Dec 26, 2016:

7:14 PM Changeset in webkit [210152] by Alan Bujtas
  • 3 edits
    2 adds in trunk

ASSERTION FAILED: !rect.isEmpty() in WebCore::GraphicsContext::drawRect

Reviewed by Darin Adler.


Make sure we don't paint empty rects.

Test: fast/lists/assert-on-empty-list-marker.html

  • rendering/RenderListMarker.cpp:



  • fast/lists/assert-on-empty-list-marker-expected.txt: Added.
  • fast/lists/assert-on-empty-list-marker.html: Added.
11:00 AM Changeset in webkit [210151] by Yusuke Suzuki
  • 3 edits in trunk/Source/JavaScriptCore

Use variadic templates in JSC Parser to clean up

Reviewed by Saam Barati.

  • parser/Parser.cpp:


  • parser/Parser.h:

Dec 25, 2016:

11:47 PM Changeset in webkit [210150] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: Headers of table not read by VoiceOver

Reviewed by Darin Adler.


If a table cell header is hidden, by pushing off screen then the content won't be accessible.
It seems that unless specifically requested (such as using aria-hidden), we should try to return
that table cell header.

Test: accessibility/hidden-th-still-column-header.html

  • accessibility/AccessibilityTableColumn.cpp:



  • accessibility/hidden-th-still-column-header-expected.txt: Added.
  • accessibility/hidden-th-still-column-header.html: Added.
10:35 PM Changeset in webkit [210149] by Yusuke Suzuki
  • 43 edits
    2 adds in trunk

Propagate the source origin as much as possible

Reviewed by Darin Adler.


  • stress/source-origin.js: Added.



This patch introduces CallFrame::callerSourceOrigin, SourceOrigin class
and SourceProvider::m_sourceOrigin. CallFrame::callerSourceOrigin returns
an appropriate SourceOrigin if possible. If we cannot find the appropriate
one, we just return null SourceOrigin.

This paves the way for implementing the module dynamic-import[1].
When the import operator is evaluated, it will resolve the module
specifier with this propagated source origin of the caller function.

To support import operator inside the dynamic code generation
functions (like eval, new Function, indirect call to eval),
we need to propagate the caller's source origin to the generated
source code.

We do not use sourceURL for that purpose. This is because we
would like to keep sourceURL for eval / new Function null.
This sourceURL will be used for the stack dump for errors with line/column
numbers. Dumping the caller's sourceURL with line/column numbers are
meaningless. So we would like to keep it null while we would like
to propagate SourceOrigin for dynamic imports.

[1]: https://github.com/tc39/proposal-dynamic-import

  • API/JSBase.cpp:


  • API/JSObjectRef.cpp:


  • API/JSScriptRef.cpp:


  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Scripts/builtins/builtins_templates.py:
  • Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
  • Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
  • Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
  • Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
  • Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
  • Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
  • builtins/BuiltinExecutables.cpp:


  • debugger/DebuggerCallFrame.cpp:


  • inspector/InjectedScriptManager.cpp:


  • inspector/JSInjectedScriptHost.cpp:


  • inspector/agents/InspectorRuntimeAgent.cpp:


  • interpreter/CallFrame.cpp:


  • interpreter/CallFrame.h:
  • interpreter/Interpreter.cpp:


  • jsc.cpp:


  • parser/SourceCode.h:


  • parser/SourceProvider.cpp:


  • parser/SourceProvider.h:


  • runtime/FunctionConstructor.cpp:


  • runtime/FunctionConstructor.h:
  • runtime/JSGlobalObjectFunctions.cpp:


  • runtime/ModuleLoaderPrototype.cpp:


  • runtime/ScriptExecutable.h:


  • runtime/SourceOrigin.h: Added.


  • tools/FunctionOverrides.cpp:



  • bindings/js/CachedScriptSourceProvider.h:


  • bindings/js/JSLazyEventListener.cpp:


  • bindings/js/ScriptSourceCode.h:


  • bridge/NP_jsobject.cpp:


  • bridge/objc/WebScriptObject.mm:

(-[WebScriptObject evaluateWebScript:]):


  • Plugins/Hosted/NetscapePluginInstanceProxy.mm:



  • Plugins/PluginPackage.cpp:

(WebCore::makeSource): Deleted.


  • WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:


5:33 PM Changeset in webkit [210148] by weinig@apple.com
  • 38 edits
    2 adds in trunk

[WebIDL] Remove (most) custom bindings for the IndexedDB code

Reviewed by Darin Adler.


Removes the custom bindings for all but one attribute (IDBRequest.result) in
the IndexedDB code.

  • Adds a new WebIDL extension type, IDBKey, to represent the complex key conversion rules IndexedDB specifies.
  • Replaces custom bindings for IDBCursor.source with use of a union.
  • Replaces custom enum type checking for IDBCursor.direction with a WebIDL enum.
  • Replaces custom code generation for IDBKeyPaths with a union.
  • CMakeLists.txt:
  • DerivedSources.make:
  • WebCore.xcodeproj/project.pbxproj:

Add new files.

  • Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::directionNext): Deleted.
(WebCore::IDBCursor::directionNextUnique): Deleted.
(WebCore::IDBCursor::directionPrev): Deleted.
(WebCore::IDBCursor::directionPrevUnique): Deleted.
(WebCore::IDBCursor::stringToDirection): Deleted.
(WebCore::IDBCursor::directionToString): Deleted.

  • Modules/indexeddb/IDBCursor.h:

(WebCore::IDBCursor::objectStore): Deleted.
(WebCore::IDBCursor::index): Deleted.
Replace custom enum checking with direct use of the enum, letting the generator
handle the checks. Also adds source function which returns a Variant.

  • Modules/indexeddb/IDBCursor.idl:

Remove custom annotation and use correct types.

  • Modules/indexeddb/IDBCursorDirection.h: Added.
  • Modules/indexeddb/IDBCursorDirection.idl: Added.
  • Modules/indexeddb/IDBIndex.cpp:


  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndex.idl:
  • Modules/indexeddb/IDBObjectStore.cpp:


  • Modules/indexeddb/IDBObjectStore.h:
  • Modules/indexeddb/IDBObjectStore.idl:

Replace Strings with IDBCursorDirection enums.

  • Modules/indexeddb/IDBKeyRange.idl:

Remove annotation and use new IDBKey extension type.

  • Modules/indexeddb/IDBOpenDBRequest.cpp:

Use ReadyState enum in place of the old m_isDone boolean.

  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::readyState): Deleted.

  • Modules/indexeddb/IDBRequest.h:

(WebCore::IDBRequest::objectStoreSource): Deleted.
(WebCore::IDBRequest::indexSource): Deleted.
(WebCore::IDBRequest::cursorSource): Deleted.

  • Modules/indexeddb/IDBRequest.idl:

Replace the readyState String with a enum, and the custom source binding with a
source function that returns a Variant.

  • Modules/indexeddb/IndexedDB.h:

Add the missing values to CursorDirection to make it comply with the IDL definition.

  • bindings/generic/IDLTypes.h:
  • bindings/js/JSDOMConvert.h:

Add new extension type IDLIDBKey.

  • bindings/js/JSIDBCursorCustom.cpp:

(WebCore::JSIDBCursor::source): Deleted.

  • bindings/js/JSIDBRequestCustom.cpp:

(WebCore::JSIDBRequest::source): Deleted.
Remove custom bindings.

  • bindings/scripts/CodeGenerator.pm:


  • bindings/scripts/CodeGeneratorJS.pm:

Add support for IDBKey, and remove custom code for IndexedDB in core conversion logic.

  • bindings/scripts/IDLAttributes.txt:

Remove now unused ImplementationReturnType attribute.

  • inspector/InspectorIndexedDBAgent.cpp:

Update to work with new functions taking enums rather than strings.


  • storage/indexeddb/exceptions-expected.txt:
  • storage/indexeddb/exceptions-private-expected.txt:
  • storage/indexeddb/index-basics-expected.txt:
  • storage/indexeddb/index-basics-private-expected.txt:
  • storage/indexeddb/index-basics-workers-expected.txt:
  • storage/indexeddb/objectstore-cursor-expected.txt:
  • storage/indexeddb/objectstore-cursor-private-expected.txt:

Update results for improved exception messages.

3:57 PM Changeset in webkit [210147] by Simon Fraser
  • 10 edits
    10 adds in trunk

REGRESSION (r209299): Selection is broken when you zoom in webpage using trackpad

Reviewed by Tim Horton.


r209299 broke autoscroll in zoomed pages because it changed RenderLayer::scrollRectToVisible()
to shrink viewRect by page scale. This is incorrect for all callers of scrollRectToVisible, since
the "absoluteRect" passed in is actually in zoomed document coordinates for all the callers I tested.

This code is also fixed to account for headers and footers. getRectToExpose() takes rectangles
in "scroll view contents" coordinates (i.e. including header, and zoomed document), so doesn't need
the separate visibleRectRelativeToDocument parameter.

Tests: fast/events/autoscroll-main-document.html


  • rendering/RenderLayer.cpp:


  • rendering/RenderLayer.h:


These changes are necessary to allow the mouse to leave the WTR window while
drag-scrolling, to test autoscroll. Previously, we were never calling -mouseDragged
(which DRT does); we'd always go through mouseMoved, which hits an early return
in WebViewImpl::mouseMoved() when the point is outside the view.

  • WebKitTestRunner/mac/EventSenderProxy.mm:



Add some test coverage for autoscroll of the main document. I could only get this
working in WebKitTestRunner, not DumpRenderTree.

  • TestExpectations:
  • fast/events/autoscroll-main-document-expected.txt: Added.
  • fast/events/autoscroll-main-document.html: Added.
  • fast/events/autoscroll-when-zoomed-expected.txt: Added.
  • fast/events/autoscroll-when-zoomed.html: Added.
  • fast/events/drag-select-when-zoomed-expected.txt: Added.
  • fast/events/drag-select-when-zoomed-with-header-expected.txt: Added.
  • fast/events/drag-select-when-zoomed-with-header.html: Added.
  • fast/events/drag-select-when-zoomed.html: Added.
  • fast/scrolling/scroll-to-anchor-zoomed-header-expected.txt: Added.
  • fast/scrolling/scroll-to-anchor-zoomed-header.html: Added.
  • fast/transforms/selection-bounds-in-transformed-view.html: Revert the target scroll position to what it was

before r209299, and improve the failure output.

  • platform/ios-simulator/TestExpectations:
  • platform/mac-wk2/TestExpectations:

Dec 24, 2016:

1:26 PM Changeset in webkit [210146] by commit-queue@webkit.org
  • 16 edits
    2 adds in trunk

[test262] Fixing mapped arguments object property test case

Patch by Caio Lima <Caio Lima> on 2016-12-24
Reviewed by Saam Barati.


  • stress/arguments-bizarre-behaviour-disable-enumerability.js:
  • stress/arguments-define-property.js: Added.


  • stress/arguments-non-configurable.js: Added.

(set tryChangeNonConfigurableDescriptor):

  • test262.yaml:


This patch changes GenericArguments' override mechanism to
implement corret behavior on ECMAScript test262 suite test cases of
mapped arguments object with non-configurable and non-writable
property. Also it is ensuring that arguments[i]
cannot be deleted when argument "i" is {configurable: false}.

The previous implementation is against to the specification for 2 reasons:

  1. Every argument in arguments object are {writable: true} by default (http://www.ecma-international.org/ecma-262/7.0/index.html#sec-createunmappedargumentsobject). It means that we have to stop mapping a defined property index if the new property descriptor contains writable (i.e writable is present) and its value is false (also check https://tc39.github.io/ecma262/#sec-arguments-exotic-objects-defineownproperty-p-desc). Previous implementation considers {writable: false} if writable is not present.
  1. When a property is overriden, "delete" operation is always returning true. However delete operations should follow the specification.

We created an auxilary boolean array named m_modifiedArgumentsDescriptor
to store which arguments[i] descriptor was changed from its default
property descriptor. This modification was necessary because m_overrides
was responsible to keep this information at the same time
of keeping information about arguments mapping. The problem of this apporach was
that we needed to call overridesArgument(i) as soon as the ith argument's property
descriptor was changed and it stops the argument's mapping as sideffect, producing
wrong behavior.
To keep tracking arguments mapping status, we renamed DirectArguments::m_overrides to
DirectArguments::m_mappedArguments and now we it is responsible to manage if an
argument[i] is mapped or not.
With these 2 structures, now it is possible to an argument[i] have its property
descriptor modified and don't stop the mapping as soon as it happens. One example
of that wrong behavior can be found on arguments-bizarre-behaviour-disable-enumerability
test case, that now is fixed by this new mechanism.

  • bytecode/PolymorphicAccess.cpp:


  • dfg/DFGSpeculativeJIT.cpp:


  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToB3.cpp:


  • jit/JITOperations.cpp:


  • jit/JITPropertyAccess.cpp:


  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::overrideArgument): Deleted.

  • runtime/DirectArguments.h:

(JSC::DirectArguments::canAccessIndexQuickly): Deleted.
(JSC::DirectArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.
(JSC::DirectArguments::offsetOfOverrides): Deleted.

  • runtime/GenericArguments.h:
  • runtime/GenericArgumentsInlines.h:


  • runtime/ScopedArguments.cpp:

(JSC::ScopedArguments::overrideArgument): Deleted.

  • runtime/ScopedArguments.h:

(JSC::ScopedArguments::canAccessIndexQuickly): Deleted.
(JSC::ScopedArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.

10:00 AM Changeset in webkit [210145] by Alan Bujtas
  • 8 edits in trunk/Source/WebCore

RenderBlockFlow::moveFloatsTo does not move floats.

Reviewed by Darin Adler.

RenderBlockFlow::moveFloatsTo name is misleading. Floats are not moved from "this" to
the new RenderBlockFlow parent, but rather they are copied so that overhanging floats
don't get lost.

Covered by existing tests.

  • rendering/FloatingObjects.cpp:

(WebCore::FloatingObject::unsafeClone): Deleted.

  • rendering/FloatingObjects.h:
  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::moveFloatsTo): Deleted.

  • rendering/RenderBlockFlow.h:
  • rendering/RenderRubyBase.cpp:


  • rendering/RenderRubyBase.h:
  • rendering/RenderRubyRun.cpp:


Dec 23, 2016:

8:39 PM Changeset in webkit [210144] by aestes@apple.com
  • 2 edits in trunk/Source/WebKit/mac

[iOS] DumpRenderTree triggers an assertion failure when calling +[WebPreferences _switchNetworkLoaderToNewTestingSession]

Reviewed by Andreas Kling.

When DumpRenderTree starts up, it calls
+[WebPreferences _switchNetworkLoaderToNewTestingSession] from the main thread. In Debug
builds, this triggers the ASSERT(isMainThread()) in
NetworkStorageSession::defaultNetworkStorageSession() because the Web thread has already
started, we are on the main thread, and we are not holding the Web thread lock. This is
causing all layout tests to crash in the iOS WK1 Debug configuration.

  • WebView/WebPreferences.mm: (+[WebPreferences _switchNetworkLoaderToNewTestingSession]):

Take the Web thread lock before calling NetworkStorageSession::switchToNewTestingSession().

5:14 PM Changeset in webkit [210143] by aestes@apple.com
  • 7 edits
    1 move
    1 delete in trunk

[iOS] Fix some crashing webarchive tests

Reviewed by Andreas Kling.


Tests that use TestRunner.dumpDOMAsWebArchive() crashed on iOS due to a stub implementation
of WebArchiveDumpSupport in WebKitTestRunner. The Mac implementation works fine on iOS too,
so this change uses that on both platforms.

  • WebKitTestRunner/Configurations/InjectedBundle.xcconfig: Removed

WebArchiveDumpSupportMac.mm from EXCLUDED_SOURCE_FILE_NAMES.

  • WebKitTestRunner/InjectedBundle/cocoa/WebArchiveDumpSupportCocoa.mm: Renamed from


  • WebKitTestRunner/PlatformMac.cmake:
  • WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
  • WebKitTestRunner/ios/WebArchiveDumpSupportIOS.mm: Removed.


Removed entries for previously crashing/failing tests.

  • platform/ios-simulator-wk2/TestExpectations:
  • platform/ios-simulator/TestExpectations:
4:23 PM Changeset in webkit [210142] by akling@apple.com
  • 6 edits
    2 adds in trunk

REGRESSION(r209865): Crash when navigating back to some pages with compositing layers.

Reviewed by Darin Adler.


Remove the old WK1-era clear/restoreBackingStores optimization from the page cache.
When enabling it on non-iOS platforms, we started hitting lots of assertions,
and none of our memory tests showed any significant improvement anyway.

Test: compositing/page-cache-back-crash.html

  • history/CachedFrame.cpp:


  • history/CachedFrame.h:
  • page/FrameView.cpp:

(WebCore::FrameView::restoreBackingStores): Deleted.

  • page/FrameView.h:


Add a smoke test for the crashes we were seeing. Thanks to Zalán for the reduction.

  • compositing/page-cache-back-crash-expected.txt: Added.
  • compositing/page-cache-back-crash.html: Added.
2:13 PM Changeset in webkit [210141] by aestes@apple.com
  • 1 edit in trunk/Source/WebKit2/UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm

Fix iOS engineering builds.

2:01 PM Changeset in webkit [210140] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Add missing std::optional to ApplePayPaymentRequest.lineItems

Patch by Sam Weinig <sam@webkit.org> on 2016-12-23
Reviewed by Alexey Proskuryakov.

No functional change, but is more consistent.

  • Modules/applepay/ApplePayPaymentRequest.h:

Remove unnecessary #include of <heap/Strong.h>, add std::optional to lineItems.

  • Modules/applepay/ApplePaySession.cpp:

Update to deal with optional line items, remove unnecessary comment.

  • Modules/applepay/ApplePaySession.h:

Remove unneeded forward declarations.

11:45 AM Changeset in webkit [210139] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Using Option::breakOnThrow() shouldn't crash while printing a null CodeBlock.

Reviewed by Keith Miller.

  • runtime/VM.cpp:


11:26 AM Changeset in webkit [210138] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Enhance LLInt tracing to dump the codeBlock signature instead of just a pointer where appropriate.

Reviewed by Keith Miller.

  • llint/LLIntSlowPaths.cpp:


11:08 AM Changeset in webkit [210137] by keith_miller@apple.com
  • 8 edits in trunk

WebAssembly: trap on bad division.

Reviewed by Mark Lam.


Also, mark conversions as passing.

  • wasm.yaml:
  • wasm/wasm.json:


This patch adds traps for division / modulo by zero and for
division by int_min / -1.

  • wasm/WasmB3IRGenerator.cpp:


  • wasm/WasmExceptionType.h:
  • wasm/WasmPlan.cpp:


  • wasm/wasm.json:
11:01 AM Changeset in webkit [210136] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore


Reviewed by Keith Miller.

  • llint/LLIntExceptions.cpp:


  • runtime/CommonSlowPathsExceptions.cpp:


10:16 AM Changeset in webkit [210135] by aestes@apple.com
  • 1 edit in trunk/Source/WebCore/platform/network/mac/WebCoreResourceHandleAsDelegate.mm

Try to fix the Mac CMake build after r210130.

  • platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
9:09 AM Changeset in webkit [210134] by weinig@apple.com
  • 22 edits
    3 deletes in trunk

[WebIDL] Remove custom bindings for WebSQL code

Reviewed by Darin Adler.


  • Replace custom variant type SQLValue with a type alias of a Variant.
  • Use the newly representable SQLValue to remove custom bindings for SQLResultSetRowList::item and SQLTransaction::executeSql.
  • CMakeLists.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSBindingsAllInOne.cpp:
  • bindings/js/JSSQLResultSetRowListCustom.cpp: Removed.
  • bindings/js/JSSQLTransactionCustom.cpp: Removed.
  • platform/sql/SQLValue.cpp: Removed.

Remove files.

  • Modules/webdatabase/SQLResultSetRowList.cpp:


  • Modules/webdatabase/SQLResultSetRowList.h:
  • Modules/webdatabase/SQLResultSetRowList.idl:

Sink the implementation of item() into the implementation. Use a
record type to bridge to javascript.

  • Modules/webdatabase/SQLStatement.cpp:


  • Modules/webdatabase/SQLStatement.h:

Update to take arguments by rvalue reference.

  • Modules/webdatabase/SQLTransaction.cpp:


  • Modules/webdatabase/SQLTransaction.h:
  • Modules/webdatabase/SQLTransaction.idl:

Remove custom annotation, and update signature to match the IDL.

  • Modules/webdatabase/SQLTransactionBackend.cpp:
  • Modules/webdatabase/SQLTransactionBackend.h:

Remove unneeded #includes of SQLValue.h

  • bindings/js/JSDOMConvert.h:

Implement conversion for the null type so it can be used in the SQLValue union.

  • inspector/InspectorDatabaseAgent.cpp:
  • platform/sql/SQLiteStatement.cpp:


  • platform/sql/SQLiteStatement.h:

Replace old switch with a WTF::switchOn that operates on the new variant.

  • platform/sql/SQLValue.h:

(WebCore::SQLValue::SQLValue): Deleted.
(WebCore::SQLValue::type): Deleted.
Replace implementation with a Variant.


  • storage/websql/execute-sql-args-expected.txt:
  • storage/websql/execute-sql-args.js:

Update test and result to be slightly more strict about functions taking sequences.

6:41 AM WebKitGTK/2.14.x edited by Michael Catanzaro
6:36 AM Changeset in webkit [210133] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore

[GTK] GLES build broken since r208997

Unreviewed. Fix the preprocessor guards here; this code is incompatible with GLES2.

Looks like it's been broken for a month. Typical!

  • platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:


1:15 AM Changeset in webkit [210132] by zandobersek@gmail.com
  • 11 edits in trunk/Source/WebCore

[EME][GStreamer] Enable various code paths for ENCRYPTED_MEDIA

Reviewed by Xabier Rodriguez-Calvar.

Add ENABLE_ENCRYPTED_MEDIA build guards in various places in GStreamer
code to enable decryption-related GStreamer elements and the proper
decryptor handling in AppendPipeline.

  • platform/GStreamer.cmake:
  • platform/graphics/gstreamer/GStreamerUtilities.cpp:
  • platform/graphics/gstreamer/GStreamerUtilities.h:
  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

Only call needKey() if LEGACY_ENCRYPTED_MEDIA is enabled, since this is
the way the legacy EME system expects to be notified of key necessity.
It's very likely ENCRYPTED_MEDIA will do this differently.

  • platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
  • platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.h:
  • platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
  • platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h:
  • platform/graphics/gstreamer/mse/AppendPipeline.cpp:


  • platform/graphics/gstreamer/mse/AppendPipeline.h:
1:11 AM Changeset in webkit [210131] by rniwa@webkit.org
  • 3 edits in trunk/Source/WebCore

Eliminate the use of lastChild in TextIterator

Reviewed by Antti Koivisto.

Just use the node we just existed in TextIterator::exitNode and in emitting additional new line
to eliminate the use of Node::lastChild.

Also initialize member variables in the declaration instead of the constructor to modernize the code.

  • editing/TextIterator.cpp:


  • editing/TextIterator.h:

Dec 22, 2016:

8:41 PM Changeset in webkit [210130] by aestes@apple.com
  • 15 edits in trunk/Source

Reduce QuickLook.h include overhead

Reviewed by Andreas Kling.


  • dom/Document.cpp: Included QuickLook.h for QLPreviewProtocol().
  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::setQuickLookHandle): Moved from DocumentLoader.h to here.

  • loader/DocumentLoader.h: Stopped including QuickLook.h and forward-declared

(WebCore::DocumentLoader::setQuickLookHandle): Moved definition out-of-line since it
requires QuickLookHandle to be a complete type.

  • loader/ios/QuickLook.h: Updated to use #pragma once. Cleaned up includes and forward


  • platform/network/ResourceHandle.cpp: Included QuickLook.h so that QuickLookHandle is a

complete type in the ResourceHandle constructor.

  • platform/network/ResourceHandle.h: Stopped including QuickLook.h and forward-declared

(WebCore::ResourceHandle::setQuickLookHandle): Moved definition out-of-line since it
requires QuickLookHandle to be a complete type.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::setQuickLookHandle): Moved from ResourceHandle.h to here.

  • platform/network/mac/WebCoreResourceHandleAsDelegate.mm: Included QuickLook.h for



  • WebCoreSupport/WebResourceLoadScheduler.cpp: Stopped including QuickLook.h.


  • WebProcess/Network/WebLoaderStrategy.cpp: Included QuickLook.h for QLPreviewProtocol().
  • WebProcess/Network/WebResourceLoader.cpp: Included QuickLook.h for QuickLookHandle.
  • WebProcess/Network/WebResourceLoader.h: Stopped including QuickLook.h.
6:24 PM Changeset in webkit [210129] by aestes@apple.com
  • 2 edits
    2 moves
    1 add in trunk/Source/WebCore

[iOS] Move QuickLook from WebCore/platform to WebCore/loader

Reviewed by Darin Adler.

QuickLook.mm knows about ResourceLoader, so it's a layering violation to have it in
platform/. Move it to loader/ios/.

  • WebCore.xcodeproj/project.pbxproj:
  • loader/ios/QuickLook.h: Renamed from Source/WebCore/platform/network/ios/QuickLook.h.
  • loader/ios/QuickLook.mm: Renamed from Source/WebCore/platform/network/ios/QuickLook.mm.
6:21 PM Changeset in webkit [210128] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore

Unreviewed, fix unused parameter warning in GLES build

Looks like it's been here since 2012. Impressive!

  • platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:


6:14 PM Changeset in webkit [210127] by keith_miller@apple.com
  • 5 edits in trunk

WebAssembly: Make spec-tests/f32.wast.js and spec-tests/f64.wast.js pass

Reviewed by Saam Barati.


  • wasm.yaml:
  • wasm/wasm.json:


We needed to treat -0.0 < 0.0 for floating point min/max. For min,
the algorithm works because if a == b then a and b are not NaNs so
either they are the same or they are some zero. When we or a and b
either we get the same number back or we get -0.0. Similarly for
max we use an and and the sign bit gets dropped if one is 0.0 and
the other is -0.0, otherwise, we get the same number back.

  • wasm/wasm.json:
5:32 PM Changeset in webkit [210126] by sbarati@apple.com
  • 5 edits
    1 add in trunk

WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception

Reviewed by Keith Miller.


  • wasm.yaml:
  • wasm/function-tests/i64-from-js-exceptions.js: Added.



This patch makes it so that we throw an exception before we do
anything else if we call a wasm function that either takes an
i64 as an argument or returns an i64.

  • wasm/js/WebAssemblyFunction.cpp:

(JSC::WebAssemblyFunction::call): Deleted.

  • wasm/js/WebAssemblyFunction.h:


5:23 PM Changeset in webkit [210125] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Unreviewed, rolling out r210069.

This patch makes all properties in Computed Styles strike-
through when switching from the Rules panel. (Requested by NVI
on #webkit).

Reverted changeset:

"Web Inspector: Uncommenting CSS properties doesn't work for
inline styles"

5:19 PM Changeset in webkit [210124] by keith_miller@apple.com
  • 16 edits in trunk

Add BitOr for floating points to B3

Reviewed by Saam Barati.


This patch does some slight refactoring to the ARM assembler,
which groups all the vector floating point instructions together.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::vectorDataProcessing2Source): Deleted.

  • assembler/MacroAssemblerARM64.h:


  • assembler/MacroAssemblerX86Common.h:


  • assembler/X86Assembler.h:


  • b3/B3ConstDoubleValue.cpp:


  • b3/B3ConstDoubleValue.h:
  • b3/B3ConstFloatValue.cpp:


  • b3/B3ConstFloatValue.h:
  • b3/B3LowerToAir.cpp:


  • b3/B3Validate.cpp:
  • b3/air/AirInstInlines.h:


  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:



Update docs to indicate it's cool to use bit ops with floating point.

  • docs/b3/intermediate-representation.html:
5:08 PM WebIDLToDo edited by sam@webkit.org
5:00 PM WebIDLToDo edited by sam@webkit.org
4:57 PM WebIDLToDo created by sam@webkit.org
Add To Do list for WebIDL improvements. Each of these should get a bug.
4:56 PM WikiStart edited by sam@webkit.org
4:32 PM Changeset in webkit [210123] by achristensen@apple.com
  • 3 edits
    1 delete in trunk/Source/WebCore

Move GraphicsContext3DWin to GraphicsContext3DOpenGLES

Reviewed by Tim Horton.

Move code which is GLES-specific not Windows-specific to the GLES-specific file
so I can use it on Cocoa, with a temporary PLATFORM macro that I plan to remove once
all platforms use ANGLE's GLES implementation. There is another copy of this code in
GraphicsContext3DCairo, which will also be united with this code here soon.
Also remove the PlatformCALayerWin, which was never used for anything.

  • platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:


  • platform/graphics/win/GraphicsContext3DWin.cpp: Removed.
  • PlatformMac.cmake:

Include the egl directory. I'll need this, too, once Mac starts using ANGLE's EGL implementation.

4:20 PM Changeset in webkit [210122] by Brent Fulgham
  • 5 edits
    3 adds in trunk

Nested calls to setDocument can omit firing 'unload' events

Reviewed by Alex Christensen.


Test: fast/loader/nested-document-handling.html

Only allow a single document change to be taking place during a given runloop cycle.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL): Block script changing the document
when we are in the middle of changing the document.

  • page/Frame.cpp:

(WebCore::Frame::setDocument): Keep track of document change state.

  • page/Frame.h:


  • fast/loader/nested-document-handling-expected.txt: Added.
  • fast/loader/nested-document-handling.html: Added.
  • fast/loader/resources/subframe-success.html: Added.
3:52 PM Changeset in webkit [210121] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

TileGrid creates new cohorts even when not using temporarilyRetainTileCohorts mode

Reviewed by Simon Fraser.

No new tests.

  • platform/graphics/ca/TileGrid.cpp:

If we are not temporarily retaining unparented tile cohorts (e.g. on
iOS WebKit2), instead immediately removing all tiles that would go into
the new cohort, avoid starting the cohort at all.

3:48 PM Changeset in webkit [210120] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Do not destroy the RenderNamedFlowFragment as leftover anonymous block.

Reviewed by Simon Fraser.


When as the result of certain style change, the generated anonymous block is not needed anymore, we
move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated
block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc.

Test: fast/regions/flow-fragment-as-anonymous-block-crash.html

  • rendering/RenderObject.h:



  • fast/regions/flow-fragment-as-anonymous-block-crash-expected.txt: Added.
  • fast/regions/flow-fragment-as-anonymous-block-crash.html: Added.
3:23 PM Changeset in webkit [210119] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

BytecodeGenerator::m_finallyDepth should be unsigned.

Reviewed by Saam Barati.

Also removed FinallyContext::m_finallyDepth because it is not used.

  • bytecompiler/BytecodeGenerator.cpp:


  • bytecompiler/BytecodeGenerator.h:

(JSC::FinallyContext::depth): Deleted.

3:18 PM Changeset in webkit [210118] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Null deref under WebPageProxy::applicationDidFinishSnapshottingAfterEnteringBackground

Reviewed by Daniel Bates.

  • UIProcess/ios/WebPageProxyIOS.mm:

m_drawingArea can be null if the process is not valid.

2:55 PM Changeset in webkit [210117] by Wenson Hsieh
  • 3 edits
    2 adds in trunk

CSS Scroll Snap does not work if scrollbar is hidden

Reviewed by Simon Fraser.


Currently, the only reason scroll snapping works in overflow scrolling containers without forcing layout is
because we would initialize the scrolling container's ScrollAnimator in the process of updating scrollbars. If
there are no scrollbars to render, we won't bother creating a ScrollAnimator. Without an existing
ScrollAnimator, ScrollableArea::updateScrollSnapState will simply bail instead of setting up the scroll snap
state. Instead, we should take setting a non-empty vector of scroll offsets on the ScrollableArea as a cue that
the ScrollableArea also needs a ScrollAnimator, and initialize it there if necessary.

Test: tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-hidden-scrollbars.html

  • platform/ScrollableArea.cpp:



Adds a new layout test verifying that scroll snapping still works when scrollbars are hidden via CSS.

  • tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-hidden-scrollbars-expected.txt: Added.
  • tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-hidden-scrollbars.html: Added.
2:48 PM Changeset in webkit [210116] by mark.lam@apple.com
  • 8 edits
    2 copies in trunk

De-duplicate finally blocks.

Reviewed by Saam Barati.


Re-landing r209952 with a few new tests added in test-finally.js.

  • stress/deeply-nested-finallys.js: Copied from JSTests/stress/deeply-nested-finallys.js.
  • Tests many levels of finally nesting. This causes the old code to hang (and crashes eventually) while trying to generate bytecode for the exponentially duplicated finally blocks. The new code completes this test almost instantly.
  • stress/test-finally.js: Copied from JSTests/stress/test-finally.js.
  • Tests control flow through various permutations of finally blocks.


JS execution can arrive at a finally block when there are abrupt completions from
its try or catch block. The abrupt completion types include Break,
Continue, Return, and Throw. The non-abrupt completion type is called Normal
(i.e. the case of a try block falling through to the finally block).

Previously, we enable each of these paths for abrupt completion (except for Throw)
to run the finally block code by duplicating the finally block code at each of
the sites that trigger those completions. This patch fixes the implementation so
that each of these abrupt completions will set a completionTypeRegister (plus a
completionValueRegister for CompletionType::Return) and then jump to the
relevant finally blocks, and continue to thread through subsequent outer finally
blocks until execution reaches the outermost finally block that the completion
type dictates. We no longer duplicate the finally block code.

The implementation details:

  1. We allocate a pair of registers (completionTypeRegister and completionValueRegister) just before entering the outermost try-catch-finally scope.

On allocating the registers, we initialize the completionTypeRegister to
CompletionType::Normal, and set the completionValueRegister to the empty

  1. The completionTypeRegister will hold a CompletionType value. This is how we encode the CompletionType value to be set:
  1. For Normal, Return, and Throw completion types:
    • The completionTypeRegister is set to CompletionType::Normal, CompletionType::Return, and CompletionType::Throw respectively.
  1. For Break and Continue completion types:
    • The completionTypeRegister is set to a unique jumpID where the jumpID is computed as:

jumpID = CompletionType::NumberOfTypes + bytecodeOffset

The bytecodeOffset used here is the bytecodeOffset of the break or continue
statement that triggered this completion.

  1. Each finally block will have 2 entries:
    1. the catch entry.
    2. the normal entry.

The catch entry is recorded in the codeBlock's exception handler table,
and can only be jumped to by the VM's exception handling mechanism.

The normal entry is recorded in a FinallyContext (at bytecode generation time
only) and is jumped to when we want enter the finally block due any of the
other CompletionTypes.

  1. How each completion type works?

We normally encounter this when falling through from a try or catch block to
the finally block.

For the try block case, since completionTypeRegister is set to Normal by default,
there's nothing more that needs to be done.

For the catch block case, since we entered the catch block with an exception,
completionTypeRegister may be set to Throw. We'll need to set it to Normal
before jumping to the finally block's normal entry.

When we emit bytecode for the BreakNode, we check if we have any FinallyContexts
that we need to service before jumping to the breakTarget. If we don't, then
emit op_jump to the breakTarget as usual. Otherwise:

  1. we'll register a jumpID and the breakTarget with the FinallyContext for the outermost finally block that we're supposed to run through.
  2. we'll also increment the numberOfBreaksOrContinues count in each FinallyContext from the innermost to the one for that outermost finally block.
  3. emit bytecode to set the completionTypeRegister to the jumpID.
  4. emit bytecode to jump to the normal entry of the innermost finally block.

Each finally block will take care of cascading to the next outer finally block
as needed (see (5) below).

Since continues and breaks work the same way (i.e. with a jump), we handle this
exactly the same way as CompletionType::Break, except that we use the
continueTarget instead of the breakTarget.

When we emit bytecode for the ReturnNode, we check if we have any FinallyContexts
at all on the m_controlFlowScopeStack. If we don't, then emit op_ret as usual.

  1. emit bytecode to set the completionTypeRegister to CompletionType::Return.
  2. emit bytecode to move the return value into the completionValueRegister.
  3. emit bytecode to jump to the normal entry of the innermost finally block.

Each finally block will take care of cascading to the next outer finally block
as needed (see (5) below).

At the catch entry a finally block, we:

  1. emit an op_catch that stores the caught Exception object in the completionValueRegister.
  2. emit bytecode to set the completionTypeRegister to CompletionType::Throw.
  3. Fall through or jump to the finally block's normal entry.
  1. What happens in each finally block? ================================== For details on the finally block's catch entry, see "CompletionType::Throw" in (4) above.

The finally block's normal entry will:

  1. restore the scope of the finally block.
  2. save the completionTypeRegister in a savedCompletionTypeRegister.
  3. proceed to execute the body of the finally block.

At the end of the finally block, we will emit bytecode check the
savedCompletionTypeRegister for each completion type see emitFinallyCompletion())
in the following order:

  1. Check for CompletionType::Normal ================================ If savedCompletionTypeRegister is CompletionType::Normal, jump to the designated normalCompletion label. We only need this check this finally block also needs to check for Break, Continue, or Return. If not, the completion type check for CompletionType::Throw below will make this check redundant.
  1. Check for CompletionType::Break and Continue ============================================ If the FinallyContext for this block has registered FinallyJumps, we'll check the jumpIDs against the savedCompletionTypeRegister. If the jumpID matches, jump to the corresponding jumpTarget.

If no jumpIDs match but the FinallyContext's numberOfBreaksOrContinues is
greater than the number of registered FinallyJumps, then this means that
we have a Break or Continue that needs to be handled by an outer finally
block. In that case, jump to the next outer finally block's normal entry.

  1. Check for CompletionType::Return ================================ If this finally block is not the outermost and the savedCompletionTypeRegister is set to CompletionType::Return, then jump to the next outer finally block's normal entry.

Otherwise, if this finally block is the outermost and the savedCompletionTypeRegister
is set to CompletionType::Return, then execute op_ret and return the value
in the completionValueRegister.

  1. CompletionType::Throw ===================== If savedCompletionTypeRegister is CompletionType::Throw, then just re-throw the Exception object in the completionValueRegister.

Detail 1: that we check the savedCompletionTypeRegister (and not the
completionTypeRegister). This is because the finally block may itself contain
a try-finally, and this inner try-finally may have trashed the completionTypeRegister.
Here's an example:

try {

return "r1"; Sets completionTypeRegister to CompletionType::Return;

} finally {

completionTypeRegister is CompletionType::Return here.

try {

... do stuff.

} finally {

... do more stuff.


completionTypeRegister may be anything here depending on what
was executed in the inner try-finally block above.

Hence, finally completion here must be based on a saved copy of the
completionTypeRegister when we entered this finally block.


Detail 2: the finally completion for CompletionType::Throw must always explicitly
check if the savedCompletionTypeRegister is CompletionType::Throw before throwing.
We cannot imply that it is so from the Throw case being last. Here's why:

completionTypeRegister is CompletionType::Normal here.
try {

return "r1"; Sets completionTypeRegister to CompletionType::Return;

} finally {

completionTypeRegister is CompletionType::Return here.

try {

... do stuff. No abrupt completions.

} finally {

completionTypeRegister is CompletionType::Return here (from the outer try-finally).
savedCompletionTypeRegister is set to completionTypeRegister (i.e. CompletionType::Return) here.

... do more stuff. No abrupt completions.

Unless there's an abrupt completion since entering the outer
finally block, the savedCompletionTypeRegister will remain set
to CompletionType::Return. If we don't explicitly check if the
savedCompletionTypeRegister is CompletionType::Throw before
throwing here, we'll end up erroneously throwing "r1".




  1. restoreScopeRegister()

Since the needed scope objects are always stored in a local, we can restore
the scope register by simply moving from that local instead of going through

  1. m_controlFlowScopeStack needs to be a SegmentedVector instead of a Vector. This makes it easier to keep a pointer to the FinallyContext on that stack, and not have to worry about the vector being realloc'ed due to resizing.

Performance appears to be neutral both on ES6SampleBench (run via cli) and the
JSC benchmarks.

Relevant spec references:

  • bytecode/HandlerInfo.h:


  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope): Deleted.
(JSC::BytecodeGenerator::popIteratorCloseControlFlowScope): Deleted.
(JSC::BytecodeGenerator::emitComplexPopScopes): Deleted.
(JSC::BytecodeGenerator::emitPopScopes): Deleted.
(JSC::BytecodeGenerator::popTryAndEmitCatch): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::isInFinallyBlock): Deleted.

  • bytecompiler/NodesCodegen.cpp:



Added some methods to bring SegmentedVector closer to parity with Vector.

  • wtf/SegmentedVector.h:


2:40 PM Changeset in webkit [210115] by sbarati@apple.com
  • 4 edits in trunk

WebAssembly: Make the spec-tests/address.wast.js test pass

Reviewed by Keith Miller.


  • wasm.yaml:


Right now, provably out of bound loads/stores (given a load/store's constant
offset) are not a validation error. However, we were failing to catch uint32_t
overflows in release builds (we did have a debug assertion). To fix this,
I now detect when uint32_t addition will overflow, and instead of emitting
a normal load/store, I emit code that throws an out of bounds memory exception.

  • wasm/WasmB3IRGenerator.cpp:
2:29 PM Changeset in webkit [210114] by sbarati@apple.com
  • 2 edits in trunk/Tools

WebAssembly: Silence the output of the spec-tests

Reviewed by Mark Lam.

  • Scripts/run-jsc-stress-tests:
2:26 PM Changeset in webkit [210113] by dbates@webkit.org
  • 4 edits in trunk/LayoutTests

Make http/tests/security/popup-blocked-from-{fake-event, window-open}.html actually test popup
blocker; run on WebKit2

Reviewed by Darin Adler.

The tests http/tests/security/popup-blocked-from-{fake-event, window-open}.html inadvertently
depended on the default behavior of DumpRenderTree to ignore the ChromeClient::createWindow()
callback when asked to create a new window instead of testing that the popup blocker blocked
opening windows. We should call testRunner.setCanOpenWindows() and testRunner.setPopupBlockingEnabled(true)
from both of these tests so that DumpRenderTree respects requests to open windows and enable
the popup blocker (it is disabled by default), respectively.

The default behavior of DumpRenderTree to disallow opening windows falls out from the purpose
and implementation of testRunner.setCanOpenWindows() to support writing tests where the embedding
client ignores requests to create a new window. We do not implement such a concept in WebKitTestRunner
(see <https://bugs.webkit.org/show_bug.cgi?id=166402>).

  • http/tests/security/popup-blocked-from-fake-event.html:
  • http/tests/security/popup-blocked-from-window-open.html:
  • platform/wk2/TestExpectations: Unskip the above tests as they now pass.
2:20 PM Changeset in webkit [210112] by dbates@webkit.org
  • 3 edits
    6 adds in trunk

Bypass pop-up blocker from cross-origin or sandboxed frame

Reviewed by Darin Adler.


Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html


  • page/DOMWindow.cpp:

(WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the
target frame to navigate with respect to the active document just as we do in WebCore::createWindow().


  • fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame-expected.txt: Added.
  • fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Added.
  • fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2-expected.txt: Added.
  • fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Added.
  • fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt: Added.
  • fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html: Added.
2:19 PM Changeset in webkit [210111] by keith_miller@apple.com
  • 7 edits in trunk

WebAssembly: The validator should not allow unused stack entries at the end of a block

Reviewed by Saam Barati.


Test cleanup and enable new passing tests.

  • wasm.yaml:
  • wasm/function-tests/br-if-as-return.js:


This patch also cleans up some of the verbose mode logging.

  • wasm/WasmB3IRGenerator.cpp:


  • wasm/WasmFunctionParser.h:
  • wasm/WasmValidate.cpp:


1:56 PM Changeset in webkit [210110] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Styles sidebar: Uncommenting CSS rules of pseudo-elements doesn't work

Reviewed by Matt Baker.

  • UserInterface/Views/CSSStyleDeclarationTextEditor.js:

Call _resetContent() when toggling all properties to ensure properties have text markers.

(WebInspector.CSSStyleDeclarationTextEditor.prototype._uncommentProperty): Added.
This method is the opposite of _commentProperty. Introduce it to minimize code duplication.

1:10 PM Changeset in webkit [210109] by aestes@apple.com
  • 17 edits in trunk/Source

Make WebCore::EditorInsertAction an enum class

Reviewed by Brent Fulgham.


  • editing/AlternativeTextController.cpp:


  • editing/Editor.cpp:


  • editing/EditorInsertAction.h:

(): Deleted.

  • editing/gtk/EditorGtk.cpp:


  • editing/ios/EditorIOS.mm:


  • editing/mac/EditorMac.mm:


  • editing/win/EditorWin.cpp:


  • page/ContextMenuController.cpp:


  • page/DragController.cpp:



  • WebCoreSupport/WebEditorClient.mm:



  • WebCoreSupport/WebEditorClient.cpp:



  • WebProcess/InjectedBundle/API/c/WKBundleAPICast.h:


  • WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:


12:45 PM Changeset in webkit [210108] by bshafiei@apple.com
  • 2 edits in tags/Safari-604.1.1.1/Source/WebCore

Merged r210099. rdar://problem/29782862

12:44 PM Changeset in webkit [210107] by bshafiei@apple.com
  • 5 edits in tags/Safari-604.1.1.1/Source


12:40 PM Changeset in webkit [210106] by bshafiei@apple.com
  • 1 copy in tags/Safari-604.1.1.1

New tag.

12:31 PM Changeset in webkit [210105] by jer.noble@apple.com
  • 14 edits in trunk/Source/WebCore

Only include those parts of AVFoundation.framework which are strictly needed.

Reviewed by Eric Carlson.

  • Modules/plugins/QuickTimePluginReplacement.mm:
  • platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
  • platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
  • platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
  • platform/mac/SerializedPlatformRepresentationMac.mm:
  • platform/mac/WebPlaybackSessionInterfaceMac.mm:
  • platform/mac/WebVideoFullscreenController.mm:
  • platform/mediastream/mac/AVAudioCaptureSource.mm:
  • platform/mediastream/mac/AVCaptureDeviceManager.mm:
  • platform/mediastream/mac/AVMediaCaptureSource.mm:
  • platform/mediastream/mac/AVVideoCaptureSource.mm:
12:07 PM Changeset in webkit [210104] by jer.noble@apple.com
  • 4 edits in trunk/Source/WebCore

NULL-deref CRASH in WebCore::PlatformMediaSession::mediaType

Reviewed by Darin Adler.

In r207688, we added a facility in PlatformMediaSessionManager for safely walking through a
list of PlatformMediaSessions by replacing entries of deleted sessions with nullptr. We now
need to use those new iteration falicities in MediaSessionManageriOS.

In addition to the existing iterators, add one which takes a predicate, and returns the first
session which matches the predicate, or nullptr, if none do.

  • platform/audio/PlatformMediaSessionManager.cpp:


  • platform/audio/PlatformMediaSessionManager.h:

(WebCore::PlatformMediaSessionManager::sessions): Deleted.

  • platform/audio/ios/MediaSessionManagerIOS.mm:


11:49 AM Changeset in webkit [210103] by commit-queue@webkit.org
  • 5 edits in trunk

[Cocoa] SPI for setloadsImagesAutomatically

Patch by Zhuo Li <zachli@apple.com> on 2016-12-22
Reviewed by Darin Adler.

  • UIProcess/API/Cocoa/WKPreferences.mm: Call the C API under the hood.

(-[WKPreferences _loadsImagesAutomatically]):
(-[WKPreferences _setLoadsImagesAutomatically:]):

  • UIProcess/API/Cocoa/WKPreferencesPrivate.h:

Add _loadsImagesAutomatically property.

[Cocoa] SPI for setloadsImagesAutomatically.

Patch by Zhuo Li <zachli@apple.com> on 2016-12-22
Reviewed by Darin Adler.

  • TestWebKitAPI/Tests/WebKit2Cocoa/Preferences.mm:

(TEST): Test the _setLoadsImagesAutomatically SPI. By default,
_loadsImagesAutomatically returns YES.

10:31 AM Changeset in webkit [210102] by sbarati@apple.com
  • 7 edits in trunk

WebAssembly: Make the spec-tests/start.wast.js test pass

Reviewed by Yusuke Suzuki.


  • wasm.yaml:


To make the test run, I had to fix two bugs:

  1. We weren't properly finding the start function. There was code

that would try to find the start function from the list of *exported*
functions. This is wrong; the start function is an index into the
function index space, which is the space for *imports* and *local*
functions. So the code was just wrong in this respect, and I've
fixed it do the right thing. We weren't sure if this was originally
allowed or not in the spec, but it has been decided that it is allowed
and the spec-tests test for it: https://github.com/WebAssembly/design/issues/896

  1. We were emitting a breakpoint for Unreachable. Instead of crashing,

this opcode needs to throw an exception when executing.

  • wasm/WasmB3IRGenerator.cpp:
  • wasm/WasmExceptionType.h:
  • wasm/js/WebAssemblyModuleRecord.cpp:


  • wasm/js/WebAssemblyModuleRecord.h:
9:37 AM Changeset in webkit [210101] by Wenson Hsieh
  • 3 edits in trunk/Tools

fast/events/ios/viewport-shrink-to-fit-allows-double-tap.html is flaky/order dependent

Reviewed by Darin Adler.

Running a test that scales the viewport and listens to a didEndZooming callback (such as
viewport-shrink-to-fit-allows-double-tap.html) immediately after a test that may begin to trigger viewport
scaling as the test completes (such as viewport-device-width-at-initial-scale-fast-clicks.html) may result in
the didEndZooming callback of the latter test being fired early due to the previous test triggering a zoom
animation. Ideally, -[WKScrollView _stopScrollingAndZoomingAnimations], which is called when committing the page
load, should prevent this from happening, but from reading documentation and code inspection, this is not
intended to fire any associated delegate methods or notifications of the UIScrollView, instead deferring them
for later. Instead, what we need in this case is to clear out any started but not yet completed animations after
we finish running a test and before we load the next test.

One way to do this is to remove all animations from the WKScrollView's layer, and the layers of its children,
recursively. Doing so causes scrollViewDidEndZooming:withView:atScale: to fire at the end of the runloop if the
previous test started zooming and then finished before zooming completed. Since this happens before the next
test has a chance to run UI-side scripts, we won't end up firing this callback prematurely during the next test.

  • WebKitTestRunner/ios/TestControllerIOS.mm:


9:32 AM Changeset in webkit [210100] by jer.noble@apple.com
  • 5 edits
    1 add in trunk

Muted media element playback should not interrupt other audio playback

Reviewed by Eric Carlson.


Test: TestWebKitAPI/WebKit/ios/AudioSessionCategoryIOS.mm

  • platform/audio/cocoa/MediaSessionManagerCocoa.cpp:



  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit/ios/AudioSessionCategoryIOS.mm:


  • TestWebKitAPI/Tests/WebKit/ios/video-with-muted-audio.html: Added.
9:14 AM Changeset in webkit [210099] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Check for the existence of AVSampleBufferAudioRenderer.h before redeclaring AVSampleBufferAudioRenderer

Reviewed by Eric Carlson.

  • platform/spi/mac/AVFoundationSPI.h:
8:58 AM Changeset in webkit [210098] by eric.carlson@apple.com
  • 4 edits in trunk/Source

AVPlayerLayer isn't available on every system

Reviewed by Jer Noble.


No new tests, prevents a crash that can't be reproduced on a test system.

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm: Use SOFT_LINK_CLASS_OPTIONAL.


  • WebProcess/WebPage/mac/PlatformCALayerRemoteCustom.mm: Use SOFT_LINK_CLASS_OPTIONAL.
8:41 AM Changeset in webkit [210097] by nael.ouedraogo@crf.canon.fr
  • 5 edits in trunk/Source/WebKit2

MediaStream: ASSERTION FAILED: m_ids.size() == m_handles.size() in MediaDeviceSandboxExtensions

Reviewed by Eric Carlson.

This assertion failure happens for ports with sandbox extensions disabled. SandboxExtension is empty and
HandleArray:size() always returns 0. Disable creation of MediaDevicesSandboxExtension in UserMediaProcessManager
when building without support of sandbox extension. Disable also WebPage::grantUserMediaDeviceSandboxExtensions
and WebPage::revokeUserMediaDeviceSandboxExtensions which can be avoided when sandbox extension is empty.

  • UIProcess/UserMediaProcessManager.cpp:


  • WebProcess/WebPage/WebPage.cpp:
  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
1:22 AM Changeset in webkit [210096] by commit-queue@webkit.org
  • 4 edits in trunk

[WebRTC] Add support for runtime PeeConnection setting, required after r209757

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-12-22
Reviewed by Carlos Garcia Campos.


After that commit we have to enable the peerConnection runtime
flag if we want webrtc to work. We are not adding a new API for
the moment to control the peerConnection feature.

  • UIProcess/API/gtk/WebKitSettings.cpp:

(webkit_settings_set_enable_media_stream): Use the mediaStream
setting to control the peerConnection


Enable WebRTC by default to simplify testing.

  • MiniBrowser/gtk/main.c:


Note: See TracTimeline for information about the timeline view.