all of the places where it would have resumed the world to run marking
concurrently to the mutator, it will just skip the resume step. When you enable
concurrent GC (--useConcurrentGC=true), it can sometimes run Octane/splay to completion.
It seems to perform quite well: on my machine, it improves both splay-throughput and
splay-latency. It's probably unstable for other programs.

API/JSVirtualMachine.mm:

(-[JSVirtualMachine isOldExternalObject:]):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::storeFence):

bytecode/InlineAccess.cpp:

(JSC::InlineAccess::dumpCacheSizesAndCrash):
(JSC::InlineAccess::generateSelfPropertyAccess):
(JSC::InlineAccess::generateArrayLength):

bytecode/ObjectAllocationProfile.h:

(JSC::ObjectAllocationProfile::offsetOfInlineCapacity):
(JSC::ObjectAllocationProfile::ObjectAllocationProfile):
(JSC::ObjectAllocationProfile::initialize):
(JSC::ObjectAllocationProfile::inlineCapacity):
(JSC::ObjectAllocationProfile::clear):

bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generateImpl):

dfg/DFGArrayifySlowPathGenerator.h:
dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOperations.cpp:
dfg/DFGPlan.cpp:

(JSC::DFG::Plan::markCodeBlocks):
(JSC::DFG::Plan::rememberCodeBlocks):

dfg/DFGPlan.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::arrayify):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
(JSC::DFG::SpeculativeJIT::compileSpread):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileNewStringObject):
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):

dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

dfg/DFGWorklist.cpp:

(JSC::DFG::Worklist::markCodeBlocks):
(JSC::DFG::Worklist::rememberCodeBlocks):
(JSC::DFG::markCodeBlocks):
(JSC::DFG::completeAllPlansForVM):
(JSC::DFG::rememberCodeBlocks):

dfg/DFGWorklist.h:
ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):

ftl/FTLAbstractHeapRepository.h:
ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::~JITCode):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compilePutStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArray):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayBuffer):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::splatWords):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::isArrayType):
(JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
(JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
(JSC::FTL::DFG::LowerDFGToB3::setButterfly):

ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

ftl/FTLOutput.cpp:

(JSC::FTL::Output::signExt32ToPtr):
(JSC::FTL::Output::fence):

ftl/FTLOutput.h:
heap/CellState.h:
heap/GCSegmentedArray.h:
heap/Heap.cpp:

(JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope):
(JSC::Heap::ResumeTheWorldScope::~ResumeTheWorldScope):
(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::harvestWeakReferences):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::completeAllJITPlans):
(JSC::Heap::markToFixpoint):
(JSC::Heap::gatherStackRoots):
(JSC::Heap::beginMarking):
(JSC::Heap::visitConservativeRoots):
(JSC::Heap::visitCompilerWorklistWeakReferences):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::endMarking):
(JSC::Heap::addToRememberedSet):
(JSC::Heap::collectInThread):
(JSC::Heap::stopTheWorld):
(JSC::Heap::resumeTheWorld):
(JSC::Heap::setGCDidJIT):
(JSC::Heap::setNeedFinalize):
(JSC::Heap::setMutatorWaiting):
(JSC::Heap::clearMutatorWaiting):
(JSC::Heap::finalize):
(JSC::Heap::flushWriteBarrierBuffer):
(JSC::Heap::writeBarrierSlowPath):
(JSC::Heap::canCollect):
(JSC::Heap::reportExtraMemoryVisited):
(JSC::Heap::reportExternalMemoryVisited):
(JSC::Heap::notifyIsSafeToCollect):
(JSC::Heap::markRoots): Deleted.
(JSC::Heap::visitExternalRememberedSet): Deleted.
(JSC::Heap::visitSmallStrings): Deleted.
(JSC::Heap::visitProtectedObjects): Deleted.
(JSC::Heap::visitArgumentBuffers): Deleted.
(JSC::Heap::visitException): Deleted.
(JSC::Heap::visitStrongHandles): Deleted.
(JSC::Heap::visitHandleStack): Deleted.
(JSC::Heap::visitSamplingProfiler): Deleted.
(JSC::Heap::visitTypeProfiler): Deleted.
(JSC::Heap::visitShadowChicken): Deleted.
(JSC::Heap::traceCodeBlocksAndJITStubRoutines): Deleted.
(JSC::Heap::visitWeakHandles): Deleted.
(JSC::Heap::flushOldStructureIDTables): Deleted.
(JSC::Heap::stopAllocation): Deleted.

heap/Heap.h:

(JSC::Heap::collectorSlotVisitor):
(JSC::Heap::mutatorMarkStack):
(JSC::Heap::mutatorShouldBeFenced):
(JSC::Heap::addressOfMutatorShouldBeFenced):
(JSC::Heap::slotVisitor): Deleted.
(JSC::Heap::notifyIsSafeToCollect): Deleted.
(JSC::Heap::barrierShouldBeFenced): Deleted.
(JSC::Heap::addressOfBarrierShouldBeFenced): Deleted.

heap/MarkStack.cpp:

(JSC::MarkStackArray::transferTo):

heap/MarkStack.h:
heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::tryAllocateIn):

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::sweep):
(JSC::MarkedBlock::Handle::sweepHelperSelectMarksMode):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::aboutToMarkSlow):
(JSC::MarkedBlock::Handle::didConsumeFreeList):
(JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor): Deleted.
(JSC::SetNewlyAllocatedFunctor::operator()): Deleted.

heap/MarkedBlock.h:
heap/MarkedSpace.cpp:

(JSC::MarkedSpace::resumeAllocating):

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::SlotVisitor):
(JSC::SlotVisitor::~SlotVisitor):
(JSC::SlotVisitor::reset):
(JSC::SlotVisitor::clearMarkStacks):
(JSC::SlotVisitor::appendJSCellOrAuxiliary):
(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::appendToMutatorMarkStack):
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::donateKnownParallel):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::drainFromShared):
(JSC::SlotVisitor::containsOpaqueRoot):
(JSC::SlotVisitor::donateAndDrain):
(JSC::SlotVisitor::mergeOpaqueRoots):
(JSC::SlotVisitor::dump):
(JSC::SlotVisitor::clearMarkStack): Deleted.
(JSC::SlotVisitor::opaqueRootCount): Deleted.

heap/SlotVisitor.h:

(JSC::SlotVisitor::collectorMarkStack):
(JSC::SlotVisitor::mutatorMarkStack):
(JSC::SlotVisitor::isEmpty):
(JSC::SlotVisitor::bytesVisited):
(JSC::SlotVisitor::markStack): Deleted.
(JSC::SlotVisitor::bytesCopied): Deleted.

heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::reportExtraMemoryVisited):
(JSC::SlotVisitor::reportExternalMemoryVisited):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
(JSC::AssemblyHelpers::barrierStoreLoadFence):
(JSC::AssemblyHelpers::mutatorFence):
(JSC::AssemblyHelpers::storeButterfly):
(JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
(JSC::AssemblyHelpers::emitInitializeInlineStorage):
(JSC::AssemblyHelpers::emitInitializeOutOfLineStorage):
(JSC::AssemblyHelpers::jumpIfBarrierStoreLoadFenceNotNeeded): Deleted.

jit/JITInlines.h:

(JSC::JIT::emitArrayProfilingSiteWithCell):

jit/JITOperations.cpp:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emit_op_put_to_arguments):

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter64.asm:
runtime/ButterflyInlines.h:

(JSC::Butterfly::create):
(JSC::Butterfly::createOrGrowPropertyStorage):

runtime/ConcurrentJITLock.h:

(JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer): Deleted.

runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
(JSC::GenericArguments<Type>::putByIndex):

runtime/IndexingType.h:
runtime/JSArray.cpp:

(JSC::JSArray::unshiftCountSlowCase):
(JSC::JSArray::unshiftCountWithArrayStorage):

runtime/JSCell.h:

(JSC::JSCell::InternalLocker::InternalLocker):
(JSC::JSCell::InternalLocker::~InternalLocker):
(JSC::JSCell::atomicCompareExchangeCellStateWeakRelaxed):
(JSC::JSCell::atomicCompareExchangeCellStateStrong):
(JSC::JSCell::indexingTypeAndMiscOffset):
(JSC::JSCell::indexingTypeOffset): Deleted.

runtime/JSCellInlines.h:

(JSC::JSCell::JSCell):
(JSC::JSCell::finishCreation):
(JSC::JSCell::indexingTypeAndMisc):
(JSC::JSCell::indexingType):
(JSC::JSCell::setStructure):
(JSC::JSCell::callDestructor):
(JSC::JSCell::lockInternalLock):
(JSC::JSCell::unlockInternalLock):

runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):
(JSC::JSObject::visitChildren):
(JSC::JSFinalObject::visitChildren):
(JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::reallocateAndShrinkButterfly):
(JSC::JSObject::allocateMoreOutOfLineStorage):
(JSC::JSObject::shiftButterflyAfterFlattening):
(JSC::JSObject::growOutOfLineStorage): Deleted.

runtime/JSObject.h:

(JSC::JSFinalObject::JSFinalObject):
(JSC::JSObject::setButterfly):
(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::fillCustomGetterPropertySlot):
(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::getPropertySlot):
(JSC::JSObject::setStructureAndButterfly): Deleted.
(JSC::JSObject::setButterflyWithoutChangingStructure): Deleted.
(JSC::JSObject::putDirectInternal): Deleted.
(JSC::JSObject::putDirectWithoutTransition): Deleted.

runtime/JSObjectInlines.h:

(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):

runtime/Options.h:
runtime/SparseArrayValueMap.h:
runtime/Structure.cpp:

(JSC::Structure::dumpStatistics):
(JSC::Structure::findStructuresAndMapForMaterialization):
(JSC::Structure::materializePropertyTable):
(JSC::Structure::addNewPropertyTransition):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::attributeChangeTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::pin):
(JSC::Structure::pinForCaching):
(JSC::Structure::willStoreValueSlow):
(JSC::Structure::copyPropertyTableForPinning):
(JSC::Structure::add):
(JSC::Structure::remove):
(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::visitChildren):
(JSC::Structure::materializePropertyMap): Deleted.
(JSC::Structure::addPropertyWithoutTransition): Deleted.
(JSC::Structure::removePropertyWithoutTransition): Deleted.
(JSC::Structure::copyPropertyTable): Deleted.
(JSC::Structure::createPropertyMap): Deleted.
(JSC::PropertyTable::checkConsistency): Deleted.
(JSC::Structure::checkConsistency): Deleted.

runtime/Structure.h:
runtime/StructureIDBlob.h:

(JSC::StructureIDBlob::StructureIDBlob):
(JSC::StructureIDBlob::indexingTypeIncludingHistory):
(JSC::StructureIDBlob::setIndexingTypeIncludingHistory):
(JSC::StructureIDBlob::indexingTypeIncludingHistoryOffset):
(JSC::StructureIDBlob::indexingType): Deleted.
(JSC::StructureIDBlob::setIndexingType): Deleted.
(JSC::StructureIDBlob::indexingTypeOffset): Deleted.

runtime/StructureInlines.h:

(JSC::Structure::get):
(JSC::Structure::checkOffsetConsistency):
(JSC::Structure::checkConsistency):
(JSC::Structure::add):
(JSC::Structure::remove):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::setPropertyTable):
(JSC::Structure::putWillGrowOutOfLineStorage): Deleted.
(JSC::Structure::propertyTable): Deleted.
(JSC::Structure::suggestedNewOutOfLineStorageCapacity): Deleted.

Source/WTF:

The reason why I went to such great pains to make WTF::Lock fit in two bits is that I
knew that I would eventually need to stuff one into some miscellaneous bits of the
JSCell header. That time has come, because the concurrent GC has numerous race
conditions in visitChildren that can be trivially fixed if each object just has an
internal lock. Some cell types might use it to simply protect their entire visitChildren
function and anything that mutates the fields it touches, while other cell types might
use it as a "lock of last resort" to handle corner cases of an otherwise wait-free or
lock-free algorithm. Right now, it's used to protect certain transformations involving
indexing storage.

To make this happen, I factored the WTF::Lock algorithm into a LockAlgorithm struct that
is templatized on lock type (uint8_t for WTF::Lock), the isHeldBit value (1 for
WTF::Lock), and the hasParkedBit value (2 for WTF::Lock). This could have been done as
a templatized Lock class that basically contains Atomic<LockType>. You could then make
any field into a lock by bitwise_casting it to TemplateLock<field type, bit1, bit2>. But
this felt too dirty, so instead, LockAlgorithm has static methods that take
Atomic<LockType>& as their first argument. I think that this makes it more natural to
project a LockAlgorithm onto an existing Atomic<> field. Sadly, some places have to cast
their non-Atomic<> field to Atomic<> in order for this to work. Like so many other things
we do, this just shows that the C++ style of labeling fields that are subject to atomic
ops as atomic is counterproductive. Maybe some day I'll change LockAlgorithm to use our
other Atomics API, which does not require Atomic<>.

WTF::Lock now uses LockAlgorithm. The slow paths are still outlined. I don't feel too
bad about the LockAlgorithm.h header being included in so many places because we change
that algorithm so infrequently.

Also, I added a hasElapsed(time) function. This function makes it so much more natural
to write timeslicing code, which the concurrent GC has to do a lot of.

WTF.xcodeproj/project.pbxproj:
wtf/CMakeLists.txt:
wtf/ListDump.h:
wtf/Lock.cpp:

(WTF::LockBase::lockSlow):
(WTF::LockBase::unlockSlow):
(WTF::LockBase::unlockFairlySlow):
(WTF::LockBase::unlockSlowImpl): Deleted.

wtf/Lock.h:

(WTF::LockBase::lock):
(WTF::LockBase::tryLock):
(WTF::LockBase::unlock):
(WTF::LockBase::unlockFairly):
(WTF::LockBase::isHeld):
(): Deleted.

wtf/LockAlgorithm.h: Added.

(WTF::LockAlgorithm::lockFastAssumingZero):
(WTF::LockAlgorithm::lockFast):
(WTF::LockAlgorithm::lock):
(WTF::LockAlgorithm::tryLock):
(WTF::LockAlgorithm::unlockFastAssumingZero):
(WTF::LockAlgorithm::unlockFast):
(WTF::LockAlgorithm::unlock):
(WTF::LockAlgorithm::unlockFairly):
(WTF::LockAlgorithm::isLocked):
(WTF::LockAlgorithm::lockSlow):
(WTF::LockAlgorithm::unlockSlow):

wtf/TimeWithDynamicClockType.cpp:

(WTF::hasElapsed):

wtf/TimeWithDynamicClockType.h:

5:09 PM Changeset in webkit [208719] by keith_miller@apple.com

6 edits
1 add in trunk

Add Wasm select
https://bugs.webkit.org/show_bug.cgi?id=164743

Reviewed by Saam Barati.

JSTests:

wasm/function-tests/select.js: Added.

Source/JavaScriptCore:

Also, this patch fixes an issue with the jsc.cpp test harness where negative numbers would be sign extended
when they shouldn't be.

jsc.cpp:

(box):

wasm/WasmB3IRGenerator.cpp:
wasm/WasmFunctionParser.h:

(JSC::Wasm::FunctionParser<Context>::parseExpression):

wasm/WasmValidate.cpp:

(JSC::Wasm::Validate::addSelect):

5:06 PM Changeset in webkit [208718] by matthew_hanson@apple.com

5 edits in branches/safari-602-branch/Source

Versioning.

4:35 PM Changeset in webkit [208717] by matthew_hanson@apple.com

1 copy in tags/Safari-602.3.12

New tag.

4:27 PM Changeset in webkit [208716] by rniwa@webkit.org

7 edits
4 adds in trunk

document.createElementNS doesn't construct a custom element
https://bugs.webkit.org/show_bug.cgi?id=164700

Reviewed by Darin Adler.

Source/WebCore:

Fixed the bug that document.createElementNS doesn't create a custom element or enqueue it to upgrade.

Also made constructCustomElementSynchronously not call the custom element constructors with the element's
local name as the first argument, which was a non-standard behavior added during prototyping.

Test: fast/custom-elements/DOMImplementation-createDocument.html

fast/custom-elements/document-createElementNS.html

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElementWithFallback): Added a variant that takes QualifiedName
instead of AtomicString.
(WebCore::constructCustomElementSynchronously): Don't add the local name as an argument.

bindings/js/JSCustomElementInterface.h:

dom/CustomElementRegistry.cpp:

(WebCore::CustomElementRegistry::findInterface): Just find the interface based on the local name after
checking the namespace URI to be that of the XHTML. We need to ignore the prefix for the purpose of looking
up the custom element definition as specified in the latest HTML specification:
https://html.spec.whatwg.org/multipage/scripting.html#look-up-a-custom-element-definition

dom/DOMImplementation.cpp:

(WebCore::DOMImplementation::createDocument): Added an assertion to make sure we don't invoke scripts while
constructing the document element.

dom/Document.cpp:

(WebCore::createUpgradeCandidateElement): Made this function create a HTMLUnknownElement instead of returning
nullptr to share more code. Also added a variant which takes QualifiedName.
(WebCore::isValidHTMLElementName): Added; helpers for createHTMLElementWithNameValidation to call isValidName
on Document with the right argument.
(WebCore::createHTMLElementWithNameValidation): Templatized the function to be called with either AtomicString
or QualifiedName for the name.
(WebCore::createFallbackHTMLElement):
(WebCore::Document::createElementNS): Call createHTMLElementWithNameValidation to create a custom element if
possible. This function ends up re-validating the element name before creating a HTMLUnknownElement but that
shouldn't be a common scenario to matter. In fact, createElementNS is a rarely used API.

LayoutTests:

Added W3C style testharness.js tests for createElementNS and DOMImplementation's createDocument.

fast/custom-elements/DOMImplementation-createDocument-expected.txt: Added.
fast/custom-elements/DOMImplementation-createDocument.html: Added.
fast/custom-elements/document-createElementNS-expected.txt: Added.
fast/custom-elements/document-createElementNS.html: Added.

4:19 PM Changeset in webkit [208715] by matthew_hanson@apple.com

5 edits in branches/safari-602-branch

Merge r208691. rdar://problem/29250304

4:19 PM Changeset in webkit [208714] by matthew_hanson@apple.com

5 edits
1 add in branches/safari-602-branch

Merge r208655. rdar://problem/29250302

4:10 PM Changeset in webkit [208713] by jfbastien@apple.com

2 edits in trunk/Source/WTF

Expected: add missing inline
https://bugs.webkit.org/show_bug.cgi?id=164735

Reviewed by Yusuke Suzuki.

Free functions and full template specializations need to be
inline, or in a .cpp file, otherwise each .o creates a duplicate
symbol which makes the linker very sad.

wtf/Expected.h:

(WTF::ExpectedDetail::Throw):
(WTF::makeExpected):

2:57 PM Changeset in webkit [208712] by ggaren@apple.com

21 edits
4 adds in trunk/Source/JavaScriptCore

JSC should distinguish between local and global eval
https://bugs.webkit.org/show_bug.cgi?id=164628

Reviewed by Saam Barati.

Local use of the 'eval' keyword and invocation of the global window.eval
function are distinct operations in JavaScript.

This patch splits out LocalEvalExecutable vs GlobalEvalExecutable in
order to help distinguish these operations in code.

Our code used to do some silly things for lack of distinguishing these
cases. For example, it would double cache local eval in CodeCache and
EvalCodeCache. This made CodeCache seem more complicated than it really
was.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj: Added some files.

bytecode/CodeBlock.h:

bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::set):
(JSC::EvalCodeCache::getSlow): Deleted. Moved code generation out of
the cache to avoid tight coupling. Now the cache just caches.

bytecode/UnlinkedEvalCodeBlock.h:
bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::fromGlobalCode):

bytecode/UnlinkedModuleProgramCodeBlock.h:
bytecode/UnlinkedProgramCodeBlock.h:
debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluateWithScopeExtension): Updated for interface
changes.

interpreter/Interpreter.cpp:

(JSC::eval): Moved code generation here so the cache didn't need to build
it in.

llint/LLIntOffsetsExtractor.cpp:

runtime/CodeCache.cpp:

(JSC::CodeCache::getUnlinkedGlobalCodeBlock): No need to check for TDZ
variables any more. We only cache global programs, and global variable
access always does TDZ checks.

(JSC::CodeCache::getUnlinkedProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock):
(JSC::CodeCache::getUnlinkedModuleProgramCodeBlock):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):

(JSC::CodeCache::CodeCache): Deleted.
(JSC::CodeCache::~CodeCache): Deleted.
(JSC::CodeCache::getGlobalCodeBlock): Deleted.
(JSC::CodeCache::getProgramCodeBlock): Deleted.
(JSC::CodeCache::getEvalCodeBlock): Deleted.
(JSC::CodeCache::getModuleProgramCodeBlock): Deleted.
(JSC::CodeCache::getFunctionExecutableFromGlobalCode): Deleted.

runtime/CodeCache.h:

(JSC::CodeCache::clear):
(JSC::generateUnlinkedCodeBlock): Moved unlinked code block creation
out of the CodeCache class and into a stand-alone function because
we need it for local eval, which does not live in CodeCache.

runtime/EvalExecutable.cpp:

(JSC::EvalExecutable::create): Deleted.

runtime/EvalExecutable.h:

(): Deleted.

runtime/GlobalEvalExecutable.cpp: Added.

(JSC::GlobalEvalExecutable::create):
(JSC::GlobalEvalExecutable::GlobalEvalExecutable):

runtime/GlobalEvalExecutable.h: Added.
runtime/LocalEvalExecutable.cpp: Added.

(JSC::LocalEvalExecutable::create):
(JSC::LocalEvalExecutable::LocalEvalExecutable):

runtime/LocalEvalExecutable.h: Added. Split out Local vs Global

EvalExecutable classes to distinguish these operations in code. The key
difference is that LocalEvalExecutable does not live in the CodeCache
and only lives in the EvalCodeCache.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createLocalEvalCodeBlock):
(JSC::JSGlobalObject::createGlobalEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):
(JSC::JSGlobalObject::createEvalCodeBlock): Deleted.

runtime/JSGlobalObject.h:
runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

runtime/JSScope.cpp:

(JSC::JSScope::collectClosureVariablesUnderTDZ):
(JSC::JSScope::collectVariablesUnderTDZ): Deleted. We don't include
global lexical variables in our concept of TDZ scopes anymore. Global
variable access always does TDZ checks unconditionally. So, only closure
scope accesses give specific consideration to TDZ checks.

runtime/JSScope.h:

2:54 PM Changeset in webkit [208711] by Chris Dumez

5 edits in trunk/Source/WebCore

Avoid copying attributes vector when constructing a CustomElement in HTMLTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=164734

Reviewed by Ryosuke Niwa.

Avoid copying attributes vector when constructing a CustomElement in HTMLTreeBuilder.

html/parser/HTMLConstructionSite.cpp:

(WebCore::HTMLConstructionSite::insertCustomElement):

html/parser/HTMLConstructionSite.h:
html/parser/HTMLStackItem.h:

(WebCore::HTMLStackItem::HTMLStackItem):
(WebCore::HTMLStackItem::create):

html/parser/HTMLTreeBuilder.cpp:

(WebCore::HTMLTreeBuilder::didCreateCustomOrCallbackElement):

2:20 PM Changeset in webkit [208710] by Chris Dumez

3 edits in trunk/Source/WebCore

Inline QualifiedName::toString() method
https://bugs.webkit.org/show_bug.cgi?id=164726

Reviewed by Ryosuke Niwa.

Inline QualifiedName::toString() method to limit performance impact of r208674.

dom/QualifiedName.cpp:

(WebCore::QualifiedName::toString): Deleted.

dom/QualifiedName.h:

(WebCore::QualifiedName::toString):

2:18 PM Changeset in webkit [208709] by mark.lam@apple.com

2 edits in trunk/Source/WTF

Build fix after r208690.
https://bugs.webkit.org/show_bug.cgi?id=164681

Not reviewed.

wtf/FastMalloc.h:

1:44 PM Changeset in webkit [208708] by Brent Fulgham

2 edits in trunk/Source/WebKit2

[Mac][iOS][WK2] Tighten permissions to change CapsLock delay
https://bugs.webkit.org/show_bug.cgi?id=164725
<rdar://problem/28970910>

Reviewed by Alexey Proskuryakov.

PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in: Limit access

to the IOKit connection that actually needs it.

1:38 PM Changeset in webkit [208707] by Brent Fulgham

3 edits in trunk/Source/WebKit2

Unreviewed sandbox fix after r208702

Correct version check to avoid breaking users in Safari Technology Preview
or WebKit nightlies.

NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

1:37 PM Changeset in webkit [208706] by hyatt@apple.com

2 edits in trunk/Source/WebCore

[CSS Parser] Support the font-synthesis property
https://bugs.webkit.org/show_bug.cgi?id=164728

Reviewed by Dean Jackson.

css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontSynthesis):
(WebCore::CSSPropertyParser::parseSingleValue):

1:18 PM Changeset in webkit [208705] by weinig@apple.com

116 edits
7 adds
2 deletes in trunk/Source/WebCore

[SVG] Moving more special casing of SVG out of the bindings - SVGNumber/SVGPoint/SVGRect/SVGLength/SVGTransform/SVGMatrix
https://bugs.webkit.org/show_bug.cgi?id=164696

Reviewed by Darin Adler.

Make SVGNumber, SVGPoint, SVGRect, SVGLength, SVGTransform and SVGMatrix real classes and stop special casing them in the bindings generator. This removes the remaining non-list SVG specializations from the bindings generator.
Renamed existing SVGLength, SVGTransform and SVGMatrix to SVGLengthValue, SVGTransformValue and SVGMatrixValue. There are no SVNumberValue, SVGPointValue and SVGRectValue classes, as float, FloatPoint and FloatRect can be used directly. Going forward, we can get rid of SVGMatrixValue as well, and just use AffineTransform, but that will be done in a separate change.

WebCore.xcodeproj/project.pbxproj:
CMakeLists.txt:

Add new files.

bindings/js/JSSVGLengthCustom.cpp:

(WebCore::JSSVGLength::value): Deleted.
(WebCore::JSSVGLength::setValue): Deleted.
(WebCore::JSSVGLength::convertToSpecifiedUnits): Deleted.
Removed. This can now be generated completely.

bindings/scripts/CodeGenerator.pm:

(SkipIncludeHeader):
Remove special casing of SVGNumber. A header for it now exists.

(GetSVGWrappedTypeNeedingTearOff):
Remove special casing SVGPropertyTearOffs. None remain.

(ShouldPassWrapperByReference):
Allow all tear off types to be passed by reference.

(IsSVGTypeWithWritablePropertiesNeedingTearOff):
Remove now unused function.

bindings/scripts/CodeGeneratorJS.pm:

(GetImplClassName):
(GenerateHeader):
(GenerateImplementation):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
(GetSVGPropertyTypes):
(NativeToJSValue):
(GenerateConstructorDefinition):
Remove non-property tear off specific code.

(IsNativeType):
Remove unused function.

css/CSSPropertyNames.in:
css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::strokeDashArrayToCSSValueList):
(WebCore::ComputedStyleExtractor::svgPropertyValue):

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertSVGLengthValue):
(WebCore::StyleBuilderConverter::convertSVGLengthVector):
(WebCore::StyleBuilderConverter::convertStrokeDashArray):

css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyValueBaselineShift):

page/animation/CSSPropertyAnimation.cpp:

(WebCore::blendFunc):
(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):

rendering/style/RenderStyle.h:

(WebCore::RenderStyle::strokeDashArray):
(WebCore::RenderStyle::setStrokeDashArray):
(WebCore::RenderStyle::baselineShiftValue):
(WebCore::RenderStyle::setBaselineShiftValue):
(WebCore::RenderStyle::kerning):
(WebCore::RenderStyle::setKerning):

rendering/style/SVGRenderStyle.h:

(WebCore::SVGRenderStyle::initialStrokeDashArray):
(WebCore::SVGRenderStyle::initialBaselineShiftValue):
(WebCore::SVGRenderStyle::initialKerning):
(WebCore::SVGRenderStyle::setStrokeDashArray):
(WebCore::SVGRenderStyle::setKerning):
(WebCore::SVGRenderStyle::setBaselineShiftValue):
(WebCore::SVGRenderStyle::strokeDashArray):
(WebCore::SVGRenderStyle::kerning):
(WebCore::SVGRenderStyle::baselineShiftValue):

rendering/style/SVGRenderStyleDefs.h:

Update for name change of SVGLength to SVGLengthValue.

rendering/svg/RenderSVGImage.cpp:

Remove unused include.

html/canvas/DOMPath.h:

Add an overload that takes a DOMMatrix, now that it is distinct from
AffineTransform.

rendering/svg/RenderSVGRoot.cpp:

(WebCore::RenderSVGRoot::buildLocalToBorderBoxTransform):
Update for name change of SVGPoint to FloatPoint.

rendering/svg/SVGRenderSupport.cpp:

(WebCore::SVGRenderSupport::applyStrokeStyleToContext):

rendering/svg/SVGRenderTreeAsText.cpp:

(WebCore::writeStyle):

rendering/svg/SVGTextLayoutEngineBaseline.cpp:

(WebCore::SVGTextLayoutEngineBaseline::calculateBaselineShift):

rendering/svg/SVGTextLayoutEngineSpacing.cpp:

(WebCore::SVGTextLayoutEngineSpacing::calculateCSSKerningAndSpacing):
Update for name change of SVGLength to SVGLengthValue.

rendering/svg/SVGTextQuery.cpp:

(WebCore::SVGTextQuery::startPositionOfCharacter):
(WebCore::SVGTextQuery::endPositionOfCharacter):
(WebCore::SVGTextQuery::characterNumberAtPosition):

rendering/svg/SVGTextQuery.h:

Update for name change of SVGPoint to FloatPoint.

svg/LinearGradientAttributes.h:
svg/PatternAttributes.h:
svg/RadialGradientAttributes.h:

Update for name change of SVGLength to SVGLengthValue.

svg/SVGAllInOne.cpp:

Remove SVGLength.cpp

svg/SVGAngle.h:

Add missing newline.

svg/SVGAnimateTransformElement.cpp:

(WebCore::SVGAnimateTransformElement::SVGAnimateTransformElement):
(WebCore::SVGAnimateTransformElement::parseAttribute):

svg/SVGAnimateTransformElement.h:

Update for name change of SVGTransform to SVGTransformValue.

svg/SVGAnimatedLength.cpp:

(WebCore::SVGAnimatedLengthAnimator::SVGAnimatedLengthAnimator):
(WebCore::SVGAnimatedLengthAnimator::constructFromString):
(WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes):
(WebCore::parseLengthFromString):
(WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue):
(WebCore::SVGAnimatedLengthAnimator::calculateDistance):

svg/SVGAnimatedLength.h:
svg/SVGAnimatedLengthList.cpp:

(WebCore::SVGAnimatedLengthListAnimator::SVGAnimatedLengthListAnimator):
(WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes):
(WebCore::parseLengthListFromString):
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):

svg/SVGAnimatedLengthList.h:

Update for name change of SVGLength to SVGLengthValue.

svg/SVGAnimatedNumberList.h:

Include the new SVGNumber.h and switch typedef to type alias.

svg/SVGAnimatedPointList.cpp:

Add now necessary include of SVGPoint.h

svg/SVGAnimatedRect.h:

Update for name change of SVGPropertyTearOff<FloatRect> to SVGRect.

svg/SVGAnimatedTransformList.cpp:

(WebCore::SVGAnimatedTransformListAnimator::SVGAnimatedTransformListAnimator):
(WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
(WebCore::SVGAnimatedTransformListAnimator::calculateDistance):
Update for name change of SVGTransform to SVGTransformValue.

svg/SVGAnimatedType.cpp:

(WebCore::SVGAnimatedType::createLength):
(WebCore::SVGAnimatedType::setValueAsString):

svg/SVGAnimatedType.h:

(WebCore::SVGAnimatedType::length):

svg/SVGCircleElement.cpp:

(WebCore::SVGCircleElement::parseAttribute):

svg/SVGCursorElement.cpp:

(WebCore::SVGCursorElement::parseAttribute):

svg/SVGDocument.cpp:

(WebCore::SVGDocument::startPan):

svg/SVGEllipseElement.cpp:

(WebCore::SVGEllipseElement::parseAttribute):

svg/SVGFilterElement.cpp:

(WebCore::SVGFilterElement::parseAttribute):

svg/SVGFilterPrimitiveStandardAttributes.cpp:

(WebCore::SVGFilterPrimitiveStandardAttributes::parseAttribute):

svg/SVGForeignObjectElement.cpp:

(WebCore::SVGForeignObjectElement::parseAttribute):

svg/SVGImageElement.cpp:

(WebCore::SVGImageElement::parseAttribute):

svg/SVGLengthContext.cpp:

(WebCore::SVGLengthContext::resolveRectangle):
(WebCore::SVGLengthContext::resolvePoint):
(WebCore::SVGLengthContext::resolveLength):

svg/SVGLengthContext.h:
svg/SVGLengthList.cpp:

(WebCore::SVGLengthList::parse):

svg/SVGLengthList.h:

(WebCore::SVGPropertyTraits<SVGLengthList>::initialValue):

svg/SVGLineElement.cpp:

(WebCore::SVGLineElement::parseAttribute):

svg/SVGLinearGradientElement.cpp:

(WebCore::SVGLinearGradientElement::parseAttribute):

svg/SVGMarkerElement.cpp:

(WebCore::SVGMarkerElement::parseAttribute):

svg/SVGMaskElement.cpp:

(WebCore::SVGMaskElement::parseAttribute):

svg/SVGPatternElement.cpp:

(WebCore::SVGPatternElement::parseAttribute):

svg/SVGRadialGradientElement.cpp:

(WebCore::SVGRadialGradientElement::parseAttribute):

svg/SVGRectElement.cpp:

(WebCore::SVGRectElement::parseAttribute):

svg/SVGTextPathElement.cpp:

(WebCore::SVGTextPathElement::parseAttribute):
Update for name change of SVGLength to SVGLengthValue.

svg/SVGLength.cpp: Removed.
svg/SVGLength.h:

(WebCore::SVGLength::create):
(WebCore::SVGLength::unitType):
(WebCore::SVGLength::valueForBindings):
(WebCore::SVGLength::setValueForBindings):
(WebCore::SVGLength::valueInSpecifiedUnits):
(WebCore::SVGLength::setValueInSpecifiedUnits):
(WebCore::SVGLength::valueAsString):
(WebCore::SVGLength::setValueAsString):
(WebCore::SVGLength::newValueSpecifiedUnits):
(WebCore::SVGLength::convertToSpecifiedUnits):
(WebCore::SVGLength::SVGLength):
Implement the SVGLength interface as a tear off.

svg/SVGLength.idl:

Add annotations for exceptions, custom naming, and remove now unnecessary
custom binding annotation.

svg/SVGLengthValue.cpp: Copied from Source/WebCore/svg/SVGLength.cpp.
svg/SVGLengthValue.h: Copied from Source/WebCore/svg/SVGLength.h.

svg/SVGGraphicsElement.cpp:

(WebCore::SVGGraphicsElement::getCTMForBindings):
(WebCore::SVGGraphicsElement::getScreenCTMForBindings):
(WebCore::SVGGraphicsElement::getBBoxForBindings):

svg/SVGGraphicsElement.h:

Add bindings specific versions of transformation access functions that return
tear offs.

svg/SVGGraphicsElement.idl:

Annotate tear off returning functions with NewObject and ImplementedAs as necessary.

svg/SVGLocatable.cpp:

(WebCore::SVGLocatable::getTransformToElement):

svg/SVGLocatable.h:

Change getTransformToElement to return a Ref<SVGMatrix> as that is what the binding
wants.

svg/SVGMatrix.h:

Implement the SVGMatrix interface as a tear off.

svg/SVGMatrix.idl:

Add annotations for exceptions. Remove meaningless Immutable annotation.

svg/SVGMatrixValue.h: Copied from Source/WebCore/svg/SVGMatrix.h.

svg/SVGNumber.h: Added.

(WebCore::SVGNumber::create):
(WebCore::SVGNumber::valueForBindings):
(WebCore::SVGNumber::setValueForBindings):
(WebCore::SVGNumber::SVGNumber):
Implement the SVGNumber interface as a tear off.

svg/SVGNumber.idl:

Add exception annotation and custom naming annotations.

svg/SVGNumberList.h:

Update for name change of SVGPropertyTearOff<float> to SVGNumber.

svg/SVGPathElement.cpp:

(WebCore::SVGPathElement::getPointAtLength):

svg/SVGPathElement.h:

Make getPointAtLength return a Ref<SVGPoint> to match the bindings.

svg/SVGPathElement.idl:

Annotate getPointAtLength with [NewObject].

svg/SVGPathTraversalStateBuilder.cpp:

(WebCore::SVGPathTraversalStateBuilder::currentPoint):

svg/SVGPathTraversalStateBuilder.h:
svg/SVGPathUtilities.cpp:

(WebCore::getPointAtLengthOfSVGPathByteStream):

svg/SVGPathUtilities.h:
svg/SVGPointList.cpp:

(WebCore::SVGPointList::valueAsString):

svg/SVGPointList.h:
svg/SVGPolyElement.cpp:

Update for name change of SVGPoint to FloatPoint.

svg/SVGPoint.h:

(WebCore::SVGPoint::create):
(WebCore::SVGPoint::x):
(WebCore::SVGPoint::setX):
(WebCore::SVGPoint::y):
(WebCore::SVGPoint::setY):
(WebCore::SVGPoint::matrixTransform):
(WebCore::SVGPoint::SVGPoint):
Implement the SVGPoint interface as a tear off. Remove typedef of FloatPoint
to SVGPoint.

svg/SVGPoint.idl:

Add exception and NewObject annotations.

svg/SVGRect.h:

(WebCore::SVGRect::create):
(WebCore::SVGRect::x):
(WebCore::SVGRect::setX):
(WebCore::SVGRect::y):
(WebCore::SVGRect::setY):
(WebCore::SVGRect::width):
(WebCore::SVGRect::setWidth):
(WebCore::SVGRect::height):
(WebCore::SVGRect::setHeight):
Implement the SVGRect interface as a tear off. FloatRect SVGPropertyTraits have
been moved to SVGRectTraits.h.

svg/SVGRect.idl:

Add exception annotations.

svg/SVGRectTraits.h: Copied from Source/WebCore/svg/SVGRect.cpp.

svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::viewport):
(WebCore::SVGSVGElement::currentTranslate):
(WebCore::SVGSVGElement::parseAttribute):
(WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
(WebCore::SVGSVGElement::getIntersectionList):
(WebCore::SVGSVGElement::getEnclosureList):
(WebCore::SVGSVGElement::checkIntersection):
(WebCore::SVGSVGElement::checkEnclosure):
(WebCore::SVGSVGElement::createSVGNumber):
(WebCore::SVGSVGElement::createSVGLength):
(WebCore::SVGSVGElement::createSVGPoint):
(WebCore::SVGSVGElement::createSVGMatrix):
(WebCore::SVGSVGElement::createSVGRect):
(WebCore::SVGSVGElement::createSVGTransform):
(WebCore::SVGSVGElement::createSVGTransformFromMatrix):

svg/SVGSVGElement.h:

(WebCore::SVGSVGElement::currentTranslateValue):
(WebCore::SVGSVGElement::currentTranslate): Deleted.
(WebCore::SVGSVGElement::createSVGNumber): Deleted.
Update functions taking tear off values to take the wrappers, and update
the factory functions returning tear offs, to return the wrappers.

svg/SVGSVGElement.idl:

Annotate functions/properties returning tear offs with [NewObject].

svg/SVGTextContentElement.cpp:

(WebCore::SVGTextContentElement::synchronizeTextLength):
(WebCore::SVGTextContentElement::lookupOrCreateTextLengthWrapper):
(WebCore::SVGTextContentElement::textLengthAnimated):
(WebCore::SVGTextContentElement::getStartPositionOfChar):
(WebCore::SVGTextContentElement::getEndPositionOfChar):
(WebCore::SVGTextContentElement::getExtentOfChar):
(WebCore::SVGTextContentElement::getCharNumAtPosition):
(WebCore::SVGTextContentElement::parseAttribute):

svg/SVGTextContentElement.h:

(WebCore::SVGTextContentElement::specifiedTextLength):
Update functions returning tear off values to return the wrappers
and ones taking the values to take the wrappers.

svg/SVGTextContentElement.idl:

Annotate functions/properties returning tear offs with [NewObject].

svg/SVGTransform.cpp:

(WebCore::SVGTransform::matrix):

svg/SVGTransform.h:

(WebCore::SVGTransform::create):
(WebCore::SVGTransform::type):
(WebCore::SVGTransform::angle):
(WebCore::SVGTransform::setMatrix):
(WebCore::SVGTransform::setTranslate):
(WebCore::SVGTransform::setScale):
(WebCore::SVGTransform::setRotate):
(WebCore::SVGTransform::setSkewX):
(WebCore::SVGTransform::setSkewY):
Implement the SVGTransform interface as a tear off.

svg/SVGTransform.idl:

Add ConstantsScope annotation to allow the constants to be defined on
SVGTransformValue. Add exception and NewObject annotations.

svg/SVGTransformDistance.cpp:

(WebCore::SVGTransformDistance::SVGTransformDistance):
(WebCore::SVGTransformDistance::scaledDistance):
(WebCore::SVGTransformDistance::addSVGTransforms):
(WebCore::SVGTransformDistance::addToSVGTransform):
(WebCore::SVGTransformDistance::distance):

svg/SVGTransformDistance.h:
svg/SVGTransformList.cpp:

(WebCore::SVGTransformList::createSVGTransformFromMatrix):
(WebCore::SVGTransformList::consolidate):

svg/SVGTransformList.h:

(WebCore::SVGPropertyTraits<SVGTransformList>::initialValue):

svg/SVGTransformable.cpp:

(WebCore::SVGTransformable::parseTransformValue):
(WebCore::parseAndSkipType):
(WebCore::SVGTransformable::parseTransformType):
(WebCore::SVGTransformable::parseTransformAttribute):

svg/SVGTransformable.h:
svg/SVGUseElement.cpp:

(WebCore::SVGUseElement::parseAttribute):
Update for name change of SVGTransform to SVGTransformValue.

svg/SVGTransformList.idl:

Annotate functions returning tear offs with NewObject.

svg/SVGTransformValue.cpp: Copied from Source/WebCore/svg/SVGTransform.cpp.
svg/SVGTransformValue.h: Copied from Source/WebCore/svg/SVGTransform.h.

svg/SVGZoomEvent.cpp:

(WebCore::SVGZoomEvent::zoomRectScreen):
(WebCore::SVGZoomEvent::previousTranslate):
(WebCore::SVGZoomEvent::newTranslate):

svg/SVGZoomEvent.h:

Update for change to SVGPoint/SVGRect. SVGPoint values become FloatPoints. Functions
returning SVGPoint/SVGRect now return Ref<SVGPoint>/Ref<SVGRect>.

svg/SVGZoomEvent.idl:

Annotate function returning tear off with NewObject.

svg/properties/SVGAnimatedListPropertyTearOff.h:

(WebCore::SVGAnimatedListPropertyTearOff::findItem):
Switch typedefs to type aliases. Define ListItemTearOff using SVGPropertyTraits
to get the correct tear off type (as we do for the other list property tear off
classes.)

svg/properties/SVGListProperty.h:

(WebCore::SVGListProperty::clearValues):
(WebCore::SVGListProperty::clearValuesAndWrappers):
(WebCore::SVGListProperty::initializeValues):
(WebCore::SVGListProperty::initializeValuesAndWrappers):
(WebCore::SVGListProperty::getItemValues):
(WebCore::SVGListProperty::getItemValuesAndWrappers):
(WebCore::SVGListProperty::insertItemBeforeValues):
(WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
(WebCore::SVGListProperty::canReplaceItem):
(WebCore::SVGListProperty::replaceItemValues):
(WebCore::SVGListProperty::replaceItemValuesAndWrappers):
(WebCore::SVGListProperty::canRemoveItem):
(WebCore::SVGListProperty::removeItemValues):
(WebCore::SVGListProperty::removeItemValuesAndWrappers):
(WebCore::SVGListProperty::appendItemValues):
(WebCore::SVGListProperty::appendItemValuesAndWrappers):

svg/properties/SVGListPropertyTearOff.h:

(WebCore::SVGListPropertyTearOff::initialize):
(WebCore::SVGListPropertyTearOff::getItem):
(WebCore::SVGListPropertyTearOff::insertItemBefore):
(WebCore::SVGListPropertyTearOff::replaceItem):
(WebCore::SVGListPropertyTearOff::removeItem):
(WebCore::SVGListPropertyTearOff::appendItem):

svg/properties/SVGPathSegListPropertyTearOff.h:
svg/properties/SVGStaticListPropertyTearOff.h:
svg/properties/SVGTransformListPropertyTearOff.h:

Change functions returning PtrListItemTearOff, to instead return
Ref<ListItemTearOff>. To accomplish this, remove unreachable conditions
that were returning nullptr, and replace them with a assertions (these
were cases where a function like canGetItem() was called, and it only
did one of two things, returning an exception, or returned true).

svg/properties/SVGMatrixTearOff.h:

Update for SVGMatrix's addition, this can now inherit from SVGMatrix. Remove
incorrect comment and update some SVGMatrix types to SVGMatrixValues.

svg/properties/SVGStaticPropertyTearOff.h:

Require the use of SVGStaticPropertyTearOff to pass in the tear off type, rather
than the value type, so it can be directly inherited from. This allow the one user
of this class, SVGSVGElement::currentTranslate, to specialize on SVGPoint directly.

bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results now that svg property tear offs are not handled specially.

1:14 PM Changeset in webkit [208704] by caitp@igalia.com

28 edits
8 adds in trunk

[JSC] Handle new_async_func / new_async_func_exp in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=164037

Reviewed by Yusuke Suzuki.

JSTests:

Add tests based on tests from https://trac.webkit.org/changeset/194216.

asyncFunctionTests.yaml:
stress/async-function-create-nobaseline.js: Added.
stress/async-function-create-optimized.js: Added.
stress/async-function-declaration-sinking-no-double-allocate.js: Added.
stress/async-function-declaration-sinking-osrexit.js: Added.
stress/async-function-declaration-sinking-put.js: Added.
stress/async-function-expression-sinking-no-double-allocate.js: Added.
stress/async-function-expression-sinking-osrexit.js: Added.
stress/async-function-expression-sinking-put.js: Added.

Source/JavaScriptCore:

This patch introduces new_async_func / new_async_func_exp into DFG and FTL,
in much the same capacity that https://trac.webkit.org/changeset/194216 added
DFG / FTL support for generators: by adding new DFG nodes (NewAsyncFunction and
PhantomNewAsyncFunction), rather than extending the existing NewFunction node type.

Like NewFunction and PhantomNewFunction, and the Generator variants, allocation of
async wrapper functions may be deferred or eliminated during the allocation sinking
phase.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGClobbersExitState.cpp:

(JSC::DFG::clobbersExitState):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGMayExit.cpp:
dfg/DFGNode.h:

(JSC::DFG::Node::convertToPhantomNewFunction):
(JSC::DFG::Node::convertToPhantomNewAsyncFunction):
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::isFunctionAllocation):
(JSC::DFG::Node::isPhantomFunctionAllocation):
(JSC::DFG::Node::isPhantomAllocation):

dfg/DFGNodeType.h:
dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGStoreBarrierInsertionPhase.cpp:
dfg/DFGStructureRegistrationPhase.cpp:

(JSC::DFG::StructureRegistrationPhase::run):

dfg/DFGValidate.cpp:
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):

ftl/FTLOperations.cpp:

(JSC::FTL::operationPopulateObjectInOSR):
(JSC::FTL::operationMaterializeObjectInOSR):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::asyncFunctionPrototype):
(JSC::JSGlobalObject::asyncFunctionStructure):
(JSC::JSGlobalObject::lazyAsyncFunctionStructure): Deleted.
(JSC::JSGlobalObject::asyncFunctionPrototypeConcurrently): Deleted.
(JSC::JSGlobalObject::asyncFunctionStructureConcurrently): Deleted.

1:05 PM Changeset in webkit [208703] by commit-queue@webkit.org

4 edits in trunk/Source/WebCore

Move updateSignalingState to PeerConnectionBackend
https://bugs.webkit.org/show_bug.cgi?id=164719

Patch by Youenn Fablet <youenn@apple.com> on 2016-11-14
Reviewed by Eric Carlson.

No change of behavior.

Refactoring MediaEndpointPeerConnection signaling state update to PeerConnectionBackend.
It is not specific to MediaEndpointPeerConnection and can be reused for other backends.

Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::setLocalDescriptionTask):
(WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):

Modules/mediastream/PeerConnectionBackend.cpp:

(WebCore::PeerConnectionBackend::updateSignalingState):

Modules/mediastream/PeerConnectionBackend.h:

1:02 PM Changeset in webkit [208702] by pjumde@apple.com

3 edits in trunk/Source/WebKit2

Keychain access in WebKit should be limited to a single process. Earlier this was blocked on the networking framework requiring direct access to keychain, this will be resolved in the upcoming version of macOS.
https://bugs.webkit.org/show_bug.cgi?id=163710
<rdar://problem/24357468>

Reviewed by Darin Adler.

NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

12:57 PM Changeset in webkit [208701] by timothy@apple.com

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Disable Warning Filter in Debugger Tab By Default
https://bugs.webkit.org/show_bug.cgi?id=164723
rdar://problem/29251780

Reviewed by Joseph Pecoraro.

UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel): Made "debugger-show-resources-with-issues-only" false by default.

11:57 AM Changeset in webkit [208700] by dino@apple.com

8 edits in trunk

Handle filter() image type in new CSS Parser
https://bugs.webkit.org/show_bug.cgi?id=164673
<rdar://problems/29231376>

Reviewed by Darin Adler.

Source/WebCore:

Add support for the <image> type filter() to the
new CSS Parser. This involved moving some functions
from CSSPropertyParser into CSSPropertyParserHelpers.

Covered by fast/filter-image tests.

css/CSSValueKeywords.in:
css/parser/CSSPropertyParser.cpp:

(WebCore::consumeShadow):
(WebCore::parseSingleShadow): Deleted.
(WebCore::consumeFilterFunction): Deleted.
(WebCore::consumeFilter): Deleted.

css/parser/CSSPropertyParserHelpers.cpp:

(WebCore::CSSPropertyParserHelpers::consumeFilterImage):
(WebCore::CSSPropertyParserHelpers::consumeGeneratedImage):
(WebCore::CSSPropertyParserHelpers::isGeneratedImage):
(WebCore::CSSPropertyParserHelpers::consumeFilterFunction):
(WebCore::CSSPropertyParserHelpers::consumeFilter):
(WebCore::CSSPropertyParserHelpers::consumeSingleShadow):

css/parser/CSSPropertyParserHelpers.h:

LayoutTests:

Remove the test that allows a string value for the
image source rather than a url().

fast/filter-image/filter-image-animation-expected.txt:
fast/filter-image/filter-image-animation.html:

11:42 AM Changeset in webkit [208699] by mark.lam@apple.com

6 edits
1 add in trunk

Some of JSStringView::SafeView methods are not idiomatically safe for JSString to StringView conversions.
https://bugs.webkit.org/show_bug.cgi?id=164701
<rdar://problem/27462104>

Reviewed by Darin Adler.

JSTests:

stress/string-prototype-charCodeAt-on-too-long-rope.js: Added.

Source/JavaScriptCore:

The characters8(), characters16(), and operator[] in JSString::SafeView converts
the underlying JSString to a StringView via get(), and then uses the StringView
without first checking if an exception was thrown during the conversion. This is
unsafe because the conversion may have failed.

Instead, we should remove these 3 convenience methods, and make the caller
explicitly call get() and do the appropriate exception checks before using the
StringView.

runtime/JSGlobalObjectFunctions.cpp:

(JSC::toStringView):
(JSC::encode):
(JSC::decode):
(JSC::globalFuncParseInt):
(JSC::globalFuncEscape):
(JSC::globalFuncUnescape):
(JSC::toSafeView): Deleted.

runtime/JSONObject.cpp:

(JSC::JSONProtoFuncParse):

runtime/JSString.h:

(JSC::JSString::SafeView::length):
(JSC::JSString::SafeView::characters8): Deleted.
(JSC::JSString::SafeView::characters16): Deleted.
(JSC::JSString::SafeView::operator[]): Deleted.

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncRepeatCharacter):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncNormalize):

11:26 AM Changeset in webkit [208698] by mark.lam@apple.com

5 edits
3 adds in trunk

RegExpObject::exec/match should handle errors gracefully.
https://bugs.webkit.org/show_bug.cgi?id=155145
<rdar://problem/27435934>

Reviewed by Keith Miller.

JSTests:

stress/regexp-prototype-exec-on-too-long-rope.js: Added.
stress/regexp-prototype-match-on-too-long-rope.js: Added.
stress/regexp-prototype-test-on-too-long-rope.js: Added.

Source/JavaScriptCore:

Added some missing exception checks to RegExpObject::execInline() and RegExpObject::matchInline().
Updated related code to work with ExceptionScope verification requirements.

dfg/DFGOperations.cpp:
runtime/RegExpObjectInlines.h:

(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTestFast):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncMatchFast):

11:16 AM Changeset in webkit [208697] by hyatt@apple.com

2 edits in trunk/Source/WebCore

[CSS Parser] Support percentages in word-spacing
https://bugs.webkit.org/show_bug.cgi?id=164721

Reviewed by Dean Jackson.

css/parser/CSSPropertyParser.cpp:

(WebCore::consumeLetterSpacing):
(WebCore::consumeWordSpacing):
(WebCore::consumeSpacing): Deleted.

11:06 AM Changeset in webkit [208696] by jdiggs@igalia.com

6 edits in trunk

AX: In ARIA 1.1, the implicit value for aria-level on headings is 2
https://bugs.webkit.org/show_bug.cgi?id=164714

Reviewed by Chris Fleizach.

Source/WebCore:

Return 2 rather than 0 if there is not a valid author-provided value
for aria-level on an ARIA heading.

No new tests required as we have sufficient coverage. Added one new
test case to heading-level.html and updated expectations for it and
for xml-roles-exposed.html.

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::headingLevel):

LayoutTests:

Added new test case to existing test and updated expectations.

accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
accessibility/heading-level-expected.txt: Updated.
accessibility/heading-level.html: New test case added.

11:05 AM Changeset in webkit [208695] by hyatt@apple.com

3 edits in trunk/LayoutTests

[CSS Parser] Remove incorrect cursor result
https://bugs.webkit.org/show_bug.cgi?id=164717

Reviewed by Dean Jackson.

fast/css/cursor-parsing-expected.txt:
fast/css/cursor-parsing.html:

10:52 AM Changeset in webkit [208694] by commit-queue@webkit.org

26 edits in trunk

Refresh RTCDataChannel abstract infrastructure
https://bugs.webkit.org/show_bug.cgi?id=164680

Patch by Youenn Fablet <youenn@apple.com> on 2016-11-14
Reviewed by Darin Adler.

Source/WebCore:

No real changes, except that a mock data channel is now returned for layout test.
Covered by activated and rebased test.

Adding support for mock data channel.
Updating data channel creation by using dictionary binding infrastructure.
Storing of options directly in RTCDataChannel to reduce the use of the data channel handler.

Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::createDataChannelHandler):

Modules/mediastream/MediaEndpointPeerConnection.h:
Modules/mediastream/PeerConnectionBackend.h:
Modules/mediastream/RTCDataChannel.cpp:

(WebCore::RTCDataChannel::create):
(WebCore::RTCDataChannel::RTCDataChannel):
(WebCore::RTCDataChannel::bufferedAmount):
(WebCore::RTCDataChannel::~RTCDataChannel): Deleted.
(WebCore::RTCDataChannel::label): Deleted.
(WebCore::RTCDataChannel::ordered): Deleted.
(WebCore::RTCDataChannel::maxRetransmitTime): Deleted.
(WebCore::RTCDataChannel::maxRetransmits): Deleted.
(WebCore::RTCDataChannel::protocol): Deleted.
(WebCore::RTCDataChannel::negotiated): Deleted.
(WebCore::RTCDataChannel::id): Deleted.

Modules/mediastream/RTCDataChannel.h:
Modules/mediastream/RTCDataChannelEvent.cpp:

(WebCore::RTCDataChannelEvent::create):
(WebCore::RTCDataChannelEvent::RTCDataChannelEvent):
(WebCore::RTCDataChannelEvent::~RTCDataChannelEvent): Deleted.

Modules/mediastream/RTCDataChannelEvent.h:
Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::createDataChannel):

Modules/mediastream/RTCPeerConnection.h:
Modules/mediastream/RTCPeerConnection.idl:
platform/mediastream/MediaEndpoint.cpp:

(WebCore::EmptyMediaEndpoint::EmptyMediaEndpoint): Deleted.

platform/mediastream/MediaEndpoint.h:
platform/mediastream/RTCDataChannelHandler.h:
platform/mediastream/RTCDataChannelHandlerClient.h:
platform/mediastream/RTCPeerConnectionHandler.h:

(WebCore::RTCDataChannelInit::RTCDataChannelInit): Deleted.

platform/mediastream/openwebrtc/MediaEndpointOwr.cpp:

(WebCore::MediaEndpointOwr::createDataChannelHandler):

platform/mediastream/openwebrtc/MediaEndpointOwr.h:
platform/mock/MockMediaEndpoint.cpp:

(WebCore::MockMediaEndpoint::createDataChannelHandler):

platform/mock/MockMediaEndpoint.h:
platform/mock/RTCDataChannelHandlerMock.cpp:

(WebCore::RTCDataChannelHandlerMock::RTCDataChannelHandlerMock):

platform/mock/RTCDataChannelHandlerMock.h:

LayoutTests:

fast/mediastream/RTCPeerConnection-datachannel-expected.txt:
fast/mediastream/RTCPeerConnection-datachannel.html:
platform/mac/TestExpectations:

10:40 AM Changeset in webkit [208693] by ddkilzer@apple.com

2 edits in trunk/LayoutTests

REGRESSION (r83521): Fix malformed <canvas> tag in fast/canvas/DrawImageSinglePixelStretch.html

Unreviewed.

Before: <canvas id="c"</canvas>
Parsed: <canvas id="c" <="" canvas="" width="200" height="50"></canvas>

After: <canvas id="c"></canvas>
Parsed: <canvas id="c" width="200" height="50"></canvas>

fast/canvas/DrawImageSinglePixelStretch.html: Close <canvas>

tag. This does not affect test results, but the HTML5 parser
was covering for this mistake.

10:27 AM Changeset in webkit [208692] by mark.lam@apple.com

12 edits in trunk

Enhance run-jsc-stress-test script to allow optional test specific options to be added for all test run configurations.
https://bugs.webkit.org/show_bug.cgi?id=164695

Reviewed by Keith Miller.

JSTests:

Replace use of runMisc* test run configurations with equivalents.

stress/licm-no-pre-header-nested.js:
stress/licm-no-pre-header.js:
stress/licm-pre-header-cannot-exit-nested.js:
stress/licm-pre-header-cannot-exit.js:
stress/make-dictionary-repatch.js:
stress/retry-cache-later.js:
stress/shadow-chicken-reading-from-scope-after-ftl-osr-exit-bytecode-liveness.js:
stress/slow-path-generator-updating-current-node-dfg.js:
stress/unshift-array-storage.js:

Tools:

This gives us more flexibility when specific tests needs to enable special JSC
options in order to exercise specific code paths to be tested. It also saves us
from having to create duplicate test run configurations e.g. runMiscFTLNoCJITTest.
We can now just use runFTLNoCJIT in its place.

Also replaced the ifJSCArgIsntProvidedAreWeReleaseBuild variable with $buildType
so that we have the ability to skip certain tests for release or debug builds.
This will be needed in the upcoming patch for https://webkit.org/b/155145.

Scripts/run-jsc-stress-tests:

10:20 AM Changeset in webkit [208691] by ddkilzer@apple.com

5 edits in trunk

Bug 164702: WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104
<https://webkit.org/b/164702>
<rdar://problem/29236368>

Reviewed by Darin Adler.

Source/WebCore:

Test: inspector/layers/layers-compositing-reasons.html

rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForCanvas):
Don't composite if the canvas area overflows.

LayoutTests:

inspector/layers/layers-compositing-reasons-expected.txt:

Update results.

inspector/layers/layers-compositing-reasons.html: Update to

reproduce the crash. This does not reproduce the original crash
stack, but does exercise the same crashing code.

10:04 AM Changeset in webkit [208690] by mark.lam@apple.com

6 edits in trunk/Source

Add debugging facility to limit the max single allocation size.
https://bugs.webkit.org/show_bug.cgi?id=164681

Reviewed by Keith Miller.

Source/JavaScriptCore:

Added JSC option to set FastMalloc's maxSingleAllocationSize for testing purposes.
This option is only available on Debug builds.

runtime/Options.cpp:

(JSC::Options::isAvailable):
(JSC::recomputeDependentOptions):

runtime/Options.h:

Source/WTF:

This is useful for simulating memory allocation failures on resource constraint
devices for testing purposes.

This facility is only conditionally compiled in on debug builds. It does not
have any burden on release builds at all. When in use, the max single allocation
size limit applies to individual allocations. For malloc (and similar), the
allocation will crash in FastMalloc if the requested size exceeds the set max
single allocation size. For tryMalloc (and similar), the allocation returns
nullptr if the requested size exceeds the set max single allocation size. The
max single allocation size is set to std::numeric_limit<size_t>::max() by default
(i.e. when not set and no limit is in effect).

Also fixed non-bmalloc versions of fastAlignedMalloc() to crash when allocation
fails.

wtf/FastMalloc.cpp:

(WTF::fastSetMaxSingleAllocationSize):
(WTF::fastAlignedMalloc):
(WTF::tryFastAlignedMalloc):
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastRealloc):

wtf/FastMalloc.h:

9:59 AM Changeset in webkit [208689] by Chris Dumez

3 edits in trunk/Source/WebCore

Fix the !ENABLE(FETCH_API) build after r208613
https://bugs.webkit.org/show_bug.cgi?id=164713

Reviewed by Youenn Fablet.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

9:55 AM Changeset in webkit [208688] by Darin Adler

107 edits
1 delete in trunk/Source

Remove many includes of ExceptionCode.h
https://bugs.webkit.org/show_bug.cgi?id=164706

Reviewed by Alex Christensen.

Source/WebCore:

Modules/encryptedmedia/CDMPrivateClearKey.cpp: Removed include of ExceptionCode.h.
Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp: Ditto.
Modules/fetch/FetchBodyOwner.cpp: Ditto.

Modules/indexeddb/IDBDatabase.cpp: Added include of ExceptionCode.h.

Modules/indexeddb/IDBDatabase.h: Removed include of ExceptionCode.h.
Modules/indexeddb/IDBDatabaseException.cpp: Ditto.

Modules/indexeddb/IDBIndex.cpp: Added include of ExceptionCode.h.
Modules/indexeddb/IDBObjectStore.cpp: Ditto.

Modules/mediastream/MediaConstraintsImpl.cpp: Removed include of ExceptionCode.h.
Modules/mediastream/MediaDevicesEnumerationRequest.cpp: Ditto.
Modules/mediastream/MediaDevicesRequest.cpp: Ditto.
Modules/mediastream/MediaStream.cpp: Ditto.
Modules/mediastream/MediaStreamTrack.cpp: Ditto.
Modules/mediastream/RTCDTMFSender.cpp: Ditto.
Modules/mediastream/RTCDataChannel.cpp: Ditto.
Modules/mediastream/RTCPeerConnection.cpp: Ditto.

Modules/notifications/Notification.h: Removed definition of ExceptionCode.
Modules/streams/ReadableStreamSource.h: Ditto.
Modules/webaudio/BiquadFilterNode.cpp: Ditto.

Modules/webaudio/PannerNode.cpp: Removed inclde of ExceptionCode.h.
Modules/webaudio/WaveShaperNode.cpp: Ditto.

Modules/webdatabase/Database.cpp:

(WebCore::guidForOriginAndName): Reimplemented using HashMap::ensure.

Modules/webdatabase/Database.h: Renamed DatabaseGuid to DatabaseGUID and defined

it here instead of a in DatabaseBasicTypes.h; removed that include.

Modules/webdatabase/DatabaseBasicTypes.h: Removed.

Modules/webdatabase/DatabaseManager.h: Removed include of DatabaseBasicTypes.h.
Modules/webdatabase/DatabaseTask.h: Ditto.

Modules/webdatabase/SQLTransactionBackend.cpp: Removed include of ExceptionCode.h.

Modules/webdatabase/SQLTransactionBackend.h: Removed include of DatabaseBasicTypes.h.

WebCore.xcodeproj/project.pbxproj: Removed DatabaseBasicTypes.h, also let Xcode

edit the file.

bindings/js/ScriptModuleLoader.cpp: Removed include of ExceptionCode.h.
bindings/js/SerializedScriptValue.cpp: Ditto.
bindings/js/StructuredClone.cpp: Ditto.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck): Removed unnecessary include of ExceptionCode.h.

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
bindings/scripts/test/JS/JSTestCEReactions.cpp:
bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
bindings/scripts/test/JS/JSTestDOMJIT.cpp:
bindings/scripts/test/JS/JSTestEventConstructor.cpp:
bindings/scripts/test/JS/JSTestEventTarget.cpp:
bindings/scripts/test/JS/JSTestGlobalObject.cpp:
bindings/scripts/test/JS/JSTestInterface.cpp:
bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
bindings/scripts/test/JS/JSTestNode.cpp:
bindings/scripts/test/JS/JSTestNondeterministic.cpp:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
bindings/scripts/test/JS/JSTestTypedefs.cpp:

Updated.

css/CSSMediaRule.cpp: Removed include of ExceptionCode.h.
css/CSSSupportsRule.cpp: Ditto.
dom/ClientRectList.cpp: Ditto.

dom/DOMCoreException.cpp: Added include of ExceptionCode.h.

dom/DOMImplementation.cpp: Removed include of ExceptionCode.h.
dom/ExceptionBase.h: Ditto.

dom/Node.cpp: Added include of ExceptionCode.h.

dom/NodeIterator.cpp: Removed include of ExceptionCode.h.

(WebCore::NodeIterator::NodePointer::NodePointer): Marked this inline.
(WebCore::NodeIterator::NodePointer::clear): Ditto.
(WebCore::NodeIterator::NodePointer::moveToNext): Ditto.
(WebCore::NodeIterator::NodePointer::moveToPrevious): Ditto.
(WebCore::NodeIterator::NodeIterator): Ditto.
(WebCore::NodeIterator::create): Moved this here from the header.
Now the constructor is inlined instead of this function.
(WebCore::NodeIterator::detach): Deleted. Moved to header.

dom/NodeIterator.h: Removed definition of ExceptionCode, fixed indentation

of this file and made a few changes as mentioned above.

dom/ProcessingInstruction.cpp: Removed include of ExceptionCode.h.

dom/Text.cpp: Added include of ExceptionCode.h.

dom/TreeWalker.cpp: Removed include of ExceptionCode.h.
editing/FrameSelection.cpp: Ditto.
fileapi/WebKitBlobBuilder.cpp: Ditto.
history/CachedFrame.cpp: Ditto.
html/HTMLDocument.cpp: Ditto.
html/HTMLMeterElement.cpp: Ditto.
html/HTMLObjectElement.cpp: Ditto.
html/HTMLOptionElement.cpp: Ditto.

html/HTMLOptionsCollection.cpp: Removed include of ExceptionCode.h.

(WebCore::HTMLOptionsCollection::add): Changed argument to const& to avoid a
little bit of reference count churn.

html/HTMLOptionsCollection.h: Updated for above.

html/HTMLProgressElement.cpp: Removed include of ExceptionCode.h.

html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::add): Changed argument to const& to avoid a
little bit of reference count churn.

html/HTMLSelectElement.h: Updated for above.

html/HTMLTextAreaElement.cpp: Removed include of ExceptionCode.h.
html/canvas/CanvasPattern.cpp: Ditto.

html/canvas/WebGLContextGroup.h: Removed definition of ExceptionCode.

html/track/AudioTrack.h: Removed include of ExceptionCode.h.
html/track/TextTrack.h: Ditto.

html/track/VTTCue.cpp: Added include of ExceptionCode.h.
html/track/VTTRegion.cpp: Ditto.

html/track/VideoTrack.h: Removed include of ExceptionCode.h.
inspector/DOMEditor.cpp: Ditto.

inspector/InspectorDatabaseAgent.cpp: Removed include of ExceptionCode.h.

Tweaked the code in the file a bit, marking more things final and making them
private. ALso simplified a couple of the functions a bit.
(WebCore::InspectorDatabaseAgent::didOpenDatabase):
(WebCore::InspectorDatabaseAgent::getDatabaseTableNames):
(WebCore::InspectorDatabaseAgent::executeSQL):
(WebCore::InspectorDatabaseAgent::databaseForId):

inspector/InspectorIndexedDBAgent.cpp: Removed include of ExceptionCode.h.

inspector/InspectorStyleSheet.cpp: Added include of ExceptionCode.h.

page/FocusController.cpp: Removed include of ExceptionCode.h.

page/Location.h: Removed definition of ExceptionCode.

page/Page.cpp: Removed include of ExceptionCode.h.
platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm: Ditto.
platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: Ditto.
platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm: Ditto.
platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm: Ditto.

storage/StorageArea.h: Removed definition of ExceptionCode.

svg/SVGCircleElement.cpp: Removed include of ExceptionCode.h.

svg/SVGColor.cpp: Added include of ExceptionCode.h.
svg/SVGPaint.cpp: Ditto.

svg/SVGStyleElement.cpp: Removed include of ExceptionCode.h.

svg/properties/SVGListProperty.h: Added include of ExceptionCode.h.

workers/Worker.cpp: Removed include of ExceptionCode.h.
workers/WorkerMessagingProxy.cpp: Ditto.

xml/XMLSerializer.cpp: Removed unneeded includes.

(WebCore::XMLSerializer::serializeToString): Use nullptr.

xml/XMLSerializer.h: Removed definition of ExceptionCode, fixed indentation

of this file, and made a couple tweaks.

Source/WebKit2:

WebProcess/Storage/StorageAreaImpl.cpp: Removed include of ExceptionCode.h.

9:46 AM Changeset in webkit [208687] by commit-queue@webkit.org

7 edits in trunk/Source/WebCore

MediaStreamPrivate::create should take vectors of Ref
https://bugs.webkit.org/show_bug.cgi?id=164670

Patch by Youenn Fablet <youenn@apple.com> on 2016-11-14
Reviewed by Sam Weinig.

No change of behavior.

Modules/webaudio/MediaStreamAudioDestinationNode.cpp:

(WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):

platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::create):

platform/mediastream/MediaStreamPrivate.h:
platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::createMediaStream):

platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:

(WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable):

platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::createMediaStream):

9:40 AM Changeset in webkit [208686] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Settings tab should look more like a native macOS view
https://bugs.webkit.org/show_bug.cgi?id=164708
<rdar://problem/29241296>

Reviewed by Timothy Hatcher.

UserInterface/Views/SettingsTabContentView.css:

(.content-view.settings):
(.content-view.settings > .header):
(.content-view.settings > .setting-container):
Match macOS Sierra default font size for settings view.

(.content-view.settings > .setting-container > .setting-name):
(.content-view.settings > .setting-container > .setting-value-controller):
(.content-view.settings > .setting-container > .setting-value-controller input):
(.content-view.settings > .setting-container > .setting-value-controller input[type="checkbox"]):
Make checkbox larger.

(.content-view.settings > .setting-container > .setting-value-controller select):
(.content-view.settings > .setting-container > .setting-value-controller input[type="number"]):
Decrease the width of the number fields to make them just wide enough to fit 2 digit numbers.

9:39 AM Changeset in webkit [208685] by jdiggs@igalia.com

13 edits
2 adds in trunk

AX: [ATK] Expose STATE_SINGLE_LINE and STATE_MULTI_LINE for ARIA searchbox role
https://bugs.webkit.org/show_bug.cgi?id=164712

Reviewed by Chris Fleizach.

Source/WebCore:

Include SearchFieldRole when adding STATE_SINGLE_LINE and STATE_MULTI_LINE
to AtkStateSet.

Test: accessibility/gtk/singleline-and-multiline.html

accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(setAtkStateSetFromCoreObject):

Tools:

Add AccessibilityUIElement::isSingleLine, AccessibilityUIElement::isMultiLine
to DRT and WKTR. Implement it for ATK.

DumpRenderTree/AccessibilityUIElement.h:
DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::isSingleLine):
(AccessibilityUIElement::isMultiLine):

DumpRenderTree/mac/AccessibilityUIElementMac.mm:

(AccessibilityUIElement::isSingleLine):
(AccessibilityUIElement::isMultiLine):

DumpRenderTree/win/AccessibilityUIElementWin.cpp:

(AccessibilityUIElement::isSingleLine):
(AccessibilityUIElement::isMultiLine):

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::isSingleLine):
(WTR::AccessibilityUIElement::isMultiLine):

WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::isSingleLine):
(WTR::AccessibilityUIElement::isMultiLine):

WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::isSingleLine):
(WTR::AccessibilityUIElement::isMultiLine):

LayoutTests:

accessibility/gtk/singleline-and-multiline-expected.txt: Added.
accessibility/gtk/singleline-and-multiline.html: Added.

7:46 AM Changeset in webkit [208684] by commit-queue@webkit.org

3 edits
18 adds in trunk

Support WPT templated tests
https://bugs.webkit.org/show_bug.cgi?id=164707

Patch by Youenn Fablet <youenn@apple.com> on 2016-11-14
Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

web-platform-tests/IndexedDB/interfaces.worker-expected.txt: Added.
web-platform-tests/IndexedDB/interfaces.worker.html: Added.
web-platform-tests/WebIDL/ecmascript-binding/es-exceptions/constructor-object.worker-expected.txt: Added.
web-platform-tests/WebIDL/ecmascript-binding/es-exceptions/constructor-object.worker.html: Added.
web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.any-expected.txt: Added.
web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.any.html: Added.
web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.worker-expected.txt: Added.
web-platform-tests/XMLHttpRequest/XMLHttpRequest-withCredentials.worker.html: Added.
web-platform-tests/XMLHttpRequest/abort-during-open.worker-expected.txt: Added.
web-platform-tests/XMLHttpRequest/abort-during-open.worker.html: Added.
web-platform-tests/XMLHttpRequest/send-send.worker-expected.txt: Added.
web-platform-tests/XMLHttpRequest/send-send.worker.html: Added.
web-platform-tests/XMLHttpRequest/send-usp.worker-expected.txt: Added.
web-platform-tests/XMLHttpRequest/send-usp.worker.html: Added.
web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/NavigatorID.worker-expected.txt: Added.
web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/NavigatorID.worker.html: Added.
web-platform-tests/url/historical.worker-expected.txt: Added.
web-platform-tests/url/historical.worker.html: Added.

Tools:

Scripts/webkitpy/w3c/test_importer.py:

(TestImporter.write_html_files_for_templated_js_tests): Generating empty HTML files for templated JS tests.
(TestImporter.import_tests):

7:46 AM Changeset in webkit [208683] by commit-queue@webkit.org

8 edits in trunk/Source/WebCore

RTCRtpTransceiver should have Ref of sender and receiver
https://bugs.webkit.org/show_bug.cgi?id=164665

Patch by Youenn Fablet <youennf@gmail.com> on 2016-11-14
Reviewed by Darin Adler.

No change of behavior.

Making RTCRptTransceiver have Ref<RTCRtpSender> and Ref<RTCRtpReceiver>.
Transforming transceiver set list of senders and receivers as vectors of references to reduce count churning.
Also making RTCRptTransceiver have a Ref<RTCIceTransport> instead of a RefPtr.

Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::createAnswerTask):
(WebCore::createSourceMap):
(WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
(WebCore::MediaEndpointPeerConnection::createReceiver):
(WebCore::MediaEndpointPeerConnection::replaceTrack):

Modules/mediastream/MediaEndpointPeerConnection.h:
Modules/mediastream/PeerConnectionBackend.h:
Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::RTCPeerConnection::addTrack):
(WebCore::RTCPeerConnection::removeTrack):
(WebCore::RTCPeerConnection::close):

Modules/mediastream/RTCPeerConnection.h:
Modules/mediastream/RTCRtpTransceiver.cpp:

(WebCore::RTCRtpTransceiver::RTCRtpTransceiver):

Modules/mediastream/RTCRtpTransceiver.h:

(WebCore::RTCRtpTransceiver::create):
(WebCore::RTCRtpTransceiver::sender):
(WebCore::RTCRtpTransceiver::receiver):
(WebCore::RTCRtpTransceiver::iceTransport):
(WebCore::RtpTransceiverSet::senders):
(WebCore::RtpTransceiverSet::receivers):

7:39 AM Changeset in webkit [208682] by Csaba Osztrogonác

4 edits in trunk/Source/WebCore

Fix various --minimal build issue
https://bugs.webkit.org/show_bug.cgi?id=164479

Reviewed by Darin Adler.

dom/Node.cpp:
platform/audio/PlatformMediaSessionManager.cpp:
testing/Internals.cpp:

(WebCore::Internals::captionsStyleSheetOverride):

7:39 AM Changeset in webkit [208681] by Csaba Osztrogonác

4 edits in trunk/Source/WebCore

Fix the !ENABLE(VIDEO_TRACK) build
https://bugs.webkit.org/show_bug.cgi?id=164476

Reviewed by Darin Adler.

css/RuleSet.cpp:

(WebCore::RuleSet::addRule):

css/parser/CSSParserValues.h:

(WebCore::CSSParserSelector::needsImplicitShadowCombinatorForMatching):

css/parser/CSSSelectorParser.cpp:

(WebCore::isPseudoElementFunction):
(WebCore::CSSSelectorParser::consumePseudo):

7:21 AM Changeset in webkit [208680] by magomez@igalia.com

2 edits in trunk/Source/WebCore

[GTK] Do not use gstreamer-gl when accelerated compositing is disabled
https://bugs.webkit.org/show_bug.cgi?id=164481

Reviewed by Žan Doberšek.

Check whether accelerated compositing is enabled before creating the gstreamer-gl video sink.

No new tests (Covered by existing tests).

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::createVideoSink):

5:48 AM Changeset in webkit [208679] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

Fix the !ENABLE(CSS_BOX_DECORATION_BREAK) build
https://bugs.webkit.org/show_bug.cgi?id=164478

Reviewed by Darin Adler.

css/parser/CSSParserFastPaths.cpp:

(WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):

5:48 AM Changeset in webkit [208678] by Csaba Osztrogonác

3 edits in trunk/Source/WebCore

Fix the !ENABLE(CSS_GRID_LAYOUT) build
https://bugs.webkit.org/show_bug.cgi?id=164477

Reviewed by Darin Adler.

css/parser/CSSParserFastPaths.cpp:

(WebCore::isSimpleLengthPropertyID):

css/parser/CSSPropertyParser.cpp:

(WebCore::CSSPropertyParser::parseSingleValue):
(WebCore::CSSPropertyParser::parseShorthand):

4:22 AM Changeset in webkit [208677] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

[EFL] Suppress build warning in generated Geoclue2Interface.c
https://bugs.webkit.org/show_bug.cgi?id=164475

Reviewed by Darin Adler.

PlatformEfl.cmake:

1:56 AM Changeset in webkit [208676] by Philippe Normand

4 edits in trunk/Source/WebCore

[GStreamer][OWR] poor video rendering in apprtc
https://bugs.webkit.org/show_bug.cgi?id=164585

Reviewed by Xabier Rodriguez-Calvar.

The apprtc service uses 3 video elements in total, one for local, one
for remote and one called preview. During a call only remote and
preview are displayed, preview being linked to the same mediastream as
local. The consequence is that 2 OWR video renderers of the same
source are created. When gst-gl is enabled this isn't a problem but
when it is disabled a performance issue appears and the webkit video
sink starts dropping frames.

The solution is to have the video renderer shared between the 2
media players in this scenario.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

(WebCore::MediaPlayerPrivateGStreamerBase::videoSink): Add video sink getter.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:

(WebCore::MediaPlayerPrivateGStreamerOwr::load): Make sure the m_streamPrivate is
set before creating the video sink.
(WebCore::MediaPlayerPrivateGStreamerOwr::createVideoSink): Re-use video renderer
and sink if they have previously been created for another media player.

platform/mediastream/MediaStreamPrivate.h: Store GStreamer sink and renderer so

they can be potentially used by multiple media players.
(WebCore::MediaStreamPrivate::setVideoRenderer):
(WebCore::MediaStreamPrivate::getVideoSinkElement):
(WebCore::MediaStreamPrivate::getVideoRenderer):

Nov 13, 2016:

11:12 PM Changeset in webkit [208675] by commit-queue@webkit.org

4 edits
3 adds in trunk

[HarfBuzz] HarfBuzzShaper should not assume numGlyphs is greater than 0
https://bugs.webkit.org/show_bug.cgi?id=164500

Patch by Fujii Hironori <Fujii Hironori> on 2016-11-13
Reviewed by Myles C. Maxfield.

Source/WebCore:

Test: fast/text/international/harfbuzz-runs-with-no-glyph.html

HarfBuzzShaper assumes numGlyphs of HarfBuzzRun is greater than
zero. But this is not necessarily true. If a font does not have a
glyph of SPACE (U+0020), HarfBuzz removes ignorable glyphs. In
this case, HarfBuzzRun can have no glyphs.

platform/graphics/harfbuzz/HarfBuzzShaper.cpp:

(WebCore::HarfBuzzShaper::HarfBuzzRun::applyShapeResult): Resize
m_offsets to one if m_numGlyphs is zero.

platform/graphics/harfbuzz/HarfBuzzShaper.h:

(WebCore::HarfBuzzShaper::HarfBuzzRun::glyphs): Use Vector::data()
instread of operator[0].
(WebCore::HarfBuzzShaper::HarfBuzzRun::advances): Ditto.
(WebCore::HarfBuzzShaper::HarfBuzzRun::offsets): Ditto.
(WebCore::HarfBuzzShaper::HarfBuzzRun::glyphToCharacterIndexes): Ditto.

LayoutTests:

fast/text/international/harfbuzz-runs-with-no-glyph-expected.txt: Added.
fast/text/international/harfbuzz-runs-with-no-glyph.html: Added.
fast/text/international/resources/ignorables.woff: Added.

11:06 PM Changeset in webkit [208674] by Chris Dumez

4 edits
2 adds in trunk

REGRESSION (204441): newsplex.com map does not load
https://bugs.webkit.org/show_bug.cgi?id=164705
<rdar://problem/28753438>

Reviewed by Darin Adler.

Source/WebCore:

Update getElementsByTagName(qualifiedName) implementation to match more closely
the specification at:

In particular, we no longer split the input qualifiedName into a prefix and a
localName in order to compare those to element.prefix() / element.localName().
Instead, we keep the input qualifiedName as is and compare it to the element's
qualifiedName. This matters for HTML elements inside an HTML document that have
a semicolon in their localname (e.g. 'wx:map'). For this example, the element's
localName and its qualified name are both 'wx:map'. Calling
getElementsByTagName('wx:map') should return it. However, if you split the input
qualifiedName into a prefix and a localName, you end up checking:
'wx' == null && 'map' == 'wx:map'
which does not match.

Test: fast/dom/getElementsByTagName-HTMLElement-prefix.html

dom/TagCollection.cpp:

(WebCore::TagCollection::TagCollection):
(WebCore::TagCollection::~TagCollection):
(WebCore::HTMLTagCollection::HTMLTagCollection):
(WebCore::HTMLTagCollection::~HTMLTagCollection):
(WebCore::makeQualifiedName): Deleted.
(WebCore::splitQualifiedName): Deleted.

dom/TagCollection.h:

(WebCore::TagCollection::elementMatches):
(WebCore::HTMLTagCollection::elementMatches):

LayoutTests:

fast/dom/getElementsByTagName-HTMLElement-prefix-expected.txt: Added.
fast/dom/getElementsByTagName-HTMLElement-prefix.html: Added.

9:14 PM Changeset in webkit [208673] by Darin Adler

5 edits
2 deletes in trunk/Source/WebCore

Remove ExceptionCodePlaceholder
https://bugs.webkit.org/show_bug.cgi?id=164703

Reviewed by Sam Weinig.

CMakeLists.txt: Removed ExceptionCodePlaceholder.cpp.
WebCore.xcodeproj/project.pbxproj: Removed ExceptionCodePlaceholder.h/cpp.

Also let Xcode make a change to the file, I think removing an unreferenced
dead entry for a file that is already listed under a different ID.

dom/DOMAllInOne.cpp: Removed ExceptionCodePlaceholder.cpp.
dom/ExceptionCodePlaceholder.cpp: Removed.
dom/ExceptionCodePlaceholder.h: Removed.
inspector/InspectorDatabaseAgent.cpp: Removed include of ExceptionCodePlaceholder.h.

7:22 PM Changeset in webkit [208672] by Darin Adler

50 edits
6 deletes in trunk/Source

Fix exception handling in SQL database code, streamline and update code
https://bugs.webkit.org/show_bug.cgi?id=164685

Reviewed by Sam Weinig.

Source/WebCore:

Removed some old abstraction layers that were no longer in use. For example,
i n many cases, calls were going through DatabaseManager, which called through
an abstract class AbstractDatabaseServer to a concrete class DatabaseServer,
which then called through to DatabaseTracker. Clients now mostly just call
DatabaseTracker directly.

CMakeLists.txt: Removed DatabaseServer.cpp and SQLTransactionClient.cpp.

Modules/webdatabase/AbstractDatabaseServer.h: Removed.

Modules/webdatabase/DOMWindowWebDatabase.cpp:

(WebCore::DOMWindowWebDatabase::openDatabase): Use ExceptionOr instead of
DatabaseError to communicate DOM exceptions from DatabaseManager.

Modules/webdatabase/Database.cpp:

(WebCore::Database::Database): Use a reference instead of a RefPtr&& for database
context. Use unsigned instead of unsigned long. Modernize code to use more
initialization rather than assignment, to initialize scalar data members in the
class definition, and to use HashMap::ensure.
(WebCore::Database::databaseThread): Added. This class asserts that there is a
thread in the constructor, and so it is useful to have a helper for all the other
functions that assumes the thread is present and returns a reference rather than
a pointer.
(WebCore::Database::~Database): Updated since m_scriptExecutionContext is now
a Ref instead of a RefPtr.
(WebCore::Database::openAndVerifyVersion): Use ExceptionOr and databaseThread.
(WebCore::Database::close): Use databaseThread.
(WebCore::Database::performClose): Ditto.
(WebCore::DoneCreatingDatabaseOnExitCaller::DoneCreatingDatabaseOnExitCaller):
Use a reference. Removed unused m_openSuccceeded.
(WebCore::DoneCreatingDatabaseOnExitCaller::~DoneCreatingDatabaseOnExitCaller):
Use DatabaseTracker::singleton by its new name.
(WebCore::DoneCreatingDatabaseOnExitCaller::setOpenSucceeded): Deleted.
(WebCore::Database::performOpenAndVerify): Use ExceptionOr and update for above.
(WebCore::Database::closeDatabase): Updated for name change.
(WebCore::Database::scheduleTransaction): Updated for above, simplified and
streamlined.
(WebCore::Database::scheduleTransactionStep): Use databaseThread.
(WebCore::Database::transactionClient): Deleted. This object is no longer needed.
(WebCore::Database::transactionCoordinator): Use databaseThread.
(WebCore::Database::markAsDeletedAndClose): Removed unnecessary null check for
databaseThread, which can never be null.
(WebCore::Database::estimatedSize): Use unsigned, not unsigned long.
(WebCore::Database::disableAuthorizer): Removed assertion about RefPtr that is
now a Ref and never could have been null.
(WebCore::Database::enableAuthorizer): Ditto.
(WebCore::Database::setAuthorizerPermissions): Ditto.
(WebCore::Database::lastActionChangedDatabase): Ditto.
(WebCore::Database::lastActionWasInsert): Ditto.
(WebCore::Database::resetDeletes): Ditto.
(WebCore::Database::hadDeletes): Ditto.
(WebCore::Database::resetAuthorizer): Removed null check for a RefPtr that is now
a Ref and never could have been null.
(WebCore::Database::runTransaction): Simplified a bit.
(WebCore::Database::tableNames): Use databaseThread.
(WebCore::Database::securityOrigin): Changed to return a reference instead of a
pointer because all the callers need it to do that. If called on the wrong thread,
this will now do a RELEASE_ASSERT_NOT_REACHED. In the old code it would return a
null pointer and then the caller would dereference it a moment later, so it would
still be a crash.
(WebCore::Database::maximumSize): Removed const since it's not really needed and
the DatabaseTracker wants a non-const reference to this database.
(WebCore::Database::didCommitWriteTransaction): Added. Moved this code here from
SQLTransactionClient. There is no abstraction layer, so no reason to not have
this code, quite comparable to the rest of the code in the class, here. I am
assuming this served some more useful purpose back when we had a different back end
for Chromium?
(WebCore::Database::didExceedQuota): Ditto.

Modules/webdatabase/Database.h: Updated for above changes. Made some functions

return references instead of pointers. Use Ref instead of RefPtr for some things that
can never be null.

Modules/webdatabase/Database.idl: Added ImplementationLacksVTable because the

Database class is not polymorphic.

Modules/webdatabase/DatabaseContext.cpp:

(WebCore::DatabaseContext::DatabaseContext): Take a reference instead of a pointer.
Moved data member initialization into class definition. Remove code that tries to do
debug accounting and databasecontext registration and instead just make sure to keep
the ScriptExecutionContext pointing at the DatabaseContext.
(WebCore::DatabaseContext::~DatabaseContext): Ditto.
(WebCore::DatabaseContext::stopDatabases): Ditto.

Modules/webdatabase/DatabaseContext.h: Updated for the above. Also used the

scriptExecutionContext function inherited from the base class intead of adding our
own, and added a existingDatabaseThread() function, letting us get at the database
thread efficiently without creating a new one.

Modules/webdatabase/DatabaseError.h: Removed. We now use DOM exceptions directly

instead of our own error enumeration that has to be translated to a DOM exception.

Modules/webdatabase/DatabaseManager.cpp: Moved the ProposedDatabase class here

from the header file, and had it use references instead of pointers.
(WebCore::DatabaseManager::DatabaseManager): Deleted. There was nothing left to
initialize once the refactoring was done.
(WebCore::DatabaseManager::initialize): Call DatabaseTracker directly instead of
calling through m_server.
(WebCore::DatabaseManager::setClient): Ditto.
(WebCore::DatabaseManager::databaseDirectoryPath): Deleted. Callers will use the
function in DatabaseTracker directly.
(WebCore::DatabaseManager::setDatabaseDirectoryPath): Ditto.
(WebCore::DatabaseManager::existingDatabaseContextFor): Deleted. Callers will use
the ScriptExecutionContext::databaseContext function instead.
(WebCore::DatabaseManager::databaseContext): Renamed from databaseContextFor.
(WebCore::DatabaseManager::registerDatabaseContext): Deleted.
(WebCore::DatabaseManager::unregisterDatabaseContext): Deleted.
(WebCore::DatabaseManager::didConstructDatabaseContext): Deleted.
(WebCore::DatabaseManager::didDestructDatabaseContext): Deleted.
(WebCore::DatabaseManager::exceptionCodeForDatabaseError): Deleted.
(WebCore::logOpenDatabaseError): Tweaked conditionals a bit.
(WebCore::DatabaseManager::openDatabaseBackend): Use ExceptionOr. Changed to call
tryToOpenDatabaseBackend function here in this class rather than using m_server.
(WebCore::DatabaseManager::tryToOpenDatabaseBackend): Added. Moved here from the
DatabaseServer class.
(WebCore::DatabaseManager::addProposedDatabase): Take a reference.
(WebCore::DatabaseManager::removeProposedDatabase): Ditto.
(WebCore::DatabaseManager::openDatabase): Use ExceptionOr.
(WebCore::DatabaseManager::hasOpenDatabases): Use ScriptContext::databaseContext
directly instead of using helper functions in this class.
(WebCore::DatabaseManager::stopDatabases): Ditto.
(WebCore::DatabaseManager::fullPathForDatabase): Take a reference and also call
DatabaseTracker directly instead of calling through m_server.
(WebCore::DatabaseManager::hasEntryForOrigin): Deleted. Callers will use the
function in DatabaseTracker directly.
(WebCore::DatabaseManager::origins): Ditto.
(WebCore::DatabaseManager::databaseNamesForOrigin): Ditto.
(WebCore::DatabaseManager::detailsForNameAndOrigin): Call DatabaseTracker directly
instead of calling through m_server.
(WebCore::DatabaseManager::usageForOrigin): Deleted. Callers will use the
function in DatabaseTracker directly.
(WebCore::DatabaseManager::quotaForOrigin): Ditto.
(WebCore::DatabaseManager::setQuota): Ditto.
(WebCore::DatabaseManager::deleteAllDatabasesImmediately): Ditto.
(WebCore::DatabaseManager::deleteOrigin): Ditto.
(WebCore::DatabaseManager::deleteDatabase): Ditto.
(WebCore::DatabaseManager::closeAllDatabases): Ditto.
(WebCore::DatabaseManager::logErrorMessage): Take a reference.

Modules/webdatabase/DatabaseManager.h: Updated for changes above.

Modules/webdatabase/DatabaseManagerClient.h: Use references for security origins.

Also changed #if for iOS so that other platforms can call the iOS-specific functions
and they have inline empty bodies; lets us clean up call sites to not need conditionals.

Modules/webdatabase/DatabaseServer.cpp: Removed.
Modules/webdatabase/DatabaseServer.h: Removed.

Modules/webdatabase/DatabaseTask.cpp:

(WebCore::isolatedCopy): Added. Helper functions for making isolated copies of
exceptions, which can contain strings.
(WebCore::DatabaseOpenTask::DatabaseOpenTask): Use ExceptionOr<void> instead of
a DatabaseError, a String, and a success boolean.
(WebCore::DatabaseOpenTask::doPerformTask): Updated to use ExceptoinOr.
(WebCore::DatabaseTableNamesTask::DatabaseTableNamesTask): Renamed.
(WebCore::DatabaseTableNamesTask::doPerformTask): Added a comment.

Modules/webdatabase/DatabaseTask.h: Updated for above changes.

Modules/webdatabase/DatabaseThread.cpp:

(WebCore::DatabaseThread::DatabaseThread): Initialized data members in the class
definition. Removed m_transactionClient.
(WebCore::DatabaseThread::recordDatabaseOpen): Take a reference.
(WebCore::DatabaseThread::recordDatabaseClosed): Ditto.
(WebCore::DatabaseThread::scheduleTask): Use an rvalue reference.
(WebCore::DatabaseThread::scheduleImmediateTask): Ditto.
(WebCore::DatabaseThread::unscheduleDatabaseTasks): Use a lambda instead of a
class for the same-database predicate.

Modules/webdatabase/DatabaseThread.h: Updated for above.

Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::isolatedCopy): Added. Helper for making an isolated copy of a vector
of strings.
(WebCore::DatabaseTracker::singleton): Renamed from tracker.
(WebCore::DatabaseTracker::DatabaseTracker): Moved the code from
setDatabaseDirectoryPath in here.
(WebCore::DatabaseTracker::setDatabaseDirectoryPath): Deleted.
(WebCore::DatabaseTracker::databaseDirectoryPath): Deleted.
(WebCore::DatabaseTracker::hasAdequateQuotaForOrigin): Use ExceptionOr.
(WebCore::DatabaseTracker::canEstablishDatabase): Ditto.
(WebCore::DatabaseTracker::retryCanEstablishDatabase): Ditto.
(WebCore::DatabaseTracker::hasEntryForOriginNoLock): Take a reference.
(WebCore::DatabaseTracker::hasEntryForOrigin): Deleted.
(WebCore::DatabaseTracker::hasEntryForDatabase): Take a reference.
(WebCore::DatabaseTracker::maximumSize): Renamed from getMaxSizeForDatabase
and changed to take a reference.
(WebCore::DatabaseTracker::originPath): Take a reference.
(WebCore::DatabaseTracker::fullPathForDatabaseNoLock): Ditto.
(WebCore::DatabaseTracker::fullPathForDatabase): Ditto.
(WebCore::DatabaseTracker::origins): Changed to use a return value instead
of using an out argument.
(WebCore::DatabaseTracker::databaseNamesNoLock): Ditto. Also renamed from
databaseNamesForOriginNoLock.
(WebCore::DatabaseTracker::databaseNames): Ditto. Also renamed from
databaseNamesForOrigin.
(WebCore::DatabaseTracker::detailsForNameAndOrigin): Take a reference.
(WebCore::DatabaseTracker::setDatabaseDetails): Ditto.
(WebCore::DatabaseTracker::doneCreatingDatabase): Ditto.
(WebCore::DatabaseTracker::addOpenDatabase): Ditto.
(WebCore::DatabaseTracker::removeOpenDatabase): Ditto.
(WebCore::DatabaseTracker::getOpenDatabases): Deleted.
(WebCore::DatabaseTracker::originLockFor): Take a reference.
(WebCore::DatabaseTracker::deleteOriginLockFor): Take a reference.
(WebCore::DatabaseTracker::usage): Renamed from usageForOrigin. Take a reference.
(WebCore::DatabaseTracker::quotaNoLock): Renamed from quotaForOriginNoLock.
Take a reference.
(WebCore::DatabaseTracker::quota): Renamed from quatoForOrigin. Take a reference.
(WebCore::DatabaseTracker::setQuota): Take a reference.
(WebCore::DatabaseTracker::addDatabase): Ditto.
(WebCore::DatabaseTracker::deleteAllDatabasesImmediately): Updated now that
origins has a return value.
(WebCore::DatabaseTracker::deleteDatabasesModifiedSince): Ditto.
(WebCore::DatabaseTracker::deleteOrigin): Take a reference.
(WebCore::DatabaseTracker::isDeletingDatabaseOrOriginFor): Ditto.
(WebCore::DatabaseTracker::recordCreatingDatabase): Updated to take a reference,
use unique_ptr, and use HashCountedSet.
(WebCore::DatabaseTracker::doneCreatingDatabase): Ditto.
(WebCore::DatabaseTracker::creatingDatabase): Ditto.
(WebCore::DatabaseTracker::canDeleteDatabase): Take a reference.
(WebCore::DatabaseTracker::recordDeletingDatabase): Updated to take a reference,
and use unique_ptr.
(WebCore::DatabaseTracker::doneDeletingDatabase): Ditto.
(WebCore::DatabaseTracker::isDeletingDatabase): Ditto.
(WebCore::DatabaseTracker::canDeleteOrigin): Take a reference.
(WebCore::DatabaseTracker::isDeletingOrigin): Ditto.
(WebCore::DatabaseTracker::recordDeletingOrigin): Ditto.
(WebCore::DatabaseTracker::doneDeletingOrigin): Ditto.
(WebCore::DatabaseTracker::deleteDatabase): Ditto.
(WebCore::DatabaseTracker::deleteDatabaseFile): Ditto.
(WebCore::DatabaseTracker::removeDeletedOpenedDatabases): Ditto.
(WebCore::DatabaseTracker::scheduleNotifyDatabaseChanged): Ditto.
(WebCore::DatabaseTracker::notifyDatabasesChanged): Ditto.

Modules/webdatabase/DatabaseTracker.h: Updated for above changes.

Modules/webdatabase/SQLStatement.cpp:

(WebCore::SQLStatement::SQLStatement): Updated since Database::scriptExecutionContext
now returns a reference.

Modules/webdatabase/SQLTransaction.cpp:

(WebCore::SQLTransaction::SQLTransaction): Moved data member initialization to
the calss definition. Also updated since Database::scriptExecutionContext now
returns a reference.
(WebCore::SQLTransaction::executeSQL): Use ExceptionOr.
(WebCore::SQLTransaction::checkAndHandleClosedDatabase): Updated since
databaseContext now returns a reference.
(WebCore::SQLTransaction::deliverQuotaIncreaseCallback): Updated to call
didExceedQuota on the database instead of the transaction client.
(WebCore::SQLTransaction::postflightAndCommit): Updated to call
didCommitWriteTransaction on the database instead of the transaction client.
(WebCore::SQLTransaction::acquireOriginLock): Updated for name change of
DatabaseTracker::tracker to DatbaseTracker::singleton.

Modules/webdatabase/SQLTransaction.h: Updated for above.
Modules/webdatabase/SQLTransaction.idl: Added MayThrowException to

executeSql. Not technically needed since it's a custom binding.

Modules/webdatabase/SQLTransactionBackend.cpp:

(WebCore::SQLTransactionBackend::doCleanup): Updated assertion to use
Database::databaseThread.
(WebCore::SQLTransactionBackend::notifyDatabaseThreadIsShuttingDown): Ditto.

Modules/webdatabase/SQLTransactionClient.cpp: Removed.
Modules/webdatabase/SQLTransactionClient.h: Removed.

Modules/webdatabase/SQLTransactionCoordinator.cpp:

(WebCore::getDatabaseIdentifier): Updated to pass a reference.

WebCore.xcodeproj/project.pbxproj: Removed various deleted files.

Also let Xcode change the whitespace on some lines.

bindings/js/JSSQLTransactionCustom.cpp:

(WebCore::JSSQLTransaction::executeSql): Use ExceptionOr, specifically by
using the propagateException function.

dom/ScriptExecutionContext.h: Added databaseContext function. Before, we

had setDatabaseContext, but no way to inspect the pointer that was stored.

inspector/InspectorDatabaseAgent.cpp: Removed IGNORE_EXCEPTION in a call

to executeSQL, which no longer has an ExceptionCode out argument.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::stopLoading): Pass a reference in the call to
DatabaseManager::stopDatabases.

Source/WebKit/mac:

Storage/WebDatabaseManager.mm:

(-[WebDatabaseManager origins]): Updated to use DatabaseTracker and pass
a reference.
(-[WebDatabaseManager databasesWithOrigin:]): Ditto.
(-[WebDatabaseManager detailsForDatabase:withOrigin:]): Pass reference,
but continue to use DatabaseManager.
(-[WebDatabaseManager deleteOrigin:]): Use DatabaseTracker and pass a
reference.
(-[WebDatabaseManager deleteDatabase:withOrigin:]): Ditto.

Storage/WebDatabaseManagerClient.h: Updated to take references.
Storage/WebDatabaseManagerClient.mm:

(WebDatabaseManagerClient::WebDatabaseManagerClient): Initialize data
members in the class definition.
(DidModifyOriginData::dispatchToMainThread): Take references.
(DidModifyOriginData::DidModifyOriginData): Ditto.
(WebDatabaseManagerClient::dispatchDidModifyOrigin): Ditto.
(WebDatabaseManagerClient::dispatchDidModifyDatabase): Ditto.
(WebDatabaseManagerClient::dispatchDidAddNewOrigin): Ditto. Also use
DatabaseTracker::singleton instead of tracker.

Storage/WebDatabaseQuotaManager.mm:

(-[WebDatabaseQuotaManager initWithOrigin:]): Reject nil pointer argument.
(-[WebDatabaseQuotaManager usage]): Use reference instead of pointer.
(-[WebDatabaseQuotaManager quota]): Ditto.
(-[WebDatabaseQuotaManager setQuota:]): Ditto.

WebCoreSupport/WebSecurityOrigin.mm:

(-[WebSecurityOrigin initWithURL:]): Tweaked code a bit.
(-[WebSecurityOrigin usage]): Use DatabaseTracker and pass a reference.
(-[WebSecurityOrigin quota]): Ditto.
(-[WebSecurityOrigin setQuota:]): Ditto.

WebView/WebFrame.mm:

(-[WebFrame _cacheabilityDictionary]): Pass a reference.

Source/WebKit/win:

WebDatabaseManager.cpp:

(WebDatabaseManager::origins): Use DatabaseTracker.
(WebDatabaseManager::databasesWithOrigin): Ditto.
(WebDatabaseManager::detailsForDatabase): Use reference.
(WebDatabaseManager::deleteAllDatabases): Use DatabaseTracker.
(WebDatabaseManager::deleteOrigin): Ditto.
(WebDatabaseManager::deleteDatabase): Ditto.
(WebDatabaseManager::dispatchDidModifyOrigin): Use reference
and DatabaseTracker.
(WebDatabaseManager::setQuota): Ditto.
(WebDatabaseManager::dispatchDidModifyDatabase): Ditto.

WebDatabaseManager.h: Updated client functions to take a reference.

WebSecurityOrigin.cpp:

(WebSecurityOrigin::usage): Update to use DatabaseTracker.
(WebSecurityOrigin::quota): Ditto.
(WebSecurityOrigin::setQuota): Ditto.

Source/WebKit2:

UIProcess/API/efl/ewk_database_manager.cpp:

(EwkDatabaseManager::getDatabaseOrigins): Update for change to the
DatabaseTracker::origins function.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData): Use DatabaseTracker.
(WebKit::WebsiteDataStore::removeData): Ditto.

WebProcess/InjectedBundle/API/c/WKBundle.cpp:

(WKBundleSetDatabaseQuota): Ditto.

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::exceededDatabaseQuota): Ditto.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::processWillSuspendImminently): Ditto.

12:36 PM Changeset in webkit [208671] by mitz@apple.com

2 edits in trunk/Source/WebCore

Try to fix building with newer versions of clang.

page/FrameView.h: Don’t export an inline function.

11:28 AM Changeset in webkit [208670] by jfbastien@apple.com

7 edits
2 adds in trunk

Implement WTF::Expected
https://bugs.webkit.org/show_bug.cgi?id=164526

Reviewed by Yusuke Suzuki.

std::expected isn't in C++17, and may be in C++20. It's a nice
complement to std::any / std::optional because it's a type-tagged
union which has a single expected result but could also contain an
error.

This would be useful in the WebAssembly parser, for example.

Using this implementation will allow us to provide feedback to the
standards committee and guide std::expected's design before it
gets standardized. I've already sent a bunch of feedback to the
author based on my experience implementing this.

This could supplement WTF::Either and WTF::ExceptionOr.

Source/WTF:

WTF.xcodeproj/project.pbxproj:
wtf/Compiler.h: Add RELAXED_CONSTEXPR
wtf/Expected.h: Added.

(WTF::UnexpectedType::UnexpectedType):
(WTF::UnexpectedType::value):
(WTF::operator==):
(WTF::operator!=):
(WTF::operator<):
(WTF::operator>):
(WTF::operator<=):
(WTF::operator>=):
(WTF::makeUnexpected):
(WTF::ExpectedDetail::Throw):
(WTF::ExpectedDetail::ConstexprBase::ConstexprBase):
(WTF::ExpectedDetail::Base::Base):
(WTF::ExpectedDetail::Base::~Base):
(WTF::Expected::Expected):
(WTF::Expected::operator=):
(WTF::Expected::swap):
(WTF::Expected::operator->):
(WTF::Expected::operator*):
(WTF::Expected::operator bool):
(WTF::Expected::hasValue):
(WTF::Expected::value):
(WTF::Expected::error):
(WTF::Expected::getUnexpected):
(WTF::Expected::valueOr):
(WTF::swap):
(WTF::makeExpected):
(WTF::makeExpectedFromError):

Tools:

TestWebKitAPI/CMakeLists.txt:
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WTF/Expected.cpp: Added.

(WTF::operator<<):
(TestWebKitAPI::TEST):
(TestWebKitAPI::foo::foo):
(TestWebKitAPI::foo::~foo):
(TestWebKitAPI::foo::operator==):
(TestWebKitAPI::operator<<):

10:31 AM Changeset in webkit [208669] by Darin Adler

46 edits in trunk/Source/WebCore

Move crypto code from ExceptionCode to ExceptionOr
https://bugs.webkit.org/show_bug.cgi?id=164698

Reviewed by Sam Weinig.

bindings/js/JSCryptoAlgorithmDictionary.cpp:

(WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier):
Use the new identifier function instead of getIdentifierForName.

bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::normalizeCryptoAlgorithmParameters): Ditto.
(WebCore::toCryptoKeyUsageBitmap): Removed a stray meaningless const.
(WebCore::jsSubtleCryptoFunctionGenerateKeyPromise): Pass
ScriptExecutionContext as a reference instead of a pointer.

bindings/js/JSWebKitSubtleCryptoCustom.cpp:

(WebCore::createAlgorithmFromJSValue): Use the more efficient version
of setDOMException that uses scope.
(WebCore::JSWebKitSubtleCrypto::encrypt): Ditto. Also updated to use
ExceptionOr instead of ExceptionCode.
(WebCore::JSWebKitSubtleCrypto::decrypt): Ditto.
(WebCore::JSWebKitSubtleCrypto::sign): Ditto.
(WebCore::JSWebKitSubtleCrypto::verify): Ditto.
(WebCore::JSWebKitSubtleCrypto::digest): Ditto.
(WebCore::JSWebKitSubtleCrypto::generateKey): Ditto.
(WebCore::importKey): Ditto.
(WebCore::JSWebKitSubtleCrypto::wrapKey): Ditto.
(WebCore::JSWebKitSubtleCrypto::unwrapKey): Ditto.

crypto/CryptoAlgorithm.cpp:

(WebCore::CryptoAlgorithm::CryptoAlgorithm): Deleted.
(WebCore::CryptoAlgorithm::~CryptoAlgorithm): Deleted.
(WebCore::CryptoAlgorithm::generateKey): Use ExceptionOr.
(WebCore::CryptoAlgorithm::encrypt): Ditto.
(WebCore::CryptoAlgorithm::decrypt): Ditto.
(WebCore::CryptoAlgorithm::sign): Ditto.
(WebCore::CryptoAlgorithm::verify): Ditto.
(WebCore::CryptoAlgorithm::digest): Ditto.
(WebCore::CryptoAlgorithm::deriveKey): Ditto.
(WebCore::CryptoAlgorithm::deriveBits): Ditto.
(WebCore::CryptoAlgorithm::importKey): Ditto.
(WebCore::CryptoAlgorithm::encryptForWrapKey): Ditto.
(WebCore::CryptoAlgorithm::decryptForUnwrapKey): Ditto.

crypto/CryptoAlgorithm.h: Use ExceptionOr.

Moved the destructor into the header since it's more efficient for
derived classes to have it inlined. Removed the protected constructor
because since there are pure virtual functions in the class, there is
no risk of anyone misusing the public constructor.

crypto/CryptoAlgorithmRegistry.cpp:

(WebCore::CryptoAlgorithmRegistry::identifier): Renamed from
getIdentifierForName and changed to use an Optional rather than
using a boolean plus an out argument.
(WebCore::CryptoAlgorithmRegistry::name): Renamed to name from
nameForIdentifier. Also updated to share a single map containing
both names and constructors.
(WebCore::CryptoAlgorithmRegistry::create): Share single map as above.
(WebCore::CryptoAlgorithmRegistry::registerAlgorithm): Updated assertions
to a mroe straightforward style. Share single map for names and constructors.

crypto/CryptoAlgorithmRegistry.h: Updated for above.

crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:

(WebCore::CryptoAlgorithmAES_CBC::CryptoAlgorithmAES_CBC): Deleted.
(WebCore::CryptoAlgorithmAES_CBC::~CryptoAlgorithmAES_CBC): Deleted.
(WebCore::CryptoAlgorithmAES_CBC::keyAlgorithmMatches): Use references, ExceptionOr.
(WebCore::CryptoAlgorithmAES_CBC::generateKey): Ditto.
(WebCore::CryptoAlgorithmAES_CBC::encrypt): Ditto.
(WebCore::CryptoAlgorithmAES_CBC::decrypt): Ditto.
(WebCore::CryptoAlgorithmAES_CBC::importKey): Ditto.

crypto/algorithms/CryptoAlgorithmAES_CBC.h: Updated for above.